<div dir="ltr">I wrote one of the articles about Quasi Networks you mentioned.  You can see how "professional" they are in my most recent encounter with them: <a href="https://badpackets.net/quasi-networks-responds-as-we-witness-the-death-of-the-master-needler-80-82-65-66-for-now/">https://badpackets.net/quasi-networks-responds-as-we-witness-the-death-of-the-master-needler-80-82-65-66-for-now/</a><div><br></div><div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><p><font face="Arial, sans-serif"><span style="font-size:13.3333px">__</span></font></p><p><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Troy
Mursch</span></b><br></p>

<p><font face="Arial, sans-serif"><span style="font-size:13.3333px"><b><i>Information Security Analyst</i></b></span></font><br></p>

<p><a href="https://badpackets.net/" target="_blank"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue">Bad Packets Report</span></a><span style="font-size:10.0pt;font-family:"Arial","sans-serif""></span></p>

<p><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="mailto:troy@wolvtech.com" target="_blank">troy@wolvtech.com</a></span></p>

<p><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(702)
509-1248</span></p></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Jul 21, 2017 at 2:58 AM, Sergey <span dir="ltr"><<a href="mailto:gforgx@fotontel.ru" target="_blank">gforgx@fotontel.ru</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <p>Hi,</p>
    <p>It seems to be a really long story and it's strange they're not
      listed for instance in Spamhaus DROP.</p>
    <p>I think this can only be resolved by RIPE NCC because both of its
      upstreams (AS3216 and AS12714) are huge Russian transit ISPs which
      would most likely be reluctant or maybe even resistant to abuse
      reports.<br>
    </p>
    <p><br>
    </p>
    I'm not saying it's not up to RIPE NCC at all (it is) but I think it
    should be first addressed to their upstreams which according to BGP
    table are: AS3216 and AS12714, and also they're seen on AMS-IX. But
    I don't actually feel like Beeline and NetByNet (huge Russian
    transit ISPs) will do anything on this. <br>
    <br>
    <div class="m_8421266433704265245moz-cite-prefix">On 07/21/17 12:09, <a class="m_8421266433704265245moz-txt-link-abbreviated" href="mailto:phishing@storey.xxx" target="_blank">phishing@storey.xxx</a>
      wrote:<br>
    </div>
    <blockquote type="cite"><span style="font-family:Verdana;color:#000;font-size:12pt">
        <div>hello,</div>
        <div><br>
        </div>
        <div>I have been referred to this mailing list by the Reg Review
          account.</div>
        <div><br>
        </div>
        <div>I am writing about the current situation with "Quasi
          Networks", AS29073 .</div>
        <div><br>
        </div>
        <div>This AS is run by a criminal front:</div>
        <div><br>
        </div>
        <div><a href="https://justinpineda.com/2011/04/30/understanding-ecatel" target="_blank">https://justinpineda.com/2011/<wbr>04/30/understanding-ecatel</a>/</div>
        <div><br>
        </div>
        <div><i>"The Ecatel Network is part of the Russian Business
            Network (RBN) which is known for cybercrime activities since
            2007."</i></div>
        <div><br>
        </div>
        <div>It is completely unaccountable and has been engaging in
          endless cyber crime activities for a number of years:<br>
        </div>
        <div><br>
        </div>
        <div><a href="https://www.infosecurity-magazine.com/news/us-russia-are-top-cyber-threat-hosts" target="_blank">https://www.infosecurity-<wbr>magazine.com/news/us-russia-<wbr>are-top-cyber-threat-hosts</a>/</div>
        <div><br>
        </div>
        <div><i>"In the first quarter of 2013, the worst host overall
            was found to be Ecatel Network in the Netherlands, which,
            while hosting only 13,000 IPs, still manages to host more
            than it's fair share of malicious content. “This quarter we
            see the return of Dutch hosting provider Ecatel to the No. 1
            rank, having held the position at various times in the
            past,” Host Exploit said. “Ecatel does not top the rankings
            for any particular category of activity, but rather for a
            consistently poor showing across the board.” Botnets in
            particular seem to like the Dutch provider."</i></div>
        <div><br>
        </div>
        <div>Persistant emails to them are ignored:</div>
        <div><br>
        </div>
        <div><a href="https://badpackets.net/a-conversation-with-ripe-ncc-regarding-quasi-networks-ltd" target="_blank">https://badpackets.net/a-<wbr>conversation-with-ripe-ncc-<wbr>regarding-quasi-networks-ltd</a>/</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>and due to the absence of an accountability mechanism in
          RIPE policy, they continue:</div>
        <div><br>
        </div>
        <div><a href="https://www.lowendtalk.com/discussion/70172/ecatel-ltd-quasi-networks-ltd-ibc" target="_blank">https://www.lowendtalk.com/<wbr>discussion/70172/ecatel-ltd-<wbr>quasi-networks-ltd-ibc</a></div>
        <div><br>
        </div>
        <div><a href="https://blogs.cisco.com/security/massive-increase-in-reconnaissance-activity-precursor-to-attack" target="_blank">https://blogs.cisco.com/<wbr>security/massive-increase-in-<wbr>reconnaissance-activity-<wbr>precursor-to-attack</a></div>
        <div><br>
        </div>
        <div><a href="http://www.webhostingtalk.com/showthread.php?t=1182576" target="_blank">http://www.webhostingtalk.com/<wbr>showthread.php?t=1182576</a></div>
        <div><br>
        </div>
        <div><a href="https://justinpineda.com/2011/04/30/understanding-ecatel" target="_blank">https://justinpineda.com/2011/<wbr>04/30/understanding-ecatel</a>/<br>
        </div>
        <div><br>
        </div>
        <div>Can you introduce a mechanism that ensures that rogue
          operators like this network are disassembled.</div>
        <div><br>
        </div>
        <div>The current situation is ridiculous! Although I understand
          there are costs associated with monitoring such complaints,
          the current situation cannot continue for ever.</div>
        <div><br>
        </div>
        <div>Also, the address used by the AS is a bogus "Seychelles"
          address and they obviously do not operate out of Seychelles.</div>
        <div><br>
        </div>
        <div>I have suggested to Reg Review that manual dispatching of a
          paper letter based code to the nominated address be necessary
          to activate assigned IP addresses ("Two factor
          authentication").</div>
        <div><br>
        </div>
        <div>They indicate that this would create to much of a burden on
          your organisation, but the current situation of rogue
          criminals using false addresses and then RIPE relying on
          random people to notify RIPE (and then ignore their request!)
          needs to be addressed.</div>
        <div><br>
        </div>
        <div>-----<span class="HOEnZb"><font color="#888888"><br>
        </font></span></div><span class="HOEnZb"><font color="#888888">
      </font></span></span><span class="HOEnZb"><font color="#888888">
    </font></span></blockquote><span class="HOEnZb"><font color="#888888">
    <br>
    <div class="m_8421266433704265245moz-signature">-- <br>
      Kind regards,<br>
      CTO at<br>
      <b>Foton Telecom CJSC</b><br>
      Tel.: <a href="tel:+7%20499%20679-99-99" value="+74996799999" target="_blank">+7 (499) 679-99-99</a><br>
      AS42861 on <a href="http://as42861.peeringdb.com/" target="_blank">PeeringDB</a>,
      <a href="https://radar.qrator.net/as42861" target="_blank">Qrator</a>, <a href="http://bgp.he.net/AS42861" target="_blank">BGP.HE.NET</a><br>
    </div>
  </font></span></div>

</blockquote></div><br></div>