Thursday, 14 January 2010

More malvertisment domains

The malicious ads were running through (and I understand now terminated by), related to this post, according to commenter cerdo:

Blogger cerdo said... was also likely hosting a malicious campaign yesterday afternoon, and perhaps still ongoing. I'd contact you Jamie, but I don't have contact info for you. This all is clearly closely related to Dynamoo's post... is an obvious bad actor. The other related domains:

as well as:

14 January 2010 18:40

Blogger cerdo said...

Yep - saw via bootcamp again less than 30 minutes ago.

Related sites, accessed immediately after

14 January 2010 18:45
Worth checking your logs for and blocking in case they turn up on another network. Checking IPs comes up with:,,,, [Linode],,,,,,,,,,, [Linode],,,,,,,,,,,,,,,,,
[Slicehost / Rackspace] [Linode] [Liquid Web]
Was [Netdirekt /] now appears to be down. [Madet Ltd, Moscow] [Madet Ltd, Moscow]

I don't have the full trace of these, so it's not exactly clear what these domains are doing in the reported chain.

No comments: