ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Rove Digital

Evidence Menu:

Rove Digital Index


Country: Estonia
State:
*** Most of the gang now in prison awaiting trial ***

Botnets, malware, spam, pharming, DDoS. Inhoster, Cernel, Esthost, Atrivo. What else needs to be said?

Also known as the "DNS Changer malware" gang.


Rove Digital SBL Listings History
Current SBL Listings
Archived SBL Listings

UkrTeleGroup


Related SBL listings:

209.58.18.2/32
Live vsnlinternational.com
2009-04-29 21:41:11
SBL75297 routing 67.210.0.0/20 & 85.255.112.0/20 (cyber crime hubs)

66.193.50.238/32
Removed twtelecom.net
2009-01-16 22:14:02
SBL71512 Pointer Record: UkrTeleGroup (AS4323 >>> AS44060)

90.156.208.0/24
Live masterhost.ru
2009-03-21 14:10:17
SBL71352 ROBOHOST.ORG, XOCMA.NET etc spammer hosts

89.253.247.95/32
Live rusonyx.ru
2009-01-11 23:23:38
SBL71351 ROBOHOST.ORG, XOCMA.NET etc spammer hosts

216.151.179.185/32
Removed bandcon.com
2008-11-28 23:39:20
SBL67355 Pointer Record: Intercage/Atrivo (AS26769 >>> AS27595)

67.17.105.2/32
Removed gblx.net
2008-08-29 19:43:31
SBL67196 Pointer Record: InterCage (AS3549 >>> AS27595)

213.186.116.162/32
Removed utel.net.ua
2008-08-20 10:30:42
SBL67098 Spammer/cybercrime hosts uatelecom.co.ua

78.159.97.11/32
Removed netdirekt.de
2009-01-11 23:15:43
SBL67097 robohost.org / XOCMA.NET / 4host.info / Rustelekom etc.

84.16.224.228/32
Removed netdirekt.de
2009-01-11 23:14:57
SBL66916 ROBOHOST.ORG, XOCMA.NET etc spammer hosts

93.188.160.0/21
Live RIPE
2009-05-01 05:28:59
SBL66854 UkrTeleGroup Ltd. / Cernel, Inc

89.149.254.11/32
Removed netdirekt.de
2008-08-15 20:57:17
SBL66686 Spammer/cybercrime hosts uatelecom.co.ua

84.16.224.228/32
Removed netdirekt.de
2008-08-11 21:53:58
SBL66652 Spammer/cybercrime hosts uatelecom.co.ua

78.159.97.11/32
Removed netdirekt.de
2008-08-15 20:57:20
SBL66651 Spammer/cybercrime hosts uatelecom.co.ua

85.255.119.90/31
Removed esthost.com
2008-11-01 00:30:00
SBL66650 More hijack malware on Cernel/inhoster/Intercage

85.255.118.42/32
Removed esthost.com
2008-11-01 00:31:05
SBL66649 More hijack malware on Cernel/inhoster/Intercage

69.31.64.0/20
Removed nlayer.net
2008-10-01 20:11:29
SBL65513 InterCage, Inc. via LiteUp, Inc.

93.188.160.0/24
Live RIPE
2008-08-27 21:28:27
SBL65467 ukrtelegroup.com.ua / Otegra LTD.

85.255.118.179/32
Removed esthost.com
2008-11-01 00:30:45
SBL64548 "video codec" malware installer

216.152.255.176/30
Removed xeex.com
2008-11-28 23:53:30
SBL61840 Pointer Record: Intercage/Atrivo (AS27524 >>> AS27595)

85.255.121.37/32
Live esthost.com
2008-11-01 00:35:58
SBL60127 Malware C&C

85.255.112.0/20
Removed esthost.com
2008-11-01 00:35:57
SBL59854 zombies
in RIPE as inhoster.com, then nothing, then UkrTeleGroup

85.255.115.181/32
Live esthost.com
2008-11-01 00:36:00
SBL59637 Malware hosting

67.210.0.0/20
Live ARIN
2009-05-01 05:27:58
SBL58520 cernel.net a/k/a esthost.com a/k/a infradata.net

85.255.112.0/20
live RIPE
2009-05-01 05:26:11
SBL36702 inhoster, Fast web hosting, esthost, ukrtelegroup, AS36445



--- reading URL http://www.ukrtelegroup.com.ua/
--- contacting host www.ukrtelegroup.com.ua [85.255.112.58] on port 80

HTTP/1.1 200 OK
Date: ___, __ May 2009 __:__:__ GMT
Server: Apache/1.3.36 (Unix) PHP/4.4.2
Last-Modified: Tue, 09 Oct 2007 12:34:46 GMT
ETag: "37046c-8-470b7566"
Accept-Ranges: bytes
Content-Length: 8
Connection: close
Content-Type: text/html

nothing

--- connection closed



$ whois ukrtelegroup.com.ua
[Querying whois.com.ua]
[whois.com.ua]
% This is the Ukrainian Whois query server #B.
% Rights restricted by copyright.
%

% % .UA whois
% Domain Record:
% =============
domain: ukrtelegroup.com.ua
admin-c: INAME-UANIC
tech-c: INAME-UANIC
status: OK-UNTIL 20090906165148
dom-public: NO
nserver: ns1.ukrtelegroup.com.ua
nserver: ns2.ukrtelegroup.com.ua
mnt-by: INAME-UANIC (ua.iname)
remark: ôï÷ õËÒÔÅÌÅÇÒÕÐÐ
remark: áÌÆÅÒÏ×Á îÉÎÁ
remark: ïÄÅÓÓÁ, UA
changed: INAME-UANIC 20090310133917
source: UANIC

% Glue Record:
% ===========
nserver: ns1.ukrtelegroup.com.ua
ip-addr: 85.255.112.58

% Glue Record:
% ===========
nserver: ns2.ukrtelegroup.com.ua
ip-addr: 93.188.161.58

% Administrative Contact:
% ======================
nic-handle: INAME-UANIC
organization: LLC "Elade Standart Limited"
organization: ïïï "üÌÁÊÄ óÔÁÎÄÁÒÔ ìÉÍÉÔÅÄ"
organization: ôï÷ "åÌÁÊÄ óÔÁÎÄÁÒÔ ì¦Í¦ÔÅÄ"
address: 1 ЦÄ'§ÚÄ, 2 ÐÏ×ÅÒÈ, ÷ÅÌÉËÁ ÷ÁÓÉÌØ˦×ÓØËÁ, 111/113
address: 03150 ëé·÷
address: UA
fax-no: +380 (44) 2010104
fax-no: +380 (44) 2010104
phone: +380 (44) 2010104
e-mail: hostmaster@iname.ua
url: http://iName.ua
org-id: 31109655
mnt-by: NONE
changed: INAME-UANIC 20090422102559
source: UANIC

% Technical Contact:
% =================
nic-handle: INAME-UANIC
organization: LLC "Elade Standart Limited"
organization: ïïï "üÌÁÊÄ óÔÁÎÄÁÒÔ ìÉÍÉÔÅÄ"
organization: ôï÷ "åÌÁÊÄ óÔÁÎÄÁÒÔ ì¦Í¦ÔÅÄ"
address: 1 ЦÄ'§ÚÄ, 2 ÐÏ×ÅÒÈ, ÷ÅÌÉËÁ ÷ÁÓÉÌØ˦×ÓØËÁ, 111/113
address: 03150 ëé·÷
address: UA
fax-no: +380 (44) 2010104
fax-no: +380 (44) 2010104
phone: +380 (44) 2010104
e-mail: hostmaster@iname.ua
url: http://iName.ua
org-id: 31109655
mnt-by: NONE
changed: INAME-UANIC 20090422102559
source: UANIC

% % .UA whois



2009-07-30
[whois.abuse.net]
emil@intercage.com (for cernel.net)
abuse@uk.tiscali.com (for cernel.net)
abuse@cernel.net (for cernel.net)
virtual@esthost.com (for cernel.net)
abuse@tiscali.co.uk (for cernel.net)
noc@cernel.net (for cernel.net)
abuse@atrivo.com (for cernel.net)
abuse@esthost.com (for cernel.net)
abuse@intercage.com (for cernel.net)
abuse@twtelecom.net (for cernel.net)
emil@atrivo.com (for cernel.net)
hostmaster@esthost.com (for cernel.net)

$ host TEMP3.CERNEL.NET
TEMP3.CERNEL.NET has address 64.28.187.79
$ host 64.28.187.79
79.187.28.64.in-addr.arpa domain name pointer 64-28-187-79-rev.ineting.net.
$ whois 64.28.187.79
[Querying whois.arin.net]
[Redirected to rwhois.ineting.net:4321]
[Querying rwhois.ineting.net]
{no response]


AS | IP | AS Name
36445 | 64.28.187.79 | INTERNET-PATH - Internet Path, Inc.


[whois.arin.net]

OrgName: Internet Path, Inc.
OrgID: INTER-890
Address: 1971 Western Avenue #1162
City: Albany
StateProv: NY
PostalCode: 12203
Country: US

ReferralServer: rwhois://rwhois.ineting.net:4321

ASNumber: 36445
ASName: INTERNET-PATH
ASHandle: AS36445
Comment:
RegDate: 2006-01-05
Updated: 2008-12-02

OrgAbuseHandle: ABUSE2096-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-845-207-3506
OrgAbuseEmail: abuse@ineting.net

OrgNOCHandle: NOC3382-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-518-203-1144
OrgNOCEmail: contact@ineting.net

OrgTechHandle: TECHN735-ARIN
OrgTechName: Technical Department
OrgTechPhone: +1-518-203-1144
OrgTechEmail: contact@ineting.net


6445 INTERNET-PATH - Internet Path, Inc.
Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS3320 DTAG Deutsche Telekom AG


[whois.radb.net]
aut-num: AS36445
as-name: CERNEL
descr: Cernel Network Ltd
admin-c: NETWO1060-ARIN
tech-c: TECHN317-ARIN
export: TO AS-ANY announce AS-CERNEL
notify: noc@cernel.net
mnt-by: MAINT-AS36445
changed: noc@cernel.net 20071004
source: ALTDB


$ lft 64.28.187.79
...
8 xe-0-0-0.nyc20.ip4.tinet.net (89.149.185.78) 44.2ms RTTL : 244
9 cernel-gw.ip.tiscai.net (213.200.66.26) 44.0ms RTTL : 247
10 [target] 64-28-187-79-rev.ineting.net (64.28.187.79):80 47.3ms RTTL : 52




The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK8750/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy