[nsp-sec] Packet love on May 9 to 195.222.29.117, 195.222.5.193, 194.204.49.1, 90.191.225.242
Hillar Aarelaid
hillar.aarelaid at cert.ee
Sat May 9 18:43:06 EDT 2009
Hoi
please find attached list of attack sources and separate text file
for ASN list.
total 133 countries, 1467 ASNs and 22604 uniq IPs.
one of C&C's was 213.182.197.21 (AS8206 JUNIK-RIGA-LV, upstream
AS5518 TeliaLatvija and AS1299 TeliaNET)
AS8206 has reputation as "Абузоустойчивый
хостинг", similar as AS12553
Hillar
-----------
AS8206 history
2008-09-01 04:52:24 2009-02-22 04:28:09 8206 sandbox
195.216.163.38
2008-09-03 00:00:00 2008-09-03 00:00:00 8206 malware
195.216.160.135
2009-03-17 06:57:04 2009-03-23 02:30:53 8206 sandbox
213.182.197.227
2009-03-19 10:31:25 2009-05-07 20:29:05 8206 httpcnc
213.182.197.229
2009-03-19 10:31:25 2009-05-08 15:13:45 8206 sandbox
213.182.197.229
2009-03-20 00:00:00 2009-05-07 00:00:00 8206 malware
213.182.197.229
2009-03-23 00:00:00 2009-03-23 00:00:00 8206 malware
213.182.197.227
2009-03-23 02:30:53 2009-03-23 02:30:53 8206 httpcnc
213.182.197.227
2009-03-23 18:23:03 2009-04-05 04:47:34 8206 sandbox
213.182.197.235
2009-03-25 18:43:59 2009-05-05 23:42:32 8206 httpcnc
213.182.197.236
2009-03-25 18:43:59 2009-05-08 21:20:54 8206 sandbox
213.182.197.236
2009-03-26 08:58:00 2009-04-21 05:29:25 8206 sandbox
213.182.197.234
2009-03-26 10:32:32 2009-04-01 08:29:13 8206 httpcnc
213.182.197.235
2009-03-29 00:00:00 2009-04-14 00:00:00 8206 malware
213.182.197.236
2009-03-30 10:24:04 2009-05-07 20:47:05 8206 httpcnc
213.182.197.237
2009-03-30 18:23:54 2009-05-08 15:07:00 8206 sandbox
213.182.197.237
2009-04-05 00:00:00 2009-04-05 00:00:00 8206 malware
213.182.197.235
2009-04-06 10:32:19 2009-04-16 20:11:25 8206 httpcnc
213.182.197.233
2009-04-06 10:32:19 2009-05-08 17:19:11 8206 sandbox
213.182.197.233
2009-04-06 21:50:44 2009-04-29 02:31:21 8206 sandbox
213.182.197.9
2009-04-13 09:31:12 2009-05-07 09:36:02 8206 httpcnc
213.182.197.12
2009-04-13 09:31:12 2009-05-08 14:31:58 8206 sandbox
213.182.197.12
2009-04-15 00:00:00 2009-05-06 00:00:00 8206 malware
213.182.197.233
2009-04-24 00:00:00 2009-04-24 00:00:00 8206 malware
213.182.197.8
2009-04-27 00:00:00 2009-05-08 00:00:00 8206 malware
213.182.197.237
2009-04-29 08:13:09 2009-05-06 14:23:45 8206 httpcnc
213.182.197.28
2009-04-30 00:00:00 2009-04-30 00:00:00 8206 malware
213.182.197.238
2009-04-30 02:24:42 2009-05-01 06:31:08 8206 sandbox
213.182.197.238
2009-04-30 07:29:38 2009-05-05 08:59:50 8206 sandbox
213.182.197.28
2009-04-30 09:32:19 2009-05-01 06:31:08 8206 httpcnc
213.182.197.238
2009-05-02 05:00:52 2009-05-05 09:32:58 8206 httpcnc
213.182.197.8
2009-05-02 05:00:52 2009-05-05 09:32:58 8206 sandbox
213.182.197.8
2009-05-02 10:29:54 2009-05-02 10:29:54 8206 httpcnc
213.182.197.13
2009-05-02 10:29:54 2009-05-02 10:29:54 8206 sandbox
213.182.197.13
2009-05-02 22:40:46 2009-05-07 09:49:43 8206 httpcnc
213.182.197.230
2009-05-02 22:40:46 2009-05-08 09:31:50 8206 sandbox
213.182.197.230
2009-05-05 00:00:00 2009-05-05 00:00:00 8206 malware
213.182.197.28
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: zombies.countbyasn.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090510/f137bdf7/attachment-0001.txt>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zombies.all.gz
Type: application/x-gzip
Size: 290770 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090510/f137bdf7/attachment-0001.bin>
-------------- next part --------------
More information about the nsp-security
mailing list