[nsp-sec] RFI attack URLs

Jose Nazario jose at arbor.net
Tue Jul 28 10:37:42 EDT 2009 

more enclosed below

-- 
-------------------------------------------------------------
jose nazario, ph.d.     	<jose at arbor.net>
manager of security research 	arbor networks
v: (734) 821 1427 	      	http://asert.arbor.net/


RFI scanner report, times in UTC
timestamp, source ip, source CC, source ASN, RFI url, RFI IP, RFI CC, RFI ASN, URL MD5
2009-07-27 04:33:05 , 77.221.130.14, RU, 30968, "http://www.pacificbiosciences.com//assets/snippets/reflect/fx29id1.txt", 205.178.145.65, US, 6245, ebf87808253b9892ef15bdfdbd1b7203
2009-07-27 17:19:45 , 187.22.25.173, BR, 28573, "http://www.kamaradpocitac.cz/comps/large/db/cache/g.txt", 77.93.215.78, CZ, 24971, d81337a7c0f0b79943ad9988e4f4a4f6
2009-07-27 11:11:01 , 79.148.238.69, ES, 3352, "http://www.radioficko.com/chat/chat/inc/patServer/id.txt", 87.119.200.156, DE, 25074, 61127574be19d53fb75d11e0b1206852
2009-07-27 05:23:45 , 217.29.159.130, AT, 29056, "http://www.thelegalnews.com/nav/r57/test.txt", 69.15.163.169, US, 17184, 298e6564f8f54775a3cd9730be733a13
2009-07-27 08:41:38 , 91.191.35.118, BA, 35567, "http://www.aboutav.com//Scripts/id.txt", 211.49.99.92, KR, 9318, 5089dae8ce92a977f172a9b886aa140d
2009-07-27 11:11:51 , 216.183.177.131, US, 17054, "http://www.wemonmobila.info/mainlinks.dat", 94.103.90.50, RU, 48172, d41d8cd98f00b204e9800998ecf8427e
2009-07-27 11:11:58 , 74.55.249.114, US, 21844, "http://83.3.132.70/iGeoMap/www//tmp/tanii", 83.3.132.70, PL, 5617, a36469ad5782d2a51c04914f1d712bb7
2009-07-27 01:32:19 , 74.50.85.19, US, 19318, "http://www.i-ga.biz/readme.txt", 60.249.179.146, TW, 3462, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 09:43:27 , 216.137.102.177, CA, 31992, "http://www.elatico.cl/components/com_virtuemart/shop_image/stars/id1.txt", 74.200.73.170, US, 14383, 723cad6a0c955d63dd2877aed552c0e7
2009-07-27 05:05:10 , 219.232.224.65, CN, 17672, "http://www.porn-free.org/images/fx29id1.TXT", 68.171.56.231, US, 11343, 285c980dca7904931be6f8efd25f6ac5
2009-07-27 17:51:07 , 88.191.37.60, FR, 12322, "http://www.ips.gov.py/newsletter/include/lang/fx29id.txt", 200.1.202.226, PY, 27795, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 10:45:25 , 216.93.244.146, US, 27552, "http://www.mammafrica.co.za/images/image/id.jpg", 67.228.192.200, US, 36351, 61127574be19d53fb75d11e0b1206852
2009-07-27 13:08:56 , 219.117.207.76, JP, 2519, "http://xenguide.pe.kr/1.txt", 118.218.219.175, KR, 9318, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 05:14:51 , 67.19.194.26, US, 21844, "http://h1.ripway.com/ernie212/id1.txt", 64.62.181.46, US, 6939, ????
2009-07-27 15:19:30 , 72.30.65.51, US, 14778, "http://forkestra.com/view/tres_leches", 75.102.5.19, US, 23352, 825bd8f9d6d5332a48d865d9ca185daf
2009-07-27 10:59:55 , 201.232.54.48, CO, 8065, "http://dwno.or.kr/bbs/data/swat/v6.txt", 211.202.2.220, KR, 9318, b41ebca507a79e37b734a0c90f20c916
2009-07-27 04:37:43 , 65.23.158.226, US, 22822, "http://bebe.abril.com.br/album/imagens/id.txt", 200.160.251.134, BR, 8167, 883b3d0eabfda05ac31193a74c0920c9
2009-07-27 13:32:50 , 218.38.18.31, KR, 9318, "http://tikihub.com/ray/1.swf", 64.27.6.186, US, 7796, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 19:43:27 , 115.88.240.91, KR, 3786, "http://www.babycome.ne.jp/report///id1.txt", 210.174.202.189, JP, 4682, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 21:19:27 , 66.249.68.161, US, 15169, "http://www.first.org/conference/2007/", 213.129.76.19, GB, 13108, 341876a13ab0731afbedab01b312fee2
2009-07-27 00:07:22 , 89.97.206.137, IT, 12874, "http://www.nopaste.pl/Source/e1e.txtmodeid", 91.121.8.105, FR, 16276, 
2009-07-27 09:45:12 , 87.242.99.101, RU, 25532, "http://www.ohmyflash.com/uiu.txt", 69.64.76.172, US, 10316, f5c92f6912a87f4c170cb0622513e197
2009-07-27 06:41:36 , 98.223.10.64, US, 33491, "http://catedralsoftware.com/servicios/fx29id.txt", 174.142.68.204, CA, 32613, f5c92f6912a87f4c170cb0622513e197
2009-07-27 17:36:37 , 187.5.253.51, BR, 8167, "http://eatmyfood.hostinginfive.com/pizza.htm", 208.110.73.35, US, 32097, 5bfba2010a52fa3827cf07275635f5d8
2009-07-27 17:27:32 , 89.234.63.107, GB, 15395, "http://ora.by/language/tukulid.txt", 84.201.225.40, RU, 34421, 5690c2f8d22dcba963261603f63f8e59
2009-07-27 03:41:01 , 91.121.83.177, FR, 16276, "http://www.linkex.ru/dic/baze/idade1.txt", 77.222.40.234, RU, 44112, e26069e83c4849f71e9be591f0f2121a
2009-07-27 09:13:42 , 24.234.76.86, US, 13432, "http://www.myspacecamwhores.com/test.txt", 24.234.76.86, US, 13432, ????
2009-07-27 07:19:08 , 141.223.5.12, KR, 3784, "http://www.hair.gr/fx29id.txt", 62.103.148.2, GR, 6799, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 05:40:11 , 69.175.10.26, US, 32475, "http://www.sacvalleyhomes.com/info", 65.182.100.196, US, 33055, 23d6b92bc7eb100fc1294e6b124b7e75
2009-07-27 03:23:09 , 72.29.70.19, US, 33182, "http://www.ozin.co.kr/data/oil2.txt", 123.141.123.141, KR, 3786, 3327a9d4b7203f0a73baf9dec064637a
2009-07-27 11:57:45 , 202.125.45.45, AU, 23670, "http://www.mevabe.vn/cache/index.txt", 222.255.28.72, VN, 7643, cec588425493d6bf7ab233d84815646f
2009-07-27 12:39:44 , 216.14.113.10, US, 46433, "http://svarovsky.net/pics/files/fx29id.txt", 82.165.111.93, DE, 8560, 8c117f39e5efc851a33fb32a96aca920
2009-07-27 06:10:48 , 91.121.14.50, FR, 16276, "http://www.gembrookfruits.com/lib/classes/module_support/fx29id.do", 203.26.41.138, AU, 9280, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 16:47:17 , 218.237.66.229, KR, 9318, "http://bibdigital.epn.edu.ec//m1.gif", 192.188.57.150, EC, 27947, ????
2009-07-27 18:28:34 , 59.125.245.181, TW, 9680, "http://123.242.165.138//backup/export/cvs/id1.txt", 123.242.165.138, TH, 38450, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 14:31:22 , 213.140.20.212, IT, 12874, "http://neu_2.lasrv-1.de/web/d35m0-id.txt", 85.14.221.111, DE, 13301, eb375654ca2c7256de3f092d2c6edd90
2009-07-27 05:26:26 , 187.40.29.48, BR, 7738, "http://namorinho.info/nome1.txt", 69.162.66.210, US, 46475, 5694c4851fea2a9cb30046fd4907761b
2009-07-27 13:16:24 , 124.0.146.100, KR, 18302, "http://www.fuck-all-lamers.com/log.txt", 66.90.104.9, US, 30058, a8cb9fa148831e8842e5b4fb047af5cc
2009-07-27 06:02:03 , 80.67.20.252, DE, 34011, "http://www.anyche.com/goods_img1/satu.txt", 210.109.103.169, KR, 9848, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 11:49:59 , 91.121.111.100, FR, 16276, "http://tor-zum-glueck.net//v6-i.txt0D", 82.165.109.122, DE, 8560, 
2009-07-27 13:32:41 , 125.248.88.155, KR, 9316, "http://www.anyche.com/goods_img1/satu.txt", 210.109.103.169, KR, 9848, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 13:14:16 , 72.32.69.162, US, 33070, "http://tor-zum-glueck.net//id1.txt", 82.165.109.122, DE, 8560, f5c92f6912a87f4c170cb0622513e197
2009-07-27 09:12:57 , 71.41.201.38, US, 11427, "http://aeiouna.tumblr.com/", 74.54.212.168, US, 21844, ab9d7c7241dd972e597aaa9a2a207fd7
2009-07-27 16:33:36 , 87.229.45.106, HU, 29278, "http://www.suiteinn.it/news/images/idxx.txt", 84.247.200.146, IT, 34072, 67a3bdc9cda6938529b34fd80be361fe
2009-07-27 19:49:57 , 83.105.92.119, GB, 2529, "http://www.fmf2004.hu/mama.txt", 195.228.155.216, HU, 5483, 53dc6914bea3420397498a144aa86487
2009-07-27 23:22:36 , 69.225.131.126, US, 7132, "http://217.218.225.2:2082/index.html", 0.0.0.0, , NA, 2c2fc39b43c25ca44faeb8db3b715cc2
2009-07-27 00:47:30 , 208.113.167.8, US, 26347, "http://tikihub.com/ray/idd.swf", 64.27.6.186, US, 7796, cad7fd2c38631a116c1fbe67e2233aa6
2009-07-27 20:32:47 , 89.234.7.92, GB, 15395, "http://www.solmae.co.kr///receipt/lib/_private/id1.txt20", 210.220.213.203, KR, 4663, 
2009-07-27 00:04:39 , 87.20.186.139, IT, 3269, "http://www.baab.it/roxa/id1.txt", 62.149.140.133, IT, 31034, a05dfd7cca7771a7565a154d65f05ea2
2009-07-27 00:46:55 , 66.11.117.195, US, 14572, "http://www.afmarcenaria.com.br/modules/idd.txt", 200.160.204.195, BR, 22356, af46ef3f8adcfe94071b7e043759b3df

More information about the nsp-security mailing list