[nsp-sec] Suspicious DNS Activity

Florian Weimer fweimer at bfk.de
Thu Jul 31 04:06:24 EDT 2008 

* Dave Monnier:

> We don't have a ton of extra info on this.  It looks to be a Solaris
> box ~ and has had the RR kaztoday.ru pointed at it as recently as
> earlier today.

It seems to be some sort of shared hosting system:

2008-07-29 13:42:12     antiltravel.ru  A       194.85.88.199
2008-07-31 04:06:51     www.stickers.ru A       194.85.88.199
2008-07-31 06:53:23     199.88.85.194.in-addr.arpa      PTR     carp01-02.ext
2008-07-31 06:53:35     www.stranara.ru A       194.85.88.199
2008-07-31 06:53:44     www.vozrogdenie.com     A       194.85.88.199
2008-07-31 06:53:50     www.geomassiv.com       A       194.85.88.199
2008-07-31 07:30:26     vtvpro.ru       A       194.85.88.199
2008-07-31 07:39:48     www.taxafon.ru  A       194.85.88.199
2008-07-31 07:48:53     www.rubikom.ru  A       194.85.88.199
2008-07-31 07:52:46     charovnici.ru   A       194.85.88.199
2008-07-31 08:00:36     m-trans.biz     A       194.85.88.199
2008-07-31 08:00:51     bigdoctor.biz   A       194.85.88.199
2008-07-31 08:00:51     mygkiyznak.biz  A       194.85.88.199
2008-07-31 08:01:06     accord-berlin.com       A       194.85.88.199
2008-07-31 08:01:06     aft-poligraf.com        A       194.85.88.199
2008-07-31 08:01:06     barracudatrade.com      A       194.85.88.199
2008-07-31 08:01:06     blokhin.biz     A       194.85.88.199
2008-07-31 08:01:06     promland.biz    A       194.85.88.199
2008-07-31 08:01:07     concept-smart.com       A       194.85.88.199
2008-07-31 08:01:07     dalsib.com      A       194.85.88.199
2008-07-31 08:01:07     estlind.com     A       194.85.88.199
2008-07-31 08:01:08     geomassiv.com   A       194.85.88.199
2008-07-31 08:01:11     granparte.com   A       194.85.88.199
2008-07-31 08:01:11     helengarden.com A       194.85.88.199
2008-07-31 08:01:18     kraskimira.com  A       194.85.88.199
2008-07-31 08:01:18     lazersd.com     A       194.85.88.199
2008-07-31 08:01:22     promsnab.com    A       194.85.88.199
2008-07-31 08:01:22     rozadress.com   A       194.85.88.199
2008-07-31 08:01:23     sevenandnine.com        A       194.85.88.199
2008-07-31 08:01:23     sondors.com     A       194.85.88.199
2008-07-31 08:01:26     vozrogdenie.com A       194.85.88.199
2008-07-31 08:01:27     rosholod.com    A       194.85.88.199
2008-07-31 08:01:30     kkz1885.com     A       194.85.88.199
2008-07-31 08:01:32     basel-rooms.com A       194.85.88.199
2008-07-31 08:01:44     antonsubbotin.com       A       194.85.88.199
2008-07-31 08:01:48     igorkorbut.com  A       194.85.88.199
2008-07-31 08:01:48     int-mebel.com   A       194.85.88.199
2008-07-31 08:01:48     mfzubkov.com    A       194.85.88.199

Note that the traffic could be spoofed and eavesdropped somewhere
along the path.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the nsp-security mailing list