Sponsored by..

Thursday, 23 July 2009

"Real Host Ltd" is a real sewer

"Real Host Ltd" occupies 256 IP addresses in the 213.182.197.* range, hosted in Latvia in an address space apparently leased from Junik Ltd.

The netblock registration details claim to belong to an address in Kazakhstan:

person: Alex Spiridonov
address: Kazakhstan, Almaty , Abay street 2a
abuse-mailbox: abusemailhost@gmail.com
phone: + 87771697576
nic-hdl: SA5926-RIPE
source: RIPE # Filtered

This block is of interest because out of hundreds of web sites hosted, there appear to be none at all which are legitimate. And out of all of these, Hit-senders.cn is one of the most interesting because it is currently being used for a zero day Flash/PDF exploit. Many domains are registered to Michell.Gregory2009@yahoo.com who has featured on this blog many times before.

Some other interesting domains are Cashspyware.com, Botnet.su and Iframepartners.com which are pretty much openly operating as black hat sites.

All of these sites are either fraudulent, dangerous to visit or both - so if you receive an email or link pointing to them, leave well alone!

213.182.197.10
Vkontalcte.ru, Private Person, admin@0neway.ru

213.182.197.11
Index683.com, Registration suspended
Presentsdelivery.com, Private Person, abuseemaildhcp@gmail.com

213.182.197.12
Barmatuxa.info, Brad Higginbotham, EmersonDuffyZP@gmail.com
Bombim.cn, KuserElizabeth, eakuser@yahoo.com
Decine.cn, realmaria teresa, popeskusin@yahoo.com

213.182.197.13
0neway.ru, Private Person, onewayru@ya.ru
2todays.com, PrivacyProtect.org
2trades.com, alan pakerson, apakerson@googlemail.com
Adulttopvids.info, Lorraine Hoguseir / LueMettterTeam, lorrainefactr@gmail.com
Caffemax.com, Private Person, abuseemaildhcp@gmail.com
Clicksvideo.com, PrivacyProtect.org
Cutietubeee.com, Mark Cristy, evilinside99@gmail.com
Dasper.ru, Sergey V Levitskiy, levitcky@gmail.com
Dataartsoft.com, John A Backham , igusow@gmail.com
Dslcaffe.com, Private Person, abuseemaildhcp@gmail.com
Freegirla.com, PrivacyProtect.org
Fucksexadult.com, PrivacyProtect.org
Gauleyriverraftinginfo.com, Gordon Freeman, evilinside20@gmail.com
Googep.com, PrivacyProtect.org
Homemadez.com, PrivacyProtect.org
Informatoion.com, Tamara Polishuk, kenylotus@yahoo.com
Insky.biz, PrivacyProtect.org
Koka-tube.info, Budulay Romale, budulay_romale@inbox.ru
Linktovideo.com, PrivacyProtect.org
Mac-videos.com, PrivacyProtect.org
Major-don.com, Carl Lee, levitraviagrashop@rambler.ru
Masstrade.us, Yuri, sypiboryrecinih15976@gmail.com
Myspnace.com, PrivacyProtect.org
Odnoklassniki-and-you.ru, Private Person, newlive09@yandex.ru
Online-defence.cn, GuferDerek, asyonurubu@gmail.com
Onlylo.com, PrivacyProtect.org
Photovideox.com, PrivacyProtect.org
Playtstation.com, PrivacyProtect.org
Pornsamateur.com, PrivacyProtect.org
Serialtxt.com, Breitenbach Margery, breitenbach621@yahoo.com
Sexlevitra.com, Carl Lee, levitraviagrashop@rambler.ru
Sexmamba.com, Igor Bogdanov, Igor
Singleslady.com, Registration suspended
Soundrugs.ru, Private Person, workalliance@mail.ru
Tdssim.com, Djon Digan, major.leva@yahoo.com
Thehat.net, Carl Padilla, thehatnkm@gmail.com
Tube84.com, PrivacyProtect.org
Tubeee.com, Whois Privacy Protection Service
Viagrabe.com, PrivacyProtect.org
Video-tube-online.info, Budulay Romale, budulay_romale@inbox.ru
Videomoviex.com, PrivacyProtect.org
Videos-movie.com, PrivacyProtect.org
Vipbabes.com.ua, Андрей Дехтяренко / Andrei Dehtyareno, may-vit@bk.ru
Virgin-x.com, PrivacyProtect.org
Wikjipedia.com, Tamara Polishuk, kenylotus@yahoo.com
Worldtube.su, Private Person, novikov_ds@bk.ru
Xtubex.org, konstantin ololo, scaryscream@gmail.com
Yesey.net, Bob AKKAWA, akkawa@gmail.com
Yhxoo.com, PrivacyProtect.org
Yourko.com, PrivacyProtect.org
Youtube19.com, PrivacyProtect.org
Youviewx.com, Dedinan Galena, galendediweb78@yahoo.com

213.182.197.14
Cashspyware.com, N/A, faloimitator@list.ru
Casinousa.cn, LucasSteven / Cehhost, steven_lucas_2000@yahoo.com
Hostnsload.cn, LucasSteven, steven_lucas_2000@yahoo.com
Iframepartners.com, Chen Poon, chen.poon1732646@yahoo.com
Megavipsite.cn, LucasSteven, steven_lucas_2000@yahoo.com
Sitewebsupport.com, Michell, Michell.Gregory2009@yahoo.com

213.182.197.20
Best-casinox.com, MyPrivateRegistration.com
Best-prices-pharma.com, Igor Durov, larsontomas@gmail.com
Best-prices-pharmacy.net, Oleg Demin, premiumwebart@gmail.com
Causas-de-impotencia.com, Private Person, premiumwebart@gmail.com
Causas-de-impotencia.net, Private Person, premiumwebart@gmail.com
Css-csript.cn, IveevPlansky / SerjCOm, ru@rupoisk.in
Dns-lv9720.com, Michell, Michell.Gregory2009@yahoo.com
Druggs.net, MyPrivateRegistration.com
Druggsonline.com, MyPrivateRegistration.com
Drugsbrokerpharma.com, Oleg Demin, premiumwebart@gmail.com
Edproductos-en-espana.com, Grigory Panin, gragorybland@gmail.com
Erosuka.ru, Private Person, callpartners@gmail.com
Farmacia-venta-on-line.com, Private Person, premiumwebart@gmail.com
Fly-pro.net, MyPrivateRegistration.com
Herbal-impotencecure.com, Oleg Demin, premiumwebart@gmail.com
Hzone66.cn, MichellGregory, Michell.Gregory2009@yahoo.com
Impotence-natural-cure.com, Oleg Demin, premiumwebart@gmail.com
Kamagra-tratamiento-impotencia.com, Mark Nefidov, markglan1@gmail.com
Lkll.net, Damir Stolbische, damirmuh@gmail.com
Marcusmed.com, Steven Lucas, steven_lucas_2000@yahoo.com
Medicamentosgenericosonline.com, Grigory Panin, gragorybland@gmail.com
Microsoftprogram.cn, IveevPlansky / SerjCOm, ru@rupoisk.in
Onlinemedicamentosgenericos.com, Grigory Panin, gragorybland@gmail.com
Pharmacy-drugs-broker.com, Oleg Demin, premiumwebart@gmail.com
Pharmacy-drugsbroker.com, Oleg Demin, premiumwebart@gmail.com
Pharmacy-pills-rx.com, Igor Durov, larsontomas@gmail.com
Pharmacy-pillsrx.com, Igor Durov, larsontomas@gmail.com
Rx-onlinestore.com, Igor Durov, larsontomas@gmail.com
Rxtrustedtabs.net, Igor Durov, larsontomas@gmail.com
Smsgogo.cn, IveevPlansky / SerjCOm, ru@rupoisk.in
Superflyaccess.com, MyPrivateRegistration.com
Traffcount.cn, LucasSteven / steven_lucas_2000@yahoo.com
Treatment-online.com, Aprichev Igor, info@betting-profits.com
Trust-ed-tablets.com, Igor Durov, larsontomas@gmail.com
Tutuuuu.cn, IveevPlansky / SerjCOm, ru@rupoisk.in
Usa-pills-rx.com, Igor Durov, larsontomas@gmail.com
Vitofarmatratamientoimpotencia.com, Private Person, markglan1@gmail.com
Vkpleer.ru, Private Person, callpartners@gmail.com
Vybory2007.ru, Private Person, callpartners@gmail.com
Xxzonexx.com. Chen Poon, chen.poon1732646@yahoo.com
Yandex2.cn, IveevPlansky / SerjCOm, ru@rupoisk.in

213.182.197.227
Corbsc.com, Chen Poon, chen.poon1732646@yahoo.com
Co5v.cn, TiankaiCui, cuitiankai@googlemail.com

213.182.197.228
Chlenopopik.com, Denis Pupkin, pisssun2006@mail.ru

213.182.197.229
3ballslottery.com, Klan Jored, support@hosting-offshore.biz
44mm.ru, Private Person, mik58109117@ya.ru
Admins-mail.ru, Private Person, ivttyeivrdyl@yandex.ru
Andors.ru, Private Person, 10000002@mail.ru
Antighost.cn, null, dasidoruk@mail.ru
Avpro-labs.com, PrivacyProtect.org via Erdomain.com
Avtoresa.ru, Private Person, 10000002@mail.ru
Businessconsulting312.com, Nikolay Viktorovich Stepashin, businessconsulting312.com@hvosting.ua
Businesscoorptru.cn, Real Host, abuseemaildhcp@gmail.com
Comforttrade.biz, Klan Jored, support@hosting-offshore.biz
Dfds-seaways.biz, Klan Jored, support@hosting-offshore.biz [note, domain has been seized by the trademark holder]
Digitdbofmusic.org, Petr Karlov, dunkanmac3@mail.ru
Elita-online.ru, Private Person, votub@nm.ru
Fedion.ru, Private Person, 10000002@mail.ru
Firex-labz.com, SharedHSD, roomart2008@yandex.ru
Firsttimesite.us, Olah Istvan, olah.istvan.ny@gmail.com
Gbd-carrers.com, Aleksej Bagrov, deretx@rambler.ru
Gerdok.ru, Private Person, 10000002@mail.ru
Gnk-msk2.com, Alexey MIRKINO, 324635647@mail.ru
Isell.cc, Jhon Balsmen, ukmcuk@googlemail.com
Isellcc.com, Jhon Balsmen, ukmcuk@googlemail.com
Kalopes.ru, Private Person, 10000002@mail.ru
Kobash.ru, Private Person, 10000002@mail.ru
Kovero.ru, Private Person, 10000002@mail.ru
Leadingdelivery.com, WhoisPrivacyProtect.com
Leapdelivery.net, WhoisPrivacyProtect.com
Megatt.cn, LucasSteven, steven_lucas_2000@yahoo.com
Midlway.com, Real Host LTD, real2030@gmail.com
Molide.ru, Private Person, 10000002@mail.ru
Motile.ru, Private Person, 10000002@mail.ru
Mssys.net, Klan Jored, support@hosting-offshore.biz
Muhamed.cn, Caroline Krajka, caroline.krajka@gmail.com
Myeasyhosting.us, Olah Istvan, olah.istvan.ny@gmail.com
Newskyag.com, Robert Baker, robertbaker2110@yahoo.com
Obosraca.net, Nungoyanrgrr Pimdulya, cumo@mail.ru
Ru-r.ru, Anton A Baklanov, pinch18@rambler.ru
Slikons.ru, Private Person, 10000002@mail.ru
Smsvor.ru, Private Person, n.shahov@yandex.ru
Superioradz.info, Bryony, blaze_sanchez3@yahoo.com
Swegol.ru, Private Person, 10000002@mail.ru
Uni-tele-com.ru, Private Person, n.shahov@yandex.ru
Valebe.ru, Private Person, 10000002@mail.ru
Vkonlahte.ru, Private Person, eert@inbox.ru
Vkortakt.ru, Private Person, asfsdfgsg@yandex.ru
Waderos.ru, Private Person, 10000002@mail.ru
Webinst.ru, Private Person, 10000002@mail.ru
Wedikas.ru, Private Person, 10000002@mail.ru
Wedows.ru, Private Person, 10000002@mail.ru
Welcomeone.cn, LucasSteven, steven_lucas_2000@yahoo.com
Werobin.ru, Private Person, 10000002@mail.ru
Wetese.ru, Private Person, 10000002@mail.ru
Wldomen.com, Klan Jored, support@hosting-offshore.biz
Wogolot.ru, Private Person, 10000002@mail.ru
Xaker.cn, Real Host, abuseemaildhcp@gmail.com
Xxhackmail.ru, Private Person, 365346546@mail.ru
Xxvhost.com, Klan Jored, support@hosting-offshore.biz
Yes04ka.cn, Gregory, Michell.Gregory2009@yahoo.com
Yourgoogleanalytics.cn, Real Host, abuseemaildhcp@gmail.com
Yourgoogleanalytics.us, Olah Istvan, olah.istvan.ny@gmail.com


213.182.197.230
Benzonasoss.com, Aleksey Melnikov, mel1simkov@gmail.com
Csollw.com, Aleksey Melnikov, mel1simkov@gmail.com
Jlopi.com, Aleksey Melnikov, mel1simkov@gmail.com
Joltuiwater.com, Aleksey Melnikov, mel1simkov@gmail.com
Kartoshkachamp.com, Aleksey Melnikov, mel1simkov@gmail.com
Lipesr.com, Aleksey Melnikov, mel1simkov@gmail.com
Minfpafs.com, Aleksey Melnikov, mel1simkov@gmail.com
Nerkol.com, Aleksey Melnikov, mel1simkov@gmail.com
Updateserversoft.com, Chen Poon, chen.poon1732646@yahoo.com
Vizllp.com, Aleksey Melnikov, mel1simkov@gmail.com
Vmbs4.com, Aleksey Melnikov, mel1simkov@gmail.com
Werkp.com, Aleksey Melnikov, mel1simkov@gmail.com
Wherg.com, Aleksey Melnikov, mel1simkov@gmail.com

213.182.197.233
Banished.ru, Private Person, abuseemaildhcp@gmail.com
Bargian-hunt.com, Sean McCann, sean.mccann.1@hotmail.com
Pornonova.net, Anya Montague, gr4ndth3ft@hotmail.com
Proxyrent.cn, Chen Poon, chen.poon1732646@yahoo.com

213.182.197.234
Updategoogle.cn, Real Host LTD, abuseemaildhcp@gmail.com
Uppgoogle.cn, Real Host LTD, abuseemaildhcp@gmail.com

213.182.197.235
Aepi.ru, Private Person, polevweb@gmail.com
Evamedstore.com, Nikolai Vukolov, baton@bronzemail.net
Traffic-exchange.ru, Aleksej D Brozdov, ru-traffic-exchange@gmail.com

213.182.197.236
1gen1.ru, Andrey G Zubkov, a.zubkov@exeda.info
71sense.info, Vicky Chan, chan.wai.kay.1@gmail.com
71soldo.info, Vicky Chan, chan.wai.kay.1@gmail.com
71speed.info, Vicky Chan, chan.wai.kay.1@gmail.com
71spice.info, Vicky Chan, chan.wai.kay.1@gmail.com
7addition.info, Vicky Chan, chan.wai.kay.1@gmail.com
8addition.info, Vicky Chan, chan.wai.kay.1@gmail.com
8addition.org, Vicky Chan, chan.wai.kay.1@gmail.com
Add-content-filter.info, PrivacyProtect.org
Deonix.biz, Aleksey Melnikov, mel1simkov@gmail.com
Doplin.biz, Aleksey Melnikov, mel1simkov@gmail.com
Gnbd1.cn, Chen Poon, chen.poon1732646@yahoo.com
Hamatauto.biz, Aleksey Melnikov, mel1simkov@gmail.com
Hel90.biz, Aleksey Melnikov, mel1simkov@gmail.com
Lalalabemsbams.name, Aleksey Melnikov, mel1simkov@gmail.com
Tfx2corp.cn, TiankaiCui, cuitiankai@googlemail.com
Vip-internal.ru, Private Person, spy-logs-l12@inbox.ru

213.182.197.237
1gigabayt.com, Hau Cheng, haucheng@yahoo.com
Beauty-hot-pornxxx.com, Aleksey Melnikov, mel1simkov@gmail.com
Downloadoemsoftware.com, Chen Poon, chen.poon1732646@yahoo.com
Fire-hot-pornxxx.com, Aleksey Melnikov, mel1simkov@gmail.com
Hotflashplayer.com, Aleksey Melnikov, mel1simkov@gmail.com
Metroking.ws, Aleksey Melnikov, mel1simkov@gmail.com
Oneminute2u.biz, Aleksey Melnikov, mel1simkov@gmail.com
Rbckc.com, Aurore Hetu, AuroreHetu@fontdrift.com
Scans.cc, PrivacyProtect.org
Sexual69.ru, Artur G Antonov, antonov@rbcmail.ru
Thebestplayer.biz, Aleksey Melnikov, mel1simkov@gmail.com
Verivell.com, Hau Cheng, haucheng@yahoo.com
Xtraff.cn, Hau Cheng, haucheng@yahoo.com

213.182.197.238
Agroautoparts.com, Aleksey Melnikov, mel1simkov@gmail.com

213.182.197.243
Einrock.com, Puprov Ivan, captainjs@yandex.ru
Geo555.com, Vladim Ivanov, captainjs@yandex.ru
Makomset.com, Vladimir Ivanovich, captainjs@yandex.ru
Ribcot.com, Sergeev Kirill Nikolaevich, captainjs@yandex.ru

213.182.197.247
Sex-proector.ru, Private Person, toolssoft@mail.ru

213.182.197.249
Feed-place.cn, Gregory, Michell.Gregory2009@yahoo.com
Hit-senders.cn, Gregory, Michell.Gregory2009@yahoo.com
Search890.com, Chen Poon, chen.poon1732646@yahoo.com
Traffic-searches.cn, Chen Poon, chen.poon1732646@yahoo.com
Vikd3jj-1.com, Dmitry Ostupin, conroetxwelc@gmail.com
Vikd3jj-2.com, Dmitry Ostupin, conroetxwelc@gmail.com
Vikd3jj-3.com, Dmitry Ostupin, conroetxwelc@gmail.com
Vikd3jj-4.com, Dmitry Ostupin, conroetxwelc@gmail.com
Vintorrils-grag1.com, Dmitry Ostupin, conroetxwelc@gmail.com
Vintorrils-grag2.com, Dmitry Ostupin, conroetxwelc@gmail.com
Vintorrils-grag3.com, Dmitry Ostupin, conroetxwelc@gmail.com


213.182.197.251
Botnet.su, Mihail V Morozov, sdhj3jk@yandex.ru
2k90.cn, Real Host LTD, abuseemaildhcp@gmail.com
Abdulabah.cn, LucasSteven, steven_lucas_2000@yahoo.com
Babjr.cn, LucasSteven, steven_lucas_2000@yahoo.com
D4rkst4r.cn, Real Host LTD, abuseemaildhcp@gmail.com
Luks5.cn, LucasSteven / Cehhost, Michell.Gregory2009@yahoo.com
Serverinlit.cn, Real Host LTD, abuseemaildhcp@gmail.com

213.182.197.254
Go-file.ru, Grigoriy M Aleksandrov, aleksandrov@mail333.com

3 comments:

Conrad Longmore said...

Real Host is dead. Hohohohoh.

Andrei Ioan said...

Unfortunate most of the above bad sites are still up in other IP range also located in Latvia:
inetnum: 188.130.250.0 - 188.130.251.255
netname: FASTMEDIA-NET
descr: FASTMEDIA - Internet Service Provider
country: LV
admin-c: VL3915-RIPE
tech-c: VL3915-RIPE
status: ASSIGNED PA
mnt-by: FASTMEDIA-MNT
mnt-routes: FASTMEDIA-MNT
mnt-domains: FASTMEDIA-MNT
source: RIPE # Filtered
person: Viktors Lihochevs
address: FASTMEDIA SRL
address: O.Kalpaka 68/70
address: LV3400, Latvia
phone: +371 28212172
abuse-mailbox: abuse(at)fasthosting.lv
nic-hdl: VL3915-RIPE
source: RIPE # Filtered
route: 188.130.250.0/23
descr: FASTMEDIA - Internet Service Provider
origin: AS28699 UNISTAR-AS Unistars
mnt-by: LATNET-MNT
source: RIPE # Filtered

We need them down...

Andrei Ioan said...

P.S. Some new interesting domains:
Spamim.ru at 188.130.250.245 = spamming services
FuckAbuse.biz at 188.130.250.246 = abuse "bullet proof" hosting services
Must be noted for both domains the notorious "Private person" registrant, known for it`s criminal activity, an entity holding more than half milion domains!