Blog for hpHosts, and whatever else I feel like writing about ....

Monday 24 December 2012

Happy Christmas!

Just a little note to say happy christmas ladies and gents.

Whilst things have been going rather hayward of late (blueray/DVD player died around 30 mins ago - bleedin typical), there have been some rather fantastic things of note - first of which, the hpHosts historical records, expected to hit 8 million records by the end of the year, actually past 8 million late last night (24th), very unexpected. No idea why that brings a smile to me, as it's rather insignificantly small in the grand scheme of DNS records, but it does.

I'm also happy to note, I finally got somewhere (well kind of), with Serverius, and the fake AV gang that decided to use abuzam.net VPS's to house their fake AV scanner and payload servers. Sadly, as is usually the case, they've just moved to another IP on the same /24 (though this has led me to launch an expanded investigation, to cover Abuzam.net themselves). The latest of the IPs is 46.249.42.168, and currently known to house;

stelspendingswow.name
stalkersniwse.com
siteswillsrockf.com
stalkersniwdesignsoutheast.com
adminerbizd.info
moniretsstates.info
bulkfillsdros.info
stelspendingswow.info
monicats5b.net
siteswillsrockf.net
domainswillsrockf.net
audiodevelop.net
organizationmeens.net
bisyregsmoors.net
libstringnets.net
finderpolicy.net
coderresidential.net
domains-winggge.com

Although some of the registrars these are through (namely, 0101 Internet Inc, TIERRANET INC/DOMAINDISCOVER), are proving to be extremely difficult to reach, others, such as DirectI (also dealing with abuse cases for BigRock/Public Domain Registry (PDR)), are as usual, fantastic and taking domains down extremely quickly.

The same can't be said for the likes of Moniker, NameCheap, eNom et al (aka the usual suspects), with moniker recently disabling their abuse@ address, eNom simply ignoring abuse reports, and as usual, NameCheap point blankly refusing to deal with abuse cases (still using the "we're not responsible" excuse).

It's not all bad though, the FoxxySoftware gang, one of a number responsible for Java drive-by's, are still woefully inept at producing a decent drive-by, which means it's still stupidly simple to both identify, and decode the drive-by's scripts etc, and more recently, I've been extremely successful in taking down a plethora of credit card etc fraud sites, and those they've been housing them through (e.g. hackersworld.bz, weblinkerpk.com), not all of this is down to me, a huge help in this, has been the hosts and registrars the domains have been both registered through, and hosted at (though SoftCom, the initial host, did take an awfully long time to both reach, and then action the reports).

I'm rambling again now though (big surprise there - I keep doing that), so will wrap this up and simply say thank you to all of you!

No comments: