[nsp-sec] RFI attack URLs

Sweeney, William- CIPS Bill_Sweeney at cable.comcast.com
Tue Jul 28 11:49:09 EDT 2009 

<ACK> as 33491

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Jose Nazario
> Sent: Tuesday, July 28, 2009 10:38 AM
> To: Thomas Hungenberg
> Cc: nsp-sec
> Subject: Re: [nsp-sec] RFI attack URLs
> 
> ----------- nsp-security Confidential --------
> 
> more enclosed below
> 
> --
> -------------------------------------------------------------
> jose nazario, ph.d.     	<jose at arbor.net>
> manager of security research 	arbor networks
> v: (734) 821 1427 	      	http://asert.arbor.net/
> 
> 
> RFI scanner report, times in UTC
> timestamp, source ip, source CC, source ASN, RFI url, RFI IP, RFI CC,
RFI ASN,
> URL MD5
> 2009-07-27 04:33:05 , 77.221.130.14, RU, 30968,
>
"http://www.pacificbiosciences.com//assets/snippets/reflect/fx29id1.txt"
,
> 205.178.145.65, US, 6245, ebf87808253b9892ef15bdfdbd1b7203
> 2009-07-27 17:19:45 , 187.22.25.173, BR, 28573,
> "http://www.kamaradpocitac.cz/comps/large/db/cache/g.txt",
77.93.215.78, CZ,
> 24971, d81337a7c0f0b79943ad9988e4f4a4f6
> 2009-07-27 11:11:01 , 79.148.238.69, ES, 3352,
> "http://www.radioficko.com/chat/chat/inc/patServer/id.txt",
87.119.200.156,
> DE, 25074, 61127574be19d53fb75d11e0b1206852
> 2009-07-27 05:23:45 , 217.29.159.130, AT, 29056,
> "http://www.thelegalnews.com/nav/r57/test.txt", 69.15.163.169, US,
17184,
> 298e6564f8f54775a3cd9730be733a13
> 2009-07-27 08:41:38 , 91.191.35.118, BA, 35567,
> "http://www.aboutav.com//Scripts/id.txt", 211.49.99.92, KR, 9318,
> 5089dae8ce92a977f172a9b886aa140d
> 2009-07-27 11:11:51 , 216.183.177.131, US, 17054,
> "http://www.wemonmobila.info/mainlinks.dat", 94.103.90.50, RU, 48172,
> d41d8cd98f00b204e9800998ecf8427e
> 2009-07-27 11:11:58 , 74.55.249.114, US, 21844,
> "http://83.3.132.70/iGeoMap/www//tmp/tanii", 83.3.132.70, PL, 5617,
> a36469ad5782d2a51c04914f1d712bb7
> 2009-07-27 01:32:19 , 74.50.85.19, US, 19318, "http://www.i-
> ga.biz/readme.txt", 60.249.179.146, TW, 3462,
a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 09:43:27 , 216.137.102.177, CA, 31992,
>
"http://www.elatico.cl/components/com_virtuemart/shop_image/stars/id1.tx
t",
> 74.200.73.170, US, 14383, 723cad6a0c955d63dd2877aed552c0e7
> 2009-07-27 05:05:10 , 219.232.224.65, CN, 17672, "http://www.porn-
> free.org/images/fx29id1.TXT", 68.171.56.231, US, 11343,
> 285c980dca7904931be6f8efd25f6ac5
> 2009-07-27 17:51:07 , 88.191.37.60, FR, 12322,
> "http://www.ips.gov.py/newsletter/include/lang/fx29id.txt",
200.1.202.226, PY,
> 27795, a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 10:45:25 , 216.93.244.146, US, 27552,
> "http://www.mammafrica.co.za/images/image/id.jpg", 67.228.192.200, US,
36351,
> 61127574be19d53fb75d11e0b1206852
> 2009-07-27 13:08:56 , 219.117.207.76, JP, 2519,
"http://xenguide.pe.kr/1.txt",
> 118.218.219.175, KR, 9318, a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 05:14:51 , 67.19.194.26, US, 21844,
> "http://h1.ripway.com/ernie212/id1.txt", 64.62.181.46, US, 6939, ????
> 2009-07-27 15:19:30 , 72.30.65.51, US, 14778,
> "http://forkestra.com/view/tres_leches", 75.102.5.19, US, 23352,
> 825bd8f9d6d5332a48d865d9ca185daf
> 2009-07-27 10:59:55 , 201.232.54.48, CO, 8065,
> "http://dwno.or.kr/bbs/data/swat/v6.txt", 211.202.2.220, KR, 9318,
> b41ebca507a79e37b734a0c90f20c916
> 2009-07-27 04:37:43 , 65.23.158.226, US, 22822,
> "http://bebe.abril.com.br/album/imagens/id.txt", 200.160.251.134, BR,
8167,
> 883b3d0eabfda05ac31193a74c0920c9
> 2009-07-27 13:32:50 , 218.38.18.31, KR, 9318,
"http://tikihub.com/ray/1.swf",
> 64.27.6.186, US, 7796, a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 19:43:27 , 115.88.240.91, KR, 3786,
> "http://www.babycome.ne.jp/report///id1.txt", 210.174.202.189, JP,
4682,
> a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 21:19:27 , 66.249.68.161, US, 15169,
> "http://www.first.org/conference/2007/", 213.129.76.19, GB, 13108,
> 341876a13ab0731afbedab01b312fee2
> 2009-07-27 00:07:22 , 89.97.206.137, IT, 12874,
> "http://www.nopaste.pl/Source/e1e.txtmodeid", 91.121.8.105, FR, 16276,
> 2009-07-27 09:45:12 , 87.242.99.101, RU, 25532,
> "http://www.ohmyflash.com/uiu.txt", 69.64.76.172, US, 10316,
> f5c92f6912a87f4c170cb0622513e197
> 2009-07-27 06:41:36 , 98.223.10.64, US, 33491,
> "http://catedralsoftware.com/servicios/fx29id.txt", 174.142.68.204,
CA, 32613,
> f5c92f6912a87f4c170cb0622513e197
> 2009-07-27 17:36:37 , 187.5.253.51, BR, 8167,
> "http://eatmyfood.hostinginfive.com/pizza.htm", 208.110.73.35, US,
32097,
> 5bfba2010a52fa3827cf07275635f5d8
> 2009-07-27 17:27:32 , 89.234.63.107, GB, 15395,
> "http://ora.by/language/tukulid.txt", 84.201.225.40, RU, 34421,
> 5690c2f8d22dcba963261603f63f8e59
> 2009-07-27 03:41:01 , 91.121.83.177, FR, 16276,
> "http://www.linkex.ru/dic/baze/idade1.txt", 77.222.40.234, RU, 44112,
> e26069e83c4849f71e9be591f0f2121a
> 2009-07-27 09:13:42 , 24.234.76.86, US, 13432,
> "http://www.myspacecamwhores.com/test.txt", 24.234.76.86, US, 13432,
????
> 2009-07-27 07:19:08 , 141.223.5.12, KR, 3784,
"http://www.hair.gr/fx29id.txt",
> 62.103.148.2, GR, 6799, a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 05:40:11 , 69.175.10.26, US, 32475,
> "http://www.sacvalleyhomes.com/info", 65.182.100.196, US, 33055,
> 23d6b92bc7eb100fc1294e6b124b7e75
> 2009-07-27 03:23:09 , 72.29.70.19, US, 33182,
> "http://www.ozin.co.kr/data/oil2.txt", 123.141.123.141, KR, 3786,
> 3327a9d4b7203f0a73baf9dec064637a
> 2009-07-27 11:57:45 , 202.125.45.45, AU, 23670,
> "http://www.mevabe.vn/cache/index.txt", 222.255.28.72, VN, 7643,
> cec588425493d6bf7ab233d84815646f
> 2009-07-27 12:39:44 , 216.14.113.10, US, 46433,
> "http://svarovsky.net/pics/files/fx29id.txt", 82.165.111.93, DE, 8560,
> 8c117f39e5efc851a33fb32a96aca920
> 2009-07-27 06:10:48 , 91.121.14.50, FR, 16276,
> "http://www.gembrookfruits.com/lib/classes/module_support/fx29id.do",
> 203.26.41.138, AU, 9280, a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 16:47:17 , 218.237.66.229, KR, 9318,
> "http://bibdigital.epn.edu.ec//m1.gif", 192.188.57.150, EC, 27947,
????
> 2009-07-27 18:28:34 , 59.125.245.181, TW, 9680,
> "http://123.242.165.138//backup/export/cvs/id1.txt", 123.242.165.138,
TH,
> 38450, a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 14:31:22 , 213.140.20.212, IT, 12874, "http://neu_2.lasrv-
> 1.de/web/d35m0-id.txt", 85.14.221.111, DE, 13301,
> eb375654ca2c7256de3f092d2c6edd90
> 2009-07-27 05:26:26 , 187.40.29.48, BR, 7738,
> "http://namorinho.info/nome1.txt", 69.162.66.210, US, 46475,
> 5694c4851fea2a9cb30046fd4907761b
> 2009-07-27 13:16:24 , 124.0.146.100, KR, 18302, "http://www.fuck-all-
> lamers.com/log.txt", 66.90.104.9, US, 30058,
a8cb9fa148831e8842e5b4fb047af5cc
> 2009-07-27 06:02:03 , 80.67.20.252, DE, 34011,
> "http://www.anyche.com/goods_img1/satu.txt", 210.109.103.169, KR,
9848,
> a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 11:49:59 , 91.121.111.100, FR, 16276, "http://tor-zum-
> glueck.net//v6-i.txt0D", 82.165.109.122, DE, 8560,
> 2009-07-27 13:32:41 , 125.248.88.155, KR, 9316,
> "http://www.anyche.com/goods_img1/satu.txt", 210.109.103.169, KR,
9848,
> a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 13:14:16 , 72.32.69.162, US, 33070, "http://tor-zum-
> glueck.net//id1.txt", 82.165.109.122, DE, 8560,
> f5c92f6912a87f4c170cb0622513e197
> 2009-07-27 09:12:57 , 71.41.201.38, US, 11427,
"http://aeiouna.tumblr.com/",
> 74.54.212.168, US, 21844, ab9d7c7241dd972e597aaa9a2a207fd7
> 2009-07-27 16:33:36 , 87.229.45.106, HU, 29278,
> "http://www.suiteinn.it/news/images/idxx.txt", 84.247.200.146, IT,
34072,
> 67a3bdc9cda6938529b34fd80be361fe
> 2009-07-27 19:49:57 , 83.105.92.119, GB, 2529,
> "http://www.fmf2004.hu/mama.txt", 195.228.155.216, HU, 5483,
> 53dc6914bea3420397498a144aa86487
> 2009-07-27 23:22:36 , 69.225.131.126, US, 7132,
> "http://217.218.225.2:2082/index.html", 0.0.0.0, , NA,
> 2c2fc39b43c25ca44faeb8db3b715cc2
> 2009-07-27 00:47:30 , 208.113.167.8, US, 26347,
> "http://tikihub.com/ray/idd.swf", 64.27.6.186, US, 7796,
> cad7fd2c38631a116c1fbe67e2233aa6
> 2009-07-27 20:32:47 , 89.234.7.92, GB, 15395,
> "http://www.solmae.co.kr///receipt/lib/_private/id1.txt20",
210.220.213.203,
> KR, 4663,
> 2009-07-27 00:04:39 , 87.20.186.139, IT, 3269,
> "http://www.baab.it/roxa/id1.txt", 62.149.140.133, IT, 31034,
> a05dfd7cca7771a7565a154d65f05ea2
> 2009-07-27 00:46:55 , 66.11.117.195, US, 14572,
> "http://www.afmarcenaria.com.br/modules/idd.txt", 200.160.204.195, BR,
22356,
> af46ef3f8adcfe94071b7e043759b3df
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
> community. Confidentiality is essential for effective Internet
security
> counter-measures.
> _______________________________________________

More information about the nsp-security mailing list