Instantly share code, notes, and snippets.

@9b /java-se.com.csv
Last active Aug 29, 2015

Embed
What would you like to do?
Download ZIP
Raw
java-se.com.csv
Subdomain Resolve First Last Source
jdk-7u12-windows-i586 210.253.96.200 2014-10-02 12:16:03 2014-10-03 12:16:08 --
jre 210.253.99.103 2014-10-01 10:41:54 2014-10-03 11:46:21 --
ud 119.205.217.104 2014-10-01 10:41:53 2014-10-03 11:46:21 --
www 96.7.111.133 2014-10-01 10:41:54 2014-10-03 11:46:20 --
kr 202.181.133.215 2014-10-01 10:41:54 2014-10-03 11:46:20 --
up 210.253.99.103 2014-10-01 10:41:54 2014-10-03 11:46:20 --
ns 10.0.1.9 2014-10-01 10:41:53 2014-10-03 11:46:20 --
ga 121.78.246.174 2014-10-01 10:41:53 2014-10-03 11:46:19 --
idc 112.175.143.2 2014-10-01 10:41:54 2014-10-03 11:46:19 --
hk 112.175.143.2 2014-10-01 10:41:55 2014-10-03 11:46:19 --
jre76 211.125.81.203 2014-10-01 10:41:53 2014-10-03 11:46:19 --
jre 210.253.99.103 2014-08-15 15:15:41 2014-10-03 09:20:09 --
kr 202.181.133.215 2014-08-13 21:11:44 2014-10-03 09:17:25 --
ns 10.0.1.9 2014-08-14 00:12:05 2014-10-03 09:16:41 --
jre7 210.172.148.40 2014-08-14 00:08:22 2014-10-03 09:11:54 --
jre76 211.125.81.203 2014-07-24 06:12:37 2014-10-03 08:08:13 --
idc 112.175.143.2 2014-09-26 04:31:21 2014-10-03 07:44:07 --
ga 121.78.246.174 2014-08-13 21:57:26 2014-10-03 07:42:26 --
up 210.253.99.103 2014-08-13 21:57:27 2014-10-03 07:37:15 --
uc 119.205.217.104 2014-10-01 05:57:15 2014-10-03 07:04:41 --
jre7 210.172.148.40 2014-10-01 05:57:16 2014-10-03 07:04:41 --
jre76 211.125.81.203 2014-08-13 21:31:57 2014-10-03 06:53:04 --
www 96.7.111.133 2014-08-14 00:32:44 2014-10-03 06:51:50 --
ud 119.205.217.104 2014-08-14 00:28:47 2014-10-03 06:45:01 --
uc 119.205.217.104 2014-08-14 00:22:18 2014-10-03 06:35:29 --
hk 112.175.143.2 2014-09-26 03:29:22 2014-10-03 06:31:57 --
81 124.248.237.26 2014-10-01 17:22:52 2014-10-02 17:54:02 --
jdk-7u12-windows-i586 210.253.96.200 2014-09-26 01:16:11 2014-10-01 01:16:04 --
81 124.248.237.26 2014-09-22 11:49:21 2014-09-30 16:39:23 --
www 96.7.111.133 2014-09-01 18:20:43 2014-09-30 10:25:49 --
up 210.253.99.103 2014-09-01 18:20:17 2014-09-30 10:25:46 --
jre76 211.125.81.203 2014-09-01 18:18:10 2014-09-30 10:25:46 --
ns 10.0.1.9 2014-09-04 01:16:50 2014-09-30 10:25:46 --
jre 210.253.99.103 2014-09-01 18:18:11 2014-09-30 10:25:46 --
idc 112.175.143.2 2014-09-26 08:35:41 2014-09-30 10:25:46 --
ud 119.205.217.104 2014-09-01 18:20:13 2014-09-30 10:25:46 --
kr 202.181.133.215 2014-09-01 18:18:22 2014-09-30 10:25:45 --
ga 121.78.246.174 2014-09-01 18:17:19 2014-09-30 10:25:45 --
hk 112.175.143.2 2014-09-26 08:35:40 2014-09-30 10:25:45 --
uc 119.205.217.104 2014-09-01 18:20:12 2014-09-30 05:41:16 --
jre7 210.172.148.40 2014-09-01 18:18:14 2014-09-30 05:41:15 --
jdk-7u12-windows-i586 210.253.96.200 2014-09-24 09:49:58 2014-09-27 14:10:33 --
idc 211.233.89.182 2014-09-17 10:00:42 2014-09-26 07:39:14 --
hk 211.233.89.182 2014-09-17 10:00:38 2014-09-26 07:39:13 --
idc 211.233.89.182 2014-09-17 04:52:41 2014-09-26 01:44:58 --
hk 211.233.89.182 2014-09-17 03:38:28 2014-09-26 00:38:10 --
81 223.29.248.9 2014-09-01 12:15:14 2014-09-22 10:52:12 --
idc 112.175.143.9 2014-09-04 01:16:15 2014-09-17 09:02:19 --
hk 112.175.143.9 2014-09-01 18:17:36 2014-09-17 09:02:18 --
idc 112.175.143.9 2014-08-13 21:58:25 2014-09-17 01:54:33 --
hk 112.175.143.9 2014-08-14 00:20:39 2014-09-17 00:29:19 --
jre7 210.172.148.40 2014-07-30 23:00:06 2014-09-03 00:06:28 --
www 96.7.111.133 2014-08-17 01:56:52 2014-08-31 18:19:05 --
uc 119.205.217.104 2014-08-17 01:51:12 2014-08-31 18:18:36 --
ud 119.205.217.104 2014-08-21 01:32:49 2014-08-31 18:18:36 --
ns 10.0.1.9 2014-08-15 01:44:25 2014-08-31 18:17:44 --
jre 210.253.99.103 2014-08-17 01:33:17 2014-08-31 18:17:00 --
idc 112.175.143.9 2014-08-15 01:33:19 2014-08-31 18:16:47 --
up 210.253.99.103 2014-08-15 01:55:56 2014-08-31 12:18:41 --
kr 202.181.133.215 2014-08-15 01:36:20 2014-08-31 12:17:01 --
jre7 210.172.148.40 2014-08-16 01:34:14 2014-08-31 12:16:58 --
jre76 211.125.81.203 2014-08-12 01:37:40 2014-08-31 12:16:58 --
hk 112.175.143.9 2014-08-02 01:34:22 2014-08-31 12:16:41 --
ga 121.78.246.174 2014-08-15 01:30:08 2014-08-31 12:16:27 --
81 223.29.248.9 2014-08-19 01:16:39 2014-08-31 01:15:16 --
idc 112.175.143.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
hk 112.175.143.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
www 96.7.111.133 2014-08-27 00:00:00 2014-08-27 00:00:00 --
kr 202.181.133.215 2014-08-27 00:00:00 2014-08-27 00:00:00 --
up 210.253.99.103 2014-08-27 00:00:00 2014-08-27 00:00:00 --
ga 121.78.246.174 2014-08-27 00:00:00 2014-08-27 00:00:00 --
ns 10.0.1.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
jre76 211.125.81.203 2014-08-15 00:00:00 2014-08-15 00:00:00 --
jre7 210.172.148.40 2014-08-13 00:00:00 2014-08-13 00:00:00 --
hk 112.175.143.9 2014-07-08 01:35:01 2014-08-01 01:34:18 --
jre76 211.125.81.203 2014-07-30 01:43:30 2014-07-30 19:42:22 --
jre 210.253.99.103 2014-07-24 00:00:00 2014-07-24 00:00:00 --
www 96.7.111.133 2014-06-05 16:37:34 2014-06-05 16:37:34 --
Raw
java-sec.com.csv
Subdomain Resolve First Last Source
pop 124.248.237.26 2014-10-01 13:32:16 2014-10-03 14:35:15 --
server 112.175.143.2 2014-10-01 10:41:55 2014-10-03 11:46:24 --
blog 112.175.143.2 2014-10-01 10:41:54 2014-10-03 11:46:21 --
360 112.175.143.2 2014-10-01 10:41:54 2014-10-03 11:46:20 --
lab 203.189.99.106 2014-09-09 15:24:42 2014-10-03 09:24:32 --
tup 203.174.48.67 2014-08-28 00:16:56 2014-10-03 09:23:14 --
zr1 210.17.188.201 2014-09-09 15:21:44 2014-10-03 09:22:58 --
pop1 124.248.237.26 2014-09-22 06:25:32 2014-10-03 09:22:24 --
ns3 165.160.13.20 2014-09-09 15:04:30 2014-10-03 09:03:22 --
blog 112.175.143.2 2014-09-26 03:00:26 2014-10-03 09:00:23 --
rss 211.171.247.251 2014-10-01 07:51:02 2014-10-03 08:57:26 --
zr 210.17.188.201 2014-08-28 00:58:02 2014-10-03 07:32:54 --
rss 211.171.247.251 2014-09-10 00:33:47 2014-10-03 06:51:24 --
pop 124.248.237.26 2014-09-22 06:53:10 2014-10-03 06:51:08 --
360 112.175.143.2 2014-09-26 03:47:36 2014-10-03 06:50:52 --
ns2 165.160.13.20 2014-09-09 15:46:25 2014-10-03 06:46:22 --
ns1 165.160.13.20 2014-09-09 15:40:48 2014-10-03 06:42:20 --
server 112.175.143.2 2014-09-26 03:36:30 2014-10-03 06:41:05 --
pop1 124.248.237.26 2014-10-01 17:22:50 2014-10-02 17:54:00 --
pop1 124.248.237.26 2014-09-22 12:46:30 2014-09-30 16:39:23 --
pop 124.248.237.26 2014-09-22 12:16:29 2014-09-30 13:20:34 --
blog 112.175.143.2 2014-09-26 08:35:42 2014-09-30 10:25:47 --
360 112.175.143.2 2014-09-26 08:35:41 2014-09-30 10:25:47 --
server 112.175.143.2 2014-09-26 08:35:42 2014-09-30 10:25:47 --
rss 211.171.247.251 2014-09-01 12:17:56 2014-09-30 07:35:25 --
server 211.233.89.182 2014-09-17 08:03:49 2014-09-26 07:39:16 --
360 211.233.89.182 2014-09-17 08:03:48 2014-09-26 07:39:15 --
blog 211.233.89.182 2014-09-17 08:03:48 2014-09-26 07:39:15 --
server 211.233.89.182 2014-09-17 03:45:34 2014-09-26 00:46:35 --
blog 211.233.89.182 2014-09-17 03:00:23 2014-09-26 00:00:45 --
360 211.233.89.182 2014-09-17 03:56:18 2014-09-25 18:44:50 --
pop1 223.29.248.9 2014-09-01 18:19:23 2014-09-22 11:49:21 --
pop 223.29.248.9 2014-09-01 12:17:56 2014-09-22 11:49:21 --
pop 223.29.248.9 2014-08-13 21:30:42 2014-09-22 03:50:39 --
pop1 223.29.248.9 2014-08-28 00:16:32 2014-09-22 03:24:23 --
zr1 210.17.188.201 2014-09-04 01:18:21 2014-09-21 18:17:57 --
tup 203.174.48.67 2014-09-01 18:20:25 2014-09-21 18:17:04 --
ns2 165.160.13.20 2014-09-09 01:17:24 2014-09-21 18:16:31 --
ns3 165.160.13.20 2014-09-09 01:17:23 2014-09-21 18:16:31 --
ns1 165.160.13.20 2014-09-09 01:17:23 2014-09-21 18:16:30 --
lab 203.189.99.106 2014-09-09 01:16:51 2014-09-21 18:16:05 --
zr 210.17.188.201 2014-09-02 01:19:07 2014-09-20 18:19:52 --
360 112.175.143.9 2014-09-01 12:15:15 2014-09-17 07:06:06 --
blog 112.175.143.9 2014-09-01 18:15:47 2014-09-17 07:06:06 --
server 112.175.143.9 2014-09-01 12:18:00 2014-09-17 07:06:06 --
360 112.175.143.9 2014-09-09 15:49:42 2014-09-17 00:50:29 --
server 112.175.143.9 2014-08-25 00:26:31 2014-09-17 00:38:57 --
blog 112.175.143.9 2014-09-09 15:57:11 2014-09-17 00:00:20 --
rss 211.171.247.240 2014-09-09 12:21:30 2014-09-10 01:18:12 --
rss 211.171.247.240 2014-09-09 06:46:29 2014-09-09 21:42:49 --
rss 211.171.247.251 2014-09-01 00:33:18 2014-09-09 03:44:24 --
zr 210.17.188.201 2014-08-28 01:19:40 2014-09-01 01:18:51 --
tup 203.174.48.67 2014-08-28 01:18:45 2014-09-01 01:18:08 --
rss 210.180.33.33 2014-08-27 12:18:30 2014-09-01 01:17:41 --
rss 210.180.33.33 2014-08-28 00:31:46 2014-08-31 21:35:04 --
pop1 223.29.248.9 2014-08-28 01:18:01 2014-08-31 18:17:52 --
blog 112.175.143.9 2014-08-28 01:15:38 2014-08-31 18:15:36 --
pop 223.29.248.9 2014-08-15 01:46:39 2014-08-31 12:17:53 --
360 112.175.143.9 2014-08-28 01:15:14 2014-08-31 12:15:15 --
server 112.175.143.9 2014-08-25 12:20:20 2014-08-31 01:18:13 --
ns2 153.121.70.17 2014-07-31 23:11:42 2014-08-27 03:57:23 --
ns1 153.121.70.17 2014-07-31 23:11:42 2014-08-27 03:57:23 --
ns3 153.121.70.17 2014-07-31 23:11:42 2014-08-27 03:57:23 --
lab 153.121.70.17 2014-08-18 22:04:17 2014-08-27 03:57:23 --
rss 203.174.48.67 2014-08-15 12:48:59 2014-08-27 01:18:24 --
rss 210.180.33.33 2014-08-27 00:00:00 2014-08-27 00:00:00 --
pop 223.29.248.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
360 112.175.143.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
tup 203.174.48.67 2014-08-27 00:00:00 2014-08-27 00:00:00 --
blog 112.175.143.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
pop1 223.29.248.9 2014-08-27 00:00:00 2014-08-27 00:00:00 --
rss 203.174.48.67 2014-08-26 09:34:31 2014-08-26 15:33:19 --
rss 203.174.48.96 2014-08-26 12:20:35 2014-08-26 12:20:35 --
rss 203.174.48.96 2014-08-26 06:32:09 2014-08-26 06:32:09 --
rss 203.174.34.40 2014-08-26 03:36:48 2014-08-26 03:36:48 --
rss 203.174.48.67 2014-08-15 06:30:38 2014-08-26 00:31:52 --
server 222.122.208.10 2014-08-15 01:49:51 2014-08-25 01:18:52 --
zr 210.17.188.201 2014-08-25 00:00:00 2014-08-25 00:00:00 --
zr1 210.17.188.201 2014-08-25 00:00:00 2014-08-25 00:00:00 --
server 222.122.208.10 2014-08-13 21:23:31 2014-08-24 21:23:44 --
trustwave 153.121.70.17 2014-08-22 00:00:00 2014-08-22 00:00:00 --
lab 153.121.70.17 2014-08-21 00:00:00 2014-08-21 00:00:00 --
rss 203.174.34.36 2014-08-15 03:33:59 2014-08-15 03:33:59 --
rss 223.29.248.20 2014-08-15 01:48:42 2014-08-15 01:48:42 --
rss 223.29.248.20 2014-08-14 00:32:19 2014-08-15 00:33:40 --
rss 124.248.202.174 2014-08-13 21:31:05 2014-08-13 21:31:05 --
Raw
occupyInfra.md

Infrastructure from java-se[.]com and java-sec[.]com from PassiveTotal

Java-se[.]com has been observed in a compromise of the DPHK website. Some of the IP addresses outlined below appear to be smaller shared hosting and could contain valid websites. Blocking domains is an easy first step to help clean-up any infections.

java-se[.]com

Unique IP resolutions for subdomain and primary infrastructure

  • 112.175.143.2
  • 112.175.143.9
  • 119.205.217.104
  • 121.78.246.174
  • 124.248.237.26
  • 202.181.133.215
  • 210.172.148.40
  • 210.253.96.200
  • 210.253.99.103
  • 211.125.81.203
  • 211.233.89.182
  • 223.29.248.9
  • 96.7.111.133

Subdomains observed

  • jre.java-se[.]com
  • 81.java-se[.]com
  • ga.java-se[.]com
  • hk.java-se[.]com
  • up.java-se[.]com
  • jre76.java-se[.]com
  • jre7.java-se[.]com
  • kr.java-se[.]com
  • www.java-se[.]com
  • ud.java-se[.]com
  • jdk-7u12-windows-i586.java-se[.]com
  • ns.java-se[.]com
  • idc.java-se[.]com
  • uc.java-se[.]com

java-sec[.]com

Unique IP resolutions for subdomain and primary infrastructure

  • 112.175.143.2
  • 112.175.143.9
  • 124.248.202.174
  • 124.248.237.26
  • 153.121.70.17
  • 203.174.34.36
  • 203.174.34.40
  • 203.174.48.67
  • 203.174.48.96
  • 203.189.99.106
  • 210.17.188.201
  • 210.180.33.33
  • 211.171.247.240
  • 211.171.247.251
  • 211.233.89.182
  • 222.122.208.10
  • 223.29.248.20
  • 223.29.248.9

Subdomains observed

  • zr.java-sec[.]com
  • trustwave.java-sec[.]com
  • zr1.java-sec[.]com
  • tup.java-sec[.]com
  • lab.java-sec[.]com
  • server.java-sec[.]com
  • blog.java-sec[.]com
  • pop1.java-sec[.]com
  • pop.java-sec[.]com
  • ns1.java-sec[.]com
  • ns2.java-sec[.]com
  • ns3.java-sec[.]com
  • 360.java-sec[.]com
  • rss.java-sec[.]com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment