NuclearPack back to OVH and changed strategy - Feb 22, 2014

1. Sat, Feb 22 2014
2. #DhiaLite - NuclearPack EK subdomains back to OVH on 198.50.143.65
3.  
4. Check http://pastebin.com/KuxpNJwV for a recent Update
5.  
6. Bad actors are slightly changing strategy. They are not using dedicated IPs to Nuclear, but using IPs used for other older content possibly to evade being singled out or to recylce resources.
7. 198.50.143.65 has hosted Turkish speaking gaming sites since November 2013.
8.  
9. Furthermore,
10. 198.50.143.65 is part of a pre-allocated OVH range
11. 198.50.143.64 - 198.50.143.79
12.  
13. Other IPs in the range have also been used for hosting gaming sites + the new Nuclear on 198.50.143.65.
14.  
15. First seen, Last seen of the IP range. They have been around for a while
16.  
17. 198.50.143.65 2013-11-22 2014-02-22 92
18. 198.50.143.64 2013-11-22 2014-01-25 64
19. 198.50.143.67 2013-11-23 2014-01-09 47
20. 198.50.143.66 2013-11-23 2014-01-08 46
21. 198.50.143.79 2013-11-23 2013-12-10 17
22. 198.50.143.78 2013-11-23 2013-12-10 17
23. 198.50.143.75 2013-11-23 2013-12-10 17
24. 198.50.143.74 2013-11-23 2013-12-10 17
25. 198.50.143.73 2013-11-23 2013-12-10 17
26. 198.50.143.72 2013-11-23 2013-12-10 17
27. 198.50.143.71 2013-11-25 2013-12-10 15
28. 198.50.143.69 2013-11-25 2013-12-10 15
29. 198.50.143.68 2013-11-25 2013-12-10 15
30. 198.50.143.70 2013-11-23 2013-12-09 16
31. 198.50.143.76 2013-11-25 2013-12-09 14
32. 198.50.143.77 2013-11-23 2013-12-05 12
33.  
34. The Nuclear domains are usign two .ru domains for their NSs, both registered on Feb 20th, 2014
35.  
36. nddns.ru been used for a couple days
37.  
38. pirozhkoff.ru is newly used