Sponsored by..

Friday, 13 February 2015

Something evil on 95.163.121.0/24 (Digital Network JSC / com4tel.ru / cloudavt.com)

I've written about DINETHOSTING aka Digital Network JSC many times before, and frankly their entire IP range is a sea of crap, and I have a whole load of blocks in the 95.163.64.0/18 range (including the entirity of 95.163.64.0/10). This latest sea of badness seems to be suballocated to a customer using the 95.163.121.0/24 block.

inetnum:        95.163.121.0 - 95.163.121.255
netname:        RU-CLOUDAVT-NET
descr:          LLC ABT Cloud Network
country:        RU
admin-c:        PPP9992-RIPE
tech-c:         PPP9992-RIPE
status:         ASSIGNED PA
mnt-by:         DN-MNT
changed:        ncc@msm.ru 20150213
source:         RIPE

person:         Andrey Tkachenko
address:        107589, Russia Moscow street Khabarovsk 4A
e-mail:         cc-it@com4tel.ru
phone:          +7 916 626 7798
fax-no:         +7 916 626 7798
nic-hdl:        PPP9992-RIPE
abuse-mailbox:  info@cloudavt.com
mnt-by:         DN-MNT
changed:        noc@msm.ru 20140429
source:         RIPE

route:          95.163.64.0/18
descr:          Digital Network JSC
descr:          Moscow, Russia
descr:          http://www.msm.ru
descr:          aggregate prefix
origin:         AS12695
mnt-by:         DN-MNT
changed:        noc@msm.ru 20121129
source:         RIPE
Tools


Just looking at blog posts, I can see badness occurring in the recent past on the following IPs:
95.163.121.71 [1]
95.163.121.72 [2]
95.163.121.188 [3]
95.163.121.216 [4]
95.163.121.217 [5]

That's quite a high concentration of bad servers in a relatively small block. A quick look at what is currently hosted indicates (in my personal opinion) nothing of value, and I would recommend blocking the entire 95.163.121.0/24 range as a precaution.

1 comment:

Sindhoor Tilak said...

Yeah true, all spywares and spam mail are being sent from this ip block.

Beware!