UPDATE 2014-03-29: fixed broken links to the gzip’d CSV and MySQL files.
In EXCLUSIVE: Leaked “RSA dump” appears authentic at Risky.biz I read that on August 15th 2011 the “RSA Employee #15666” dump was posted here. I have no opinion on its authenticity. Please read the post at Risky.biz for analysis; I merely provide additional data and stats here.
The original dump contains 870 entries consisting of:
1. hostname
2. IP address
I enriched the data by adding:
3. my own lookup of the A-record for (1)
4. my own lookup of the PTR-record for (2)
5. GeoIP data for (1) = country, state, city, zip, GPS, organization
6. IP2ASN mapping for (1) = ASN, network description via whois.cymru.com
All lookups were run from an IP address in AS1103 (SURFNET-NL) on August 18th 2011 at 20:00-21:30 UTC+2. I mention the latter because the DNS/AS situation may have been deliberately changed since the dump was publicly posted (August 15th) or announced (August 18th).
Here is the enriched dump (SSL cert sig should be 01:00:00:00:00:01:1C:9E:A3:54:3F):
20110818_RSA15666_enriched.csv.gz (CSV)
20110818_RSA15666_enriched.sql.gz (MySQL dump)
Some quick stats: HERE (mirror).
DO NOT TRUST MY DATA. VERIFY IT. If the data or stats are wrong, please inform me (Twitter: @mrkoot or e-mail: koot=>uva.nl). I will change this blogpost to reflect advancing insight.
Hiya , I know this is quite old but do you still have the csv and sql file?
The links appear to be down currently
Yes, I still have those! I now uploaded them to different location and fixed the links in the post above.