John Levine wrote:
It appears that U.Mutlu <security@mutluit.com> said:
So, what to do if the hoster is uncooperative, like in this case? Where else to complain, what else to do?
If their ASN info is to be believed, they're in Bulgaria. It's unlikely anyone there cares.
Just block their network 80.94.95.0/24 and forget about it.
FWIW I got a spam blast from 80.94.95.59 a few weeks ago so it's not just that IP.
R's, John
Yes, this range is a source of other types of malicious activity. The country in RIPE for 80.94.95.0/24 says Moldova, but the company address is in United Kingdom. Their domain itself (bthoster.net) is suspiciously registered just a few months ago (Creation Date: 2023-07-31T09:22:59.00Z), showing a "This domain has recently been registered with Namecheap." parking page with no website. But, interestingly, the whois data was updated *after* that, so it's not your typical case of a company that closes/bankrupts and their domain expires. % Abuse contact for '80.94.95.0 - 80.94.95.255' is 'internethosting-ltd [] yandex.ru' inetnum: 80.94.95.0 - 80.94.95.255 netname: Bthoster country: MD org: ORG-BA1515-RIPE admin-c: BL7954-RIPE tech-c: BL7954-RIPE status: ASSIGNED PA mnt-by: Internet-Transit-MNT created: 2019-09-10T20:41:19Z last-modified: 2023-10-10T10:54:46Z source: RIPE organisation: ORG-BA1515-RIPE org-name: BtHoster LTD country: GB org-type: OTHER address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM e-mail: internethosting-ltd [] yandex.ru abuse-c: ACRO50561-RIPE mnt-ref: BtHoster-LTD-MNT mnt-by: BtHoster-LTD-MNT created: 2022-11-16T10:31:23Z last-modified: 2023-10-10T19:59:24Z source: RIPE role: Internet Transit address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM e-mail: sales [] bthoster.net nic-hdl: BL7954-RIPE mnt-by: Internet-Transit-MNT created: 2022-11-16T10:29:38Z last-modified: 2023-09-22T18:36:26Z source: RIPE % Information related to '80.94.95.0/24AS204428' route: 80.94.95.0/24 origin: AS204428 mnt-by: UNMANAGED mnt-by: ro-btel2-1-mnt created: 2022-11-15T14:14:48Z last-modified: 2022-11-15T14:14:48Z source: RIPE -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys ==================================================================== INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. ==================================================================== In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. ====================================================================