It’s been a while since the last update. What a busy weeks..
I’ve subscribed to MalwareDomainList‘s RSS and recently I’ve found a couple of entries on BlackHole Exploit Kit hosted in Malaysia. I’ve performed a quick analysis on the domains and found that, it is confirmed serving BlackHole Exploit Kit v2.0.
And as for the detection rate in Virustotal: 4/44
I’ve done a quick analysis on the IP using robtex and hostmap, there are 12 (or more) .RU domain associated with the IP. Most of the domains store multiple A record for their DNS. 2 of the IPs are in US, and 1 in Malaysian Research & Education Network.