megared.net.mx: Research, Ban

      No Comments on megared.net.mx: Research, Ban

This is part of the keywords-monitoring-your-success.com, free-video-tool.com Semalt Botnet that spread to other South American hosts, but they have changed the referrer name slightly to keywords-monitoring-success.com. This host is tricky because they only provide the last 2 octets of the IP address, leaving me to guess the first two.

Here is my clue: customer-qro-199-67.megared.net.mx

There are clues to the same pattern used by megared.net.mx, using a variety of new 2 initial octets combined with the last 2 from the host name. While I only have this one IP as a content scraper, their reputation is one of an email spammer. I guess they moved into a newer but related business model.

Research:

customer-SMAL-234-55.megared.net.mx 200.92.234.55 200.92.128.0 – 200.92.128.255 200.92.128.0/17

customer-QRO-246-1.megared.net.mx 177.242.246 177.240.0.0 – 177.247.255.255 177.240.0.0/13
customer-QRO-137-135.megared.net.mx 177.242.137.135
customer-CLN-112-168.megared.net.mx 177.246.112.168
customer-TEPIC-30-3.megared.net.mx 177.247.30.3 1

customer-MOR-193-40.megared.net.mx 177.224.193.40 177.224.0.0 – 177.231.255.255 177.224/13
customer-GDL-193-40.megared.net.mx 177.224.193.40
customer-GDL-33-208.megared.net.mx 177.231.33.208
customer-TOR-109-46.megared.net.mx 177.225.109.46
customer-GDL-207-42.megared.net.mx 177.231.207.42
customer-GDL-200-120.megared.net.mx 177.231.200.120

customer-gdl-177-250.megared.net.mx 187.245.177.250 187.240.0.0 – 187.247.255.255 187.240.0.0/13
customer-GDL-46-237.megared.net.mx 187.246.46.237
customer-GDL-40-206.megared.net.mx 187.247.40.206
customer-LMM-99-4.megared.net.mx 177.245.99.4
customer-COL-189-19.megared.net.mx 177.246.189.19
customer-GDL-248-233.megared.net.mx 187.244.248.233
customer-GDL-237-117.megared.net.mx 187.246.237.117
customer-GDL-124-243.megared.net.mx 187.246.124.243

customer-HMO-221-138.megared.net.mx 201.165.221.138 201.164.0.0 – 201.165.255.255 201.164.0.0/15
customer-ZITA-58-29.megared.net.mx 201.165.58.29
customer-GDL-200-121.megared.net.mx 201.164.200.121

customer-GYS-18-28.megared.net.mx 200.66.18.28 200.66.0.0 – 200.66.31.255 200.66.0.0/19
customer-GYS-2-108.megared.net.mx 200.66.2.108
customer-GYS-18-39.megared.net.mx 200.66.18.39

customer-LMM-188-103.megared.net.mx 189.199.188.103 189.192.0.0 – 189.199.255.255 189.192.0.0/13
customer-TOR-28-161.megared.net.mx 189.194.28.161
customer-LMM-172-239.megared.net.mx 189.199.172.239
customer-SALA-87-33.megared.net.mx 189.193.87.33
customer-MOR-232-146.megared.net.mx 189.195.232.146
customer-GDL-238-143.megared.net.mx 189.196.238.143
customer-GDL-180-163.megared.net.mx 189.197.180.163

Others not using this pattern
189.195.128.24 cache4.col.megared.net.mx
200.52.216.19 bsd.tepic.megared.net.mx
200.52.205.214 ns1.megared.net.mx

Leave a Reply

Your email address will not be published. Required fields are marked *