[nsp-sec] One baddie kicked out: zlkon.lv / AS12553 PCEXPRESS-AS_DATORU EXPRESS SERVISS_ Ltd

Hillar Aarelaid hillar.aarelaid at cert.ee
Wed Apr 29 04:13:06 EDT 2009 

On Apr 28, 2009, at 5:21 PM, Shelton, Steve wrote:

> That is good news!  It seems some of the payload sites I track moved
> behind two separate ASN's - networks as of late which appears to be  
> some
> sort of bifurcation.
>
> 213.182.197.23 | AS8206 | JUNIK
> 213.163.91.93 | AS20495 | WEDARE

more moves:

4645    | 203.169.164.18   | 203.169.164.0/24    | HK | apnic    |  
2000-07-04 | cdn901.todayisp.net | ASN-HKNET-AP HKNet Co. Ltd
7796    | 216.240.157.81   | 216.240.144.0/20    | US | arin     |  
1999-09-22 | image-big-library.com | ATMLINK - ATMLINK, INC.
7832    | 216.229.40.2     | 216.229.40.0/21     | US | arin     |  
1999-06-02 | wj-asys.com     | PCISYS - WW/Precision Communication
9800    | 211.95.78.111    | 211.95.0.0/17       | CN | apnic    |  
1999-12-14 | worknssrv.cn    | UNICOM CHINA UNICOM
13768   | 64.34.228.126    | 64.34.224.0/20      | US | arin     |  
2004-07-15 | ads.netbios-local.com | PEER1 - Peer 1 Network Inc.
14618   | 174.129.250.129  | 174.129.0.0/16      | US | arin     |  
2008-08-08 | awbeta.net-nucleus.com | AMAZON-AES - Amazon.com, Inc.
14618   | 174.129.250.76   | 174.129.0.0/16      | US | arin     |  
2008-08-08 | awbeta.net-nucleus.com | AMAZON-AES - Amazon.com, Inc.

and history for some:

174.129.250.129 httpcnc 2008-12-11 10:02:28     2009-03-14 23:12:18
174.129.250.129 sandbox 2008-12-11 08:34:49     2009-04-15 04:56:22
174.129.250.76  httpcnc 2008-12-13 01:52:31     2009-03-23 06:31:14
174.129.250.76  sandbox 2008-12-13 06:23:38     2009-04-19 05:33:54
203.169.164.18  httpcnc 2008-09-28 09:31:50     2009-04-13 08:47:08
203.169.164.18  sandbox 2008-09-28 09:31:50     2009-04-13 08:47:08
203.169.164.18  malware 2009-01-07 00:00:00     2009-01-15 00:00:00
216.229.40.2    httpcnc 2009-03-03 06:14:35     2009-04-27 13:23:10
216.229.40.2    sandbox 2009-03-03 06:14:35     2009-04-28 21:06:22
216.229.40.2    malware 2009-04-20 00:00:00     2009-04-23 00:00:00
216.240.157.81  httpcnc 2009-01-14 20:41:30     2009-04-27 15:22:42
216.240.157.81  sandbox 2009-01-14 20:41:30     2009-04-28 22:25:36
64.34.228.126   httpcnc 2008-02-06 11:02:16     2009-04-27 23:12:48
64.34.228.126   sandbox 2008-02-06 11:02:16     2009-04-29 00:18:59

Hillar

More information about the nsp-security mailing list