Thanks for the help with this! Turns out this had a not so malicious resolution for now: The IP address is used for numerous spelling error domains aka typo squatting. The company/person behind this ip addressis redirecting a large number of domains to the IP address which then displays a yellow pages look alike called yellow book. Nothing malicious as far as I can tell for now, but some may not like this practice.
-----
Alex wrote in a short time ago seeing www.citrix.com resolving to208.73.210.29. This IP address has been associated with malware in the past. Further investigation showed that literally hundreds of brand name sites point to this IP address (if you are using the wrong DNS server). For example, see the report from the BFK passive DNS caching tools:
http://www.bfk.de/bfk_dnslogger.html?query=208.73.210.29#result
Please let us know if you are seeing outbound traffic to this IP address or if you see DNS resolution requests that return this IP address. We are still investigating details.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-----
Alex wrote in a short time ago seeing www.citrix.com resolving to208.73.210.29. This IP address has been associated with malware in the past. Further investigation showed that literally hundreds of brand name sites point to this IP address (if you are using the wrong DNS server). For example, see the report from the BFK passive DNS caching tools:
http://www.bfk.de/bfk_dnslogger.html?query=208.73.210.29#result
Please let us know if you are seeing outbound traffic to this IP address or if you see DNS resolution requests that return this IP address. We are still investigating details.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.