I've already had Ecatels ranges blocked for some time now, and I believe this should now convince everyone else to do the same. To save you some time, these are all to be blackholed;
62.41.26.0/24
62.41.27.0/24
89.248.160.0/21
89.248.168.0/24
89.248.169.0/24
89.248.170.0/23
89.248.172.0/23
89.248.174.0/24
89.248.175.0/24
93.174.88.0/21
94.102.48.0/20
94.102.49.0/24
94.102.62.0/24
Incase you're wondering, ryan1918.com is a site that's controlled by a criminal, and not surprisingly, is involved in everything from hacking to fraud to exploits to - well, pretty much everything blackhat/criminal, that you care to think of. The domains WhoIs is (again not surprisingly) hidden, courtesy of "MONIKER" (moniker.com), one of many registrars that in my opinion, should be shut down.
/update: 08:02
I forgot to mention, "Ryan" also has;
ryan1918.info
ryan1918.net
ryan1918.org
All residing at 67.19.72.202 (AS21844 67.18.0.0/15 THEPLANET-AS - ThePlanet.com Internet Services, Inc.)
/update 04-04-2010 16:57
There's quite a few suspicious domains also residing here, which I'll be taking a look at in due course.
New IP = 89.248.168.47 = Ecatel.
/update 13-04-2010 12:48
This one has jumped to varying ISP's since the original article was published, including a UK based ISP (UKNOC, uknoc.co.uk) at 85.92.87.193, and has now jumped back to Ecatel (same IP as before), presumably before he finds another ISP. LE are involved with this one now however, so I'll not be following this one anymore, got to leave it to them.
References:
Crimeware friendly ISP's: Ecatel (AS29073)
http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-ecatel-as29073.html
Posts
No comments:
Post a Comment