The Latest in IT Security

Something evil on, and


Some sites appear to have been hit by a sophisticated multi-part injection attack that triggers only once per IP (so difficult to track down).

There are two injected elements, one is a .in site hosted on [Leaseweb, Netherlands] which could be one of the following:

There’s a pretty inconclusive Wepawet report here but be assured that these domains have a malicious payload.

The second injection is a reference to which is hosted on, this is a Leasweb Germany IP address suballocated to who appear to be a Serbian firm fronted in the UK. I strongly recommend blocking all their IP ranges (listed here) if you can. merely forwards to a malicious payload on (report here) and that in turn is listed on (OVH, France) along with some other suspect looking sites that lead be to conclude that this IP address is worth blocking too:

This malware seems to be quite good at avoid analysis. But if you can block these IPs then I strongly recommend that you block them.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments