AS25129 (89.187.32.0/19) features a lot of refugees from another evil network, Najada. There’s nothing of value in this netblock, sites seem to feature illegal software, fake anti-virus, criminal support infrastructure, fake pharma sites and phishing.
The IP range is allocated to:
inetnum: 89.187.52.0 – 89.187.55.255
netname: MD-ISP-MONITORING
remarks: INFRA-AW
descr:
View full post on Dynamoo’s Blog
Related Posts
- Evil network: Leksim Ltd / RELNET-NET AS5577 (62.122.72.0/21)
Implicated in malware distribution, botnet C&Cs and spam, the network range 62.122.72.0/21 (62.122.72.0 - 62.122.79.255) is currently quite active in evil activities (you can find exampl... - Evil network: Asociatia Family Network Connections / FAMILY-NETWORK AS49253 (95.64.110.0/23)
Asociatia Family Network Connections / FAMILY-NETWORK is a Romanian network, and their AS49253 netblock seems to have suddenly turned evil. The SiteVet report for this AS shows a sudden increase in ... - Evil network: Informex / INFORMEX-NET AS20564 (193.178.172.0/24)
Informex on AS20564 (193.178.172.0/24) is a Ukranian operation implicated in a lot of bad things including banking trojans. SiteVet.com fingers this as the 27th worst network on the net, and links ... - Evil network: Alex Gorbunov / GORBY-VPN-NET AS51303 (195.226.197.0/24)
A small but nasty netblock hosting ZeuS C&C servers and Phoenix exploit kit attacks, GORBY-VPN-NET (registered to an Alex Gorbunov) seems to have no legitimate sites at all. There aren't a lot of site... - Evil network: Donstroy Ltd AS29557 (194.8.250.0/23)
Another network worth blocking, Donstroy Ltd appears to be a Latvia entity hosting in Moldova, closely affiliate with Sagade Ltd who are one of the most scummy networks around at the moment. The WHOI... - Evil network: Specialist Ltd / Specialist-ISP-PI2 AS48691(194.28.112.0/22)
Specialist Ltd is a fairly large netblock containing a small number of very bad hosts and nothing else. Registered to a company in Moldova, Specialist looks like another part of the Latvia / Moldovan ... - Evil network: VLine Ltd / VLINERU2-NET AS39150 (109.196.128.0/20)
A malware run in progress today using the arestyute.com domain made me look at VLine Ltd, a Moscow based host well-known for supporting criminal activities. The question is.. does VLine actually host ... - Evil network: MAXHOSTING Services / GlobalNET Bosnia (AS42560 / 77.78.239.0/23)
Back in May they were called Maximus Hosting Services but I guess it's always embarrassing when you're not number on in Google for your own name.. so now this outfit from Russia appears to be calling... - Evil network: MAXHOSTING Services, kfppp.com and the BBC Radio 3 compromise
MAXHOSTING are a fairly prolific evil network that I profiled last month, so it isn't a huge surprise to see that the evilness continues as normal. But one thing that made MAXHOSTING stand out today ... - Evil network: Sagade Ltd / ATECH-SAGADE AS6851 (85.234.190.0/23)
I've mentioned Sagade Ltd before, it's a totally Black Hat Latvian network that should be blocked on sight. Google's Safe Browsing diagnostic for this range is fairly damning: Has this site acted as ...
