[nsp-sec] 2 websites seems to be used by botnet herders.
Yonglin ZHOU
yonglin.zhou at gmail.com
Wed Feb 18 02:46:51 EST 2009
Dear colleagues,
Today when we analyse the active large scale botnet CC server, we
found follwoing 2 IPs are bonded to normal websites ( seemed normal).
The IP and domain names are:
72.52.255.138 theadvancementcounsel.com
207.210.84.96 dissolution.com
By Team Cymru IP to ASN Lookup tools, we got:
AS | IP | BGP Prefix | CC | Registry |
Allocated | AS Name
3595 | 207.210.84.96 | 207.210.64.0/19 | US | arin |
2005-04-12 | GNAXNET-AS - Global Net Access, LLC
32244 | 72.52.255.138 | 72.52.192.0/18 | US | arin |
2006-08-03 | LIQUID-WEB-INC - Liquid Web, Inc.
Could any body here could help contact the IP or domain owners or
relative operators to recover the system? If they are not fake sites,
they must have been exploited by botnet herders.
Many thanks.
Yonglin.
CNCERT/CC
--
----------------- Enjoy the life --------------------
Yonglin ZHOU
Fix line: + 86 10 8299 0355 Fax: +86 10 8299 0399
Email: zyl at cert.org.cn, yonglin.zhou at gmail.com
-------------------------------------------------------------------------
More information about the nsp-security
mailing list