[nsp-sec] 419 info account @gmail
Rob Thomas
robt at cymru.com
Fri Jan 23 17:36:43 EST 2009
Hi, Christopher.
> 36954 | 82.128.47.110 | MLTL-AS
That Windows box has been a source of spam dating back to 2008-09-07
20:13:55 UTC. It might also be the source of some SMS spam, at least in
the past 30 days.
> 16557 | 216.157.150.2 | COLOSOLUTIONS - Colo Solutions, Inc.
This FreeBSD box running Apache 1.3.37 (look closely at that version
number, it might be both bogus and a clue haha) has hosted some fun in
the past.
timestamp | ip | asn | category |
comment
--------------------- --------------- ------- ------------
-------------------------------------------------------------------------------------------------------------------------------------------------
2008-12-14 15:32:04 | 216.157.150.2 | 16557 | malwareurl |
http://cun.com.mx/webges/
2008-11-11 00:59:21 | 216.157.150.2 | 16557 | phishing |
http://comfenalcosantander.com.co/images/M_images/simbiosis.JPG
2008-01-07 17:08:03 | 216.157.150.2 | 32065 | malwareurl |
http://www.terresperuviennes.com/index.html
2008-07-17 14:20:23 | 216.157.150.2 | 32065 | phishing |
http://www.layoutsformyspace.us/userpics/graphics/singin.ebay.it-eBayISAP.html
We only see three DNS RRs pointed to 216.157.150.2 for the past 30 days.
timestamp | dns_name | ip
--------------------- -------------------- ---------------
2009-01-14 19:35:17 | migbs.com | 216.157.150.2
2009-01-15 11:35:09 | n4.treithamer.com | 216.157.150.2
2009-01-05 02:50:21 | www.sabooindia.com | 216.157.150.2
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list