Persistent Abuse Hosts
Since they keep piling up, I have decided to compile a list of the most persistent spam hosts I have encountered. There is practically only malicious traffic coming from those IP ranges, so they warrant being blocked completely.
This isn’t the most elegant way to go about it but what can you do when some hosts just appear to exist to send junk email, run malicious scripts and the abuse mailbox is always full or non-responding? Many times it’s a proper hosting company or internet provider that’s unable to cope with abuse. Anyway, usually it’s not worth the trouble to try to deal with single IPs in certain ranges. Most servers should not have any business looking at your server in the first place.
Interestingly enough, since blocking the hosts below, spam ingress and abuse has decreased exponentially.
Update: Since IP addresses and ranges change frequently, I have switched the list format to AS numbers. To get the CIDR list for any of the ASNs, just query RADb:
whois -h whois.radb.net -- "-i origin $ASN" | grep '^route:' | awk '{print $2}'
whois -h whois.radb.net -- "-i origin $ASN" | grep '^route6:' | awk '{print $2}'
###############################################################################
##
## Persistent Abuse Hosts
## Last Update: 2020-02-15
##
###############################################################################
AS4837
AS6147
AS7552
AS7713
AS9299
AS10569
AS12389
AS12683
AS12876
AS14061
AS16276
AS16578
AS17974
AS22769
AS22860
AS23969
AS24560
AS24940
AS25106
AS26496
AS26665
AS28006
AS29262
AS37170
AS37236
AS37269
AS37963
AS38731
AS42549
AS45629
AS45758
AS46573
AS57043
AS60721
AS63949
AS131090
AS131353
AS131392
AS135918
AS206485
AS208346
AS209298
AS262210
AS327804