Just in case I forget.
inetnum: 126.96.36.199 - 188.8.131.52 netname: singhajeet3 descr: singhajeet3 - Singh Ajeet country: UA admin-c: SA5766-RIPE tech-c: SA5766-RIPE status: ASSIGNED PA mnt-by: MNT-HOSTINGUA source: RIPE # Filtered person: Singh Ajeet address: 34203, Florida, United States, Bradenton, 1901 60th Place E. Suite L4257 abuse-mailbox: firstname.lastname@example.org phone: +380487281518 nic-hdl: SA5766-RIPE source: RIPE # Filtered % Information related to '184.108.40.206/19AS41665' route: 220.127.116.11/19 descr: Datacenter Hosting.UA origin: AS41665 mnt-by: MNT-HOSTINGUA source: RIPE # Filtered
I’ll probably forget the connection, so here is the short version:
A tweet from one of the good guys I’m following:
Details about the MediaTemple security issues (injected spam and .htaccess redirects) http://bit.ly/4POUnQ and http://bit.ly/7o1oyA
And somehow I ended up at redbuszoen. com via you-search. in.
Probably some kind of dynamic, now I end up at cyber-shop. net at 18.104.22.168, advancedhosters.com. Russians in the Netherlands. Shitty place that too.
That’s probably all, sorry for that.
If you want a little bit more, spamhaus is the usual reliable source:
But they forgot to list 22.214.171.124 – 126.96.36.199.
Or the whole freaking 188.8.131.52/19.
More evil stuff in there. Like the skiddie forum at evilzone.org (forum.evilzone.org).
But then the whole .UA space should be nuked.
Much safer internet without it.
I’m beginning to have the same thoughts about .NL too.
(And I am now on day 13 in my career as a non-smoker. This is probably what hell will be when that time comes. Now I am prepared for it)
Update a bit later
When following the link from cyber-shop. net, I ended up downloading scareware from securitytoolsediting. net.
Virustotal tells med that 11 out of 40 vendors recognize the file install.exe.
The different names given contain “FakeAlert”, “RogueSecurity”, “Krap”.
securitytoolsediting. net appears to live at 184.108.40.206, “Baltic Center of Innovations TechPromInvest LTD”.
Probably a shitty place too. A quick google search seems to agree with me.