Dynamoo's Blog: Asprox: new domains

Wednesday, 15 October 2008

Asprox: new domains

After being stable for some time, the Asprox SQL injection hacks are now redirecting through a new bunch of .ru domains.

30area.ru
4log-in.ru
53refer.ru
chk06.ru
driver95.ru
errghr.ru
netcfg9.ru
sitevgb.ru
vrelel.ru

WHOIS details are:

domain: ERRGHR.RU
type: CORPORATE
nserver: ns2.errghr.ru. 68.6.180.109
nserver: ns3.errghr.ru. 68.12.194.192
nserver: ns1.errghr.ru. 199.126.149.144
state: REGISTERED, DELEGATED
person: Private Person
phone: +7 772 7727727
fax-no: +7 772 7727727
e-mail: retyi111@yahoo.com
registrar: NAUNET-REG-RIPN
created: 2008.10.09
paid-till: 2009.10.09
source: TC-RIPN

retyi111@yahoo.com has been used before for these domains and various other nasties. As usual, block these domains and/or check your logs for them.

No comments:

Subscribe to: Post Comments (Atom)