[nsp-sec] 15826 uniq source IPs OLD: DDOS target www.civil.ge 1Gbps 220kpps http mixed with udp
Hillar Aarelaid
hillar.aarelaid at cert.ee
Fri Oct 10 06:46:17 EDT 2008
On Oct 8, 2008, at 4:09 PM, Hillar Aarelaid wrote:
> On Oct 7, 2008, at 10:45 PM, Hillar Aarelaid wrote:
>> target www.civil.ge
there was a second target same time under attack by the same botnet(s)
rpl.net.ua
c&c was old known 200.63.45.2
27716 | 200.63.45.2 | 200.63.45.0/24 | PA | lacnic |
2008-03-28 | Eveloz
2008-08-30 16:50:05 2008-10-03 10:02:42 megsrdomain.cn
sandbox 200.63.45.2
2008-09-27 09:32:16 2008-09-27 09:32:17 servtrans.cn
httpcnc 200.63.45.2
2008-09-27 09:32:16 2008-09-27 09:32:16 servtrans.cn
sandbox 200.63.45.2
2008-09-29 00:00:00 2008-09-29 00:00:00 servtrans.cn
malware 200.63.45.2
2008-08-15 13:11:40 2008-08-15 13:11:40 worknssrv.cn
httpcnc 200.63.45.2
2008-08-15 13:11:40 2008-10-03 10:02:42 worknssrv.cn
sandbox 200.63.45.2
2008-08-15 00:00:00 2008-10-03 00:00:00 worknssrv.cn
malware 200.63.45.2
;(
Hillar
More information about the nsp-security
mailing list