All the sites are hijacked subdomains of legitimate domains, a peculiar mix of pornography and Dora the Explorer. Domains in use are:
e-meskiesprawy24.com.pl
dora-explorer.co.uk
adultvideoz.net
alsancakescort.org
anadoluyakasiescort.asia
To give credit to the owners of dora-explorer.co.uk, they have spotted that something is wrong, although it looks like the nameservers of their webhost (eu1.downtownhost.com and eu2.downtownhost.com) are improperly secured.
A full list of all the subdomains I can find is here [pastebin] but I would recommend applying a temporary block to these domains until the webhost secures them, although the most effective way of securing your network is to permablock 188.120.198.1.
Recommended blocklist:
188.120.198.1
adultvideoz.net
alsancakescort.org
anadoluyakasiescort.asia
UPDATE: It definitely appears that downtownhost.com have not secured their nameservers as a few more customer sites are being abused in this way. It appears that the attackers are going through downtownhost.com's customers in alphabetical order. For example, the following subdomain are in use:
dfmgjne934eod8khquq1axg.elluse.com
280pfzhnb4usz3hajazvtlw.eaila.com
zefh96abfex1r32md0jdh7p.e-oman.me
Additional sites to block:
UPDATE 2: it looks like downtownhost.com have fixed the problem. These recently-flagged domains can now be considered to be safe.
4-cheap.co.uk
aandelenblog.be
apteka-erekcja.pl
arcadehaven.co.uk
bewegwijzeringborden.nl
bitfrog.co.uk
carpediemcosmetics.de
cewh-cesf.ca
charlie-lola.co.uk
check-email.org
cialis25.pl
cialis25.pl
clashofclanshackdownload.com
deepfryershop.co.uk
designwonen.be
dora-explorer.co.uk
eaila.com
elluse.com
e-meskiesprawy24.com.pl
e-meskiesprawy24.pl
e-oman.me
2 comments:
Who are you and when and how did you contacted us to say that we don't even bothered in answer your reports?
@Jorge.
Support ticket #AAL-177-19100.
Thanks
Post a Comment