Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does anyone know what these threat alerts are in list BBcan177/MS-1?

    pfBlockerNG
    2
    2
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by guardian

      It's pretty rare that I see anything from the list BBcan177/MS-1, but I saw a couple of alerts today.

      According to the source on github:
      https://gist.github.com/BBcan177/bf29d47ea04391cb3eb0/
      the list was last active Apr 23, 2019, so maybe it's no longer current.

      The alerts were: (I added the whois below)
      192.0.78.25:443
      unknown
      (OrgName: Automattic, Inc)

      205.185.216.10:443
      map2.hwcdn.net
      (OrgName: Highwinds Network Group, Inc.)

      192.0.78.25 was under a section headed by:
      https://twitter.com/benkow_
      and 205.185.216.10 was under a section headed by:
      https://twitter.com/pancak3lullz
      but neither twitter feed showed anything obvious.

      I know this is one of BBCAN177's manually curated lists, so I'm hoping either @BBcan177 or someone else here on the forum can advise.

      Thanks.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      BBcan177B 1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator @guardian
        last edited by

        @guardian said in Does anyone know what these threat alerts are in list BBcan177/MS-1?:

        It's pretty rare that I see anything from the list BBcan177/MS-1, but I saw a couple of alerts today.
        According to the source on github:
        https://gist.github.com/BBcan177/bf29d47ea04391cb3eb0/
        the list was last active Apr 23, 2019, so maybe it's no longer current.
        The alerts were: (I added the whois below)
        192.0.78.25:443
        unknown
        (OrgName: Automattic, Inc)
        205.185.216.10:443
        map2.hwcdn.net
        (OrgName: Highwinds Network Group, Inc.)
        192.0.78.25 was under a section headed by:
        https://twitter.com/benkow_
        and 205.185.216.10 was under a section headed by:
        https://twitter.com/pancak3lullz
        but neither twitter feed showed anything obvious.
        I know this is one of BBCAN177's manually curated lists, so I'm hoping either @BBcan177 or someone else here on the forum can advise.

        From the Reports/Alerts Tab, click on the blue infoblock icon for Threat Source Lookups:
        https://dnslytics.com/ip/192.0.78.25
        https://pulsedive.com/indicator/?iid=34202&ioc=MTkyLjAuNzguMjU=

        Some passive DNS Resolution for that IP:
        https://www.virustotal.com/gui/ip-address/192.0.78.25/relations

        This IP will be removed from the Feed.

        Also note, in the MS_? Feeds, when the source was from a tweet, the Tweet ID is listed as a comment. Some of the older entries didn't have this reference.

        For this IP: 205.185.216.10, it has a tweet reference:
        https://twitter.com/pancak3lullz/status/746040971675131906

        https://dnslytics.com/ip/205.185.216.10
        https://pulsedive.com/indicator/?iid=34167&ioc=MjA1LjE4NS4yMTYuMTA=

        Some passive DNS Resolution for that IP:
        https://www.virustotal.com/gui/ip-address/205.185.216.10/relations
        https://securitytrails.com/list/ip/205.185.216.10?page=1

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.