[nsp-sec] ajax.whitehat.cc botnet - ACK 855
White, Gerard
Gerard.White at bellaliant.ca
Tue Sep 1 13:36:09 EDT 2009
ACK 855 & Thanks!
GW
855 - Bell Aliant
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dirk Stander
Sent: Tuesday, September 01, 2009 2:59 PM
To: nsp-security NSP
Subject: [nsp-sec] ajax.whitehat.cc botnet
----------- nsp-security Confidential --------
Hi,
please find attached a list of ips which were connected to an
IRC based botnet. The controller was ajax.whitehead.cc /
87.106.24.105:9999 (which is now connected to 72.8.167.167).
Most of the machines are cracked UNIX boxes -- I'm quite sure the
intrusion vectors are outdated phpmyadmin installations.
The herders nick is Jaffa at 81.181.17.71, he is also using
server1.whitehat.cc / 67.159.34.131 as target for connect-back shells.
The connections are from Tue Sep 1 14:54:17 2009 UTC
kind regards, Dirk Stander :.
719 | 193.185.43.4 | FI | ELISA-AS Elisa Oyj
855 | 209.128.19.208 | CA | CANET-ASN-4 - Bell Aliant Regional
Communications, Inc.
1239 | 205.242.72.101 | US | SPRINTLINK - Sprint
3269 | 81.74.151.124 | IT | ASN-IBSNAZ TELECOM ITALIA
3269 | 87.25.119.78 | IT | ASN-IBSNAZ TELECOM ITALIA
3269 | 87.25.163.159 | IT | ASN-IBSNAZ TELECOM ITALIA
3292 | 88.131.101.101 | SE | TDC TDC Data Networks
3292 | 88.131.2.109 | SE | TDC TDC Data Networks
3301 | 213.180.84.90 | SE | TELIANET-SWEDEN TeliaNet Sweden
3320 | 91.18.178.203 | DE | DTAG Deutsche Telekom AG
3320 | 91.18.36.39 | DE | DTAG Deutsche Telekom AG
3352 | 88.20.75.84 | ES | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
4230 | 200.241.110.3 | BR | Embratel
4230 | 200.241.180.250 | BR | Embratel
4230 | 200.241.191.98 | BR | Embratel
4230 | 200.241.240.9 | BR | Embratel
4837 | 60.28.205.235 | CN | CHINA169-BACKBONE CNCGROUP China169
Backbone
5610 | 83.208.138.85 | CZ | TO2-CZECH-REPUBLIC Telefonica O2,
Czech Republic
6128 | 192.107.39.2 | US | CABLE-NET-1 - Cablevision Systems
Corp.
6389 | 65.15.225.185 | US | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6746 | 81.181.17.71 | RO | ASTRAL UPC Romania Srl, Romania
7517 | 210.155.246.131 | JP | MII ICOMT Inc.
7643 | 222.253.79.199 | VN | VNN-AS-AP Vietnam Posts and
Telecommunications (VNPT)
7693 | 203.107.156.92 | TH | COMNET-TH KSC Commercial Internet Co.
Ltd.
8167 | 201.35.71.46 | BR | TELESC - Telecomunicacoes de Santa
Catarina SA
8220 | 87.241.56.171 | GB | COLT COLT Telecommunications
8404 | 62.2.182.209 | CH | CABLECOM Cablecom GmbH
8404 | 62.2.200.198 | CH | CABLECOM Cablecom GmbH
8404 | 62.2.86.232 | CH | CABLECOM Cablecom GmbH
9198 | 212.154.190.142 | KZ | KAZTELECOM-AS Kazakhtelecom Corporate
Sales Administration
10481 | 190.188.227.245 | AR | Prima S.A.
12271 | 68.174.1.205 | US | SCRR-12271 - Road Runner HoldCo LLC
12322 | 82.224.117.152 | FR | PROXAD AS for Proxad/Free ISP
12479 | 85.53.10.133 | ES | UNI2-AS Uni2 Autonomous System
12735 | 212.154.65.3 | TR | ASTURKNET TurkNet Iletisim Hizmetleri
A.S
12735 | 212.154.65.4 | TR | ASTURKNET TurkNet Iletisim Hizmetleri
A.S
13046 | 89.164.37.35 | HR | ASN-ISKON ISKON
13438 | 208.77.208.114 | US | VIVIO-TECHNOLOGIES - Vivio
Technologies
13489 | 200.24.17.70 | CO | EPM Telecomunicaciones S.A. E.S.P.
14103 | 69.63.228.212 | US | ACDNET-ASN1 - ACD.net
14361 | 66.235.184.194 | US | HOPONE-GLOBAL - HopOne Internet
Corporation
15379 | 80.90.195.145 | GB | XCALIBRE-AS XCalibre Communications
Ltd
15589 | 62.94.19.13 | IT | AS15589 Eutelia S.p.A. Backbone AS
15685 | 81.0.241.25 | CZ | AS15685 Casablanca INT Autonomous
system
16265 | 85.17.62.29 | NL | LEASEWEB LEASEWEB AS
16265 | 85.17.94.25 | NL | LEASEWEB LEASEWEB AS
16399 | 216.159.244.160 | US | FIRSTCOMM-AS2 - First Communications
LLC
16438 | 208.77.84.38 | CA | SATLCMINT01 - Satelcom Internet Inc.
17820 | 61.16.167.2 | IN | DIL-AP DIRECT INTERNET LTD.
19262 | 71.127.45.50 | US | VZGNI-TRANSIT - Verizon Internet
Services Inc.
20797 | 213.180.112.88 | LV | IPASAULE-AS _Interneta Pasaule_ SIA
25351 | 217.144.247.18 | NO | BROADNET-NO-AS Broadnet Norge AS,
Oslo, Norway
27008 | 66.39.166.174 | US | BDC - BendTel
27715 | 201.76.53.77 | BR | LocaWeb Ltda
28753 | 78.159.98.56 | DE | NETDIRECT AS NETDIRECT Frankfurt, DE
29405 | 81.89.49.232 | SK | VNET-AS VNET ISP Bratislava, Slovakia,
SK
29405 | 81.89.49.233 | SK | VNET-AS VNET ISP Bratislava, Slovakia,
SK
29405 | 81.89.56.249 | SK | VNET-AS VNET ISP Bratislava, Slovakia,
SK
31400 | 84.200.211.39 | DE | ACCELERATED-IT Accelerated IT Services
GmbH
32613 | 72.55.179.82 | CA | IWEB-AS - iWeb Technologies Inc.
33984 | 85.88.12.54 | DE | SURFPLANET-AS Surfplanet GmbH
33984 | 85.88.14.157 | DE | SURFPLANET-AS Surfplanet GmbH
33984 | 85.88.14.55 | DE | SURFPLANET-AS Surfplanet GmbH
33984 | 85.88.15.11 | DE | SURFPLANET-AS Surfplanet GmbH
35366 | 81.89.100.11 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.113 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.114 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.130 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.146 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.155 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.17 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.172 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.182 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.200 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.243 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.251 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.4 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.43 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.57 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.60 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.68 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.69 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.100.70 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.102 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.106 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.113 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.123 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.179 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.188 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.194 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.21 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.242 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.244 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.247 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.251 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.35 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.42 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.47 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.52 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.59 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.61 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.71 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.77 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.85 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.87 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.88 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.94 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.101.97 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.122 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.124 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.16 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.179 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.182 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.184 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.187 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.199 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.212 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.23 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.28 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.38 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.59 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.89 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.102.95 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.118 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.123 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.126 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.13 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.130 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.135 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.148 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.150 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.166 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.189 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.200 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.204 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.76 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.77 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.103.89 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.104.78 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.128 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.175 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.197 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.198 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.201 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.203 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.216 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.221 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.248 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.25 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.105.29 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.117 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.142 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.194 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.195 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.248 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.41 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.44 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.47 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.65 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.66 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.106.9 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.105 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.123 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.157 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.184 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.187 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.191 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.195 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.205 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.242 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.33 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.107.96 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.124 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.17 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.37 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.52 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.73 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.77 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.8 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.108.96 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.166 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.183 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.214 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.215 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.242 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.6 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.79 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.109.95 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.105 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.109 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.125 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.165 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.185 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.20 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.205 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.210 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.216 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.242 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.254 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.39 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.59 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.110.76 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.104 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.131 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.150 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.161 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.177 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.228 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.235 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.48 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.64 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.111.69 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.97.114 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.97.19 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.97.233 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.97.31 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.97.64 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.98.177 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.98.178 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.98.75 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.117 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.140 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.148 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.157 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.159 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.164 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.176 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.185 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.191 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.205 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.224 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.238 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.241 | DE | ISPPRO-AS ISPpro Internet KG
35366 | 81.89.99.73 | DE | ISPPRO-AS ISPpro Internet KG
35594 | 195.137.160.216 | RU | TUTBY-AS Tut.By
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list