1. Forum
  2. Usenet
  3. NEWS.ADMIN.NET-ABUSE.EMAI

  • Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_10

    From A. Filip@21:1/5 to All on Fri Jan 14 06:30:22 2022
    Spamcop.net Top200 source: https://www.spamcop.net/hoshame.shtml
    IPv4 reports for the week ending 2022-01-14T06:30:22+00:00
    IPv6 reports for the week ending 2022-01-14T06:30:25+00:00
    IP address to country and ASN mapping by whois.cymru.com
    Stats generated for 200 IPv4 addresses and 2 IPv6 adresses
    Cutoff at Spamcop.net 200:IPv4 : 2217 reports
    Spamcop.net 1:IPv6 : 6184 reports

    #### Top entries with reports count
    #### [Top-IP: Top 10 IPv4&IPv6 + Top 1 IPv6 + DNSWL listed]
    #No. Reports Age AS IP_Address
    1. 1:IPv4 121_404 2.9 days RU AS12389 77.40.78.189
    2. 2:IPv4 104_764 4.1 days RU AS12389 77.40.62.30
    3. 3:IPv4 80_542 2.9 days RU AS12389 77.40.2.250
    4. 4:IPv4 70_357 24 hours DE AS58329 31.214.157.36
    5. 5:IPv4 53_175 44 hours RU AS12389 77.40.80.123
    6. 6:IPv4 46_565 5.9 days SE AS2119/NO 85.224.174.245
    7. 7:IPv4 35_644 5.3 days RU AS12389 77.40.102.45
    8. 8:IPv4 34_417 2.7 days CZ AS399471/US 212.192.246.215
    9. 9:IPv4 29_729 24 hours KR AS17858 125.251.116.4
    10. 10:IPv4 29_158 23 hours TW AS4780 123.204.7.19
    20. 20:IPv4 18_687 24 hours US AS15169 209.85.220.41
    https://dnswl.org/s/?s=209.85.220.41 Trust=none google.com
    33. 33:IPv4 12_516 25 hours US AS15169 209.85.220.65
    https://dnswl.org/s/?s=209.85.220.65 Trust=none google.com
    74. 1:IPv6 6_184 23 hours FR AS16276 2001:41d0:8:c5b3:0:0:0:0
    202. 200:IPv4 2_217 - - -
    1_236_832 - - *

    #### Entries and reports count by AS
    #### [Top-AS: Top 10 ASes + listed in Top-IP]
    #No. Reports AS_name_and_country
    1. AS12389 22 536_108 ROSTELECOM-AS, RU
    [Top-IP:1,2,3,5,7]
    2. AS10429 35 199_676 TELEFONICA BRASIL S.A, BR
    3. AS58329 1 70_357 RACKPLACE, DE
    [Top-IP:4]
    4. AS399471 2 50_931 AS-SERVERION, US
    [Top-IP:8]
    5. AS2119 2 50_390 TELENOR-NEXTEL Telenor Norge AS, NO
    [Top-IP:6]
    6. AS45382 4 35_117 EHOSTIDC-AS-KR EHOSTICT, KR
    7. AS8075 3 34_805 MICROSOFT-CORP-MSN-AS-BLOCK, US
    8. AS35900 2 32_890 DIGI-BDS-ASN, BB
    9. AS15169 2 31_203 GOOGLE, US
    [Top-IP:20(dnswl-none),33(dnswl-none)]
    10. AS17858 1 29_729 POWERVIS-AS-KR LG POWERCOMM, KR
    [Top-IP:9]
    11. AS4780 1 29_158 SEEDNET Digital United Inc., TW
    [Top-IP:10]
    19. AS16276 3 20_733 OVH, FR
    [Top-IP:74(1:IPv6)]
    107. - 1 2_217 -
    * 123 758_877

    #### Entries and reports count by country
    #### [Top-Country: Top 5 countries + listed in Top-IP + listed in Top-AS]
    #No. Reports ASes_with_stats
    1. RU 36 655_437 AS12389(22:536_108) AS20485(1:25_888)
    AS31133(3:18_658) AS35401(1:16_566)
    AS198541(1:10_143) AS42610(1:7_805)
    AS50556(1:7_316) AS48371(1:6_906) AS8369(1:6_533)
    AS44812(1:6_151) AS210240(1:5_491) AS49551(1:4_131)
    AS42002(1:3_741)
    [Top-IP:1,2,3,5,7 + Top-AS:1]
    -. eu 27 338_951 DE(3:79_098) SE(4:65_937) CZ(3:63_724) BG(5:55_181)
    NL(3:29_033) FR(3:20_733) DK(2:10_330) AT(1:6_089)
    BE(1:3_881) RO(1:2_728) SI(1:2_217)
    [Top-IP:4,6,8,74(1:IPv6) + Top-AS:3]
    2. BR 46 243_777 AS10429(35:199_676) AS18881(1:9_181)
    AS28573(1:7_161) AS61591(2:6_583) AS17222(1:4_155)
    AS263648(1:3_981) AS16735(1:3_114) AS26599(1:2_638)
    AS8167(1:2_544) AS267538(1:2_514) AS269548(1:2_230)
    [Top-AS:2]
    3. US 19 176_064 AS399471(2:50_931) AS8075(3:34_805)
    AS15169(2:31_203) AS14061(2:16_662)
    AS7922(3:10_953) AS11272(1:6_660) AS11776(2:6_314)
    AS11427(1:5_170) AS33616(1:4_617) AS6128(1:4_416)
    AS19108(1:4_333)
    [Top-IP:8,20(dnswl-none),33(dnswl-none) + Top-AS:4,
    7,9]
    4. DE 3 79_098 AS58329(1:70_357) AS3320(1:5_369) AS51167(1:3_372)
    [Top-IP:4 + Top-AS:3]
    5. KR 8 75_173 AS45382(4:35_117) AS17858(1:29_729)
    AS4766(3:10_327)
    [Top-IP:9 + Top-AS:6,10]
    6. SE 4 65_937 AS2119/NO(2:50_390) AS45011(1:10_254)
    AS39651(1:5_293)
    [Top-IP:6]
    7. CZ 3 63_724 AS399471/US(1:34_417) AS25248(1:25_889)
    AS197846(1:3_418)
    [Top-IP:8]
    9. NO 2 50_390 AS2119(2:50_390)
    [Top-IP:6 + Top-AS:5]
    11. TW 3 38_889 AS4780(1:29_158) AS131584(1:5_847) AS3462(1:3_884)
    [Top-IP:10]
    13. BB 2 32_890 AS35900(2:32_890)
    [Top-AS:8]
    19. FR 3 20_733 AS16276(3:20_733)
    [Top-IP:74(1:IPv6)]
    49. - 1 2_217 -

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to A. Filip on Fri Jan 14 17:47:12 2022
    In article <anfi+2022-01-14-e08bd34442a055f157a99325@wp.eu>, A. Filip <> wrote: >Spamcop.net Top200 source: https://www.spamcop.net/hoshame.shtml
    IPv4 reports for the week ending 2022-01-14T06:30:22+00:00
    IPv6 reports for the week ending 2022-01-14T06:30:25+00:00
    IP address to country and ASN mapping by whois.cymru.com
    Stats generated for 200 IPv4 addresses and 2 IPv6 adresses
    Cutoff at Spamcop.net 200:IPv4 : 2217 reports
    Spamcop.net 1:IPv6 : 6184 reports

    #### Top entries with reports count
    #### [Top-IP: Top 10 IPv4&IPv6 + Top 1 IPv6 + DNSWL listed]
    #No. Reports Age AS IP_Address
    1. 1:IPv4 121_404 2.9 days RU AS12389 77.40.78.189
    2. 2:IPv4 104_764 4.1 days RU AS12389 77.40.62.30
    3. 3:IPv4 80_542 2.9 days RU AS12389 77.40.2.250
    4. 4:IPv4 70_357 24 hours DE AS58329 31.214.157.36
    5. 5:IPv4 53_175 44 hours RU AS12389 77.40.80.123
    6. 6:IPv4 46_565 5.9 days SE AS2119/NO 85.224.174.245
    7. 7:IPv4 35_644 5.3 days RU AS12389 77.40.102.45
    8. 8:IPv4 34_417 2.7 days CZ AS399471/US 212.192.246.215
    9. 9:IPv4 29_729 24 hours KR AS17858 125.251.116.4
    10. 10:IPv4 29_158 23 hours TW AS4780 123.204.7.19
    20. 20:IPv4 18_687 24 hours US AS15169 209.85.220.41
    https://dnswl.org/s/?s=209.85.220.41 Trust=none google.com
    33. 33:IPv4 12_516 25 hours US AS15169 209.85.220.65
    https://dnswl.org/s/?s=209.85.220.65 Trust=none google.com
    74. 1:IPv6 6_184 23 hours FR AS16276 2001:41d0:8:c5b3:0:0:0:0
    202. 200:IPv4 2_217 - - -
    1_236_832 - - *

    #### Entries and reports count by AS
    #### [Top-AS: Top 10 ASes + listed in Top-IP]
    #No. Reports AS_name_and_country
    1. AS12389 22 536_108 ROSTELECOM-AS, RU
    [Top-IP:1,2,3,5,7]
    2. AS10429 35 199_676 TELEFONICA BRASIL S.A, BR
    3. AS58329 1 70_357 RACKPLACE, DE
    [Top-IP:4]
    4. AS399471 2 50_931 AS-SERVERION, US
    [Top-IP:8]
    5. AS2119 2 50_390 TELENOR-NEXTEL Telenor Norge AS, NO
    [Top-IP:6]
    6. AS45382 4 35_117 EHOSTIDC-AS-KR EHOSTICT, KR
    7. AS8075 3 34_805 MICROSOFT-CORP-MSN-AS-BLOCK, US
    8. AS35900 2 32_890 DIGI-BDS-ASN, BB
    9. AS15169 2 31_203 GOOGLE, US
    [Top-IP:20(dnswl-none),33(dnswl-none)]
    10. AS17858 1 29_729 POWERVIS-AS-KR LG POWERCOMM, KR
    [Top-IP:9]
    11. AS4780 1 29_158 SEEDNET Digital United Inc., TW
    [Top-IP:10]
    19. AS16276 3 20_733 OVH, FR
    [Top-IP:74(1:IPv6)]
    107. - 1 2_217 -
    * 123 758_877

    #### Entries and reports count by country
    #### [Top-Country: Top 5 countries + listed in Top-IP + listed in Top-AS] >#No. Reports ASes_with_stats
    1. RU 36 655_437 AS12389(22:536_108) AS20485(1:25_888)
    AS31133(3:18_658) AS35401(1:16_566)
    AS198541(1:10_143) AS42610(1:7_805)
    AS50556(1:7_316) AS48371(1:6_906) AS8369(1:6_533)
    AS44812(1:6_151) AS210240(1:5_491) AS49551(1:4_131)
    AS42002(1:3_741)
    [Top-IP:1,2,3,5,7 + Top-AS:1]
    -. eu 27 338_951 DE(3:79_098) SE(4:65_937) CZ(3:63_724) BG(5:55_181)
    NL(3:29_033) FR(3:20_733) DK(2:10_330) AT(1:6_089)
    BE(1:3_881) RO(1:2_728) SI(1:2_217)
    [Top-IP:4,6,8,74(1:IPv6) + Top-AS:3]
    2. BR 46 243_777 AS10429(35:199_676) AS18881(1:9_181)
    AS28573(1:7_161) AS61591(2:6_583) AS17222(1:4_155)
    AS263648(1:3_981) AS16735(1:3_114) AS26599(1:2_638)
    AS8167(1:2_544) AS267538(1:2_514) AS269548(1:2_230)
    [Top-AS:2]
    3. US 19 176_064 AS399471(2:50_931) AS8075(3:34_805)
    AS15169(2:31_203) AS14061(2:16_662)
    AS7922(3:10_953) AS11272(1:6_660) AS11776(2:6_314)
    AS11427(1:5_170) AS33616(1:4_617) AS6128(1:4_416)
    AS19108(1:4_333)
    [Top-IP:8,20(dnswl-none),33(dnswl-none) + Top-AS:4,
    7,9]
    4. DE 3 79_098 AS58329(1:70_357) AS3320(1:5_369) AS51167(1:3_372)
    [Top-IP:4 + Top-AS:3]
    5. KR 8 75_173 AS45382(4:35_117) AS17858(1:29_729)
    AS4766(3:10_327)
    [Top-IP:9 + Top-AS:6,10]
    6. SE 4 65_937 AS2119/NO(2:50_390) AS45011(1:10_254)
    AS39651(1:5_293)
    [Top-IP:6]
    7. CZ 3 63_724 AS399471/US(1:34_417) AS25248(1:25_889)
    AS197846(1:3_418)
    [Top-IP:8]
    9. NO 2 50_390 AS2119(2:50_390)
    [Top-IP:6 + Top-AS:5]
    11. TW 3 38_889 AS4780(1:29_158) AS131584(1:5_847) AS3462(1:3_884)
    [Top-IP:10]
    13. BB 2 32_890 AS35900(2:32_890)
    [Top-AS:8]
    19. FR 3 20_733 AS16276(3:20_733)
    [Top-IP:74(1:IPv6)]
    49. - 1 2_217 -

    Damn Russians! Damn Google!
    --
    Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
    Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
    Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Birthdate 29 Jan 1969 Redhill Surrey England Beware https://mindspring.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrzej Adam Filip@21:1/5 to The Doctor on Fri Jan 14 18:15:38 2022
    doctor@doctor.nl2k.ab.ca (The Doctor) wrote:
    […]
    Damn Russians! Damn Google!

    Google spam makes most of spam passing to my mailboxes (on mail servers
    not under my control/administration).

    --
    A. Filip

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sam@21:1/5 to Andrzej Adam Filip on Sun Jan 16 16:17:35 2022
    This is a MIME GnuPG-signed message. If you see this text, it means that
    your E-mail or Usenet software does not support MIME signed messages.
    The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards.

    Andrzej Adam Filip writes:

    doctor@doctor.nl2k.ab.ca (The Doctor) wrote:
    […]
    Damn Russians! Damn Google!

    Google spam makes most of spam passing to my mailboxes (on mail servers
    not under my control/administration).

    Google spam started about 2-3 months ago. It looks like there's now spamware that uses either a virtual machine or a browser plugin to script spamming
    via Gmail.

    Everyone accepts mail from Gmail. This makes Gmail a very attractive spam injection source. I would expected the rocket scientists at Google to figure out how to detect and neutralize the spambots that are spewing stuff via Gmail's UI. I wouldn't think that it's brain surgery to say, hey, this account shouldn't be able to send more than three messages per second, if it does, drop all of its outbound mail on the floor.

    One thing that does work, very well, is verification callbacks. Once
    the spew starts the spewing address gets quickly rate-limited by all the bounces. From my mail logs:

    <micheallopez1954@gmail.com>
    530-5.2.1 The user you are trying to contact is receiving mail at a rate that
    530-5.2.1 prevents additional messages from being delivered. For more
    530-5.2.1 information, please visit https://support.google.com/mail/?p=ReceivingRatePerm h19si3971588qkj.178 - gsmtp
    530 <micheallopez1954@gmail.com> verification failed.

    I estimate that this stops about 95% of the Google spam.


    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEMWrVnbBKLOeG9ifkazpiviedvyUFAmHki28ACgkQazpivied vyVF6Q/6ApEjDMbijDRzfByenyDdyivFM/ZYUQZuTjSqxaHFKCFsCTO286GhCvj7 N45R6nDxUB1GrfmOw5/NKeTW7BgGpFfr7o1zCxLs3Sxb4osmdI6h/enIwcYhr4Iz /DIUE98Fg9zAVn8vzwd1+t2k0QeCegy9Yjw33182HRB5z2LXzHeswjdzeiXewO/i O1Ofj8HhInm88Zg7I+w7pBJY14sXpNqbBygS2bOMAAPgWMoKfl5Ea15FGnGi/zOc Heqqn8dOfS/xYM6pGhJD+tNM8Gpgn2o9akhJFQtqO6vBx9UF5M+lCSZsN++Z0r0R GDfDYwJ1rdqeggcm3SN9/KNuxL0LP/krkW5CwzleFcgwpG/JO4mmgFBgHNTrmYp1 BFc53HTv6FweLiS4DLvtqwV9wHMKwSaoQaQUdloy2oq+pQ6Fj4rBsX43V+sk7360 qyJAvGDFYJ4XGcoaWj+UYIOtXrB+thBkq6tmS2YAWLP1mX2irm5PdnYtJ+Y8vgVJ oqU2+mIV8SF2E0OCsqIx1oLhCx660wU8h7r9ihVCc+h9CGJPZk/lBQSQliA9mx24 0b498+OsrNzxvc/Bi9E46FZZVQUKv0FabyG63BW/PySlwoue3DZ3GCy8depEnE/4 Wv9hjfrWuATOAc+vFKZCWgnHviNqCoew+rIsQRMThlEq62GulS8=
    =fuBA
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)