Wednesday, 21 May 2014
Something evil on 220.127.116.11 (Sweet Orange EK)
For example [donotclick]www.f1fanatic.co.uk is a compromised website that tries to redirect visitors to two different exploit kits:
The second one is an attempt to load the Fiesta EK although the payload site is currently down. But the .house domain appears to be Sweet Orange (incidentally this is the first time that I've seen one of the new TLDs abused in this way).
The server on 18.104.22.168 hosts a number of subdomains that are hijacked from GoDaddy customers. I recommend that you block either the subdomain or domains themselves:
The EK page itself has a VirusTotal detection rate of 0/53, although hopefully some of the components it installs will trigger a warning.