Blogger cerdo said...Worth checking your logs for and blocking in case they turn up on another network. Checking IPs comes up with:
bootcampmedia.com was also likely hosting a malicious campaign yesterday afternoon, and perhaps still ongoing. I'd contact you Jamie, but I don't have contact info for you. This all is clearly closely related to Dynamoo's post...
traffic.worldseescolor.com is an obvious bad actor. The other related domains:
deliver.bailagequinismregrow.com
img.bailagequinismregrow.com
content.cabullacoexertstephen.com
as well as:
aanserver88.com
bonnapet.com
afkenai.com
bfskul.com
14 January 2010 18:40
Blogger cerdo said...
Yep - saw traffic.worldseescolor.com via bootcamp again less than 30 minutes ago.
Related sites, accessed immediately after traffic.worldseescolor.com:
deliver.boaterdunnagechicot.com
img.boaterdunnagechicot.com
14 January 2010 18:45
traffic.worldseescolor.com
69.164.215.208, 69.164.215.210, 69.164.215.205, 69.164.215.207, 69.164.215.204 [Linode]
deliver.bailagequinismregrow.com
74.207.232.205, 74.207.232.250, 74.207.232.249, 74.207.232.248, 74.207.232.203, 74.207.232.30, 74.207.232.206, 74.207.232.31, 74.207.232.39, 74.207.232.25, 74.207.232.202, 74.207.232.35 [Linode]
img.bailagequinismregrow.com
174.143.243.220, 98.129.238.102, 98.129.238.106, 98.129.236.239, 174.143.245.236, 98.129.237.14, 174.143.242.109, 174.143.243.90, 98.129.236.154, 98.129.238.101, 98.129.238.112, 98.129.236.254, 174.143.241.174, 98.129.238.105, 98.129.238.103, 174.143.243.162, 174.143.242.58, 98.129.238.99
[Slicehost / Rackspace]
content.cabullacoexertstephen.com
69.164.196.55 [Linode]
aanserver88.com
67.225.149.152 [Liquid Web]
bonnapet.com
Was 217.20.114.40 [Netdirekt / internetserviceteam.com] now appears to be down.
afkenai.com
195.2.253.93 [Madet Ltd, Moscow]
bfskul.com
195.2.253.93 [Madet Ltd, Moscow]
I don't have the full trace of these, so it's not exactly clear what these domains are doing in the reported chain.
No comments:
Post a Comment