AS44557 DRAGONARA – Rogue Network

03Sep09

While going through Spamhaus SBLs, I found this updated /23 under RIPE. It would seem that most times when Spamhaus is unsure of the exact ownership of a netblock or the downstream has a small number of IPs assigned to it, the volunteers will place it under the regional registry (RIR). I researched the IP range: 194.8.74.0/23 and found it listed under AS44557 DRAGONARA. Googling revealed this recent blog post. Tha nullroute. me author noticed in late July 2009 a lot of comment spam coming from this netblock.

Below in the Spamhaus SBL, I am referencing the netblock info and some of the nameserver information that Spamhaus discovered within the IP ranges.

Spamhaus SBL76200

Ref: SBL76200

194.8.74.0/23 is listed on the Spamhaus Block List (SBL)

02-Sep-2009 12:26 GMT | SR04

Spamming and now seems this place is involved in other fraud

inetnum: 194.8.74.0 – 194.8.75.255
netname: DRAGONARA-NET
descr: Dragonara Alliance Ltd
country: GB
org: ORG-DRAG1-RIPE
admin-c: AGAV2-RIPE
tech-c: AGAV2-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-by: DRAGONARA-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: DRAGONARA-MNT
mnt-domains: DRAGONARA-MNT
source: RIPE # Filtered

organisation: ORG-DRAG1-RIPE
org-name: Dragonara Alliance Ltd
org-type: OTHER
address: Geneva Place, Waterfront Drive,
P. O. Box 3469, Road Town, Tortola,
British Virgin Islands
mnt-ref: DRAGONARA-MNT
mnt-by: DRAGONARA-MNT
source: RIPE # Filtered

person: Andrey Gavrilog
address: Geneva Place, Waterfront Drive,
P. O. Box 3469, Road Town, Tortola,
British Virgin Islands
mnt-by: DRAGONARA-MNT
abuse-mailbox: abuse@dragonara.net
phone: +41 435.001.009
nic-hdl: AGAV2-RIPE
source: RIPE # Filtered

% Information related to ‘194.8.74.0/23AS44557’

route: 194.8.74.0/23
descr: Dragonara Alliance
origin: AS44557
mnt-by: DRAGONARA-MNT
source: RIPE # Filtered

[…]

194.8.75.115
194.8.74.30

NS1.CCTHETUNECOOKIE.COM
NS1.CCTHETUNETOWN.COM
NS1.CCWEIGHTFEELCONCERT.COM
NS1.CCTHESPEEDDATE.COM
NS1.CCTHETHOUGHTSITE.COM
NS1.CCTHOUGHTSITE.COM
NS1.CCTOPMUSICCENTRAL.COM
NS1.NSMELEONDOMEN.COM
NS1.CCBESTBABYMUSIC.COM
NS1.CCBESTJAZZMUSIC.COM
NS1.CCSUPERGUITARCHORDS.COM
NS1.CCTHETHOUGHTDOMAIN.COM
NS1.CCBESTGUITARDIRECT.COM
NS1.CCNEWTUNESITE.COM
NS1.CCONLINESPEEDDIRECT.COM
NS1.CCONLINESPEEDPAY.COM
NS1.CCNEWMUSICSPIN.COM
NS1.CCABSTRACTDOMAINNAME.COM
NS1.CCSUPERSPEEDTEST.COM
NS1.CCTOPDRAWMUSIC.COM
NS1.CCYOUNGTUNE.COM
NS1.CCYOURCONCEPTSITE.COM
NS1.CCYOURGUITARCHORD.COM
NS1.CCBESTBETMUSIC.COM
NS1.CCTOPINTERNETMUSIC.COM
NS1.CCYOURGUITARTAB.COM
NS1.CCYOURSEEM.COM
NS1.CCYOURSPEEDUNDER.COM
NS1.CCYOURSPEEDWAI.COM
NS1.CCYOURTUNECITY.COM
NS1.CCNEWMUSICKOREA.COM
NS1.CCNEWMUSICLINE.COM
NS1.CCNEWMUSICSTREAM.COM
NS1.CCNEWTUNEWORLD.COM
NS1.CCONLINEHOMERATE.COM
NS1.CCONLINERATESOURCE.COM
NS1.CCONLINESPEEDSITE.COM
NS1.CCONLINESPEEDWORLD.COM
NS1.CCPHOTOLOOKGIG.COM
NS1.CCLATESTTUNE.COM
NS1.CCLOOKANDSHOW.COM
NS1.CCWEBSPEEDNOW.COM
NS1.CCTHEGUITARMUSIC.COM
NS1.CCTOPMOBILEMUSIC.COM
NS1.CCWEBSPEEDO.COM
NS1.CCBESTGUITARTABLATURE.COM
NS1.CCAVAILABLESPEED.COM
NS1.CCATWEBSPEED.COM
NS1.CCBESTCONCERTTOUR.COM
NS1.CCBESTGUITARWORLD.COM

NS2.CCBESTGUITARDIRECT.COM
NS2.CCBESTGUITARWORLD.COM
NS2.CCTHETHOUGHTSITE.COM
NS2.CCPHOTOLOOKGIG.COM
NS2.CCTOPDRAWMUSIC.COM
NS2.CCYOURSPEEDUNDER.COM
NS2.CCNEWTUNEWORLD.COM
NS2.CCONLINERATESOURCE.COM
NS2.CCONLINESPEEDPAY.COM
NS2.CCONLINESPEEDSITE.COM
NS2.CCBESTBABYMUSIC.COM
NS2.CCAVAILABLESPEED.COM
NS2.CCBESTCONCERTTOUR.COM
NS2.CCTHESPEEDDATE.COM
NS2.CCSUPERSPEEDTEST.COM
NS2.CCTHEGUITARMUSIC.COM
NS2.CCLATESTTUNE.COM
NS2.CCTHETUNECOOKIE.COM
NS2.CCTHETUNETOWN.COM
NS2.CCTHOUGHTSITE.COM
NS2.CCYOURGUITARTAB.COM
NS2.CCYOURTUNECITY.COM
NS2.CCBESTBETMUSIC.COM
NS2.CCBESTJAZZMUSIC.COM
NS2.CCWEBSPEEDNOW.COM
NS2.CCWEBSPEEDO.COM
NS2.CCYOURSEEM.COM
NS2.CCONLINEHOMERATE.COM
NS2.CCTOPMOBILEMUSIC.COM
NS2.CCYOURCONCEPTSITE.COM
NS2.CCNEWMUSICSTREAM.COM
NS2.CCNEWTUNESITE.COM
NS2.CCNEWMUSICKOREA.COM
NS2.CCONLINESPEEDWORLD.COM
NS2.CCTHETHOUGHTDOMAIN.COM
NS2.CCSUPERGUITARCHORDS.COM
NS2.CCYOUNGTUNE.COM
NS2.CCTOPINTERNETMUSIC.COM
NS2.CCYOURSPEEDWAI.COM
NS2.CCTOPMUSICCENTRAL.COM
NS2.CCWEIGHTFEELCONCERT.COM
NS2.CCYOURGUITARCHORD.COM
NS2.CCLOOKANDSHOW.COM
NS2.CCABSTRACTDOMAINNAME.COM
NS2.CCBESTGUITARTABLATURE.COM
NS2.CCATWEBSPEED.COM
NS2.CCONLINESPEEDDIRECT.COM
NS2.CCNEWMUSICLINE.COM
NS2.CCNEWMUSICSPIN.COM

[…]

According to the nullroute blog, the IP ranges of AS44557 are: 91.205.40.0/22 & 194.8.74.0/23

At the time of this post, Spamhaus is blocking 512 IPs under the /23. Also, this host (AS44557 / DRAGONARA ) appears to be unresponsive to abuse complaints. According to FixedOrbit, this host has 1534 IP addresses and its upstream is Cogent (AS174).

Advertisements


No Responses Yet to “AS44557 DRAGONARA – Rogue Network”

  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: