Top attacker IP not flagged at IPVOID!

This certainly is a top attacker IP: 128.68.86.93.
We will find it at ThreatSTOP flagged last 19 hrs ago under Russia, Eastern Europe, ITAR with danger level 1.
Nothing here: http://www.ipvoid.com/scan/128.68.86.93/
Nothing here: http://urlquery.net/report.php?id=9446224
See what is going on from that AS: http://sitevet.com/db/asn/AS8402
badware, current events and spam activity
SOA problems → http://dnscheck.sidn.nl/?time=1392477088&id=1735994&view=basic&test=standard
Reverse for 213.234.192.3 direct to an unknow n host name (-trumpet.post.ru) → http://ipduh.com/dns/?trumpet.post.ru
Reverse adres voor 2a00:18c0:1:3:0:0:0:201 (1.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.1.0.0.0.0.c.8.1.0.0.a.2.ip6.arpa.) has not been found.
Reverse adres voor 2a00:18c0:1:0:0:0:0:201 (1.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.c.8.1.0.0.a.2.ip6.arpa.) not found.
For trunpet dot post dot org → http://www.ipaddresse.com/213.234.192.3
Oooops 213.234.192.3 is currently listed in APEWS :frowning:
Entry matching your Query: E-247460
213.234.192.0/18
CASE: C-312
AS8402 RU, ISP permits abuse and/or ignores criminal activity
History:
Entry created 2007-07-07 also flagged at ThreatSTOP
OA serial number is: 1376636704. This does not appears to be in the recommended format of YYYYMMDDnn.
Reverse entries for MX records: http://www.dnsinspect.com/corbina.net

polonus

IP is Blacklisted here pbl.spamhaus.org / zen.spamhaus.org / dyn.shlink.org

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

OK, Pondus,

But why are they allowed to continue their manipulative activities and are not alerted elsewhere? These are the top 5 attacker IPs,
see: http://www.nothink.org/honeypots.php
Same as with the afraid dot org anomalies, now all blocked by avast! but no-one else,
and then later we get the affected or malcreants blabbering here: “Why you block us with your false positives”.
Is this just because others close their eyes to is.

The only reliable IP checking resources I recently am aware of is ThreatSTOP and APEWS dot org .
IPVOID is just missing too much out, even while it is a fat big meta-scanner. Here it has blind eyes!
The occasional DNS check could bring much more intentional misconfigurations out
http://dnscheck.sidn.nl/http://ipduh.com/dns/?trumpet.post.ru
This recent DNS manipulation for criminal activities is terra icognita for the larger part.

polonus

Now let us check on this one: http://203.68.0.55/~ipaudit/cgi-bin/SearchIpauditData?date=2014-02-16-01:30&ip=123.127.175.015&sort=0
Since 2011 → CASE: C-175 AS4808 CN, ISP permits abuse and/or ignores criminal activity
See: http://log.onoh.info/fw?123.127.175.15https://it.library.uaf.edu/xymon-cgi/svcstatus.sh?CLIENT=dev.library.uaf.edu&SECTION=msgs:/var/log/messages
Liste des attaques: http://greensnow.co/view/123.127.175.15#listeAttaques *
And here we go again: http://www.ipvoid.com/scan/123.127.175.15/
IPVoid is blind on one and a half eye ;D

Damian

listed here dnsbl.justspam.org and here dnsbl-1.uceprotect.net

What does it mean to be listed at the UCEPROTECT-Level 1? It means abusive activity was seen from IP 123.127.175.15 directly within the last 7 days.

Concrete allegation:
Portscans or hacking attempts were seen against an UCEPROTECT-System from IP 123.127.175.15.