Steve Posted April 11, 2023 Share Posted April 11, 2023 https://www.spamcop.net/mcgi?action=gettrack&reportid=7254298430 Petzl, I used the app you suggested for determining the registrar for a given IP address. This is result of querying 45.156.27.61: Quote Checking IP: 45.156.27.61... Failed Domain Lookup. IP: 45.156.27.61 Querying whois.arin.net for 45.156.27.61... # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2023, American Registry for Internet Numbers, Ltd. # # # Query terms are ambiguous. The query is assumed to be: # "n 45.156.27.61" # # Use "?" to get help. # NetRange: 45.154.220.0 - 45.157.167.255 CIDR: 45.157.160.0/21, 45.157.0.0/17, 45.154.220.0/22, 45.154.224.0/19, 45.157.128.0/19, 45.155.0.0/16, 45.156.0.0/16 NetName: RIPE NetHandle: NET-45-154-220-0-1 Parent: NET45 (NET-45-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2014-05-22 Updated: 2022-12-29 Ref: https://rdap.arin.net/registry/ip/45.154.220.0 ResourceLink: https://apps.db.ripe.net/search/query.html ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois://whois.ripe.net ResourceLink: https://apps.db.ripe.net/search/query.html OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: mailto:abuse AT ripe DOT net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: mailto:hostmaster AT ripe DOT net OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN But when I query the above IP address on the ripe database site: I get abuse AT cloudbackbone DOT net as the responsible POC (the responsible ORGANIZATION is listed as CGI GLOBAL LIMITED)? Meanwhile, if I try to send a test email to noc AT cloudbackbone DOT net, Gmail's mailer-daemon tells me that the mailbox is full. Quote Recipient inbox full Your message couldn't be delivered to noc AT cloudbackbone DOT net. Their inbox is full, or it's getting too much mail right now. The response from the remote server was: 552 5.2.2 Mailbox size limit exceeded 1681181837-GvKD4TbYSeA0-3pSQWAEs I tried sending the spam to noc AT cloudbackbone DOT net and got an auto reply back from yandex's mailer-daemon with the subject Undelivered Mail Returned to Sender: Quote This is the mail system at host yandex.ru.I'm sorry to have to inform you that your message could notbe delivered to one or more recipients. It's attached below.Please, do not reply to this message. Quote Link to comment Share on other sites More sharing options...
petzl Posted April 11, 2023 Share Posted April 11, 2023 (edited) 1 hour ago, Steve said: But when I query the above IP address on the ripe database site: I get abuse AT cloudbackbone DOT net as the responsible POC (the responsible ORGANIZATION is listed as CGI GLOBAL LIMITED)? Meanwhile, if I try to send a test email to noc AT cloudbackbone DOT net, Gmail's mailer-daemon tells me that the mailbox is full. Quote SpamCop is not allowed to send abuse reports to "abuse AT cloudbackbone DOT net " But you can *forward* it from your spammed account! Include text of headers/body Just head it Phishinghttp://45.156.27.61 NO REGISTRAR spam level is very high (Russia)https://talosintelligence.com/reputation_center/lookup?search=45.156.27.61#ip-addresses > Put > below you header text then the "headers/body" Edited April 11, 2023 by petzl Quote Link to comment Share on other sites More sharing options...
Hanco Posted April 24, 2023 Share Posted April 24, 2023 On 4/11/2023 at 12:30 AM, petzl said: Put > below you header text then the "headers/body" What is the significance of doing that? Thanks Quote Link to comment Share on other sites More sharing options...
petzl Posted April 25, 2023 Share Posted April 25, 2023 On 4/24/2023 at 9:00 PM, Hanco said: What is the significance of doing that? Thanks "Forwarding as attachment" the subject line is empty, after IP put "phishing" or spam Just makes it clear the originating IP Quote Link to comment Share on other sites More sharing options...
Hanco Posted April 26, 2023 Share Posted April 26, 2023 Got it thanks Petzl Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.