Sponsored by..

Tuesday, 1 July 2014

Something evil on 37.187.140.57 (OVH, France)

A group of Cushion Redirect sites appear to be hosted on 37.187.140.57 (OVH, France), although I cannot determine the exact payload of these sites you can be assured that it is Nothing Good and you may well want to block the IP.

Here is a sample URLquery report for this IP. VirusTotal also reports a low number of detections for this address.

Domains being abused in this attack include:
charlie-lola.co.uk
clashofclanshackdownload.com
check-email.org
cialis25.pl

adultvideoz.net


(UPDATE: domain names crossed out above have been secured)

In all cases the attack is carried out by using a malicious subdomain. The following subdomains have been spotted by rDNS and are an illustration only:
u2t1x94kcgm78tfitogjmfn.charlie-lola.co.uk
j9h7uktct4cg8mri2a0t1mj.charlie-lola.co.uk
p4frt6l6fuvfd931x99ayff.charlie-lola.co.uk
tl6ilmdwddgda432tx8r6xp.adultvideoz.net
xdwnzxkviyy7recx6o3b7wp.adultvideoz.net
3ttlji59f7m31ajx26ctmnw.clashofclanshackdownload.com
mbpemlkg3e6oyb1nil0y6iw.clashofclanshackdownload.com
ipb0e6gyl3oncrkelry1lfp.adultvideoz.net
huqla44lvwmxh7xjhtaq0lj.charlie-lola.co.uk
xqskvg1xqaxbi6q13z9b4rp.adultvideoz.net
t9su831121c8r5or2feha7t.charlie-lola.co.uk
wyxu3oez5ft5rufht09mttt.charlie-lola.co.uk
3eo5hresu1a1516ufa681gj.charlie-lola.co.uk
1xb601q9k4ktfdvqi31mhrt.charlie-lola.co.uk
4qhbnyqhifpuxvoxaj8fhjp.check-email.org
gihhyaqq6ehfnxipbbj8fnp.adultvideoz.net
wyxu3oez5ft5rufht09mttt210553d228156921089e2ef107d2c1f61.charlie-lola.co.uk
7yl01vizcjnq2r8k1c2229p.clashofclanshackdownload.com
sfab6xb5ahiiuyrnv8hyrjt.charlie-lola.co.uk
c7hfahqlxxwj5uvvuulhyt7.clashofclanshackdownload.com
wvohhjwauiln9hvq7nhvkxi.clashofclanshackdownload.com
t9su831121c8r5or2feha7t221453d201d448c7589e2d68b4e1eeb3f.charlie-lola.co.uk
192rkauuv6uuodfp9vjk3ip.adultvideoz.net
u2t1x94kcgm78tfitogjmfn214653d1fd553376a863d8fa4c8357152.charlie-lola.co.uk
y9er5auuv159idfp94v93ip.adultvideoz.net
wrfttm9tz7j8286rt1icdim.charlie-lola.co.uk
fipdt61atjqlpqhv3ip5pjj.adultvideoz.net
2dw6o2t3o4m3ldqd3urr5rn.charlie-lola.co.uk
o1oynwrwabyoy3lpnullemp.adultvideoz.net
eccb2ple2n3io61ocnlylxj.charlie-lola.co.uk
oz9mfxfthty3nseq5ulhept.charlie-lola.co.uk
vbybi98n6ahxga0hlfknigf.charlie-lola.co.uk
2dw6o2t3o4m3ldqd3urr5rn203453d1ff6245fef81455e5c2f67d6fd.charlie-lola.co.uk
dx8o3le72kyvrnod9pxhypi.clashofclanshackdownload.com
5ajljohtplppqf28mrptv7m.adultvideoz.net
ekneql6voyx9yl3llgpbpji.clashofclanshackdownload.com
xd2n3xrvqyyurerxeo323wp.adultvideoz.net
q9i12z6kq1i9x8bvexbxe9i.check-email.org
eij03t2t97ttyizacnm1qhi.cialis25.pl
ekneql6voyx9yl3llgpbpji207253dd486a9392d86820f01eb1afca5.clashofclanshackdownload.com
s2toz89du52uetctfctw3zj.charlie-lola.co.uk
e1jlzq2t97mtuik7ccm1ehi.clashofclanshackdownload.com
e1jlzq2t97mtuik7ccm1ehi501553d272a175fc69b885025dbad9609.clashofclanshackdownload.com
eearh6ft21f1u3a2e95uy7p.adultvideoz.net
c7hfahqlxxwj5uvvuulhyt7504153d274a615987cc9b10729b1b4d87.clashofclanshackdownload.com
c7hfahqlxxwj5uvvuulhyt7902153d274894606a7d1108c7b58e09a6.clashofclanshackdownload.com
de2v8wu6l0sd3xbvmdtrdm7214653d251032854059ba8f2a19e587fc.clashofclanshackdownload.com
jlx9opd9ge26hk9j4zyiqlp.clashofclanshackdownload.com
jlx9opd9ge26hk9j4zyiqlp503453d2766b46e828c50c75b8ca5a70a.clashofclanshackdownload.com
u2t1x94kcgm78tfitogjmfn.charlie-lola.co.uk

2 comments:

benkow_ said...

http://37.187.140.57/3
http://37.187.140.57/4
http://37.187.140.57/8
redirect to porn site
http://urlquery.net/report.php?id=1404222715832

benkow_ said...

and http://37.187.140.57/17 http://37.187.140.57/18 http://37.187.140.57/19 to http://www.casinotitan.im/