Sources of Badness – PortNAP
One of the smaller hosts I’ve identified is PortNAP Internet Services. They appear to get their service from Grafix Internet B.V. We’ve seen fake anti virus coming from 3 of their IPs in two different /24 subnets registered to PortNAP 84.243.196.0 – 84.243.197.255.
inetnum: 84.243.197.0 - 84.243.197.255 netname: GFX-CUST-PORTNAP descr: PortNAP Internet Services org: ORG-PIS13-RIPE country: NL admin-c: GFX-RIPE tech-c: GFX-RIPE status: ASSIGNED PA mnt-by: GFX-MNT changed: noc@grafix.nl 20081021 source: RIPE abuse-mailbox: abuse@grafix.nl
84.243.196.136 2008-12-02 – site down
pro-scanner-online.com /2009/download/trial/A9installer_880473.exe
84.243.196.137 2008-12-02 – site down
protected-downloads.com /download/trial/AV360Install_77014205.exe
84.243.197.183 2008-11-20 – site down
protection-livescan.com /2009/download/trial/A9installer_880290.exe
