Blog for hpHosts, and whatever else I feel like writing about ....

Friday 2 March 2012

Alert: 199.19.215.0/24

People often ask me what I do to try and escape or get a break from work, and I always give the same answer - I don't get time for breaks - too much to do (thought I had 3,000 active cases, turns out it's over 600,000 and growing daily). The latest ones involve not surprisingly, the Blackhole exploit kit.

A friend dropped me a note due to something that had been found and he's needing analysis. I did that, then scanned the rest of the range looking for more, and found a second server involved.

199.19.215.133
199.19.215.19

Both of these are on Vexxhost' IP space, and Vexxhost are being completely unresponsive (were sent an e-mail etc 2 days ago).

Filenames are a little different from last time, code is still stupidly easy to decode though (see previous blogs on that). In this case, the files are at;

hxxp://199.19.215.133/stats/content/jav2.jar
hxxp://199.19.215.133/stats/files/18
hxxp://199.19.215.133/stats/files/19
hxxp://199.19.215.133/stats/files/23
hxxp://199.19.215.133/stats/files/24

hxxp://199.19.215.19/stats/content/jav2.jar
hxxp://199.19.215.19/stats/files/18
hxxp://199.19.215.19/stats/files/19
hxxp://199.19.215.19/stats/files/23
hxxp://199.19.215.19/stats/files/24
Posted by MysteryFCM at 09:41

1 comment:

Kafeine said...

Take a look at these ips :

109.235.49.23
128.204.202.35
146.185.244.14
146.185.244.25
188.190.98.162
188.190.98.163
190.123.200.110
195.189.226.50
199.255.236.212
208.115.205.41
209.135.132.62
31.184.237.23
46.37.186.134
46.37.186.135
62.122.74.105
62.122.74.150
66.151.138.230
66.151.244.101
77.79.13.88
78.111.51.123
79.137.237.66
83.69.233.102
83.69.233.17
83.69.233.214
83.69.233.76
85.114.134.161
85.192.45.75
85.192.45.75
85.192.45.80
85.192.45.80
85.192.45.81
85.192.45.81
91.196.216.100
91.196.216.102
91.196.216.152
91.196.216.53
91.196.216.98
91.205.74.23
91.213.8.222
91.218.37.236
91.218.38.157
91.218.38.167
91.218.38.168
91.218.38.173
91.218.38.246
91.218.38.250
91.218.38.251
91.218.39.167
91.218.39.168
91.218.39.173
91.232.199.100
91.232.199.101
91.232.199.102
91.232.199.103
91.232.199.104
91.232.199.105
91.232.199.106
91.232.199.107
91.232.199.108
91.232.199.109
91.232.199.110
91.232.199.111
91.232.199.112
91.232.199.120
91.232.199.83
91.232.199.87
91.232.199.88
91.232.199.89
91.232.199.90
91.232.199.92
91.232.199.93
91.232.199.94
91.232.199.95
91.232.199.97
91.232.199.98
91.232.199.99
95.143.193.183
95.163.67.205
95.163.89.229
96.41.64.177

All hosting BH EK.
91.232.199.0/24
Regards :)

4 March 2012 at 05:33

Post a Comment

Subscribe to: Post Comments (Atom)