[nsp-sec] Found a C&C at 194.30.33.230, ports 7333, 8080, 8081, and 8085. Bot list

[Par Osterberg Medina]

Hola Marcos!

Proxy ACK for
AS31228 (SKYCOM-AS SkyCom Sweden)
AS8434 (TELENOR-SE Telenor Sweden)

Will send them a sanitized message.

Regards
Pär Österberg Medina - Sitic, Swedish IT-Incident Centre

Borja Marcos wrote:
> ----------- nsp-security Confidential --------
> 
> Thanks to Ficora for the report :)
> 
> One of our customers has a C&C installed. It seems the miscreants have  
> used a sloppy
> PHP script to get inside. The C&C is running as unprivileged (www)  
> user, and there are
> no signs of root escalation.
> 
> The C&C is an Unreal IRC server, listening on 194.30.33.230 to ports  
> 7333, 8085, 8081 and 8080.
> 
> It links to another server at:
> 4713    | 121.119.172.49   | OCN NTT Communications Corporation
> 
> The DNS RR's are:
> 
> ;; ANSWER SECTION:
> vns.weedns.com.		300	IN	A	60.244.101.40
> vns.weedns.com.		300	IN	A	62.193.234.109
> vns.weedns.com.		300	IN	A	84.245.99.6
> vns.weedns.com.		300	IN	A	87.233.135.30
> vns.weedns.com.		300	IN	A	87.236.196.115
> vns.weedns.com.		300	IN	A	88.191.26.64
> vns.weedns.com.		300	IN	A	194.30.33.230
> vns.weedns.com.		300	IN	A	194.50.101.163
> vns.weedns.com.		300	IN	A	200.123.165.130
> vns.weedns.com.		300	IN	A	211.233.38.175
> vns.weedns.com.		300	IN	A	213.201.226.5
> 
> and
> 
> ;; ANSWER SECTION:
> ion.weedns.com.		300	IN	A	60.244.101.40
> ion.weedns.com.		300	IN	A	62.193.234.109
> ion.weedns.com.		300	IN	A	84.245.99.6
> ion.weedns.com.		300	IN	A	87.233.135.30
> ion.weedns.com.		300	IN	A	87.236.196.115
> ion.weedns.com.		300	IN	A	88.191.26.64
> ion.weedns.com.		300	IN	A	194.30.33.230
> ion.weedns.com.		300	IN	A	194.50.101.163
> ion.weedns.com.		300	IN	A	200.123.165.130
> ion.weedns.com.		300	IN	A	211.233.38.175
> ion.weedns.com.		300	IN	A	213.130.12.240
> ion.weedns.com.		300	IN	A	213.201.226.5
> 
> The server list for these DNS RRs are
> 
> 3262    | 194.30.33.230    | SARENET SAREnet, Spain
> 3786    | 211.233.38.175   | LGDACOM LG DACOM Corporation
> 4589    | 213.201.226.5    | EASYNET Easynet Group Plc
> 7482    | 60.244.101.40    | APOL-AS Asia Pacific On-line Service Inc.
> 12322   | 88.191.26.64     | PROXAD AS for Proxad/Free ISP
> 12883   | 213.130.12.240   | FARLEP-AS Farlep-Internet ISP
> 15703   | 87.233.135.30    | TRUESERVER-AS TrueServer BV AS number
> 16317   | 84.245.99.6      | SK-4CALL 4CONSULT Ltd.
> 16814   | 200.123.165.130  | NSS S.A.
> 28963   | 62.193.234.109   | IPNG-UK-AS Amenworld Germany
> 35592   | 87.236.196.115   | COOLHOUSING-AS COOLHOUSING Autonomous  
> System
> 44057   | 194.50.101.163   | BTELEKOM-HU-AS 1B Telekom Ltd
> 
> 
> The installed goodies are at the /tmp and /var/tmp directories. The / 
> tmp seems
> to have the interesting bits, with the source code of the daemon,  
> config file, etc.
> 
> And the bot list, observed during a 3 hour capture with tcpdump, is:
> (Sorry, the machine is not ours, that's the best I could do). The
> times are UTC+1.
> 
> Bulk mode; whois.cymru.com [2008-01-30 16:25:59 +0000]
> 209     | 67.2.197.201     | 15:24:52        | ASN-QWEST - Qwest
> 577     | 206.172.188.135  | 14:33:56        | BACOM - Bell Canada
> 577     | 206.172.238.162  | 15:06:17        | BACOM - Bell Canada
> 577     | 206.172.96.41    | 13:49:05        | BACOM - Bell Canada
> 577     | 209.226.151.144  | 13:11:40        | BACOM - Bell Canada
> 577     | 216.208.211.29   | 14:11:10        | BACOM - Bell Canada
> 577     | 216.209.108.100  | 14:32:32        | BACOM - Bell Canada
> 577     | 216.209.98.34    | 15:21:08        | BACOM - Bell Canada
> 577     | 65.92.10.67      | 13:10:27        | BACOM - Bell Canada
> 577     | 65.93.16.184     | 15:58:39        | BACOM - Bell Canada
> 577     | 65.93.182.144    | 13:10:27        | BACOM - Bell Canada
> 577     | 65.93.34.188     | 13:12:16        | BACOM - Bell Canada
> 577     | 65.94.0.197      | 13:23:50        | BACOM - Bell Canada
> 577     | 65.94.151.230    | 13:10:27        | BACOM - Bell Canada
> 577     | 67.68.152.145    | 13:47:05        | BACOM - Bell Canada
> 577     | 67.68.21.124     | 14:39:24        | BACOM - Bell Canada
> 577     | 67.70.122.143    | 15:30:49        | BACOM - Bell Canada
> 577     | 67.70.162.87     | 13:10:55        | BACOM - Bell Canada
> 577     | 69.156.48.237    | 13:46:22        | BACOM - Bell Canada
> 577     | 69.156.99.139    | 13:22:04        | BACOM - Bell Canada
> 577     | 70.48.52.178     | 15:30:05        | BACOM - Bell Canada
> 577     | 70.50.41.128     | 13:10:27        | BACOM - Bell Canada
> 577     | 70.52.66.179     | 15:52:56        | BACOM - Bell Canada
> 577     | 70.53.253.25     | 13:18:16        | BACOM - Bell Canada
> 577     | 70.54.0.134      | 16:03:16        | BACOM - Bell Canada
> 577     | 70.55.131.38     | 13:10:45        | BACOM - Bell Canada
> 577     | 70.55.55.58      | 13:12:00        | BACOM - Bell Canada
> 577     | 74.14.117.62     | 13:10:27        | BACOM - Bell Canada
> 577     | 74.14.172.77     | 15:59:42        | BACOM - Bell Canada
> 577     | 76.66.3.219      | 13:12:00        | BACOM - Bell Canada
> 577     | 76.67.194.38     | 15:03:56        | BACOM - Bell Canada
> 577     | 76.69.248.6      | 13:22:21        | BACOM - Bell Canada
> 786     | 129.215.145.150  | 13:10:45        | JANET The JANET IP  
> Service
> 808     | 142.107.161.176  | 15:43:19        | GONET-ASN-1 - GONET
> 808     | 142.108.188.186  | 14:32:46        | GONET-ASN-1 - GONET
> 808     | 142.145.13.189   | 14:28:47        | GONET-ASN-1 - GONET
> 808     | 142.145.167.69   | 15:26:08        | GONET-ASN-1 - GONET
> 808     | 142.145.180.35   | 14:06:59        | GONET-ASN-1 - GONET
> 808     | 142.145.222.44   | 13:25:15        | GONET-ASN-1 - GONET
> 855     | 142.163.12.193   | 13:11:48        | CANET-ASN-4 - Bell Aliant
> 855     | 142.163.20.147   | 13:48:00        | CANET-ASN-4 - Bell Aliant
> 855     | 142.163.23.14    | 14:15:19        | CANET-ASN-4 - Bell Aliant
> 855     | 142.163.23.24    | 15:27:09        | CANET-ASN-4 - Bell Aliant
> 2514    | 219.102.177.32   | 15:19:52        | INFOSPHERE NTT PC  
> Communications, Inc.
> 2518    | 60.238.142.133   | 14:19:39        | MESH C&C Internet  
> Service mesh(NEC Corporation)
> 2706    | 210.17.191.12    | 13:11:17        | HKSUPER-HK-AP Pacific  
> Internet (Hong Kong) Limited
> 2711    | 207.144.93.199   | 13:12:16        | SUNBELT-AS - Rock Hill  
> Telephone Company
> 3269    | 79.27.205.139    | 15:00:32        | ASN-IBSNAZ TELECOM ITALIA
> 3269    | 79.4.14.193      | 13:56:55        | ASN-IBSNAZ TELECOM ITALIA
> 3269    | 79.9.28.244      | 15:26:30        | ASN-IBSNAZ TELECOM ITALIA
> 3269    | 82.50.89.216     | 15:05:48        | ASN-IBSNAZ TELECOM ITALIA
> 3269    | 82.54.206.11     | 14:04:09        | ASN-IBSNAZ TELECOM ITALIA
> 3269    | 87.5.168.18      | 14:08:25        | ASN-IBSNAZ TELECOM ITALIA
> 3269    | 87.8.218.71      | 15:50:43        | ASN-IBSNAZ TELECOM ITALIA
> 3292    | 62.243.177.7     | 15:41:49        | TDC TDC Data Networks
> 3292    | 62.243.184.213   | 13:12:01        | TDC TDC Data Networks
> 3292    | 80.161.15.138    | 14:51:42        | TDC TDC Data Networks
> 3292    | 80.166.217.42    | 13:10:27        | TDC TDC Data Networks
> 3292    | 80.167.218.136   | 16:00:00        | TDC TDC Data Networks
> 3292    | 83.88.246.250    | 13:38:06        | TDC TDC Data Networks
> 3292    | 83.93.66.199     | 15:43:47        | TDC TDC Data Networks
> 3292    | 83.94.168.202    | 15:23:09        | TDC TDC Data Networks
> 3292    | 87.49.128.147    | 13:42:53        | TDC TDC Data Networks
> 3292    | 87.49.153.105    | 14:49:14        | TDC TDC Data Networks
> 3292    | 87.49.244.228    | 15:25:54        | TDC TDC Data Networks
> 3292    | 87.51.116.23     | 13:12:16        | TDC TDC Data Networks
> 3292    | 87.54.146.31     | 13:25:14        | TDC TDC Data Networks
> 3292    | 87.56.138.22     | 13:10:45        | TDC TDC Data Networks
> 3292    | 87.57.20.38      | 15:22:03        | TDC TDC Data Networks
> 3292    | 87.58.13.31      | 14:20:28        | TDC TDC Data Networks
> 3292    | 87.58.138.149    | 14:01:50        | TDC TDC Data Networks
> 3292    | 87.58.157.176    | 13:22:30        | TDC TDC Data Networks
> 3292    | 87.59.17.164     | 14:50:26        | TDC TDC Data Networks
> 3340    | 195.56.77.24     | 13:10:27        | DataNet  
> Telecommunication Ltd.
> 3356    | 8.6.118.3        | 13:11:10        | LEVEL3 Level 3  
> Communications
> 3462    | 122.123.67.101   | 14:39:57        | HINET Data  
> Communication Business Group
> 3462    | 218.172.32.47    | 13:11:32        | HINET Data  
> Communication Business Group
> 3462    | 218.174.155.220  | 14:13:30        | HINET Data  
> Communication Business Group
> 3605    | 202.128.4.175    | 13:32:47        | ERX-KUENTOS-AS Kuentos  
> Communications, Inc.
> 3786    | 211.42.162.120   | 13:31:49        | LGDACOM LG DACOM  
> Corporation
> 4589    | 213.201.226.5    | 13:12:16        | EASYNET Easynet Group Plc
> 4713    | 121.119.172.49   | 13:10:20        | OCN NTT Communications  
> Corporation
> 4750    | 58.137.44.204    | 13:44:45        | CSLOXINFO-ISP-AS-AP  
> CSLOXINFO Public Company Limited.
> 4755    | 121.245.138.146  | 14:11:03        | VSNL-AS Videsh Sanchar  
> Nigam Ltd. Autonomous System
> 4766    | 118.37.171.107   | 13:30:49        | KIXS-AS-KR Korea Telecom
> 4766    | 118.44.36.106    | 15:00:59        | KIXS-AS-KR Korea Telecom
> 4766    | 121.133.174.187  | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 121.135.63.172   | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 121.136.10.189   | 13:10:45        | KIXS-AS-KR Korea Telecom
> 4766    | 121.136.15.125   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 121.142.82.220   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 121.150.97.67    | 13:54:22        | KIXS-AS-KR Korea Telecom
> 4766    | 121.151.70.115   | 13:14:21        | KIXS-AS-KR Korea Telecom
> 4766    | 121.152.110.230  | 14:47:27        | KIXS-AS-KR Korea Telecom
> 4766    | 121.158.142.71   | 16:01:06        | KIXS-AS-KR Korea Telecom
> 4766    | 121.161.151.63   | 13:55:21        | KIXS-AS-KR Korea Telecom
> 4766    | 121.163.94.65    | 13:47:30        | KIXS-AS-KR Korea Telecom
> 4766    | 121.165.134.16   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 121.165.18.178   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 121.165.52.162   | 13:24:51        | KIXS-AS-KR Korea Telecom
> 4766    | 121.168.207.201  | 15:17:03        | KIXS-AS-KR Korea Telecom
> 4766    | 121.170.1.197    | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 121.171.120.45   | 13:11:50        | KIXS-AS-KR Korea Telecom
> 4766    | 121.171.218.175  | 13:11:10        | KIXS-AS-KR Korea Telecom
> 4766    | 121.172.78.219   | 15:19:38        | KIXS-AS-KR Korea Telecom
> 4766    | 121.173.142.27   | 15:32:38        | KIXS-AS-KR Korea Telecom
> 4766    | 121.174.60.206   | 13:11:10        | KIXS-AS-KR Korea Telecom
> 4766    | 121.180.43.210   | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 121.186.194.17   | 13:43:52        | KIXS-AS-KR Korea Telecom
> 4766    | 125.130.112.182  | 15:52:48        | KIXS-AS-KR Korea Telecom
> 4766    | 125.134.98.146   | 15:12:22        | KIXS-AS-KR Korea Telecom
> 4766    | 125.136.136.186  | 13:53:05        | KIXS-AS-KR Korea Telecom
> 4766    | 125.142.29.116   | 15:23:05        | KIXS-AS-KR Korea Telecom
> 4766    | 125.143.153.82   | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 125.143.68.118   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 210.183.198.38   | 13:12:01        | KIXS-AS-KR Korea Telecom
> 4766    | 211.196.149.67   | 14:35:27        | KIXS-AS-KR Korea Telecom
> 4766    | 211.199.161.67   | 15:14:25        | KIXS-AS-KR Korea Telecom
> 4766    | 211.218.70.242   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 211.218.95.216   | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 211.220.118.206  | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 211.222.171.22   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 211.225.68.223   | 13:10:45        | KIXS-AS-KR Korea Telecom
> 4766    | 211.228.134.61   | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 211.228.138.114  | 13:11:41        | KIXS-AS-KR Korea Telecom
> 4766    | 211.230.134.231  | 15:14:39        | KIXS-AS-KR Korea Telecom
> 4766    | 218.144.15.40    | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 218.146.30.92    | 13:26:55        | KIXS-AS-KR Korea Telecom
> 4766    | 218.147.2.110    | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 218.147.76.201   | 13:51:05        | KIXS-AS-KR Korea Telecom
> 4766    | 218.152.155.149  | 13:29:20        | KIXS-AS-KR Korea Telecom
> 4766    | 220.116.95.52    | 13:30:44        | KIXS-AS-KR Korea Telecom
> 4766    | 220.78.142.161   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 220.78.87.187    | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 220.83.131.124   | 13:48:14        | KIXS-AS-KR Korea Telecom
> 4766    | 220.84.10.192    | 13:11:41        | KIXS-AS-KR Korea Telecom
> 4766    | 220.88.223.108   | 15:14:04        | KIXS-AS-KR Korea Telecom
> 4766    | 221.167.160.71   | 15:00:15        | KIXS-AS-KR Korea Telecom
> 4766    | 222.108.199.170  | 15:59:52        | KIXS-AS-KR Korea Telecom
> 4766    | 222.109.219.45   | 14:56:35        | KIXS-AS-KR Korea Telecom
> 4766    | 222.117.188.198  | 14:17:11        | KIXS-AS-KR Korea Telecom
> 4766    | 222.117.220.162  | 15:14:31        | KIXS-AS-KR Korea Telecom
> 4766    | 222.120.115.85   | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 222.120.36.62    | 13:10:28        | KIXS-AS-KR Korea Telecom
> 4766    | 222.122.139.68   | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 222.99.61.59     | 13:11:50        | KIXS-AS-KR Korea Telecom
> 4766    | 59.15.183.62     | 13:10:29        | KIXS-AS-KR Korea Telecom
> 4766    | 59.24.221.197    | 13:10:45        | KIXS-AS-KR Korea Telecom
> 4766    | 59.28.79.164     | 16:01:38        | KIXS-AS-KR Korea Telecom
> 4766    | 59.7.185.164     | 13:12:01        | KIXS-AS-KR Korea Telecom
> 4766    | 59.7.45.230      | 15:14:29        | KIXS-AS-KR Korea Telecom
> 4766    | 61.73.195.99     | 13:12:16        | KIXS-AS-KR Korea Telecom
> 4766    | 61.77.200.222    | 13:32:19        | KIXS-AS-KR Korea Telecom
> 4837    | 121.22.5.4       | 13:10:28        | CHINA169-BACKBONE  
> CNCGROUP China169 Backbone
> 5430    | 77.133.14.116    | 15:53:12        | FREENETDE freenet  
> Cityline GmbH
> 5432    | 195.238.0.26     | 13:10:27        | BELGACOM-SKYNET-AS  
> Belgacom regional ASN
> 5495    | 195.70.210.131   | 13:10:27        | ASN-SPBGU
> 5515    | 80.223.39.107    | 15:58:01        | TS-FINLAND-DATANET-OLD  
> TS Finland DataNet
> 6197    | 67.33.162.69     | 15:53:25        | BATI-ATL - BellSouth  
> Network Solutions, Inc
> 6197    | 68.154.38.99     | 13:11:41        | BATI-ATL - BellSouth  
> Network Solutions, Inc
> 6197    | 74.188.72.18     | 13:10:27        | BATI-ATL - BellSouth  
> Network Solutions, Inc
> 6222    | 205.247.229.99   | 13:56:37        | EMBARQ-CLTN - Embarq  
> Corporation
> 6327    | 24.67.86.43      | 13:12:16        | SHAW - Shaw  
> Communications Inc.
> 6327    | 24.68.220.3      | 13:10:27        | SHAW - Shaw  
> Communications Inc.
> 6327    | 68.151.232.250   | 13:56:52        | SHAW - Shaw  
> Communications Inc.
> 6648    | 121.97.176.89    | 14:32:46        | ASN-SKYINTERNET Bayan  
> Telecommunications Inc.
> 6848    | 85.201.104.64    | 13:12:16        | TELENET-AS Telenet  
> Operaties N.V.
> 7029    | 206.82.88.118    | 14:25:40        | WINDSTREAM - Windstream  
> Communications Inc
> 7029    | 71.28.230.116    | 14:22:49        | WINDSTREAM - Windstream  
> Communications Inc
> 7462    | 65.19.215.230    | 13:17:06        | ONEWEST - SRVnet, Inc.
> 7482    | 123.110.98.35    | 14:17:56        | APOL-AS Asia Pacific On- 
> line Service Inc.
> 7738    | 189.48.25.56     | 14:47:56        | Telecomunicacoes da  
> Bahia S.A.
> 8048    | 190.36.63.85     | 15:36:33        | CANTV Servicios,  
> Venezuela
> 8228    | 78.113.19.99     | 13:42:58        | CEGETEL-AS CEGETEL  
> ENTREPRISES
> 8434    | 217.70.32.9      | 13:12:16        | TELENOR-SE Telenor Sweden
> 8447    | 80.120.131.165   | 13:10:27        | TELEKOM-AT Telekom  
> Austria AutonomousSystem
> 8447    | 88.117.82.100    | 13:55:35        | TELEKOM-AT Telekom  
> Austria AutonomousSystem
> 8447    | 91.113.83.204    | 14:22:37        | TELEKOM-AT Telekom  
> Austria AutonomousSystem
> 8560    | 82.165.182.125   | 13:12:16        | ONEANDONE-AS 1&1  
> Internet AG
> 8696    | 87.97.58.49      | 13:10:27        | INVITEL INVITEL  
> Telecommunications
> 8708    | 194.153.227.2    | 13:10:27        | RDSNET RCS & RDS S.A.
> 9121    | 85.107.39.41     | 15:39:54        | TTNET TTnet Autonomous  
> System
> 9121    | 85.108.251.55    | 13:11:51        | TTNET TTnet Autonomous  
> System
> 9121    | 88.230.46.135    | 13:12:01        | TTNET TTnet Autonomous  
> System
> 9121    | 88.235.199.210   | 13:10:27        | TTNET TTnet Autonomous  
> System
> 9121    | 88.251.50.110    | 14:46:12        | TTNET TTnet Autonomous  
> System
> 9299    | 124.104.40.227   | 13:34:23        | IPG-AS-AP Philippine  
> Long Distance Telephone Company
> 9318    | 211.207.67.141   | 15:08:31        | HANARO-AS Hanaro  
> Telecom Inc.
> 9318    | 211.52.177.140   | 14:29:32        | HANARO-AS Hanaro  
> Telecom Inc.
> 9695    | 211.62.84.55     | 13:10:28        | KITINET-AS KT Solutions  
> Coprporation
> 9829    | 59.93.102.101    | 14:10:02        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.93.247.100    | 14:34:20        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.93.5.33       | 15:41:20        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.94.130.32     | 14:06:29        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.94.44.150     | 13:50:26        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.94.78.35      | 13:11:18        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.95.173.158    | 13:59:00        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.95.179.160    | 13:26:19        | BSNL-NIB National  
> Internet Backbone
> 9829    | 59.95.25.143     | 15:42:23        | BSNL-NIB National  
> Internet Backbone
> 9829    | 61.0.161.38      | 14:01:12        | BSNL-NIB National  
> Internet Backbone
> 9924    | 219.87.86.3      | 15:26:45        | TFN-TW Taiwan Fixed  
> Network, Telco and Network Service Provider.
> 9942    | 203.194.55.132   | 13:12:02        | COMINDICO-AP SOUL  
> Converged Communications Australia
> 10091   | 59.189.207.76    | 13:12:01        | SCV-AS-AP SCV Broadband  
> Access Provider
> 10297   | 209.190.4.6      | 13:26:10        | COLUMBUSNAP - The  
> Columbus Network Access Point, Inc.
> 10796   | 65.31.73.75      | 13:10:27        | SCRR-10796 - Road  
> Runner HoldCo LLC
> 11398   | 65.40.153.6      | 13:12:16        | EMBARQ-LVGS - Embarq  
> Corporation
> 11432   | 200.170.216.20   | 13:12:01        | BRASILNET  
> TELECOMUNICACOES LTDA
> 11814   | 209.195.65.45    | 14:46:41        | CYBERSURF - Cybersurf  
> Inc.
> 12312   | 193.151.6.85     | 13:10:27        | NACAMAR-DE nacamar GmbH
> 12333   | 195.70.10.241    | 13:12:16        | DFI DFi Service SA
> 12338   | 85.85.15.102     | 13:51:49        | EUSKALTEL Euskaltel  
> Autonomous System
> 12778   | 212.72.115.166   | 13:11:50        | NETSI NETSI.NET AS
> 13184   | 85.178.160.184   | 14:49:45        | HANSENET HanseNet  
> Telekommunikation GmbH
> 13388   | 65.214.69.42     | 13:12:16        | EGYPTIAN-TELEPHONE -  
> Egyptian Telephone
> 14103   | 216.163.57.195   | 15:43:16        | ACDNET-ASN1 - ACD.net
> 14359   | 75.119.14.199    | 13:12:16        | ITS-USNET - Ideal  
> Technology Solutions US Inc.
> 14359   | 75.119.6.112     | 13:12:16        | ITS-USNET - Ideal  
> Technology Solutions US Inc.
> 14855   | 172.166.115.50   | 13:33:48        | AOL-MTC1 - America  
> Online, Inc.
> 15206   | 67.150.127.29    | 13:49:34        | MDSG-PACWEST - Pac-West  
> Telecomm, INC.
> 15557   | 80.119.149.195   | 13:10:27        | LDCOMNET NEUF CEGETEL  
> (formerly LDCOM NETWORKS)
> 16016   | 217.72.81.16     | 13:10:27        | VOLJATEL-AS VOLJATEL  
> Autonomous System
> 16276   | 213.186.40.221   | 13:12:16        | OVH OVH
> 17228   | 12.65.60.126     | 13:11:32        | ATT-CERFNET-BLOCK -  
> AT&T Enhanced Network Services
> 17511   | 121.80.146.18    | 13:12:05        | K-OPTICOM K-Opticom  
> Corporation
> 17809   | 203.217.106.37   | 15:17:50        | MONAD-TW-AP Monad  
> Digitnamic Corp.
> 17839   | 122.128.153.102  | 13:34:59        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17839   | 122.128.189.231  | 15:00:12        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17839   | 122.128.190.4    | 13:26:34        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17839   | 122.128.191.233  | 13:57:23        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17839   | 210.106.30.46    | 13:29:21        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17839   | 210.106.46.42    | 13:55:38        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17839   | 59.86.222.7      | 13:10:28        | DREAMPLUS-AS-KR  
> DreamcityMedia
> 17858   | 116.43.214.118   | 15:20:20        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 116.45.97.52     | 13:11:41        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 122.35.209.41    | 14:32:13        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 122.42.171.9     | 15:01:05        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 122.42.27.165    | 13:12:01        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 122.47.154.151   | 13:42:55        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 124.50.92.29     | 15:58:33        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 124.50.99.155    | 14:33:08        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 124.59.1.64      | 15:01:58        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 124.59.100.18    | 13:12:16        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 124.61.22.105    | 13:37:47        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 125.185.0.148    | 13:12:01        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 125.190.209.16   | 14:27:55        | KRNIC-ASBLOCK-AP KRNIC
> 17858   | 58.78.143.171    | 14:53:54        | KRNIC-ASBLOCK-AP KRNIC
> 17870   | 163.180.19.58    | 13:10:27        | KHU-AS-KR Kyung Hee  
> University
> 17870   | 163.180.43.152   | 13:10:35        | KHU-AS-KR Kyung Hee  
> University
> 17870   | 163.180.45.78    | 13:34:39        | KHU-AS-KR Kyung Hee  
> University
> 17957   | 219.103.102.135  | 14:44:59        | CTS SOUTH TOKYO  
> CABLETELEVISION
> 18101   | 124.125.195.61   | 15:46:43        | RIL-IDC Reliance  
> Infocom Ltd Internet Data Centre,
> 18101   | 124.125.213.251  | 15:29:15        | RIL-IDC Reliance  
> Infocom Ltd Internet Data Centre,
> 18101   | 124.125.24.144   | 13:49:22        | RIL-IDC Reliance  
> Infocom Ltd Internet Data Centre,
> 18101   | 124.125.36.247   | 13:50:13        | RIL-IDC Reliance  
> Infocom Ltd Internet Data Centre,
> 18144   | 121.200.148.252  | 15:44:59        | AS-ENECOM Energia  
> Communications,Inc.
> 18144   | 121.200.167.137  | 13:59:59        | AS-ENECOM Energia  
> Communications,Inc.
> 18144   | 221.12.215.116   | 14:40:20        | AS-ENECOM Energia  
> Communications,Inc.
> 18494   | 76.2.176.215     | 15:05:04        | EMBARQ-WRBG - Embarq  
> Corporation
> 18881   | 201.47.136.1     | 15:15:21        | Global Village Telecom
> 18881   | 201.47.6.166     | 13:12:16        | Global Village Telecom
> 19817   | 208.127.167.69   | 13:10:27        | DSLEXTREME - DSL Extreme
> 20115   | 24.181.77.160    | 14:26:05        | CHARTER-NET-HKY-NC -  
> Charter Communications
> 20115   | 97.89.24.78      | 14:24:57        | CHARTER-NET-HKY-NC -  
> Charter Communications
> 20773   | 80.237.144.177   | 14:48:09        | HOSTEUROPE-AS AS of  
> Hosteurope Germany / Cologne
> 21155   | 83.172.144.21    | 13:12:16        | ASN-PROSERVE ProServe  
> B.V. Networks
> 21502   | 81.220.216.34    | 14:39:11        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 82.216.103.170   | 14:12:23        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 82.216.170.103   | 13:30:58        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.68.128.62     | 13:10:27        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.68.176.249    | 13:42:14        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.68.6.155      | 13:10:35        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.68.73.116     | 13:45:23        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.69.191.195    | 13:12:16        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.69.204.208    | 14:29:30        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.69.76.196     | 13:10:45        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 85.69.81.191     | 13:10:27        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.2.103.141     | 14:07:18        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.2.120.49      | 13:17:57        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.2.126.99      | 13:11:41        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.2.196.214     | 13:11:10        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.2.215.120     | 15:41:16        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.2.36.240      | 15:48:44        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 21502   | 89.3.163.72      | 15:37:06        | ASN-NUMERICABLE  
> NUMERICABLE is a cabled network in France,
> 22927   | 190.48.34.242    | 14:47:54        | Telefonica de Argentina
> 22927   | 190.50.109.42    | 16:00:26        | Telefonica de Argentina
> 23522   | 66.252.2.214     | 13:10:33        | IPNAP-ES - GigeNET
> 24731   | 213.181.162.184  | 13:11:42        | ASN-NESMA National  
> Engineering Services and Marketing Company Ltd. (NESMA)
> 25511   | 217.12.241.11    | 15:18:33        | ASN-NET21 OOO _NPP SET`  
> XXI_
> 25525   | 85.92.131.101    | 13:12:16        | REASONNET Reasonnet IP  
> Networks - Autonomous System Number
> 26292   | 64.30.82.204     | 13:12:16        | ASN-SHREWS - SHREWSBURY  
> COMMUNITY CABLEVISION
> 27699   | 189.68.111.101   | 15:02:45        | TELECOMUNICACOES DE SAO  
> PAULO S/A - TELESP
> 29737   | 24.192.44.40     | 13:20:51        | WOW-INTERNET -  
> WideOpenWest LLC
> 29737   | 67.149.25.150    | 13:12:16        | WOW-INTERNET -  
> WideOpenWest LLC
> 29737   | 67.149.91.188    | 14:03:15        | WOW-INTERNET -  
> WideOpenWest LLC
> 29859   | 75.118.180.203   | 15:37:44        | WOW-INTERNET-ILL -  
> WideOpenWest LLC
> 31228   | 89.160.41.68     | 14:13:50        | SKYCOM-AS SkyCom Sweden
> 31661   | 87.72.7.32       | 15:27:02        | COMX ComX Networks A/S
> 38092   | 211.239.35.7     | 14:39:30        | JINNAM-AS-KR Jinnam  
> Cable Network
> 39074   | 85.133.152.92    | 13:23:56        | IR-SEPANTA-ISP Sepanta  
> Communication Development Co. Ltd
> 42925   | 213.151.42.136   | 14:39:07        | RIMON1 Internet Rimon  
> LTD BGP1
> 42925   | 213.151.49.156   | 15:28:07        | RIMON1 Internet Rimon  
> LTD BGP1
> 42925   | 213.151.53.21    | 13:56:01        | RIMON1 Internet Rimon  
> LTD BGP1
> 42925   | 213.151.54.214   | 15:34:30        | RIMON1 Internet Rimon  
> LTD BGP1
> 43711   | 193.23.136.50    | 13:10:27        | SZERVERNET-HU-AS  
> Szervernet Ltd.
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________