There are a bunch of domains on 91.230.147.204 being used in injection attacks..
entra78ting1.rr.nu
kickp43erryba.rr.nu
ngem44entca.rr.nu
ecei45veda.rr.nu
pingyo18ungmea.rr.nu
lls83sea.rr.nu
ipsre94marka.rr.nu
ownsca11ncerdra.rr.nu
ipme54ntsa.rr.nu
pora96tionb.rr.nu
rhol48dingc.rr.nu
anyco35mmunic.rr.nu
ddispl59ayingad.rr.nu
duni54xdled.rr.nu
ate62bid.rr.nu
losin31gsind.rr.nu
eted47place.rr.nu
stem59lice.rr.nu
ense21sgene.rr.nu
prepa36repre.rr.nu
sbrill22iantte.rr.nu
repres92enteve.rr.nu
stiga68tedef.rr.nu
taxv93italf.rr.nu
ivisi07onbeg.rr.nu
les23leg.rr.nu
citati35onpreg.rr.nu
who97mhig.rr.nu
nit25ionh.rr.nu
long63edhi.rr.nu
gypt73iani.rr.nu
unde52sbank.rr.nu
tank95ersfl.rr.nu
supe54radol.rr.nu
opria79teprol.rr.nu
egulat49ionspl.rr.nu
partia68llyearl.rr.nu
asketb75allmul.rr.nu
ent69aryl.rr.nu
sswhyp63rogramm.rr.nu
otin51gform.rr.nu
tern37etban.rr.nu
asi59ain.rr.nu
conce87ptfin.rr.nu
ing85erin.rr.nu
sadjus10tmentin.rr.nu
yworld22widecon.rr.nu
mpti08ngcon.rr.nu
tril70lion.rr.nu
ini66ngco.rr.nu
meant86lakefo.rr.nu
epopu02latio.rr.nu
ieved92lebano.rr.nu
egis13lato.rr.nu
esa70cto.rr.nu
urdr08eamp.rr.nu
anie49sdar.rr.nu
rical10ibrar.rr.nu
ngnyb99omber.rr.nu
tlongt08ermwer.rr.nu
ggest37power.rr.nu
rswa90rbur.rr.nu
ari90ores.rr.nu
rece69ives.rr.nu
ment54leaks.rr.nu
earal02ltwos.rr.nu
tsp15ers.rr.nu
speakf56eelingt.rr.nu
iesst77atepot.rr.nu
hurric76anereu.rr.nu
elba98nkru.rr.nu
greedc57upelev.rr.nu
duc15edov.rr.nu
ens62how.rr.nu
dustry52dontow.rr.nu
nta17ctex.rr.nu
kelly44array.rr.nu
ns1.hoperjoper.ru
ns2.hoperjoper.ru
This is a dodgy looking /24 allocated to:
inetnum: 91.230.147.0 – 91.230.147.255
netname: zuzu-net
descr: OOO “Aldevir Invest”
country: RU
org: ORG-OI19-RIPE
admin-c: KY241-RIPE
tech-c: KY241-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: zuzu-mnt
mnt-routes: zuzu-mnt
mnt-domains: zuzu-mnt
source: RIPE # Filtered
organisation: ORG-OI19-RIPE
org-name: OOO “Aldevir Invest”
org-type: other
address: 192012, St.-Petersburg, Chernova ul., 25, office 12
mnt-ref: zuzu-mnt
mnt-by: zuzu-mnt
source: RIPE # Filtered
person: Krutko Evgeni Yurevich
address: 192012, St.-Petersburg, Chernova ul., 25, office 12
phone: +7812850202
nic-hdl: KY241-RIPE
mnt-by: zuzu-mnt
source: RIPE # Filtered
route: 91.230.147.0/24
descr: Route for DC
origin: AS5508
mnt-by: zuzu-mnt
source: RIPE # Filtered
Some of these domains were previously hosted on Specialist ISP, one of the blackest hat hosting providers that I know of. I would suggest blocking the entire /24 on this to be on the safe side.
For info, the following sites are also in that /24 block:
kleostor.com |
prillipapa.biz |
prillipapa.com |
prillipapa.info |
prillipapa.net |
prillipapa.org |
zeraniko.biz |
zeraniko.com |
zeraniko.info |
zeraniko.net |
zeraniko.org |
zex-tezx.com |
argobuilding.in |
mybackdomain888.in |
besthostnets.com |
firstnethosting.com |
highesthostnets.com |
tophostnetworks.org |
lockandkeyeventsparty.com |
thisdomainsmakemetired.info |
hashs.ru |
allyrboom.com |
trisstan-express.org |
tropicana-tour.org |
Leave a reply