|
| Ref: SBL96354 |
| 193.23.126.0/24 is listed on the Spamhaus Block List - SBL |
| 193.23.126.0/24 is listed on the Don't Route or Peer List - DROP |
| 2011-05-04 14:45:22 GMT | SR22 | RIPE |
| Dirty network - Vakush-NET |
Update Mai 4, 2011
Gozi botnet controller:
$ dig +short thx.kz
193.23.126.150
___________________________
Update April 28, 2011
Gozi botnet controller:
$ dig +short cax.kz
193.23.126.150
___________________________
Update April 15, 2011
Gozi botnet controller:
$ dig +short universalmigrat.com @8.8.8.8
193.23.126.15
___________________________
Dirty network hosting Zeus files.
veveto.net has address 193.23.126.15
veveto.net/Z/d7.out (config)
veveto.net/Z/files/sony.exe (binary)
veveto.net/Z/gtgt.php (dropzone)
More information about this malware:
MD5 hash: 2414a949cc4f3b1aa6d2b26ee4db8f7f
-> Anubis: http://anubis.iseclab.org/?action=result&task_id=1c90d1fb3b92c1f74153b0f91b9a25852
----
inetnum: 193.23.126.0 - 193.23.126.255
netname: Vakush-NET
descr: Anton Vakushin
country: UA
org: ORG-VA219-RIPE
admin-c: VA2092-RIPE
tech-c: VA2092-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: VAKUSHAN-MNT
mnt-routes: VAKUSHAN-MNT
mnt-domains: VAKUSHAN-MNT
source: RIPE # Filtered
organisation: ORG-VA219-RIPE
org-name: Vakushin Anton
org-type: OTHER
descr: Vakushin Anton
address: Russia, Magadan
address: Dzerzhynskogo 21/65
phone: +7 (4132) 826458
e-mail: vakushin@rbcmail.ru
admin-c: VA2092-RIPE
tech-c: VA2092-RIPE
mnt-ref: VAKUSHAN-MNT
mnt-by: VAKUSHAN-MNT
source: RIPE # Filtered
person: Vakushin Anton
address: Russia, Magadan
address: Dzerzhynskogo 21/65
phone: +7 (4132) 826458
nic-hdl: VA2092-RIPE
mnt-by: VAKUSHAN-MNT
source: RIPE # Filtered
% Information related to '193.23.126.0/24AS34229'
route: 193.23.126.0/24
descr: Vakush-NET Route Object
origin: AS34229
mnt-by: VAKUSHAN-MNT
source: RIPE # Filtered
This IP address at ZeuS Tracker
Removal Procedure
To have record SBL96354 (193.23.126.0/24) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 193.23.126.0/24) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:
If you are a representative of RIPE, you also need to see: Current Live RIPE SBL Listings
The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect users from spam sources and spam services. The SBL lists only IP addresses (not domains, email addresses, names or anything else). If you are unable to send email to someone due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact the Spamhaus SBL team to resolve the issue (if you are not the Internet Service Provider, please do not contact us.)
|
