Sponsored by..

Thursday, 12 February 2015

Questionable network: 5.135.127.64/27 / userlogin.me

While researching this spam I came across a questionable OVH reseller using the 5.135.127.64/27 range, allocated to userlogin.me.

organisation:   ORG-WC13-RIPE
org-name:       userlogin
org-type:       OTHER
address:
e-mail:         support@userlogin.me
abuse-mailbox:  abuse@userlogin.me
descr:          Userlogin account solutions
mnt-ref:        OVH-MNT
mnt-by:         OVH-MNT
changed:        noc@ovh.net 20140521
source:         RIPE

A look at passive DNS records show a variety of sites including stressers, phishing pages, spammers, some malware, plus some other sites which are probably less evil. A lot of these sites are hiding behind Cloudflare, some other sites have moved on to other hosts.

I checked the current IPs and reputations of all the domains that I can find associate with the domain and put them here [csv]. Don't assume they are all evil, but some of those sites are.. interesting.
Posted by at
Labels:

1 comment:

naszfranio said...

Conrad, how can I send you a message for investigations ?

13 February 2015 at 12:44

Post a Comment

Subscribe to: Post Comments (Atom)