Jump to content

Abuse POC for 45.156.27.61 is abuse AT ripe DOT net?


Recommended Posts

https://www.spamcop.net/mcgi?action=gettrack&reportid=7254298430

Petzl, I used the app you suggested for determining the registrar for a given IP address. This is result of querying 45.156.27.61:

Quote

 

Checking IP: 45.156.27.61...
Failed Domain Lookup.
IP:        45.156.27.61

Querying whois.arin.net for 45.156.27.61...

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2023, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 45.156.27.61"
#
# Use "?" to get help.
#

NetRange:       45.154.220.0 - 45.157.167.255
CIDR:           45.157.160.0/21, 45.157.0.0/17, 45.154.220.0/22, 45.154.224.0/19, 45.157.128.0/19, 45.155.0.0/16, 45.156.0.0/16
NetName:        RIPE
NetHandle:      NET-45-154-220-0-1
Parent:         NET45 (NET-45-0-0-0-0)
NetType:        Early Registrations, Transferred to RIPE NCC
OriginAS:       
Organization:   RIPE Network Coordination Centre (RIPE)
RegDate:        2014-05-22
Updated:        2022-12-29
Ref:           https://rdap.arin.net/registry/ip/45.154.220.0

ResourceLink: https://apps.db.ripe.net/search/query.html
ResourceLink:  whois.ripe.net


OrgName:        RIPE Network Coordination Centre
OrgId:          RIPE
Address:        P.O. Box 10096
City:           Amsterdam
StateProv:      
PostalCode:     1001EB
Country:        NL
RegDate:        
Updated:        2013-07-29
Ref:           https://rdap.arin.net/registry/entity/RIPE

ReferralServer:  whois://whois.ripe.net
ResourceLink: https://apps.db.ripe.net/search/query.html

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName:   Abuse Contact
OrgAbusePhone:  +31205354444 
OrgAbuseEmail:   mailto:abuse AT ripe DOT net
OrgAbuseRef:   https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

OrgTechHandle: RNO29-ARIN
OrgTechName:   RIPE NCC Operations
OrgTechPhone:  +31 20 535 4444 
OrgTechEmail:   mailto:hostmaster AT ripe DOT net
OrgTechRef:   https://rdap.arin.net/registry/entity/RNO29-ARIN

 

But when I query the above IP address on the ripe database site: I get abuse AT cloudbackbone DOT net as the responsible POC (the responsible ORGANIZATION is listed as CGI GLOBAL LIMITED)? Meanwhile, if I try to send a test email to noc AT cloudbackbone DOT net, Gmail's mailer-daemon tells me that the mailbox is full.

Quote

 

Error Icon

Recipient inbox full

Your message couldn't be delivered to noc AT cloudbackbone DOT net. Their inbox is full, or it's getting too much mail right now.
The response from the remote server was:

552 5.2.2 Mailbox size limit exceeded 1681181837-GvKD4TbYSeA0-3pSQWAEs

 

 

I tried sending the spam to noc AT cloudbackbone DOT net and got an auto reply back from yandex's mailer-daemon with the subject Undelivered Mail Returned to Sender:

Quote

This is the mail system at host yandex.ru.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

Please, do not reply to this message. 

 

Link to comment
Share on other sites

1 hour ago, Steve said:

But when I query the above IP address on the ripe database site: I get abuse AT cloudbackbone DOT net as the responsible POC (the responsible ORGANIZATION is listed as CGI GLOBAL LIMITED)? Meanwhile, if I try to send a test email to noc AT cloudbackbone DOT net, Gmail's mailer-daemon tells me that the mailbox is full.

Quote

SpamCop is not allowed to send abuse reports to "abuse AT cloudbackbone DOT net "
But you can *forward* it from your spammed account!
Include text of headers/body
Just head it 
Phishing
http://45.156.27.61 NO REGISTRAR spam level is very high (Russia)
https://talosintelligence.com/reputation_center/lookup?search=45.156.27.61#ip-addresses
>

Put > below you header  text then the "headers/body"

Edited by petzl
Link to comment
Share on other sites

  • 2 weeks later...
On 4/24/2023 at 9:00 PM, Hanco said:

What is the significance of doing that? Thanks

"Forwarding as attachment" the subject line is empty, after IP put "phishing" or spam
Just makes it clear the originating IP

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...