Just a note folks, geekstogo.com has been compromised again, and is currently serving malicious code, via;
I've tried calling geekstogo.com but they rejected my call because my number is ex directory, and the host (SoftLayer) wasn't any help.
The exploit itself is loaded from a Hanaro hosted IP address (220.127.116.11), with another exploit loaded from;
18.104.22.168 is on a GNAX IP range. I'd suggest blocking both /24's with immediate effect.
A little extra digging has shown another IP involved, 22.214.171.124, which is on a well known criminal friendly IP range - WorldStream, and resolves to unoosearch.com.