Blog for hpHosts, and whatever else I feel like writing about ....

Monday, 9 November 2009

Crimeware friendly ISP's: root eSolutions (AS5577, 44042)

Next on the list of cybercrime friendly ISP's, is root eSolutions, who amongst many others, are providing home for a range known as "Financial company "Titan" LTD" (, AS49353 (TITAN)). This range has been the home of many a fake AV, exploits and various other things for longer than I'd like, and seemingly, root eSolutions don't give a hoot. Something we need to change.

Just some of the stuffage seen within this range includes;

20090806203010    Failed resolution    hxxp://

20090810181716    Failed resolution    hxxp://

20090811153749    Failed resolution    hxxp://

20090811160812    Failed resolution    hxxp://

20090811164323    Failed resolution    hxxp://

20090811164808    Failed resolution    hxxp://

20090811170543    Failed resolution    hxxp://

20090811173338    Failed resolution    hxxp://

20090811173343    Failed resolution    hxxp://

20090811182416    Failed resolution    hxxp://

20090811182422    Failed resolution    hxxp://

20090812173231    Failed resolution    hxxp://

20090812190320    Failed resolution    hxxp://

20090812190325    Failed resolution    hxxp://

20090812190331    Failed resolution    hxxp://

20090812190337    Failed resolution    hxxp://

20090812190343    Failed resolution    hxxp://

20090812190349    Failed resolution    hxxp://

20090812190354    Failed resolution    hxxp://

20090815171319    Failed resolution    hxxp://

20090816115241    Failed resolution    hxxp://

20090816115248    Failed resolution    hxxp://

20090819182525    Failed resolution    hxxp://

20090820133056    Failed resolution    hxxp://

20090820133102    Failed resolution    hxxp://

20090824094149    Failed resolution    hxxp://

20090826012405    Failed resolution    hxxp://

20090826154350    Failed resolution    hxxp://

20090826160715    Failed resolution    hxxp://

20090826180147    Failed resolution    hxxp://

20090828170424    Failed resolution    hxxp://

20090828170429    Failed resolution    hxxp://

20090828210742    Failed resolution    hxxp://

20090828222304    Failed resolution    hxxp://

20090829020539    Failed resolution    hxxp://

20090829153843    Failed resolution    hxxp://

20090829153849    Failed resolution    hxxp://

20090829165511    Failed resolution    hxxp://

20090830013229    Failed resolution    hxxp://

20090830021533    Failed resolution    hxxp://

20090830022021    Failed resolution    hxxp://

20090830022453    Failed resolution    hxxp://

20090831123232    Failed resolution    hxxp://

20090831123238    Failed resolution    hxxp://

20090831142528    Failed resolution    hxxp://

20090901053106    Failed resolution    hxxp://

20090901053112    Failed resolution    hxxp://

20090901233333    Failed resolution    hxxp://

20090902114057    Failed resolution    hxxp://

20090902121112    Failed resolution    hxxp://

20090902121626    Failed resolution    hxxp://

20090902122221    Failed resolution    hxxp://

20090903174955    Failed resolution    hxxp://

20090904000059    Failed resolution    hxxp://

20090904000138    Failed resolution    hxxp://

20090904021853    Failed resolution    hxxp://

20090906121159    Failed resolution    hxxp://

20090906121229    Failed resolution    hxxp://

20090906154106    Failed resolution    hxxp://

20090906154112    Failed resolution    hxxp://

20090906162219    Failed resolution    hxxp://

20090907030516    Failed resolution    hxxp://

20090907030522    Failed resolution    hxxp://

20090907165530    Failed resolution    hxxp://

20090907213334    Failed resolution    hxxp://

20090908144450    Failed resolution    hxxp://

20090909020729    Failed resolution    hxxp://

20090909021221    Failed resolution    hxxp://

20090909021422    Failed resolution    hxxp://

20090909021429    Failed resolution    hxxp://

20090909024842    Failed resolution    hxxp://

20090909024848    Failed resolution    hxxp://

20090909024853    Failed resolution    hxxp://

20090909033106    Failed resolution    hxxp://

20090909040812    Failed resolution    hxxp://

20090909181043    Failed resolution    hxxp://

20090909181049    Failed resolution    hxxp://

20090909181055    Failed resolution    hxxp://

20090909181108    Failed resolution    hxxp://

20090910170302    Failed resolution    hxxp://

20090910170316    Failed resolution    hxxp://

20090910221731    Failed resolution    hxxp://

20090910221739    Failed resolution    hxxp://

20090910221746    Failed resolution    hxxp://

20090910221752    Failed resolution    hxxp://

20090910222350    Failed resolution    hxxp://

20090910222357    Failed resolution    hxxp://

20090910222404    Failed resolution    hxxp://

20090910222410    Failed resolution    hxxp://

20090910223853    Failed resolution    hxxp://

20090910224044    Failed resolution    hxxp://

20090910224346    Failed resolution    hxxp://

20090910224352    Failed resolution    hxxp://

20090910224631    Failed resolution    hxxp://

20090910224642    Failed resolution    hxxp://

20090912020905    Failed resolution    hxxp://

20090912173916    Failed resolution    hxxp://

20090917154146    Failed resolution    hxxp://

20090917154929    Failed resolution    hxxp://

20090917162650    Failed resolution    hxxp://

Other ranges root eSolutions have include (and yep, there's malware on all of them);

Personally I recommend blackholing the lot of them, but I tend to take a zero tolerance approach, especially in cases such as this where the ISP's seem to care more about the money than anything else, and as such, don't bother either responding to abuse reports, or killing the malicious content and booting the clients responsible.

In the meantime, I'd absolutely love to hear both theirs and their clients explanations for their being nothing but malicious content on the vast majority of the ranges. Should make for interesting reading.

No comments: