ATLAS Country Report: Global Russian Federation

Country Report

Global Russian Federation

View:
Activity
Sources
Malicious Servers

Output:
Print
XML
CSV

Activity (past 24 hours)

Key	Service	Bytes per subnet	Percentage
	ICMP/8	8.33 kB	24.9%
	TCP/135	6.26 kB	18.7%
	TCP/23 (telnet)	4.15 kB	12.4%
	TCP/8080 (webcache)	3.43 kB	10.2%
	TCP/139 (netbios-ssn)	2.13 kB	6.3%
	TCP/1080 (socks)	2.08 kB	6.2%
	TCP/1433 (ms-sql-s)	1.86 kB	5.5%
	TCP/3306 (mysql)	1.58 kB	4.7%
	TCP/25 (smtp)	1.34 kB	4.0%
	TCP/445 (microsoft-ds)	879.96 B	2.6%
	Other	1.48 kB	4.4%

Key	Description	Attacks per subnet	Change from yesterday	CVE	Percentage
	MYSQL brute-force login attempts	1.49	+100.0 %		55.3%
	SSH brute-force login attempts	0.27	+240.1 %		9.9%
	Microsoft Windows IIS Server Translate Header attempt	0.16	-36.6 %	CVE-2000-0778	5.9%
	Microsoft SQL Server version buffer overflow attempt	0.12	-40.7 %	CVE-2002-0649	4.3%
	ASN.1 constructed bit string	0.11	+29.6 %	CVE-2005-1935	4.0%

Inbound Attacks	601
Outbound Attacks	154
Maximum packet rate	587.70 k pps
Maximum traffic rate	6.08 Gbps
Attack class	Misuse: 168 Fingerprint: 587
Attack subclass	: 1, 99: 1, Total Traffic: 1, DNS: 2, TCP SYN: 1,

Sources (past 24 hours)

By ASN

Key	ASN	Bytes per subnet	Percentage
	AS42827 (COMPLEXTELESYS-AS)	4.46 kB	13.3%
	AS8402 (CORBINA-AS)	2.74 kB	8.2%
	AS21479 (ROSTOV-TELEGRAF-AS)	2.71 kB	8.1%
	AS8342 (RTCOMM-AS)	2.29 kB	6.8%
	AS38951 (TKT-AS)	1.73 kB	5.2%
	AS35810 (BIGTELECOM-AS)	1.65 kB	4.9%
	AS42974 (RDN-AS)	1.58 kB	4.7%
	AS44749 (SKYLINK-VORONEZH)	1.37 kB	4.1%
	AS15582 (COMCORTV-AS)	1.30 kB	3.9%
	AS25549 (AVANTEL-AS)	1.12 kB	3.3%
	Other	12.55 kB	37.5%

By Host

Key	Host	Bytes per subnet	Percentage
	91.201.51.65	3.34 kB	10.0%
	77.241.38.21	1.72 kB	5.1%
	213.234.240.94	1.70 kB	5.1%
	87.255.7.168	1.65 kB	4.9%
	193.124.41.10	1.58 kB	4.7%
	91.149.109.82	1.37 kB	4.1%
	77.232.1.125	1.19 kB	3.6%
	195.161.0.203	1.13 kB	3.4%
	195.161.16.134	1.12 kB	3.4%
	195.60.247.84	1.12 kB	3.3%
	Other	17.59 kB	52.5%

By ASN

Key	ASN	Attacks per subnet	Percentage
	AS42974 (RDN-AS)	1.49	55.3%
	AS41947 (WEBALTA-AS)	0.20	7.3%
	AS8359 (COMSTAR)	0.14	5.3%
	AS25436 (KIROV-CAIT-AS)	0.12	4.6%
	AS31444 (SEANET-AS)	0.10	3.7%
	AS8398 (Tver)	0.09	3.4%
	AS3216 (Unknown)	0.09	3.4%
	AS21479 (ROSTOV-TELEGRAF-AS)	0.07	2.6%
	AS31294 (LANTECH-AS)	0.06	2.2%
	AS6828 (USI)	0.05	1.8%
	Other	0.28	10.3%

By Host

Key	Host	Attacks per subnet	Percentage
	193.124.41.10 (du-41-10.rdn.kostroma.ru)	1.49	55.3%
	195.7.162.243	0.10	3.7%
	83.68.36.93	0.10	3.7%
	82.179.130.135	0.09	3.4%
	195.16.51.155	0.09	3.4%
	89.254.208.199	0.08	2.9%
	83.220.163.53	0.06	2.2%
	217.9.144.93	0.05	1.7%
	90.150.230.78	0.03	1.1%
	81.195.18.254 (ppp18-254.pppoe.mtu-net.ru)	0.03	1.0%
	Other	0.58	21.5%

Malicious Servers (past 24 hours)

By ASN

ASN	Number of servers	Percentage
AS8001 (NET-ACCESS-CORP)	3	27.3%
AS8402 (CORBINA-AS)	1	9.1%
AS8359 (COMSTAR)	1	9.1%
AS5468 (EUNnet)	1	9.1%
AS44560 (Unknown)	1	9.1%
AS41947 (WEBALTA-AS)	1	9.1%
AS39561 (Unknown)	1	9.1%
AS35295 (Unknown)	1	9.1%
AS3216 (Unknown)	1	9.1%
Other	0	0.0%

By Targeted Brand

Brand Name	Phished URLs	Percentage
eBay	80	6.2%
PayPal	47	3.6%
Other	1163	90.2%

By ASN

ASN	Phishing URLs hosted	Percentage
AS42754 (Unknown)	426	33.0%
AS39442 (Unknown)	314	24.3%
AS6731 (Unknown)	127	9.8%
AS25532 (MASTERHOST-AS)	119	9.2%
AS2854 (Unknown)	44	3.4%
AS39561 (Unknown)	25	1.9%
AS29182 (Unknown)	25	1.9%
AS43146 (Unknown)	23	1.8%
AS30968 (Unknown)	23	1.8%
AS8371 (Unknown)	22	1.7%
Other	142	11.0%

By Host

Host	Phishing URLs hosted	Percentage
62.182.74.37	426	33.0%
213.234.21.111	314	24.3%
217.16.29.51	113	8.8%
82.204.219.135	87	6.7%
193.33.233.21 (igpu.wavelink.ilimnet.ru)	45	3.5%
194.84.54.168	44	3.4%
89.108.67.111 (cp109.agava.net)	25	1.9%
82.146.60.174	25	1.9%
89.108.125.71	23	1.8%
77.221.143.162	23	1.8%
Other	165	12.8%

Background

Internet Statistics		Date
Internet Hosts (est.)	2844000	2007
Internet Users (est.)	25689000	2006

Current Threat Rank
1	US (United States)
2	CN (China)
3	NL (Netherlands)
4	IL (Israel)
5	RO (Romania)

Recent Activity

Threat Rank (30 days)

rank history graph

Number of Scanning Sources (30 days)

scanner history graph

Number of Attacking Sources (30 days)

attacker history graph