[nsp-sec] Botnet C&C at AS44347 (188.65.49.11)
robert
robert at servalens.com
Mon May 3 19:16:12 EDT 2010
I also see CNC at 6565/TCP. Clients are mostly VEN/COL/MEX
Server may be offline at the moment.
Robert
Carles Fragoso wrote:
> ----------- nsp-security Confidential --------
>
> Hi!
>
> There seems to be a spybot botnet C&C at SINT-AS in Russia at 188.65.49.11 (tcp/9595):
>
> AS | IP | AS Name
> 44347 | 188.65.49.11 | SINT-AS Limited Company _SiNT_
>
> .inetnum: 188.65.48.0 - 188.65.51.255
> netname: sint-ltd-net
> descr: Limited Company "SiNT"
> country: ru
> org: ORG-LC18-RIPE
> admin-c: RCL14-RIPE
> tech-c: AEV9-RIPE
> tech-c: AIA7-RIPE
> status: ASSIGNED PA
> mnt-by: SINT-MNT
> source: RIPE # Filtered
> organisation: ORG-LC18-RIPE
> org-name: Limited Company "SiNT"
> org-type: LIR
> address: Limited Company "SiNT"
> Chemali Ramazashvili
> Torgovyi ryad vozle GUSa, 1 m-on
> 662150 Achinsk
> Russian Federation
> phone: +73915156000
> fax-no: +73915144550
> e-mail: sint at achmail.ru
> mnt-ref: RIPE-NCC-HM-MNT
> mnt-ref: SINT-MNT
> mnt-by: RIPE-NCC-HM-MNT
> source: RIPE # Filtered
>
>
> route: 188.65.48.0/22
> descr: Limited Company "SiNT"
> origin: AS44347
> mnt-by: SINT-MNT
> source: RIPE # Filtered
>
> route: 188.65.48.0/21
> descr: Limited Company "SiNT"
> origin: AS44347
> mnt-by: SINT-MNT
> source: RIPE # Filtered
>
> Warm regards,
>
> -- Carlos
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list