[nsp-sec] 1 day ASProx activity report
Jose Nazario
jose at arbor.net
Fri Oct 10 17:08:07 EDT 2008
Attached is a file showing hosts that we think have been scanning for SQL
injections to propagate the ASProx botnet with timestamps. All times in US
Eastern. This is based on Apache logfile analysis.
This report is under development.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
-------------- next part --------------
Bulk mode; whois.cymru.com [2008-10-10 21:05:24 +0000]
3269 | 79.5.139.36 | 10/Oct/2008:10:30:15 | ASN-IBSNAZ TELECOM ITALIA
3269 | 79.5.139.36 | 10/Oct/2008:10:30:15 | ASN-IBSNAZ TELECOM ITALIA
4760 | 219.78.58.47 | 10/Oct/2008:03:20:18 | HKTIMS-AP PCCW Limited
4760 | 219.78.58.47 | 10/Oct/2008:03:20:20 | HKTIMS-AP PCCW Limited
4812 | 58.39.178.159 | 10/Oct/2008:05:06:38 | CHINANET-SH-AP China Telecom (Group)
4812 | 58.39.178.159 | 10/Oct/2008:05:07:00 | CHINANET-SH-AP China Telecom (Group)
5432 | 80.200.38.2 | 10/Oct/2008:12:33:09 | BELGACOM-SKYNET-AS Belgacom regional ASN
5432 | 80.200.38.2 | 10/Oct/2008:12:33:09 | BELGACOM-SKYNET-AS Belgacom regional ASN
5432 | 87.65.107.136 | 10/Oct/2008:01:57:48 | BELGACOM-SKYNET-AS Belgacom regional ASN
5432 | 87.65.107.136 | 10/Oct/2008:01:57:56 | BELGACOM-SKYNET-AS Belgacom regional ASN
6079 | 216.15.108.109 | 10/Oct/2008:10:05:41 | RCN-AS - RCN Corporation
6079 | 216.15.108.109 | 10/Oct/2008:10:05:41 | RCN-AS - RCN Corporation
6197 | 68.154.39.124 | 10/Oct/2008:10:24:32 | BATI-ATL - BellSouth Network Solutions, Inc
6197 | 68.154.39.124 | 10/Oct/2008:10:24:32 | BATI-ATL - BellSouth Network Solutions, Inc
6298 | 68.3.30.158 | 10/Oct/2008:03:57:06 | ASN-CXA-PH-6298-CBS - Cox Communications Inc.
6298 | 68.3.30.158 | 10/Oct/2008:03:57:06 | ASN-CXA-PH-6298-CBS - Cox Communications Inc.
6389 | 74.251.59.41 | 10/Oct/2008:05:50:08 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 74.251.59.41 | 10/Oct/2008:05:50:08 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6739 | 79.109.211.75 | 10/Oct/2008:10:27:45 | ONO-AS Cableuropa - ONO
6739 | 79.109.211.75 | 10/Oct/2008:10:27:45 | ONO-AS Cableuropa - ONO
6739 | 79.109.211.75 | 10/Oct/2008:10:27:45 | ONO-AS Cableuropa - ONO
6739 | 79.109.211.75 | 10/Oct/2008:10:27:45 | ONO-AS Cableuropa - ONO
6848 | 81.83.142.3 | 10/Oct/2008:08:09:37 | TELENET-AS Telenet Operaties N.V.
6848 | 81.83.142.3 | 10/Oct/2008:08:09:38 | TELENET-AS Telenet Operaties N.V.
7015 | 24.34.68.148 | 10/Oct/2008:09:09:28 | CCCH-AS2 - Comcast Cable Communications Holdings, Inc
7015 | 24.34.68.148 | 10/Oct/2008:09:09:28 | CCCH-AS2 - Comcast Cable Communications Holdings, Inc
10994 | 72.184.144.142 | 10/Oct/2008:07:20:18 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
10994 | 72.184.144.142 | 10/Oct/2008:07:20:18 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
22792 | 216.145.77.111 | 10/Oct/2008:12:14:19 | MNET - MOUNTAINET
22792 | 216.145.77.111 | 10/Oct/2008:12:14:19 | MNET - MOUNTAINET
33491 | 98.226.141.33 | 10/Oct/2008:10:33:29 | DNEO-OSP7 - Comcast Cable Communications, Inc.
33491 | 98.226.141.33 | 10/Oct/2008:10:33:29 | DNEO-OSP7 - Comcast Cable Communications, Inc.
43234 | 92.21.51.215 | 10/Oct/2008:09:31:28 | CPWBBSERV-AS Carphone Warehouse Broadband Services
43234 | 92.21.51.215 | 10/Oct/2008:09:31:29 | CPWBBSERV-AS Carphone Warehouse Broadband Services
More information about the nsp-security
mailing list