sam_nospam Posted February 20, 2022 Share Posted February 20, 2022 We get many fraudulent bitcoin spam mails from the same server group 45.144.215.0 - 45.144.215.255. Each time, another IP from that group is beeing used - abuse contact for all used servers is ralfnoack1982@gmail.com. I suppose, this could be the spammer himself, since reporting is beeing ignored. What kind of reporting makes sense in this case? I allready figured out, that the servers are hosted by nshostu.ru - so i instead started to send my reporting to abuse@nshostu.ru. Any other ideas? Thanks for your help! Best regards Sam This one of many exampels: Tracking message source: 45.144.215.62: Routing details for 45.144.215.62[refresh/show] Cached whois for 45.144.215.62 : ralfnoack1982@gmail.comUsing last resort contacts ralfnoack1982@gmail.com Yum, this spam is fresh! Message is 0 hours old45.144.215.62 not listed in cbl.abuseat.org45.144.215.62 not listed in dnsbl.sorbs.net45.144.215.62 not listed in accredit.habeas.com45.144.215.62 not listed in plus.bondedsender.org45.144.215.62 not listed in iadb.isipp.com Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 20, 2022 Share Posted February 20, 2022 1 hour ago, sam_nospam said: Each time, another IP from that group is beeing used - abuse contact for all used servers is ralfnoack1982@gmail.com. I suppose, this could be the spammer himself, since reporting is beeing ignored. That address is coming from the whois at ripe. Because Europeans tend to do that lately, they tried to limit what can be seen by a query. I would prefer they use an abuse@ address too. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.