Bad Actors Part 4 - HostFresh
There was an excellent report published in 2008 by HostExploit that showed the connections between Atrivo and those for whom it provided downstream services. One of those such customers was a Chinese provider called HostFresh. I thought it might be interesting to look at two IP blocks which were previously part of the Atrivo network - 58.65.232.0/21 and 116.50.8.0/21 - but are now routed by others.
Below we can see the information registered about HostFresh:
aut-num: AS23898
as-name: HOSTFRESH-AS-AP
descr: HostFresh Internet
descr: Internet Service Provider
country: HK
notify: ipadmin@hostfresh.com
I encourage you to read the blog archive and review parts 1, 2, and 3 of this series to familiarize yourself with the format.
There was an excellent report published in 2008 by HostExploit that showed the connections between Atrivo and those for whom it provided downstream services. One of those such customers was a Chinese provider called HostFresh. I thought it might be interesting to look at two IP blocks which were previously part of the Atrivo network - 58.65.232.0/21 and 116.50.8.0/21 - but are now routed by others.
Below we can see the information registered about HostFresh:
aut-num: AS23898
as-name: HOSTFRESH-AS-AP
descr: HostFresh Internet
descr: Internet Service Provider
country: HK
notify: ipadmin@hostfresh.com
I encourage you to read the blog archive and review parts 1, 2, and 3 of this series to familiarize yourself with the format.
Read the full story
http://blog.fireeye.com/research/2009/02/bad-actors-part-4---hostfresh.html
No comments:
Post a Comment