[nsp-sec] Possible Phish web site, oh and malware installer!
Smith, Donald
Donald.Smith at CenturyLink.com
Wed Jun 6 14:40:43 EDT 2012
69.194.196.34
http://urlquery.net/report.php?id=64195
Shows a live blackhole exploit kit on that ip.
When packets collide the controllers cease transmission AND wait a random time before retransmission (mostly)!
Donald.Smith at CenturyLink.com
> -----Original Message-----
> From: Hicks, Howard
> Sent: Tuesday, June 05, 2012 4:57 PM
> To: NSP-Sec
> Cc: Roper, Sara; Smith, Donald
> Subject: Possible Phish web site, oh and malware installer!
>
> Hay all,
>
>
>
> I am looking for any intelligence on IP 209.237.151.17. (this is a
> possible phish url server) And 69.194.196.34. (this IP 69.194.196.34
> seems to be a drive by malware installer)
>
>
>
> -bash-2.05b$ whois -h whois.cymru.com 69.194.196.34
>
>
>
> > whois -h whois.cymru.com 209.237.151.17
>
> AS | IP | AS Name
>
> 36476 | 209.237.151.17 | WEB-COM-ASN1 - Web.com, Inc.
>
>
>
> AS | IP | AS Name
>
> 14670 | 69.194.196.34 | SOLAR-VPS - Solar VPS
>
>
>
> Anyone with information please help.
>
>
>
> Thanks
>
>
>
> --
>
>
>
> Howard Hicks
>
> Senior Engineer
>
> CenturyLink
>
> howard.hicks at centurylink.com
>
> 612-664-3021
>
> PGP public key BB5ECDA6
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91D85E81BB5ECDA6>
> Available at http://pgp.mit.edu/ <http://pgp.mit.edu/>
>
>
>
> cid:169224416 at 31052011-255F
>
>
>
> This communication is the property of CenturyLink and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the
> sender by reply e-mail and destroy all copies of the communication and
> any attachments.
>
>
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list