This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Fwd: Re: botnet controllers
- Previous message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
- Next message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
PP
phishphucker at storey.ovh
Thu Jun 25 08:03:39 CEST 2020
So who at RIPE is responsible for allocating this resource, and what policy can be introduced to prevent the allocation of IP address resources to irresponsible organizations like this one? SpamHaus have it listed as the worlds number one source of spam: https://www.spamhaus.org/statistics/networks/ On 25/06/2020 2:10 pm, Tõnu Tammer via anti-abuse-wg wrote: > > We've had similar experience with this VPN provider. > > He claims not being able to track malicious actor is for the benefit > of free speech but when malware is used to attack people who express > free speech he did not understand that his service is not contributing > towards free speech but hinders it. > > Tonu > CERT-EE > > On 25.06.2020 04:15, PP wrote: >> >> Botnet controllers on VPN provider that refuses to act: >> >> >> organisation: ORG-SL751-RIPE >> org-name: Freedom Of Speech VPN >> org-type: OTHER >> address: P.O. Box 9173 >> address: Victoria >> address: Mahe Island >> address: Seychelles >> e-mail: info at FOS-VPN.org >> abuse-c: SL12644-RIPE >> mnt-ref: FOS-VPN-MNT >> mnt-by: FOS-VPN-MNT >> created: 2018-07-13T05:33:45Z >> last-modified: 2020-02-28T12:37:39Z >> source: RIPE >> >> >> >> >> -------- Forwarded Message -------- >> Subject: Re: botnet controllers >> Date: Wed, 24 Jun 2020 21:49:21 +0200 >> From: info at ghlc.biz >> To: PP <phishphucker at storey.ovh> >> >> >> >> On 2020-06-24 13:03, PP wrote: >> Hello! >> >> >> Please note that all mentioned IPs belong to non-logging VPN services. >> >> No user logs are kept. >> >> >> Sincerely yours >> >> David Craig >> >> >>> SBL488704 >>> 185.140.53.75/32 >>> ghlc.biz >>> 23-Jun-2020 05:26 GMT >>> Malware botnet controller @185.140.53.75 >>> https://www.spamhaus.org/sbl/query/SBL488704 >>> >>> >>> SBL488686 >>> 91.193.75.58/32 >>> ghlc.biz >>> 22-Jun-2020 18:39 GMT >>> NanoCore botnet controller @91.193.75.58 >>> https://www.spamhaus.org/sbl/query/SBL488686 >>> >>> >>> SBL488548 >>> 185.244.30.201/32 >>> ghlc.biz >>> 19-Jun-2020 13:21 GMT >>> QuasarRAT botnet controller @185.244.30.201 >>> https://www.spamhaus.org/sbl/query/SBL488548 >>> >>> >>> SBL488006 >>> 185.140.53.162/32 >>> ghlc.biz >>> 18-Jun-2020 10:11 GMT >>> NanoCore botnet controller @185.140.53.162 >>> https://www.spamhaus.org/sbl/query/SBL488006 >>> >>> >>> SBL487900 >>> 185.140.53.229/32 >>> ghlc.biz >>> 16-Jun-2020 13:28 GMT >>> NanoCore botnet controller @185.140.53.229 >>> https://www.spamhaus.org/sbl/query/SBL487900 >>> >>> >>> SBL487899 >>> 185.244.30.113/32 >>> ghlc.biz >>> 16-Jun-2020 12:59 GMT >>> RemcosRAT botnet controller @185.244.30.113 >>> https://www.spamhaus.org/sbl/query/SBL487899 >>> >>> >>> SBL487893 >>> 185.140.53.236/32 >>> ghlc.biz >>> 16-Jun-2020 12:07 GMT >>> NanoCore botnet controller @185.140.53.236 >>> https://www.spamhaus.org/sbl/query/SBL487893 >>> >>> >>> SBL487886 >>> 185.165.153.45/32 >>> ghlc.biz >>> 16-Jun-2020 10:26 GMT >>> NanoCore botnet controller @185.165.153.45 >>> >>> https://www.spamhaus.org/sbl/query/SBL487886 -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200625/3139a4a9/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
- Next message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]