Last Updated: 2014-01-27 18:13:45 UTC
by Tony Carothers (Version: 1)
The DShield database this morning show a tremendous uptick in activity coming out of IP address 220.127.116.11 over the past few weeks, so I am reaching out to everyone to see if anybody has packets related to this IP address. The WHOIS shows a newly registered IP block to CariNet, Inc., a San Diego based cloud provider, on January 3 2014. Since that time there has been an upshot in reports to the DShield database for both unwanted TCP and UDP packets.
If anybody has information on the IP address 18.104.22.168, or a POC at CariNet, would greatly help. I will contact the abuse department on Monday with whatever information I can collect today.
As always, thanx for supporting the Internet Storm Center,
tony d0t Carothers –gmail.com
UPDATE: 27 January 2014
The senior security engineer onsite has contacted the customer, who has agreed to take down the site and work with the ISC to resolve these issues. Great job everyone!! A community effort helps out the community everytime!!