Home Internet Users Website Owners Software Producers Press Blog

What We Learned at ThePlanet (AS21844)

Posted by Oliver Day Tue, 06 Jul 2010 16:04:05 GMT

After months of looking into the infections of AS21844 (ThePlanet) we've decided to wrap up our investigations for now.  We have learned quite a bit from our communications with customers at ThePlanet.  While no one from ThePlanet has spoken with us officially we have learned that they possess a direct feed of infected URLs from Google.  This means that large customers of ThePlanet, such as HostGator, should have the ability to learn of infections directly from their provider.  Also partners such as Skenzo should be able to use the same list to purge previously infected, and now abandoned, domains from their monetization framework.  

For those of you that look at our Top 50 Infected Networks you'll notice that ThePlanet is still at the top.  There really should be an asterisk up there since some of those infections shouldn't be counted.  In particular the Skenzo related infections aren't actually a threat but are still listed due to a policy decision by the Safe Browsing team (which you can read about in a previous blog post).  The best solution for now is to get this list to Skenzo so they can remove it from their framework.  I am preparing this list for Skenzo right now but eventually, I hope, ThePlanet will provide it for them.  To add some transparency to our research I'll paste the top infected org names as reported by ThePlanet's RWhois server:

 

WebsiteWelcome 7909
Skenzo FZE 2838
Unidentified 683
Site5 LLC 430
Bahram Boutorabi 192
SiteGround.com Inc. 171
webserver-a-rackshack.directi.com 166
Mochanin Corp 136
maktoob.com 119
server sea 115
Payam Torkian 115
Our Internet_ Inc 112

 

Don't forget that some of the 7,909 infections listed as HostGator (WebsiteWelcome is the org name used by HostGator) are duplicates.  Our hosting providers tend to include multiple pages (and/or directories) per website host so these numbers require additional explanation.  If one were to sort the infections by unique domains alone the count would be noticeably less.  Applying some command line fu to one of the data files shows us the repetition is not nearly as high as it used to be.   Only four domains are repeated more than 10 times.

 

count domain
10 vadakarapally.org
12 attorney2traffic.org
16 e-sense.tv
17 niftysensex.com    


HostGator has roughly 7,563 unique infected domains according to our last count and ThePlanet has 20,298 unique infected domains with their true number likely around 17,000 (adjusting for Skenzo).  Where does that put ThePlanet in the context of our top 50 infected networks?  Exactly where they are now actually. The next closest network is GoDaddy's AS26496 with 11,576 infections.

Comments

Leave a response

    		(leave url/email »)

       Preview comment
     
    [© 2010] [Contact Us] [Privacy Policy]
    Home Internet Users Website Owners Software Producers Press Blog