Hi, team. Just a bit of insight to share.
Received: from ls4.ilvu.net (ls4.ilvu.net [67.19.38.132])
This IP shows up as bot'd as far back as 2007-01-10 at 07:55:51 GMT. I'm not surprised it's sending spam or participating in a phishing excursion. The turf-enuff.com host on which the phishing site appears to reside has been hosting both malware and phishing sites. We've seen the following URLs there (URLs slightly obfuscated to protect folks - be CAREFUL!): timestamp | ip | asn | category | comment ---------------------+-----------------+-------+------------ +----------------------------------------------------------------------- ----------------------------- 2007-06-23 13:07:20 | 206.221.179.151 | 32445 | malwareurl | hxxp:// www.allyoumiss.net/phpwcms_ftp/ 2007-06-23 13:18:12 | 206.221.179.151 | 32445 | malwareurl | hxxp:// www.alpine-framing.com/e107_files/ 2007-06-24 00:36:00 | 206.221.179.151 | 32445 | phishing | hxxp:// www.allyoumiss.net/phpwcms_ftp/www.banamex.com/ bancanetempresarial.banamex.com.mx/index.htm 2007-06-24 00:36:00 | 206.221.179.151 | 32445 | phishing | hxxp:// www.allyoumiss.net/phpwcms_ftp/www.banamex.com/boveda.banamex.com.mx/ serban/ 2007-07-01 03:57:15 | 206.221.179.151 | 32445 | phishing | hxxp:// www.warranty-tracking.com/warranty/logins/updates/us/webscr.php I don't believe we know anyone at AS32445, so we'll reach out to their upstreams AS174 and AS5769 and see if we can get this host cleaned. Thanks, Rob. -- Rob Thomas Team Cymru http://www.cymru.com/ cmn_err(do_panic, "Out of coffee!");