Sponsored by..

Wednesday, 2 April 2014

Something evil on 66.96.223.204

66.96.223.204 (Network Operations Center, US) appears to be hosting some sort of malicious redirectors being used in current malware campaigns. VirusTotal gives a snapshot of the badness.

Sites hosted on this IP include:
epdiyfetzs.com
epdiyfetzs.info
f50n.jalihs.com
gv0.jalihs.info
hepiqs.com
hepiqs.info
hepiqs.net
jalihs.com
mqo9.hepiqs.net
mxvf.hepiqs.info
p9t.epdiyfetzs.com
slqts.epdiyfetzs.net
x0v4b.jalihs.info
zrzvz.hepiqs.info
mblo.epdiyfetzs.com
eb5pxy.hepiqs.com
ot7gdz.hepiqs.com
zs89w.jalihs.com
wpnd4i.jalihs.com
ns2.manbake.com
geortogils.com
cf3.geortogils.com
novinhasbr.com
ns1.novinhasbr.com
epdiyfetzs.net
muiknq.epdiyfetzs.net
qlkz1e.epdiyfetzs.net
t5dns.hepiqs.info
jalihs.info
ranbert.info
mx2.ranbert.info
ns2.ranbert.info
ycqr.ranbert.info
yrkr.ranbert.info
yrqz.ranbert.info
yckrv.ranbert.info
yrkrv.ranbert.info
pckcsq.ranbert.info
pckrvq.ranbert.info
prqcvk.ranbert.info
prqwvq.ranbert.info
ns2.ricbank.info
ns2.trainmick.info
5x5d2l.epdiyfetzs.info
geortogils.info
ns2.termitepit.info
mx1.staticpulled.info
ns1.staticpulled.info


Recommended blocklist:
66.96.223.204
epdiyfetzs.com
epdiyfetzs.info
epdiyfetzs.net
geortogils.com
geortogils.info
hepiqs.com
hepiqs.info
hepiqs.net
jalihs.com
jalihs.info
manbake.com
novinhasbr.com
ranbert.info
ricbank.info
staticpulled.info
termitepit.info
trainmick.info

No comments: