Site url resolving to IP 127.0.0.2 should be blocked!

CyberCrime site: work.panthera.ca/V3asd4s2ew/cp.php?m=login should resolve to 92.55.82.245
but goes here: http://urlquery.net/report.php?id=9415796 → ordinarily implemented using only 127.0.0.1/32 for loopback, but no addresses within this block should ever appear on any network anywhere [RFC1700, page 5].
92.55.82.245 3 connections First seen 5 months ago Last seen 46 hours ago Threat AlienVault Danger level 4
http://urlquery.net/report.php?id=9415886 → not analyzed get a failure…
Domainn work.panthera.ca/IN doesn’t exist - failed to look for Parent - delegation not found at parent! → http://dnscheck.sidn.nl/?time=1392243498&id=1735553&view=basic&test=standardhttp://totalhash.com/network/ip:92.55.82.245
https://zeustracker.abuse.ch/monitor.php?host=work.panthera.ca
Should be blocked by avast because of Nameserver(s): ns1.afraid dot org | ns2.afraid dot org | ns3.afraid dot org | ns4.afraid dot org
Might be a SplitDNS misconfiguration! 127.0.0.2 myhost myhost.mydomain → http://jsunpack.jeek.org/?report=1368f4734499c3b4f369f1d818b79cce8def670a

polonus

Here we come up with quite some answers: http://totalhash.com/network/dnsrr:*127.0.0.2*%20or%20ip:127.0.0.2
What is the common denominator here? Detected a Dynamic DNS URL!
Spam mail bots? → https://www.mywot.com/en/scorecard/quowesuqbbb.mooo.com
Botnet C&C? Seen with worms like W32/Parite! They should fix their stuff!
Here is the final word and IDS alert: http://urlquery.net/report.php?id=9210970 IDS alert for ET TROJAN Known Sinkhole Response Header
Also read here: http://seclists.org/snort/2013/q4/665
and also study this paper here: http://www.sans.org/reading-room/whitepapers/dns/dns-sinkhole-33523?show=dns-sinkhole-33523&cat=dns
article author Guy Bruneau advisor Rick Wanner

polonus