http://vurl.mysteryfcm.co.uk/?url=133808
Even worse however, is that it doesn't appear this is limited to just the one site. Checking other sites on the same IP block, shows the same injected code, for example;
www.gielle.org
http://vurl.mysteryfcm.co.uk/?url=133809
www.nicoli.com
http://vurl.mysteryfcm.co.uk/?url=133813
www.srlsistema.it
http://vurl.mysteryfcm.co.uk/?url=133814
The following is a list of sites on the same IP block (194.242.61.128).
www.gielle.org
www.fratres-brozzi.org
www.sagisrl.org
www.ceispt.org
www.cartotecnicadelgarda.com
www.centralboxitalia.com
www.tecno-weld.com
www.proteoediservice.com
www.piramideverde.com
www.orientalcaffe.com
www.2emmeforniture.com
www.nicoli.com
www.zaiti.com
www.giannicasti.com
www.edil-sistem.com
orodesign.com
www.orodesign.com
www.deborahligorio.com
www.marcomodernariato.com
www.lasocietadelprogetto.com
www.casacaminetto.com
www.fiorellogroup.com
www.dmacomputer.com
happyrent.com
www.turin-gallery.com
www.audiodigitale.net
www.italmeccanica.it
www.eliorapida.it
www.rovida.it
www.lanuovamodisteria.it
www.vezzola.it
www.srlsistema.it
www.studiocasazza.it
www.federicibb.it
www.trapperoffroad.it
www.centralfluid.it
www.selcod.it
www.associazionealice.it
www.edil-nike.it
www.edilnike.it
www.esagonale.it
www.aldofronterre.it
www.lanificiocecchi.it
www.minicostruzioni.it
www.stangalinocostruzioni.it
www.plastampi.it
www.rehamedical.it
www.studiozulian.it
www.spinoneitaliano.it
www.giovannagranno.it
www.obiettivorisarcimento.it
www.petrotto.it
www.bondishepherds.it
www.pengs.it
www.teolis.it
fenu.it
www.fratres-brozzi.org
www.sagisrl.org
www.ceispt.org
www.cartotecnicadelgarda.com
www.centralboxitalia.com
www.tecno-weld.com
www.proteoediservice.com
www.piramideverde.com
www.orientalcaffe.com
www.2emmeforniture.com
www.nicoli.com
www.zaiti.com
www.giannicasti.com
www.edil-sistem.com
orodesign.com
www.orodesign.com
www.deborahligorio.com
www.marcomodernariato.com
www.lasocietadelprogetto.com
www.casacaminetto.com
www.fiorellogroup.com
www.dmacomputer.com
happyrent.com
www.turin-gallery.com
www.audiodigitale.net
www.italmeccanica.it
www.eliorapida.it
www.rovida.it
www.lanuovamodisteria.it
www.vezzola.it
www.srlsistema.it
www.studiocasazza.it
www.federicibb.it
www.trapperoffroad.it
www.centralfluid.it
www.selcod.it
www.associazionealice.it
www.edil-nike.it
www.edilnike.it
www.esagonale.it
www.aldofronterre.it
www.lanificiocecchi.it
www.minicostruzioni.it
www.stangalinocostruzioni.it
www.plastampi.it
www.rehamedical.it
www.studiozulian.it
www.spinoneitaliano.it
www.giovannagranno.it
www.obiettivorisarcimento.it
www.petrotto.it
www.bondishepherds.it
www.pengs.it
www.teolis.it
fenu.it
It's worth noting that not all of the above hosts are showing the injected code as being present. Whether this indicates a network wide issue, or the affected sites are just on the same server, is anyone's guess.
Until this is cleaned up however, I'd strongly recommend blacklisting this IP block.
In the meantime, if anyone reading this, happens to live in Italy and would like to try and get hold of the hosting company, their details are as follows;
inetnum: 194.242.61.0 - 194.242.61.255
netname: GENESYS-NET
descr: HostingSolutions.it
country: IT
admin-c: LC1294-RIPE
tech-c: EF1473-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-domains: AS1267-MNT
source: RIPE # Filtered
person: Luigi Corbacella
address: Via de Cattani, 224/18
address: 50145 Firenze (FI)
phone: +39 55 308189
fax-no: +39 55 301394
e-mail: info@genesysinformatica.it
nic-hdl: LC1294-RIPE
source: RIPE # Filtered
person: Emil Fikl
address: Via de Cattani, 224-18
address: I-50145 Firenze (FI)
address: Italy
phone: +39 55 308189
fax-no: +39 55 301394
e-mail: emil@gif.it
nic-hdl: EF1473-RIPE
source: RIPE # Filtered
:: Information related to '194.242.61.0/24AS24994'
route: 194.242.61.0/24
descr: Genesys Informatica S.r.l.
origin: AS24994
remarks: GENESYS-NET announce
mnt-by: AS1267-MNT
source: RIPE # Filtered
netname: GENESYS-NET
descr: HostingSolutions.it
country: IT
admin-c: LC1294-RIPE
tech-c: EF1473-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-domains: AS1267-MNT
source: RIPE # Filtered
person: Luigi Corbacella
address: Via de Cattani, 224/18
address: 50145 Firenze (FI)
phone: +39 55 308189
fax-no: +39 55 301394
e-mail: info@genesysinformatica.it
nic-hdl: LC1294-RIPE
source: RIPE # Filtered
person: Emil Fikl
address: Via de Cattani, 224-18
address: I-50145 Firenze (FI)
address: Italy
phone: +39 55 308189
fax-no: +39 55 301394
e-mail: emil@gif.it
nic-hdl: EF1473-RIPE
source: RIPE # Filtered
:: Information related to '194.242.61.0/24AS24994'
route: 194.242.61.0/24
descr: Genesys Informatica S.r.l.
origin: AS24994
remarks: GENESYS-NET announce
mnt-by: AS1267-MNT
source: RIPE # Filtered
Thus far, attempts to contact them both via e-mail and via telephone, have failed miserably.
/edit Monday 13th October
I'd like to make clear, following a note on the forums, that it is only the single IP (194.242.61.128) I recommend blocking, and not HostingSolutions.it entire net-range.
No comments:
Post a Comment