|

ASNs Involved in Today’s Attack

As from this afternoon, we are experiencing a coordinated attack, from various lot of IPs all over the world. Not a very fast and clever attack, i have seen much more “targeted” and faster. They search for all kind of system files, backups, password files and more.

This is not the first time we have experienced one of these attacks and i guess we are not the only ones. They usually originate from Cloud/VPNs and last from several hours to a day.

Here are the ASNs and the Networks involved as they are discovered and blocked. It is not always clear who is the ASN owner, because some IPs seems rented from companies like IPXO. ASN and IP Data is checked with IPINFO.io. All those ASNs and companies are no surprise to us, they are “usual suspects” when we are under any kind of attack. ASNs from IPXO, Clouvider and M247 are almost every time participating in the attack.

The attack started on 19 of July at 19:39:16 and ended at 22:58:42. A total of 885 attacks.

ASNOwner/Network/Companies Involved
AS13213UK-2 Limited/EXPRESS VPN
AS206092IPXO LIMITED/Falco Networks B.V./Express-Equinix-London/Netrouting, Inc./Sheimo Scorpion Data AB/TnR Technologies B.V./John Macleod trading as Howick Digital
AS62240Clouvider/Noop, LLC/IPXO LIMITED
AS42708GleSYS AB/Falco Networks B.V.
AS206804EstNOC-Global/Panq B.V.
AS24768ALMOUROLTEC/LIS DEDICATED SERVERS
AS137409GSL Networks Pty LTD/Turkbil Telekomunikasyon/M Nets SAL
AS40676Psychz Networks
AS56322ServerAstra Kft.
AS61272Informacines sistemos ir technologijos, UAB
AS9009M247 Europe SRL
AS42831UK Dedicated Servers Limited/Legaco Networks B.V.

Now you know what to avoid and block.