I'm not sure of the particular nature of the spam run involved (it is possibly a UPS themed attack), but there's a campaign underway with a malicious payload on [donotclick]panamamoskow.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IPs:178.33.106.254 (OVH, France)
190.120.228.92 (Infolink, Panama)
Blocking access to those IPs will prevent other malicious domains on the same server from being a threat.
No comments:
Post a Comment