Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday, 23 December 2009

Crimeware friendly ISP's: RapidSwitch Ltd (AS29131)

Those of you reading this blog for any length of time, or specializing in the documentation of malicious domains, will no doubt already be aware of RapidSwitch's history, but here's a little refresher for you;

242 reasons to avoid 78.129.142.9 (RapidSwitch - AS29131)
http://hphosts.blogspot.com/2008/09/242-reasons-to-avoid-781291429.html

RapidSwitch customers still involved in SMS Fraud ......
http://hphosts.blogspot.com/2009/02/rapidswitch-customers-still-involved-in.html

Adobe9.0-PDF.com + Computer Solutions Group + 208.118.54.* + Xtreme Software Ltd + Saudi Arabia = Phishing and fraud network
http://hphosts.blogspot.com/2009/03/adobe90-pdfcom-computer-solutions-group.html

Zlkon.lv disconnected - but apparently not completely gone
http://hphosts.blogspot.com/2009/04/zlkonlv-disconnected-but-apparently-not.html

Fake malwarebytes site
http://www.malwarebytes.org/forums/index.php?showtopic=17213

Legitimate Software Typosquatted in SMS Micro-Payment Scam
http://ddanchev.blogspot.com/2009/07/legitimate-software-typosquatted-in-sms.html

RapidSwitch: UK webhosts in champagne throwing cat fight
http://hphosts.blogspot.com/2009/09/rapidswitch-uk-webhosts-in-champagne.html

LC Escrow & Consulting Fraud
http://www.bobbear.com/lcescrowandconsulting.html

Take your time, I'll wait.

Caught up? Good, lets begin shall we? We'll start by looking at what was there, as documented September last year. How many of these are still present? How many have moved? Well, the following contains the hpObserver validation results for those listed in hpHosts as residing on 78.129.*, which were done around an hour or so ago;

http://hosts-file.net/misc/hpObserver_results_-_RapidSwitch-231209.html

I believe the results speak for themselves - the majority are still present, and still involved in malicious activities.

Now, lets look at what's appeared over there in the last few months shall we? And I should point out, this only contains those recorded in my personal database (this database is not published online for varying reasons) and as such, is only a small example.

78.129.205.92        ns64.altervista.org        hacklabz.altervista.org/php.txt
78.129.205.94        ns65.altervista.org        prodef.altervista.org/dark.txt
78.129.205.94        ns65.altervista.org        prodef.altervista.org/id1.txt
78.129.166.98        bod98.i0waterford.net        antispyavailable.com/downloadsetup.php
78.129.205.62        ns50.altervista.org        orangegraphics.altervista.org
78.129.205.62        ns50.altervista.org        italianhom.altervista.org/home.htm
78.129.205.21        ns25.altervista.org        all4upload.altervista.org/
78.129.205.17        ns30.altervista.org        amoreterno.altervista.org/
78.129.205.29        ns3.altervista.org        angelaplatania.altervista.org/
78.129.205.19        ns2.altervista.org        bonesitalia.altervista.org/
78.129.205.19        ns2.altervista.org        bonesitalia.altervista.org/home.htm
78.129.205.19        ns2.altervista.org        casalbertone.altervista.org/index.php
78.129.157.185        ns3589.ukvpshosting.com        www.10pips.com/ca/download.php
78.129.205.62        ns50.altervista.org        orangegraphics.altervista.org/
78.129.166.98        bod98.i0waterford.net        altapcsecurity.com/downloadsetup.php
78.129.166.166        Failed resolution        top-pornnet.com/promo3/?aid=763&vname=flash_player.exe
78.129.166.175        Failed resolution        tubez4fun.net/download/present.exe
78.129.205.9        ns23.altervista.org        fatto.altervista.org/
78.129.205.88        ns63.altervista.org        joew.altervista.org/index.php?mod=materiale2
78.129.205.9        ns23.altervista.org        www.fatto.altervista.org/
78.129.205.9        ns23.altervista.org        www.fatto.altervista.org/
78.129.205.13        ns24.altervista.org        www.lorenzopravda.altervista.org/
78.129.205.13        ns24.altervista.org        www.lorenzopravda.altervista.org/index.html
78.129.221.11        gateway.simirna.com        brkweb.net/beestdwd
78.129.205.34        ns35.altervista.org        www.swingthing.altervista.org/
78.129.205.96        ns66.altervista.org        cr0j.altervista.org/dark.txt
78.129.205.76        ns57.altervista.org        giacomox.altervista.org/ciccio.txt
78.129.205.96        ns66.altervista.org        cr0j.altervista.org/id1.txt
78.129.205.96        ns66.altervista.org        cr0j.altervista.org/bovsp.txt
78.129.205.31        ns34.altervista.org        bhebhebhe.altervista.org/razor.txt
78.129.205.31        ns34.altervista.org        bhebhebhe.altervista.org/federico.txt
78.129.205.9        ns23.altervista.org        cinemiamo.altervista.org/
78.129.205.17        ns30.altervista.org        dbzmito.altervista.org/index.php
78.129.205.7        ns33.altervista.org        djandreaweb.altervista.org/
78.129.205.72        ns55.altervista.org        eventishoujo.altervista.org/index.php?sl=in_giappone/uscite_manga/archivio/2006/marzo/marzo.htm
78.129.205.15        ns29.altervista.org        frenkdjedanyk.altervista.org/photo28/index.html
78.129.205.2        ns32.altervista.org        graficnika.altervista.org/
78.129.205.40        ns37.altervista.org        hackerpsc.altervista.org/
78.129.205.21        ns25.altervista.org        home.metin2pedia.altervista.org/php5/home/home.php?browser=firefox
78.129.205.29        ns3.altervista.org        immobiliarerosa.altervista.org/cantieri/Nantoexscuole/index.htm
78.129.205.13        ns24.altervista.org        makkot.altervista.org/
78.129.205.13        ns24.altervista.org        makkot.altervista.org/index.htm
78.129.205.25        ns27.altervista.org        marasma74.altervista.org/KINO/-Miscellaneous/index.html
78.129.205.17        ns30.altervista.org        misterhide.altervista.org/elinks/_emulegay/index.html
78.129.205.17        ns30.altervista.org        misterhide.altervista.org/elinks/_emulegay/index2.html
78.129.205.88        ns63.altervista.org        moothunder.altervista.org/home.html
78.129.205.2        ns32.altervista.org        napoorsocapo.altervista.org/home.htm
78.129.205.13        ns24.altervista.org        pauraedeliriomp.altervista.org/
78.129.205.13        ns24.altervista.org        pinkshoujosite.altervista.org/
78.129.205.21        ns25.altervista.org        preda.altervista.org/
78.129.205.50        ns42.altervista.org        shadowdance.altervista.org/
78.129.205.72        ns55.altervista.org        soldier87.altervista.org/menu.htm
78.129.205.96        ns66.altervista.org        dosnetter.altervista.org/par-.txt
78.129.167.135        server135.gnxnetwork.com        spealman.net/go/on/
78.129.205.50        ns42.altervista.org        uggstaff.altervista.org/130609/indexfoto.htm
78.129.205.50        ns42.altervista.org        uggstaff.altervista.org/260507/indexfoto.htm
78.129.205.50        ns42.altervista.org        uggstaff.altervista.org/300509/indexfoto.htm
78.129.205.21        ns25.altervista.org        wantedlist2.altervista.org/
78.129.205.82        ns60.altervista.org        worldmarmalade.altervista.org/
78.129.205.82        ns60.altervista.org        worldmarmalade.altervista.org/home.htm
78.129.205.2        ns32.altervista.org        www.graficnika.altervista.org/
78.129.205.11        ns22.altervista.org        www.kssong.altervista.org/
78.129.166.5        bod5.i0waterford.net        78.129.166.5/~xqz/zw/ldr.exe
78.129.171.49        Failed resolution        78.129.171.49/doc/binor.exe
78.129.247.85        Failed resolution        78.129.247.85/~wwwhi5/images/view.php/image.php
78.129.149.37        backup.black-prophecy.org        black-prophecy.org/bot.exe
78.129.166.166        Failed resolution        security-components.com/promo3/get.php?aid=1361&vname=antivirus
78.129.205.13        ns24.altervista.org        www.pinkshoujosite.altervista.org/
78.129.205.50        ns42.altervista.org        www.uggstaff.altervista.org/020607/indexfoto.htm
78.129.205.50        ns42.altervista.org        www.uggstaff.altervista.org/200609/indexfoto.htm
78.129.205.50        ns42.altervista.org        www.uggstaff.altervista.org/230509/indexfoto.htm
78.129.205.50        ns42.altervista.org        www.uggstaff.altervista.org/280209/indexfoto.htm
78.129.205.50        ns42.altervista.org        www.uggstaff.altervista.org/rocciadisco/index.htm
78.129.205.48        ns41.altervista.org        www.utopia2007.altervista.org/
78.129.166.166        Failed resolution        antispyware-center.com/promo1/get.php
78.129.205.98        ns67.altervista.org        druido12.altervista.org/federico.txt
78.129.205.98        ns67.altervista.org        dig0z.altervista.org/bovsp.txt
78.129.166.178        Failed resolution        scanreporting.com/ping13.php?id=1&mid=qhc15dj0erc1&aid=1&type=2
78.129.166.178        Failed resolution        scanreporting.com/ping13.php?id=0&mid=qhc15dj0erc1&aid=1&type=2
78.129.166.98        bod98.i0waterford.net        securesoftwarebill.com/buy.php
78.129.205.98        ns67.altervista.org        babbudoiu.altervista.org/ciccio.txt
78.129.205.98        ns67.altervista.org        sospendipure.altervista.org/sca/r0x-id.txt
78.129.221.11        gateway.simirna.com        brkweb.net/mmyfi1ms
78.129.205.15        ns29.altervista.org        iffty1.altervista.org
78.129.157.22        Failed resolution        templates.rightconsultant.com
78.129.142.235        Failed resolution        thegimp-full.info/bin/3962/fr/GIFAnimator.exe
78.129.178.133        Failed resolution        a-zme.com/kwdxc/pbzyb/authorized.php
78.129.205.68        ns53.altervista.org        gloverz.altervista.org/id2.txt
78.129.205.68        ns53.altervista.org        gloverz.altervista.org/id1.txt
78.129.205.68        ns53.altervista.org        monzetta.altervista.org/ciccio.txt
78.129.205.76        ns57.altervista.org        sgarufante.altervista.org/razor.txt
78.129.205.104        ns69.altervista.org        fr33z.altervista.org/id2.txt
78.129.205.104        ns69.altervista.org        fr33z.altervista.org/id1.txt
78.129.205.104        ns69.altervista.org        fr33z.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        drogs.altervista.org/x00x/infoz.txt
78.129.205.104        ns69.altervista.org        bring.altervista.org/bovsp.txt
78.129.205.104        ns69.altervista.org        bring.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        bring.altervista.org/id2.txt
78.129.205.104        ns69.altervista.org        bring.altervista.org/id1.txt
78.129.168.231        Failed resolution        dusecurity.com/shells/php/phpshell.txt
78.129.205.104        ns69.altervista.org        tr1p.altervista.org/id2.txt
78.129.205.104        ns69.altervista.org        tr1p.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        tr1p.altervista.org/id1.txt
78.129.205.104        ns69.altervista.org        c0c4.altervista.org/bovsp.txt
78.129.205.104        ns69.altervista.org        c0c4.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        c0c4.altervista.org/id2.txt
78.129.205.104        ns69.altervista.org        c0c4.altervista.org/id1.txt
78.129.205.104        ns69.altervista.org        pr0m0.altervista.org/bovsp.txt
78.129.205.104        ns69.altervista.org        pr0m0.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        pr0m0.altervista.org/id2.txt
78.129.205.104        ns69.altervista.org        pr0m0.altervista.org/id1.txt
78.129.166.98        bod98.i0waterford.net        system-tuner.net/downloadsetup.php
78.129.244.73                
                
                
Failed resolution                
                
                
clicks.totemcash.com        clicks.totemcash.com/?s=32857&p=21&pp=1        
78.129.178.202        server.centralservers.net        oilinvestconf.com/images/statement.exe
78.129.178.202        server.centralservers.net        signin.ebay.com.ws.ebayisapi.dll.ayvqppabvalabimvxkohzd.oilinvestconf.com/images/statement.exe
78.129.205.106        ns70.altervista.org        v2k1.altervista.org/pw.txt
78.129.205.106        ns70.altervista.org        v2k1.altervista.org/id2.txt
78.129.205.106        ns70.altervista.org        v2k1.altervista.org/dark.txt
78.129.205.106        ns70.altervista.org        v2k1.altervista.org/id1.txt
78.129.205.76        ns57.altervista.org        v1k1.altervista.org/id2.txt
78.129.205.76        ns57.altervista.org        v1k1.altervista.org/dark.txt
78.129.205.76        ns57.altervista.org        v1k1.altervista.org/id1.txt
78.129.205.68        ns53.altervista.org        vik9.altervista.org/bovsp.txt
78.129.205.68        ns53.altervista.org        vik9.altervista.org/id2.txt
78.129.205.68        ns53.altervista.org        vik9.altervista.org/dark.txt
78.129.205.68        ns53.altervista.org        vik9.altervista.org/id1.txt
78.129.205.68        ns53.altervista.org        vik8.altervista.org/id1.txt
78.129.205.68        ns53.altervista.org        vik8.altervista.org/pw.txt
78.129.205.68        ns53.altervista.org        vik8.altervista.org/id2.txt
78.129.205.68        ns53.altervista.org        vik8.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        vik6.altervista.org/bovsp.txt
78.129.205.104        ns69.altervista.org        marchetto43.altervista.org/federico.txt
78.129.205.104        ns69.altervista.org        vik6.altervista.org/id1.txt
78.129.205.104        ns69.altervista.org        vik6.altervista.org/id2.txt
78.129.205.104        ns69.altervista.org        vik6.altervista.org/dark.txt
78.129.205.104        ns69.altervista.org        vik6.altervista.org/echos.txt
78.129.205.96        ns66.altervista.org        vik5.altervista.org/id2.txt
78.129.205.96        ns66.altervista.org        vik5.altervista.org/dark.txt
78.129.205.96        ns66.altervista.org        vik5.altervista.org/id1.txt
78.129.205.104        ns69.altervista.org        luchetto45.altervista.org/federico.txt
78.129.139.185        server.harshainfotech.com        sigc.edu/ig/MBA_Complaince_report.my_doc.php
78.129.205.54        ns45.altervista.org        br1973.altervista.org/power4/small/down7.htm
78.129.166.176        Failed resolution        anysetupreports.com/go.php?afid=2473
78.129.166.176        Failed resolution        online-anti-malware-scanner.com/go.php?afid=2473
78.129.166.177        Failed resolution        online-bestfree-virus-scanner.com/go.php?afid=2473
78.129.166.179        Failed resolution        readyoutube.com/go.php?afid=2473
78.129.242.140        uk36.sayfa.net        salihlimousine.com/looks4/another/kind55.html
78.129.242.140        uk36.sayfa.net        salihlimousine.com/looks4/another/science30.html
78.129.166.178        Failed resolution        scanreporting.com/go.php?afid=2473
78.129.146.102        uk60.sayfa.net        yesilcam.gen.tr/even96/history/hard62.htm
78.129.146.102        uk60.sayfa.net        yesilcam.gen.tr/even96/history/view16.htm
78.129.146.102        uk60.sayfa.net        yesilcam.gen.tr/near25/just/found62.htm
78.129.146.102        uk60.sayfa.net        yesilcam.gen.tr/near25/just/upon12.htm
78.129.166.98        bod98.i0waterford.net        spyremoveronline.com/download.php
87.117.200.128        server.standupserver.com        freebingovouchers.co.uk/
78.129.205.27        ns31.altervista.org        passovizze1978.altervista.org
78.129.166.141        Failed resolution        activelayersecurity.cn/buy.php?id=139&subid=1
78.129.166.141        Failed resolution        78.129.166.141/malw.db
78.129.166.141        Failed resolution        78.129.166.141/buy.php?id=139&subid=1
78.129.166.141        Failed resolution        78.129.166.141/antimalware.exe
78.129.166.141        Failed resolution        78.129.166.141/uninstall.exe
78.129.166.141        Failed resolution        activelayersecurity.cn/antimalware.exe
78.129.166.141        Failed resolution        activelayersecurity.cn/uninstall.exe
78.129.205.96        ns66.altervista.org        sheridansfaces.altervista.org/965/?go
78.129.139.185        server.harshainfotech.com        imayamcollege.org/images/styles.php
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        security-utility.net/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        security-utility.net/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        security-utility.net/downloader.php?affid=92800
78.129.205.21        ns25.altervista.org        pesforlife.altervista.org/language/it/email/_images/lesbian-esthetique-salon/index.html
78.129.205.21        ns25.altervista.org        pesforlife.altervista.org/language/it/email/_images/lesbian-esthetique-salon/map.html
78.129.166.11        bod11.i0waterford.net        newsecuritytools.net/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        newsecuritytools.net/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        newsecuritytools.net/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitytoolstool.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitytoolstool.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitytoolstool.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        packagebusiness.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        packagebusiness.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        packagebusiness.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        createfinancialstability.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        createfinancialstability.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        createfinancialstability.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        createfinancialstability.com/downloader.php
78.129.166.11        bod11.i0waterford.net        createfinancialstability.com/hitin.php?land=20&affid=92300
78.129.166.11        bod11.i0waterford.net        essentialhealthpartners.com/hitin.php?land=20&affid=92300
78.129.166.11        bod11.i0waterford.net        createfinancialstability.com/hitin.php?land%253D20&affid%253D91107
78.129.166.11        bod11.i0waterford.net        packagebusiness.com/hitin.php
78.129.166.11        bod11.i0waterford.net        scanserviceworld.com/hitin.php?land%253D20
78.129.166.11        bod11.i0waterford.net        scanserviceworld.com/hitin.php?land=20&affid=92300
78.129.166.11        bod11.i0waterford.net        securitytoolstool.com/downloader.php?affid=91107
83.142.226.125        lion.base360.com        mirror01.x264.nl/x264/64bit/revision1342/x264.exe
78.129.139.185        server.harshainfotech.com        envirodesal.com
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/downloader.php?affid=92400
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/hitin.php
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/hitin.php?land=20&affid=92400
78.129.166.11        bod11.i0waterford.net        pcmedicalbilling.com/downloader.php
78.129.166.11        bod11.i0waterford.net        pcmedicalbilling.com/hitin.php?land=20&affid=92400
78.129.166.11        bod11.i0waterford.net        security-utility.net/hitin.php?land=20&affid=92400
78.129.166.11        bod11.i0waterford.net        securitytoolsclick.net/hitin.php?land=20&affid=92400
78.129.166.11        bod11.i0waterford.net        securitytoolsclick.net/index.php?affid=90400
78.129.166.11        bod11.i0waterford.net        newsecuritytools.net/hitin.php?land=20&affid=92400
78.129.166.11        bod11.i0waterford.net        securitytoolsclick.net:80/hitin.php?land=20&affid=92600
78.129.166.175        Failed resolution        78.129.166.175/go.php
78.129.166.176        Failed resolution        78.129.166.176/go.php
78.129.166.177        Failed resolution        78.129.166.177/go.php
78.129.166.178        Failed resolution        78.129.166.178/go.php
78.129.166.179        Failed resolution        78.129.166.179/go.php
78.129.166.180        Failed resolution        78.129.166.180/go.php
78.129.166.177        Failed resolution        free-girls-xxx.net/go.php
78.129.166.11        bod11.i0waterford.net        securitytoolblog.net/hitin.php?land=20&affid=92300
78.129.166.11        bod11.i0waterford.net        securitytoolstool.com/hitin.php?land=20&affid=92300
78.129.142.9        Failed resolution        www.div-x.ws/it/install_DivXInstaller.exe
78.129.166.11        bod11.i0waterford.net        countymove.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        countymove.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        countymove.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        essentialhealthpartners.com/downloader.php
78.129.166.11        bod11.i0waterford.net        packagebusiness.com/hitin.php?land=20&affid=92300
78.129.166.11        bod11.i0waterford.net        securitysoftcore.com
78.129.166.11        bod11.i0waterford.net        securitysoftcore.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitytoolnow.com/downloader.php?affid=91109
78.129.166.11        bod11.i0waterford.net        securitytoolstool.com
78.129.166.11        bod11.i0waterford.net        www.securitysoftcore.com/hitin.php?land=20&affid=92300
78.129.166.11        bod11.i0waterford.net        yourlegalprotection.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        yourlegalprotection.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        yourlegalprotection.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        securitysoftdrink.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        securitysoftdrink.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        securitysoftdrink.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        antivirussoftadult.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        antivirussoftadult.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        antivirussoftadult.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        theantyspywaretool.com/index.php?affid=92800
78.129.166.11        bod11.i0waterford.net        theantyspywaretool.com/downloader.php?affid=92800
78.129.166.11        bod11.i0waterford.net        theantyspywaretool.com/hitin.php?land=20&affid=92800
78.129.166.11        bod11.i0waterford.net        www.securitysoftcore.com/index.php?affid=00000
78.129.166.11        bod11.i0waterford.net        www.securitysoftcore.com/downloader.php?affid=00000
78.129.205.23        ns26.altervista.org        svn.altervista.org/477/?go
78.129.142.235        Failed resolution        aircrack-es.com/bin/7046/es/aircrack-ng-0.9.3-win.exe
78.129.205.54        ns45.altervista.org        pinomusik.altervista.org/
78.129.166.143        Failed resolution        activesecurityguard.cn/antimalware.exe


Here we see everything from RFI's, to fake AV's (these are the most common sighting within the RapidSwitch networks) and a spot of Koobface (e.g. svn.altervista.org/477, which as of a check a couple seconds ago, appears to have been cleaned up), with exploits such as those at pinomusik.altervista.org (see Wepawet results for details), thrown in for good measure.

I'm afraid, given this behaviour is continuing, and is in some measures, getting worse on the RS network, I believe it's safe to say RapidSwitch quite simply don't care. They ARE aware of the malicious traffic within their networks. How do I know? Well for starters, I'm not the only one to try and report it to them, and actually have them do something (I tried back in 2008, which was a complete waste of time, and have reported malicious content to them since then, with absolutely no reply (though given they blocked e-mail from me getting through to them (or so they claimed), I'm not really surprised)).

I do wonder however, how exactly they're explaining themselves to the legit customers they do actually have, and to their shareholders and whatnot (though given shareholders typically only care about profit, I doubt they care either). I suspect it's along the lines of "we're a large ISP and can't possible know about everything, and don't have access to customers servers, and ..... and ..... ", aka: excuses.

For those interested, you'll also find malicious content within the RapidSwitch networks, documented at;

MalwareURL
http://www.malwareurl.com/search.php?domain=&s=AS29131&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on

MalwareDomainList
http://www.malwaredomainlist.com/mdl.php?search=29131&colsearch=All&quantity=50

Clean-MX
http://support.clean-mx.de/clean-mx/viruses.php?as=AS29131
http://support.clean-mx.de/clean-mx/phishing.php?as=AS29131

Until such time as RapidSwitch die a horrible death, or boot all of their current management/staff and hire people that actually care about more than profit, I'm personally continuing to blackhole their entire ranges, and strongly urge everyone else do the same (to those legit customers unfortunate enough to be hosted with RapidSwitch - MOVE ELSEWHERE!!!).

No comments: