9512 websites with IP 81.88.57.70

[polonus]

Re: http://sameid.net/ip/81.88.57.70/
Sure that is creating some problems, also for this particular domain site: https://www.virustotal.com/en/url/10ce0fad8ba73edb961f58c3748848237642afd6ee445598d7859416358142db/analysis/1417282281/
Blacklisted and potentially suspicious: index.html
Severity:   Potentially Suspicious
Reason:   Detected unconditional redirection to external web resource.
Details:   <meta http-equiv="refresh" content="0;URL='http://www.3sentidosdesign.pt/clientes/RotaDaVila/index.html'" />
Threat dump:   

Code: [Select]

[<meta http-equiv="refresh" content="0;URL='htxp://www.3sentidosdesign.pt/clientes/RotaDaVila/index.html'" />]See: http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://rotadavila.com.pt/&MODIFIED=0
Threat dump MD5:   DA5D92C9D88497613AF05BAD1E944601
File size[byte]:   675
File type:   HTML
Page/File MD5:   9B70E2417C982B0519963ADA7B256E80
Scan duration[sec]:   0.008000
Nothing in particular here: http://urlfind.org/?site=http%3A%2F%2Frotadavila.com.pt#

Active and up malcode found there, according to VirusTracker: rotadavila dot com.pt,81.88.57.70,ns1.amenworld dot com,Criminals,
found here: http://antispam.imp.ch/05-uribl.php?lng=1
Nothing alerted here: http://urlquery.net/report.php?id=1417283867696
But on IP: "ET CURRENT_EVENTS Malicious Redirect 8x8 script tag" &    Detected malicious iframe injection

#9 JavaScript::Script (size: 91818, repeated: 1) - Alert detect on script (Severity: 2) - opwaymocambique dot com/js/jquery-1.6.4.min.js  81.88.57.70 - SHA256: ecb69491577d57befd5f15b5bee0204b682ee5a53e55b380aae990bc3633324a
and here: http://dnscheck.sidn.nl/?time=1417282815&id=1783907&view=basic&test=standard

polonus