Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Spam/Phishing Host as a Business Model - Serverion(dot)com
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spam/Phishing Host as a Business Model - Serverion(dot)com

I've noticed that one of worst hosts for spam and phishing is the site in the subject line that I am not going to link to. They seem to be working hand-in-hand with prefixbroker.com. I block the range to stop all spam and phishing emails, and sure enough, they start coming in again and I find a new range that I assume that they are leasing, whack-a-mole.

So, leasing a range and charging premium to spammers and malware hosts and other internet creeps must be a good business model, it makes money.

But, what I don't understand is the actions of prefixbroker. Don't they care that the ranges that lease are being deliberately trashed. Or is that part of the business model too?

Comments

  • NekkiNekki Veteran

    @MTUser2012 said:
    I've noticed that one of worst hosts for spam and phishing is the site in the subject line that I am not going to link to. They seem to be working hand-in-hand with prefixbroker.com. I block the range to stop all spam and phishing emails, and sure enough, they start coming in again and I find a new range that I assume that they are leasing, whack-a-mole.

    So, leasing a range and charging premium to spammers and malware hosts and other internet creeps must be a good business model, it makes money.

    But, what I don't understand is the actions of prefixbroker. Don't they care that the ranges that lease are being deliberately trashed. Or is that part of the business model too?

    A bit like ColoCrossing, part of the business model.

    Thanked by 3Hotmarer Erisa ralf
  • edited April 2022

    @Nekki said:

    @MTUser2012 said:
    I've noticed that one of worst hosts for spam and phishing is the site in the subject line that I am not going to link to. They seem to be working hand-in-hand with prefixbroker.com. I block the range to stop all spam and phishing emails, and sure enough, they start coming in again and I find a new range that I assume that they are leasing, whack-a-mole.

    So, leasing a range and charging premium to spammers and malware hosts and other internet creeps must be a good business model, it makes money.

    But, what I don't understand is the actions of prefixbroker. Don't they care that the ranges that lease are being deliberately trashed. Or is that part of the business model too?

    A bit like ColoCrossing, part of the business model.

    What is the story behind the 100 brands ColoCrossing used to run? Why wasn't it profitable to keep them all online like EIG/blue host does with their 499 brands?

  • titustitus Member

    Currently I have many Serverion & Prefixbroker IP ranges on my firewalls because of tons of port scans, WordPress vulnerability scans, and other malicious activity, like this:

    https://www.abuseipdb.com/check-block/212.192.246.0/24
    https://www.abuseipdb.com/check-block/31.210.20.0/24
    https://www.abuseipdb.com/check-block/2.56.59.0/24
    https://imgur.com/a/gqrohpq

    On my list I have 11+ at the moment.
    Prefixbroker also provide IP ranges for some VPN providers also (these ranges little better than the previously mentioned. I blocking them partly too for the same reason).

    Maybe would be a good idea to create a public blacklist from this problematic IP ranges like these.

  • @titus said:
    Maybe would be a good idea to create a public blacklist from this problematic IP ranges like these.

    https://crowdsec.net/ might be worth checking out.

    Thanked by 3titus mrTom JasonM
  • phuhquephuhque Member

    My apologies for intruding, I was looking at Serverion because I was seeing interesting connection attempts from them and found this page. I thought I would add my 2 cents worth.
    https://mxtoolbox.com/SuperTool.aspx?action=asn:399471&run=networktools
    the ASN lookup tool makes it a lot easier to tackle all of the IP ranges of given smaller company. Effectively giving you all the resources they list. I have a number of companies where they intentionally provide network services to spammers that I block.

  • darbdarb Member

    another tool that I use is the cleantalk asn list: https://cleantalk.org/blacklists/asn

  • ralfralf Member
    edited May 2022

    @darb said:
    another tool that I use is the cleantalk asn list: https://cleantalk.org/blacklists/asn

    29  AS36352 AS-COLOCROSSING United States   247279  175655  71.03%
    

    Hahahahahahahahahaha. 71 percent of colo-crossing hosts are spammers. Words fail me.

  • SplitIceSplitIce Member, Host Rep

    @titus said: titus

    If you have an authoratative and automated source for Prefixbroker please consider contributing to https://github.com/X4BNet/lists_vpn/

    Thanked by 1titus
  • szymonpszymonp Member

    @darb said:
    another tool that I use is the cleantalk asn list: https://cleantalk.org/blacklists/asn

    Lol my home ISP is listed there

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2022

    You may find this helpful to run on a cron, just toss in another ASN any time and it'll do it's thing: https://github.com/mxroute/da_server_updates/blob/master/sec/fuckthesenetworks.sh

    For AS399471 I also run this on cron: https://paste.mxroute.app/?fffb3982232159cc#Bi48RbMirSihqF1zRWDvY23QT5n99EAQVSpgupaS5aca

    Looks like AS400377 should be added to the list. You want to react dynamically to Serverion because they are indeed a spam only network and they do continually rent or purchase new ranges to get around the blocks.

  • jarjar Patron Provider, Top Host, Veteran

    Here's the most fun part of this. I just found something interesting:

    root@eagle:/usr/local/directadmin/custombuild# grep serverion servers.txt
    mirror.serverion.com

    This 100% spam, criminal network is a trusted source on my servers. Fortunately blackholed, but can you imagine the possibilities if criminal level spammers are running out of good IPs and they have this unchecked authority?

Sign In or Register to comment.