They say, if you don't like the Scottish weather, wait 20 mins. That's all I've got on that one.
In the last few weeks alone, 2 specific IPs have racked up a count of over 2000 malicious domains, most through just a handful of registrars (all those through DirectI have been suspended within around 20 mins on average, of being discovered, with DirectI suspending several thousand more related domains and several hundred entire accounts).
The latest domain, dablane.com, identified around 15 mins ago, is through a new registrar (or new to this campaign anyway), REGISTERDOMAIN.NAME, which appears to be a NETEARTH reseller.
The two IPs, 18.104.22.168 [reverse243-34.reserver.ru] and 22.214.171.124 [reverse243-34.reserver.ru], have since May 22nd, racked up the following, with likely alot more not yet being identified;
I phoned Interserver a few mins ago, having gotten tired of trying to e-mail them. The person I spoke to rather unhelpfully told me there was nothing he could do, he wasn't authorized to look at the issue (despite being part of the Interserver NOC), take information, put me onto a supervisor/manager (having also told me there was no supervisor or manager available, then changing his mind to tell me one was available but he wasn't authorized to put me onto them, then telling me they weren't able to access anything to check them). Finally, growing very impatient, I gave him my contact info and asked him to get a manager/supervisor to contact me. We'll see how that turns out (I'm not hopeful at this point).
Malwarebytes AntiMalware users will be happy to know, I've already got these IPs covered, and hpHosts users will be happy to know, those domains that are with registrars that haven't responded, are blocked by hpHosts.
Those following this campaign, will note, these were previously housed at HostNOC IP space, an ISP that finally booted the customer (albeit took them from 2009-2011 to do it). The list, inclusive of a few other unrelated items includes;
Dear bad guys ....