[nsp-sec] Can someone poke AS10929 | NETELLIGENT - Netelligent Hosting Services Inc.

Thu May 14 10:20:13 EDT 2009

Hello,

It appears some ugly crept into AS10929 | NETELLIGENT on
209.44.126.7/32.  Can someone poke them and point out the following?

hxxp://superlitecarbest.cn/in.cgi?income74

superlitecarbest.cn	a	209.44.126.7	209.44.96.0/19
AS10929|NETELLIGENT Hosting Services Inc.

http://wepawet.iseclab.org/view.php?hash=febc4c720e064d854ec8108fd146989
4&t=1241008697&type=js

MD5	febc4c720e064d854ec8108fd1469894
Virus total:
http://www.virustotal.com/analisis/b392273fc639dc37d6cd4ac5c56d914f

Additional Malware found:

hxxp://lieliteautobody.cn/load.php?id=8	
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	
Hash - 7ab819627dad8d76ecd7bde5769b35b5
Virus total:
http://www.virustotal.com/analisis/9313b4c78a6fbb107eb601bfda1aed70

--- 05/14/09 08:09:23 Mountain Daylight Time
--- reading URL 209.44.126.7
--- contacting host [209.44.126.7] on port 80

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 14 May 2009 14:08:26 GMT

DNS for superlitecarbest.cn

ns1.freednshostway.com NS 95.129.144.210 nginx/0.6.35 
95.129.144.0/23	AS48856| VENTREX-AS Ventrex LLP

ns2.freednshostway.com NS 78.26.179.79 nginx/0.6.35 78.26.128.0/18
AS34187|
RENOME-AS Renome-Service: Joint Multimedia Cable Network Odessa, Ukraine

ns1.superlitecarbest.cn	|95.129.144.211 | AS48856 | VENTREX-AS Ventrex
LLP
ns2.superlitecarbest.cn |213.182.197.23 | AS8206 | JUNIK-RIGA-LV
JUNIKNET Autonomous System
ns3.superlitecarbest.cn	|213.163.91.91 | AS20495 | WEDARE We Dare BV
Autonomous System
ns4.superlitecarbest.cn	|91.212.65.144 | AS48841 | EUROHOST-AS Eurohost
LLC
ns5.superlitecarbest.cn |209.44.126.7 | AS10929  | NETELLIGENT -
Netelligent Hosting Services Inc.

Additional ugly translating to 209.44.126.7:

*.betworldwager.cn	a	209.44.126.7
*.cheapslotplay.cn	a	209.44.126.7
*.cutlot.cn	a	209.44.126.7
*.lotante.cn	a	209.44.126.7
*.lotbetworld.cn	a	209.44.126.7
*.lotmachinesguide.cn	a	209.44.126.7
betbigwager.cn	a	209.44.126.7
betworldwager.cn	a	209.44.126.7
cheapslotplay.cn	a	209.44.126.7
coolnameshop.cn	a	209.44.126.7
cutlot.cn	a	209.44.126.7
homenameregistration.cn	a	209.44.126.7
hotslotpot.cn	a	209.44.126.7
litefinestdirect.cn	a	209.44.126.7
lotante.cn	a	209.44.126.7
lotmachinesguide.cn	a	209.44.126.7
mx007.belmony.com	a	209.44.126.7
nameashop.cn	a	209.44.126.7
namebuyline.cn	a	209.44.126.7
namesupermart.cn	a	209.44.126.7
nonfatcarbest.cn	a	209.44.126.7
ns3.freewebhostguide.com	a	209.44.126.7
ns5.autobestwestern.cn	a	209.44.126.7
ns5.bestfindaloan.cn	a	209.44.126.7
ns5.betbigwager.cn	a	209.44.126.7
ns5.betstarwager.cn	a	209.44.126.7
ns5.betworldwager.cn	a	209.44.126.7
ns5.bigtopcabaret.cn	a	209.44.126.7
ns5.casinoslotbet.cn	a	209.44.126.7
ns5.cheapslotplay.cn	a	209.44.126.7
ns5.coolnameshop.cn	a	209.44.126.7
ns5.cutlot.cn	a	209.44.126.7
ns5.educationbigtop.cn	a	209.44.126.7
ns5.filmlifemediaguide.cn	a	209.44.126.7
ns5.filmtypemedia.cn	a	209.44.126.7
ns5.finditbig.cn	a	209.44.126.7
ns5.greatbethere.cn	a	209.44.126.7
ns5.homenameregistration.cn	a	209.44.126.7
ns5.hotslotpot.cn	a	209.44.126.7
ns5.hugetopnano.cn	a	209.44.126.7
ns5.liteautotop.cn	a	209.44.126.7
ns5.litebest.cn	a	209.44.126.7
ns5.litefinestdirect.cn	a	209.44.126.7
ns5.litetopdetect.cn	a	209.44.126.7
ns5.litetopfindworld.cn	a	209.44.126.7
ns5.lotante.cn	a	209.44.126.7
ns5.lotbetsite.cn	a	209.44.126.7
ns5.lotmachinesguide.cn	a	209.44.126.7
ns5.lotwageronline.cn	a	209.44.126.7
ns5.mainnameshop.cn	a	209.44.126.7
ns5.mediahomenamemartvideo.cn	a	209.44.126.7
ns5.nameashop.cn	a	209.44.126.7
ns5.namebuyline.cn	a	209.44.126.7
ns5.namesupermart.cn	a	209.44.126.7
ns5.nanotopdiscover.cn	a	209.44.126.7
ns5.perfectnamestore.cn	a	209.44.126.7
ns5.playbetwager.cn	a	209.44.126.7
ns5.torrentoreactor.net	a	209.44.126.7
ns5.yourlitetop.cn	a	209.44.126.7
playbetwager.cn	a	209.44.126.7
www.betworldwager.cn	a	209.44.126.7
www.cutlot.cn	a	209.44.126.7
www.lotante.cn	a	209.44.126.7
www.lotmachinesguide.cn	a	209.44.126.7
www.lotultimatebet.cn	a	209.44.126.7
yourlitetop.cn	a	209.44.126.7

Best regards,

Steve Shelton
Network Security Engineer
Cogent Communications