FYI...
Urgent Block: lilupophilupop-dot-com (SQL Injection)
- http://www.malwaredomains.com/wordpress/?p=2213
December 2nd, 2011 - "(The ISC*) is reporting that there’s a SQLi campaign going on right now with the malicious domain lilupophilupop .com being injected into sites running MSSQL. We will block that domain on the next update but you shouldn’t wait…"
* https://isc.sans.edu/diary.html?storyid=12127
Last Updated: 2011-12-02 11:24:01 UTC - "... discovered yesterday about 80 sites showed in Google... and a few minutes ago 4000+. Targets include ASP sites and Coldfusion... The attack seems to work on all versions of MSSQL..."
___
Diagnostic page for AS:48691 (SPECIALIST)
- http://google.com/safebrowsing/diagnostic?site=AS:48691
"... The last time Google tested a site on this network was on 2011-12-10, and the last time suspicious content was found was on 2011-12-10... Over the past 90 days, we found 15 site(s) on this network, including, for example, lilupophilupop .com, sweepstakesandcontestsinfo .com, sweepstakesandcontestsnow .com... that appeared to function as intermediaries for the infection of 189 other site(s)... We found 30 site(s), including, for example, lilupophilupop .com, sweepstakesandcontestsinfo .com, sweepstakesandcontestsnow .com, that infected 1504 other site(s)..."
- http://blog.dynamoo.com/2010/10/evil...pecialist.html
11 October 2010 - "...blocking 194.28.112.0 - 194.28.115.255 (194.28.112.0/22) is probably a good idea..."
inetnum: 194.28.112.0 - 194.28.115.255
netname: Specialist-ISP-PI2
descr: Specialist, Ltd.
Country: MD (Moldova)
- https://blogs.msdn.com/themes/blogs/...006&GroupKeys=
"... malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."