After seeing an article by Conrad over at dynamoo.com, I decided to get in touch with my contact at NetDirekt (cheers Frank!), and am happy to report, PegasHosting have now had one of their ranges null-routed.
PegasHosting (126.96.36.199 - 188.8.131.52), an "ISP" based out of the Ukraine, have had a history of being 100% malicious for as long as I can remember, hosting and previously hosting (some have moved, others no longer resolve), such lovely's as;
WhoIs for PegasHosting.com, given they don't want their contact details on their site for some reason, is;
Could've sworn I'd had these guys null routed before, and will be continuing to monitor them to see where they go to next, as it's guaranteed they'll choose a less than ethical upstream this time round, to make it harder for me to get them null routed again.
Special thanks to Conrad (been following his blog for a considerable amount of time now, and it's highly recommended reading if it's not on your follow-list yet) for his post, as it saved me alot of time, and special thanks to Frank for nuking them so quickly.
It's important to note, although only one range is mentioned here, PegasHosting actually have several of them (184.108.40.206/24 via AS25229 (VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC, upstream provider is GlobalCrossing) [Robtex] and 220.127.116.11/24 via AS45839 [Robtex] (PIRADIUS-AS PIRADIUS NET AS45839, a known crimeware friendly ISP [ 1, 2, 3 ]), and yes, I'm working on getting those nuked as well.
/update 23:40 13-07-2010
I am happy to report, BurstNet/HostNoc, have nuked both ns1.pegashosting.com and ns2.pegashosting.com, previously at 18.104.22.168. As of a few seconds ago, neither are resolving, nor is ns1.pegas-host.org. Though PegasHosting still have their other name servers of course, such as ns1.pegas-dns.org, ns2.pegas-host.org, both of which are also housed on 22.214.171.124/24, which is a NetDirekt range (126.96.36.199 and 188.8.131.52 respectively. NetDirekt were sent a take down request for these this morning.