[nsp-sec] intercage/atrivo
Jose Nazario
jose at arbor.net
Tue Sep 16 19:13:39 EDT 2008
On Tue, 16 Sep 2008, Darren Grabowski wrote:
> Does anyone have anything active on Atrivo? I've been told that "he is
> innocent, this is a bunch of heresy, 95% of what is said is not true,
> it's all the Russians" and stuff like that.
very little in the past 24h.
ATLAS DETAILED REPORT: 27595
Generated: Tue Sep 16 23:12:18 2008 UTC
Covers 24 hour time period through now.
DENIAL OF SERVICE
OBSERVED INBOUND ATTACKS
Based on actual alerts gathered in our Internet statistics project.
Start, End, Dest CIDR, Dest ASN, Dest CC, Max BPS, Max PPS
1221434509, 1221435786, "216.255.184.150/32", "27595", US, 163104, 51
1221356595, 1221434466, "216.255.184.150/32", "27595", US, 1944056, 312
MALICIOUS CLIENTS
Scans
Based on ATLAS honeypot sensors.
IP, Cumulative Bytes
67.210.4.138, 21508.0
67.210.3.106, 18957.0
67.210.4.162, 14695.0
67.210.3.178, 11526.0
67.210.3.2, 10569.0
67.210.4.178, 10315.0
67.210.3.26, 9761.0
67.210.3.130, 8890.0
67.210.3.34, 8158.0
216.255.176.186, 7980.0
67.210.3.10, 7863.0
67.210.3.98, 7157.0
67.210.3.122, 7010.0
67.210.4.186, 6715.0
67.210.3.218, 6081.0
67.210.3.50, 3945.0
67.210.3.42, 3874.0
67.210.4.50, 3783.0
67.210.4.82, 3335.0
67.210.3.154, 3297.0
67.210.3.114, 3292.0
67.210.3.194, 3211.0
67.210.4.58, 3163.0
67.210.4.170, 2939.0
67.210.3.18, 2831.0
67.210.4.154, 2219.0
67.210.3.66, 2045.0
67.210.4.90, 1806.0
67.210.4.42, 1679.0
67.210.3.186, 1222.0
67.210.3.90, 975.0
67.210.3.202, 826.0
67.210.3.58, 724.0
67.210.4.66, 645.0
67.210.4.98, 576.0
67.210.4.74, 432.0
69.50.180.34, 384.0
other, 0
MALICIOUS SERVERS
Malicious Links
URLs contacted by malware during automated analysis.
Timestamp, CC, ASN, IP, URL
1221537600, CY, 27595, 69.50.175.194, "http://69.50.175.194/ca/count.php?flsh=0&pion=0&p=84626410&a=0003"
1221537600, US, 27595, 64.28.181.230, "http://64.28.181.230/path.txt"
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list