[nsp-sec] IRC Botnet 89.187.143.177 - TCP 13122
Jason Chambers
jchambers at ucla.edu
Mon Apr 2 17:42:49 EDT 2012
Hello,
This C2 server initiated a scan for 80 and 8080 over the weekend. I do
not have a copy of the malware at the moment.
whois -h whois.cymru.com 89.187.143.177
AS | IP | AS Name
35592 | 89.187.143.177 | COOLHOUSING-AS COOLHOUSING Autonomous System
whois -h peer-whois.cymru.com 89.187.143.177
PEER_AS | IP | AS Name
8928 | 89.187.143.177 | INTEROUTE Interoute Communications Limited
29208 | 89.187.143.177 | DIALTELECOM-AS Dial Telecom, a.s.
Regards,
--
Jason Chambers
UCLA
jchambers at ucla.edu
310-206-5603
More information about the nsp-security
mailing list