PegasHosting gets its wings clipped
Plug partly pulled on 'scam-friendly' ISP
Cybercrime-friendly Ukrainian ISP PegasHosting has been partially taken offline.
The main range of IP addresses used by the ISP - which has been associated with hosting phishing mule scam sites and all manner of badness - has been null-routed, following action by one of its upstream providers.
"Hosted web sites include fake pharmacies, fake job sites, hacking, porn and what appear to be fake dating sites," security blog dynamoo.com reports.
"Blocking the entire 18.104.22.168/24 (22.214.171.124 - 126.96.36.199) will probably do you no harm."
PegasHosting continues to operate through other IP ranges associated with two different upstream providers. Security campaigners are lobbying these providers, one of which feeds into Global Crossing, to pull the plug on PegasHosting.
A list of the dodgy domains associated with PegasHosting can be found in a blog post by hpHosts here. ®