|
| Ref: SBL89504 |
| 91.216.3.0/24 is listed on the Spamhaus Block List - SBL |
| 91.216.3.0/24 is listed on the Don't Route or Peer List - DROP |
| 2010-05-11 11:15:19 GMT | SR22 | RIPE |
| Dirty network - PROXIEZ-NET |
Hosting Zeus C&Cs.
This IP address has been seen as acting as a ZeuS botnet C&C or
hosting binaries/dropzones for the ZeuS botnet.
microsoft-xp-update.com has address 91.216.3.146
microsoft-xp-update.com/up0/update.php (dropzone)
microsoft-xp-update.com/up3/update.php (dropzone)
2010-05-10:
91.216.3.108/ca1/load/myexebr.exe (binary)
----
Other domains seen:
microsoft-iexplorer8-update.com A 91.216.3.146
microsoft-vista-update.com A 91.216.3.146
----
inetnum: 91.216.3.0 - 91.216.3.255
netname: PROXIEZ-NET
descr: PE Nikolaev Alexey Valerievich
country: RU
org: ORG-PNAV1-RIPE
admin-c: NA2817-RIPE
tech-c: NA2817-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: PROXI-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: PROXI-MNT
mnt-domains: PROXI-MNT
source: RIPE # Filtered
organisation: ORG-PNAV1-RIPE
org-name: PE Nikolaev Alexey Valerievich
org-type: OTHER
address: RUSSIA, 46 Yo Kyrli , ap. 151
address: Yoshkar-OLa, Russia
admin-c: NA2817-RIPE
e-mail: admin@proxiz.ru
mnt-ref: PROXI-MNT
mnt-by: PROXI-MNT
source: RIPE # Filtered
person: Nikolaev Alexey
address: 46 Yo Kyrli , ap. 151
address: Yoshkar-OLa, Russia
phone: +78362411523
e-mail: admin@proxiz.ru
nic-hdl: NA2817-RIPE
source: RIPE # Filtered
% Information related to '91.216.3.0/24AS50896'
route: 91.216.3.0/24
descr: Proxiz route
origin: AS50896
mnt-by: PROXI-MNT
source: RIPE # Filtered
----
domain: PROXIZ.RU
nserver: ns41.dns-rus.net.
nserver: ns42.dns-rus.net.
state: REGISTERED, DELEGATED, UNVERIFIED
person: Private person
phone: +7 812 5856545
e-mail: max_urambler@mail.ru
registrar: REGRU-REG-RIPN
created: 2010.03.25
paid-till: 2011.03.25
source: TCI
Removal Procedure
To have record SBL89504 (91.216.3.0/24) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 91.216.3.0/24) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:
If you are a representative of RIPE, you also need to see: Current Live RIPE SBL Listings
The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect users from spam sources and spam services. The SBL lists only IP addresses (not domains, email addresses, names or anything else). If you are unable to send email to someone due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact the Spamhaus SBL team to resolve the issue (if you are not the Internet Service Provider, please do not contact us.)
|
