Sponsored by..

Wednesday, 7 July 2010

Evil network: AS29106 (91.213.174.0/24) / VOLGAHOST

AS29106 (91.213.174.0 to 91.213.174.255) is a rogue network that appears to host no legitimate sites whatsoever. It appears to be actively involved in malware distribution. The Google Safe Browsing Diagnostic for AS29106 says:

What happened when Google visited sites hosted on this network?

Of the 283 site(s) we tested on this network over the past 90 days, 19 site(s), including, for example, alex0088.com/, alexandepeggy.com/, acurrucareis.com/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tested a site on this network was on 2010-07-07, and the last time suspicious content was found was on 2010-07-07.

Has this network hosted sites acting as intermediaries for further malware distribution?

Over the past 90 days, we found 58 site(s) on this network, including, for example, ax.lt/, smartenergymodel.info/, trfistb.info/, that appeared to function as intermediaries for the infection of 822 other site(s) including, for example, ebook30.com/, beeset.ru/, qrz.ru/.

Has this network hosted sites that have distributed malware?

Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 113 site(s), including, for example, trfistc.info/, xmtra.info/, xmtrb.info/, that infected 13838 other site(s), including, for example, baseofmp3.com/, webovastranka.cz/, webovastranka.sk/.
I advise that you block this IP range and/or the following websites:

Googie-update.com
Microsoft-update.name
S-yahoo.info
Update-windows7.com
Vvxxn.com
Avalonx.info
Charter-x.biz
Lenta-rss.com
Livetrust.info
Razdacha.biz
Rsa-rss.org
34i5uhf.net
Teleffonov.net
Fqtxmad.com
Ftpadobe.com
Hostermykz.com
Myldxrz.com
Myldxs.com
Xmadinst.com
Xmadinst.info
Inforam.org
New-xmading.ru
Onicemano.in
Smookusus.com
Avedaliving.com
Commercematch.biz
Decideonline.com
Edisonsbar.com
Gumrahee.com
Gumrahee.net
Gumrahee.org
Isptoolbar.net
Smartenergymodel.info
Smartenergymodel.net
Unb0rn.org
Mmslive.info
Fiiegoogle.com
Mizotizo.info
Moneyandex.ru
Rooltrgoogle.com
Sltgoogle.com
Sltzgoogle.com
Gigapornavi.info
Gigapornclip.info
Gigapornfilm.info
Gigapornkino.info
Gigapornmov.info
Gigapornmovie.info
Gigapornmpeg.info
Gigapornrolik.info
Gigapornvid.info
Gigapornvideo.info
Girlpornavi.info
Girlpornclip.info
Girlpornfilm.info
Girlpornkino.info
Girlpornmov.info
Girlpornmovie.info
Girlpornmpeg.info
Girlpornrolik.info
Girlpornvid.info
Girlpornvideo.info
Girlsexavi.info
Girlsexclip.info
Girlsexfilm.info
Girlsexkino.info
Girlsexmov.info
Girlsexmovie.info
Girlsexmpeg.info
Girlsexrolik.info
Girlsexvid.info
Girlsexvideo.info
Girlxavi.info
Girlxclip.info
Girlxkino.info
Girlxmov.info
Girlxmpeg.info
Girlxrolik.info
Girlxxxavi.info
Girlxxxclip.info
Girlxxxfilm.info
Girlxxxkino.info
Girlxxxmov.info
Girlxxxmovie.info
Girlxxxmpeg.info
Girlxxxrolik.info
Girlxxxvid.info
Girlxxxvideo.info
Hellsexavi.info
Hellsexclip.info
Hellsexfilm.info
Hellsexkino.info
Hellsexmov.info
Hellsexmovie.info
Hellsexmpeg.info
Hellsexrolik.info
Hellsexvid.info
Hellsexvideo.info
Hellxavi.info
Hellxclip.info
Hellxfilm.info
Hellxkino.info
Hellxmov.info
Hellxmovie.info
Hellxmpeg.info
Hellxrolik.info
Hellxvid.info
Hellxvideo.info
Hotpornavi.info
Hotpornclip.info
Hotpornfilm.info
Hotpornkino.info
Hotpornmov.info
Hotpornmpeg.info
Hotpornrolik.info
Hotpornvid.info
Hotpornvideo.info
Mypornavi.info
Mypornclip.info
Mypornfilm.info
Mypornkino.info
Mypornmov.info
Mypornmovie.info
Mypornmpeg.info
Mypornrolik.info
Mypornvid.info
Newpornavi.info
Newpornclip.info
Newpornfilm.info
Newpornkino.info
Newpornmov.info
Newpornmovie.info
Newpornmpeg.info
Newpornrolik.info
Newpornvid.info
Newpornvideo.info
Pornopornofilm.info
Vippornavi.info
Vippornclip.info
Vippornfilm.info
Vippornkino.info
Vippornmov.info
Downloadmoviesddl.com
Ecountertracker.cc
Enstatcounter.net
Softwarecracksonlineddl.com
Statcounter.cc
Docsxmad.com
Docxmad.com
Google-advertiseng.com
Google-analyzer.com
Oncokq.com
Cassandrarice.com
Clairebowin.com
Colleynadanler.com
Jacquelinesiven.com
Jennycalamia.com
Johannawelch.com
Julesberner.com
Keridiangelis.com
Sharonstender.com
Prufung-authentizitat.com
Afgekrop.com
Visitstats.net
Mir-krossover.com
Sportxxx-ltd.com
Trafficbiztds.com
Inclabtec.biz
Time2befree.biz
U-2me.info
Ubuuntu.info
Fortraffic001.com
Fortraffic020.com
Goodndservice.net
Liveinterneta.info
Liveinternit.com
Liveintirnet.com
Sakjt3r5a.com
Winupdatedll.com
Googlewinads.com
Googlewinsecurity.com
Popclick.net
Yandexsecurity.com
Galaradio.name
Prospanx2.com
Mvbest.cn
Veresgood.com
Vv00vv.biz
Update-kabul.com
Varxx.com

For the record, the WHOIS details for the evil netblock are below, there is no guarantee that they are genuine.The "Dmitriy Bondarenko" listed should not be confused with this one.

inetnum:        91.213.174.0 - 91.213.174.255
netname:        VolgaHost
descr:          PE Bondarenko Dmitriy Vladimirovich
country:        RU
org:            ORG-PBDV1-RIPE
admin-c:        BD145-RIPE
tech-c:         BD145-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-END-MNT
mnt-lower:      RIPE-NCC-END-MNT
mnt-by:         VHOST-MNT
mnt-routes:     VHOST-MNT
mnt-domains:    VHOST-MNT
source:         RIPE # Filtered

organisation:   ORG-PBDV1-RIPE
org-name:       PE Bondarenko Dmitriy Vladimirovich
org-type:       OTHER
address:        Russia, Volgograd, 400131, Krasnoznamenskaya str. 11
e-mail:         bondarenkoip1@gmail.com
admin-c:        BD145-RIPE
mnt-ref:        VHOST-MNT
mnt-by:         VHOST-MNT
source:         RIPE # Filtered

person:         Bondarenko Dmitriy
address:        Russia, Volgograd, 400131, Krasnoznamenskaya str. 11
phone:          +79027817224
nic-hdl:        BD145-RIPE
mnt-by:         VHOST-MNT
source:         RIPE # Filtered

route:          91.213.174.0/24
descr:          VHost route
origin:         AS29106
mnt-by:         VHOST-MNT
source:         RIPE # Filtered

1 comment:

footprints said...

Hi!
Can you tell me how to create a black list with these adresses in ESET Smart Security? They say it's possible but don't say how and I'm a new bee :(
Thanks!