See: https://www.virustotal.com/nl/url/353c8000855f8b425c8e4bbd4094e0e5237e9faf04fdff92ffa9093477901c97/analysis/1436266254/ Missed: http://quttera.com/detailed_report/bedrockcapital.com & https://sitecheck.sucuri.net/results/bedrockcapital.com#sitecheck-details Malware IP history: https://www.virustotal.com/nl/ip-address/204.11.246.1/information/ Bad host experience: https://www.projecthoneypot.org/ip_204.11.246.1 Re: https://www.threatcrowd.org/ip.php?ip=204.11.246.1 Insecure hosting: http://sameid.net/ip/204.11.246.1/ Malware detected: http://www.scumware.org/report/204.11.246.1 Website down: https://urlquery.net/report.php?id=1436266505526 Badzone: clusteralt0.msomt.modwest.com → http://www.dnsinspect.com/msomt.modwest.com/1436266988 Nameserver excessive version info proliferation detected. 69.51.77.40: “Served by POWERDNS 3.1 $Id: packethandler.cc 2579 2012-04-26 11:28:04Z peter $” Sitevet report gives Spam Activity on AS. MIT Dover Spooler. Port 91 - UDP infested with virus trojan (in the past?). Generic detections?
polonus
