This one ended up in Junk. I guess you pasted too much domain names with "Junk" behaviours. 😉 I removed the domain names from this reply. Interesting list though. Thanks for sharing. Any others got that in their junk? Jean St-Laurent CISSP #634103 ddosTest me security inc site: https://ddostest.me email: jean@ddostest.me -----Original Message----- From: NANOG <nanog-bounces+jean=ddostest.me@nanog.org> On Behalf Of Rich Kulawiec Sent: January 21, 2021 8:02 AM To: nanog@nanog.org Subject: DDOS-Guard [was: Parler] About this network: On Sun, Jan 17, 2021 at 01:27:10PM -0800, William Herrin wrote: [snip]
inetnum: 190.115.16.0/20 status: allocated aut-num: AS262254 owner: DDOS-GUARD CORP. ownerid: BZ-DALT-LACNIC responsible: Evgeniy Marchenko address: 1/2Miles Northern Highway, --, -- address: -- - Belize - BZ
[snip] I've taken a look at this /20 and recommend either firewalling it (bidrectionally) or null-routing it. It's loaded with scammy domains, many of which are typosquatting on Hulu, Roku, Netgear, ATT, Facebook, Norton, AOL, HP, Canon, SBC, Epson, Bitdefender, Rand-McNally, Roadrunner, McAfee, Magellan, Office365, Tomtom, Garmin, Webroot, Brother, Belkin, Linksys, and probably some others that I overlooked while eyeballing the list. Appended below is a partial list of domains. All of these either (a) are using nameservers in that /20 or (b) have A records that resolve to that /20 or (c) both, as of when I checked this week. Notes: (1) this list is likely only a subset of what's actually there and (2) h/t to Brian Krebs for cataloging some of these in a blog post. ---rsk