In the past week i've had my Norton alert me that a web attact was taking place and was blocked. Something called Blackhole Exploit Kit Website II. Only happens on this site, says attackers address is 178.18.243.189(178.18.243.189) this has happened 3 times in the past few days this time it gave me another signature of gm21wv.com as the attacker. Anyone know anything about this or has it happened to you?

Thanks for reporting and giving those IP#s. I have talked with our Techs and they assure me that we are extremely well protected! Usually, when this is reported, it is found to be picked up somewhere else on the internet, and not from DN. I will pass your info on to the Techs, and have them look into your notice!! Thanks!!

IP : 178.18.243.189 Neighborhood
Host : ?
Country : Germany


unfold Address information
unfold Related IP addresses
IP owner info (Whois)

#
# Query terms are ambiguous. The query is assumed to be:
# "n 178.18.243.189"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=178.18.243.189?showDetails=true&showARIN=fa...
#

NetRange: 178.0.0.0 - 178.255.255.255
CIDR: 178.0.0.0/8
OriginAS:
NetName: 178-RIPE
NetHandle: NET-178-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2009-01-30
Updated: 2009-05-18
Ref: http://whois.arin.net/rest/net/NET-178-0-0-0-1

OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/RIPE

ReferralServer: whois://whois.ripe.net:43

OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN

OrgAbuseHandle: RNO29-ARIN
OrgAbuseName: RIPE NCC Operations
OrgAbusePhone: +31 20 535 4444
OrgAbuseEmail: hostmaster@ripe.net
OrgAbuseRef: http://whois.arin.net/rest/poc/RNO29-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#




Deferred to specific whois server: whois.ripe.net...


% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '178.18.243.128 - 178.18.243.255'

inetnum: 178.18.243.128 - 178.18.243.255
netname: HUAN-JUN-NET
descr: HUAN-JUN-NET
country: DE
admin-c: IIOD-RIPE
tech-c: IIOD-RIPE
status: ASSIGNED PA
mnt-by: INLINE-KA-MNT
source: RIPE # Filtered

role: Inline Administrator
remarks:
address: Inline Internet Online Dienste GmbH
address: Kaiserstrasse 121
address: 76133 Karlsruhe
address: GERMANY
remarks:
phone: +49 (721) 96682-32
fax-no: +49 (721) 96682-11
remarks:
remarks:
remarks: ++++++++++++++++++++ ABUSE +++++++++++++++++++
remarks: + Any abuse complains (e.g. port scan, spam,
remarks: + hammering, etc.) please send to:
remarks: +
remarks: + abuse@inline.de
remarks: ++++++++++++++++++++++++++++++++++++++++++++++
remarks:
remarks: -----------------------------------------------
remarks:
remarks: Routing questions: noc@inline.de
remarks: General questions: info@inline.de
remarks:
remarks: -----------------------------------------------
remarks:
admin-c: MFIN-RIPE
tech-c: MFIN-RIPE
remarks:
nic-hdl: IIOD-RIPE
mnt-by: INLINE-KA-MNT
abuse-mailbox: abuse@inline.de
source: RIPE # Filtered

% Information related to '178.18.240.0/20AS31147'

route: 178.18.240.0/20
descr: Inline Internet Online Dienste GmbH
origin: AS31147
mnt-by: INLINE-KA-MNT
source: RIPE # Filtered

% Information related to '178.18.240.0/22AS31147'

route: 178.18.240.0/22
descr: Inline Internet Online Dienste GmbH
origin: AS31147
mnt-by: INLINE-KA-MNT
source: RIPE # Filtered

So I'm under attack from Germany? Guess they don't like my artwork over there,Sorry!

Happened again this time it was Suspicious Browser Fingerprinting 3 attacking computer: www.urdicosh.com (78.159.122.74,80) www.urdicosh.com/termopack0/29636622 and the source is 78.159.122.74(78.159.122.74) Thank you for any help with this.. just glad my norton is picking it up