Does anyone know what these threat alerts are in list BBcan177/MS-1?
-
It's pretty rare that I see anything from the list BBcan177/MS-1, but I saw a couple of alerts today.
According to the source on github:
https://gist.github.com/BBcan177/bf29d47ea04391cb3eb0/
the list was last active Apr 23, 2019, so maybe it's no longer current.The alerts were: (I added the whois below)
192.0.78.25:443
unknown
(OrgName: Automattic, Inc)205.185.216.10:443
map2.hwcdn.net
(OrgName: Highwinds Network Group, Inc.)192.0.78.25 was under a section headed by:
https://twitter.com/benkow_
and 205.185.216.10 was under a section headed by:
https://twitter.com/pancak3lullz
but neither twitter feed showed anything obvious.I know this is one of BBCAN177's manually curated lists, so I'm hoping either @BBcan177 or someone else here on the forum can advise.
Thanks.
If you find my post useful, please give it a thumbs up!
pfSense 2.5.2-RELEASE-CE -
@guardian said in Does anyone know what these threat alerts are in list BBcan177/MS-1?:
It's pretty rare that I see anything from the list BBcan177/MS-1, but I saw a couple of alerts today.
According to the source on github:
https://gist.github.com/BBcan177/bf29d47ea04391cb3eb0/
the list was last active Apr 23, 2019, so maybe it's no longer current.
The alerts were: (I added the whois below)
192.0.78.25:443
unknown
(OrgName: Automattic, Inc)
205.185.216.10:443
map2.hwcdn.net
(OrgName: Highwinds Network Group, Inc.)
192.0.78.25 was under a section headed by:
https://twitter.com/benkow_
and 205.185.216.10 was under a section headed by:
https://twitter.com/pancak3lullz
but neither twitter feed showed anything obvious.
I know this is one of BBCAN177's manually curated lists, so I'm hoping either @BBcan177 or someone else here on the forum can advise.From the Reports/Alerts Tab, click on the blue infoblock icon for Threat Source Lookups:
https://dnslytics.com/ip/192.0.78.25
https://pulsedive.com/indicator/?iid=34202&ioc=MTkyLjAuNzguMjU=Some passive DNS Resolution for that IP:
https://www.virustotal.com/gui/ip-address/192.0.78.25/relationsThis IP will be removed from the Feed.
Also note, in the MS_? Feeds, when the source was from a tweet, the Tweet ID is listed as a comment. Some of the older entries didn't have this reference.
For this IP: 205.185.216.10, it has a tweet reference:
https://twitter.com/pancak3lullz/status/746040971675131906https://dnslytics.com/ip/205.185.216.10
https://pulsedive.com/indicator/?iid=34167&ioc=MjA1LjE4NS4yMTYuMTA=Some passive DNS Resolution for that IP:
https://www.virustotal.com/gui/ip-address/205.185.216.10/relations
https://securitytrails.com/list/ip/205.185.216.10?page=1
