This is just a quick update on my post concerning Atrivo/Intercage.
A lot has been happening during the last few days. Atrivo lost all its upstreams providers, then came back, finding one provider, UnitedLayer, as can be seen on cidr-report. Anyway, while this was happening, some of the malware having its c&c servers hosted by Atrivo suddenly moved to another hosting company, namely CERNEL (.net).
It is interesting to see that Cernel.net has been registered through EstDomains.
Update (2008-09-25) : Cernel.net is unreachable at the moment. The domain is pointing to...an Intercage IP address. Need I say more ? :-)
mercredi 24 septembre 2008
Par Cedric Pernet le mercredi 24 septembre 2008, 13:58 - Cybercrime