Sponsored by..

Thursday 20 February 2014

Suspect Cushion redirect on 62.212.128.22

I'm not entirely sure of what the payload is, but there is an apparent cushion redirect running on 62.212.128.22 (XenoSite, Netherlands) using hijacked GoDaddy domains (which is never a good sign). An example can be found with this URLquery report but in this case it seems to end up at a wallpaper site (picture here). VirusTotal sees the IP as being somewhat suspect.

Given that this is abusing subdomains of legitimate GoDaddy domains then on balance I would regard this as being malicious. All the subdomains I can find are listed here [pastebin], but they are all covered by this recommended blocklist:
46.231.87.57
310casting.com
analacrobatsfree.com
dovizpiyasa.net
dovmeara.com
dovmebakirkoy.com
dovmeblog.com
dovmeci.co
dovmeciadresleri.com
dovmecibul.com
dovme-resimlerim.com
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)