[nsp-sec] sites that are preying on the conficker victims with scareware and scams.
Rob Thomas
robt at cymru.com
Wed Mar 25 19:26:20 EDT 2009
Hey, Don.
> $ whois 74.217.128.133
> Internap Network Services Corporation PNAP-SJE-01-2008 (NET-74-217-0-0-1)
> 74.217.0.0 - 74.217.255.255
> Netfirms INAP-TOR001-NETFIRMS-23422 (NET-74-217-128-0-1)
> 74.217.128.0 - 74.217.129.255
There's also a bit of mircscript hosted there which is often a bad sign.
We see a few DNS RRs over the past 30+ days.
timestamp | dns_name | ip
--------------------- ---------------------- ----------------
2009-03-11 07:35:20 | dl.pacyrus.com | 74.217.128.133
2009-03-11 07:35:16 | forum.pacyrus.com | 74.217.128.133
2009-03-09 09:25:07 | marketingimagery.com | 74.217.128.133
2009-03-23 13:20:05 | mirctrivia.net | 74.217.128.133
2009-03-08 03:28:03 | subs.geekstogo.com | 74.217.128.133
2009-03-08 11:50:49 | www.pacyrus.com | 74.217.128.133
2009-02-27 22:35:08 | thehousewatch.sslpowered.com | 74.217.128.133
2009-02-24 07:20:26 | www.fraganciasalpormayor.com | 74.217.128.133
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list