Wednesday, 9 January 2013
Something evil on 18.104.22.168
In the example I have seen, the malicious payload is at [donotclick]11.lamarianella.info/read/defined_regulations-frequently.php (report here). These other domains appear to be on the same server, all of which can be assumed to be malicious:
These all appear to be legitimate but hijacked domains, you may want to block the whole domain rather than just the 11. subdomain.