gbservers.co.uk

gbservers
Posts: 16
Joined: Thu Jan 07, 2016 6:24 pm

RE: gbservers.co.uk

Post by gbservers » Thu Jan 21, 2016 4:05 am

<quote user="abuse-h">
Cool thatf inally spamcop reporting is solved.

Looks like you have some returning "automated" clients, probably they "happy" with what they get, so they are back with a new domain. If I could have a suggestion, stop (or deny automatically) whoisprotected domains especially if they are "recently registered"


New domain:
Domain Name: skylinegallery.xyz
Creation Date: 2015-12-30T21:43:47.0Z
Registrar: Namecheap
Registrant ID: C37953401-CNIC
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code: 00000
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Fax: +51.17057182
Registrant Email: 94f8bda306b644ada7348a27e6d28fc1.protect@whoisguard.com
DNS1.REGISTRAR-SERVERS.COM, DNS2.REGISTRAR-SERVERS.COM, DNS3.REGISTRAR-SERVERS.COM, DNS4.REGISTRAR-SERVERS.COM, DNS5.REGISTRAR-SERVERS.COM
---
skylinegallery.xyz: 162.255.119.251, 185.10.201.224
Host 162.255.119.251, 185.10.201.224 not found: 3(NXDOMAIN)
224.201.10.185.in-addr.arpa domain name pointer concept.skylinegallery.xyz.
185.10.201.224 = United Kingdom (Pulsant (Scotland) Ltd/GBServers Network - AS:12703/Pulsant (Scotland) Ltd; [GB])

New reverse mappings:
+ 223.201.10.185.in-addr.arpa domain name pointer paradise.skylinegallery.xyz.
+ 224.201.10.185.in-addr.arpa domain name pointer concept.skylinegallery.xyz.
+ 225.201.10.185.in-addr.arpa domain name pointer high.skylinegallery.xyz.
+ 226.201.10.185.in-addr.arpa domain name pointer promotion.skylinegallery.xyz.
+ 227.201.10.185.in-addr.arpa domain name pointer destination.skylinegallery.xyz.

Removed reverse mappings:
- 223.201.10.185.in-addr.arpa domain name pointer vigorous.poweroflifeforce5.com.
- 224.201.10.185.in-addr.arpa domain name pointer introduce.poweroflifeforce5.com.
- 225.201.10.185.in-addr.arpa domain name pointer triple.poweroflifeforce5.com.
- 226.201.10.185.in-addr.arpa domain name pointer enjoy.poweroflifeforce5.com.
- 227.201.10.185.in-addr.arpa domain name pointer universal.poweroflifeforce5.com.
[/quote]

The client that has these IP's has been with us since 2013 and we have had not one complaint from them. It is however possible they are reselling this.

Regarding denying clients with private whois, the clients your listing on here are VPS or dedicated clients, therefore they have multiple domains, its not feasible to ask every client what potential domain they plan to host, and even if they did they could potentially lie.

abuse-h
Posts: 72
Joined: Tue Jul 30, 2013 10:20 am

RE: gbservers.co.uk

Post by abuse-h » Sun Feb 28, 2016 10:32 am

>> The client that has these IP's has been with us since 2013 and we have had not one complaint from them.
From them? Obvious. For them? Since spamcop report didn't work, that's somewhat obvious too.

>> It is however possible they are reselling this.
He who mixes with the bran, will be eaten by the pigs.


New domain:
Domain Name: bloomvenue.net
Creation Date: 2016-02-10T10:59:14Z
Registrar: Sibername Internet and Software Technologies Inc
Registrant Name: Domain Admin
Registrant Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Registrant Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
Registrant City: Nobby Beach
Registrant State/Province: Queensland
Registrant Postal Code: QLD 4218
Registrant Country: AU
Registrant Phone: +45.36946676
Registrant Email: contact@privacyprotect.org
ns1.softlayer.com, ns2.softlayer.com
---
bloomvenue.net: ?????

New reverse mappings:
+ 209.200.10.185.in-addr.arpa domain name pointer cat209.bloomvenue.net.
+ 209.200.10.185.in-addr.arpa domain name pointer cat209.bloomvenue.net.

Removed reverse mappings:
- 209.200.10.185.in-addr.arpa domain name pointer serv4.proproduction.org.
- 209.200.10.185.in-addr.arpa domain name pointer serv4.proproduction.org.

gbservers
Posts: 16
Joined: Thu Jan 07, 2016 6:24 pm

RE: gbservers.co.uk

Post by gbservers » Sun Feb 28, 2016 11:07 am

We have been getting spamcop complaints, there was two emails listed one with a dot and one without a dot. We get the complaints, and we act as needed.

+ 209.200.10.185.in-addr.arpa domain name pointer cat209.bloomvenue.net.

We have not had any complaints for this as of yet and is on 0 blacklists.

It doesn't seem like there is anyway we are going to get off your WOT list, which is a shame..

spectre
Posts: 7921
Joined: Sun May 03, 2009 10:43 pm

RE: gbservers.co.uk

Post by spectre » Sun Feb 28, 2016 3:50 pm

Are you in Northamptonshire or Essex? Your site registrant address is different from the one listed at Companies House.

gbservers
Posts: 16
Joined: Thu Jan 07, 2016 6:24 pm

RE: gbservers.co.uk

Post by gbservers » Sun Feb 28, 2016 8:14 pm

<quote user="shazza">
Are you in Northamptonshire or Essex? Your site registrant address is different from the one listed at Companies House.
[/quote]

Essex, we changed address a little while back, looks like the domain got forgotten about! This has now been updated to reflect.

abuse-h
Posts: 72
Joined: Tue Jul 30, 2013 10:20 am

RE: gbservers.co.uk

Post by abuse-h » Thu Dec 01, 2016 9:51 am

FYI,

163.200.10.185.in-addr.arpa domain name pointer free-hookup.biz.

Domain Name: free-hookup.biz
Creation Date: Sun Nov 27 12:39:23 GMT 2016
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registrant ID: DI_62406655
Registrant Name: rasel.m.mahmud
Registrant Organization: N/A
Registrant Address1: Dhaka
Registrant City: Dhaka
Registrant State/Province: Dhaka
Registrant Postal Code: 1000
Registrant Country: Bangladesh
Registrant Country Code: BD
Registrant Phone Number: +880.1684484653
Registrant Email: info@free-hookup.biz
MINH471629.MARS.ORDERBOX-DNS.COM, MINH471629.EARTH.ORDERBOX-DNS.COM, MINH471629.VENUS.ORDERBOX-DNS.COM, MINH471629.MERCURY.ORDERBOX-DNS.COM
---
free-hookup.biz: 185.10.200.163
163.200.10.185.in-addr.arpa domain name pointer free-hookup.biz.
185.10.200.163 = Europe (GBServers Limited/GBServers Network - AS:12703/PULSANT-AS; [GB])

Looks like a new, promising client...


But there are other .biz domains on the range which look stinky...

Along with some others, like:

201.200.10.185.in-addr.arpa domain name pointer mj6ij.faxatus.faith.
195.200.10.185.in-addr.arpa domain name pointer qypo3.fanakufin.review.

faxatus.faith (2015-10-12T15:26:39Z)|Key-Systems, LLC|Ross Fritchman|?????|N/A/N/A|N/A
fanakufin.review (2015-10-12T15:26:42Z)|Key-Systems, LLC|Ross Fritchman|?????|N/A/N/A|N/A

Though many of these seems dead now..

I wonder if we can monitor suspicious ranges and spot things like this, why can't the range owner do the same...

nova7
Posts: 507
Joined: Fri Apr 06, 2012 11:32 pm

RE: gbservers.co.uk

Post by nova7 » Fri Dec 02, 2016 8:53 pm

185.10.203.120, sorbs-listed 365 days. Cisco Senderbase-listed for "critical" amounts of spam ongoing for 30 days. Surbl-listed.

Post Reply

Who is online

Users browsing this forum: Bing [Bot], centroAlianza and 3 guests