The spam today is about airline tickets, but it could be on anything.. including the infamous NACHA spam that we keep seeing.
czredret.ru is hosted on 188.190.99.26 in the Ukraine, a block allocated to:
inetnum: 188.190.96.0 - 188.190.127.255
netname: INFIUM
descr: Infium LTD
country: UA
org: ORG-INFI1-RIPE
admin-c: INF20-RIPE
tech-c: INF20-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: NETASSIST-MNT
mnt-routes: NETASSIST-MNT
mnt-domains: NETASSIST-MNT
source: RIPE #Filtered
organisation: ORG-INFI1-RIPE
org-name: Infium Ltd.
org-type: OTHER
address: 61129, Ukraine, Kharkov, Traktorostroiteley 156/41 ave, office 200
mnt-ref: INFIUM-MNT
mnt-by: INFIUM-MNT
source: RIPE #Filtered
person: Infium Ltd
address: 61129, Kharkov, Ukraine, Traktorostroiteley 156/41, office 200
abuse-mailbox: abusemail@infiumhost.com
phone: +380577632339
phone: +1425606-33-07
nic-hdl: INF20-RIPE
mnt-by: INFIUM-MNT
source: RIPE #Filtered
netname: INFIUM
descr: Infium LTD
country: UA
org: ORG-INFI1-RIPE
admin-c: INF20-RIPE
tech-c: INF20-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: NETASSIST-MNT
mnt-routes: NETASSIST-MNT
mnt-domains: NETASSIST-MNT
source: RIPE #Filtered
organisation: ORG-INFI1-RIPE
org-name: Infium Ltd.
org-type: OTHER
address: 61129, Ukraine, Kharkov, Traktorostroiteley 156/41 ave, office 200
mnt-ref: INFIUM-MNT
mnt-by: INFIUM-MNT
source: RIPE #Filtered
person: Infium Ltd
address: 61129, Kharkov, Ukraine, Traktorostroiteley 156/41, office 200
abuse-mailbox: abusemail@infiumhost.com
phone: +380577632339
phone: +1425606-33-07
nic-hdl: INF20-RIPE
mnt-by: INFIUM-MNT
source: RIPE #Filtered
Google's prognosis of this block (AS197145) isn't brilliant:
Safe BrowsingSiteVet's report shows that while it isn't a brilliant block, it certain has problems.
Diagnostic page for AS197145 (ASINFIUM)
What happened when Google visited sites hosted on this network?
Of the 536 site(s) we tested on this network over the past 90 days, 14 site(s), including, for example, myegy.com/, ql3a-soft.com/, irkasoft.ru/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2011-12-05, and the last time suspicious content was found was on 2011-12-05.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 9 site(s) on this network, including, for example, playingfieldforallstore.com/, immerconsult.com/, seafarers333.co.cc/, that appeared to function as intermediaries for the infection of 15 other site(s) including, for example, alexsandra.ucoz.net/, seafarers.ucoz.ru/, fpbqax.in/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 11 site(s), including, for example, myshop-ideal.com/, retailer-ideal.com/, abrorl.dlinkddns.com/, that infected 74 other site(s), including, for example, carrollmanorathletic.com/, nihadragab.com/, fathyradwan.com/.
If you don't do business in the Ukraine then it could well be worth blocking 188.190.96.0/19 just to be on the safe side.
No comments:
Post a Comment