this attack). The malware domains seem to rotate through subdomains very quickly, possibly in an attempt to block analysis of their payload. This block is carrying out the same malicious activity that I wrote about a few days ago.
OVH have suballocated this IP block to an entity that I believe is connected with black hat host r5x.org.
CustName: Private Customer
Address: Private Residence
These IPs are particularly active:
There is nothing of value in this /28 block and I recommend that you block the entire IP range plus the following domains (which are all already flagged as being malicious by Google)