There are a bunch of domains on 91.230.147.204 being used in injection attacks..entra78ting1.rr.nu
kickp43erryba.rr.nu
ngem44entca.rr.nu
ecei45veda.rr.nu
pingyo18ungmea.rr.nu
lls83sea.rr.nu
ipsre94marka.rr.nu
ownsca11ncerdra.rr.nu
ipme54ntsa.rr.nu
pora96tionb.rr.nu
rhol48dingc.rr.nu
anyco35mmunic.rr.nu
ddispl59ayingad.rr.nu
duni54xdled.rr.nu
ate62bid.rr.nu
losin31gsind.rr.nu
eted47place.rr.nu
stem59lice.rr.nu
ense21sgene.rr.nu
prepa36repre.rr.nu
sbrill22iantte.rr.nu
repres92enteve.rr.nu
stiga68tedef.rr.nu
taxv93italf.rr.nu
ivisi07onbeg.rr.nu
les23leg.rr.nu
citati35onpreg.rr.nu
who97mhig.rr.nu
nit25ionh.rr.nu
long63edhi.rr.nu
gypt73iani.rr.nu
unde52sbank.rr.nu
tank95ersfl.rr.nu
supe54radol.rr.nu
opria79teprol.rr.nu
egulat49ionspl.rr.nu
partia68llyearl.rr.nu
asketb75allmul.rr.nu
ent69aryl.rr.nu
sswhyp63rogramm.rr.nu
otin51gform.rr.nu
tern37etban.rr.nu
asi59ain.rr.nu
conce87ptfin.rr.nu
ing85erin.rr.nu
sadjus10tmentin.rr.nu
yworld22widecon.rr.nu
mpti08ngcon.rr.nu
tril70lion.rr.nu
ini66ngco.rr.nu
meant86lakefo.rr.nu
epopu02latio.rr.nu
ieved92lebano.rr.nu
egis13lato.rr.nu
esa70cto.rr.nu
urdr08eamp.rr.nu
anie49sdar.rr.nu
rical10ibrar.rr.nu
ngnyb99omber.rr.nu
tlongt08ermwer.rr.nu
ggest37power.rr.nu
rswa90rbur.rr.nu
ari90ores.rr.nu
rece69ives.rr.nu
ment54leaks.rr.nu
earal02ltwos.rr.nu
tsp15ers.rr.nu
speakf56eelingt.rr.nu
iesst77atepot.rr.nu
hurric76anereu.rr.nu
elba98nkru.rr.nu
greedc57upelev.rr.nu
duc15edov.rr.nu
ens62how.rr.nu
dustry52dontow.rr.nu
nta17ctex.rr.nu
kelly44array.rr.nu
ns1.hoperjoper.ru
ns2.hoperjoper.ru
This is a dodgy looking /24 allocated to:
inetnum: 91.230.147.0 - 91.230.147.255
netname: zuzu-net
descr: OOO "Aldevir Invest"
country: RU
org: ORG-OI19-RIPE
admin-c: KY241-RIPE
tech-c: KY241-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: zuzu-mnt
mnt-routes: zuzu-mnt
mnt-domains: zuzu-mnt
source: RIPE # Filtered
organisation: ORG-OI19-RIPE
org-name: OOO "Aldevir Invest"
org-type: other
address: 192012, St.-Petersburg, Chernova ul., 25, office 12
mnt-ref: zuzu-mnt
mnt-by: zuzu-mnt
source: RIPE # Filtered
person: Krutko Evgeni Yurevich
address: 192012, St.-Petersburg, Chernova ul., 25, office 12
phone: +7812850202
nic-hdl: KY241-RIPE
mnt-by: zuzu-mnt
source: RIPE # Filtered
route: 91.230.147.0/24
descr: Route for DC
origin: AS5508
mnt-by: zuzu-mnt
source: RIPE # Filtered
netname: zuzu-net
descr: OOO "Aldevir Invest"
country: RU
org: ORG-OI19-RIPE
admin-c: KY241-RIPE
tech-c: KY241-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: zuzu-mnt
mnt-routes: zuzu-mnt
mnt-domains: zuzu-mnt
source: RIPE # Filtered
organisation: ORG-OI19-RIPE
org-name: OOO "Aldevir Invest"
org-type: other
address: 192012, St.-Petersburg, Chernova ul., 25, office 12
mnt-ref: zuzu-mnt
mnt-by: zuzu-mnt
source: RIPE # Filtered
person: Krutko Evgeni Yurevich
address: 192012, St.-Petersburg, Chernova ul., 25, office 12
phone: +7812850202
nic-hdl: KY241-RIPE
mnt-by: zuzu-mnt
source: RIPE # Filtered
route: 91.230.147.0/24
descr: Route for DC
origin: AS5508
mnt-by: zuzu-mnt
source: RIPE # Filtered
Some of these domains were previously hosted on Specialist ISP, one of the blackest hat hosting providers that I know of. I would suggest blocking the entire /24 on this to be on the safe side.
For info, the following sites are also in that /24 block:
kleostor.com
prillipapa.biz
prillipapa.com
prillipapa.info
prillipapa.net
prillipapa.org
zeraniko.biz
zeraniko.com
zeraniko.info
zeraniko.net
zeraniko.org
zex-tezx.com
argobuilding.in
mybackdomain888.in
besthostnets.com
firstnethosting.com
highesthostnets.com
tophostnetworks.org
lockandkeyeventsparty.com
thisdomainsmakemetired.info
hashs.ru
allyrboom.com
trisstan-express.org
tropicana-tour.org
No comments:
Post a Comment