| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jan 2007 11:46:51 -0500 (EST) From: bugtraq@...security.net To: ge@...uxbox.org (Gadi Evron) Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Web Honeynet Project: announcement, The Web Application Security Consortium is also doing such a project at http://www.webappsec.org/projects/honeypots/ . May be worthwhile to share data perhaps? - zeno http://www.cgisecurity.com/ Web Application Security news, and more http://www.cgisecurity.com/index.rss [Security RSS Feed] > > [ Warning: this email message includes links to live web server malware > propagated this Wednesday via file inclusions exploits. These links are > not safe! ] > > Hello. > > The newly formed Web Honeynet Project from SecuriTeam and the ISOTF will > in the next few months announce research on real-world web server attacks > which infect web servers with: > Tools, connect-back shells, bots, downloaders, malware, etc. which are all > cross-platform (for web servers) and currently exploited in the wild. > > The Web Honeynet Project will, for now, not deal with the regular SQL > injection and XSS attacks every web security expert loves so much, but > just with malware and code execution attacks on web servers and hosting > farms. > > These attacks form botnets constructed from web servers (mainly IIS and > Apache on Linux and Windows servers) and transform hosting farms/colos to > attack platforms. > > Most of these "tools" are being injected by (mainly) file inclusion > attacks against (mainly) PHP web applications, as is well known and > established. > > PHP (or scripting) shells, etc. have been known for a while, as well as > file inclusion (or RFI) attacks, however, mostly as something secondary > and not much (if any - save for some blogs and a few mailing list posts a > year ago) attention was given to the subject other than to the > vulnerabilities themselves. > > The bad guys currently exploit, create botnets and deface in a massive > fashion and force ISPs and colos to combat an impossible situation where > any (mainly) PHP application from any user can exploit entire server > farms, and where the web vulnerability serves as a remote exploit to be > followed by a local code execution one, or as a direct one. > > What is new here is the scale, and the fact we now start engaging the bad > guys on this front (which so far, they have been unchallenged on) - > meaning aside for research, the Web Honeynet Project will also release > actionable data on offensive IP addresses, URLs and on the tools > themselves to be made available to operational folks, so that they can > mitigate the threat. > > It's long overdue that we start the escalation war with web server > attackers, much like we did with spam and botnets, etc. years ago. Several > folks (and quite loudly - me) have been warning about this for a while, > not it's time to take action instead of talk. :) > > Note: Below you can find sample statistics on some of the Web Honeynet > Project information for this last Wednesday, on file inclusion attacks > seeding malware. > You will likely notice most of these have been taken care of by now. > > The first research on the subject (after looking into several hundred such > tools) will be made public in the February edition of the Virus Bulletin > magazine, from: > Kfir Damari, Noam Rathaus and Gadi Evron (yours truly). > > The SecuriTeam and ISOTF Web Honeynet Project would like to thank > Beyond Security ( http://www.beyondsecurity.com ) for all the support. > > Special thanks (so far) to: Ryan Carter, Randy Vaughn and the rest of the > new members of the project. > > For more information on the Web Honeynet Project feel free to contact me. > > Also, thanks for yet others who helped me form this research and > operations hybrid project (you know who you are). > > Gadi. > > Sample report and statistics (for Wednesday the 10th of January, 2007): > > IP | Hit Count | Malware (Count), ... | > 195.225.130.118 | 12 | http://m embers.lycos.co.uk/onuhack/cmd1.do? (4), > http://m embers.lycos.co.uk/onuhack/injek.txt? (6), > http://m embers.lycos.co.uk/onuhack/cmd.do? (2), > 69.93.147.242 | 11 | http://w > ww.clubmusic.caucasus.net/administrator/cmd.gif? > (1), http://c lubmusic.caucasus.net/administrator/cmd.gif? (4), > http://w ww.ucanartists.org/components/com_extcalendar/cmd.gif? (5), > http://t bchat.caucasus.net/cmd.gif? (1), > 216.22.3.11 | 8 | http://h eidi.by.ru/cmdi.txt? (7), > http://h eidiz.by.ru/cmdi.txt? (1), > 62.149.36.116 | 8 | > http://w ww.fc-magdeburg.de/jscripts/tiny_mce/plugins/pic.gif?? (3), > http://w ww.discoverchimpanzees.org/blog/sendit.jpg?? (2), > http://u bk.no-ip.biz/shine.jpg?? (1), > http://w ww.sle.br/polvo2/script/ftv3doc.gif?? (1), > http://w ww.sle.br/polvo2/css/css.gif?? (1), > 85.25.148.178 | 7 | h ttp://213.133.108.122/alex.gif? (1), > http://c lubmusic.caucasus.net/Administrator/cmd.gif? (5), > http://w ww.ucanartists.org/components/com_extcalendar/cmd.gif? (1), > 69.13.6.170 | 7 | http://c ajem.by.ru/cmd.gif? (3), > http://k ama.opensolarisproject.com/phpBB2/files/cmd.gif? (1), > http://s upsup.by.ru/cmd.gif? (2), http://w > ww.bhlynx.org/htdig/sad.gif? (1), > 201.63.179.122 | 7 | http://d arkhand.netfast.org/list.txt??? (2), > http://w ww.locman.net/Guide/vkod/list.txt?? (3), http://g > odarmy.net/cmd.txt?? > (1), http://c hapolin.by.ru/cmds/list.txt? (1), > 219.67.171.131 | 7 | http://i ntra/ (7), > 193.39.119.174 | 6 | http://w ww.sirmet.it/pronti/cmd.txt?? (1), > http://w ww.overclockers.pl/images/r57.gif? (1), > http://w > ww.rldiseno.com/administrator/components/com_remository/morgancmd.gif? > (1), http://v irtual.uarg.unpa.edu.ar/myftp/list.txt? (1), > http://w ww.sirmet.it/pronti/cmd.txt? (1), > http://v irtual.uarg.unpa.edu.ar/myftp/list.txt?? (1), > 80.74.142.173 | 6 | http://7 2.232.231.10/~superbr/tk.txt?? (1), > http://t hebesthack.altervista.org/soka.txt? (2), > http://m rmorte.by.ru/r57.swf?&add=bot (1), > http://w ww.bhlynx.org/htdig/UPLOADING/full.gif? (2), > > Statistics: > IP Count (Unique): 11 > Hit Count: 79 (from same IP: 86.08%) > > > Malware | Hit Count | IPs (Count), ... | > cmd.gif | 279 | 69.93.147.242 (11), 85.25.148.178 (6), 69.13.6.170 (6), > 211.174.52.20 (4), 205.234.146.49 (4), 85.25.7.109 (3), 201.9.252.67 (3), > 204.157.9.185 (3), 216.46.205.101 (3), 70.86.237.202 (3), 66.228.211.16 > (3), > 206.225.82.46 (3), 213.192.241.44 (3), 82.208.181.122 (2), 64.34.203.104 > (2), > 216.104.149.111 (2), 201.19.41.223 (2), 140.138.2.234 (2), 82.194.78.30 > (2), > 151.8.228.196 (2), 82.194.70.92 (2), 66.111.45.130 (2), 202.8.87.197 (2), > 194.30.160.101 (2), 83.149.84.184 (2), 83.65.141.130 (2), 70.84.49.42 (2), > 203.146.247.79 (2), 212.34.138.206 (2), 72.22.90.219 (2), 216.16.246.240 > (2), > 195.214.44.149 (2), 193.84.250.29 (2), 130.94.69.17 (2), 216.174.97.241 > (2), > 202.5.195.7 (2), 201.9.216.138 (2), 62.149.140.17 (2), 213.202.247.177 > (2), > 66.249.137.127 (2), 69.31.45.194 (2), 65.98.67.250 (2), 200.32.5.203 (2), > 62.152.64.210 (2), 81.169.155.146 (2), 62.75.247.5 (2), 201.50.166.11 (2), > 62.103.159.219 (1), 82.165.181.50 (1), 201.19.27.135 (1), 200.62.64.1 (1), > 84.191.92.243 (1), 72.21.56.226 (1), 193.93.22.78 (1), 65.111.169.4 (1), > 205.234.105.84 (1), 81.169.176.252 (1), 208.53.170.148 (1), 87.253.128.30 > (1), 148.244.125.3 (1), 216.22.24.29 (1), 216.237.124.82 (1), > 82.79.190.155 > (1), 216.55.155.27 (1), 69.64.34.14 (1), 193.189.139.51 (1), 62.149.36.24 > (1), 62.193.237.34 (1), 212.227.127.183 (1), 203.22.204.167 (1), > 201.19.33.183 (1), 202.75.40.172 (1), 62.213.96.213 (1), 69.26.178.141 > (1), > 66.62.91.188 (1), 65.98.24.42 (1), 62.90.247.53 (1), 213.190.10.170 (1), > 195.225.196.213 (1), 81.33.30.22 (1), 202.75.48.81 (1), 201.27.130.105 > (1), > 80.86.83.26 (1), 201.8.170.227 (1), 195.117.34.114 (1), 209.200.229.90 > (1), > 204.157.11.179 (1), 203.150.230.119 (1), 194.135.81.25 (1), > 213.171.206.174 > (1), 69.9.37.130 (1), 201.19.41.150 (1), 201.238.227.107 (1), 72.36.228.18 > (1), 80.32.187.191 (1), 205.234.190.102 (1), 203.130.242.71 (1), > 193.165.77.26 (1), 172.178.51.210 (1), 200.42.92.84 (1), 65.110.9.76 (1), > 62.193.238.124 (1), 84.19.176.212 (1), 85.13.128.214 (1), 66.199.183.131 > (1), > 217.156.103.28 (1), 212.227.127.159 (1), 64.239.45.44 (1), 70.84.183.130 > (1), > 70.84.178.34 (1), 83.243.43.98 (1), 189.141.43.211 (1), 65.254.50.114 (1), > 70.85.230.210 (1), 85.25.134.185 (1), 64.66.120.30 (1), 216.32.67.66 (1), > 195.140.142.111 (1), 200.217.200.13 (1), 80.190.243.85 (1), 200.21.85.98 > (1), > 201.9.214.114 (1), 194.177.128.241 (1), 201.19.41.112 (1), 82.192.67.66 > (1), > 81.169.177.159 (1), 208.53.170.15 (1), 72.29.93.179 (1), 64.118.85.15 (1), > 61.64.159.247 (1), 213.188.35.62 (1), 72.36.229.154 (1), 193.238.106.20 > (1), > 198.173.64.81 (1), 62.193.238.72 (1), 203.162.202.137 (1), 208.49.83.50 > (1), > 82.150.135.90 (1), 201.9.192.32 (1), 204.157.10.95 (1), 70.84.86.122 (1), > 85.221.229.18 (1), 81.88.17.101 (1), 209.112.56.11 (1), 67.19.48.116 (1), > 193.109.252.107 (1), 205.234.252.143 (1), 65.254.139.52 (1), 62.75.177.72 > (1), 82.165.177.145 (1), 201.19.24.185 (1), 8.6.223.5 (1), 213.115.183.36 > (1), 205.205.189.1 (1), 212.227.119.154 (1), 85.12.17.242 (1), > 212.204.213.31 > (1), 212.97.96.139 (1), 195.34.78.100 (1), 201.19.43.137 (1), > 62.193.228.59 > (1), 66.232.114.230 (1), 216.193.201.201 (1), 200.101.93.29 (1), > 69.56.245.170 (1), 66.201.119.2 (1), 81.182.246.8 (1), 194.145.200.200 > (1), > 202.188.124.52 (1), 62.193.216.17 (1), 213.251.172.103 (1), 66.36.240.45 > (1), > 217.160.226.5 (1), 212.241.192.85 (1), 65.19.139.183 (1), 69.73.175.50 > (1), > 193.138.206.126 (1), 74.52.220.58 (1), 66.226.74.90 (1), 72.232.9.238 (1), > 83.143.85.50 (1), 64.76.24.214 (1), 202.158.89.67 (1), 12.6.95.21 (1), > 217.160.226.2 (1), 82.195.230.142 (1), 64.20.50.35 (1), 70.85.221.154 (1), > 72.36.179.162 (1), 212.227.96.202 (1), 64.91.255.130 (1), 209.160.32.106 > (1), > 209.59.163.222 (1), 213.186.34.130 (1), 216.227.215.62 (1), 201.9.209.49 > (1), > 72.29.64.229 (1), 200.162.196.214 (1), 213.247.60.210 (1), 72.9.248.146 > (1), > 205.234.235.173 (1), 218.150.78.201 (1), 64.34.166.126 (1), > cmd.txt | 123 | 87.238.209.101 (5), 212.110.122.165 (3), 62.193.237.22 > (3), > 64.3.156.59 (3), 81.29.75.112 (2), 217.160.252.4 (2), 85.119.219.36 (2), > 204.157.15.189 (2), 212.241.192.113 (2), 193.6.6.101 (2), 81.57.112.15 > (2), > 207.58.177.50 (2), 200.255.50.131 (2), 202.5.195.7 (2), 213.240.243.15 > (2), > 193.39.119.174 (2), 64.34.203.104 (1), 203.36.0.15 (1), 82.192.87.144 (1), > 201.75.27.149 (1), 85.98.229.152 (1), 88.232.110.242 (1), 201.63.179.122 > (1), > 213.189.27.96 (1), 87.238.208.100 (1), 201.19.16.223 (1), 204.2.106.3 (1), > 62.75.251.113 (1), 66.111.45.130 (1), 201.58.41.9 (1), 72.232.53.210 (1), > 82.165.183.17 (1), 88.226.0.154 (1), 208.234.20.125 (1), 66.18.160.59 (1), > 85.12.147.20 (1), 195.39.35.115 (1), 85.107.94.14 (1), 81.215.251.88 (1), > 62.166.203.203 (1), 200.168.144.40 (1), 62.193.226.73 (1), 88.226.0.79 > (1), > 72.36.190.242 (1), 82.98.74.4 (1), 194.44.38.218 (1), 64.8.114.14 (1), > 70.84.205.34 (1), 220.134.22.185 (1), 84.244.146.209 (1), 82.160.16.3 (1), > 85.101.26.131 (1), 86.127.26.72 (1), 85.106.226.172 (1), 85.101.195.146 > (1), > 69.61.12.2 (1), 65.254.36.146 (1), 64.34.168.95 (1), 213.188.35.62 (1), > 85.97.85.192 (1), 213.251.168.77 (1), 201.92.114.224 (1), 208.49.83.50 > (1), > 85.103.172.119 (1), 66.228.211.16 (1), 86.109.192.86 (1), 80.118.168.219 > (1), > 201.75.60.132 (1), 81.169.175.152 (1), 200.168.144.175 (1), 85.214.42.118 > (1), 213.161.194.235 (1), 205.205.189.1 (1), 85.108.187.234 (1), > 85.99.187.79 > (1), 87.118.98.140 (1), 195.34.78.100 (1), 85.107.93.3 (1), 64.0.197.99 > (1), > 207.58.138.211 (1), 204.15.121.100 (1), 195.46.154.122 (1), 210.196.116.84 > (1), 201.29.65.167 (1), 203.63.5.173 (1), 200.29.2.93 (1), 85.97.126.185 > (1), > 86.127.29.111 (1), 85.98.5.167 (1), 70.85.23.132 (1), 200.89.73.35 (1), > 81.214.168.249 (1), 86.127.26.31 (1), 193.202.89.13 (1), 200.243.56.196 > (1), > 85.99.224.67 (1), 207.58.129.57 (1), 84.191.212.176 (1), 64.118.84.10 (1), > 82.98.225.171 (1), 85.99.141.199 (1), > list.txt | 106 | 201.63.179.122 (6), 72.29.71.211 (3), 62.149.140.15 (3), > 216.139.67.90 (2), 207.150.191.52 (2), 195.149.99.131 (2), 209.172.34.86 > (2), > 70.85.154.226 (2), 70.87.86.130 (2), 202.143.173.2 (2), 193.39.119.174 > (2), > 84.252.146.194 (2), 81.169.155.146 (2), 72.52.184.4 (1), 213.251.132.191 > (1), > 82.165.235.5 (1), 216.22.24.29 (1), 72.29.68.123 (1), 216.104.149.111 (1), > 69.16.207.166 (1), 154.37.2.50 (1), 216.180.243.242 (1), 72.232.91.130 > (1), > 66.227.122.97 (1), 216.55.147.90 (1), 63.146.198.100 (1), 193.226.140.228 > (1), 67.19.80.180 (1), 216.130.161.111 (1), 66.197.195.101 (1), > 216.7.178.164 > (1), 64.27.5.179 (1), 69.72.224.106 (1), 204.157.11.179 (1), 217.112.42.25 > (1), 82.102.15.13 (1), 81.169.167.240 (1), 72.36.158.226 (1), > 209.59.195.31 > (1), 218.36.126.67 (1), 66.7.200.164 (1), 63.247.139.69 (1), 70.84.146.130 > (1), 65.254.50.114 (1), 87.17.78.245 (1), 194.30.160.11 (1), > 202.130.106.156 > (1), 209.59.130.114 (1), 194.79.71.157 (1), 201.42.41.18 (1), > 200.146.61.40 > (1), 203.88.114.169 (1), 161.132.144.50 (1), 151.51.63.190 (1), > 194.145.127.68 (1), 134.58.253.114 (1), 67.91.198.51 (1), 91.121.7.26 (1), > 72.21.51.210 (1), 72.18.130.32 (1), 209.33.215.180 (1), 210.0.211.228 (1), > 205.234.99.226 (1), 88.149.156.142 (1), 62.149.140.18 (1), 209.51.140.2 > (1), > 70.86.172.210 (1), 64.151.90.220 (1), 200.241.111.203 (1), 67.18.167.138 > (1), > 81.4.74.238 (1), 82.163.66.89 (1), 216.117.150.82 (1), 201.26.46.108 (1), > 87.118.98.140 (1), 216.227.217.6 (1), 64.0.197.99 (1), 193.25.197.122 (1), > 72.29.73.71 (1), 200.101.93.29 (1), 83.143.81.2 (1), 200.216.87.236 (1), > 83.243.154.180 (1), 72.36.202.166 (1), 216.246.45.69 (1), 210.208.204.56 > (1), > 38.118.74.77 (1), > c.txt | 60 | 213.193.229.39 (5), 86.54.102.2 (4), 195.10.193.5 (3), > 62.231.119.106 (3), 193.25.197.127 (3), 202.64.87.188 (2), 207.58.142.226 > (2), 65.75.190.245 (2), 158.66.1.12 (2), 209.47.167.151 (2), 193.198.217.3 > (1), 67.15.42.38 (1), 85.158.249.30 (1), 70.86.48.66 (1), 82.80.253.45 > (1), > 69.90.141.2 (1), 201.34.32.66 (1), 216.17.101.249 (1), 202.83.173.216 (1), > 196.203.35.2 (1), 195.189.226.241 (1), 194.67.32.44 (1), 58.71.41.3 (1), > 213.193.229.20 (1), 72.232.69.250 (1), 195.206.96.40 (1), 61.246.2.74 (1), > 195.46.71.19 (1), 193.43.88.3 (1), 87.238.162.143 (1), 83.228.34.135 (1), > 193.25.197.122 (1), 87.238.162.16 (1), 72.29.82.174 (1), 192.71.85.140 > (1), > 65.77.42.233 (1), 87.106.33.210 (1), 213.193.246.81 (1), 212.75.96.165 > (1), > 213.193.246.25 (1), 85.214.75.173 (1), 69.60.109.202 (1), > cmd.do | 53 | 200.24.106.14 (4), 141.44.47.74 (3), 200.188.219.122 (2), > 87.242.72.37 (2), 217.112.36.52 (2), 195.225.130.118 (2), 62.103.159.219 > (1), > 85.17.3.141 (1), 205.214.64.176 (1), 66.227.122.97 (1), 84.244.8.53 (1), > 69.155.36.50 (1), 81.21.79.93 (1), 209.8.117.170 (1), 70.86.234.234 (1), > 69.64.50.67 (1), 64.191.33.200 (1), 204.9.174.110 (1), 72.232.62.98 (1), > 67.159.21.37 (1), 64.92.171.58 (1), 64.38.19.238 (1), 62.193.248.88 (1), > 209.126.142.253 (1), 206.51.236.115 (1), 216.227.218.113 (1), 85.25.59.184 > (1), 213.83.63.53 (1), 208.49.83.50 (1), 208.101.43.190 (1), > 62.116.130.180 > (1), 67.18.229.90 (1), 147.94.192.41 (1), 66.225.239.199 (1), 91.143.130.1 > (1), 81.57.112.15 (1), 70.86.207.162 (1), 216.194.64.235 (1), > 69.56.243.130 > (1), 222.237.78.168 (1), 163.29.233.6 (1), 209.123.92.40 (1), 198.77.13.98 > (1), 62.4.84.36 (1), > c.in | 51 | 212.12.121.43 (3), 66.103.152.111 (3), 202.123.79.16 (3), > 193.138.230.200 (3), 62.221.213.68 (2), 64.8.118.5 (2), 66.230.196.135 > (2), > 64.199.142.69 (2), 209.47.167.151 (2), 66.246.134.221 (1), 67.19.143.130 > (1), > 89.207.232.18 (1), 204.11.234.28 (1), 64.38.11.6 (1), 64.15.138.182 (1), > 63.245.201.68 (1), 62.4.70.180 (1), 62.193.229.152 (1), 87.233.12.130 (1), > 70.86.36.194 (1), 209.47.139.138 (1), 67.19.224.66 (1), 81.183.219.157 > (1), > 213.193.230.201 (1), 70.86.151.130 (1), 66.7.193.220 (1), 218.38.14.205 > (1), > 72.22.69.224 (1), 189.146.75.42 (1), 75.126.58.208 (1), 72.36.155.170 (1), > 70.84.122.194 (1), 66.235.206.151 (1), 72.51.35.25 (1), 204.16.246.8 (1), > 67.18.252.98 (1), 202.139.20.8 (1), 85.92.70.238 (1), > tk.txt | 48 | 83.137.17.37 (2), 202.181.206.50 (2), 61.194.40.108 (2), > 72.5.54.40 (2), 203.146.140.221 (1), 205.234.190.84 (1), 216.61.218.2 (1), > 66.226.64.33 (1), 198.64.149.204 (1), 64.202.123.184 (1), 82.217.225.104 > (1), > 87.233.14.82 (1), 205.234.190.102 (1), 62.193.234.11 (1), 212.80.70.2 (1), > 87.117.224.250 (1), 72.36.190.242 (1), 69.0.231.197 (1), 62.111.211.194 > (1), > 64.8.114.14 (1), 81.29.195.54 (1), 213.192.241.47 (1), 209.59.137.106 (1), > 69.64.33.9 (1), 212.34.138.238 (1), 209.172.34.86 (1), 80.74.142.173 (1), > 194.109.148.172 (1), 216.120.228.160 (1), 62.193.228.59 (1), > 217.71.214.135 > (1), 67.159.26.207 (1), 212.241.248.177 (1), 211.115.217.151 (1), > 150.140.140.91 (1), 209.126.254.191 (1), 213.240.243.15 (1), > 201.32.170.233 > (1), 64.76.24.214 (1), 62.193.226.57 (1), 200.161.198.118 (1), > 213.184.216.134 (1), 206.251.247.140 (1), 204.14.110.100 (1), > sad.gif | 40 | 212.110.122.165 (2), 81.169.175.152 (2), 82.208.181.122 > (1), > 193.93.22.78 (1), 216.246.60.183 (1), 216.70.72.167 (1), 205.234.223.151 > (1), > 62.75.161.45 (1), 85.17.53.242 (1), 216.7.178.164 (1), 219.95.3.182 (1), > 128.121.21.33 (1), 218.111.135.154 (1), 194.204.11.67 (1), 200.162.196.187 > (1), 69.13.6.170 (1), 220.134.22.185 (1), 67.19.25.34 (1), 200.234.201.118 > (1), 67.19.71.228 (1), 210.245.226.52 (1), 83.143.81.22 (1), 64.20.33.154 > (1), 81.0.254.66 (1), 72.232.25.58 (1), 64.34.169.139 (1), 68.23.46.65 > (1), > 204.157.11.61 (1), 212.3.242.140 (1), 81.222.134.125 (1), 222.122.46.217 > (1), > 202.5.195.7 (1), 198.173.81.121 (1), 222.122.31.173 (1), 72.36.155.138 > (1), > 64.106.143.220 (1), 83.14.225.50 (1), 213.239.175.53 (1), > tool20.dat | 37 | 85.98.228.55 (3), 81.215.251.73 (2), 81.214.163.255 (2), > 81.214.160.78 (1), 81.215.248.208 (1), 81.215.245.81 (1), 81.214.168.215 > (1), > 81.214.165.43 (1), 85.104.40.203 (1), 81.214.161.240 (1), 81.215.237.251 > (1), > 81.214.174.71 (1), 81.214.169.172 (1), 81.214.172.202 (1), 81.214.171.65 > (1), > 81.214.168.116 (1), 85.98.123.10 (1), 81.214.166.1 (1), 81.214.175.73 (1), > 81.214.164.94 (1), 81.215.247.8 (1), 85.98.123.29 (1), 201.19.113.219 (1), > 81.214.164.5 (1), 201.19.65.249 (1), 81.214.169.97 (1), 81.215.255.156 > (1), > 85.104.40.207 (1), 81.214.169.190 (1), 81.214.175.27 (1), 81.214.171.215 > (1), > 81.214.162.240 (1), 81.214.172.207 (1), > c.php.txt | 32 | 81.183.219.157 (2), 64.199.142.69 (2), 202.60.74.106 (2), > 84.19.182.32 (1), 72.36.192.42 (1), 193.164.131.35 (1), 85.43.93.220 (1), > 65.42.183.2 (1), 81.92.6.204 (1), 70.84.178.34 (1), 195.2.72.34 (1), > 72.232.214.242 (1), 66.165.236.122 (1), 72.29.75.151 (1), 195.138.198.28 > (1), > 208.101.29.107 (1), 67.19.37.228 (1), 66.103.130.131 (1), 70.86.36.194 > (1), > 195.238.74.73 (1), 219.93.90.33 (1), 66.235.209.82 (1), 85.25.11.42 (1), > 66.45.242.178 (1), 66.235.206.151 (1), 195.2.72.35 (1), 69.93.128.17 (1), > 212.24.224.18 (1), 72.232.6.132 (1), > > Statistics: > Malware Count (Unique): 11 > Malware Hit Count: 829 (from same IP: 98.67%) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists