[nsp-sec] Working from home by hosting from home?
Rob Thomas
robt at cymru.com
Fri Sep 26 16:22:52 EDT 2008
Hey, David.
> 33287 | 71.226.201.209 | DNEO-OSP4 - Comcast Cable Communications, Inc.
Hoo-hah, lots of phish site hosting activity on this IP. It's been
phishing Capital One since at least 2008-06-30 18:12:03 UTC. On or
about 2008-07-08 23:09:50 UTC it switched to Bank of America. It's also
been a spam source as recently as 2008-09-11 06:48:22 UTC.
> 7015 | 24.34.17.210 | CCCH-AS2 - Comcast Cable Communications
> Holdings, Inc
This has been a spam source since at least 2008-08-19 02:13:41 UTC.
> 11426 | 98.26.58.210 | SCRR-11426 - Road Runner HoldCo LLC
This one has hosted phish sites for Lloyds and Wells Fargo since at
least 2008-08-12 19:09:47 UTC. It's been a spam source since at least
2008-08-13 01:36:22 UTC.
If I had to guess, I'd wager these are compromised hosts. :(
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list