Sponsored by..

Showing posts with label Edis. Show all posts
Showing posts with label Edis. Show all posts

Friday 7 June 2013

Malware sites to block 7/6/13

Two IPs that look related, the first is 37.235.48.185 (Edis, Poland or Austria) which host some domains that are also found here (158.255.212.96 and 158.255.212.97, also Edis) that seem to be used in injection attacks. I can identify the following domains linked to 37.235.48.185:

faggyppvers5.info
finger2.climaoluhip.org
linkstoads.net
node1.hostingstatics.org
node2.hostingstatics.org

Injecting some of the same sites as the domains on the above IPs is jstoredirect.net which is currently offline but was hosted on 149.154.152.18 which is also Edis (can you see the pattern yet?) so I would assume that they are linked. In the few days that jstoredirect.net was online it managed to infect over 1500 sites.

Aggregate blocklist:
98.126.9.34
114.142.147.51
158.255.212.96
158.255.212.97
nethostingdb.com
netstoragehost.com
connecthostad.net
climaoluhip.org
hostingstatics.org
systemnetworkscripts.org
numstatus.com
linkstoads.net
faggyppvers5.info
jstoredirect.net