Archive for the ‘rogue networks’ Category

Inboxrevenge.com, the little forum that creates big headaches for internet criminals, is under another distributed denial of service (DDoS) attack. That means hundreds or thousands of zombie computers — computers like yours that have been infected by malware and put under the control of criminals — are all trying to access the site simultaneously. Websites […]


This website called FIRE (FInding RoguE Networks) tracks rogue networks based on malware such as phishing, botnet activity and exploited servers. At the time of this post on September 19th, 2009, the Canadian-based provider AS23522 IPNAP-ES – GigeNET. was the top offender on MaliciousNetworks.org. One can also track this host using Google’s Safe Browsing Diagnostic […]


On September 6th, 2009, Spamhaus blocked a /16 which is 65,536 IPs (1 Class B) on its SBL. This listing is filed under SBL68517. The IP range that is being blocked is 132.240.0.0/16. One can view the ASN information of 132.240.0.0 at robtex. According to robtex, the upstream for this range is AS3257 which is […]


While going through Spamhaus SBLs, I found this updated /23 under RIPE. It would seem that most times when Spamhaus is unsure of the exact ownership of a netblock or the downstream has a small number of IPs assigned to it, the volunteers will place it under the regional registry (RIR). I researched the IP […]


Announcing SiL’s new blog on blogspot about SpamIt, called “SpamIt Must Fall” which seeks to expose info that spam organization behind Canadian Pharmacy. SiL’s other blog, I Kill Spammers, has been exposing spammer operations since 2006. The most recent post as of this posting is about Oprah Winfrey’s company, Harpo Productions going after the spamming […]


Very recently, Swedish upstream provider, TeliaSonera, threatened cut off its direct connection to Junik (AS8206) JUNIK-RIGA-LV JUNIKNET if Junik.lv did not cut off its own downstream (Real Host) because of its reputation of being rogue (hosting zeus botnets). By Monday August 3rd, 2009, Real Host lost its connectivity. Jart Armin of HostExploit recently tweeted about […]


Good news for service provider Tata Communications (AS4755) and Spamhaus and some bad news for Tiscali (now Tinet – AS3257). For approximately a month, the large Indian-based provider, Tata Communications, has been still working on its SBL (Spamhaus Block List) by resolving its listings. This means the administrators at Tata Communications have been ending services […]


Yahoo has a big problem with spammers. This abuse of its Yahoo Groups services has been going on for at least since late 2008. Much of this information is already out there for those to read but somewhat scattered, so I am providing links within this blog.  The spammers are selling various pharma spam. My […]


ASN stands for Autonomous System Number. AS or ASN followed by a number is used to identify an autonomous system on the internet by people who manage networks on the Internet. One well-known example of an ASN is AT&T whose is ASN7018. Most people who may be network engineers are concerned with ASNs. Also, netizens […]


Update: SORBS was sold to a new owner at an unspecified price. Details at bottom of post: updated 1st August 2009. On Monday, 22 June, it was announced by Michelle Sullivan, owner of SORBS (IP: 203.15.51.39 at ASN2764 AAPT), on the SORBS homepage that she would shut the blacklisting services down by July 21st. Apparently […]