Sponsored by..

Thursday 19 February 2015

Some Superfish domains and IP addresses and ranges you might want to look for

In the light of the growing Lenovo / Superfish fuss, I set out to identify those Superfish domains and IPs that I could, for the purposes of blocking or monitoring.

The domains and IPs that I have been able to identify are here [csv].

Superfish appear to operate the following domains (and several subdomains thereof):

venn.me
best-deals-products.com
superfish.com
pin2buy.net
pintobuy.net
similarproducts.net
adowynel.com
govenn.com
group-albums.com
jewelryviewer.com
likethatapps.com
likethatdecor.com
likethatpet.com
likethatpets.com
testsdomain.info
superfish.mobi
vennit.net
superfish.us

These following IP addresses and ranges appear to be used exclusively by Superfish (some of their other domains are on shared infrastructure).

66.70.35.240/28
66.70.34.64/26
66.70.34.128/26
66.70.34.251
66.70.35.12
66.70.35.48

All of those IPs are allocated to Datapipe in the US. Superfish itself is based in Israel, which seems to be a popular place to develop adware.

Do with this data what you will, if you have any more IPs or domains then perhaps you might share them in the Comments.
Posted by at
Labels: ,

1 comment:

CunningPike said...

A perusal of ARIN allocations might make the block list look like this:

66.70.35.240/29
66.70.35.248/31
66.70.34.60/30
66.70.34.64/30
66.70.34.68/31
66.70.34.130/31
66.70.34.132/30
66.70.34.136/30
66.70.34.251/32
66.70.35.10/31
66.70.35.12/30
66.70.35.16/30
66.70.35.48/32

19 February 2015 at 16:50

Post a Comment

Subscribe to: Post Comments (Atom)