[nsp-sec] CIDR of interest? 89.107.104.0/21 AS39818

Jose Nazario jose at arbor.net
Mon Aug 24 09:24:07 EDT 2009 

i've found some samples that track back to this network: 89.107.104.0/21

AS      | IP               | AS Name
39818   | 89.107.104.0/21  | ONIKS-AS LLC ONIKS

pinch, proxy setups, what may be spambots, etc. not a flood but worth  
watching.

       timestamp      |       ip        
|                                                    url
---------------------+---------------- 
+----------------------------------------------------------------------- 
-------------------------------------
  2009-08-23 00:00:00 | 89.107.104.70  | http://89.107.104.70/ 
update25.php?socks_id=3799914&check25=0
  2009-08-23 00:00:00 | 89.107.104.70  | http://89.107.104.70/getIP.php
  2009-08-23 00:00:00 | 89.107.104.70  | http://89.107.104.70/ 
updateNAT.php?socks_id=3799914&check25=2
  2009-08-15 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-07 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-01 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-01 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-01 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-01 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-01 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-08-01 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-07-31 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-07-22 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-07-20 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2009-07-16 00:00:00 | 89.107.104.110 | http://89.107.104.110/ddt
  2008-04-29 00:00:00 | 89.107.104.60  | http://89.107.104.60/gate/ 
gate.php
  2008-04-13 00:00:00 | 89.107.104.60  | http://89.107.104.60/gate/ 
gate.php
  2008-03-29 00:00:00 | 89.107.104.60  | http://89.107.104.60/gate/ 
gate.php
  2008-01-17 00:00:00 | 89.107.104.60  | http://89.107.104.60/new/ 
knock.php? 
win=WinXP&id=C8F39BE&lip=172.24.50.66&s5=44713&h=11637&hs=54842&b=35067


_____________________________
jose nazario, ph.d. jose at arbor.net
manager of security research, arbor networks
http://asert.arbor.net/

More information about the nsp-security mailing list