Spamhaus under DDOS from AnonOps (

foks lists at
Sun Dec 19 15:19:31 CST 2010

On 12/19/2010 08:33 PM, Ned Moran wrote:
> additional evidence
> On Sun, Dec 19, 2010 at 2:25 PM, Rich Kulawiec <rsk at> wrote:
>> On Sun, Dec 19, 2010 at 12:46:33PM -0600, Frank Bulk - wrote:
>>> While I tend to trust Steve and Spamhaus because of their built up
>>> reputation, it would be helpful if some concrete facts were published
>> about
>>> the "more than 40 criminal-run sites operating on the same IP address as
>>>, including,,,
>> and
>>> bank phishes and"
>> I found this:
>> (as well as the SBL records those reference) quite interesting.
>> ---rsk

The evidence is for Webalta, which hosts Heihachi (which hosts I spent some minutes checking Heihachis IP block –

I found 255 .com/.net domains which use this IP block and Heihachis DNS
servers. Google reports that none of them is used to serve malware. Two
of them, and, are reported as
phishing sites. Both are down at the moment. reports
4 addresses on this IP block, all seems to be up.
reports 3 addresses on This site is not
online at the moment.

If Heihachi hasn't cleaned up very good the last days I would say that
they behave much better than Webaltas customers in general.

More information about the NANOG mailing list