Thousands of sites are currently being hit by an injection attack pointing to dfrgcc.com/ur.php a domain registered to someone using the infamous hotmailbox.com domain for email.
JamesNorthone
James Northone [email protected]
+1.5168222749 fax: +1.5168222749
128 Lynn Court
Plainview NY 11803
us
The site is hosted on 188.229.88.103 which is the equally infamous Netserv Consult SRL in Romania. 188.229.88.103 hosts the following sites:
bookfula.com
bookgusa.com
bookmonn.com
bookmono.com
booknunu.com
bookvila.com
bookzula.com
dfrgcc.com
file-dl.com
xxxtubes8.com
These domains are pretty familiar, having previously been hosted in Lithuania. This marks them out as the same people behind the infamous LizaMoon attack.
Netserv Consult SRL host a wide variety of bad sites. Blocking 188.229.0.0/17 (188.229.0.0 – 188.229.127.255) will probably do you no harm.
Leave a reply
