Dear BlueConnex/EuroConnex, I wonder if you'd mind explaining to the ladies and gents of the internet, why you have STILL not booted Riccom? Why you continue providing connectivity for them, despite their not being a single legit domain within their IP range!.
BlueConnex/EuroConnex's still providing connectivity is the reason they got a mention in the crimeware friendly ISP's listings, and sadly, to date, there has still not been so much as an auto-response to e-mails sent to them.
There's a whole host of malicious goodness currently over there, and amongst them, is malware-url.com, which of course, is a malicious version of the real malwareurl.com, run by my friend Anthony (you'll also notice, it's exactly the same impersonation as the one documented concerning malwaredomainlist.com).
malware-url.com by the way, takes you through;
veteransdaystew.com is hosted at 22.214.171.124 (AS5577 126.96.36.199/24 ROOT root eSolutions), and secure.netpaymentprocess.com is hosted at 188.8.131.52 (AS49981 184.108.40.206/20 WORLDSTREAM WorldStream). The SSL certificate is provided by Thawte (anyone awake over there?).
Then there's malware-scaner-online.com, also valid as;
All of which, resolve to 220.127.116.11. And of course, all of which, will give your PC some malicious goodness it'll never forget;
Wepawet results: malware-scaner-online.biz
Virus Total results (18/41): win_protection_update.exe
There's currently well over 500 domains in hpHosts for the Riccom range, with 700 or so, in the historical records.
Historical records for: 18.104.22.168/24
hpHosts listings for: 22.214.171.124/24
Note: I've still not gotten round to writing the monitor to keep the IP's in hpHosts, up to date, so it's possible some of the domains are either dead, or have moved elsewhere. The current validation results for those listed in hpHosts, as of 2 seconds ago, can be found at;
hpObserver validation results for: 126.96.36.199/24
The current list of domain names for those that want them, is;
If you know of a domain that's also hosted on this range, that is not listed in hpHosts, please do feel free to drop by the hpHosts forums and let me know.
The net-block info for this range is;