[nsp-sec] HTTP Bot C&C Hits - 2009-06-15

Gabriel Iovino giovino at ren-isac.net
Tue Jun 16 16:34:49 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim Wilde wrote:
> Please take a look at the hits for your ASN(s) and take whatever actions
> you deem appropriate.  

Sanitized notifications have been sent to the following:

> 271     | 142.103.92.56    | 2009-06-15 13:43:18 | BCNET-AS - BCnet
> 299     | 169.234.128.246  | 2009-06-15 03:44:08 | UCINET-AS - University of California, Irvine
> 557     | 169.244.143.114  | 2009-06-15 12:11:07 | UMAINE-SYS-AS - University of Maine System
> 557     | 169.244.143.119  | 2009-06-15 17:16:46 | UMAINE-SYS-AS - University of Maine System
> 557     | 169.244.143.125  | 2009-06-15 09:06:31 | UMAINE-SYS-AS - University of Maine System
> 2152    | 204.102.2.162    | 2009-06-15 15:33:19 | CSUNET-NW - California State University Network
> 2152    | 204.102.3.111    | 2009-06-15 16:28:15 | CSUNET-NW - California State University Network
> 2152    | 204.102.77.12    | 2009-06-15 16:32:35 | CSUNET-NW - California State University Network
> 2152    | 204.102.79.180   | 2009-06-15 17:02:41 | CSUNET-NW - California State University Network
> 2152    | 204.102.79.188   | 2009-06-15 17:03:21 | CSUNET-NW - California State University Network
> 2152    | 204.102.79.40    | 2009-06-15 16:12:23 | CSUNET-NW - California State University Network
> 2152    | 204.102.79.58    | 2009-06-15 16:15:54 | CSUNET-NW - California State University Network
> 2920    | 209.147.62.108   | 2009-06-15 14:58:33 | LACOE - Los Angeles County Office of Education
> 3912    | 206.206.147.2    | 2009-06-15 16:16:38 | NMSU-AS - Checs-net
> 4190    | 128.226.130.241  | 2009-06-15 17:43:17 | BINGHAMTON-U - Binghamton University
> 5718    | 209.80.152.2     | 2009-06-15 17:41:56 | MECNET - Merrimack Education Center
> 5719    | 130.245.246.82   | 2009-06-14 09:23:40 | SUNYSB - SUNY at Stony Brook
> 5786    | 136.145.22.52    | 2009-06-15 14:49:25 | UPRENET - University of Puerto Rico
> 7925    | 168.216.153.145  | 2009-06-15 16:53:31 | WVNET - West Virginia Network for Educational Telecomputing
> 7925    | 168.216.180.56   | 2009-06-15 18:13:08 | WVNET - West Virginia Network for Educational Telecomputing
> 7925    | 168.216.46.33    | 2009-06-15 18:08:19 | WVNET - West Virginia Network for Educational Telecomputing
> 10430   | 169.204.150.69   | 2009-06-15 14:51:27 | WA-K20 - Washington State K-20 Telecommunications Network
> 10430   | 169.204.238.158  | 2009-06-15 18:06:55 | WA-K20 - Washington State K-20 Telecommunications Network
> 10430   | 216.186.27.3     | 2009-06-15 18:25:24 | WA-K20 - Washington State K-20 Telecommunications Network
> 16473   | 206.23.59.254    | 2009-06-15 16:39:42 | TNII - Bell South
> 17031   | 152.22.0.252     | 2009-06-15 18:35:30 | TW-NCWREN - Winston-Salem/Forsyth County Schools
> 22739   | 74.214.65.85     | 2009-06-15 11:10:44 | BYU-H - Brigham Young University Hawaii
> 22739   | 74.214.65.94     | 2009-06-14 07:57:38 | BYU-H - Brigham Young University Hawaii
> 22845   | 164.106.244.201  | 2009-06-15 16:12:55 | VIRGINIA-COMMUNITY-COLLEGE-SYSTEM - Virginia Community College System
> 22920   | 169.203.195.108  | 2009-06-15 17:13:10 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.124  | 2009-06-14 08:09:26 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.130  | 2009-06-15 14:17:08 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.144  | 2009-06-15 16:31:13 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.147  | 2009-06-15 16:34:04 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.155  | 2009-06-15 15:14:19 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.176  | 2009-06-15 15:47:59 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.179  | 2009-06-14 21:30:08 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.203  | 2009-06-15 14:58:23 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.52   | 2009-06-15 17:01:35 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.65   | 2009-06-14 18:56:06 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 22920   | 169.203.195.71   | 2009-06-15 16:47:02 | BIAEDNET-INTERNET - Bureau of Indian Affairs Office of IndianEducation
> 25709   | 140.158.16.30    | 2009-06-15 03:11:03 | LAMARUNIV - Lamar University
> 46435   | 157.201.164.174  | 2009-06-14 21:49:53 | IRON - IRON

Thank you.

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAko4AekACgkQwqygxIz+pTsoPQCgqW+GskQVZXLWNgyezwjOX79s
BhIAoMnVaJYRto7Oy040f0fMy8qenni+
=zMd4
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list