Due to repeated and ongoing botnet hosting, we currently consider this network as harmful and risky for Spamhaus users. We therefore advise Spamhaus SBL users to not accept any traffic from this network at the moment. We may review this listing should we not see further abuse originating from this network in the upcoming weeks.

SBL295582 2016-04-26 TorrentLocker botnet controller @149.154.64.227
SBL280028 2015-12-21 TorrentLocker payment site @149.154.64.206
SBL259808 2015-06-22 Necurs botnet controller @149.154.65.0
SBL256641 2015-05-18 Dridex botnet controller @149.154.64.70 [compromised server]
SBL227877 2014-07-14 KINS botnet controller @149.154.65.73
SBL225689 2014-06-19 Spamnost botnet controller @149.154.65.218
SBL224054 2014-06-03 KINS botnet controller @149.154.65.251
SBL223367 2014-05-28 Malware botnet controller @149.154.64.161
SBL221667 2014-05-14 Cryptolocker active DNS controller
SBL219323 2014-04-15 ZeuS botnet controller @149.154.64.20
____________________________________

% Information related to '149.154.64.0 - 149.154.65.255'

% Abuse contact for '149.154.64.0 - 149.154.65.255' is 'abuse@abusehost.ru'

inetnum: 149.154.64.0 - 149.154.65.255
netname: THEFIRST-NET
org: ORG-FVDS1-RIPE
descr: TheFirst-RU clients (WebDC Msk)
country: RU
admin-c: FRST3-RIPE
tech-c: FRST3-RIPE
status: ASSIGNED PA
mnt-by: THEFIRST-MNT
mnt-irt: IRT-THEFIRST
created: 2011-09-13T06:38:46Z
last-modified: 2016-04-20T04:24:13Z
source: RIPE

organisation: ORG-FVDS1-RIPE
org-name: CJSC THE FIRST
org-type: OTHER
address: CJSC The First, Raduzhny 34a
address: PoBox64, Irkutsk, 664017
address: Russian Federation
abuse-mailbox: abuse@abusehost.ru
abuse-c: AR34130-RIPE
mnt-ref: THEFIRST-MNT
mnt-by: THEFIRST-MNT
created: 2012-02-14T06:27:22Z
last-modified: 2016-03-30T08:08:41Z
source: RIPE # Filtered

role: The First JSC Network Operations
address: The First JSC
address: Office 2, 34a, Raduzhny m-r
address: 664017
address: Irkutsk
address: Russian Federation
phone: +7 (495) 663 73 72
fax-no: +7 (3952) 52 57 89
remarks: trouble: -------------------------------------------------------
remarks: trouble: Points of contact for The First CJSC Network Operations
remarks: trouble: -------------------------------------------------------
remarks: trouble: Routing and peering issues: noc@firstvds.ru
remarks: trouble: SPAM issues: abuse@abusehost.ru
remarks: trouble: Mail issues: abuse@abusehost.ru
remarks: trouble: General information: noc@firstvds.ru
remarks: trouble: -------------------------------------------------------
admin-c: AA26905-RIPE
tech-c: ST6386-RIPE
nic-hdl: FRST3-RIPE
mnt-by: THEFIRST-MNT
created: 2014-09-12T07:34:10Z
last-modified: 2016-04-20T06:53:43Z
source: RIPE # Filtered
abuse-mailbox: abuse@abusehost.ru

% Information related to '149.154.64.0/23AS29182'

route: 149.154.64.0/23
descr: TheFirst-RU, WebDC MSK, RU
origin: AS29182
mnt-by: THEFIRST-MNT
created: 2011-09-14T07:55:04Z
last-modified: 2011-12-09T08:29:15Z
source: RIPE

To have record SBL295728 (149.154.64.0/23) removed from the SBL, the Abuse/Security representative of ispserver.com (or the Internet Service Provider responsible for supplying connectivity to 149.154.64.0/23) needs to contact the SBL Team by email (use this link) to explain how the abuse problem has been terminated (we need to know exactly how the issue has been dealt with and that this abuse problem is fully terminated). If the abuse problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.

It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:

If you are a representative of ispserver.com, you also need to see: Current Live ispserver.com SBL Listings