Danchev: More Russian Criminal Activity in The Usual Places
Apparently, a little more in-depth research acts as public pressure, especially when they're lazy enough to have a great deal of malware variants "phone back home" to their promotional domain.More here.
However, the current one responding to 18.104.22.168 is hosted by SoftLayer, and is using ns1.4wap.org as DNS server provided by Layered Technologies again confirming the Russian Business Network connection since, both, Layered Technologies and SoftLayer are known to have been and continue providing services to the RBN, knowingly or unknowingly. Moreover, the malware infected counter at the stats section continues reporting new additions.
Note: I have repeatedly notified both Layered Technologies and SoftLayer on malicious (and criminal) activities occurring in their IP address space (their hosting facilities), but it continues to happen on a regular basis (for over a year). Apparently, they don't seem to police their own backyards, so it might be worthwhile to consider blocking these IP blocks until they clean up their act.
See also here.