Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mail.misc > #869

spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks

From Ivan Shmakov <ivan@siamics.net>
Newsgroups comp.mail.misc, news.admin.net-abuse.email
Subject spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks
Date 2016-11-10 17:10 +0000
Organization A noiseless patient Spider
Message-ID <87vavvz2f4.fsf_-_@violet.siamics.net> (permalink)
References <87vax8xfdm.fsf@violet.siamics.net> <alpine.OSX.2.20.1610072041240.6800@mako.ath.cx> <87twce6crf.fsf@violet.siamics.net> <alpine.OSX.2.20.1610141455570.69265@mako.ath.cx> <87r37c4ahx.fsf_-_@violet.siamics.net>

Cross-posted to 2 groups.

Show all headers | View raw

>>>>> Ivan Shmakov <ivan@siamics.net> writes:

[...]

 > All the unwanted mail I saw before came from the 13 networks below,
 > which I've thus added to my 'rejectnet' set:

 >> 185.5.248.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 185.58.204.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 185.87.48.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 185.117.152.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 185.125.216.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 193.106.96.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 193.124.176.0/20 from AS: 48666 (upstreams: 12389 9002),
 >> 194.67.192.0/23 from AS: 48666 (upstreams: 12389 9002),
 >> 194.67.194.0/24 from AS: 48666 (upstreams: 12389 9002),
 >> 194.67.196.0/22 from AS: 48666 (upstreams: 12389 9002),
 >> 194.67.200.0/21 from AS: 48666 (upstreams: 12389 9002),
 >> 194.67.208.0/20 from AS: 48666 (upstreams: 12389 9002),

	This has worked quite well until yesterday, when I've got yet
	another message, this time from 95.46.99.0/24 (AS201094), very
	similar to those I was getting from the MAROSNET networks.

	I've mailed abuse at gmhost dot com dot ua, but seen no reply as
	of yet.  The hosts were thus added to my 'dropemall' set; while
	the network (/24) made it straight to 'rejectnet'.

2016W45	dbjc@009msk.ru [95.46.99.232]
	jsvj@give-gift.ru [95.46.99.233]

	FTR, there were a couple more messages with similar Message-ID:
	values (/^[0-9A-Z]{32}@/) that came from other networks; namely:

2016W44	aaasj800i1d3@sr.incl.ne.jp [219.121.225.37]
2016W42	lihong@mail.tjnu.edu.cn [202.113.96.4]

	And just in the case someone gets curious, here's a partial
	list of IPv4 addresses that were recently denied access to
	TCP port 25 at my MX, in reverse chronological order.

## IPv4 	days	rDNS
94.142.140.44	0	vector2000.ru.
193.124.180.212	0	alpaper.ru.
194.67.198.162	0	raskat-servis.ru.
194.67.198.174	0	mmaweb.ru.
194.67.198.180	0	news40.ru.
194.67.213.188	0	kama-pv.ru.
194.67.213.192	0	lesaltai.ru.
185.58.205.61	1	wapmag.ru.
194.67.198.169	1	100euro.ru.
194.67.213.187	1	teko-pskov.ru.
194.67.213.190	1	fenecair.ru.
194.67.199.166	2	gazon72.ru.
194.67.213.189	2	ra-mart.ru.
185.5.250.180	3	warfilm.ru.
194.67.199.162	3	mmtours.ru.
185.87.48.120	7	sks26.ru.
185.87.48.203	7	mp3mw.ru.
185.87.51.60	7	flat-ice.ru.
193.124.183.150	7	free.marosnet.net.
194.67.213.186	7	tono-int.ru.
185.5.250.20	8	market-ur.ru.
193.124.181.229	8	free.marosnet.net.
194.67.198.197	8	da-lite.ru.
194.67.210.197	8	btforum.ru.
194.67.210.202	8	threeality.ru.
194.67.210.205	8	brook-bond.ru.
194.67.211.112	8	f-plast.ru.
194.67.212.211	8	dialint.ru.
194.67.212.188	9	gummail.ru.
194.67.213.191	9	ecc-inok.ru.

[...]

-- 
FSF associate member #7257  np. Dream Raga -- Jami Sieber  3013 B6A0 230E 334A

Back to comp.mail.misc | Previous | NextPrevious in thread | Find similar

Thread

SPF? DKIM? spammers can do them too Ivan Shmakov <ivan@siamics.net> - 2016-10-04 16:12 +0000
  Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-05 19:29 -0500
    Re: SPF? DKIM? spammers can do them too Ivan Shmakov <ivan@siamics.net> - 2016-10-07 16:55 +0000
      Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-07 20:29 -0500
  Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-07 20:53 -0500
    Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-07 21:09 -0500
    Re: SPF? DKIM? spammers can do them too Ivan Shmakov <ivan@siamics.net> - 2016-10-14 17:50 +0000
      Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-14 15:21 -0500
        spam from MAROSNET (AS48666) networks Ivan Shmakov <ivan@siamics.net> - 2016-10-19 15:35 +0000
          spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks Ivan Shmakov <ivan@siamics.net> - 2016-11-10 17:10 +0000

csiph-web