All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Spam/Phishing Host as a Business Model - Serverion(dot)com
I've noticed that one of worst hosts for spam and phishing is the site in the subject line that I am not going to link to. They seem to be working hand-in-hand with prefixbroker.com. I block the range to stop all spam and phishing emails, and sure enough, they start coming in again and I find a new range that I assume that they are leasing, whack-a-mole.
So, leasing a range and charging premium to spammers and malware hosts and other internet creeps must be a good business model, it makes money.
But, what I don't understand is the actions of prefixbroker. Don't they care that the ranges that lease are being deliberately trashed. Or is that part of the business model too?
Comments
A bit like ColoCrossing, part of the business model.
What is the story behind the 100 brands ColoCrossing used to run? Why wasn't it profitable to keep them all online like EIG/blue host does with their 499 brands?
Currently I have many Serverion & Prefixbroker IP ranges on my firewalls because of tons of port scans, WordPress vulnerability scans, and other malicious activity, like this:
https://www.abuseipdb.com/check-block/212.192.246.0/24
https://www.abuseipdb.com/check-block/31.210.20.0/24
https://www.abuseipdb.com/check-block/2.56.59.0/24
https://imgur.com/a/gqrohpq
On my list I have 11+ at the moment.
Prefixbroker also provide IP ranges for some VPN providers also (these ranges little better than the previously mentioned. I blocking them partly too for the same reason).
Maybe would be a good idea to create a public blacklist from this problematic IP ranges like these.
https://crowdsec.net/ might be worth checking out.
My apologies for intruding, I was looking at Serverion because I was seeing interesting connection attempts from them and found this page. I thought I would add my 2 cents worth.
https://mxtoolbox.com/SuperTool.aspx?action=asn:399471&run=networktools
the ASN lookup tool makes it a lot easier to tackle all of the IP ranges of given smaller company. Effectively giving you all the resources they list. I have a number of companies where they intentionally provide network services to spammers that I block.
another tool that I use is the cleantalk asn list: https://cleantalk.org/blacklists/asn
Hahahahahahahahahaha. 71 percent of colo-crossing hosts are spammers. Words fail me.
If you have an authoratative and automated source for Prefixbroker please consider contributing to https://github.com/X4BNet/lists_vpn/
Lol my home ISP is listed there
You may find this helpful to run on a cron, just toss in another ASN any time and it'll do it's thing: https://github.com/mxroute/da_server_updates/blob/master/sec/fuckthesenetworks.sh
For AS399471 I also run this on cron: https://paste.mxroute.app/?fffb3982232159cc#Bi48RbMirSihqF1zRWDvY23QT5n99EAQVSpgupaS5aca
Looks like AS400377 should be added to the list. You want to react dynamically to Serverion because they are indeed a spam only network and they do continually rent or purchase new ranges to get around the blocks.
Here's the most fun part of this. I just found something interesting:
This 100% spam, criminal network is a trusted source on my servers. Fortunately blackholed, but can you imagine the possibilities if criminal level spammers are running out of good IPs and they have this unchecked authority?