Hi !Donovan,
Avast alert with URL:Mal for e.g.: hxtp://207.224.31.229/-wvdoc-01-/Glimpse Java Viewer Applet
A PHP Array-push is being performed from /68.185.19.92 for example,
http://68.185.0.0/19%20%20 urlopen error timed
see: htsp://jsunpack.jeek.org/?report=e71e575e9b002155bad807bbcfcd86f34e0a91ce *
* This link is given only for our security researchers,
use full script blocking and open up in a sandboxed environment for protection.
Warning! Do not venture out there if you are not enough security savvy!
Besides 68.185.0.0/19 AS20115 (not registered) Shared info is fetched in the background
See:
http://urlquery.net/report.php?id=125425 Suricata /w Emerging Threats IDS alerts
2012-08-12 03:59:24 207.224.31.229 urlQuery Client 3 FILEMAGIC Zip archive data
2012-08-12 03:59:21 207.224.31.229 urlQuery Client 3 FILEMAGIC Zip archive data
2012-08-12 03:59:18 207.224.31.229 urlQuery Client 3 FILEMAGIC Zip archive data
2012-08-12 03:59:17 207.202.157.37 urlQuery Client 3 FILEMAGIC Zip archive data
2012-08-12 03:59:17 68.185.19.92 urlQuery Client 3 FILEMAGIC Zip archive data
The IP PTR does not resolve. This is very bad practice...see:
http://hosts-file.net/default.asp?s=207.224.31.229http://hosts-file.net/default.asp?s=207.202.157.37http://hosts-file.net/default.asp?s=68.185.19.92Site has to be protected against bad bots, like this:
http://perishablepress.com/wp/wp-content/online/demos/blackhole/http://perishablepress.com/blackhole-bad-bots/ (link author and bottrap developer Jeff Starr)
AS info from sitevet: AS Name: THEPLANET-AS - ThePlanet.com Internet Services, Inc.
IPs allocated: 1539328
Blacklisted URLs: 17932
Hosts...
...malicious URLs? Yes
...badware? Yes
...botnet C&C servers? No
...exploit servers? Yes
...Zeus botnet servers? Yes
...Current Events? Yes
That is more than no records on these IPs,
polonus