Sponsored by..

Monday 11 March 2013

Something evil on 37.59.214.0/28

37.59.214.0/28 is an OVH IP range suballocated to a person called Sidharth Shah in Maryland (more of whom later). At the moment it is hosting a number of malware sites with a hard-to-determine payload such as [donotclick]55voolith.info:89/forum/had.php which is evading automated analysis.

The owner of this block is as follows:
organisation:   ORG-SS252-RIPE
org-name:       Shah Sidharth
org-type:       OTHER
address:        12218 Skylark Rd
address:        20871 Clarksburg
address:        US
abuse-mailbox:  ovhresell@gmail.com
phone:          +1.5407378283
mnt-ref:        OVH-MNT
mnt-by:         OVH-MNT
source:         RIPE # Filtered


Malware is hosted on 37.59.214.0, 37.59.214.1 and 37.59.214.0. There do not appears to be any legitimate sites in this range. Google has already flagged some of these as malicious (marked in red), so you can safely assume that they are all malicious:

1dabify.info
1linktube.info
1myloo.info
1trilium.info
2drill.info
2mars.info
2scrool.info
2skills.info
2walls.info
abubblespot.info
achatterjam.info
athoughtpedia.info
atwitterdrive.info
ayakilith.info
alivexs.info
arealster.info
arealtune.info
atopjam.info
ayombu.info
bbrightbridge.info
bdabdog.info
bfatri.info
bmyva.info
11chattervine.info
11fandu.info
11ncat.info
11tanix.info
22chatset.info
22cogizio.info
22jalium.info
22jaxworks.info
22ooyo.info
22thoughtspace.info
33demilium.info
33digipad.info
33skire.info
3digiset.info
3edgeblab.info
3linkshots.info
3livelounge.info
3meenix.info
3viva.info
5ailium.info
5flashster.info
5gabwire.info
5lalium.info
5skyzu.info
7demiboo.info
7gedeo.info
7jumpbean.info
7jumplist.info
7zambu.info
8abagen.info
8bubbledog.info
8cogitz.info
8plamba.info
8tajo.info
8twitterbox.info

No comments: