# Dragon Research Group (DRG) # HTTP report # 2013-05-18 00:05:01 - 2013-05-25 00:05:01 # # README: The http report is for free for non-commercial use # ONLY. If you wish to discuss commercial use of this # service, please contact the Dragon Research Group (DRG) # for more information. Redistribution of the http # report is prohibited without the express permission of # the Dragon Research Group (DRG). # # ------------------------------------------------------------------- # NOTE: LEGITIMATE SEARCH ENGINE BOTS MAY BE IN THIS LIST. # ------------------------------------------------------------------- # This report is informational. It is not a blacklist, but # some operators may choose to use it to help protect their networks # and hosts in the forms of automated reporting and mitigation # services. If you are an operator, please review this list # carefully before using it in such a fashion, to ensure that # legitimate services are not disrupted. # ------------------------------------------------------------------- # # The data is provided on an as-is basis with no expressed warranty # or guarantee of accuracy. Use of this data is at your own risk. # If you have questions about this report do not hesitate to contact # us by any of the means below. # # The Dragon Research Group (DRG) is a volunteer research # organization dedicated to further the understanding of # online criminality and to provide actionable intelligence # for the benefit of the entire Internet community. # # URL: # email: dragon@dragonresearchgroup.org # PGP key: 0x47196BBF # IRC: irc://irc.freenode.net/drg # Twitter: http://twitter.com/dragonresearch # # Entries consist of fields with identifying characteristics of a # a source IP address that has been seen sending HTTP requests # to Dragon Research Pods. This report lists hosts that are highly # suspicious and are likely conducting malicious HTTP attacks. # Each entry is sorted according to a route origination ASN. # An entry for the IP address may be listed more than once if there # are multiple origin AS (MOAS) announcements for the covering prefix. # We use the Team Cymru IP address to ASN mapping service to construct # an origin AS number and name. For details about this Team Cymru # service, see . # # Formatting is as follows: # # ASN | ASname | netblock | utc | category # # Each field is described below. Please note any special formatting # rules to aid in processing this file with automated tools and scripts. # Blank lines may be present to improve the visual display of this file. # Lines beginning with a hash ('#') character are comment lines. All # other lines are report entries. Each field is separated by a pipe # symbol ('|') and at least two whitespace characters on either side. # # ASN Autonomous system number originating a route for the entry # IP address. Note, 4-byte ASNs are supported and will be # displayed as a 32-bit integer. # # ASname A descriptive network name for the associated ASN. The # name is truncated to 30 characters. # # netblock The source IPv4 or IPv6 network that is being reported. # For IPv4 this will be the /24 the actual host IP is in. # For IPv6 this will be the /64 the actual host IP is in. # # utc A last seen timestamp formatted as YYYY-MM-DD HH:MM:SS # and in UTC time. # # category Descriptive tag name for this entry. For this report, # the text 'http' will appear. # 224 | UNINETT UNINETT, The Norwegian | 129.241.220.0/24 | 2013-05-20 02:00:54 | http 701 | UUNET - MCI Communications Ser | 96.254.171.0/24 | 2013-05-24 04:43:42 | http 2497 | IIJ Internet Initiative Japan | 118.151.186.0/24 | 2013-05-23 16:03:46 | http 2607 | SANET Slovak Academic Network | 147.213.125.0/24 | 2013-05-24 12:19:56 | http 2828 | XO-AS15 - XO Communications | 67.155.124.0/24 | 2013-05-23 08:43:55 | http 3215 | AS3215 France Telecom S.A. | 90.21.149.0/24 | 2013-05-20 13:15:23 | http 3320 | DTAG Deutsche Telekom AG | 80.153.56.0/24 | 2013-05-24 11:30:45 | http 3356 | LEVEL3 Level 3 Communications | 69.57.115.0/24 | 2013-05-21 22:46:21 | http 3462 | HINET Data Communication Busin | 1.172.56.0/24 | 2013-05-18 18:45:33 | http 3595 | GNAXNET-AS - Global Net Access | 72.9.247.0/24 | 2013-05-22 02:23:37 | http 3758 | ERX-SINGNET SingNet | 203.125.58.0/24 | 2013-05-19 18:54:37 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 61.175.203.0/24 | 2013-05-24 03:20:28 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 218.75.110.0/24 | 2013-05-20 19:51:57 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 60.163.50.0/24 | 2013-05-21 07:32:35 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 118.123.36.0/24 | 2013-05-21 05:09:59 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 113.106.172.0/24 | 2013-05-21 11:02:44 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 211.155.224.0/24 | 2013-05-23 23:17:01 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 49.113.94.0/24 | 2013-05-22 03:02:57 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 218.95.142.0/24 | 2013-05-20 15:15:06 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 180.111.41.0/24 | 2013-05-22 03:30:53 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 221.228.195.0/24 | 2013-05-20 02:38:41 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 111.75.197.0/24 | 2013-05-20 19:42:34 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 125.67.246.0/24 | 2013-05-23 21:12:24 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 58.210.23.0/24 | 2013-05-19 01:34:11 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 118.121.44.0/24 | 2013-05-21 09:45:23 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 218.6.135.0/24 | 2013-05-22 06:17:12 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 58.213.159.0/24 | 2013-05-24 05:49:04 | http 4134 | CHINANET-BACKBONE No.31,Jin-ro | 222.93.101.0/24 | 2013-05-19 04:48:00 | http 4323 | TWTC - tw telecom holdings, in | 66.193.171.0/24 | 2013-05-23 22:56:04 | http 4323 | TWTC - tw telecom holdings, in | 74.203.171.0/24 | 2013-05-18 22:25:18 | http 4323 | TWTC - tw telecom holdings, in | 50.59.209.0/24 | 2013-05-19 03:53:41 | http 4538 | ERX-CERNET-BKB China Education | 222.31.40.0/24 | 2013-05-24 04:03:01 | http 4538 | ERX-CERNET-BKB China Education | 222.195.138.0/24 | 2013-05-22 08:14:14 | http 4725 | ODN SOFTBANK TELECOM Corp. | 210.175.78.0/24 | 2013-05-18 08:53:55 | http 4755 | TATACOMM-AS TATA Communication | 115.112.206.0/24 | 2013-05-21 04:32:56 | http 4760 | HKTIMS-AP PCCW Limited | 116.48.100.0/24 | 2013-05-18 06:50:36 | http 4808 | CHINA169-BJ CNCGROUP IP networ | 119.253.53.0/24 | 2013-05-20 16:48:05 | http 4808 | CHINA169-BJ CNCGROUP IP networ | 59.108.88.0/24 | 2013-05-23 04:42:16 | http 4808 | CHINA169-BJ CNCGROUP IP networ | 114.255.20.0/24 | 2013-05-24 08:04:50 | http 4808 | CHINA169-BJ CNCGROUP IP networ | 125.33.85.0/24 | 2013-05-20 11:07:02 | http 4808 | CHINA169-BJ CNCGROUP IP networ | 114.112.178.0/24 | 2013-05-23 04:46:51 | http 4808 | CHINA169-BJ CNCGROUP IP networ | 123.114.106.0/24 | 2013-05-22 01:10:11 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 1.58.246.0/24 | 2013-05-19 00:25:24 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 61.161.172.0/24 | 2013-05-19 14:26:31 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 123.15.57.0/24 | 2013-05-21 23:50:18 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 221.8.66.0/24 | 2013-05-20 15:27:08 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 58.19.126.0/24 | 2013-05-20 11:28:46 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 221.212.217.0/24 | 2013-05-23 15:12:38 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 218.56.108.0/24 | 2013-05-20 10:26:08 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 61.136.68.0/24 | 2013-05-19 06:51:48 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 221.7.214.0/24 | 2013-05-23 12:06:13 | http 4837 | CHINA169-BACKBONE CNCGROUP Chi | 122.96.48.0/24 | 2013-05-22 04:08:00 | http 5483 | HTC-AS Magyar Telekom plc. | 195.228.228.0/24 | 2013-05-21 01:03:18 | http 6128 | CABLE-NET-1 - Cablevision Syst | 96.56.112.0/24 | 2013-05-22 15:42:08 | http 6147 | Telefonica del Peru S.A.A. | 190.40.40.0/24 | 2013-05-20 01:49:28 | http 6327 | SHAW - Shaw Communications Inc | 24.109.204.0/24 | 2013-05-18 06:28:06 | http 6327 | SHAW - Shaw Communications Inc | 64.251.64.0/24 | 2013-05-22 08:47:21 | http 6939 | HURRICANE - Hurricane Electric | 74.207.249.0/24 | 2013-05-20 17:53:08 | http 7155 | WB-DEN2 - Viasat Communication | 184.63.26.0/24 | 2013-05-20 03:59:27 | http 7796 | ATMLINK - ATMLINK, INC. | 216.240.136.0/24 | 2013-05-24 23:04:06 | http 7922 | COMCAST-7922 - Comcast Cable C | 76.124.64.0/24 | 2013-05-20 20:27:28 | http 8075 | MICROSOFT-CORP---MSN-AS-BLOCK | 137.117.80.0/24 | 2013-05-23 15:08:29 | http 8100 | IPTELLIGENT - IPTelligent LLC | 96.47.226.0/24 | 2013-05-24 03:00:32 | http 8167 | Brasil Telecom S/A - Filial Di | 187.52.139.0/24 | 2013-05-18 08:23:18 | http 8402 | CORBINA-AS OJSC _Vimpelcom_ | 93.81.198.0/24 | 2013-05-20 07:18:41 | http 8402 | CORBINA-AS OJSC _Vimpelcom_ | 93.81.217.0/24 | 2013-05-19 06:15:30 | http 8551 | BEZEQ-INTERNATIONAL-AS Bezeqin | 79.182.67.0/24 | 2013-05-24 03:09:36 | http 8972 | PLUSSERVER-AS intergenia AG | 188.138.112.0/24 | 2013-05-21 13:54:09 | http 9318 | HANARO-AS Hanaro Telecom Inc. | 175.124.9.0/24 | 2013-05-24 04:59:07 | http 9318 | HANARO-AS Hanaro Telecom Inc. | 175.119.226.0/24 | 2013-05-21 00:06:57 | http 9394 | CRNET CHINA RAILWAY Internet(C | 222.33.193.0/24 | 2013-05-19 10:06:59 | http 9667 | HOSTWORKS-AS-AP Hostworks Pty | 202.59.43.0/24 | 2013-05-19 14:58:43 | http 9803 | JINGXUN Beijing Jingxun Public | 211.100.52.0/24 | 2013-05-24 19:58:20 | http 9808 | CMNET-GD Guangdong Mobile Comm | 111.0.37.0/24 | 2013-05-21 12:34:51 | http 9929 | CNCNET-CN China Netcom Corp. | 210.51.10.0/24 | 2013-05-19 11:14:42 | http 10297 | ENET-2 - eNET Inc. | 209.190.93.0/24 | 2013-05-24 04:32:13 | http 10436 | Instituto Tecnológico y de Es | 148.241.188.0/24 | 2013-05-19 14:11:14 | http 10933 | ATXNET-AS - ATX Telecommunicat | 146.145.80.0/24 | 2013-05-18 15:55:29 | http 10954 | SERVICO FEDERAL DE PROCESSAMEN | 189.9.32.0/24 | 2013-05-22 18:47:54 | http 11427 | SCRR-11427 - Time Warner Cable | 50.84.17.0/24 | 2013-05-20 08:44:28 | http 12091 | MTNNS-AS | 196.13.231.0/24 | 2013-05-21 12:24:00 | http 12322 | PROXAD Free SAS | 88.190.235.0/24 | 2013-05-18 12:44:32 | http 12322 | PROXAD Free SAS | 88.191.187.0/24 | 2013-05-24 21:30:41 | http 13238 | YANDEX Yandex LLC | 178.154.243.0/24 | 2013-05-23 01:37:02 | http 13367 | COMCAST-13367 - Comcast Cable | 70.89.198.0/24 | 2013-05-24 12:30:47 | http 14259 | Gtd Internet S.A. | 201.238.239.0/24 | 2013-05-22 17:05:40 | http 14618 | AMAZON-AES - Amazon.com, Inc. | 184.73.188.0/24 | 2013-05-20 21:55:10 | http 14638 | LCPR-HSD - Liberty Cablevision | 24.139.179.0/24 | 2013-05-20 16:11:45 | http 14989 | BROADVIEWNET - Broadview Netwo | 64.61.184.0/24 | 2013-05-23 01:45:30 | http 15083 | INFOLINK-MIA-US - Infolink | 64.251.25.0/24 | 2013-05-23 23:47:41 | http 15169 | GOOGLE - Google Inc. | 66.249.76.0/24 | 2013-05-18 13:41:29 | http 15169 | GOOGLE - Google Inc. | 66.249.74.0/24 | 2013-05-20 13:44:19 | http 15685 | CASABLANCA-AS Casablanca INT A | 77.78.84.0/24 | 2013-05-23 16:26:35 | http 15808 | ACCESSKENYA-KE ACCESSKENYA GRO | 196.200.16.0/24 | 2013-05-20 23:49:33 | http 15830 | TELECITY-LON TELECITYGROUP INT | 178.79.168.0/24 | 2013-05-23 03:00:05 | http 16265 | LEASEWEB LeaseWeb B.V. | 85.17.141.0/24 | 2013-05-24 22:19:38 | http 16265 | LEASEWEB LeaseWeb B.V. | 85.17.156.0/24 | 2013-05-22 09:45:49 | http 16265 | LEASEWEB LeaseWeb B.V. | 95.211.33.0/24 | 2013-05-21 02:56:48 | http 16276 | OVH OVH Systems | 94.23.45.0/24 | 2013-05-25 00:02:03 | http 16276 | OVH OVH Systems | 188.165.128.0/24 | 2013-05-19 08:27:33 | http 16333 | ONNET-AS-OWN ONE Telecommunica | 217.16.90.0/24 | 2013-05-24 04:28:51 | http 16509 | AMAZON-02 - Amazon.com, Inc. | 54.244.128.0/24 | 2013-05-19 19:35:19 | http 16527 | GVTCINTERNET - Guadalupe Valle | 96.8.243.0/24 | 2013-05-21 10:38:19 | http 16637 | MTNNS-AS | 196.13.231.0/24 | 2013-05-21 12:24:00 | http 16814 | NSS S.A. | 200.68.72.0/24 | 2013-05-22 18:41:06 | http 17379 | Intelig Telecomunicações Ltd | 187.48.62.0/24 | 2013-05-24 05:18:12 | http 17506 | UCOM UCOM Corp. | 58.158.229.0/24 | 2013-05-23 20:23:54 | http 17672 | CHINATELECOM-HE-AS-AP asn for | 118.186.10.0/24 | 2013-05-23 04:42:09 | http 17816 | CHINA169-GZ China Unicom IP ne | 218.249.78.0/24 | 2013-05-24 22:28:50 | http 17895 | GLOBALREACH-AP Globalreach eBu | 114.198.139.0/24 | 2013-05-24 23:39:11 | http 17974 | TELKOMNET-AS2-AP PT Telekomuni | 118.97.55.0/24 | 2013-05-23 15:36:24 | http 18229 | CTRLS-AS-IN CtrlS Datacenters | 202.65.158.0/24 | 2013-05-21 18:58:23 | http 18302 | SKG_NW-AS-KR SK Telecom | 219.252.183.0/24 | 2013-05-22 04:48:29 | http 18403 | FPT-AS-AP The Corporation for | 118.70.128.0/24 | 2013-05-19 15:04:33 | http 18881 | Global Village Telecom | 177.19.226.0/24 | 2013-05-20 20:55:59 | http 18881 | Global Village Telecom | 187.115.134.0/24 | 2013-05-20 16:42:42 | http 19429 | ETB - Colombia | 201.245.192.0/24 | 2013-05-18 17:15:51 | http 20002 | Telstar S.A. | 200.71.17.0/24 | 2013-05-20 15:37:07 | http 21844 | THEPLANET-AS - ThePlanet.com I | 174.123.171.0/24 | 2013-05-23 16:54:24 | http 22773 | ASN-CXA-ALL-CCI-22773-RDC - Co | 98.189.116.0/24 | 2013-05-24 05:26:41 | http 22773 | ASN-CXA-ALL-CCI-22773-RDC - Co | 184.187.15.0/24 | 2013-05-24 08:27:36 | http 22773 | ASN-CXA-ALL-CCI-22773-RDC - Co | 98.191.202.0/24 | 2013-05-20 08:14:13 | http 22990 | ALBANYEDU - The University at | 169.226.52.0/24 | 2013-05-21 19:36:23 | http 23352 | SERVERCENTRAL - Server Central | 204.93.180.0/24 | 2013-05-21 00:20:59 | http 23650 | CHINANET-JS-AS-AP AS Number fo | 58.218.199.0/24 | 2013-05-23 13:02:19 | http 23724 | CHINANET-IDC-BJ-AP IDC, China | 211.100.52.0/24 | 2013-05-24 19:58:20 | http 23724 | CHINANET-IDC-BJ-AP IDC, China | 110.173.1.0/24 | 2013-05-23 03:28:56 | http 24560 | AIRTELBROADBAND-AS-AP Bharti A | 122.160.168.0/24 | 2013-05-18 23:27:46 | http 24940 | HETZNER-AS Hetzner Online AG | 213.239.211.0/24 | 2013-05-23 22:38:38 | http 26272 | FT-ASN-1001 - FortaTrust USA C | 200.35.149.0/24 | 2013-05-20 15:14:48 | http 28378 | TV Rey de Occidente, S.A. de C | 201.159.38.0/24 | 2013-05-20 06:49:46 | http 28642 | Contato Internet Ltda EPP | 201.76.2.0/24 | 2013-05-24 07:29:16 | http 29073 | ECATEL-AS AS29073, Ecatel Netw | 94.102.51.0/24 | 2013-05-25 00:02:13 | http 29761 | OC3-NETWORKS-AS-NUMBER Web Afr | 96.44.189.0/24 | 2013-05-21 14:55:16 | http 29854 | WESTHOST - WestHost, Inc. | 206.190.130.0/24 | 2013-05-20 02:54:52 | http 30900 | WEBWORLD-AS Web World Ireland | 217.115.112.0/24 | 2013-05-19 09:02:12 | http 32613 | IWEB-AS - iWeb Technologies In | 64.15.129.0/24 | 2013-05-24 14:28:58 | http 32613 | IWEB-AS - iWeb Technologies In | 174.142.53.0/24 | 2013-05-18 00:54:56 | http 33165 | MISSOURI-NETWORK-ALLIANCE - Mi | 72.35.184.0/24 | 2013-05-20 01:45:54 | http 33287 | COMCAST-33287 - Comcast Cable | 76.124.64.0/24 | 2013-05-20 20:27:28 | http 33651 | CMCS - Comcast Cable Communica | 75.147.142.0/24 | 2013-05-20 18:31:20 | http 33657 | CMCS - Comcast Cable Communica | 50.197.29.0/24 | 2013-05-24 19:43:27 | http 34430 | QORE-AS Connect Data Solutions | 81.18.252.0/24 | 2013-05-19 16:48:43 | http 35908 | VPLSNET - Krypt Technologies | 98.126.106.0/24 | 2013-05-22 00:17:40 | http 36114 | VERSAWEB-ASN - Versaweb, LLC | 76.164.194.0/24 | 2013-05-19 10:12:58 | http 37492 | ORANGE-TN | 41.224.253.0/24 | 2013-05-22 00:59:05 | http 37903 | EMOBILE eMobile Ltd. | 117.55.65.0/24 | 2013-05-20 00:48:19 | http 38716 | HGAIT-AS-AU-AP DC West Pty. Lt | 118.88.20.0/24 | 2013-05-22 09:46:15 | http 38895 | AMAZON-AS-AP Amazon.com Tech T | 122.248.245.0/24 | 2013-05-23 11:31:14 | http 40701 | ETC-NET - Energy Transfer Comp | 74.203.171.0/24 | 2013-05-18 22:25:18 | http 45775 | WISHNET-AS-AP Wish Net Private | 223.223.156.0/24 | 2013-05-20 21:33:47 | http 45903 | CMCTI-AS-VN CMC Telecom Infras | 183.91.14.0/24 | 2013-05-24 23:10:36 | http 48685 | OK-AS Opin Kerfi ehf. | 94.142.155.0/24 | 2013-05-24 18:29:10 | http 50613 | THORDC-AS THOR Data Center ehf | 82.221.102.0/24 | 2013-05-22 01:24:32 | http 51731 | GTT-AS GTT a.s. | 46.36.35.0/24 | 2013-05-23 16:07:10 | http 54669 | UIS-ORL - Unique Information S | 50.59.209.0/24 | 2013-05-19 03:53:41 | http 56041 | CMNET-ZHEJIANG-AP China Mobile | 111.0.37.0/24 | 2013-05-21 12:34:51 | http 262725 | RG SILVEIRA LTDA | 186.235.65.0/24 | 2013-05-22 02:34:20 | http # # Statistics # ASNs: 112 # Addresses: 152