After months of looking into the infections of AS21844 (ThePlanet) we've decided to wrap up our investigations for now. We have learned quite a bit from our communications with customers at ThePlanet. While no one from ThePlanet has spoken with us officially we have learned that they possess a direct feed of infected URLs from Google. This means that large customers of ThePlanet, such as HostGator, should have the ability to learn of infections directly from their provider. Also partners such as Skenzo should be able to use the same list to purge previously infected, and now abandoned, domains from their monetization framework.
For those of you that look at our Top 50 Infected Networks you'll notice that ThePlanet is still at the top. There really should be an asterisk up there since some of those infections shouldn't be counted. In particular the Skenzo related infections aren't actually a threat but are still listed due to a policy decision by the Safe Browsing team (which you can read about in a
previous blog post). The best solution for now is to get this list to Skenzo so they can remove it from their framework. I am preparing this list for Skenzo right now but eventually, I hope, ThePlanet will provide it for them. To add some transparency to our research I'll paste the top infected org names as reported by ThePlanet's RWhois server:
|
WebsiteWelcome |
7909 |
|
Skenzo FZE |
2838 |
|
Unidentified |
683 |
|
Site5 LLC |
430 |
|
Bahram Boutorabi |
192 |
|
SiteGround.com Inc. |
171 |
|
webserver-a-rackshack.directi.com |
166 |
|
Mochanin Corp |
136 |
|
maktoob.com |
119 |
|
server sea |
115 |
|
Payam Torkian |
115 |
|
Our Internet_ Inc |
112 |
Don't forget that some of the 7,909 infections listed as HostGator (WebsiteWelcome is the org name used by HostGator) are duplicates. Our hosting providers tend to include multiple pages (and/or directories) per website host so these numbers require additional explanation. If one were to sort the infections by unique domains alone the count would be noticeably less. Applying some command line fu to one of the data files shows us the repetition is not nearly as high as it used to be. Only four domains are repeated more than 10 times.
|
count |
domain |
|
10 |
vadakarapally.org |
|
12 |
attorney2traffic.org |
|
16 |
e-sense.tv |
|
17 |
niftysensex.com |
HostGator has roughly 7,563 unique infected domains according to our last count and ThePlanet has 20,298 unique infected domains with their true number likely around 17,000 (adjusting for Skenzo). Where does that put ThePlanet in the context of our top 50 infected networks? Exactly where they are now actually. The next closest network is GoDaddy's AS26496 with 11,576 infections.
This entry was posted in Uncategorized and tagged
as21844,
research,
theplanet,
webidemiology. Bookmark the
permalink.
