[nsp-sec] searching for the next hop
Tom Fischer
tfischer at bfk.de
Thu Sep 13 04:59:01 EDT 2012
Hi,
I'm searching for the next hop behind the c2 proxy servers used by urlzone:
first seen (UTC) last seen (UTC)
2012-09-12 07:25:26 2012-09-12 07:25:26 decorera.com A 115.64.45.89
2012-09-06 20:00:16 2012-09-12 11:10:49 decorera.com A 195.198.124.60
2012-09-12 11:10:49 2012-09-12 14:03:26 decorera.com A 94.195.109.211
2012-09-12 14:03:26 2012-09-12 14:03:26 decorera.com A 150.254.124.88
2012-08-25 06:46:15 2012-09-13 06:42:22 decorera.com A 92.50.171.166
2012-09-03 10:54:14 2012-09-13 08:15:39 decorera.com A 123.101.2.10
2012-09-10 20:50:15 2012-09-13 08:15:39 decorera.com A 108.192.132.10
2012-09-12 11:10:49 2012-09-13 08:15:39 decorera.com A 79.123.42.75
2012-09-10 20:50:15 2012-09-13 08:30:50 decorera.com A 199.115.230.213
2012-09-12 07:25:26 2012-09-13 08:30:50 decorera.com A 220.182.54.151
2012-09-12 07:25:26 2012-09-13 08:30:50 decorera.com A 72.54.32.238
2012-09-12 11:10:49 2012-09-13 08:30:50 decorera.com A 197.243.4.5
Anyone able to help to identify the backend (or next hop)?
3301 | 195.198.124.60 | TELIANET-SWEDEN TeliaSonera AB
4134 | 220.182.54.151 | CHINANET-BACKBONE No.31,Jin-rong Street
7018 | 108.192.132.10 | ATT-INTERNET4 - AT&T Services, Inc.
7545 | 115.64.45.89 | TPG-INTERNET-AP TPG Internet Pty Ltd
8426 | 79.123.42.75 | CLARANET-AS ClaraNET LTD
9112 | 150.254.124.88 | POZMAN POZMAN-EDU
17184 | 72.54.32.238 | ATL-CBEYOND - CBEYOND COMMUNICATIONS, LLC
17785 | 123.101.2.10 | CHINATELECOM-HA-AS-AP asn for Henan Provincial Net of CT
24955 | 92.50.171.166 | UBN-AS OJSC _Ufanet_
35228 | 94.195.109.211 | BEUNLIMITED Avatar Broadband Limited
37228 | 197.243.4.5 | RDB
46664 | 199.115.230.213 | VOLUMEDRIVE - VolumeDrive
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list