[nsp-sec] Spammer IPs - looking for the malware
Nicholas Ianelli
ni at cert.org
Fri Mar 14 13:17:17 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
Below is a list of IPs that have been seen sending spam. These IPs have
been collected over a six-hour period (March 13, 2008 1:00am -
7:00am GMT).
Any help in tracking down the malware on the machines would be great
(/me looks to Cogent or Internap :). I'm more than happy to work with
any of your customers to try and obtain the malicious code, if this is
feasible, please let me know prior to passing out my contact info.
Thanks!
Nick
https://asn.cymru.com/nsp-sec/upload/1205514777.whois.txt
174 | 38.98.50.41 | COGENT Cogent/PSI
174 | 38.98.50.43 | COGENT Cogent/PSI
174 | 38.98.50.45 | COGENT Cogent/PSI
174 | 38.98.50.54 | COGENT Cogent/PSI
174 | 38.98.51.103 | COGENT Cogent/PSI
174 | 38.98.51.115 | COGENT Cogent/PSI
174 | 38.98.51.177 | COGENT Cogent/PSI
174 | 38.98.51.182 | COGENT Cogent/PSI
174 | 38.98.51.187 | COGENT Cogent/PSI
174 | 38.98.51.232 | COGENT Cogent/PSI
174 | 38.98.51.91 | COGENT Cogent/PSI
3491 | 63.216.204.152 | BTN-ASN - Beyond The Network America, Inc.
3491 | 63.216.204.156 | BTN-ASN - Beyond The Network America, Inc.
4323 | 66.195.3.79 | TWTC - Time Warner Telecom, Inc.
6517 | 66.227.102.13 | YIPESCOM - Yipes Communications, Inc.
6517 | 66.227.102.24 | YIPESCOM - Yipes Communications, Inc.
7132 | 69.212.152.87 | SBIS-AS - AT&T Internet Services
11022 | 65.109.239.94 | ALABANZA-BALT - Alabanza, Inc.
11691 | 67.131.250.158 | EVOCATIVE - Evocative, Inc.
12180 | 64.187.120.69 | INTERNAP-2BLK - Internap Network Services
12180 | 64.187.120.72 | INTERNAP-2BLK - Internap Network Services
12180 | 64.187.120.76 | INTERNAP-2BLK - Internap Network Services
12180 | 64.187.122.8 | INTERNAP-2BLK - Internap Network Services
12180 | 64.187.124.194 | INTERNAP-2BLK - Internap Network Services
12180 | 64.187.124.195 | INTERNAP-2BLK - Internap Network Services
12180 | 64.187.124.203 | INTERNAP-2BLK - Internap Network Services
12180 | 66.151.44.27 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.101 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.102 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.103 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.104 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.105 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.106 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.107 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.108 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.109 | INTERNAP-2BLK - Internap Network Services
12180 | 69.25.165.110 | INTERNAP-2BLK - Internap Network Services
14992 | 67.199.36.85 | CRYSTALTECH - CrystalTech Web Hosting Inc.
15083 | 64.187.115.12 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.115.2 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.115.8 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.100 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.101 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.102 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.106 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.107 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.12 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.116.6 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15083 | 64.187.99.52 | INFOLINK-MIA-US - Infolink Information
Services Inc.
15149 | 66.199.227.164 | EZZI-101-BGP - EZZI.NET
15149 | 66.199.234.75 | EZZI-101-BGP - EZZI.NET
15149 | 66.199.249.60 | EZZI-101-BGP - EZZI.NET
16387 | 63.73.158.61 | HEALTHYDIRECTIONS - Healthy Directions, LLC
16852 | 66.243.62.251 | LVLT-16852 - Level 3 Communications, Inc.
16966 | 66.161.20.247 | SBCIDC-LSAN03 - AT&T Internet Services
18990 | 64.186.224.238 | AIRBAND-DALLAS - Airband Communications, Inc
21844 | 67.18.52.66 | THEPLANET-AS - THE PLANET
22241 | 64.209.212.72 | ICCEPTS - Integrated Communications Concepts
22241 | 64.209.212.74 | ICCEPTS - Integrated Communications Concepts
22241 | 64.209.212.78 | ICCEPTS - Integrated Communications Concepts
22241 | 64.209.212.80 | ICCEPTS - Integrated Communications Concepts
22241 | 64.209.212.84 | ICCEPTS - Integrated Communications Concepts
22241 | 64.209.212.92 | ICCEPTS - Integrated Communications Concepts
22241 | 67.209.32.60 | ICCEPTS - Integrated Communications Concepts
23073 | 67.209.137.16 | THECO-47 - The ColoSite, LLC
23073 | 67.209.137.26 | THECO-47 - The ColoSite, LLC
23376 | 66.100.171.162 | SPROCKETDATA - Sprocket Data, Inc.
26407 | 65.111.19.232 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 65.111.28.198 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 65.111.28.214 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 65.111.28.220 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.227 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.229 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.230 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.232 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.233 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.234 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.237 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.240 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.241 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.242 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.244 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.245 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.246 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.129.250 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.132.133 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.132.141 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.132.145 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.132.147 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.132.149 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.132.151 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.162 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.170 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.172 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.174 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.175 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.176 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.177 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.180 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.181 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.182 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.184 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.135.188 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.206 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.210 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.211 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.213 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.214 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.215 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.217 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.220 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
26407 | 66.248.148.221 | CAROLINANET-AS - CAROLINANET a division of
Guilford Communications Inc.
27325 | 66.219.34.36 | CORENAP-AS - Core NAP, L.P.
27645 | 66.79.181.142 | ASN-NA-MSG-01 - Managed Solutions Group, Inc.
27645 | 66.79.183.21 | ASN-NA-MSG-01 - Managed Solutions Group, Inc.
27645 | 66.79.183.22 | ASN-NA-MSG-01 - Managed Solutions Group, Inc.
27645 | 66.79.183.26 | ASN-NA-MSG-01 - Managed Solutions Group, Inc.
27645 | 66.79.183.29 | ASN-NA-MSG-01 - Managed Solutions Group, Inc.
29698 | 63.209.8.25 | INVESTOOLS - INVESTools Inc
30041 | 64.201.122.99 | RACETECH - Race Technologies, Inc.
30041 | 64.201.124.77 | RACETECH - Race Technologies, Inc.
31898 | 67.223.225.64 | SPRY-AS - Spry Hosting
32613 | 67.205.83.30 | IWEB-AS - Groupe iWeb Technologies inc.
40222 | 67.110.231.241 | CREDIT-ONE-AS - Credit One Bank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFH2rMdi10dJIBjZIARCLJ8AKCyYPfkhpLYlMv/hXvH6B/BUCDJ4wCgrCPf
ZmMFFxM8v+g+PLsgPfzaM7U=
=R9hF
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list