[nsp-sec] Basic HTTP exploit bots

jose nazario jose at arbor.net
Wed Oct 22 14:19:09 EDT 2008 

Caught a bunch of bots scanning for this vuln:

    http://www.milw0rm.com/exploits/6700

# DFF PHP Framework API (Data Feed File) Multiple Inclusion Vulnerabilities

Timestamp, origin Ips, and ASN resolution below.

Bulk mode; whois.cymru.com [2008-10-22 18:18:37 +0000]
10429   | 189.20.85.34     | [20/Oct/2008:02:56:38-0400] | Telefonica
Empresas SA
10429   | 189.20.85.34     | [20/Oct/2008:02:56:42-0400] | Telefonica
Empresas SA
10429   | 189.20.85.34     | [20/Oct/2008:02:56:43-0400] | Telefonica
Empresas SA
10429   | 189.20.85.34     | [20/Oct/2008:03:00:00-0400] | Telefonica
Empresas SA
10429   | 189.20.85.34     | [20/Oct/2008:03:00:00-0400] | Telefonica
Empresas SA
14425   | 216.150.240.52   | [20/Oct/2008:06:52:26-0400] |
MENDO-COMMUNITY-NET - Mendocino Community Network
14425   | 216.150.240.52   | [20/Oct/2008:06:52:26-0400] |
MENDO-COMMUNITY-NET - Mendocino Community Network
8220    | 62.152.127.174   | [20/Oct/2008:08:09:18-0400] | COLT COLT
Telecommunications
8220    | 62.152.127.174   | [20/Oct/2008:08:09:18-0400] | COLT COLT
Telecommunications
8220    | 62.152.127.174   | [20/Oct/2008:08:09:18-0400] | COLT COLT
Telecommunications
8220    | 62.152.127.174   | [20/Oct/2008:08:09:55-0400] | COLT COLT
Telecommunications
8220    | 62.152.127.174   | [20/Oct/2008:08:09:56-0400] | COLT COLT
Telecommunications
8220    | 62.152.127.174   | [20/Oct/2008:08:09:58-0400] | COLT COLT
Telecommunications
9198    | 89.218.85.18     | [20/Oct/2008:08:10:44-0400] | KAZTELECOM-AS
Kazakhtelecom Corporate Sales Administration
9198    | 89.218.85.18     | [20/Oct/2008:08:10:45-0400] | KAZTELECOM-AS
Kazakhtelecom Corporate Sales Administration
9198    | 89.218.85.18     | [20/Oct/2008:08:10:45-0400] | KAZTELECOM-AS
Kazakhtelecom Corporate Sales Administration
9198    | 89.218.85.18     | [20/Oct/2008:08:11:04-0400] | KAZTELECOM-AS
Kazakhtelecom Corporate Sales Administration
9198    | 89.218.85.18     | [20/Oct/2008:08:11:04-0400] | KAZTELECOM-AS
Kazakhtelecom Corporate Sales Administration
9198    | 89.218.85.18     | [20/Oct/2008:08:11:04-0400] | KAZTELECOM-AS
Kazakhtelecom Corporate Sales Administration
30099   | 64.34.176.139    | [20/Oct/2008:11:23:04-0400] | SB-2 -
ServerBeach
30099   | 64.34.176.139    | [20/Oct/2008:11:23:05-0400] | SB-2 -
ServerBeach
30099   | 64.34.176.139    | [20/Oct/2008:11:23:05-0400] | SB-2 -
ServerBeach
30099   | 64.34.176.139    | [20/Oct/2008:11:23:50-0400] | SB-2 -
ServerBeach


-- jose

More information about the nsp-security mailing list