[SpamCop-List] Re: Need interpretation/translation

[Mike Easter]

Spam N Scams Reporter wrote:
> Not sure how to report this.

It depends a little [but not much] on whether you are trying to report a
source or a spamvertiser [or even something else, like an open smtp
relay]

> Domain Name : hotcap.net

Generally the domainname registration is *not* the first line of attack.
The first line of attack is how the netblock provision is reg'd with the
regional registrar.

dns hotcap.net
Mail for hotcap.net is handled by mail.hotcap.net
Canonical name: hotcap.net
Addresses:   211.144.162.37
mail.hotcap.net = 211.144.162.37
www.hotcap.net = 211.144.162.37
whois -h whois.apnic.net 211.144.162.37 ...
inetnum:      211.144.160.0 - 211.144.175.255
netname:      LIANFENGMAN
country:      CN
admin-c:      DC278-AP = cfc_dcy at sina.com
tech-c:       ZL153-AP = cfc_zhoulin at sina.com
whois -h whois.abuse.net sina.com ...
abuse at staff.sina.com  postmaster at sina.com  (for sina.com)

The /24 netblock for that IP family is SBL SBL20531
211.144.162.0/24 is listed on the Spamhaus Block List (SBL)

over another issue which is at 211.144.162.42 - and the block has been
growing at spamhaus, so we should be notifying the upstream in addition
to the above addresses, but the ASN is 4134 which is chinanet, so that
is mostly a waste of time.  So we're left with those sina/s up there.

>>> Registrant::
>   Name : 파란 밥 기술

Unicode, but mostly bogus.

>   Email : info at hotcap.net
>   Address : 꽃 도로 43
>   Zipcode : 1111
>   Nation : AR
>   Tel : |
>   Fax :
>
> They show as ? in the Whois Data Problem Report. I've run into this
> numerous times.

The registrar is
Registrar: YESNIC CO. LTD.

The nameservice is 'disputed' - according to the root servers it is the
same IP as the target and named ns.hotcap.net, but according to the
registrar yesnic it is ns1 & ns2 activenameserver.info - so apparently
yesnic isn't up to date.

Since the registrar yesnic is outawhack, I would give that to internic
at their site."To report incomplete or inaccurate Registrar Whois data,
please visit the new Whois Data Problem Report System."
 http://wdprs.internic.net/

" All accredited registrars have agreed with ICANN to obtain contact
information from registrants, to provide it publicly by a Whois service,
and to investigate and correct any reported inaccuracies in contact
information for domain names registered through them.

Reports submitted through this facility will be forwarded to the
appropriate registrar for handling, and the progress of your report will
be tracked"


The characters in the yesnic registration are one type of depiction of
unicode chars, but there's no point in looking them up, because the
registration looks bogus anyway.



-- 
Mike Easter
kibitzer, not SC admin