Bad webhost detected?

See: http://www.urlvoid.com/scan/er8s.info/ detected: APNIC PH
see: https://www.projecthoneypot.org/ip_118.88.9.2
3,617 appearance(s) in spam e-mail or spam post urls

polonus

And what about this unknown_html_RFI_shell malware - Sucuri blacklisted: http://sitecheck.sucuri.net/results/elephantjournal.com/ (outdated WP)
-http://www.elephantjournal.com//wp-admin/js/common.js
On that particular IP: https://www.virustotal.com/en/ip-address/76.74.253.30/information/
Intersting data see here: http://www.senderbase.org/lookup?search_string=76.74.253.30

polonus

Maybe this is being detected via the sanbox as PUP: unknown_file_$INSTDIR/launcher.exe
where? https://www.virustotal.com/en/url/89206455c45aa1f04882af65ab197e39aaa0db7f55c22215f5c4a2f86a6b854c/analysis/1369257907/
detected file (avast not given) https://www.virustotal.com/en/file/725a51c0b268147080c1a7413b0afc38e65d2b6794a49e0b0c61915775317c41/analysis/1369214220/
Also see these google search results: FlashPlayer%2F79%2F418%2FV.148817390b&ie=utf-8&oe=utf-8&aq=t
detecting a Win32/DomaIQ.E potentially unwanted application
and https://www.virustotal.com/en/ip-address/37.59.180.17/information/

polonus