Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 4 June 2010

Update 3: Malware, scams and RedStation (AS35662, 81.94.192.0/20)

Re-checking the list of domains previously mentioned, shows they're on the move to a new range. This time owned by known crimeware friendly ISP, ROOT SA (aka Root eSolutions, AS5577 212.117.160.0/19, AS44042). The new IP is 212.117.169.106.

There's only a handful resolving to the new IP at the time of writing, so presumably the rest are awaiting DNS propagation.

http://temp.it-mate.co.uk/hpObserver_results_-_Redstation-04062010.html

References:

WARNING: Malware, scams and RedStation (AS35662, 81.94.192.0/20)
http://hphosts.blogspot.com/2010/05/warning-malware-scams-and-redstation.html

Legitimate Software Typosquatted in SMS Micro-Payment Scam
http://ddanchev.blogspot.com/2009/07/legitimate-software-typosquatted-in-sms.html

Crimeware friendly ISPs: root eSolutions
http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-root-esolutions.html

hpHosts blog
http://hphosts.blogspot.com/search?q=root+esolutions

No comments: