r4 - 12 Nov 2007 - 02:31:55 - MattJonkmanYou are here: TWiki > 
Main Web > AboutBleedingEdgeThreats > AllRulesets > RussianBusinessNetwork
Main Web > AboutBleedingEdgeThreats > AllRulesets > RussianBusinessNetworkRussian Business Network
RussianBusinessNetwork Host List (RBN) : Call these hosts what you like, we see a large amount of hostile activity from these nets, and get little to no abuse response for takedown, Do what you will with this information. Some background, compiled by JamesMcQuaid http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7740 http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html http://www.washingtonpost.com/wp-dyn/content/story/2007/10/12/ST2007101202661.html?hpid=moreheadlines http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101201700.html?sub=new http://en.wikipedia.org/wiki/Russian_Business_Network UPDATE From Spamhaus: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7829 http://cidr-report.org/cgi-bin/as-report?as=AS43603 http://cidr-report.org/cgi-bin/as-report?as=AS42811 http://cidr-report.org/cgi-bin/as-report?as=AS43259 http://cidr-report.org/cgi-bin/as-report?as=AS43702 http://cidr-report.org/cgi-bin/as-report?as=AS43188 http://cidr-report.org/cgi-bin/as-report?as=AS42672 http://cidr-report.org/cgi-bin/as-report?as=AS42662 From RBNExploit: http://rbnexploit.blogspot.com To cover traffic from the RBN's fake anti-spyware tools (partially within Spamhaus XBL): IP Range start IP range end AS # Name 64.28.176.0 64.28.191.255 AS27595 INTERCAGE 69.22.162.0 69.22.163.255 AS27595 INTERCAGE 69.22.168.0 69.22.175.255 AS27595 INTERCAGE 69.22.184.0 69.22.187.255 AS27595 INTERCAGE 69.31.64.0 69.31.79.255 AS27595 INTERCAGE 69.50.160.0 69.50.191.255 AS27595 INTERCAGE 85.255.113.0 85.255.117.255 AS27595 INTERCAGE 85.255.118.0 85.255.118.255 AS27595 INTERCAGE 216.255.176.0 216.255.191.255 AS27595 INTERCAGE 58.65.239.66 - RBN domain involved in the Bank of India hack. 58.65.234.17 and 58.65.234.18 - RBN domains for iFrame Cash (see Spamhaus Rosko) 58.65.232.0 - 58.65.239.255 = HOSTFRESH RBN alternative hosting (supposedly Hong Kong based, but Intercage / Estdomains etc. linkage)
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- CVS View of All Rules
- WebRss Feed
- BleedingFAQ
 |
|
