There's quite a bit of malware coming from a range of Singlehop IPs over the past few days. The range is 108.178.59.0/26 (108.178.59.0 - 108.178.59.63)
So far, I've seen blackhole samples from 108.178.59.20, 108.178.59.11 and 108.178.59.26 which is enough to convince me that the whole /26 is bad an should be blocked.
Singlehop have reallocated the IP range to a customer:
network:Class-Name:network
network:ID:ORG-SINGL-8.108-178-59-0/26
network:Auth-Area:108.178.0.0/18
network:IP-Network:108.178.59.0/26
network:Organization:Lorenzo Coco
network:Street-Address:via Nardi, 8 Prato
network:City:Prato
network:State:Italy
network:Postal-Code:59100
network:Country-Code:IT
network:Tech-Contact;I:NETWO1546-ARIN
network:Admin-Contact;I:NETWO1546-ARIN
network:Abuse-Contact;I:ABUSE2492-ARIN
network:Created:20120430
network:Updated:20120430
It's quite possible that Mr Coco doesn't know that the IP range is being abused in this way, but blocking access to it would be prudent.
Added: You can also add 108.178.59.6 to the list of malicious sites.
No comments:
Post a Comment