Menu
  • Home
  • all articles that deal with spamming
  • poisoned workstations/servers detected
  • all articles dealing with webspamming aka scams
  • all articles dealing with hacking
  • content that deals with current status of netranges
  • Pride and ignorance are akin.
  • whitelisted hosts needed by customers
  • output generated by netsecdb engine
  • things we deliver to outside
    • what users/admins say about netsedb
  • external news regarding network security and fighting cybercrime
  • all about netsecdb stats
  • Impressum
  • Terms of Use/Disclaimer
proxy check
no proxy detected.

Startseite

Destinations from MS08-067 Worm, Downadup/Conflicker - status of 2009/02/14

PostDateIcon So, 02/15/2009 - 03:54 | alladin

Check Output section for current lists.

Update 2009/04/24: Autotagging job runs for nums<10
Update 2009/04/23: Currently tagging acc. nets in Db.
Update 2009/04/22: Resuls gave 1.048 unique IPs that appeared more than 2times.
Update 2009/04/22: Finished checking 2.961.343 domains from database - let's see...
Update 2009/04/01: Conficker.C may list round about 1.34 Mio domains
Update 2009/03/31: aaaaaaaaaaaaaaaaarrrrrrgghhssss - April List contains round about 1.4 Mio domains to check and map .. this will take a while

Update 2009/03/31: Read HoneyNet Org- Know Your Enemy: Containing Conficker and Uni Bonn - Containing Conficker

Update 2009/03/02: Read MSRC Blog. Affects variant A and B.

Update 2009/02/25: read article on Malware Threat Center for their analysis on conflicker variant A and B.

Article from microsoft website:

-- snip --
Along with Microsoft, organizations involved in this collaborative effort include ICANN, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.
-- snip --

look at the other ones ...

unique IPs/netranges from destination domains:

124.172.156.32 CN XYDnet APNIC-124 124.172.156.0 - 124.172.156.255 124.172.156.0/24
netname: NGNNET
descr: World Crossing Telecom(GuangZhou) Ltd.
descr: 17/FL,International Bank Center,
descr: 191# DongFengXi Rd. Guangzhou, Guangdong

143.215.143.11 US GATECH NET-143-0-0-0-0 143.215.0.0 - 143.215.255.255 143.215.0.0/16 1990-06-30 GIT
OrgName: Georgia Institute of Technology
OrgID: GIT
Address: 258 Fourth St NW
Address: Rich Building
City: Atlanta

146.57.249.100 US UMN-MRS-NET NET-146-0-0-0-0 146.57.0.0 - 146.57.255.255 146.57.0.0/16 1991-01-21 UNIVER-233
OrgName: University of Minnesota
OrgID: UNIVER-233
Address: 2218 Univ Ave SE
City: Minneapolis

147.83.152.184 ES UPCNET EU-ZZ-147 147.83.0.0 - 147.83.255.255 147.83.0.0/16 1993-09-27 Universitat Politecnica de Cat
netname: UPCNET
descr: Universitat Politecnica de Catalunya
descr: Barcelona
country: ES

149.20.54.193 US ISC-NET3 NET-149-0-0-0-0 149.20.0.0 - 149.20.255.255 149.20.0.0/16 1992-01-28 ISC-94-Z
OrgName: Internet Systems Consortium, Inc.
OrgID: ISC-94-Z
Address: 950 Charter Street
City: Redwood City

149.20.56.32 US ISC-NET3 NET-149-0-0-0-0 149.20.0.0 - 149.20.255.255 149.20.0.0/16 1992-01-28 ISC-94-Z
OrgName: Internet Systems Consortium, Inc.
OrgID: ISC-94-Z
Address: 950 Charter Street
City: Redwood City
StateProv: CA

159.226.7.162 CN CSTNET 159.226.0.0 - 159.226.255.255 159.226.0.0/16 2008-06-24 CHINA SCIENCE AND TECHNOLOGY N
netname: CSTNET
descr: CHINA SCIENCE AND TECHNOLOGY NETWORK
descr: No.4, Zhongguancun 4th South Street,
descr: Haidian District, Beijing
country: CN

173.45.234.232 US SLICE-STL-SH NET-173-0-0-0-0 173.45.224.0 - 173.45.255.255 173.45.224.0/19 2008-10-13 SLICE
OrgName: Slicehost LLC
OrgID: SLICE
Address: 4579 Laclede Avenue #258
City: St. Louis

173.45.240.5 US SLICE-STL-SH NET-173-0-0-0-0 173.45.224.0 - 173.45.255.255 173.45.224.0/19 2008-10-13 SLICE
OrgName: Slicehost LLC
OrgID: SLICE
Address: 4579 Laclede Avenue #258
City: St. Louis

174.132.148.66 US NETBLK-THEPLANET-BLK-15 NET-174-0-0-0-0 174.132.0.0 - 174.133.255.255 174.132.0.0/15 2008-06-17 TPCM
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston

199.2.137.252 US FON-3338832128690 NET-199-0-0-0-1 199.2.137.0 - 199.2.137.255 199.2.137.0/24 2001-02-14 MSFT
OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Drive
City: Reston
StateProv: VA

203.171.227.10 CN GIANT 203.171.224.0 - 203.171.239.255 203.171.224.0/20 2006-04-20 ZhengZhou GIANT Computer Netwo
netname: GIANT
descr: ZhengZhou GIANT Computer Network Technology Co., Ltd
descr: Room 701 Information Building NO.144 Garden Road, Zhenzhou
descr: Henan, P.R.China

204.94.86.74 US MARKETLIVE-1 NET-204-94-80-0-1 204.94.86.64 - 204.94.86.79 204.94.86.64/28 2008-08-05 RAGING-3
OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Drive
City: Reston

205.178.145.65 US NSLLC01 NET-205-178-128-0-1 205.178.145.0 - 205.178.145.255 205.178.145.0/24 2006-05-19 NSL-37
OrgName: InQuent Technologies Inc.
OrgID: INQT
Address: 150 York St, Suite 1900
City: Toronto

205.188.161.4 US AOL-DTC NET-205-0-0-0-0 205.188.0.0 - 205.188.255.255 205.188.0.0/16 1998-04-18 AMERIC-59
OrgName: America Online, Inc
OrgID: AMERIC-59
Address: 22080 Pacific Blvd
City: Sterling

209.62.20.226 US NETBLK-THEPLANET-BLK-EV1-16 NET-209-0-0-0-0 209.62.0.0 - 209.62.127.255 209.62.0.0/17 2007-03-19 TPCM
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston

211.9.58.163 JP G-SERVE 211.9.58.160 - 211.9.58.167 211.9.58.160/29 2003-08-14 G-SERVE

212.158.162.5 RU RU-CARAVAN-990714 212.158.160.0 - 212.158.175.255 212.158.160.0/20 1999-07-14 ISP "CARAVAN"

212.227.10.28 DE SCHLUND-CUSTOMERS 212.227.0.0 - 212.227.13.255 212.227.0.0/20 2004-06-11 Schlund + Partner AG

212.67.202.8 GB UK-PIPEX-HOSTED-SERVERS-12 UK-GLOBAL-990512 212.67.202.0 - 212.67.202.255 212.67.202.0/24 2005-03-08 PIPEX Hosting Leeds colo
netname: UK-PIPEX-HOSTED-SERVERS-12
descr: PIPEX Hosting Leeds colo
descr: Leeds
country: GB

212.97.133.21 DK SURFTOWNDK 212.97.132.0 - 212.97.135.255 212.97.132.0/22 2007-10-28 Surftown A/S

213.159.193.55 RU RU-ACSIT-20080318 213.159.192.0 - 213.159.223.255 213.159.192.0/19 2008-03-18 ACSIT-NET

213.171.218.120 GB FASTHOSTS-UK-NETWORK 213.171.218.0 - 213.171.219.255 213.171.218.0/23 2003-08-05 UK's largest web hosting compa

213.188.129.183 NO COM-ACTIVEISP 213.188.128.0 - 213.188.134.255 213.188.128.0/21 2000-01-26 Active 24 ASA. Region Norway
213.188.129.184 NO COM-ACTIVEISP 213.188.128.0 - 213.188.134.255 213.188.128.0/21 2000-01-26 Active 24 ASA. Region Norway

216.104.161.117 US TIERRANET-2BLK NET-216-0-0-0-0 216.104.160.0 - 216.104.191.255 216.104.160.0/19 2000-07-17 TIER
216.104.161.217 US TIERRANET-2BLK NET-216-0-0-0-0 216.104.160.0 - 216.104.191.255 216.104.160.0/19 2000-07-17 TIER
OrgName: TierraNet Inc.
OrgID: TIER
Address: PO BOX 502010
City: San Diego

216.21.239.197 US RCOM-1BLK NET-216-0-0-0-0 216.21.224.0 - 216.21.239.255 216.21.224.0/20 2000-06-28 REG
OrgName: Register.com, Inc
OrgID: REG
Address: 575 8th Avenue
City: New York

216.8.179.26 CA MNSI-NEXTD-BLK1 NET-216-8-128-0-1 216.8.176.0 - 216.8.179.255 216.8.176.0/22 2005-09-26 NEXTD
OrgName: Managed Network Systems Inc.
OrgID: MNSI
Address: 300 Tecumseh Rd. East
Address: Unit 344
City: Windsor

217.113.244.80 ES itnet 217.113.244.64 - 217.113.244.95 217.113.244.64/27 2004-03-09 co-location network

218.145.71.194 KR KORNET-INFRA000001 218.145.71.128-218.145.71.255 218.145.71.128/25 0000-00-00 KORNET

218.244.147.129 CN HICHINA 218.244.144.0 - 218.244.151.255 218.244.144.0/21 2007-04-11 hichina-telecom-net

218.61.204.215 CN CNCGROUP-LN APNIC-AP 218.60.0.0 - 218.61.255.255 218.60.0.0/15 2004-04-05 CNCGROUP Liaoning province net

219.94.129.211 JP SAKURA-NET 219.94.129.0 - 219.94.129.255 219.94.129.0/24 2006-03-31 SAKURA Internet Inc.

221.130.201.9 CN CMNET-shanghai CMNET 221.130.176.0 - 221.130.207.255 221.130.128.0/17 2005-05-12 China Mobile Communications Co

24.170.188.201 US ERLK-TW-CENTRALFL26 NET-24-170-128-0-1 24.170.160.0 - 24.170.191.255 24.170.160.0/19 2006-01-18 ERTS

24.219.190.251 US YGNIT-5 NET-24-0-0-0-0 24.219.0.0 - 24.219.255.255 24.219.0.0/16 2000-11-07 YGNIT

24.240.195.100 US AMPT-24-240-192-0 NET-24-240-192-0-1 24.240.192.0 - 24.240.195.255 24.240.192.0/22 2008-12-19 CC04

38.113.1.116 US COGENT-NB-0002 NET-38-0-0-0-1 38.112.0.0 - 38.119.255.255 38.112.0.0/13 2003-08-20 PSI

58.222.17.23 CN CHINANET-JS APNIC-58 58.208.0.0 - 58.223.255.255 58.208.0.0/12 2005-06-24 CHINANET jiangsu province netw

61.145.126.204 CN CHINANET-GD 61.145.0.0 - 61.145.255.255 61.145.0.0/16 2007-07-11 CHINANET Guangdong Province Ne

61.238.149.50 HK CTIHK APNIC3 61.238.0.0 - 61.239.255.255 61.238.0.0/15 2003-11-10 City Telecom (H.K.) Ltd.
62.213.110.9 RU RU-CARAVAN-20011109 62.213.64.0 - 62.213.127.255 62.213.64.0/18 2001-11-09 PROVIDER
62.213.110.9 RU RU-CARAVAN-20011109 EU-ZZ-62 62.213.64.0 - 62.213.127.255 62.213.64.0/18 2001-11-09 PROVIDER
netname: KASPERSKY-CARAVAN-NET-1
descr: Kaspersky Lab
descr: Moscow, Russia
country: RU

64.235.44.215 US APH-LAS-NV1 NET-64-0-0-0-0 64.235.32.0 - 64.235.63.255 64.235.32.0/19 2002-09-11 AHOSTI

64.70.19.33 US SAVV-S235073-7 NET-64-70-0-0-1 64.70.19.0 - 64.70.19.255 64.70.19.0/24 2008-01-16 WORLD-119

64.95.48.5 US INAP-ACS-BASIN-23578 NET-64-94-0-0-1 64.95.48.0 - 64.95.48.63 64.95.48.0/26 2008-07-11 PNAP

64.95.58.5 US INAP-ACS003-BASIN-19060 NET-64-94-0-0-1 64.95.58.0 - 64.95.58.63 64.95.58.0/26 2008-01-23 PNAP

65.102.56.213 US USW-JIMFISHERVO NET-65-100-0-0-1 65.102.56.208 - 65.102.56.215 65.102.56.208/29 2002-06-05 JFV

66.142.232.173 US SBC066142232000021202 NET-66-136-0-0-1 66.142.232.0 - 66.142.233.255 66.142.232.0/23 2002-12-02 SIS-80

66.150.161.44 US INAP-SEF-DOTSTER-7068 NET-66-150-0-0-1 66.150.161.32 - 66.150.161.63 66.150.161.32/27 2006-04-17 DOTST-1

68.142.212.71 US INKTOMI-BLK-4 NET-68-0-0-0-0 68.142.192.0 - 68.142.255.255 68.142.192.0/18 2004-03-24 INKT

68.178.232.100 US GO-DADDY-SOFTWARE-INC NET-68-0-0-0-0 68.178.128.0 - 68.178.255.255 68.178.128.0/17 2005-04-12 GODAD

69.10.155.222 CA RACKFORCE-1 NET-69-0-0-0-0 69.10.128.0 - 69.10.159.255 69.10.128.0/19 2002-12-12 RACKF

69.16.116.94 US UMASSP2 NET-69-0-0-0-0 69.16.0.0 - 69.16.127.255 69.16.0.0/17 2002-12-19 UMAP

69.25.47.166 US INAP-WDC002-DOTSTER-7073 NET-69-25-0-0-1 69.25.47.160 - 69.25.47.191 69.25.47.160/27 2006-04-17 DOTST-1

69.46.228.32 US PARKED1 NET-69-46-224-0-1 69.46.226.0 - 69.46.228.255 69.46.226.0/23, 69.46.228.0/24 2007-10-23 PARKE-19

69.64.147.16 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.18 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.19 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.20 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.207 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.21 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.210 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.119 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.120 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.121 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.123 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.124 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.125 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.126 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.127 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM

69.66.237.74 US IOWA-TELECOM NET-69-0-0-0-0 69.66.0.0 - 69.66.255.255 69.66.0.0/16 2003-07-31 IOWATE

69.89.17.9 US BLUEHOST-NETWORK-1 NET-69-0-0-0-0 69.89.16.0 - 69.89.31.255 69.89.16.0/20 2006-10-02 BLUEH-2

70.154.82.100 US BELLSNET-BLK15 NET-70-0-0-0-0 70.144.0.0 - 70.159.255.255 70.144.0.0/12 2004-07-28 BELL

70.249.147.164 US SBC07024914600023050118175915 NET-70-240-0-0-1 70.249.146.0 - 70.249.147.255 70.249.146.0/23 2005-01-18 SIS-80

70.85.228.70 US NETBLK-THEPLANET-BLK-13 NET-70-0-0-0-0 70.84.0.0 - 70.87.255.255 70.84.0.0/14 2004-07-29 TPCM

72.167.232.152 US GO-DADDY-SOFTWARE-INC NET-72-0-0-0-0 72.167.0.0 - 72.167.255.255 72.167.0.0/16 2007-07-05 GODAD
72.167.51.186 US GO-DADDY-SOFTWARE-INC NET-72-0-0-0-0 72.167.0.0 - 72.167.255.255 72.167.0.0/16 2007-07-05 GODAD

72.34.4.115 US M72-34-4-0-DUNLAPRB-POOL1 NET-72-34-0-0-1 72.34.4.0 - 72.34.4.255 72.34.4.0/24 2006-06-08 MTCC

72.52.202.225 US LIQUIDWEB-6 NET-72-0-0-0-0 72.52.128.0 - 72.52.255.255 72.52.128.0/17 2006-08-03 LQWB

74.208.164.166 US 1AN1-NETWORK NET-74-0-0-0-0 74.208.0.0 - 74.208.191.255 74.208.0.0/17, 74.208.128.0/18 2006-11-22 11INT

74.208.26.102 US CUSTOMERS-1 1AN1-NETWORK 74.208.0.0 - 74.208.63.255 74.208.0.0/18 2007-01-16 1 and 1 Internet Inc.
74.208.64.145 US CUSTOMERS-2 1AN1-NETWORK 74.208.64.0 - 74.208.79.255 74.208.64.0/20 2007-01-16 1 and 1 Internet Inc.
74.208.64.191 US CUSTOMERS-2 1AN1-NETWORK 74.208.64.0 - 74.208.79.255 74.208.64.0/20 2007-01-16 1 and 1 Internet Inc.

74.55.100.7 US TPCM-4639844 NET-74-52-0-0-1 74.55.100.0 - 74.55.100.255 74.55.100.0/24 2008-03-12 SEDOC

75.12.45.206 US SBCIS-SBIS-6BLK NET-75-0-0-0-0 75.0.0.0 - 75.63.255.255 75.0.0.0/10 2006-02-28 SIS-80

75.126.137.166 US SOFTLAYER-4-3 NET-75-0-0-0-0 75.126.0.0 - 75.126.255.255 75.126.0.0/16 2006-05-12 SOFTL
75.126.238.193 US SOFTLAYER-4-3 NET-75-0-0-0-0 75.126.0.0 - 75.126.255.255 75.126.0.0/16 2006-05-12 SOFTL

75.4.143.59 US SBC-75-4-128-0-20-0804030132 NET-75-0-0-0-1 75.4.128.0 - 75.4.143.255 75.4.128.0/20 2008-04-03 SIS-80

76.229.106.39 US SBC-76-229-104-0-22-0705140611 NET-76-192-0-0-1 76.229.104.0 - 76.229.107.255 76.229.104.0/22 2007-05-14 SIS-80

76.240.151.177 US SBC-76-240-151-176-29-0707111905 NET-76-192-0-0-1 76.240.151.176 - 76.240.151.183 76.240.151.176/29 2007-07-12 SIS-80

78.46.64.140 DE DE-HETZNER-20070416 RIPE-CIDR-BLOCK 78.46.0.0 - 78.47.255.255 78.46.0.0/15 2007-04-16 Hetzner Online AG

80.203.39.96 NO NEXTGENTEL-NO 80.203.16.0 - 80.203.47.255 80.203.0.0/18 2002-11-14 XDSL access and service provid

82.3.103.106 GB NTL 82.3.96.0 - 82.3.111.255 82.3.96.0/20 2004-01-06 NTL Infrastructure - Renfrew

82.42.189.145 GB BROADBANDAUDIT UK-CABLEINET-20030131 82.42.189.0 - 82.42.189.255 82.42.189.0/24 2007-10-23 BROADBAND KNOW UBR07LIVE

82.98.86.176 DE SEDO-1-NET 82.98.86.0 - 82.98.86.255 82.98.86.0/24 2007-06-15 Sedo Domain Parking

83.68.16.6 NL XS4ALL 83.68.16.0 - 83.68.16.255 83.68.16.0/24 2006-02-01 XS4ALL Internet BV

85.13.136.31 DE DE-ALL-INKL-20050405 RIPE-CIDR-BLOCK 85.13.128.0 - 85.13.191.255 85.13.128.0/18 2005-04-05 Neue Medien Muennich

87.106.142.154 DE SCHLUND-CUSTOMERS DE-SCHLUND-20050810 87.106.128.0 - 87.106.143.255 87.106.128.0/20 2007-01-29 Schlund + Partner AG
87.106.34.1 DE SCHLUND-CUSTOMERS 87.106.32.0 - 87.106.47.255 87.106.32.0/20 2005-01-19 Schlund + Partner AG
87.106.86.28 DE SCHLUND-CUSTOMERS DE-SCHLUND-20050810 87.106.80.0 - 87.106.95.255 87.106.80.0/20 2006-11-29 Schlund + Partner AG

97.74.119.216 US GO-DADDY-SOFTWARE-INC NET-97-0-0-0-0 97.74.0.0 - 97.74.255.255 97.74.0.0/162008-08-14 GODAD
98.136.50.188 US A-YAHOO-US9 NET-98-0-0-0-0 98.136.0.0 - 98.136.127.255 98.136.0.0/17 2007-12-07 YHOO

99.148.169.172 US SBC-99-148-168-0-22-0801152612 NET-99-128-0-0-1 99.148.168.0 - 99.148.171.255 99.148.168.0/22 2008-01-15 SIS-80

  | PostTagIcon Tags: poisoned

Copyright © 2008/2009 Claus Marxmeier EDV-Service
Alle Rechte vorbehalten. Insbesondere dürfen Nachdruck, Aufnahme in Online-Dienste und Internet und Vervielfältigung auf Datenträger
wie CD-ROM, DVD-ROM etc. nur nach vorheriger schriftlicher Zustimmung erfolgen.
Die Anbieter haften nicht für unverlangt eingesandte Manuskripte und Fotos.

Designed by Claus Marxmeier.