Not surprisingly, since my last post, they've switched the latest ones back to HostNOC/Burst.Net (same company that took 3 years to boot them last time). Registrars are primarily DirectI and UK2 (who don't seem to be replying ....). DirectI have been shutting down those I've found, within 30 mins of their being reported.
I've likely missed quite a few since my sleeping meds knocked me out for a considerable amount of time (2300 until approx 0900 this morning), but those I've caught so far include;
As you'll note, there's no more on Interserver since the last post, but given it's not been suspended yet, given one of the IPs is still spewing the malicious file (501b010046accf0f6755a85588a5ebd0 as of 2 seconds ago). I've finally had someone from Interserver contact me via e-mail, following my follow up call to them yesterday, but he's having problems reproducing the instructions I provided.
Interserver, malware, and the Scottish weather