[nsp-sec] CIDR of interest? 89.107.104.0/21 AS39818
Rob Thomas
robt at cymru.com
Mon Aug 24 11:50:42 EDT 2009
Hi, Jose.
> i've found some samples that track back to this network: 89.107.104.0/21
>
> AS | IP | AS Name
> 39818 | 89.107.104.0/21 | ONIKS-AS LLC ONIKS
We see a fair number of bots, a bit of spam, and a few open resolvers in
89.107.104.0/21.
It appears to be largely a Windows netblock. There is a bit of FreeBSD
and Linux (CentOS) in there as well. It's a mix of Apache 2.0.52 and
Apache 1.3.41.
We see the following DNS RRs pointed to hosts in 89.107.104.0/21 this month.
stamp | qname | class | type | rdata
--------------------- ---------------------------- ------- ------
----------------
2009-08-01 08:53:54 | baretto.biz | IN | A |
89.107.104.60
2009-08-01 08:54:50 | bezztune.biz | IN | A |
89.107.104.60
2009-08-15 11:07:23 | domkino.su | IN | A |
89.107.104.130
2009-08-01 16:22:33 | fegundo.in | IN | A |
89.107.104.60
2009-08-01 07:17:27 | gellower.biz | IN | A |
89.107.104.60
2009-08-01 07:20:28 | hebazerrov.com | IN | A |
89.107.104.60
2009-08-01 07:25:33 | irtevyconev.in | IN | A |
89.107.104.60
2009-08-01 07:28:01 | kernixos.in | IN | A |
89.107.104.60
2009-08-01 07:32:41 | mafkacet.in | IN | A |
89.107.104.60
2009-08-15 15:11:21 | mail.e-sellers.ru | IN | A |
89.107.104.10
2009-08-01 22:37:15 | mail.flat-jordan.ru | IN | A |
89.107.104.130
2009-08-13 12:40:40 | mail.intellect-commerce.ru | IN | A |
89.107.104.10
2009-08-02 09:40:14 | mail.mult-film.net | IN | A |
89.107.104.130
2009-08-01 18:20:25 | mail.radioteatrcom.ru | IN | A |
89.107.104.130
2009-08-01 18:20:21 | mail.radioteatr-dvd.ru | IN | A |
89.107.104.130
2009-08-03 15:25:57 | mail.radioteatr-mp3.ru | IN | A |
89.107.104.130
2009-08-02 18:42:02 | mail.ru-minfin.ru | IN | A |
89.107.104.130
2009-08-03 18:11:33 | mail.rusmults.ru | IN | A |
89.107.104.130
2009-08-06 14:22:25 | mail.russian-hosting.ru | IN | A |
89.107.104.10
2009-08-17 15:41:07 | mail.servera.msk.ru | IN | A |
89.107.104.10
2009-08-13 22:45:59 | mail.teatr-u-microfona.ru | IN | A |
89.107.104.130
2009-08-01 11:56:20 | mail.vopros-dengi.ru | IN | A |
89.107.104.130
2009-08-06 02:56:41 | mail.voprosydengi.ru | IN | A |
89.107.104.130
2009-08-20 12:00:29 | mail.welcometelecom.ru | IN | A |
89.107.104.10
2009-08-12 00:10:41 | mail.wwwlya.ru | IN | A |
89.107.104.10
2009-08-01 07:50:41 | neberland.biz | IN | A |
89.107.104.60
2009-08-01 07:50:42 | neferturo.com | IN | A |
89.107.104.60
2009-08-02 22:53:38 | ns1.welcometelecom.ru | IN | A |
89.107.104.10
2009-08-11 00:19:17 | ns3.welcome-telecom.ru | IN | A |
89.107.104.21
2009-08-01 07:54:43 | penfulio.in | IN | A |
89.107.104.60
2009-08-01 08:01:17 | sansara.biz | IN | A |
89.107.104.60
2009-08-01 08:11:23 | trebyfarse.us | IN | A |
89.107.104.60
2009-08-01 08:14:16 | verutylioy.in | IN | A |
89.107.104.60
2009-08-15 11:07:06 | www.radioteatrcom.ru | IN | A |
89.107.104.130
2009-08-01 12:17:41 | yezambur.com | IN | A |
89.107.104.60
We have 119 samples in our malware menagerie that point to hosts in
89.107.104.0/21.
timestamp | sha1 |
md5 | dst_ip | dst_port | protocol | size
--------------------- ------------------------------------------
---------------------------------- ---------------- ----------
---------- --------
2009-03-06 18:32:15 | 008098e2fd5c7dbe2b5c62449ed0c095b84d1442 |
fee762fcec6cbb9ab718bb1250cff32a | 89.107.104.70 | 2600 | 6 |
2009-04-27 13:26:49 | 0090235cfe80cc4b3b4a891c863b66b40f70ca85 |
6aa09c41dd57fa39d8d81cc08debc2c9 | 89.107.104.80 | 8891 | 17 |
2009-08-14 03:53:25 | 08ddd1bdb8e95b2a2c9e227076a2522170e80fe3 |
2a5e27e088b9ce946787463b92dcb802 | 89.107.104.40 | 2501 | 6
| 1678
2009-05-16 03:41:23 | 08e649a093eff97d08f589be7db442600593df69 |
29ad545aef42240036ced8d56b582e89 | 89.107.104.110 | 443 | 6
| 177718
2009-01-23 17:43:58 | 0c8d08a55a86d803f42e3682ee58dafd53cced7c |
0916f54396b4f586c4d2383bbdc79e16 | 89.107.104.40 | 2501 | 6
| 15
2009-07-23 14:21:01 | 0f056723110f5f9e7af64623e0d182fe5e253ef6 |
f1c16762b0fdc483adb9e794f531607b | 89.107.104.60 | 9409 | 17 |
2009-04-20 09:55:18 | 0fb115f8f5f9faaff080f6371826370223c424d5 |
af562be480a636378c243e9158772b62 | 89.107.104.70 | 2600 | 6 |
2009-03-27 04:30:32 | 1300f3ad60cfad9a59139cc1cc80846971819617 |
1e2596e282e6dc69853ed5a0b55f3f25 | 89.107.104.80 | 8891 | 17
| 2335
2009-02-10 01:11:39 | 1370654115e7981898dd25476b0bed1907629bd5 |
e0593d632848d708bb7035a411ccccfb | 89.107.104.40 | 2501 | 6 |
2009-06-12 19:48:42 | 16e25bd5f86c76fac7e78ee8fd3fe30d41d7cf23 |
37d38c05fc5dbd5003a538f45532f3c7 | 89.107.104.70 | 80 | 6 |
2009-02-13 08:38:52 | 180e141ad78519375f93e28d4e9af7000ef05a51 |
3446850c3be21f8dd273ec46230ec47e | 89.107.104.40 | 2501 | 6 |
2009-01-13 00:42:21 | 1ff6507b920a8d1bdb99134d6e2b680908409aa0 |
62c2d13c8fd55662a36189178552ee7b | 89.107.104.80 | 8871 | 17 |
2009-03-25 12:22:56 | 22aa43348428bfe150de678a6d3c10c70e942913 |
57412b142c2ec112052ebbd47274a104 | 89.107.104.40 | 2501 | 6 |
2009-05-21 21:52:08 | 2315b14515e7ba8f0ed895024c7cc55ea6415098 |
f6d32e60b977338c5f2017636c4d68aa | 89.107.104.110 | 443 | 6
| 184677
2009-02-19 04:46:27 | 23c17ae52f387955599675530c024614c2ad0bd2 |
ae6ce51853de2dd068ab4b6949fdaea2 | 89.107.104.70 | 2600 | 6 |
2009-06-26 12:23:19 | 2675c78a739f5cebe84e656461ab8a1d84fe1f11 |
3f71a7e248da793859e9db6f35fea7f2 | 89.107.104.110 | 443 | 6
| 169760
2009-02-15 21:50:12 | 27efd56375cd9fbc36c198fae84b8cb819a5c8b3 |
cef688f24b7154bdd658f636bfc5b283 | 89.107.104.70 | 2600 | 6 |
2009-02-10 08:01:20 | 2889d976d7601d489e6518963cc0d07c6be53fd9 |
c638a799b3628f26dcc0898605929cfb | 89.107.104.40 | 2501 | 6 |
2009-02-08 06:16:29 | 29a2c0e9a7d1156c745f665d5cf6b0e045360448 |
406215bd0bfcc94498a372d6415160c9 | 89.107.104.70 | 2600 | 6 |
2009-02-10 01:27:08 | 2affca2b97dcc8fbfc1132f0361c56fcb7711acb |
d44f841c9ba73a9a6a8f01dae8e8efcc | 89.107.104.40 | 2501 | 6 |
2009-02-05 04:52:23 | 2d96ba5543cb55122d8f938ed1a231cd197e9d70 |
a0cc7468353caf042f0f1770600d187d | 89.107.104.80 | 8891 | 17
| 1951
2009-02-07 04:52:47 | 2dff5942bc53c880c0a3a7c3fa1ef72f574fd382 |
cd279025491a6bb887c08ae468bcb684 | 89.107.104.80 | 8891 | 6
| 0
2009-02-11 16:36:29 | 32303b3e79a509fc9f43f9ebb16810224e7dbb38 |
666c94d0e6f10b71dd77d60a214c6325 | 89.107.104.70 | 2600 | 6 |
2009-04-24 17:20:13 | 33a09986ca4d0866585a6df36d4f4f4b6cca4a56 |
b231b34fe58fe74f923696dd4961e361 | 89.107.104.70 | 2600 | 6 |
2009-02-14 09:58:13 | 351c105e26e90796191f18b8e80822c50ebb2b9c |
08993d2c510b8ed3d27b72d47f3a3329 | 89.107.104.70 | 2600 | 6 |
2009-03-25 21:36:17 | 384495454e73c76d2080c7ba82cfbf373161a10a |
d73a5c39fe152f0a3b1d2eeb206660c2 | 89.107.104.60 | 9409 | 17 |
2009-08-07 10:03:01 | 3da50275ca894c902836d627cfa1de62fcb7307a |
18f8969cd2e7fe420ec2eda84ae7de32 | 89.107.104.70 | 2600 | 6
| 13
2009-03-21 07:22:43 | 3f0b6bae43d84527985a324f094149cc5c53a4f8 |
5afd1f6d963169a6ffc4df34a2aac9d1 | 89.107.104.70 | 2600 | 6 |
2009-02-10 01:21:23 | 40d90f4fbc5a6495869814d828c288df3df0c1b3 |
ea1448c7b7a7dbb09b0fb8562494c97c | 89.107.104.40 | 2501 | 6 |
2009-02-08 10:58:04 | 4203846ff18c52c42cb467e21bab6b6269b888b4 |
9e63875c0b1155424231b3ac9606acdb | 89.107.104.70 | 2600 | 6
|
2009-08-01 01:10:35 | 4366bfd42827b64dca5bce392d2a75c41b8e83ce |
d8a4dd14079b0d769c5b83dbe84db26e | 89.107.104.70 | 80 | 6
|
2009-04-04 03:53:28 | 4504e49ed3f52771d1f039b4ea89d5931e7c2e7c |
6206dcbef51adc629b1f72f4e6c06696 | 89.107.109.57 | 445 | 6 |
2009-02-10 21:05:23 | 4672360639c569e122cf8b436954990ddd62e8ba |
8a3694fe54aca03f600154d79a7fe175 | 89.107.104.70 | 2600 | 6 |
2009-08-22 17:42:48 | 49482d13dacc6342ff976e20f0fdfef1a98c53da |
52fc763507c0847161deeb038a564e8d | 89.107.104.70 | 80 | 6
| 1213
2009-02-09 10:57:43 | 4b6c1c0626ceba980c95d706c4aefe567628910e |
7b7cb76fdfb5cd4d2a8fe59e5029ede4 | 89.107.104.70 | 2600 | 6
|
2009-01-27 13:50:04 | 4fdaae0cfa0923a600942411c76da88119247369 |
23a0feee7aef6641c430e314d62c3534 | 89.107.104.70 | 2600 | 6
|
2009-06-26 02:03:31 | 52798129f6cefea9f2bec8d8035e3e129644aaa6 |
e9e96b90cc0971bc1671e7bbf4629042 | 89.107.104.70 | 2600 | 6
| 22
2009-03-26 09:30:17 | 53b6c2ecc6ca2385d83862247df34f3a133cff5f |
3f7d7e09f99d2a14607a944cb0086945 | 89.107.104.60 | 9409 | 17 |
2009-06-26 04:21:39 | 54e00f047f85e21aea62b5d594a0f3c57af33043 |
c06e8d57594fb0e3d9b4117a9da6093e | 89.107.104.60 | 9409 | 17
|
2009-04-17 22:51:00 | 5980451231422ba93ce6eca30a35d4225f50aada |
7e4486d84174fc892846025eca2a599c | 89.107.109.218 | 445 | 6 |
2009-02-24 21:33:50 | 59d633d7460724df84babaa928773f9a5b61c415 |
9265f965ee6d174a18caee0d67c50888 | 89.107.104.70 | 2600 | 6 |
2009-02-06 02:33:45 | 5ad69b5fbe765f342a99271622b15af1cbbfc4f6 |
754d9495516056674c0ed975f6a88e77 | 89.107.104.70 | 2600 | 6 |
2009-06-26 10:25:27 | 5c34f9c3ec834bac8edcd33245508a29ac83c3fe |
2b7a7176a00179017a6627ba82d0a637 | 89.107.104.60 | 9409 | 17 |
2009-07-30 02:01:57 | 5d18b17da8c5a6bc7d9d03af837ff5cde0ab439b |
febb36cde6db7ceba973c52f8c4fcfbe | 89.107.104.70 | 80 | 6
| 257
2009-02-05 11:09:12 | 5f6319f4ae619f34e625223dde985debafd55915 |
4acade3787bea98369a8168defce7eb6 | 89.107.104.60 | 80 | 6
|
2009-03-22 14:52:04 | 60ee1457c97022be2534acd4a0988451cefa42e5 |
ba2b70181b66f289cc874ddb69cc9946 | 89.107.104.80 | 8891 | 17
| 6743
2009-02-11 03:12:55 | 6183d4ce3cc4d9405a11ebf4f159218c34a61de1 |
0f18489f6f62ead75ffc0cc1611baccc | 89.107.104.70 | 2600 | 6
|
2009-04-24 07:50:01 | 639b4ba42c66246b5b0f7dd1c80fdbbec716b9d5 |
1e53e02ce4caa9df5e34a7b2198b042b | 89.107.104.110 | 443 | 6 |
2009-02-05 22:36:36 | 66c17ca8b630875027a419bcb459934415679b25 |
80302b46d0f155d2c42107f75800f681 | 89.107.104.70 | 2600 | 6 |
2009-08-12 14:41:18 | 68282276ea5dbf48baf8227fcbea50a926ea16ba |
46c2a57ab3d45987b5b5f52808255f7d | 89.107.104.110 | 443 | 6
| 183193
2009-08-18 01:52:12 | 68a34544a9f19df10ec2bb6a1ccbf49aa30801c6 |
26f5ac408b8416e93eadeb1b042c10c5 | 89.107.104.70 | 2600 | 6
| 13
2009-01-23 00:30:16 | 694b57c6916da716c5b8b14bea7a9fb7a1d9db21 |
3f929fbbb3d3320b34e9fa047cef0423 | 89.107.104.40 | 2501 | 6
|
2009-02-06 07:24:57 | 6a0bafc191c1f05f955867167e478b4ddad009fc |
e3b3a32ce6bd4e252e295275d126600d | 89.107.104.70 | 2600 | 6
|
2009-07-18 19:22:41 | 6b5609c34b68317ba392bc2b6bcceaa894192d52 |
680f52cee4a1910ff37fe01f6efa51f2 | 89.107.104.110 | 443 | 6
| 178470
2009-03-06 10:11:12 | 6fb1284a3ebb0daca0e9806d042d6050195303a8 |
392f8796a47773803467cd022bde65f8 | 89.107.104.70 | 2600 | 6
| 15
2009-02-10 07:29:43 | 713f1856786c53c9d38a1333b9c78c3c28915d94 |
0d141ca2aae0ab542205e32c1f808f8f | 89.107.104.40 | 2501 | 6 |
2009-02-07 00:34:03 | 7397a4b06332f9a0d8ae1e2e69a4e87b41af3c92 |
8488a714de4f5619290427953e930514 | 89.107.104.70 | 2600 | 6 |
2009-02-02 15:46:46 | 773f966c5560776fd001bb2c99856da3206e864f |
21d94010c9fccdd9c65101c2df641cac | 89.107.104.40 | 2501 | 6
|
2009-08-07 17:29:29 | 7ad09cf6bf55e2269714f8456120a35838ba98ee |
5e22426e653ef3a8d7670d374dc6aafd | 89.107.104.70 | 80 | 6 |
2009-02-10 01:16:21 | 7b0fcb04024e68b0911c55e6731cad14cc46059e |
ba15c8b64e967cf3a3ce3fce41441a0c | 89.107.104.40 | 2501 | 6 |
2009-02-01 23:06:37 | 7bbff274420084d95a6bc21d3a0da140658a1159 |
f6cad4085cc7ad4ce367bd115d66750c | 89.107.104.40 | 2501 | 6 |
2009-04-03 00:24:35 | 7beffc0d1fa4770c8d4f4614284cf487c22d5d98 |
ccf103ce3e47a207852bb04758fa9e5f | 89.107.104.80 | 8891 | 17 |
2009-02-05 19:58:40 | 7fc4002e3387093aeedcd0cb0df6d4cd78c4b178 |
c39e5cc87c00b803150d9c429ac88e52 | 89.107.104.70 | 2600 | 6 |
2009-01-28 07:50:27 | 8106839a6481cbbc034ba8dd8f6f1ec05df2b2dc |
17c101a35f72fa4de7d5f00b0080d2f4 | 89.107.104.70 | 2600 | 6 |
2009-02-02 22:52:12 | 83821b8f25e0de4fee8925c0e36897da4302a873 |
c30d0763e6ec568d8d199e59bda3e730 | 89.107.106.151 | 445 | 6 |
2009-02-13 08:32:04 | 845a1ce36896b2f43ff5573ba7e5a1894deae405 |
c61f9ddc93e2883fba7c4f6c2b48f162 | 89.107.104.40 | 2501 | 6 |
2009-01-23 00:34:45 | 849f7dc656668e332d129d322c6737e0744dce63 |
b28e7a490645d2a3b980582ec2418bbd | 89.107.104.70 | 2600 | 6
| 15
2009-02-11 03:20:55 | 882dc48b30227c86b813df8f5077c0e9cb62ebca |
62cfb43df1b482758223ccbd154f22ce | 89.107.104.70 | 2600 | 6 |
2009-04-28 10:42:05 | 8ab3e871b89e7c8031e065da8b4953bbfa70c2d7 |
53399e4f4ce458ced06d98ce2029fddc | 89.107.104.70 | 2600 | 6
| 13
2009-02-10 07:32:47 | 8b9635f219bb16267e0ee1bd6ed2497e9c6cae12 |
83f3bc1ed68e7c4483393842758b2719 | 89.107.104.40 | 2501 | 6 |
2009-04-12 08:20:13 | 8bee058c6e41adb3e78ae3a22a6c4728534b6d1f |
40b52778c0699e8aea0fb88ab5d0a2ab | 89.107.104.70 | 2600 | 6 |
2009-03-19 17:42:32 | 8caa6b8c8dbb297781aa5fd146d96ca82c3f45e5 |
92ac1c350a51974572bcc9986d55d63a | 89.107.104.110 | 443 | 6
| 178064
2009-01-13 00:47:17 | 8eb260fbe3461eb66ff607926ce712251cc11c0e |
69285265a3bc86961df30d94152242dc | 89.107.104.70 | 2600 | 6 |
2009-02-10 01:56:47 | 9a415fc2eb31af73e630f6121e2049c0618d5191 |
d598d254b1183336277c0a71328222ab | 89.107.104.40 | 2501 | 6 |
2009-03-16 08:54:01 | 9ac6bdc68b43e7a0ad6ffca0611634d54e14ddc9 |
0a79718bccb8ca12d4571171e077ecdc | 89.107.104.110 | 8080 | 6 |
2009-04-22 01:03:17 | 9c8b7611cbe1efa79ee08b174c5b937f1bebfee6 |
55b8dc21d6fc679860f04640fcbf6374 | 89.107.104.70 | 2600 | 6
| 13
2009-04-20 10:04:53 | 9edbb422b7bbb3f7ae8ea7e6ead2539c94acdb5b |
d71a6c0cd28eecf9df072807cec98732 | 89.107.104.40 | 2501 | 6 |
2009-01-13 21:20:07 | a37586786efa95139968a1ded56992fa82487bfe |
13a15f5219829c1ec1d4bed95ba0fbc2 | 89.107.104.40 | 2501 | 6 |
2009-02-23 04:40:46 | a61597c07955d2af166a28e61fbc097028ee5c52 |
878392f6b75ba2ebf6b56af9983fd704 | 89.107.104.70 | 2600 | 6 |
2009-02-08 13:43:05 | a631fa09db751183eda76fb9eae9522886b7f503 |
d8a32d6d485be26f4e09d818654c7e8f | 89.107.104.80 | 8891 | 6
| 0
2009-02-10 01:28:44 | a79757b22ce4ceab2316d1ef2ca60cf7cc14623e |
5c175f7a581533a0e625e0344dec83b5 | 89.107.104.40 | 2501 | 6 |
2009-03-06 20:01:39 | aa10f79bcc2a376373aafe34f911ea34dffdafcb |
2bb5c17f944a11656c723fc2d823159e | 89.107.104.60 | 9409 | 17
| 117
2009-02-10 07:38:10 | aadd98e5d7dc81866984e40aac113e5bfcba0cc9 |
bd80936991ceb08f70cee50b6b203d5a | 89.107.104.40 | 2501 | 6 |
2009-04-29 14:32:56 | aaf21f289ce367febb9b52443e52a64023ae63b4 |
9442915c97ac3339bbed6d61a9378568 | 89.107.104.110 | 443 | 6
| 181938
2009-08-16 00:52:53 | ae65014e21c9c83807770928fb84ab3baafcbe0c |
303264a5a48f6672cc8c042225fbaa3f | 89.107.104.40 | 2501 | 6
| 1903
2009-02-05 22:07:36 | afca767f11c89e4a273164da8219df59f07f17ae |
fcee27fcdd091081664d63cb2395bd5d | 89.107.104.80 | 8871 | 17 |
2009-02-12 08:00:32 | b0c598aded5a95fa5d9cefe8471aaed91b627a78 |
43c7900d41328e2f1e17a2029c492779 | 89.107.104.70 | 2600 | 6 |
2009-04-25 01:21:26 | b2af0b73056d9e0642f35cba8b164683d239002f |
71b051c5abc9989f42227b82d1ab0eff | 89.107.104.70 | 2600 | 6 |
2009-03-14 21:00:35 | b384c6b6da75697ad8620dbf8789c34f8a789615 |
9a76ab00c08034d62baf6e995fb8b45e | 89.107.104.110 | 8080 | 6
| 33179
2009-04-25 14:24:43 | b3eca2e86e94314945b6925d4a63b943bcce93bc |
796b7055e3d3ebf331cbbdbbebcaba72 | 89.107.104.80 | 8891 | 17 |
2009-02-05 12:58:03 | b459d8d079b5368a23ed7a7b0e61fbdcde754902 |
ffc08e6dbd32b8d4f4a53fe4ec9b5d10 | 89.107.104.70 | 2600 | 6 |
2009-07-13 04:21:38 | b551e61d74a72978e78574f7923f91f1376268de |
ae8eb6d588237d161a80f0255cb434c5 | 89.107.104.60 | 9409 | 17 |
2009-06-15 13:20:27 | b7fd54e0f2916fd62c8fdc8818650b91bb704bc3 |
26cd945608cf108902f8551cc8b2a735 | 89.107.104.60 | 9409 | 17 |
2009-03-25 13:20:05 | ba6f8ff25a1d1390d75c5bcd18ae051412ab1b1d |
f2b800da1a7ce538d19df35ecbbfb82f | 89.107.104.40 | 2501 | 6 |
2009-02-10 07:35:36 | baae1bff6f151d19dd7316278cd6639c4b5ce024 |
fc77808eb9ef30473dcef008c4d3e2b0 | 89.107.104.40 | 2501 | 6 |
2009-02-14 03:00:17 | c21de7a32748e120b606a9182af5c3109cb332f7 |
86892f5bbad6d1a8151de982d76dd19d | 89.107.104.70 | 2600 | 6 |
2009-02-10 01:10:54 | c2d76f2fc79092da12d7053bd122581d2610ac66 |
4929ce199cbb179b4c1b3210a5bdfdc7 | 89.107.104.40 | 2501 | 6 |
2009-02-10 07:48:27 | c44d711b958619b94e359272f7af26fedcd2057c |
9db53abda85165429775d67030f33c5f | 89.107.104.40 | 2501 | 6
|
2009-02-08 14:44:27 | c63c1a29975eeeba2e6bd859618f3da818667015 |
a53d7ae057c4d8487e6e81c21adf305a | 89.107.104.40 | 2501 | 6 |
2009-02-07 05:41:43 | c8e9f67d982836a9b87a7d4c8688d8a652595113 |
62296173a68326c704589e90c58eb0a9 | 89.107.104.70 | 2600 | 6
|
2009-02-07 20:20:29 | c9dabcd0b40c008a3648aeda330cf06327ff288a |
c748e9b0ea4382b7a38b2018b882ff90 | 89.107.104.80 | 8891 | 17
| 2335
2009-02-26 05:13:42 | ce03e7d3812d55dd957353f4f5eee9a4e727d7b2 |
d5f650a866bf9c1d8b9689365bbe5325 | 89.107.104.70 | 2600 | 6 |
2009-05-10 20:29:37 | d08f48b6cba2da0ac60b760d7f4b490067088e63 |
e39c5d4fae301f3dcaefe5ac0dbb18c5 | 89.107.104.60 | 9409 | 17
|
2009-03-25 13:24:07 | d68803a99bef9feb0c0e290f7a3dab7fd5168095 |
c0cecb9c9906afe066f97ce221109a11 | 89.107.104.40 | 2501 | 6 |
2009-02-10 07:32:17 | da7f2d2fee53671ee4d499dfe0bcc8fefdf6b296 |
42bf677ce306c6eafaafd2aa2bd37157 | 89.107.104.40 | 2501 | 6 |
2009-03-25 13:23:35 | dc23c64c569a1da21208a97a992d939310d18a77 |
1cdce42a1eb5b3eafe21eddbadc865b1 | 89.107.104.40 | 2501 | 6 |
2009-02-21 16:40:43 | dd5e324b32bc94ca1c39743c290936016ff906fe |
fed5349286f578eb1bd4124ae3dfab5f | 89.107.104.40 | 2501 | 6
| 15
2009-04-02 21:26:26 | e1c8ebdf2fb0bcea9e5ea65f1c2fec5efac4342c |
0cfb72f8d76e207b1b2370fee8813b28 | 89.107.104.40 | 2501 | 6 |
2009-01-26 21:51:00 | e1d1b8c859b65c3bc12c6f1be8d025977b8f65aa |
a4358dbf8195bb17119e1253c3cdc73b | 89.107.104.70 | 2600 | 6 |
2009-01-13 06:50:04 | e51c04950ff84c8b30ba12c2f549522bb568d022 |
88ebe277a6e1059ba38be430757e845e | 89.107.104.70 | 2600 | 6 |
2009-03-29 02:25:59 | e591ac0d36d3d118370a07eb602e1a741d2f615f |
2ddd478f8f9fed0ac9978964c4009523 | 89.107.104.70 | 2600 | 6
|
2009-02-08 10:03:47 | ec279031b9584fe404aebefdd8e7b8ebd94ffdbb |
4c41636380adf24c38e62d0dbd799158 | 89.107.104.40 | 2501 | 6 |
2009-02-10 07:36:45 | edd69f566c45011f10f0efec19e49611ea846ddd |
56f95fb8f1dd195b35d4a2b578801d55 | 89.107.104.40 | 2501 | 6
|
2009-02-06 01:02:00 | edfcc8eaf3f384da121be84d32741959c653277b |
3759dde3c9187d893d6f98ded66d46b8 | 89.107.104.70 | 2600 | 6 |
2009-02-06 00:43:56 | ef5c902d2fa54bdf97df4f444924135f77e6b791 |
df52ce53d3cac2e18f8690c5d47ef8ca | 89.107.104.70 | 2600 | 6
|
2009-02-10 08:22:00 | f49c1b500dd2ad1bb146a86e2614433ce1baead5 |
2823075db6dc1d3948386f3a3b404718 | 89.107.104.40 | 2501 | 6
|
2009-02-05 01:13:34 | face43c223b4a989e52f7f595e9827f780fb2037 |
a117c4ec3f34aaed6c821eb29af223c0 | 89.107.104.60 | 80 | 6 |
2009-01-21 23:00:01 | fd1ee40a040698c07571caab068355ab558ccc88 |
2d3bca2121f3615f11d20721caddd922 | 89.107.104.100 | 2400 | 6 |
2009-02-05 00:23:33 | fe16ec98e13a9f8b23da4c9ed4bbd5df4e0955d7 |
33ca1850df06f8d8656f7b728f01fe07 | 89.107.104.70 | 2600 | 6 |
We see TCP 445 scanning dating back to at least 2009-01-05 14:23:46 UTC.
They appear to be using Vipul's Razor
(http://sourceforge.net/projects/razor/).
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list