Spamhaus Top 10 Watch

Spammers should not profit, so post information here that hits their pockets. There are many ways to fight spammers, and we have automation tools to combat them efficiently. These forums are moderated, but do not reflect the views of the hosting company, domain registrar, etc. By entering any of these forums, you agree that you cannot hold anyone liable for anything related in any way to these forums.

Re: Spamhaus Top 10 Watch

Postby meep » Thu Mar 24, 2011 3:41 pm

Spamhaus Top 10 Watch by ISP. http://www.spamhaus.org/statistics/networks.lasso

I haven't looked at it in a while, so here I found 3/24/11

Code: Select all
As at 24 March 2011 the ISPs with the worst Abuse Departments and consequently the worst reputations for knowingly hosting illegal spam operations are:
1
   telecomitalia.it    Number of Current Known Spam Issues: 72

2
   inode.at    Number of Current Known Spam Issues: 68

3
   telefonica.com.ar    Number of Current Known Spam Issues: 61

4
   telefonica.com.br    Number of Current Known Spam Issues: 43

5
   unicom-hl    Number of Current Known Spam Issues: 42

6
   chinanet-hn    Number of Current Known Spam Issues: 39

7
   fibertel.com.ar    Number of Current Known Spam Issues: 37

8
   netdirekt.de    Number of Current Known Spam Issues: 36

9
   iliad.fr    Number of Current Known Spam Issues: 35

10
   ntt.net    Number of Current Known Spam Issues: 35



I have heard of inode.at (Austrian provider) which is listed at #2 with 68 SBLs. They seem to have a Casino Gambling spam problem. Many /32 listings. Many of the listings are very recent: March 2011. This appears to be an ISP in Austria and elsewhere in Europe. rDNS sample of an SBL: 56-232-126-85.static.edis.at. for IP: 213.229.30.35.

Spamhaus says in one of its many March SBLs:
Spamhaus has reports of Unsolicited Bulk Email coming from IPs in this range, or advertising sites hosted in this range, or with DNS servers hosted in this range. On preliminary investigation we have not been able to verify the identity of the operator(s) of the hosts in this IP range and this IP range appears to contain hosts with patterns or behavior synonymous with a snowshoe spam operation.

As a precaution therefore we are listing this IP range as an SBL Advisory until we are able to determine with certainty exactly who is operating these IPs/domains/hosts and also verify the opt-in permission status and origin of whatever list(s) are being used for the bulk mailings.

No customer assignment registered in the RIPE database.


Partial list:

Code: Select all
Found 68 SBL listings for IPs under the responsibility of inode.at

SBL105677    
85.126.232.106/32    inode.at
20-Mar-2011 17:28 GMT    
snowshoe casino spam range at edis.at /III    

SBL105676    
85.126.232.104/31    inode.at
20-Mar-2011 17:27 GMT    
snowshoe casino spam range at edis.at /II    

SBL105675    
85.126.232.102/31    inode.at
20-Mar-2011 17:27 GMT    
snowshoe casino spam range at edis.at /I    

SBL105674    
85.126.232.80/29    inode.at
20-Mar-2011 17:26 GMT    
snowshoe casino spam range at edis.at    

SBL105673    
85.126.232.71/32    inode.at
20-Mar-2011 17:26 GMT    
snowshoe casino spam host at edis.at    

SBL105672    
85.126.232.56/29    inode.at
20-Mar-2011 17:25 GMT    
snowshoe casino spam range at edis.at
...
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: Spamhaus Top 10 Watch

Postby NotBuyingIt » Mon Apr 10, 2017 9:27 pm

Pyotr Levashov (who possibly used the alias Peter Severa), number 7 on the Spamhaus Top 10, has been arrested in Spain at the request of the (USA) FBI. See
https://www.nytimes.com/2017/04/09/worl ... rrest.html
See also
https://krebsonsecurity.com/2017/04/all ... -arrested/

(Reddit vigilantes should avoid harassing legitimate men named Peter Severa.)
NotBuyingIt
Spammer Killing Machine
 
Posts: 609
Joined: Sun Jun 13, 2010 5:22 pm

Previous

Return to Fight Spammers

Who is online

Users browsing this forum: No registered users and 1 guest

cron