Looks like HostNOC/Burst, finally pulled their finger out. Over the past 24 hours, they've now moved to a bulletproof host (193.105.171.70, AS50669 COOLVDS-as FOP Kutcevol Maksum Mukolaevich). If you've not already, you may want to consider blackholing the following;
91.218.120.0/22
193.105.171.0/24
Registrars used haven't changed, still using DirectI resellers, DomainContext and UK2. Thankfully, DirectI are continuing to nuke the domains as soon as they're identified, aswell as all related domains and their accounts, saving us a world of time. The same cannot be said for UK2, who are still refusing to take action, or DomainContext, who to date - have failed to so much as respond.
References
Part 5: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish.html
Part 4: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-4-interserver-malware-and-scottish.html
Part 3: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-3-interserver-malware-and-scottish.html
Part 2: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-2-interserver-malware-and-scottish.html
Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/interserver-malware-and-scottish.html
Tuesday, 28 June 2011
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment