173.255.200.91 (Linode, US) is exhibiting the characteristics of the Neutrino Exploit kit [see URLquery and VirusTotal reports). Attempts to analyse the malware seem to be generating 404 errors, but this could simply be a defensive mechanism by the malware on the server.
I can see the following domains on the server, ones flagged by Google for malware are highlighted. I would recommend blocking all domains on this server however, or simply block the IP address.
3dgamess.com
allcityhotels.com
allnewshere.com
anewschannel.com
backlinkfinder.com
backlinkhunter.com
cycling-infos.com
cycling-infos.info
cycling-infos.net
cycling-infos.org
dover-road.com
dover-road.info
dover-road.net
dover-road.org
dubuinc.com
dubuinc.info
dubuinc.net
dubuinc.org
ehotelguide.com
essentiale-water.com
essentiale-water.info
essentiale-water.net
essentiale-water.org
favoritewatches.com
fiveandsixandseven.com
fiveandsixandseven.net
imbiss-directory.com
imbiss-directory.info
imbiss-directory.net
imbiss-directory.org
imbiss-restaurants.com
imbiss-restaurants.info
imbiss-restaurants.net
imbiss-restaurants.org
jab-servers.com
jab-servers.info
jab-servers.net
jab-servers.org
komedidukkani.com
li210-91.members.linode.com
opengolfguide.com
paris-online-guide.com
paris-online-guide.info
paris-online-guide.net
paris-online-guide.org
rome-online-guide.com
rome-online-guide.info
rome-online-guide.org
shinebaby.info
shinebaby.org
toplumailgondermeprogrami.com
whereismysiteongoogle.com
wordpressthemes1.com
The malicious domains appear to be registered to the same person, but as the email address seems to bear no relation to the person's name then they may well be fake:
owner-name: Hans Funfell
owner-address: Mohrenstrasse 55
owner-city: Berlin
owner-state: DE
owner-country: DE
owner-postcode: 10117
owner-telephone: +49.89789200
owner-fax:
owner-email: jowiams779@gmail.com
A quick bit of Googling came up with exactly zero people called "Hans Funfell" (of course if you do it now there will be a match..)
No comments:
Post a Comment