[donotclick]franchidiscarpa[.]com/index.phpYou can see this EK infecting a legitimate site in this URLquery report. The IP address appears to be a customer of ServerYou:
--> [donotclick]j8le7s5q745e[.]org/files/vip.php?id=4
OrgName: MegaHosterNetwork
OrgId: MEGAH
Address: Zaporozhskogo kazachestva 15
City: Zaporozhzhe
StateProv:
PostalCode: 69097
Country: UA
RegDate: 2012-09-02
Updated: 2012-09-02
Ref: https://whois.arin.net/rest/org/MEGAH
These other domains are hosted on the same IP:
[donotclick]j8le7s5q745e.org
[donotclick]3wdev4pqfw1u.org
[donotclick]fg1238tq38le.net
All of those domains are registered to:
Registrant Name: sergey muromov
Registrant Organization: sergey muromov
Registrant Street: veteranov 45-87
Registrant City: sank-tpeterburg
Registrant State/Province: leningradckaya
Registrant Postal Code: 458223
Registrant Country: RU
Registrant Phone: +7.66473838987
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: muromov96@bk.ru
It looks like there might be a fair amount of activity to the IP at the moment, judging by the number of URLquery reports, so it might well be worth blocking.
No comments:
Post a Comment