Blog for hpHosts, and whatever else I feel like writing about ....

Saturday 20 September 2008

242 reasons to avoid 78.129.142.9 (RapidSwitch - AS29131)

I've got a little history with these chaps and chapesses, and it ain't good! It all started in February of this year, when I came across two scammy websites;

i-explorer.info
operasoft.info

The latter, thanks to the help of Stein Vråle and the legal/abuse folks at Opera, was shut down. The former however, is still online to date. At the time, it was peddling what they claimed was Internet Explorer 7, but like goofull.com, wanted you to send them an SMS text that surprise surprise, ended up with your paying through the nose. I did report them to RapidSwitch, for all the good it did - evidently RapidSwitch couldn't give a hoot aslong as they're getting paid.

https://myservers.rapidswitch.com/Abuse/AbuseTicket.aspx?ticketid=VDNL-GOE-KQJF&key=rrgvsfteml

i-explorer.info is now peddling what they claim is Internet Explorer Pro 2.3.6 Final , and surprise surprise, you gotta pay them. As evidenced by the following in the installers nsi.ini file;

You are using a Premium Download.\r\n\r\nTo continue you must get an activation code.



If you click to get an activation code, you are taken to (screenshot);

http://www.i-explorer.info/uk/check_code.php

Which has the lovely little disclaimer at the bottom;


You made a premium download. The server used to download this software needs that you send 3 ( total cost 6 pounds ) sms before installing on your computer. Please read Terms of Service for more info This charge is used to support the virus & spyware check team. Activating Download doesn't mean acquire a software license.


.... and nope, "Terms of Service" is not linkified - thar be nothing to click. The TOS is actually located at;

http://www.i-explorer.info/uk/condiciones.html

... and makes for interesting reading.

Surprisingly, if you go to i-explorer.info (the main homepage), you get redirected to /es and you get what actually seems to be IE 8 beta (this is also not a good thing as I'm pretty sure Microsoft don't allow distribution of their beta's), packaged in a 7zip file. I'll have to do a comparison with the official IE 8 beta from Microsoft to see if they've added/modified anything.

Alas however, this is just one of the sites on this IP, there are many others - and the theme remains the same. i-explorer.net for instance, peddles what they claim is Internet Explorer 8.0.6001.18241 Beta 2 (XP), and leads you to download;

http://www.i-explorer.net/uk/install_IE8WindowsXPx86ENU.exe.exe

Unlike i-explorer.info/es, this definately isn't the official Microsoft beta. As evident by the same thing as previously referenced, appearing in the installers nsi.ini file (the screenshot above is the same theme that appears here).

Once again, you are led to the following in order to pay them;

http://www.i-explorer.net/uk/check_code.php

... which has the same disclaimer as i-explorer.info.

To view the full list of domains running this scam (or at least, those I've got in the hpHosts database), see;

http://hosts-file.net/pest.asp?show=78.129.142.

So what of RapidSwitch? Well, I tried calling, I tried e-mailing, and eventually the RS MD called me to tell me they'd now banned my e-mail address from contacting them - which I found hillarious. His reason? I apparently registered on their system as a customer.

Er nope .... I sent an e-mail to: support@rapidswitch.com, sales@rapidswitch.com as sending it to abuse@, created duplicate tickets.

After the call, I sent them the following;

Dear Sir/Madam,
First and foremost, I would like to complain about the way in which you handle people that telephone yourselves.

Telling me you cannot deal with me over the phone is bad enough, but to also tell me you cannot give me a contact e-mail address (that will NOT result in yet another new ticket being created) over the phone is just taking the mick (which incidentally, is why I'm sending this to both of the e-mail addresses on your contact page). I've already sent an e-mail to your abuse department concerning this, and it created a duplicate ticket, which is why I was calling.

Secondly, I would like to complain about the way your company deals with complaints. I reported one of your customers running site's which are clearly illegal, and if you have such, should be against your terms of service.

Since I have not had a response on the ticket since the 11th, I decided to call this morning - to be told you would not deal with me over the phone. I've provided you with evidence of the illegal activity, and am disgusted that you have allowed the site's to stay online, and have further allowed your client not to respond.

Original:
https://myservers.rapidswitch.com/Abuse/AbuseTicket.aspx?ticketid=VDNL-GOE-KQJF&key=rrgvsfteml

Duplicate:
https://myservers.rapidswitch.com/Abuse/AbuseTicket.aspx?ticketid=QFYX-DQU-SXNT&key=dzphkivozj

If contacting the appropriate authorities is the only way to get you to deal with this, then I will be more than happy to do so. Additionally, if you allow this type of activity to occur on your network, I will also do my best
to ensure this practice is publicized.


... and their reply?

Steven,

We have a strict procedure for abuse complaints; please email abuse@rapidswitch.com

Thank you,

Regards,

Paul Tacey-Green
RapidSwitch Ltd
Tel: 020 7106 0730

RapidSwitch Ltd, Technical Building, Priors Way, Maidenhead, SL6 2HP


Woops! Seems Paul wasn't informed that;

1. My domain had been blocked (which itself begs the question of how my e-mail got through).
2. Sending an e-mail to abuse@, creates a ticket, that alas may aswell just be completely ignored, RapidSwitch themselves certainly aren't going to do anything.

Never the less, the fact these are still online, and there's been more popping up since I reported the sites to them, simply proves that RapidSwitch couldn't give a hoot - they're getting paid. Thus my personal recommendation? drop their entire range;


inetnum: 78.129.142.0 - 78.129.142.255
netname: Rapidswitch_9
descr: Rapidswitch Ltd
country: GB
admin-c: AR6363-RIPE
tech-c: AR6363-RIPE
status: ASSIGNED PA
mnt-by: RAPIDSWITCH-MNT
source: RIPE # Filtered

person: Abuse Robot
address: RapidSwitch Ltd
address: Technical Building
address: Priors Way
address: Maidenhead
address: SL6 2HP
phone: +44 (0)20 7106 0730
remarks: ******************************************************
remarks: * ABUSE REPORTS *
remarks: * E-mail: abuse@rapidswitch.com *
remarks: * https://myservers.rapidswitch.com/reportabuse.aspx *
remarks: * IMPORTANT: We are unable to accept abuse reports *
remarks: * any other way except the two methods listed above. *
remarks: ******************************************************
e-mail: abuse@rapidswitch.com
nic-hdl: AR6363-RIPE
mnt-by: RAPIDSWITCH-MNT
source: RIPE # Filtered

% Information related to '78.129.128.0/17AS29131'

route: 78.129.128.0/17
descr: RapidSwitch Ltd
origin: AS29131
mnt-by: RAPIDSWITCH-MNT
source: RIPE # Filtered

No comments: