[nsp-sec] More bots to swat
Joel Rosenblatt
joel at columbia.edu
Wed Jul 8 09:16:26 EDT 2009
Hi,
Last week, we had a compromised ID that was used to set up a Cialis store on the personal web space of one of our users. I noticed that we seemed to be getting
a lot of logins for the Id ddos - a few hundred thousand - here is what they were trying to do:
unknown25.126.65.69.defenderhosting.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
eracle.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis-prof
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
unknown25.126.65.69.defenderhosting.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
unknown25.126.65.69.defenderhosting.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
serv007.configbox.com - ddos [02/Jul/2009:06:03:18 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis-canada-sale
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ru) Opera 8.00)"
ariel.ldn.kgix.net - ddos [02/Jul/2009:06:03:16 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????cialis-professional-sale HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1))"
216.237.125.130 - ddos [02/Jul/2009:06:03:22 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis-canada-sale
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
cl09.gs02.gridserver.com - ddos [02/Jul/2009:06:03:26 -0400] "(GET http:/www.columbia.edu/~nsn1/local/dir/index.php????cialis-canada-sale HTTP/1.1)" 200 256
"(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ru) Opera 8.00)"
216.237.125.130 - ddos [02/Jul/2009:06:03:22 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis-canada-sale
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
unknown25.126.65.69.defenderhosting.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
eracle.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis-professional-sale
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
unknown25.126.65.69.defenderhosting.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
eracle.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis-professio
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
unknown25.126.65.69.defenderhosting.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
gator30.hostgator.com - ddos [02/Jul/2009:06:03:26 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php??????????????????????????????????????????cialis-canada-sale HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0; ru) Opera 8.00)"
eracle.com - ddos [02/Jul/2009:06:03:19 -0400] "(GET
http:/www.columbia.edu/~nsn1/local/dir/index.php?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????cialis
HTTP/1.1)" 200 256 "(ref -)" "(client Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))"
The list of machines that were generating this traffic - I have no idea what they are infected with, but they appear to be part of a bot network, or being used
by a bot network, associated with the Cialis folks.
All times are -0500
174 | 200.80.13.170 | 02-jul-2009 06:07:43 | COGENT Cogent/PSI
209 | 209.3.87.43 | 02-jul-2009 01:25:15 | ASN-QWEST - Qwest Communications Corporation
2042 | 202.190.85.71 | 02-jul-2009 05:46:37 | ERX-JARING JARING Communications Sdn Bhd.
2847 | 193.219.160.138 | 02-jul-2009 01:21:55 | LITNET LITNET, Lithuanian Academic and Research Network
2914 | 209.70.45.8 | 02-jul-2009 01:09:19 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
3064 | 64.70.190.10 | 02-jul-2009 01:31:41 | AFFINITY-FTL - Affinity Internet, Inc
3595 | 209.51.142.3 | 02-jul-2009 06:03:24 | GNAXNET-AS - Global Net Access, LLC
3595 | 64.22.87.10 | 02-jul-2009 01:10:38 | GNAXNET-AS - Global Net Access, LLC
3595 | 64.22.96.26 | 02-jul-2009 05:43:57 | GNAXNET-AS - Global Net Access, LLC
3595 | 75.127.98.100 | 02-jul-2009 01:30:01 | GNAXNET-AS - Global Net Access, LLC
4657 | 203.117.89.34 | 02-jul-2009 06:38:28 | STARHUBINTERNET-AS StarHub Internet Exchange
4694 | 202.218.199.10 | 02-jul-2009 01:30:25 | IDC SOFTBANK IDC Corp.
5464 | 62.112.159.49 | 02-jul-2009 01:15:02 | Netdiscounter GmbH autonomous system
6724 | 85.214.139.82 | 02-jul-2009 01:25:37 | STRATO Strato AG
6805 | 217.188.246.234 | 02-jul-2009 01:15:25 | TDDE-ASN1 Telefonica Deutschland Autonomous System
7065 | 69.12.216.78 | 02-jul-2009 01:21:55 | SONOMA - Sonoma Interconnect
7132 | 76.246.231.1 | 02-jul-2009 01:21:44 | SBIS-AS - AT&T Internet Services
7385 | 209.210.238.116 | 02-jul-2009 01:40:10 | INTEGRATELECOM - Integra Telecom, Inc.
7837 | 66.63.128.83 | 02-jul-2009 01:30:39 | NETHERE - NetHere Inc.
8358 | 195.70.48.70 | 02-jul-2009 06:28:00 | INTERWARE-AS InterWare Autonomus System
8560 | 74.208.112.122 | 02-jul-2009 06:03:18 | ONEANDONE-AS 1&1 Internet AG
8560 | 82.165.164.19 | 02-jul-2009 01:24:18 | ONEANDONE-AS 1&1 Internet AG
8875 | 83.223.95.31 | 02-jul-2009 01:26:49 | SINMA-ASN Sinma GmbH
10316 | 216.55.190.217 | 02-jul-2009 05:44:29 | ABACUS-NET-AS - Abacus America Inc.
10316 | 69.64.72.34 | 02-jul-2009 06:43:55 | ABACUS-NET-AS - Abacus America Inc.
10316 | 69.64.84.88 | 02-jul-2009 06:03:20 | ABACUS-NET-AS - Abacus America Inc.
10316 | 69.64.87.116 | 02-jul-2009 01:30:21 | ABACUS-NET-AS - Abacus America Inc.
10439 | 216.98.148.179 | 02-jul-2009 06:08:16 | CARI - San Diego Commercial Internet Exchange
10532 | 64.49.221.236 | 02-jul-2009 01:26:39 | RACKSPACE - Rackspace.com, Ltd.
10683 | 63.249.95.131 | 02-jul-2009 01:30:30 | CRUZIO - Cruizo, Inc.
10843 | 216.117.158.243 | 02-jul-2009 06:26:19 | AITNET - Advanced Internet Technologies
11798 | 69.89.31.56 | 02-jul-2009 01:04:42 | BLUEHOST-AS - Bluehost Inc.
11798 | 69.89.31.57 | 02-jul-2009 01:11:54 | BLUEHOST-AS - Bluehost Inc.
11798 | 69.89.31.71 | 02-jul-2009 01:30:40 | BLUEHOST-AS - Bluehost Inc.
11798 | 69.89.31.78 | 02-jul-2009 01:10:48 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.207.71 | 02-jul-2009 06:38:35 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.215.102 | 02-jul-2009 01:15:25 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.215.104 | 02-jul-2009 01:28:46 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.219.111 | 02-jul-2009 01:30:39 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.219.120 | 02-jul-2009 01:02:09 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.219.125 | 02-jul-2009 06:02:08 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.219.131 | 02-jul-2009 06:03:20 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.219.133 | 02-jul-2009 01:09:32 | BLUEHOST-AS - Bluehost Inc.
11798 | 74.220.219.139 | 02-jul-2009 01:11:59 | BLUEHOST-AS - Bluehost Inc.
12129 | 216.234.124.250 | 02-jul-2009 06:45:16 | 123NET - Internet 123, Inc.
12129 | 216.234.124.50 | 02-jul-2009 01:30:04 | 123NET - Internet 123, Inc.
13030 | 194.126.200.21 | 02-jul-2009 01:02:59 | INIT7 Init Seven AG, Zurich, Switzerland
13432 | 24.234.150.205 | 02-jul-2009 01:12:26 | ASN-CXA-LV-13432-CBS - Cox Communications Inc.
13438 | 208.77.208.142 | 02-jul-2009 01:26:35 | VIVIO-TECHNOLOGIES - Vivio Technologies
13703 | 216.24.174.239 | 02-jul-2009 01:27:32 | BROADRIVER-13703 - BroadRiver Communication Corp.
13756 | 216.183.98.28 | 02-jul-2009 01:23:57 | INFLOW-NET - Inflow Inc.
13768 | 69.90.123.68 | 02-jul-2009 01:26:51 | PEER1 - Peer 1 Network Inc.
14361 | 66.235.160.43 | 02-jul-2009 01:21:54 | HOPONE-GLOBAL - HopOne Internet Corporation
14383 | 69.65.126.25 | 02-jul-2009 06:44:31 | DTGL-AS - Defender Technologies Group, LLC
14501 | 69.13.37.147 | 02-jul-2009 05:46:46 | CIHOST - C I Host
14618 | 75.101.147.123 | 02-jul-2009 06:03:12 | AMAZON-AES - Amazon.com, Inc.
15244 | 74.50.0.35 | 02-jul-2009 01:14:53 | ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages
15395 | 89.234.2.214 | 02-jul-2009 06:03:16 | UK Rackspace
15598 | 80.190.144.123 | 02-jul-2009 01:01:17 | IP-EXCHANGE IP Exchange GmbH
15598 | 89.107.184.76 | 02-jul-2009 01:15:34 | IP-EXCHANGE IP Exchange GmbH
15935 | 213.195.220.50 | 02-jul-2009 01:21:49 | HA-VEL-LOCAL-AS ha-vel internet spol. s r.o.
16265 | 193.239.6.4 | 02-jul-2009 01:09:37 | LEASEWEB LEASEWEB AS
16276 | 91.121.72.57 | 02-jul-2009 06:13:00 | OVH OVH
16276 | 91.121.9.106 | 02-jul-2009 01:15:31 | OVH OVH
16582 | 207.7.108.203 | 02-jul-2009 01:07:19 | NEXTLEVELINTERNET - NEXTLEVEL INTERNET, INC.
16582 | 207.7.108.85 | 02-jul-2009 01:19:48 | NEXTLEVELINTERNET - NEXTLEVEL INTERNET, INC.
16805 | 74.200.196.100 | 02-jul-2009 01:30:37 | FASTSERVERS - FastServers, Inc.
17014 | 66.96.128.64 | 02-jul-2009 01:28:46 | NAIILLC - North Atlantic Internet, Inc., LLC
17014 | 66.96.128.67 | 02-jul-2009 01:28:40 | NAIILLC - North Atlantic Internet, Inc., LLC
17974 | 222.124.203.84 | 02-jul-2009 06:02:12 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
19875 | 69.10.137.172 | 02-jul-2009 05:46:11 | IPWORLDNET - IPWorld Networks
20021 | 65.36.215.5 | 02-jul-2009 06:03:15 | LNH-INC - HostMySite
20021 | 67.59.151.23 | 02-jul-2009 06:07:38 | LNH-INC - HostMySite
20401 | 216.185.128.200 | 02-jul-2009 01:30:51 | HOSTWAY-1 - Hostway Corporation
20712 | 81.187.234.117 | 02-jul-2009 01:23:39 | AS20712 Andrews + Arnold Ltd
20773 | 87.230.76.151 | 02-jul-2009 01:23:33 | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
21069 | 80.74.149.121 | 02-jul-2009 01:06:02 | ASN-METANET METANET AG, Switzerland
21409 | 80.93.82.71 | 02-jul-2009 05:44:28 | IKOULA IKOULA European Backbone AS
21844 | 209.62.36.9 | 02-jul-2009 01:28:41 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 66.98.226.37 | 02-jul-2009 01:20:07 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 67.15.54.47 | 02-jul-2009 01:26:46 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 67.15.62.57 | 02-jul-2009 06:31:57 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 67.18.0.194 | 02-jul-2009 01:03:06 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 67.18.56.194 | 02-jul-2009 01:01:50 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 67.19.128.146 | 02-jul-2009 01:19:54 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 69.93.237.34 | 02-jul-2009 01:30:22 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 69.93.241.194 | 02-jul-2009 05:44:26 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.84.220.162 | 02-jul-2009 01:01:04 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.84.243.162 | 02-jul-2009 01:06:28 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.85.248.194 | 02-jul-2009 06:23:43 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.86.12.98 | 02-jul-2009 06:12:33 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.86.17.226 | 02-jul-2009 01:11:56 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.86.180.194 | 02-jul-2009 06:11:09 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.87.126.194 | 02-jul-2009 01:01:58 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.87.164.98 | 02-jul-2009 05:45:45 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 70.87.95.162 | 02-jul-2009 01:39:43 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.52.105.66 | 02-jul-2009 01:10:43 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.52.141.162 | 02-jul-2009 01:11:56 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.52.179.146 | 02-jul-2009 01:08:11 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.52.59.114 | 02-jul-2009 01:25:38 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.52.59.18 | 02-jul-2009 01:04:25 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.52.60.82 | 02-jul-2009 01:24:08 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.53.228.130 | 02-jul-2009 01:06:19 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.53.81.162 | 02-jul-2009 01:26:41 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.53.81.210 | 02-jul-2009 01:01:48 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.53.85.50 | 02-jul-2009 01:30:02 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.54.18.162 | 02-jul-2009 01:09:22 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.54.18.226 | 02-jul-2009 01:30:25 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.54.218.114 | 02-jul-2009 06:05:56 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 74.54.73.179 | 02-jul-2009 06:10:48 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844 | 75.125.194.114 | 02-jul-2009 01:09:46 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21848 | 66.179.49.231 | 02-jul-2009 01:28:35 | INFLOW21848 - Inflow Inc.
22298 | 216.45.58.194 | 02-jul-2009 01:19:56 | SPNW - Secured Private Network
23005 | 66.116.103.179 | 02-jul-2009 01:25:09 | SWITCH-COMMUNICATIONS - SWITCH Communications Group LLC
23352 | 205.234.236.7 | 02-jul-2009 01:20:05 | SERVERCENTRAL - Server Central Network
24940 | 213.239.204.67 | 02-jul-2009 01:06:25 | HETZNER-AS Hetzner Online AG RZ-Nuernberg
24940 | 78.46.238.130 | 02-jul-2009 01:01:25 | HETZNER-AS Hetzner Online AG RZ-Nuernberg
25074 | 213.203.223.118 | 02-jul-2009 01:15:12 | INETBONE-AS INET-People Provider Services
25074 | 83.220.144.205 | 02-jul-2009 01:09:23 | INETBONE-AS INET-People Provider Services
25525 | 85.92.129.106 | 02-jul-2009 01:35:17 | REASONNET-AS Reasonnet IP Networks B.V. number
25847 | 207.58.134.126 | 02-jul-2009 01:26:38 | SERVINT - ServInt Corporation
26228 | 69.59.160.108 | 02-jul-2009 01:23:42 | SERVEPATH - ServePath, LLC
26496 | 208.109.163.59 | 02-jul-2009 06:02:07 | PAH-INC - GoDaddy.com, Inc.
26496 | 216.69.170.131 | 02-jul-2009 05:45:35 | PAH-INC - GoDaddy.com, Inc.
27325 | 66.219.34.171 | 02-jul-2009 06:11:27 | CORENAP-AS - Core NAP, L.P.
29208 | 88.208.118.93 | 02-jul-2009 06:03:11 | DIALTELECOM-AS Dial Telecom, a.s.
29590 | 193.138.157.50 | 02-jul-2009 01:25:26 | DIGITALUS-AS Digitalus Webhosting
29748 | 66.197.4.154 | 02-jul-2009 01:21:49 | CARPATHIA-HOSTING - Carpathia Hosting, Inc.
29761 | 72.11.128.188 | 02-jul-2009 01:16:40 | OC3-NETWORKS-AS-NUMBER - OC3 Networks & Web Solutions, LLC
29873 | 66.96.128.64 | 02-jul-2009 01:28:46 | BIZLAND-SD - The Endurance International Group, Inc.
29873 | 66.96.128.67 | 02-jul-2009 01:28:40 | BIZLAND-SD - The Endurance International Group, Inc.
30266 | 216.17.109.249 | 02-jul-2009 01:09:18 | A1COLO-COM - A1COLO.COM
30475 | 72.18.139.34 | 02-jul-2009 01:30:27 | WEHOSTSITESCOM - WeHostWebSites.com
30496 | 72.249.26.21 | 02-jul-2009 06:03:19 | COLO4 - Colo4Dallas LP
30496 | 72.249.29.17 | 02-jul-2009 01:31:48 | COLO4 - Colo4Dallas LP
30496 | 72.249.48.130 | 02-jul-2009 01:25:18 | COLO4 - Colo4Dallas LP
30496 | 72.9.146.29 | 02-jul-2009 02:21:53 | COLO4 - Colo4Dallas LP
30798 | 217.112.248.16 | 02-jul-2009 01:28:34 | TNNET-AS TNNet Oy
30880 | 195.246.219.5 | 02-jul-2009 01:12:00 | SPACEDUMP-AS SpaceDump Networks
31034 | 217.73.227.30 | 02-jul-2009 01:19:52 | ARUBA-ASN Aruba S.p.A. - Network
31727 | 79.170.40.45 | 02-jul-2009 01:20:08 | NODE4-AS Node4 Ltd, UK
31815 | 64.13.192.10 | 02-jul-2009 01:28:36 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.14 | 02-jul-2009 01:26:58 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.19 | 02-jul-2009 01:11:13 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.20 | 02-jul-2009 06:03:26 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.24 | 02-jul-2009 05:46:24 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.25 | 02-jul-2009 01:06:49 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.29 | 02-jul-2009 01:12:03 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.30 | 02-jul-2009 01:31:56 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.192.31 | 02-jul-2009 01:24:03 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.232.18 | 02-jul-2009 06:12:29 | MEDIATEMPLE - Media Temple, Inc.
31815 | 64.13.232.36 | 02-jul-2009 06:07:39 | MEDIATEMPLE - Media Temple, Inc.
31815 | 70.32.68.17 | 02-jul-2009 05:44:03 | MEDIATEMPLE - Media Temple, Inc.
31815 | 72.47.192.200 | 02-jul-2009 05:44:03 | MEDIATEMPLE - Media Temple, Inc.
31815 | 72.47.228.17 | 02-jul-2009 06:03:27 | MEDIATEMPLE - Media Temple, Inc.
32244 | 67.225.190.120 | 02-jul-2009 06:18:28 | LIQUID-WEB-INC - Liquid Web, Inc.
32244 | 69.16.236.116 | 02-jul-2009 01:33:33 | LIQUID-WEB-INC - Liquid Web, Inc.
32244 | 69.16.254.4 | 02-jul-2009 01:30:34 | LIQUID-WEB-INC - Liquid Web, Inc.
32244 | 72.52.130.137 | 02-jul-2009 01:09:12 | LIQUID-WEB-INC - Liquid Web, Inc.
32613 | 64.15.129.89 | 02-jul-2009 01:07:51 | IWEB-AS - iWeb Technologies Inc.
32736 | 216.237.125.130 | 02-jul-2009 06:03:22 | INFORTECH-001 - Infortech Corporation
33070 | 67.192.120.119 | 02-jul-2009 01:30:26 | RMH-14 - Rackspace.com, Ltd.
33070 | 67.192.186.231 | 02-jul-2009 01:33:33 | RMH-14 - Rackspace.com, Ltd.
33070 | 72.32.68.166 | 02-jul-2009 06:02:13 | RMH-14 - Rackspace.com, Ltd.
33182 | 72.29.68.95 | 02-jul-2009 01:23:54 | DIMENOC---HOSTDIME - HostDime.com, Inc.
33182 | 72.29.74.71 | 02-jul-2009 06:03:11 | DIMENOC---HOSTDIME - HostDime.com, Inc.
33182 | 72.29.87.84 | 02-jul-2009 01:23:47 | DIMENOC---HOSTDIME - HostDime.com, Inc.
34282 | 85.92.70.41 | 02-jul-2009 06:38:33 | UKNOC-AS UKNOC AS
34679 | 85.159.89.100 | 02-jul-2009 06:07:39 | VELOX Velox Internet Limited
35908 | 208.84.144.60 | 02-jul-2009 05:45:54 | VPLSNET - VPLS Inc. d/b/a Krypt Technologies
36024 | 174.136.63.4 | 02-jul-2009 05:45:37 | COLO4-CO - Colo4Dallas LP
36670 | 72.35.84.12 | 02-jul-2009 06:08:14 | 1VAULT - Bocacom.net LLC
39756 | 89.36.25.57 | 02-jul-2009 05:45:54 | ROHOSTWAY-AS HOSTWAY ROMANIA
43729 | 91.197.230.70 | 02-jul-2009 01:28:37 | KGIX-AS Kualo Ltd
46433 | 216.14.116.154 | 02-jul-2009 01:30:16 | ADF01 - EBOUNDHOST.com
46636 | 88.214.192.22 | 02-jul-2009 01:14:12 | NATCOWEB - NatCoWeb Corp.
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list