New domain as of 30 mins ago, is through UK2 (surprise surprise), though there's been one prior to that, through DirectI (suspended a few mins after being reported);
fileyourextension.net/New-Video-Addon.48560.exe
IP: 46.30.41.199
Incidentally, Webazilla are announcing a new downstream as of 13-07-2011 (Florida based, ServerClub Inc), which has grabbed a number of /24's, so this is going to be a rather intruiging research project. Why is this intruiging? Well lookie who is also showing their face;
inetnum: 93.170.104.0 - 93.170.111.255
netname: SERVERCLUB-NET
descr: ServerClub Inc.
country: US
admin-c: AL7411-RIPE
tech-c: AL7411-RIPE
status: ASSIGNED PA
mnt-by: MNT-ALFATELECOM
mnt-domains: MNT-SERVERCLUB
mnt-domains: MNT-ALFATELECOM
mnt-lower: MNT-ALFATELECOM
mnt-routes: MNT-SERVERCLUB
source: RIPE # Filtered
person: Andrey Lebedev
phone: +1 850 632 4422
address: 401 E. Las Olas Blvd., Suite 130-204, FL 33301, Fort Lauderdale
e-mail: network@serverclub.com
mnt-by: MNT-ALFATELECOM
nic-hdl: AL7411-RIPE
source: RIPE # Filtered
route: 93.170.0.0/15
descr: Alfa Telecom s.r.o. route
origin: AS44546
mnt-by: MNT-ALFATELECOM
mnt-lower: MNT-ALFATELECOM
source: RIPE # Filtered
route: 93.170.104.0/21
descr: SERVERCLUB
origin: AS35415
mnt-by: WZNET-MNT
source: RIPE # Filtered
netname: SERVERCLUB-NET
descr: ServerClub Inc.
country: US
admin-c: AL7411-RIPE
tech-c: AL7411-RIPE
status: ASSIGNED PA
mnt-by: MNT-ALFATELECOM
mnt-domains: MNT-SERVERCLUB
mnt-domains: MNT-ALFATELECOM
mnt-lower: MNT-ALFATELECOM
mnt-routes: MNT-SERVERCLUB
source: RIPE # Filtered
person: Andrey Lebedev
phone: +1 850 632 4422
address: 401 E. Las Olas Blvd., Suite 130-204, FL 33301, Fort Lauderdale
e-mail: network@serverclub.com
mnt-by: MNT-ALFATELECOM
nic-hdl: AL7411-RIPE
source: RIPE # Filtered
route: 93.170.0.0/15
descr: Alfa Telecom s.r.o. route
origin: AS44546
mnt-by: MNT-ALFATELECOM
mnt-lower: MNT-ALFATELECOM
source: RIPE # Filtered
route: 93.170.104.0/21
descr: SERVERCLUB
origin: AS35415
mnt-by: WZNET-MNT
source: RIPE # Filtered
Highly likely based on this, that ServerClub Inc, are Russian/Ukranian, rather than American (regardless of where their offices are registered).
References
Part 10: Renos on the move (previously: Interserver, malware, and the Scottish weather)
http://hphosts.blogspot.com/2011/07/part-10-renos-on-move-previously.html
Part 9: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/07/part-9-interserver-malware-and-scottish.html
Part 8: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/07/part-7-interserver-malware-and-scottish_18.html
Part 7: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/07/part-7-interserver-malware-and-scottish.html
Part 6: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/07/part-6-interserver-malware-and-scottish.html
Part 5a: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish_28.html
Part 5: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish.html
Part 4: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-4-interserver-malware-and-scottish.html
Part 3: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-3-interserver-malware-and-scottish.html
Part 2: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-2-interserver-malware-and-scottish.html
Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/interserver-malware-and-scottish.html
Posts
No comments:
Post a Comment