Blog

Another look into no-reverse-dns-configured.com’s troubled past

I previously reported on no-reverse-dns-configured.com and the current and previous owners.  But what about the February 2016 botnet attacks? Who was the owner when the domain name was invoked in those attacks? According to DomainTools, the owner of no-reverse-dns-configured.com in February 2016 was Slawek Modrzejewski.  Slawek was original owner of the domain name since it was first registered in 11/15/2015. On 4/9/2016, the registration for no-reverse-dns-configured.com was dropped by GoDaddy.  Five days later, the registration was picked up by SouthNames Inc. (NamePal.com) with an anonymous owner protected by United Privacy Corp, which is based in Belize. In addition to the number WHOIS record updates for …

Read MoreAnother look into no-reverse-dns-configured.com’s troubled past

Hall of Shame updated with known IP addresses with PTR records going to no-reverse-dns-configured.com

The Hall of Shame has been updated with a list of known IP addresses with PTR records going to no-reverse-dns-configured.com. I have found the following IP addresses in my syslog with PTR records going to no-reverse-dns-configured.com.  80.82.65.66 was previously discussed due to the sheer volume of attacks. All IP addresses are managed by Quasi Networks LTD, per the RIPE  Database lookup. Source IP count Protocol 80.82.65.66 20489 TCP 80.82.79.104 91 TCP 80.82.70.134 11 TCP & UDP 80.82.78.188 11 TCP 89.248.171.40 7 UDP 80.82.65.204 4 UDP 80.82.70.2 3 UDP 89.248.162.142 2 TCP 89.248.170.224 2 TCP 89.248.172.90 2 TCP 80.82.65.199 1 TCP 89.248.160.192 1 TCP …

Read MoreHall of Shame updated with known IP addresses with PTR records going to no-reverse-dns-configured.com

Google Search Console Team deems Bad Packets Report a safe website!

Huzzah! Bad Packets Report has been cleared as a safe site by the Google Search Console Team. Earlier this morning, we received the following notification: To: Webmaster of https://badpackets[.]net/, Google has received and processed your security review request. Google systems indicate that https://badpackets[.]net/ no longer contains links to harmful sites or downloads. The warnings visible to users are being removed from your site. This may take a few hours to happen. Thank you to Google Search Console Team for clearing up this false-positive so quickly!

no-reverse-dns-configured.com – The mother of all PTR records

Recently, I posted about the IP 80.82.65.66 and the DoS attacks I observed in my syslog. I presumed the reverse DNS record (PTR record) pointing to no-reverse-dns-configured.com was just a one-time fake. However, further investigation blew that theory out of the water. Upon review of the top three networks in my all-time dropped packets list, I saw 93.174.93.136 which is also managed by Quasi Networks LTD and has a PTR record, you guessed it, going to no-reverse-dns-configured.com. At that point I figured further investigation into this domain name was needed. IBM X-Force Exchange is reporting the DNS name no-reverse-dns-configured.com has 245 associated DNS records …

Read Moreno-reverse-dns-configured.com – The mother of all PTR records