This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Abuse Report ignored. What to do as next?
- Next message (by thread): [anti-abuse-wg] Abuse Report ignored. What to do as next?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
U.Mutlu
security at mutluit.com
Wed Nov 1 00:42:43 CET 2023
Maybe there is a WHOIS or ASN error: Trying the following gives a different company for the said IP: $ whois 80.94.94.254 % Abuse contact for '80.94.92.0 - 80.94.95.255' is 'abuse at bunea.eu' I now have filed the AR also to that new address. Ángel González Berdasco via anti-abuse-wg wrote on 10/31/23 23:46: > John Levine wrote: >> It appears that U.Mutlu <security at mutluit.com> said: >>> So, what to do if the hoster is uncooperative, like in this case? >>> Where else to complain, what else to do? >> >> If their ASN info is to be believed, they're in Bulgaria. It's >> unlikely anyone there cares. >> >> Just block their network 80.94.95.0/24 and forget about it. >> >> FWIW I got a spam blast from 80.94.95.59 a few weeks ago >> so it's not just that IP. >> >> R's, >> John > > Yes, this range is a source of other types of malicious activity. > > The country in RIPE for 80.94.95.0/24 says Moldova, but the company > address is in United Kingdom. > > > Their domain itself (bthoster.net) is suspiciously registered just a > few months ago (Creation Date: 2023-07-31T09:22:59.00Z), showing a > "This domain has recently been registered with Namecheap." parking page > with no website. > > > But, interestingly, the whois data was updated *after* that, so it's > not your typical case of a company that closes/bankrupts and their > domain expires. > > > > % Abuse contact for '80.94.95.0 - 80.94.95.255' is 'internethosting-ltd [] yandex.ru' > > inetnum: 80.94.95.0 - 80.94.95.255 > netname: Bthoster > country: MD > org: ORG-BA1515-RIPE > admin-c: BL7954-RIPE > tech-c: BL7954-RIPE > status: ASSIGNED PA > mnt-by: Internet-Transit-MNT > created: 2019-09-10T20:41:19Z > last-modified: 2023-10-10T10:54:46Z > source: RIPE > > organisation: ORG-BA1515-RIPE > org-name: BtHoster LTD > country: GB > org-type: OTHER > address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM > e-mail: internethosting-ltd [] yandex.ru > abuse-c: ACRO50561-RIPE > mnt-ref: BtHoster-LTD-MNT > mnt-by: BtHoster-LTD-MNT > created: 2022-11-16T10:31:23Z > last-modified: 2023-10-10T19:59:24Z > source: RIPE > > role: Internet Transit > address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM > e-mail: sales [] bthoster.net > nic-hdl: BL7954-RIPE > mnt-by: Internet-Transit-MNT > created: 2022-11-16T10:29:38Z > last-modified: 2023-09-22T18:36:26Z > source: RIPE > > % Information related to '80.94.95.0/24AS204428' > > route: 80.94.95.0/24 > origin: AS204428 > mnt-by: UNMANAGED > mnt-by: ro-btel2-1-mnt > created: 2022-11-15T14:14:48Z > last-modified: 2022-11-15T14:14:48Z > source: RIPE > >
- Next message (by thread): [anti-abuse-wg] Abuse Report ignored. What to do as next?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]