bobbear Posted March 7, 2007 Share Posted March 7, 2007 I've got the usual money laundering spammer finconsulting.hk spamming me again, (been squashing him on almost a daily basis for a while). This time he's got his zombie botnet controller on an IP that I'm having trouble reporting: ns1.toolrec.com [194.150.121.83] Now, the whois data list the firm Ikon Communication Services Limited as the owner of the IP with contacts listed on the ikcs.net domain. Neither of the listed contact reply, & there appears to be no working website or abuse address. They look rather iffy. I'm surmising that they may have sold out, (but who to I do not know), and the RIPE data is out of date. There is an abuse address of abuse[at]rapidswitch.com but they deny all knowledge of the IP so I must admit I'm a bit stuck on this one. What's the next step if I can't contact the present owner of the IP? File an abuse report with RIPE? Link to comment Share on other sites More sharing options...
Merlyn Posted March 7, 2007 Share Posted March 7, 2007 Try: http://www.dnsstuff.com/tools/whois.ch?ip=194.150.121.83]&email=on Looks like you might have luck with ikcs.net And yes abuse[at]rapidswitch.com is listed so they probably just do not want to deal with their problems. Link to comment Share on other sites More sharing options...
bobbear Posted March 7, 2007 Author Share Posted March 7, 2007 Already been through the DNSStuff data thanks Merlyn. No reply from Lawrence or indeed Leigh (from the domain whois data). Rapidswitch's reply is "The IP Address 194.150.121.83 is nothing to do with us I'm afraid." The fact that IKCS's website is AWOL is dodgy to say the least. There's a lot of chaff on Google web & Google groups, but nothing concrete that helps me. If I do a tracert on 194.150.121.83 it alternately routes through othellotech and rapidswitch, so am I right in assuming that they would be the upstream providers? If I have no luck I guess I could try a complaint to RIPE, but I just don't know how amenable they are to abuse complaints. Link to comment Share on other sites More sharing options...
bobbear Posted March 7, 2007 Author Share Posted March 7, 2007 The company "Ikon communication services" (IKCS) was dissolved on November the 8th, 2005, so why the heck are they still listed in the RIPE data for the IP 194.150.121.83? They obviously can't be responsible for the IP, so who on earth is? Link to comment Share on other sites More sharing options...
Merlyn Posted March 7, 2007 Share Posted March 7, 2007 Thanks for the info I will add that range to our blocklists Link to comment Share on other sites More sharing options...
bobbear Posted March 7, 2007 Author Share Posted March 7, 2007 Excellent, thanks. It amazes me and opens my eyes to the fact that you cannot trust RIPE data. I've emailed the RIPE database & abuse contacts to find out what the situation is & if it can be resolved. You might imagine the data being a few weeks out of date, perhaps, but over 2 years? Incredible! I hope they recover the whole IP range from whoever took them over if it can be demonstrated that they have wilfully withheld transfer information.....(it might even be a blackhat 'provider' who has them of course). On a positive note I received a response from the registrar Spirit Domains to say they have suspended the crooks nameserver domain toolrec.com. Spirit Domains are definitely one of the good guys in my book - many thanks to them. Link to comment Share on other sites More sharing options...
Merlyn Posted March 7, 2007 Share Posted March 7, 2007 Gret / useful info Link to comment Share on other sites More sharing options...
bobbear Posted March 7, 2007 Author Share Posted March 7, 2007 Just don't call me Gret, OK?... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.