Maybe simple whois from debian machine. Then he looks to related Regional Internet address Registry, in this case, APNIC. I mark it in *bold*. hois 59.106.13.181 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '59.106.0.0 - 59.106.255.255' % Abuse contact for '59.106.0.0 - 59.106.255.255' is 'hostmaster@nic.ad.jp' inetnum: 59.106.0.0 - 59.106.255.255 netname: SAKURA descr: SAKURA Internet Inc. descr: Grandfront Osaka Bldg. Tower-A 35F, 4-20, Ofukacho, Kita-ku, Osaka 530-0011 Japan country: JP admin-c: JNIC1-AP tech-c: JNIC1-AP status: ALLOCATED PORTABLE *remarks: Email address for spam or abuse complaints : support@sakura.ad.jp <support@sakura.ad.jp>* mnt-by: MAINT-JPNIC mnt-irt: IRT-JPNIC-JP mnt-lower: MAINT-JPNIC changed: hm-changed@apnic.net 20041013 changed: ip-apnic@nic.ad.jp 20070523 changed: hm-changed@apnic.net 20151202 changed: ip-apnic@nic.ad.jp 20170703 source: APNIC irt: IRT-JPNIC-JP address: Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda address: Chiyoda-ku, Tokyo 101-0047, Japan e-mail: hostmaster@nic.ad.jp abuse-mailbox: hostmaster@nic.ad.jp admin-c: JNIC1-AP tech-c: JNIC1-AP auth: # Filtered mnt-by: MAINT-JPNIC changed: abuse@apnic.net 20101108 changed: hm-changed@apnic.net 20101111 changed: ip-apnic@nic.ad.jp 20140702 source: APNIC *_____________________________* *Marc Gimeno* *NOC* *_____________________________* Adamo Telecom Iberia S.A.U. www.adamo.es On Wed, Aug 23, 2017 at 5:16 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello Suresh,
It doesn't seem to help a lot:
ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP p. [Nameserver] ns1.dns.ne.jp p. [Nameserver] ns2.dns.ne.jp [Assigned Date] 2004/11/24 [Return Date] [Last Update] 2004/11/24 18:41:02(JST)
Less Specific Info. ---------- SAKURA Internet Inc. [Allocation] 59.106.0.0/16
More Specific Info.
No e-mail addresses of the abuse team or NOC or SOC.
Best regards,
Kurt Kraut
2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists@gmail.com>:
whois -h whois.nic.ad.jp IP /e
--srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut