[nsp-sec] fastflux: page.jobarack.com
Torbjorn.Wictorin at cert.sunet.se
Torbjorn.Wictorin at cert.sunet.se
Wed Jan 21 09:52:10 EST 2009
hi,
there is a fastflux at page.jobarack.com, for the moment resolving to:
7018 | 12.68.100.97 | ATT-INTERNET4 - AT&T WorldNet Services
6478 | 12.206.91.96 | ATT-INTERNET3 - AT&T WorldNet Services
4837 | 60.13.162.9 | CHINA169-BACKBONE CNCGROUP China169 Backbone
3776 | 64.75.163.57 | ALOHANET - Hawaii Online
11060 | 65.25.68.2 | NEO-RR-COM - Road Runner HoldCo LLC
20214 | 67.191.81.183 | CCCH-AS6 - Comcast Cable Communications
12177 | 72.46.210.123 | ETS-TELEPHONE-COMPANY - ETS TELEPHONE
33651 | 76.103.255.218 | DNEO-OSP7 - Comcast Cable
43266 | 77.87.159.154 | ABUA-AS AB Ukraine AS
6830 | 80.98.203.215 | UPC UPC Broadband
9143 | 84.24.54.211 | ZIGGO Ziggo - tv, internet, telefoon
15419 | 86.38.212.117 | LRTC-AS SC _LRTC_ Internet services
8926 | 92.114.145.78 | MOLDTELECOM-AS Moldtelecom Autonomous System
31250 | 93.152.147.192 | OD-AS Online Direct Ltd.
10994 | 97.103.168.197 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
9260 | 115.42.64.46 | AS-MULTINET-PK NSP,ISP,HFC,DSL,DIALUP,Data
9304 | 118.140.35.199 | HUTCHISON-AS-AP Hutchison Global
4837 | 121.20.175.165 | CHINA169-BACKBONE CNCGROUP China169 Backbone
9812 | 121.77.7.147 | CNNIC-CN-COLNET Oriental Cable Network Co.,
7470 | 124.122.183.227 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
4766 | 125.129.28.163 | KIXS-AS-KR Korea Telecom
5661 | 131.247.122.248 | USF - UNIVERSITY OF SOUTH FLORIDA
3450 | 160.36.212.170 | UTK - University of Tennessee, Knoxville
6830 | 213.93.5.156 | UPC UPC Broadband
24852 | 213.164.114.223 | VINITA VINITA Internet Services
24105 | 220.101.67.212 | UNWIRED-CORE-AP Unwired Group, Fixed Wireless
The web servers is, when clicking om links on the page, returning
an .exe file that is Waledac-like.
Torbjörn Wictorin,
SUNet CERT
More information about the nsp-security
mailing list