In this post, I'll discuss Troyak-AS, a well-known cybercrime-friendly hosting provider, that represented, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 growing factor, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 highest percentage of malicious and fraudulent activity online, throughout 2010, its upstream provider NetAssist LLC, and most importantly, a malicious innovation applied by cybercriminals, at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time, namely cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 introduction of malicious netblocks and ISPs, within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RIPE registry, relying on OPSEC (Operational Security) and basic evasive practices.
According to RSA, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Ukrainian based ISP NetAssist LLC is listed as a legitimate ISP, one whose services haven't been abused in any particular cybercrime-friendly way.
This analysis, will not only prove, ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise, namely, that NetAssist LLC's involvement in introducing a dozen of cybercrime friendly networks – including TROYAK-AS – has been taking place for purely commercial reasons, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ISP charging thousands of euros for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process, but also, expose a malicious innovation applied on behalf of opportunistic cybercriminals, at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time, namely, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 introduction of innovative bulletproof hosting tactics, techniques and procedures.
Domain name reconnaissance:
troyak.org - 74.208.21.227 (AS8560); 195.93.184.1 (AS44310) - Email: staruy.rom@troyak.org; staruy.rom@inbox.ru
smallshopkz.org - 195.78.123.1 (AS12570)
Name servers:
ns.troyak.org - 195.93.184.1 - (AS44307) ALYANSHIMIYA
ns.bgpvpn.kz - 91.213.93.10
ns.smallshopkz.org (195.78.123.1) is also known to have offered DNS services, to prombd.net (AS44107) PROMBUDDETAL (AS50215 Troyak-as at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time responding to ctlan.net) - 91.201.30.1, and vesteh.net (AS47560) VESTEH-NET 91.200.164.1
Domain name reconnaissance:
bgpvpn.kz
Organization Using Domain Name
Name...................: Mykola Tabakov
Organization Name......: Mykola Tabakov
Street Address.........: office 211, ul. Pushkina, dom 166
City...................: Astana
State..................: Astana
Postal Code............: 010000
Country................: KZ
Administrative Contact/Agent
NIC Handle.............: CA537455-RT
Name...................: Mykola Tabakov
Phone Number...........: +7.7022065468
Fax Number.............: +7.7022065468
Email Address..........: tabanet@mail.ru
Nameserver in listed order:
Primary server.........: ns.bgpvpn.kz
Primary ip address.....: 91.213.93.10
smallshopz.biz
Domain Name:SMALLSHOPKZ.ORG
Created On:30-Oct-2009 13:42:14 UTC
Last Updated On:19-Mar-2010 14:39:19 UTC
Expiration Date:30-Oct-2010 13:42:14 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:DI_10606443
Registrant Name:Vladimir Vladimirovich Stebluk
Registrant Organization:N/A
Registrant Street1:off. 306, Bulvar Mira, 16
Registrant Street2:
Registrant Street3:
Registrant City:Karaganda
Registrant State/Province:Qaraghandyoblysy
Registrant Postal Code:100008
Registrant Country:KZ
Registrant Phone:+7.7012032605
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:vladcrazy@smallshopkz.org
NetAssist LLC (netassist.ua) (AS29632) reconnaissance:
inetnum: 62.205.128.0 - 62.205.159.255
netname: UA-NETASSIST-20080201
descr: NetAssist LLC
country: UA
org: ORG-NL64-RIPE
admin-c: MT6561-RIPE
admin-c: AVI27-RIPE
tech-c: MT6561-RIPE
tech-c: APP18-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: MEREZHA-MNT
mnt-routes: MEREZHA-MNT
mnt-domains: MEREZHA-MNT
source: RIPE # Filtered
organisation: ORG-NL64-RIPE
org-name: NetAssist LLC
org-type: LIR
address: NetAssist LLC
Max Tulyev
GEROEV STALINGRADA AVE APP 57 BUILD 54
04213 Kiev
UKRAINE
phone: +380 44 5855265
fax-no: +380 44 2721514
e-mail: info@netassist.kiev.ua
admin-c: AT4266-RIPE
admin-c: KS3536-RIPE
admin-c: MT6561-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MEREZHA-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Max Tulyev
address: off. 32, 12 Artema str.,
address: Kiev, Ukraine
remarks: Office phones
phone: +380 44 2398999
phone: +7 495 7256396
phone: +1 347 3414023
phone: +420 226020344
remarks: GSM mobile phones, SMS supported
phone: +7 916 6929474
phone: +380 50 7775633
remarks: Fax is in auto-answer mode
fax-no: +380 44 2726209
remarks: The phone below is for emergency only
remarks: You can also send SMS to this phone
phone: +88216 583 00392
remarks:
remarks: Jabber ID mt6561@jabber.kiev.ua
remarks: SIP 7002@195.214.211.129
e-mail: maxtul@netassist.ua
e-mail: president@ukraine.su
nic-hdl: MT6561-RIPE
mnt-by: MEREZHA-MNT
source: RIPE # Filtered
person: Alexander V Ivanov
address: 14-28 Lazoreviy pr
address: Moscow, Russia
address: 129323
phone: +7 095 7251401
fax-no: +7 095 7251401
e-mail: ivanov077@gmail.com
nic-hdl: AVI27-RIPE
mnt-by: MEREZHA-MNT
source: RIPE # Filtered
person: Alexey P Panyushev
address: 8-142, Panferova street
address: Moscow, Russia
address: 117261
phone: +7 903 6101520
fax-no: +7 903 6101520
e-mail: panyushev@gmail.com
nic-hdl: APP18-RIPE
mnt-by: MEREZHA-MNT
source: RIPE # Filtered
Is NetAssist LLC, on purposely offering its services, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 purpose of orchestrating cybercrime-friendly campaigns, in a typical bulletproof cybercrime friendly fashion, or has it been abused, by an opportunistic cybercriminals, earning fraudulently obtained revenues in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process? Based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 analysis in this post, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact, that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company, continues offering IPv4 RIPE announcing services, I believe, that on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of occasions, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company has had its services abused, throughout 2010, leading to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rise of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Avalance bocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365t.
I expect to continue observing such type of abuse, however, in a cybercrime ecosystem, dominated, by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 abuse of legitimate services, I believe that cybercriminals will continue efficiently bypassing defensive measures in place, through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 abuse and compromise of legitimate infrastructure.
This post has been reproduced from Dancho Danchev's blog.