|
| Ref: SBL97616 |
| 195.226.197.0/24 is listed on the Spamhaus Block List - SBL |
| 195.226.197.0/24 is listed on the Don't Route or Peer List - DROP |
| 2010-12-28 23:27:11 GMT | SR02 | RIPE |
| GORBY-VPN-NET - Zeus botnet C&C |
ConfigURL History
2010-10-21 195.226.197.100/~hosting/kl/ukdase.db
2010-10-21 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-21 195.226.197.100/~hosting/us2/usdase.db
2010-10-19 195.226.197.100/~hosting/us2/usdase.db
2010-10-15 195.226.197.100/~hosting/kl/ukdase.db
2010-10-15 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-13 195.226.197.100/~hosting/kl/ukdase.db
2010-10-13 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-13 195.226.197.100/~hosting/us2/usdase.db
2010-10-13 195.226.197.100/~hosting/kl/ukdase.db
2010-10-13 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-12 195.226.197.100/~hosting/kl/ukdase.db
2010-10-12 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-08 195.226.197.100/~hosting/kl/ukdase.db
2010-10-08 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-06 195.226.197.100/~hosting/kl/ukdase.db
2010-10-06 195.226.197.100/~hosting/uk2/ukdase.db
2010-10-05 195.226.197.100/~hosting/kl/ukdase.db
2010-10-05 195.226.197.100/~hosting/uk2/ukdase.db
BinaryURL History
2010-10-13 195.226.197.100/~hosting/kl/uk-kl.exe
2010-10-13 195.226.197.100/~hosting/us2/us.exe
2010-10-12 195.226.197.100/~hosting/kl/uk-kl.exe
2010-10-12 195.226.197.100/~hosting/us2/us.exe
2010-10-08 195.226.197.100/~hosting/kl/uk-kl.exe
2010-10-08 195.226.197.100/~hosting/uk2/uk.exe
2010-10-06 195.226.197.100/~hosting/uk2/uk.exe
2010-10-06 195.226.197.100/~hosting/kl/uk-kl.exe
[whois.ripe.net]
inetnum: 195.226.197.0 - 195.226.197.255
netname: GORBY-VPN-NET
descr: Alexandr Gorbunov
remarks: MyVPN service
country: UA
org: ORG-AG58-RIPE
admin-c: AG10224-RIPE
tech-c: AG10224-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: GORBY-MNT
mnt-routes: GORBY-MNT
mnt-domains: GORBY-MNT
source: RIPE # Filtered
organisation: ORG-AG58-RIPE
org-name: Alexandr Anatolyevich Gorbunov
remarks: MyVPN service
org-type: OTHER
address: Moskva, Yasniy proezd 14a, kv. 73
phone: +79025392311
admin-c: AAG76-RIPE
tech-c: AAG76-RIPE
mnt-ref: GORBY-MNT
abuse-mailbox: gorby@land.ru
mnt-by: GORBY-MNT
source: RIPE # Filtered
person: Alex Gorbunov
address: Moskva, Yasniy proezd 14a, kv. 73
phone: +79025392311
nic-hdl: AG10224-RIPE
mnt-by: GORBY-MNT
source: RIPE # Filtered
% Information related to '195.226.197.0/24AS51303'
route: 195.226.197.0/24
descr: GORBY-AS Route Object
origin: AS51303
mnt-by: GORBY-MNT
source: RIPE # Filtered
% Information related to 'AS51303'
aut-num: AS51303
as-name: GORBY-AS
descr: Alexandr Gorbunov
remarks: MyVPN service
org: ORG-AG58-RIPE
import: from AS44559 accept ANY
export: to AS44559 announce AS51303
import: from AS15645 accept AS-UAIX
export: to AS15645 announce AS51303
import: from AS21379 accept ANY
export: to AS21379 announce AS51303
import: from AS50722 accept ANY
export: to AS50722 announce AS51303
admin-c: AG10224-RIPE
tech-c: AG10224-RIPE
mnt-by: RIPE-NCC-END-MNT
mnt-by: GORBY-MNT
mnt-routes: GORBY-MNT
source: RIPE # Filtered
organisation: ORG-AG58-RIPE
org-name: Alexandr Anatolyevich Gorbunov
remarks: MyVPN service
org-type: OTHER
address: Moskva, Yasniy proezd 14a, kv. 73
phone: +79025392311
admin-c: AAG76-RIPE
tech-c: AAG76-RIPE
mnt-ref: GORBY-MNT
abuse-mailbox: gorby@land.ru
mnt-by: GORBY-MNT
source: RIPE # Filtered
person: Alex Gorbunov
address: Moskva, Yasniy proezd 14a, kv. 73
phone: +79025392311
nic-hdl: AG10224-RIPE
mnt-by: GORBY-MNT
source: RIPE # Filtered
AS51303 GORBY-AS Alexandr Gorbunov
Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS50722 ONLINENET SPD Andreychuk Andrey Alekseevich
AS50722 ONLINENET SPD Andreychuk Andrey Alekseevich
Adjacency: 7 Upstream: 1 Downstream: 6
Upstream Adjacent AS list
AS21379 ISV-AS LLC TC "Interzvyazok"
Downstream Adjacent AS list
AS34229 VAKUSHAN-AS Anton Vakushin
AS51354 VPNME-AS Igor Vladimirovich Kanaev
AS51303 GORBY-AS Alexandr Gorbunov
AS50723 DCKIEVUA SPD Shahnazarova Y.M.
AS51554 LYAHOV-AS Lyahovich Maksim
AS39307 DCOMM-UA-AS Digital Communications Ltd.
AS21379 ISV-AS LLC TC "Interzvyazok"
Adjacency: 11 Upstream: 2 Downstream: 9
Upstream Adjacent AS list
AS1299 TELIANET TeliaNet Global Network
AS35320 ETT-AS Eurotranstelecom
Downstream Adjacent AS list
AS44628 DUNA-AS PP "DUNA COM"
AS50793 ALFAHOSTNET Alfa-Host LLP.
AS42126 TISA Tisa Ltd
AS41288 CTISYSTEMS-AS OOO "CTI Systems"
AS31437 PUIG LTD "Persha Ukrainska informatsiyna gruppa"
AS44892 FLY-AS FOP Muhametdinov Oleg Agamovitch
AS51274 ENCORE-NET Encore Ltd.
AS50722 ONLINENET SPD Andreychuk Andrey Alekseevich
AS43896 VIRTES-AS PP "Virtes"
14 kiev-b1-link.telia.net (80.91.247.59) 162.6ms
15 interzvyazok-ic-133777-kiev-b1.c.telia.net (213.248.72.46) 162.7ms
16 217.147.164.90.intersv.com (217.147.164.90) 158.0ms
17 195.226.197.254 165.1ms
18 [target] 195.226.197.100:80 160.0ms
semikemi.info A 195.226.197.49
www.semikemi.info A 195.226.197.49
xableupperxx3.com A 195.226.197.43
mutego.com A 195.226.197.42
bungalougrand.net
solarisgrand.net
sas18.in
___________________
Carberp controllers:
otsosmax1 .com (77.78.239.3)
hxxp://otsosmax1.com/cfg/gsb
hxxp://otsosmax1.com/cfg/gsbcc
hxxp://otsosmax1.com/cfg/otsosnl
hxxp://otsosmax1.com/cfg/passw.plug
hxxp://otsosmax1.com/cfg/stopav.plug
hxxp://otsosmax1.com/cfg/miniav.plug
biga .railwaystatistics .com (193.178.172.25)
hxxp://biga.railwaystatistics.com/cfg/tester
hxxp://biga.railwaystatistics.com/cfg/ebnkusdv
hxxp://biga.railwaystatistics.com/cfg/ebnkusod
hxxp://biga.railwaystatistics.com/cfg/passw.plug
hxxp://biga.railwaystatistics.com/cfg/miniav.plug
hxxp://biga.railwaystatistics.com/cfg/stopav.plug
two2sides .net (195.226.197.14)
hxxp://two2sides.net/cfg/hlnnmnk
hxxp://two2sides.net/cfg/nnholl
hxxp://two2sides.net/cfg/mnkholl
hxxp://two2sides.net/cfg/passw.plug
hxxp://two2sides.net/cfg/stopav.plug
hxxp://two2sides.net/cfg/miniav.plug
hasssw .com (195.226.220.125)
hxxp://hasssw.com/cfg/passw.plug
hxxp://hasssw.com/cfg/stopav.plug
hxxp://hasssw.com/cfg/miniav.plug
Man in the middle 'webinject' sites:
system-checknl .com (77.78.239.64)
hxxps://system-checknl.com/zi/1a/in.php
hxxps://system-checknl.com/zi/2r/in.php
hxxps://system-checknl.com/zi/2r/loader.gif
misisimi .net (193.27.232.32)
hxxps://misisimi.net/di/ing.nl/access.php
hxxps://misisimi.net/di/ing.nl/in.php
hxxps://misisimi.net/di/ing.nl/js/jquery-1.4.2.min.js
hxxps://misisimi.net/zi/1a/in.php
hxxps://misisimi.net/zi/2r/in.php
hxxps://misisimi.net/zi/2r/loader.gif
Exploit site:
bebi3 .in (82.146.41.216)
hxxp://bebi3.in/7/crazymantopbanana2.php
00060.org A 195.226.197.14
alivecoma.net A 195.226.197.14
bungalougrand.net A 195.226.197.14
solarisgrand.net A 195.226.197.14
two2sides.net A 195.226.197.14
misisimi.net A 193.27.232.32
secure-s1.net A 193.27.232.32
secure-z1.com A 193.27.232.32
__________________________________
195.226.197.14 00060.org
195.226.197.14 alivecoma.net
195.226.197.14 bungalougrand.net
195.226.197.14 solarisgrand.net
195.226.197.14 two2sides.net
195.226.197.19 gitrometro.net
195.226.197.25 certavicuss.net
195.226.197.26 masadordos.com
195.226.197.27 for-advanced-cfg2.com
195.226.197.27 for-advanced-cfg1.com
195.226.197.27 frasertooper.com
195.226.197.35 for-advanced-cfg3.com
195.226.197.36 for-advanced-cfg4.com
195.226.197.42 mutego.com
195.226.197.43 xableupperxx3.com
195.226.197.49 surogatesm.info
195.226.197.49 meinisp.info
195.226.197.49 semikemi.info
195.226.197.50 nalombombol.info
195.226.197.50 simanticwerd.info
195.226.197.50 technetinm.info
195.226.197.50 terikmask.info
195.226.197.50 traveldens.info
195.226.197.50 milensdange.info
195.226.197.50 limesd.info
195.226.197.50 kirishmac.info
195.226.197.50 inycom.info
195.226.197.50 incomsteer.info
195.226.197.50 createmore.info
195.226.197.50 balacenewiq.info
195.226.197.51 retmiin.info
195.226.197.51 quimaisnon.info
195.226.197.51 poursone.info
195.226.197.51 orangeco.info
195.226.197.51 olamst.info
195.226.197.51 nofinghere.info
195.226.197.51 selectallin.info
195.226.197.51 settimpon.info
195.226.197.51 shellymelly.info
195.226.197.51 skoreskole.info
195.226.197.51 spdemit.info
195.226.197.51 suremgoal.info
195.226.197.51 sweetanthems.info
195.226.197.51 vivamatan.info
195.226.197.51 walkinrain.info
195.226.197.51 newagge.info
195.226.197.51 nehochu.info
195.226.197.51 1extram.info
195.226.197.51 amaizingmon.info
195.226.197.51 backholk.info
195.226.197.51 bbrstrz.info
195.226.197.51 dafreshm.info
195.226.197.51 dalidalim.info
195.226.197.51 dareproj.info
195.226.197.51 generaldias.info
195.226.197.51 grosufo.info
195.226.197.51 iddqdtome.info
195.226.197.51 ipilesos.info
195.226.197.51 lastfor.info
195.226.197.51 meinecash.info
195.226.197.51 ministorm.info
195.226.197.52 marinada1.com
195.226.197.52 makesmesh.info
195.226.197.52 fgalliwant.info
195.226.197.53 rutrahar.com
195.226.197.53 sekretadult.com
195.226.197.53 smotruxxx.com
195.226.197.53 solo-gm.com
195.226.197.53 vkiske.com
195.226.197.53 vpornushke.com
195.226.197.53 windows-install.com
195.226.197.53 winosupdate.com
195.226.197.53 xxxruclips.com
195.226.197.53 xxxruporn.com
195.226.197.53 yandexclicks.com
195.226.197.53 yandexstatic.com
195.226.197.53 rupornushka.com
195.226.197.53 rupornik.com
195.226.197.53 ruebari.com
195.226.197.53 adobefp.com
195.226.197.53 afishamovies.com
195.226.197.53 dns4rec.com
195.226.197.53 dopler-m.com
195.226.197.53 hardestclips.com
195.226.197.53 hardruporn.com
195.226.197.53 internet-install.com
195.226.197.53 jestporn.com
195.226.197.53 megaruporn.com
195.226.197.53 pornootrada.com
195.226.197.53 pornozapret.com
195.226.197.200 flowersales.org
___________________________
http://www.robtex.com/route/195.226.197.0-24.html
Removal Procedure
To have record SBL97616 (195.226.197.0/24) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 195.226.197.0/24) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:
If you are a representative of RIPE, you also need to see: Current Live RIPE SBL Listings
The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect users from spam sources and spam services. The SBL lists only IP addresses (not domains, email addresses, names or anything else). If you are unable to send email to someone due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact the Spamhaus SBL team to resolve the issue (if you are not the Internet Service Provider, please do not contact us.)
|
