[nsp-sec] Possible Phish web site, oh and malware installer!
Hicks, Howard
Howard.Hicks at CenturyLink.com
Tue Jun 5 18:57:27 EDT 2012
Hay all,
I am looking for any intelligence on IP 209.237.151.17. (this is a possible phish url server) And 69.194.196.34. (this IP 69.194.196.34 seems to be a drive by malware installer)
-bash-2.05b$ whois -h whois.cymru.com 69.194.196.34
> whois -h whois.cymru.com 209.237.151.17
AS | IP | AS Name
36476 | 209.237.151.17 | WEB-COM-ASN1 - Web.com, Inc.
AS | IP | AS Name
14670 | 69.194.196.34 | SOLAR-VPS - Solar VPS
Anyone with information please help.
Thanks
--
Howard Hicks
Senior Engineer
CenturyLink
howard.hicks at centurylink.com
612-664-3021
PGP public key BB5ECDA6<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91D85E81BB5ECDA6> Available at http://pgp.mit.edu/
[cid:image001.png at 01CD4340.BBB54740]
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5548 bytes
Desc: image001.png
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20120605/e097dda6/attachment-0001.png>
More information about the nsp-security
mailing list