AS43134: CompLife Ltd + DonServers = HOSTSERV (AS42741) = bulletproof hosting for criminals

Ever wonder why some hosting companies try and send you on a "we're waiting, it's resolved, really we're just the innocent victims here, please be patient" game, that results in your getting frustrated and the criminals staying online even longer?

Well, the answer is companies (and I use the term companies loosely in this case) such as Don Servers, which is actually the same "company" as CompLife Ltd (AS43134) who are the same entity as HOSTSERV (AS42741). HOSTSERV for those that don't know, are also known as "ALEXANDRU-NET-TM-AS S.C. ALEXANDRU NET TM S.R.L."

We've known for quite some time that CompLife Ltd are 100% criminal, but thanks to their being rather brazen (and very stupid I might add), they've allowed a simple e-mail address to tie the two of them together;

godaccs@gmail.com

This chap is a regular visitor of the equally criminal forum, GoFuckBiz (Ref: DonServers profile), using the username "Support_DonServers" and DonChicho (fans of "The Godfather" I'm guessing). DonServers incase you're wondering, are using both don.sh and donservers.ru. Both are hosted at 208.76.54.75, AS47869 Netrouting Inc. (awww, their own hosting too expensive?)

You'll also have noticed (Ref: Fake AVs back to using Instra), this is the e-mail address assigned to the WhoIs records, for HOSTSERV (who incidentally, own the IP range CompLife/DonServers happen to be using (I know, I know, no surprise there)).

inetnum: 46.161.20.0 - 46.161.23.255
netname: HOSTSERV-NET
descr: net for hostserv
country: RU
admin-c: BEV38-RIPE
tech-c: BEV38-RIPE
remarks: Abuse e-mail: godaccs@gmail.com
status: ASSIGNED PA
mnt-by: MNT-PIN
mnt-routes: MNT-PIN
mnt-routes: MNT-COMPLIFE
mnt-routes: ALEXANDRU-NET-TM-MNT
mnt-domains: MNT-COMPLIFE
mnt-lower: MNT-COMPLIFE
source: RIPE # Filtered

person: Banu Efim Vasilyevich
address: Naberegnie chelni, tukaevskii raion, pr. Suumbike 84 kv. 109
phone: +37360065663
nic-hdl: BEV38-RIPE
mnt-by: MNT-PIN
source: RIPE # Filtered

route: 46.161.20.0/24
descr: Complife Ltd.
origin: AS43134
mnt-by: MNT-COMPLIFE
source: RIPE # Filtered

route: 46.161.20.0/22
descr: HOSTSERV-NET
origin: AS42741
mnt-by: ALEXANDRU-NET-TM-MNT
source: RIPE # Filtered

So HostSERV = CompLife Ltd = DonServers, and collectively = AS42741 and AS43134 (wonder how many others they have???).

So what do this chaps customers get? Well, according to one of his "private" websites, a choice of server depending on the type of content that's going to be there, as shown by this lovely little screenshot (just in case the site goes AWOL)



Yep, you noticed that too. Your choices are;

1. Malware
2. Adware
3. Botnets
4. Spam Inc
5. Fakes
6. Web spam

Now the question becomes, why their upstreams (AS6939 HURRICANE - Hurricane Electric, Inc. and AS5577 ROOT root SA) are doing absolutely nothing to get this criminal ASN taken offline, given they're the only two providing connectivity for them.

We already know why Root SA (aka Root eSolutions) aren't doing anything, but Hurricane Electric - what's your excuse?

I'm also curious as to how InterXion are going to take the news that these chaps are bragging about using their datacenter for their "bulletproof" hosting?


References

Fake AVs: Back to using Instra Corporation Pty Ltd...
http://hphosts.blogspot.com/2011/05/fake-avs-back-to-using-intra.html

Tucows + Fake AV + new (but old) /24
http://hphosts.blogspot.com/2011/04/tucows-fake-av-new-but-old-24.html