FYI...Urgent Block: BlackHole Exploit Kit redret Spam Domains
December 6th, 2011 - "From the Internet Storm Center*... IP addresses to block are also in the article*. Also see this article**. Will be added here but you shouldn’t wait
Last Updated: 2011-12-06 03:04:51 UTC - "... all domains still active/resolving that host BlackHole exploit kit
, the actual one and not the links on the spams...
czredret .ru, curedret .ru, ctredret .ru, crredret .ru, bzredret .ru, byredret .ru, bxredret .ru, bwredret .ru,
bvredret .ru, bsredret .ru, bpredret .ru, boredret .ru, blredret .ru, bkredret .ru, biredret .ru, bhredret .ru,
bgredret .ru, bfredret .ru, beredret .ru, bdredret .ru, bcredret .ru, bbredret .ru, aredret .ru, apredret .ru,
amredret .ru, alredret .ru, akredret .ru, ajredret .ru, airedret .ru, ahredret .ru, agredret .ru, afredret .ru,
aeredret .ru, adredret .ru, acredret .ru, abredret .ru, aaredret .ru
... they are resolving to:
220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11
In recent past, the following IPs were also observed hosting them:
18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52...Comments (12.06.2011, 19:21 UTC)
: 184.108.40.206 is hosting these domains crredret .ru, ctredret .ru, curedret .ru, czredret .ru"
"... malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."
23 November 2011