The block 91.217.162.0/24 is quite small, but one of the nastiest that I have seen in a while (and it's the new home of worid-of-books.com) with a selection of fake security updates, bogus companies and malware sites and apparently no legitimate sites at all.
Google's safe browsing diagnostics report for AS51441 gives an idea of how nasty it is:
Safe BrowsingRegistration details for the netblock are:
Diagnostic page for AS51441 (VOEJNA)
What happened when Google visited sites hosted on this network?
Of the 755 site(s) we tested on this network over the past 90 days, 295 site(s), including, for example, takofep.co.cc/, camesom.co.cc/, tiruvov.co.cc/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2011-02-10, and the last time suspicious content was found was on 2011-02-10.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 63 site(s) on this network, including, for example, bali-planet.com/, zxstats.com/, adsensestat.com/, that appeared to function as intermediaries for the infection of 2642 other site(s) including, for example, walhi.or.id/, protagonistasdelacultura.cl/, uvfx.com/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 318 site(s), including, for example, paimiru.tk/, ua968089679.co.cc/, fenkaololo.com/, that infected 2943 other site(s), including, for example, veryripe.com/, sketchiest.com/, coneofignorance.net/.
inetnum: 91.217.162.0 - 91.217.162.255
netname: VOEJNA-NET
descr: Voejkova Nadezhda
country: UA
org: ORG-VN12-RIPE
admin-c: BT1959-RIPE
tech-c: BT1959-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: VOEJNA-MNT
mnt-routes: VOEJNA-MNT
mnt-domains: VOEJNA-MNT
source: RIPE # Filtered
organisation: ORG-VN12-RIPE
org-name: Voejkova Nadezhda
org-type: OTHER
descr: Voejkova Nadezhda
address: Russia, St.Pitersburb
address: Kupchinskaya 29/1, ap.90
phone: +7 (812) 7359264
e-mail:
admin-c: BT1959-RIPE
tech-c: BT1959-RIPE
mnt-ref: VOEJNA-MNT
mnt-by: VOEJNA-MNT
source: RIPE # Filtered
person: Berkevich Taras
address: Ukraine, Lviv
address: Povitryana 94, ap. 47
phone: +38 (032) 7302345
nic-hdl: BT1959-RIPE
mnt-by: VOEJNA-MNT
source: RIPE # Filtered
route: 91.217.162.0/24
descr: TIREXHOST.COM
origin: AS51441
mnt-by: VOEJNA-MNT
source: RIPE # Filtered
netname: VOEJNA-NET
descr: Voejkova Nadezhda
country: UA
org: ORG-VN12-RIPE
admin-c: BT1959-RIPE
tech-c: BT1959-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: VOEJNA-MNT
mnt-routes: VOEJNA-MNT
mnt-domains: VOEJNA-MNT
source: RIPE # Filtered
organisation: ORG-VN12-RIPE
org-name: Voejkova Nadezhda
org-type: OTHER
descr: Voejkova Nadezhda
address: Russia, St.Pitersburb
address: Kupchinskaya 29/1, ap.90
phone: +7 (812) 7359264
e-mail:
admin-c: BT1959-RIPE
tech-c: BT1959-RIPE
mnt-ref: VOEJNA-MNT
mnt-by: VOEJNA-MNT
source: RIPE # Filtered
person: Berkevich Taras
address: Ukraine, Lviv
address: Povitryana 94, ap. 47
phone: +38 (032) 7302345
nic-hdl: BT1959-RIPE
mnt-by: VOEJNA-MNT
source: RIPE # Filtered
route: 91.217.162.0/24
descr: TIREXHOST.COM
origin: AS51441
mnt-by: VOEJNA-MNT
source: RIPE # Filtered
This also fingers the domain tirexhost.com which is protected with an anonymous registration.. but behind that it is actually one Boris Umitbaev:
Umitbaev, Boris larinkamil@googlemail.com
Bolshaya Zelenina, 13-80
St-Petersburg, Leningradskaya Oblast 103008
Russian Federation
78127736549 Fax -- There's a list of domains, IP addresses and myWOT ratings here, alternatively block the entire 91.217.162.0/24 (91.217.162.0 to 91.217.162.255) range or use the list below:
Tirexhost.com
Np-comp.com
Lee2ip.com
Leemka.com
Company777.com
Traff-shop.net
Zaebalihostingi.com
Funglobal.net
Going-wide.net
Myvafpt.com
Easyiptracker.info
Hscr.info
Ipcounter.info
Soxabi.info
Vecite.info
Benelulz.com
Belikoff.info
Da0s.info
Swindling.info
Termogaz.info
Glhkghjfhhfklffr.com
Drollkenga.com
Fuckzebra.com
Drollcats.com
Drollpinguins.com
Drollumbat.com
Drollzebra.com
Firastbill.com
Funnybarsshow.com
Funnybearsshow.com
Funnymarmotshow.com
Funnypinguinshow.com
Online-network-solution.com
Microsoftwindowssecurity184.com
Microsoftwindowssecurity185.com
Microsoftwindowssecurity199.com
Microsoftwindowssecurity200.com
Microsoftwindowssecurity2011.com
Kdddaber.com
Newprojectbrain.com
Bftop.ru
Rezip.ru
Havephun.org
Molotora.com
Molotorasolutions.com
Turbostat.org
Zaebalikakdolgopizdec.com
98ghwe5p98gh.net
Gwk5ghwo.net
Jok7.com
Xp-scaner.com
Truegeneralporn.com
Mostporntube.com
Lightporntube.com
Xp-scan.com
Xppclapgirl.com
Handbag-review-2010.com
Googlerr.com
Gtrafx.com
Optimumconsult.net
Romanchuk.net
Statsnets.com
Celebsclips.net
Celebsvideos.net
Celebsvidz.net
Fruitvideos.net
Goodpetrovich.com
Rogervideos.net
8fd30g.net
Gsa8f3.net
General-st.info
Worid-of-books.com
Agasi-story.info
New-looking.net
Slowpoke.in
Em-stat.com
Updatewincenter.com
Getacc.net
My-loads.com
Top-ups.net
Getacc2.com
My-loads2.net
Worldstatsgate.com
Zaparena.biz
Rmkstore.us
Lotos2.com
Bog77.com
Dor77.com
Gol77.com
Dangerboom.com
Dangerboom.net
Dangerthree.com
Dangertwo.com
Dangertwo.net
Bgnt.net
Gentix77.net
Googleadstat.com
Halyot.net
Girtac.ru
Protection-pc.org
Berrianguz.com
Irompas.com
Mirotag.com
Mizanticonif.com
Mollotojub.com
Vikanzubik.com
Volgansuk.com
Ruvipxxxa.ru
Mysnom.net
Ejewels.ca
Santa77.com
Bali-planet.com
Sailingaccommodations.com
Zxstats.com
Ntstats.com
Stxstats.com
Excellentcat.com
Golovanerabotaet.com
Groupmind.in
Picheta.net
Pinout.in
Restrovids.net
Toplesson.in
External-top-domains.ru
Justnewleft.ru
Newsdfg.com
Repoiury.com
Rerererererere.com
No comments:
Post a Comment