DINETHOSTING aka Digital Network JSC are a large Russian host that regularly hosts malware sites. Yesterday I came across the domain curvecheese.com (85.192.45.83) being used in a malicious spam run. This is in a block 85.192.32.0/20 allocated to this host.
I tend to block DINETHOSTING ranges as soon as I see malware on them. If you are blocking this host, I would recommend you add 85.192.32.0/20 to your blocklist.
6 comments:
hi, what is your perception of Dinethosting - do you think it is a Rouge ISP?
@th3ddog: yes, it's a rouge although they may have some legitimate ranges and customers, although I don't tend to see them!
Interesting..
I've been trying to follow some activities from a server hosted on their IP range.
That server is a C&C server for a botnet so it sure is malicious - and that is why I have started to look into DINETHOSTING to try and find out more about that ISP but there is not a wealth of information out there.
Do you know any good sources of information or articles about dinet? It would be much appreciated :)
Well I have a whole category for them on this blog here. :)
These bad sites all seem to be part of AS12695. You can see the SiteVet report here or the Google Safe Browsing diagnostics here. Googling around for AS12695 brings some interesting results.
Thanks again :)
So do you think that DINET is an evolution of the "Russian Business Network" - for some reason I have a feeling that the same people are behind this ISP as well.
The RBN was perhaps too obvious in its hosting of malicious sites so I'm thinking that DINET might be a new attempt where the goal is to fly under the radar for as long as possible.
Yes, it's probably related to RBN although there are a lot of other exceptionally dodgy hosts as well, for example Specialist ISP in Transnistria who are even more black hat than DINETHOSTING.
Post a Comment