|
| Ref: SBL81244 |
| 194.85.61.0/25 is listed on the Spamhaus Block List (SBL) |
|
09-Dec-2009 14:06 GMT | SR04
|
| RU-CENTER - spammer & cybercriminal support domain registrar |
RU-CENTER claims that ICANN gTLD rules do not allow them to suspend spam, virus, malware, botnet C&C, DDoS-attack domains. This is an odd claim as Spamhaus knows this is untrue and we know that many dozens of the world's largest registrars in Europe, the USA, in China will quickly shut off abusive domains. Even other Russian registrars will do this.
All we can tell by their actions, or inaction, is that RU-CENTER is supporting spam & cybercrime.
_________________________________
Regional Network Information Center (RU-CENTER)
Phone: +7 495 737-0601
Fax: +7 495 737-0602
http://www.nic.ru/
rt.nic.ru
relay1o2.ripn.net ([194.85.61.114]
tld-ncc@nic.ru
______________________________
relay2.RIPN.net A 194.85.61.38
relay3.RIPN.net A 194.85.61.37
relay4.RIPN.net A 194.226.96.22
________________________________
--- DNS lookup for "nic.ru", please wait...
--- Found authoritative nameserver: ns.spb.su
--- contacting nameserver: ns.spb.su [193.124.83.69]
nic.ru SOA
origin = ns.RIPN.net
mail addr = noc-dns@relarn.ru
serial = 650127663
refresh = 14400 (4 hours)
retry = 3600 (1 hour)
expire = 2592000 (30 days)
minimum ttl = 86400 ()
nic.ru NS ns.spb.su
nic.ru NS ns.RIPN.net
nic.ru NS ns2.RIPN.net
nic.ru NS ns5.msk-ix.net
relay2.RIPN.net A 194.85.61.38
relay3.RIPN.net A 194.85.61.37
relay4.RIPN.net A 194.226.96.22
ns.spb.su A 193.124.83.69
ns.RIPN.net A 194.85.105.17
ns2.RIPN.net A 194.226.96.30
ns5.msk-ix.net A 193.232.128.6
nic.ru MX 5 relay2.RIPN.net
nic.ru MX 5 relay3.RIPN.net
nic.ru MX 10 relay4.RIPN.net
nic.ru A 194.85.61.42
nic.ru NS ns.spb.su
nic.ru NS ns.RIPN.net
nic.ru NS ns2.RIPN.net
nic.ru NS ns5.msk-ix.net
--- DNS Lookup completed
________________________________
inetnum: 194.85.61.0 - 194.85.61.255
netname: RU-NCC-NET
descr: RU NCC Network
descr: Regional Network Information Center
descr: Kurchatov sq, 1
descr: 123182 Moscow
country: RU
admin-c: RU-ORG
tech-c: RN-ORG
status: ASSIGNED PA
mnt-by: RUNIC-MNT
source: RIPE # Filtered
role: RU and SU Administration Group
address: Russian Institute for Public Networks
address: 1 Kurchatov square
address: 123182 Moscow
address: Russia
phone: +7 495 737 0601
phone: +7 495 737 0602
phone: +7 495 737 0603
fax-no: +7 495 946 9841
e-mail: ru-ncc@ripn.net
admin-c: AL86-RIPE
tech-c: OKV3-RIPE
tech-c: ZYM-RIPE
nic-hdl: RU-ORG
mnt-by: ROSNIIROS-MNT
source: RIPE # Filtered
role: RIPN NOC
address: Russian Institute for Public Networks
address: 1, Kurchatov square
address: 123182 Moscow
address: Russia
phone: +7 495 192 9029
phone: +7 495 192 9179
phone: +7 495 737 0685
fax-no: +7 499 196 4984
e-mail: noc@relarn.ru
admin-c: ABD1-RIPE
admin-c: EPV3-RIPE
tech-c: IA49-RIPE
tech-c: AK1724-RIPE
tech-c: MNK1-RIPE
nic-hdl: RN-ORG
mnt-by: ROSNIIROS-MNT
source: RIPE # Filtered
% Information related to '194.85.61.0/24AS3316'
route: 194.85.61.0/24
descr: RIPN
origin: AS3316
mnt-by: AS3316-MNT
source: RIPE # Filtered
_____________________________________________
aut-num: AS3316
as-name: RELARN
descr: RELARN-MSK
descr: Research & Education Network
descr: Moscow Department
descr: Moscow, Russia
admin-c: RA-ORG
tech-c: RN-ORG
mnt-routes: ROSNIIROS-MNT
mnt-routes: AS3316-MNT
mnt-routes: RIPN-MNT
mnt-by: AS3316-MNT
mnt-by: RIPN-MNT
source: RIPE # Filtered
role: RIPN Administration
address: Russian Institute for Public Networks
address: 1 Kurchatov square
address: 123182 Moscow
address: Russia
phone: +7 499 196 9614
phone: +7 499 196 7278
fax-no: +7 499 196 4984
admin-c: EPV3-RIPE
tech-c: ABD1-RIPE
nic-hdl: RA-ORG
mnt-by: ROSNIIROS-MNT
source: RIPE # Filtered
role: RIPN NOC
address: Russian Institute for Public Networks
address: 1, Kurchatov square
address: 123182 Moscow
address: Russia
phone: +7 495 192 9029
phone: +7 495 192 9179
phone: +7 495 737 0685
fax-no: +7 499 196 4984
admin-c: ABD1-RIPE
admin-c: EPV3-RIPE
tech-c: IA49-RIPE
tech-c: AK1724-RIPE
tech-c: MNK1-RIPE
nic-hdl: RN-ORG
mnt-by: ROSNIIROS-MNT
source: RIPE # Filtered
__________________________________________________
From March 2009 to May 1st, 2009, over a dozen reports of botnet spammer, malware, cybercriminal domains were sent to "ANO Regional Network Information Center aka RU-Center", not one domain was suspended or put on "Registrar HOLD".
Sad to see an ICANN registar so closely tied to RIPN being used by cybercriminals to further abuse of the internet.
http://www.dotandco.net/ressources/icann_registrars/details/46/index.en
_______________________________________________
domain: NIC.RU
type: CORPORATE
nserver: ns.ripn.net.
nserver: ns.spb.su.
nserver: ns2.ripn.net.
nserver: ns5.msk-ix.net.
state: REGISTERED, DELEGATED
org: ANO Regional Network Information Center
phone: +7 499 1967278
fax-no: +7 499 1964984
e-mail: lad@ripn.net
e-mail: ru-ncc@nic.ru
registrar: RUCENTER-REG-RIPN
created: 1997.11.28
paid-till: 2009.12.01
source: TC-RIPN
--- Found authoritative nameserver: ns5.msk-ix.net
--- contacting nameserver: ns5.msk-ix.net [193.232.128.6]
nic.ru SOA
origin = ns.RIPN.net
mail addr = noc-dns@relarn.ru
serial = 650127466
refresh = 14400 (4 hours)
retry = 3600 (1 hour)
expire = 2592000 (30 days)
minimum ttl = 86400 ()
nic.ru MX 5 relay3.RIPN.net
nic.ru MX 10 relay4.RIPN.net
nic.ru MX 5 relay2.RIPN.net
nic.ru A 194.85.61.42
nic.ru NS ns5.msk-ix.net
nic.ru NS ns.spb.su
nic.ru NS ns.RIPN.net
nic.ru NS ns2.RIPN.net
relay2.RIPN.net A 194.85.61.38
relay3.RIPN.net A 194.85.61.37
relay4.RIPN.net A 194.226.96.22
ns.RIPN.net A 194.85.105.17
ns2.RIPN.net A 194.226.96.30
ns5.msk-ix.net A 193.232.128.6
--- DNS Lookup completed
_______________________________________________________
Removal Procedure
To have record SBL81244 (194.85.61.0/25) removed from the SBL, the Abuse/Security representative of ripn.net (or the Internet Service Provider responsible for supplying connectivity to 194.85.61.0/25) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:
If you are a representative of ripn.net, you also need to see: Current Live ripn.net SBL Listings
The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect users from spam sources and spam services. The SBL lists only IP addresses (not domains, email addresses, names or anything else). If you are unable to send email to someone due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact the Spamhaus SBL team to resolve the issue (if you are not the Internet Service Provider, please do not contact us.)
|
