Posted by: realsecurity | December 16, 2008

Sources of Badness – PortNAP

One of the smaller hosts I’ve identified is PortNAP Internet Services. They appear to get their service from Grafix Internet B.V. We’ve seen fake anti virus coming from 3 of their IPs in two different /24 subnets registered to PortNAP 84.243.196.0 – 84.243.197.255.

inetnum:        84.243.197.0 - 84.243.197.255
netname:        GFX-CUST-PORTNAP
descr:          PortNAP Internet Services
org:            ORG-PIS13-RIPE
country:        NL
admin-c:        GFX-RIPE
tech-c:         GFX-RIPE
status:         ASSIGNED PA
mnt-by:         GFX-MNT
changed:        noc@grafix.nl 20081021
source:         RIPE
abuse-mailbox:  abuse@grafix.nl

84.243.196.136 2008-12-02 – site down
pro-scanner-online.com /2009/download/trial/A9installer_880473.exe

84.243.196.137 2008-12-02 – site down
protected-downloads.com /download/trial/AV360Install_77014205.exe

84.243.197.183
2008-11-20 – site down
protection-livescan.com /2009/download/trial/A9installer_880290.exe

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: