You may be asking yourself, why are RETN-AS being listed as crimeware friendly? Well, to keep this short and simple, I'll tell you - NET-UA-AS limited corp (AS40965 188.8.131.52/24) and SOFTNET (AS50073 184.108.40.206/24 SOFTNET Software Service Prague s.r.o.).
The SOFTNET range was first seen in November 2009, and ever since then, has served nothing but exploits, rogues, and other malicious goodness. As an example;
Fancy an example of the malicious goodness on the NET-UA-AS range? Ah, go on then;
We're not done however, NET-UA-AS also have ties to other well known malicious networks, such as;
AS24826 KHARKOV-TERMINALS-AS PE Viktor Nastechenko (220.127.116.11/21, 18.104.22.168/24)
Who house (amongst others) this lovely lot;
AS49536 DENTA-AS DENTAGLOBAL SYS (22.214.171.124/23)
Both of these networks are dedicated to malicious activity from what I've seen.
Anyone else seeing a pattern here? It's begging the question of why RETN aren't putting a stop to this. They're the ones providing the upstream connectivity, so surely, as was done to Riccom a few weeks ago, they could shut this lot down?
There's also a connection here, to Rise
Which has ties to NETASSIST (and yep, so 3 of the above). NETASSIST have ties to the likes of root eSolutions and several other Ukrainian AS's;
I'm looking forward to RETN's explanation for this one, whatever it may be.