KV Solutions B.V. Takedown

As reported by ZDNET, Dutch authorities have taken down bulletproof hosting provider KV Solutions BV, responsible for running a commercial botnet. The servers were seized, and the two founders were arrested on October 1st. The blackhat operation ran for two years, assaulting the Internet with vulnerability scanners, brute force login attacks, and malware.

KV Solutions hosted from the 185.244.25.0/24 block. We want to thank all the reporters on AbuseIPDB who kept this disreputable company in the public eye. Currently, there are 40,933 reports for this netblock across 191 addresses.

The Dutch duo also owned Lifehosting BV, but no IP ranges were assigned to it.

Hopefully, authorities will discover other malicious hosting companies using the information gleamed from the seized servers.

Angelo's AbuseIPDB Account

Interestingly, one of the founders, Angelo K., registered on AbuseIPDB at 2018-03-28 17:47:44. This was shortly after many of our users such as blocklist.de, stfw, Smel, Scan, andrew.stream, et al. picked up scans from KV Solutions's network. It may be that Angelo registered in hopes that there was action he could take to hide or takedown the reports against his shady hosting business. However, he did not submit a takedown request to us. Strangely, he made a single report regarding the Chinese IP 116.31.116.34 months later on 2018-08-26 with the comment:

SSH access from src IP 116.31.116.34 rejected, 27861 attempt(s)

His last recorded login was at 2018-10-31 12:17:56 from 62.238.116.212, a fixed line Internet service provider in the Netherlands.

This is all we know at the time.


** This Document Provided By AbuseIPDB **
Source: https://www.abuseipdb.com/blog/kv-solutions-takedown