[nsp-sec] Massive HTTP request from AS19262
David Jiménez
ddavinci at gmail.com
Sat Jul 7 14:04:03 EDT 2012
Hi folks,
Since July 6st we have identified massive HTTP 80/tcp request directed
to www1.soriana.com, coming from 96.251.119.35 that belongs to
AS19262.
AS | IP | BGP Prefix | CC | Registry |
Allocated | AS Name
19262 | 96.251.119.35 | 96.251.0.0/16 | US | arin |
2006-12-29 | VZGNI-TRANSIT - Verizon Online LLC
The following hostname is resolving for this IP:
http://imagictech.dnsalias.com/
At the button of this email, you will find an extract from the server
logs that shows the kind of request that we have identified. We are
handling a security incident in there related to several hacktivism
activities in the country, It would be useful if there is any chance
that you can share additional logs from the activity of this IP coming
to Mexico infrastructure. Please, help us to shutdown this activity.
Kind Regards
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 250 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 250 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 407 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 407 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 407 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 407 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:34 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 407 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:35 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 312 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:36 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 296 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:36 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 297 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:36 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 297 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:36 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 297 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:36 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 297 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:36 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 265 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 218 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 219 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 219 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 265 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 265 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:37 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 265 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 313 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 266 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 234 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 203 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 234 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 266 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 234 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:38 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 266 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:39 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 250 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:39 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 281 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:39 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 281 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:39 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 281 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:39 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 281 HTTP/1.0 www1.soriana.com - - -
2012-07-06 04:27:39 96.251.119.35 - W3SVC1 SORIWEB 172.16.3.5 80 GET
/site/default.aspx p= 302 0 447 96 281 HTTP/1.0 www1.soriana.com - - -
--
---
David Jimenez
CERT-MX
More information about the nsp-security
mailing list