[nsp-sec] ACK 2828 KR DDoS C2 machines - 20090915
Gong, Yiming
yiming.gong at xo.com
Tue Sep 15 09:47:43 EDT 2009
Ack 2828, sanitized info forwarded to our Abuse team, thanks
2828 | 140.239.222.35 | XO-AS15 - XO Communications
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Nicholas Ianelli
Sent: Tuesday, September 15, 2009 8:12 AM
To: 'nsp-security NSP'
Subject: [nsp-sec] KR DDoS C2 machines - 20090915
----------- nsp-security Confidential --------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
Here are a list of active C2 machines that are part of the KR DDoS
family of malware. These machines have the capability to collect
compromised host data.
Timestamps confirming activity are from 20090915 and start at 0630GMT to
0721 GMT.
I am more than happy to assist with identification and cleanup, but if
these could be taken down, that would be great!
209 | 71.216.51.2 | ASN-QWEST - Qwest Communications Corporation
577 | 207.236.47.20 | BACOM - Bell Canada
701 | 63.81.211.100 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
852 | 142.179.188.5 | ASN852 - Telus Advanced Communications
1239 | 207.43.68.82 | SPRINTLINK - Sprint
1239 | 207.43.68.89 | SPRINTLINK - Sprint
1239 | 208.15.239.199 | SPRINTLINK - Sprint
1659 | 210.240.57.139 | ERX-TANET-ASN1 Tiawan Academic Network
(TANet) Information Center
1785 | 74.11.100.38 | AS-PAETEC-NET - PaeTec Communications, Inc.
2379 | 69.68.8.165 | EMBARQ-WNPK - Embarq Corporation
2614 | 194.102.32.19 | ROEDUNET Romanian Education Network
2820 | 195.68.252.16 | ELVIS-AS Elvis-Telecom, Moscow, Russia
2828 | 140.239.222.35 | XO-AS15 - XO Communications
2847 | 83.171.6.13 | LITNET LITNET, Lithuanian Academic and
Research Network
3243 | 81.193.250.47 | TELEPAC PT.Com - Comunicacoes Interactivas,
S.A.
3269 | 79.29.13.39 | ASN-IBSNAZ TELECOM ITALIA
3269 | 79.39.14.231 | ASN-IBSNAZ TELECOM ITALIA
3269 | 88.44.73.68 | ASN-IBSNAZ TELECOM ITALIA
3301 | 78.70.7.58 | TELIANET-SWEDEN TeliaNet Sweden
3352 | 194.179.91.182 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3462 | 220.128.156.6 | HINET Data Communication Business Group
3462 | 220.134.233.122 | HINET Data Communication Business Group
3462 | 220.135.136.120 | HINET Data Communication Business Group
3462 | 59.125.253.121 | HINET Data Communication Business Group
3462 | 60.249.134.64 | HINET Data Communication Business Group
3505 | 166.82.112.120 | WINDSTREAM - Windstream Communications Inc
3741 | 196.211.97.37 | IS
3741 | 196.213.203.148 | IS
3741 | 196.23.20.58 | IS
4130 | 136.142.100.42 | UPITT-AS - University of Pittsburgh
4134 | 116.10.195.134 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 221.230.133.68 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.210.234.137 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.210.234.149 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.210.234.154 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.190.22.154 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.147.113.98 | CHINANET-BACKBONE No.31,Jin-rong Street
4515 | 210.177.6.183 | ERX-STAR PCCW IMSBiz
4538 | 210.35.88.16 | ERX-CERNET-BKB China Education and Research
Network Center
4565 | 155.229.78.81 | MEGAPATH2-US - MegaPath Networks Inc.
4565 | 155.229.78.87 | MEGAPATH2-US - MegaPath Networks Inc.
4565 | 155.229.79.4 | MEGAPATH2-US - MegaPath Networks Inc.
4713 | 124.100.79.250 | OCN NTT Communications Corporation
4739 | 59.167.196.47 | CIX-ADELAIDE-AS Internode Systems Pty Ltd
4750 | 58.137.27.245 | CSLOXINFO-ISP-AS-AP CSLOXINFO Public
Company Limited.
4755 | 121.242.41.40 | TATACOMM-AS TATA Communications formerly
VSNL is Leading ISP
4780 | 210.243.132.181 | SEEDNET Digital United Inc.
4837 | 202.97.136.244 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 220.250.12.157 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.202.72.84 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 61.139.142.52 | CHINA169-BACKBONE CNCGROUP China169 Backbone
5056 | 207.199.219.91 | INS-NET-2 - Iowa Network Services
5384 | 213.42.59.27 | EMIRATES-INTERNET Emirates Internet
5390 | 85.145.152.35 | EURONET Orange Nederland B.V. Global AS
5396 | 77.43.61.75 | MC-link Spa
5610 | 90.177.101.241 | TO2-CZECH-REPUBLIC Telefonica O2, Czech
Republic
6181 | 216.196.177.144 | FUSE-NET - Cincinnati Bell Telephone
6306 | 186.24.1.30 | Telcel, C.A
6327 | 24.108.248.23 | SHAW - Shaw Communications Inc.
6327 | 24.108.28.176 | SHAW - Shaw Communications Inc.
6327 | 24.76.56.56 | SHAW - Shaw Communications Inc.
6327 | 24.76.88.38 | SHAW - Shaw Communications Inc.
6327 | 24.84.168.189 | SHAW - Shaw Communications Inc.
6400 | 201.229.187.1 | CompañÃa Dominicana de Teléfonos, C. por
A. - CODETEL
6799 | 79.129.23.80 | OTENET-GR OTEnet S.A. Multiprotocol
Backbone & ISP
6983 | 66.0.117.230 | ITCDELTA - ITC^Deltacom
7015 | 75.150.95.34 | COMCAST-7015 - Comcast Cable Communications
Holdings, Inc
7029 | 98.21.253.110 | WINDSTREAM - Windstream Communications Inc
7470 | 61.91.86.56 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd./ TRUE
INTERNET Co.,Ltd.
8048 | 190.73.3.154 | CANTV Servicios, Venezuela
8048 | 190.75.227.186 | CANTV Servicios, Venezuela
8151 | 148.235.224.39 | Uninet S.A. de C.V.
8151 | 201.144.42.36 | Uninet S.A. de C.V.
8167 | 189.31.229.184 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.72.254.202 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.34.227.245 | TELESC - Telecomunicacoes de Santa Catarina SA
8629 | 84.253.94.110 | MCNTT-AS MCNTT Autonomous System
8672 | 82.147.141.83 | ORBITEL Orbitel Ltd. Autonomous system Number
8708 | 82.77.2.212 | RDSNET RCS & RDS S.A.
8708 | 86.122.170.54 | RDSNET RCS & RDS S.A.
8708 | 86.122.170.70 | RDSNET RCS & RDS S.A.
9050 | 89.122.74.160 | RTD RTD-ROMTELECOM Autonomous System Number
9104 | 195.60.151.8 | CLIO-AS Clio Autonomous System
9121 | 78.186.243.144 | TTNET TTnet Autonomous System
9121 | 85.96.238.169 | TTNET TTnet Autonomous System
9304 | 118.142.14.42 | HUTCHISON-AS-AP Hutchison Global Communications
9304 | 118.142.23.62 | HUTCHISON-AS-AP Hutchison Global Communications
9394 | 222.56.118.20 | CRNET CHINA RAILWAY Internet(CRNET)
9680 | 59.125.253.121 | HINETUSA HiNet Service Center in U.S.A
9916 | 163.19.104.19 | NCTU-TW National Chiao Tung University,
9916 | 163.19.170.181 | NCTU-TW National Chiao Tung University,
9916 | 163.19.170.182 | NCTU-TW National Chiao Tung University,
9916 | 163.19.186.237 | NCTU-TW National Chiao Tung University,
9916 | 163.19.221.184 | NCTU-TW National Chiao Tung University,
9924 | 114.198.171.203 | TFN-TW Taiwan Fixed Network, Telco and
Network Service Provider.
10318 | 190.245.82.125 | CABLEVISION S.A.
10993 | 206.72.76.235 | AERIONET-INC - Aerioconnect
11032 | 192.77.52.229 | UQ - Universite du Quebec a Quebec
11060 | 74.219.99.71 | NEO-RR-COM - Road Runner HoldCo LLC
11060 | 98.100.24.158 | NEO-RR-COM - Road Runner HoldCo LLC
11290 | 205.237.43.14 | RAPIDUS - COGECO Cable Canada Inc.
11427 | 67.78.112.37 | SCRR-11427 - Road Runner HoldCo LLC
11666 | 76.75.92.169 | NEXICOM-CA - Nexicom Inc.
12322 | 88.174.166.150 | PROXAD AS for Proxad/Free ISP
12880 | 78.39.72.3 | DCI-AS DCI Autonomous System
12880 | 85.185.2.194 | DCI-AS DCI Autonomous System
13037 | 82.70.196.196 | ZEN-AS Zen Internet
13367 | 173.11.40.93 | COMCAST-13367 - Comcast Cable
Communications Holdings, Inc
13489 | 190.70.244.81 | EPM Telecomunicaciones S.A. E.S.P.
13614 | 66.205.202.97 | ALLWEST - All West Communications, Inc.
14178 | 201.149.23.116 | Megacable Comunicaciones de Mexico, SA de CV
14793 | 74.51.118.244 | API-DIGITAL - API Digital Communications
Group, LLC
16342 | 217.113.234.233 | Toya ,TV cable company located in PL( town
Lodz).
16399 | 216.159.239.4 | FIRSTCOMM-AS2 - First Communications LLC
16604 | 209.74.226.175 | HUNTEL-NET - HunTel.net, Inc.
16629 | 200.68.10.27 | CTC. CORP S.A. (TELEFONICA EMPRESAS)
17459 | 203.191.169.126 | RSLCOM-AP RSL COM Australia
17621 | 58.247.114.86 | CNCGROUP-SH China Unicom Shanghai network
17746 | 121.98.80.170 | ORCONINTERNET-NZ-AP Orcon Internet
17897 | 219.147.227.66 | CHINATELECOM-HLJ-AS-AP asn for Heilongjiang
Provincial Net of CT
18403 | 210.245.60.222 | FPT-AS-AP The Corporation for Financing &
Promoting Technology
18566 | 72.244.141.204 | COVAD - Covad Communications Co.
18747 | 190.60.42.82 | IFX-NW - IFX Communication Ventures, Inc.
19093 | 199.43.208.211 | IBMUSF-SCH - IBM
19262 | 71.120.201.23 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.160.113.36 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.160.171.115 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 98.117.166.141 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19429 | 201.245.71.54 | ETB - Colombia
19817 | 66.218.62.50 | DSLEXTREME - DSL Extreme
19960 | 200.187.162.101 | Net Site Informatica Ltda
20115 | 24.181.13.217 | CHARTER-NET-HKY-NC - Charter Communications
20115 | 68.185.22.250 | CHARTER-NET-HKY-NC - Charter Communications
20115 | 96.40.104.17 | CHARTER-NET-HKY-NC - Charter Communications
20456 | 66.254.194.146 | T6-BROADBAND - T6 Broadband
20797 | 87.226.50.162 | IPASAULE-AS _Interneta Pasaule_ SIA
21050 | 62.215.216.141 | FAST-TELCO kw.fast-telco Autnomous System
21127 | 81.1.197.254 | ZSTTKAS JSC Zap-Sib TransTeleCom
21341 | 94.124.103.227 | SINET-AS Soroush Rasaneh Institute
21508 | 75.146.23.33 | COMCAST-21508 - Comcast Cable
Communications Holdings, Inc
21852 | 170.211.209.235 | DISNW1 - State Of Arkansas, Department of
InformationSystems
22773 | 98.191.168.50 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22927 | 200.63.164.96 | Telefonica de Argentina
23292 | 66.235.45.169 | MILLENIUM-DIGITAL - Broadstripe
25184 | 217.11.31.173 | AFRANET AFRANET Co. Tehran, Iran
25248 | 82.99.146.133 | BLUETONE-AS Ceske Radiokomunikace a.s.
25438 | 93.178.19.34 | ASN-ICCNET International Computer Company ICC
27431 | 216.29.152.200 | JTLNET - JTL Networks Inc.
27839 | 200.58.71.4 | Comteco Ltda
28525 | 189.200.82.26 | TELEVISION POR CABLE DE TABASCO S.A. DE C.V.
28679 | 87.247.116.72 | MIKROVISATA-AS UAB _Mikrovisatos TV_
AUTONOMINE SISTEMA
29079 | 217.25.56.8 | IRNA-AS IRAN News Agency.
29791 | 72.26.202.74 | VOXEL-DOT-NET - Voxel Dot Net, Inc.
30340 | 65.61.118.52 | AS-TIER - Tierpoint, LLC
31619 | 84.205.98.194 | CITYSTARS-AS
31931 | 208.14.183.144 | EPHINAYNET - Ephinay
32613 | 67.205.106.181 | IWEB-AS - iWeb Technologies Inc.
32768 | 74.85.103.41 | MOBIUS-COMMUNICATIONS-NE - HEMINGFORD TELEPHONE
33287 | 70.90.12.49 | COMCAST-33287 - Comcast Cable
Communications, Inc.
33650 | 173.10.102.77 | COMCAST-33650 - Comcast Cable
Communications, Inc.
35125 | 212.3.132.56 | SMOLENSK-AS Smolensk branch of the JSC
_CenterTelecom_
39015 | 87.237.199.108 | MENA Mena Broadband AS
39015 | 87.237.199.110 | MENA Mena Broadband AS
42004 | 194.105.154.4 | ULGRP-AS Information Technology Un Limited
42927 | 94.124.6.202 | SZARA-NET SZARA-NET
43395 | 94.101.135.139 | AFROOZ Afrooz Network Solutions
https://asn.cymru.com/nsp-sec/upload/1253017550.whois.txt
Cheers,
Nick
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkqvkowACgkQi10dJIBjZIAKSACg5GrDZBrmtbt95Xv41MEh+mJ5
50oAoKIA9j5+yWNdCn2CJUNUis8J5OYr
=+JKM
-----END PGP SIGNATURE-----
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list