[nsp-sec] UDP flood against 83.218.20.202 - assistance tracking C&C & hackanonymous
Hank Nussbacher
hank at efes.iucc.ac.il
Sun Apr 15 03:04:41 EDT 2012
At 21:45 12/04/2012 +0100, Steve Colam wrote:
Sent contact info for AS5486 offlist.
-Hank
>Hola Folks,
>
>Got a good old ransom note against a customer, and some UDP packets love
>on mostly 80 & 443
>
>Ransom notes came via AS5486 - if you're listening would appreciate if you
>can validate the next received lines, src on email claims to have come from
>178.209.50.214 AS29691. The miscreants say they are called hackanonymous
>
>Any help tracking down the C&C + who may have sent the ransom notes would
>be appreciated.
>
>dos src's below...
>
>Cheers,
>
>Steve @ AS5413
More information about the nsp-security
mailing list