It looks like there is some sort of exploit kit on 192.95.1.190 (OVH, Canada) [example] spreading through injection attacks although at the moment I can't reproduce the issue. In any case, I would recommend blocking that IP plus these domains that are in use to spread nastiness:
digitalra.biz
drcoupon.biz
eurosync.biz
expertsurvey.biz
flypanda.biz
funelectronics.biz
interfx.biz
interloanz.biz
learinatlas.biz
mapmchawalit.biz
mapsport.biz
metartri.biz
moreycrm.biz
mrhiuts.biz
perfectcore.biz
safemeta.biz
searchcars.biz
sharpice.biz
softanimal.biz
Some of the subdomains in use are listed here.
1 comment:
Nuclear EK (november 2013 struct), and you can add redopginion{.}biz to the list.
Post a Comment