[nsp-sec] Mebroot/Torpig c&c (AS 46475, 15083, 25653)
Tom Fischer
tfischer at bfk.de
Mon Jul 6 06:03:53 EDT 2009
Hi,
please help to null route the following Mebroot/Torpig c&c server:
Torpig:
wfzq9nuj.net. 60 IN A 216.245.201.74
IHZCKLUJ.NET. 60 IN A 216.245.201.74
AS | IP | AS Name
46475 | 216.245.201.74 | LIMESTONENETWORKS - Limestone Networks, Inc.
PEER_AS | IP | AS Name
2914 | 216.245.201.74 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
3356 | 216.245.201.74 | LEVEL3 Level 3 Communications
3549 | 216.245.201.74 | GBLX Global Crossing Ltd.
4323 | 216.245.201.74 | TWTC - tw telecom holdings, inc.
Mebroot:
VUXHFHDG.BIZ. 60 IN A 200.35.151.161
WUHFGBHX.COM. 60 IN A 200.35.151.161
AS | IP | AS Name
15083 | 200.35.151.161 | INFOLINK-MIA-US - Infolink Information Services Inc.
PEER_AS | IP | AS Name
3549 | 200.35.151.161 | GBLX Global Crossing Ltd.
twitter based Neosploit domain:
abjodvsves.com. 60 IN A 208.116.54.18
AS | IP | AS Name
25653 | 208.116.54.18 | FORTRESSITX - FortressITX
PEER_AS | IP | AS Name
1239 | 208.116.54.18 | SPRINTLINK - Sprint
1299 | 208.116.54.18 | TELIANET TeliaNet Global Network
3356 | 208.116.54.18 | LEVEL3 Level 3 Communications
4436 | 208.116.54.18 | AS-NLAYER - nLayer Communications, Inc.
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list