[nsp-sec] Working from home by hosting from home?
Sweeney, William- CIPS
Bill_Sweeney at cable.comcast.com
Sat Sep 27 16:10:49 EDT 2008
Ack Comcast.
________________________________
From: nsp-security-bounces at puck.nether.net on behalf of Rob Thomas
Sent: Fri 9/26/2008 4:22 PM
To: David Freedman
Cc: nsp-leo-security at puck.nether.net; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] Working from home by hosting from home?
----------- nsp-security Confidential --------
Hey, David.
> 33287 | 71.226.201.209 | DNEO-OSP4 - Comcast Cable Communications, Inc.
Hoo-hah, lots of phish site hosting activity on this IP. It's been
phishing Capital One since at least 2008-06-30 18:12:03 UTC. On or
about 2008-07-08 23:09:50 UTC it switched to Bank of America. It's also
been a spam source as recently as 2008-09-11 06:48:22 UTC.
> 7015 | 24.34.17.210 | CCCH-AS2 - Comcast Cable Communications
> Holdings, Inc
This has been a spam source since at least 2008-08-19 02:13:41 UTC.
> 11426 | 98.26.58.210 | SCRR-11426 - Road Runner HoldCo LLC
This one has hosted phish sites for Lloyds and Wells Fargo since at
least 2008-08-12 19:09:47 UTC. It's been a spam source since at least
2008-08-13 01:36:22 UTC.
If I had to guess, I'd wager these are compromised hosts. :(
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list