[nsp-sec] Yaludle c&c server
Tom Fischer
tfischer at bfk.de
Wed Nov 4 07:52:46 EST 2009
Hi,
anyone around with a contact to the following Chinese providers?
4134 | 117.41.183.3 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.12.124.214 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.14.213.151 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.14.213.169 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.189.238.36 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.189.238.58 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.241.13.244 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.215.240.150 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.215.241.7 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.215.241.9 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 59.175.230.59 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.155.141.153 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.155.142.110 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.155.142.117 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.155.142.69 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.155.142.84 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.160.215.31 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.164.126.164 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.164.148.18 | CHINANET-BACKBONE No.31,Jin-rong Street
4837 | 218.10.16.239 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 218.10.16.49 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 218.61.126.20 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 218.61.126.24 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 218.61.126.28 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 220.248.167.99 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.12.88.17 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.12.88.31 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.12.88.39 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.12.88.7 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.12.88.9 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 222.162.115.94 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 60.12.166.149 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 60.12.166.150 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 60.12.166.154 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 61.158.162.139 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 61.158.162.94 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4847 | 219.72.238.107 | CNIX-AP China Networks Inter-Exchange
9800 | 220.196.42.59 | UNICOM CHINA UNICOM
9929 | 58.83.8.32 | CNCNET-CN China Netcom Corp.
17897 | 222.170.127.100 | CHINATELECOM-HLJ-AS-AP asn for Heilongjiang Provincial Net of CT
17897 | 222.170.127.114 | CHINATELECOM-HLJ-AS-AP asn for Heilongjiang Provincial Net of CT
These systems are used as Yaludle c&c servers.
Primary systems are currently:
4134 | 117.41.183.3 | CHINANET-BACKBONE No.31,Jin-rong Street
4837 | 218.61.126.28 | CHINA169-BACKBONE CNCGROUP China169 Backbone
17897 | 222.170.127.114 | CHINATELECOM-HLJ-AS-AP asn for Heilongjiang Provincial Net of CT
additional DNS data:
first seen (UTC) last seen (UTC)
2009-06-03 07:47:19 2009-06-08 21:36:43 helbokz.com A 61.160.215.31
2009-06-09 09:27:24 2009-06-10 04:50:20 helbokz.com A 220.248.167.99
2009-06-10 08:58:28 2009-06-12 03:40:37 helbokz.com A 222.162.115.94
2009-06-15 05:00:02 2009-06-26 21:18:43 helbokz.com A 218.61.126.24
2009-06-05 12:54:24 2009-07-06 15:50:45 helbokz.com NS ns2.critrap.com
2009-06-29 05:06:19 2009-07-07 17:40:23 helbokz.com A 221.12.88.7
2009-07-08 18:02:28 2009-07-28 07:27:40 helbokz.com A 60.12.166.154
2009-07-29 11:53:56 2009-08-04 06:54:22 helbokz.com A 58.83.8.32
2009-06-05 13:02:05 2009-08-07 08:21:01 helbokz.com SOA ns1.domain.com admin.domain.com 1
2009-08-15 01:30:12 2009-08-21 06:30:13 helbokz.com A 121.12.124.214
2009-08-22 14:00:12 2009-08-22 14:00:12 helbokz.com A 220.196.42.59
2009-08-14 06:35:59 2009-08-23 20:00:13 helbokz.com A 58.215.241.7
2009-08-21 20:30:13 2009-08-25 15:30:12 helbokz.com A 219.72.238.107
2009-07-01 05:18:42 2009-08-28 14:30:13 helbokz.com A 218.10.16.49
2009-08-28 15:00:12 2009-08-31 06:00:13 helbokz.com A 58.215.241.9
2009-09-02 00:00:13 2009-09-02 03:30:14 helbokz.com A 58.215.240.150
2009-08-31 06:30:16 2009-09-02 05:30:13 helbokz.com A 222.241.13.244
2009-09-13 13:30:14 2009-10-03 20:00:15 helbokz.com A 221.12.88.17
2009-08-31 14:30:14 2009-10-07 15:30:16 helbokz.com A 60.12.166.149
2009-09-15 06:30:14 2009-10-11 17:00:15 helbokz.com A 60.12.166.150
2009-10-14 20:00:28 2009-10-18 22:30:32 helbokz.com A 61.158.162.94
2009-09-02 04:00:15 2009-10-21 20:00:32 helbokz.com A 222.170.127.100
2009-10-22 15:30:34 2009-10-23 21:30:33 helbokz.com A 61.158.162.139
2009-07-30 06:11:45 2009-10-25 16:30:33 helbokz.com A 218.10.16.239
2009-09-05 13:00:13 2009-10-27 18:00:33 helbokz.com A 218.61.126.20
2009-10-28 01:30:33 2009-10-28 01:30:33 helbokz.com A 221.12.88.9
2009-10-10 17:30:15 2009-10-29 07:00:33 helbokz.com A 59.175.230.59
2009-10-27 18:30:33 2009-10-29 11:30:35 helbokz.com A 121.14.213.169
2009-10-06 13:43:34 2009-10-29 18:48:59 helbokz.com SOA ns1.domain.com admin.domain.com 1
2009-06-05 12:54:24 2009-11-04 12:30:53 helbokz.com NS ns1.tepka.biz
2009-06-05 12:54:24 2009-11-04 12:30:53 helbokz.com NS ns3.roofns.com
2009-06-05 12:54:24 2009-11-04 12:30:53 helbokz.com NS ns4.gootns.com
2009-07-07 17:40:23 2009-11-04 12:30:53 helbokz.com NS ns2.bupns.net
2009-06-03 07:47:19 2009-11-04 12:30:54 helbokz.com NS ns1.helbokz.com
2009-06-03 07:47:19 2009-11-04 12:30:54 helbokz.com NS ns2.helbokz.com
2009-06-03 07:47:19 2009-11-04 12:30:54 helbokz.com NS ns3.helbokz.com
2009-06-03 07:47:19 2009-11-04 12:30:54 helbokz.com NS ns4.helbokz.com
2009-10-29 12:00:34 2009-11-04 12:30:54 helbokz.com A 218.61.126.28
2009-11-01 21:00:48 2009-11-04 12:30:54 helbokz.com A 222.170.127.114
2009-11-03 19:30:34 2009-11-04 12:30:54 helbokz.com A 117.41.183.3
2009-06-02 06:20:20 2009-06-09 04:53:54 esgimun.com A 61.160.215.31
2009-06-10 11:00:21 2009-06-12 09:40:56 esgimun.com A 222.162.115.94
2009-06-15 04:55:03 2009-06-26 04:50:52 esgimun.com A 218.61.126.24
2009-06-02 06:20:20 2009-07-05 09:29:26 esgimun.com NS ns2.critrap.com
2009-06-30 04:58:01 2009-07-08 11:03:55 esgimun.com A 221.12.88.7
2009-05-23 07:07:04 2009-07-16 10:27:18 esgimun.com SOA ns1.domain.com admin.domain.com 1
2009-07-19 19:30:11 2009-07-19 19:30:11 esgimun.com A 61.155.142.84
2009-07-09 17:06:00 2009-07-29 04:30:43 esgimun.com A 60.12.166.154
2009-07-29 17:00:46 2009-07-30 19:30:58 esgimun.com A 61.155.142.117
2009-07-29 05:00:43 2009-08-06 04:54:31 esgimun.com A 58.83.8.32
2009-08-13 13:31:59 2009-08-21 06:41:45 esgimun.com A 121.12.124.214
2009-08-22 14:00:13 2009-08-22 14:00:13 esgimun.com A 220.196.42.59
2009-08-10 21:01:59 2009-08-23 20:02:02 esgimun.com A 58.215.241.7
2009-08-21 20:30:13 2009-08-25 15:32:03 esgimun.com A 219.72.238.107
2009-07-27 08:30:43 2009-08-28 14:32:02 esgimun.com A 218.10.16.49
2009-08-28 15:00:13 2009-08-31 08:02:02 esgimun.com A 58.215.241.9
2009-09-02 00:00:14 2009-09-02 03:32:03 esgimun.com A 58.215.240.150
2009-08-31 06:30:16 2009-09-02 05:30:14 esgimun.com A 222.241.13.244
2009-09-15 06:30:14 2009-09-15 06:32:02 esgimun.com A 60.12.166.150
2009-09-05 13:00:14 2009-09-22 21:32:32 esgimun.com A 218.61.126.20
2009-09-13 13:30:15 2009-10-03 20:02:19 esgimun.com A 221.12.88.17
2009-07-29 22:00:44 2009-10-04 12:02:19 esgimun.com A 218.10.16.239
2009-08-31 14:30:14 2009-10-06 14:02:19 esgimun.com A 60.12.166.149
2009-09-25 06:17:38 2009-10-06 17:34:49 esgimun.com SOA ns1.domain.com admin.domain.com 1
2009-06-02 06:20:20 2009-10-07 01:32:18 esgimun.com NS ns1.tepka.biz
2009-07-06 08:02:30 2009-10-07 01:32:18 esgimun.com NS ns2.bupns.net
2009-06-02 06:20:20 2009-10-07 01:41:02 esgimun.com NS ns1.esgimun.com
2009-06-02 06:20:20 2009-10-07 01:41:02 esgimun.com NS ns2.esgimun.com
2009-06-02 06:20:20 2009-10-07 01:41:02 esgimun.com NS ns3.esgimun.com
2009-06-02 06:20:20 2009-10-07 01:41:02 esgimun.com NS ns4.esgimun.com
2009-09-02 04:00:15 2009-10-07 01:41:02 esgimun.com A 222.170.127.100
2009-08-04 09:24:35 2009-08-05 09:46:28 tyagman.com A 58.83.8.32
2009-08-12 14:08:32 2009-08-19 14:42:08 tyagman.com SOA ns1.domain.com admin.domain.com 1
2009-08-13 13:46:26 2009-08-19 14:42:08 tyagman.com A 121.12.124.214
2009-08-11 07:42:44 2009-08-21 14:36:38 tyagman.com A 58.215.241.7
2009-08-24 08:13:23 2009-08-24 08:13:23 tyagman.com A 219.72.238.107
2009-09-15 13:11:58 2009-09-25 11:50:01 tyagman.com A 221.12.88.17
2009-10-06 13:12:24 2009-10-07 15:40:42 tyagman.com A 60.12.166.149
2009-10-14 23:18:39 2009-10-18 22:18:12 tyagman.com A 61.158.162.94
2009-09-03 12:48:59 2009-10-21 17:02:36 tyagman.com A 222.170.127.100
2009-10-22 15:52:12 2009-10-22 19:32:39 tyagman.com A 61.158.162.139
2009-08-08 07:22:28 2009-10-23 16:26:32 tyagman.com A 218.10.16.239
2009-10-12 10:42:16 2009-10-27 16:25:03 tyagman.com A 218.61.126.20
2009-10-11 09:21:55 2009-10-29 07:20:56 tyagman.com A 59.175.230.59
2009-10-27 18:21:26 2009-10-29 09:21:11 tyagman.com A 121.14.213.169
2009-09-23 14:40:42 2009-10-30 14:03:16 tyagman.com SOA ns1.domain.com admin.domain.com 1
2009-08-14 07:17:45 2009-11-02 15:03:45 tyagman.com NS ns1.tepka.biz
2009-08-14 07:17:45 2009-11-02 15:03:45 tyagman.com NS ns2.bupns.net
2009-08-14 07:17:45 2009-11-02 15:03:45 tyagman.com NS ns3.roofns.com
2009-08-14 07:17:45 2009-11-02 15:03:45 tyagman.com NS ns4.gootns.com
2009-08-04 09:24:35 2009-11-04 12:27:04 tyagman.com NS ns1.tyagman.com
2009-08-04 09:24:35 2009-11-04 12:27:04 tyagman.com NS ns2.tyagman.com
2009-08-04 09:24:35 2009-11-04 12:27:04 tyagman.com NS ns3.tyagman.com
2009-08-04 09:24:35 2009-11-04 12:27:04 tyagman.com NS ns4.tyagman.com
2009-10-29 13:39:48 2009-11-04 12:27:04 tyagman.com A 218.61.126.28
2009-11-01 21:10:31 2009-11-04 12:27:04 tyagman.com A 222.170.127.114
2009-11-03 21:52:46 2009-11-04 12:27:04 tyagman.com A 117.41.183.3
2009-06-19 08:39:58 2009-06-20 11:01:19 guazim.com A 61.155.141.153
2009-06-19 08:39:58 2009-07-03 07:14:36 guazim.com NS ns2.critrap.com
2009-06-28 14:23:50 2009-07-10 05:02:23 guazim.com A 222.189.238.58
2009-07-10 07:31:36 2009-07-14 07:34:09 guazim.com A 61.155.142.69
2009-06-21 04:12:25 2009-07-20 14:40:19 guazim.com A 218.10.16.49
2009-07-21 20:05:45 2009-07-27 15:00:22 guazim.com A 61.155.142.110
2009-07-27 15:58:00 2009-07-27 15:58:00 guazim.com A 222.189.238.36
2009-07-29 13:16:24 2009-08-03 14:19:36 guazim.com A 61.155.142.117
2009-10-03 22:25:37 2009-10-07 14:55:00 guazim.com A 221.12.88.17
2009-10-16 14:58:41 2009-10-16 20:18:21 guazim.com A 221.12.88.39
2009-10-16 20:30:16 2009-10-16 20:53:12 guazim.com A 61.164.148.18
2009-10-14 05:00:15 2009-10-17 03:10:03 guazim.com A 61.164.126.164
2009-10-19 00:30:16 2009-10-20 00:21:49 guazim.com A 121.14.213.151
2009-10-20 00:25:19 2009-10-20 21:30:16 guazim.com A 221.12.88.31
2009-10-21 18:17:26 2009-10-25 12:14:31 guazim.com A 218.10.16.239
2009-10-20 22:00:16 2009-10-26 02:30:16 guazim.com A 61.158.162.139
2009-10-27 21:13:50 2009-10-27 23:00:16 guazim.com A 121.14.213.169
2009-10-23 09:30:18 2009-10-27 23:30:17 guazim.com A 59.175.230.59
2009-10-22 16:30:17 2009-10-28 12:14:37 guazim.com A 222.170.127.100
2009-10-28 02:00:17 2009-10-28 18:02:00 guazim.com A 221.12.88.9
2009-10-02 14:26:50 2009-11-01 12:30:31 guazim.com A 218.61.126.20
2009-10-03 05:14:21 2009-11-04 06:14:22 guazim.com SOA ns1.domain.com admin.domain.com 1
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns1.guazim.com
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns1.tepka.biz
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns2.guazim.com
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns3.guazim.com
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns3.roofns.com
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns4.gootns.com
2009-06-19 08:39:58 2009-11-04 12:32:40 guazim.com NS ns4.guazim.com
2009-07-06 07:28:46 2009-11-04 12:32:40 guazim.com NS ns2.bupns.net
2009-10-29 04:30:17 2009-11-04 12:32:40 guazim.com A 222.170.127.114
2009-11-01 20:39:09 2009-11-04 12:32:40 guazim.com A 218.61.126.28
2009-11-03 19:08:14 2009-11-04 12:32:40 guazim.com A 117.41.183.3
2009-10-06 11:46:12 2009-10-07 12:48:24 guxreal.com A 221.12.88.17
2009-10-16 15:00:15 2009-10-16 20:00:16 guxreal.com A 221.12.88.39
2009-10-16 20:30:15 2009-10-16 20:30:15 guxreal.com A 61.164.148.18
2009-10-14 05:00:15 2009-10-17 03:00:15 guxreal.com A 61.164.126.164
2009-10-19 00:30:16 2009-10-20 00:04:29 guxreal.com A 121.14.213.151
2009-10-20 00:24:52 2009-10-20 21:30:16 guxreal.com A 221.12.88.31
2009-10-21 18:11:56 2009-10-25 12:00:15 guxreal.com A 218.10.16.239
2009-10-20 21:37:37 2009-10-26 02:30:16 guxreal.com A 61.158.162.139
2009-10-27 21:30:16 2009-10-27 23:00:16 guxreal.com A 121.14.213.169
2009-10-23 09:30:17 2009-10-27 23:30:16 guxreal.com A 59.175.230.59
2009-10-26 03:00:16 2009-10-28 01:30:16 guxreal.com A 222.170.127.100
2009-10-28 02:00:16 2009-10-28 18:00:16 guxreal.com A 221.12.88.9
2009-10-12 10:56:39 2009-10-29 10:48:25 guxreal.com SOA ns1.domain.com admin.domain.com 1
2009-10-07 15:03:18 2009-11-01 12:30:03 guxreal.com A 218.61.126.20
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns1.guxreal.com
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns1.tepka.biz
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns2.bupns.net
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns2.guxreal.com
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns3.guxreal.com
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns3.roofns.com
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns4.gootns.com
2009-10-06 11:46:12 2009-11-04 12:31:43 guxreal.com NS ns4.guxreal.com
2009-10-29 04:30:16 2009-11-04 12:31:43 guxreal.com A 222.170.127.114
2009-11-01 21:00:31 2009-11-04 12:31:43 guxreal.com A 218.61.126.28
2009-11-03 19:30:18 2009-11-04 12:31:43 guxreal.com A 117.41.183.3
2009-10-20 16:15:05 2009-10-20 16:15:05 momontom.com A 221.12.88.31
2009-10-21 16:40:34 2009-10-21 16:40:34 momontom.com A 61.158.162.139
2009-10-26 13:20:33 2009-10-27 20:39:01 momontom.com A 59.175.230.59
2009-10-27 21:32:17 2009-10-27 23:12:21 momontom.com A 121.14.213.169
2009-10-26 10:13:58 2009-10-28 11:19:10 momontom.com A 222.170.127.100
2009-10-28 06:26:02 2009-10-28 17:44:00 momontom.com A 221.12.88.9
2009-10-28 14:14:36 2009-10-28 19:38:09 momontom.com SOA ns1.domain.com admin.domain.com 1
2009-10-28 18:09:19 2009-10-29 03:53:47 momontom.com A 218.61.126.20
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns1.momontom.com
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns1.tepka.biz
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns2.bupns.net
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns2.momontom.com
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns3.momontom.com
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns3.roofns.com
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns4.gootns.com
2009-10-20 16:15:05 2009-10-31 07:00:32 momontom.com NS ns4.momontom.com
2009-10-29 04:27:53 2009-10-31 07:00:32 momontom.com A 222.170.127.114
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list