[nsp-sec] IRC Botnet 89.187.143.177 - TCP 13122
Dave Monnier
dmonnier at cymru.com
Tue Apr 3 11:26:56 EDT 2012
Hi, Jason.
Thanks for the info! C2 added to the DDoS-RS
Cheers,
-Dave
On 4/2/12 5:42 PM, Jason Chambers wrote:
> ----------- nsp-security Confidential --------
>
> Hello,
>
> This C2 server initiated a scan for 80 and 8080 over the weekend. I do
> not have a copy of the malware at the moment.
>
>
> whois -h whois.cymru.com 89.187.143.177
> AS | IP | AS Name
> 35592 | 89.187.143.177 | COOLHOUSING-AS COOLHOUSING Autonomous System
>
> whois -h peer-whois.cymru.com 89.187.143.177
> PEER_AS | IP | AS Name
> 8928 | 89.187.143.177 | INTEROUTE Interoute Communications Limited
> 29208 | 89.187.143.177 | DIALTELECOM-AS Dial Telecom, a.s.
>
>
> Regards,
>
--
Dave Monnier
Team Cymru
https://www.team-cymru.org/
PGP: https://www.cymru.com/dmonnier/0x7C1AAE55_pub.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20120403/f2794d23/attachment-0001.sig>
More information about the nsp-security
mailing list