We started blocking /in.cgi? 3 days ago and about 2-3 time a day, we block somthing like this, always in the .cw.cm zone. CM is Cameroum I think and it does not make a lot of sence.
Anybody know about .cw.cm url or is it poisonous url?
http://rtjcsulc.cw.cm/in.cgi?2%26seoref=http%3A%2F%2Fwww.google.ca%2Fimgres%3Fim gurl%3Dhttp%3A%2F%2Fwallpapers.pixxp.com%2Fwallpapers%2F16%2FMadagascar_lemur.jp g%26imgrefurl%3Dhttp%3A%2F%2Fdydconsultorias.com%2Fapp%2Freed-lemur-madagascar%2 526page%253D2%26usg%3D__UC5sKJCengZNXq7xbSNR2GGOxnE%3D%26h%3D960%26w%3D1280%26sz %3D143%26hl%3Dfr%26start%3D15%26zoom%3D1%26um%3D1%26itbs%3D1%26tbnid%3DSfQyumHVH AUHnM%3A%26tbnh%3D113%26tbnw%3D150%26prev%3D%2Fimages%253Fq%253DCute%252Blemur%2 526um%253D1%2526hl%253Dfr%2526tbm%253Disch%26ei%3DLxmlTen9C4WM0QHYgvHrCA%26param eter=$keyword%26se=$se%26ur=1%26HTTP_REFERER=http%3A%2F%2Fdydconsultorias.com%2F app%2Freed-lemur-madagascar%26page%3D2%26default_keyword=default
The .cm Top Level Domain is notorious because malicious domains will commonly get registered for people that mis-type .com.
goodsite.com = good site
goodsite.cm = bad site