Help - Search - Members - Calendar
Full Version: malware hosted by sbcglobal
B.I.S.S. Forums > Malware Research Forum > Malware IP Research Section
Retired
Jan 17 2009, 02:11 PM
Don't know what to do with this:

Host: goodboomer.com
IP: 99.167.210.169
http://www.robtex.com/ip/99.167.210.169.html
http://www.robtex.com/dns/www.goodboomer.com.html
CODE
http://goodboomer.com/successful.exe


goodboomer has 5 IP addresses, but the .exe file above came from 99.167.210.169.

Retired
Kimberly
Jan 17 2009, 06:44 PM
Hmm, yeah and after 3 attempts to download the file I got it from 12.202.3.102, which isn't even listed at robtex.

CentralOPS resolves goodboomer.com as follows after 2 attempts

12.202.3.102
24.136.176.91
71.227.123.55
76.119.221.197
99.140.246.193

I'm more tempted to add the ones from C-OPS as they are not cached results and check back in a couple of hours how it resolves.

http://www.virustotal.com/analisis/a3aa936...ecf95582e682047

http://www.threatexpert.com/report.aspx?md...b5c8f4ebca1553c
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.