[nsp-sec] Botnet at alpha745.server4you.de

Thu Mar 13 12:45:07 EDT 2008

Hi,

There is a C&C server at

	alpha745.server4you.de = 85.25.130.204
	Port 113/tcp
	Channel: #whatever3
	Password: bleh

The bots seem to be from machines that were broken into with weak SSH
passwords and maybe by web applications with weak passwords, too. 

The botnet was also located at 217.79.190.56 = r056.red.fastwebserver.de
(same port and channel).

The compromised machines may have the "Troj/Kaiten-Gen" installed,
maybe also the "barbut" IRC/DDoS tool.

The list of bots from about 16:00 UTC+1:00 as seen by my IRC client:

ASN     | IP address       | hostname nickname
--------+------------------+---------------------------------------------------
47      | 128.125.91.166   | qubit.usc.edu YGGXZWT
137     | 143.225.229.21   | none ULFR      
137     | 147.162.53.25    | arrhenius.chfi.unipd.it KVKYMEH
137     | 147.162.53.26    | arrhenius32.chfi.unipd.it DXWMBFFN
137     | 193.204.32.231   | labtime.unipv.it OTHXW
174     | 216.162.92.6     | none ZLCGWR    
174     | 216.29.200.16    | 216-29-200-16.ip.oribus.net root
209     | 207.224.214.206  | none LNNVQSCU  
209     | 207.225.26.68    | none QFTXUWD   
224     | 193.156.19.170   | dus12.nta.no fidelity
278     | 132.248.173.5    | tigre.aragon.unam.mx edgar
278     | 132.248.173.5    | tigre.aragon.unam.mx melina
559     | 129.132.223.211  | nanocl.ethz.ch DGOHB
577     | 199.243.104.36   | none GLLIKAC   
577     | 69.159.224.208   | OTWAON23-1168105680.sdsl.bell.ca EOFRVGRE
702     | 195.49.179.84    | none YPJLOO    
766     | 150.214.196.192  | dismol12.ugr.es JONM
766     | 155.54.4.52      | fobos.bio.um.es marina
813     | 209.167.235.8    | adsl-209-167-235-8.kwic.com LUZJW
852     | 207.219.43.11    | none HQBOX     
852     | 216.123.234.91   | none DCDB      
1221    | 61.9.223.89      | CPE-61-9-223-89.static.qld.bigpond.net.au OHKOUQTM
1257    | 212.247.35.253   | sparc1.nud.se TMYAFA
1267    | 151.38.240.161   | adsl-161-240.38-151.net24.it MEZYDFLI
1312    | 128.173.92.28    | comets.irean.vt.edu OCWQLN
1659    | 140.120.6.240    | mail.amath.nchu.edu.tw ZRTWJASO
1659    | 210.240.232.7    | ns1.mit.edu.tw UXTSGRN
1853    | 193.170.208.124  | www.brgwaidhofen-ybbs.ac.at ONDH
1955    | 193.224.94.68    | none YQHW      
2012    | 157.181.161.29   | plc.inf.elte.hu DUBP
2119    | 213.115.183.11   | none BKMBJM    
2119    | 84.202.156.20    | none VZDYDOYA  
2200    | 193.51.25.187    | persee.prism.uvsq.fr OJNX
2200    | 194.167.199.36   | opera.enstimac.fr HAIQOQ
2501    | 133.11.92.26     | panda.q.t.u-tokyo.ac.jp JFOE
2501    | 133.11.92.26     | panda.q.t.u-tokyo.ac.jp OQNUU
2503    | 130.34.18.100    | omega3.tagen.tohoku.ac.jp ZTGBJXX
2529    | 80.177.16.227    | hfbltd-adsl.demon.co.uk KXJCN
2529    | 83.105.25.155    | firewall.dash.co.uk PBVAI
2588    | 159.148.96.76    | none MRSW      
2607    | 147.175.55.175   | none DZWJUNRB  
2614    | 217.73.168.142   | none KWBPIAW   
2687    | 202.135.231.57   | none HWTJF     
2706    | 210.17.246.247   | none HJQVP     
2706    | 220.232.214.36   | none ECZX      
2716    | 200.19.255.218   | spitfire.ee.furg.br ZKBHQQD
2828    | 206.111.181.21   | none QNHX      
2856    | 217.35.80.115    | host217-35-80-115.in-addr.btopenworld.com PKPHSO
2856    | 81.138.4.120     | host81-138-4-120.in-addr.btopenworld.com RQAASCM
3215    | 193.252.32.126   | LNeuilly-152-23-101-126.w193-252.abo.wanadoo.fr cedric
3215    | 217.128.248.249  | LPuteaux-151-43-9-249.w217-128.abo.wanadoo.fr APXXTIDB
3215    | 80.13.20.92      | LMontsouris-152-62-21-92.w80-13.abo.wanadoo.fr ZJPJEBV
3216    | 81.211.39.18     | mail.mumgss.ru JYNTFLI
3216    | 81.211.39.217    | omzmgss.koptevo.net WZKPI
3255    | 194.44.160.142   | none YUSRF     
3265    | 213.84.188.254   | barn.xs4all.nl ENGMOVYC
3265    | 213.84.191.223   | sounds.xs4all.nl PKUV
3269    | 195.120.101.75   | none WGOE      
3269    | 80.180.241.186   | none WTFAPJ    
3269    | 80.183.147.42    | host42-147-static.183-80-b.business.telecomitalia.it XMERI
3269    | 80.183.153.230   | none XBHYWVJ   
3269    | 81.72.196.38     | none JMPUPIXA  
3269    | 81.73.179.128    | none OWTO      
3269    | 81.75.126.101    | host101-126-static.75-81-b.business.telecomitalia.it HJKTBHOB
3269    | 82.106.60.162    | host162-60-static.106-82-b.business.telecomitalia.it OELV
3269    | 82.88.55.72      | host72-55-static.88-82-b.business.telecomitalia.it CMOWUKWD
3269    | 82.89.182.61     | none ECQIPWB   
3269    | 85.39.252.226    | none MVTQHX    
3269    | 87.24.45.132     | host132-45-static.24-87-b.business.telecomitalia.it ERQLSEQ
3269    | 87.25.22.155     | host155-22-static.25-87-b.business.telecomitalia.it RADW
3269    | 87.25.46.32      | host32-46-static.25-87-b.business.telecomitalia.it BFAJLOHQ
3269    | 88.34.229.68     | host68-229-static.34-88-b.business.telecomitalia.it andrea
3269    | 88.46.85.115     | host115-85-static.46-88-b.business.telecomitalia.it TQWFD
3287    | 217.144.98.133   | host3.ripc.redline.ru PCKS
3292    | 213.187.208.194  | suck.my.sausage.so.I.can.cum.in.your.face.nu XWWM
3292    | 62.236.98.227    | mx1.sycratec.fi PALAI
3292    | 80.166.213.254   | cpe.atm2-0-1271189.0x50a6d5fe.kd4nxx13.customer.tele.dk DYVZ
3292    | 80.62.156.3      | 0x503e9c03.naenxx2.adsl-dhcp.tele.dk MXSF
3292    | 80.62.156.3      | 0x503e9c03.naenxx2.adsl-dhcp.tele.dk SEDFQ
3292    | 83.90.62.241     | none PYUNE     
3320    | 217.91.65.130    | pd95b4182.dip0.t-ipconnect.de TEXPTBD
3320    | 62.159.113.66    | none KLZEWGD   
3320    | 87.139.14.178    | p578b0eb2.dip0.t-ipconnect.de AEXEQPGV
3330    | 194.112.210.90   | none TAHCE     
3340    | 194.149.10.38    | none ZSXPUMSS  
3340    | 195.56.96.92     | melinda.europakiado.hu FOLCVQ
3352    | 217.125.54.170   | 170.Red-217-125-54.staticIP.rima-tde.net KFJZXZ
3352    | 217.126.121.204  | 204.Red-217-126-121.staticIP.rima-tde.net LNZOCOC
3352    | 217.126.31.206   | 206.Red-217-126-31.staticIP.rima-tde.net NACGAIKI
3352    | 80.35.201.112    | 112.Red-80-35-201.staticIP.rima-tde.net GUXH
3352    | 80.35.236.230    | 230.Red-80-35-236.staticIP.rima-tde.net ACFLVM
3352    | 80.35.39.157     | 157.Red-80-35-39.staticIP.rima-tde.net QLEWMQ
3352    | 80.36.62.183     | 183.Red-80-36-62.staticIP.rima-tde.net YOTW
3356    | 63.214.236.159   | none OFXQDFOY  
3356    | 64.194.82.80     | www.hypercube-llc.com BZMFWBEI
3462    | 210.241.229.146  | none YVGXCNU   
3462    | 211.23.73.67     | 211-23-73-67.HINET-IP.hinet.net EFWSASXX
3462    | 220.130.152.234  | 220-130-152-234.HINET-IP.hinet.net KKYCGRB
3462    | 220.130.2.247    | 220-130-2-247.HINET-IP.hinet.net PNLSUXRG
3549    | 208.49.234.33    | rws-208-49-234-33.ip.corp.visto.com OBKYZAT
3549    | 64.212.161.253   | none JFEPBEQX  
3549    | 68.142.3.211     | dsl-3-211.cofs.net ASHP
3561    | 72.21.50.122     | none larry     
3561    | 72.232.136.22    | 22.136.232.72.static.reverse.ltdomains.com CNHFUIU
3561    | 72.36.215.226    | 226.215.36.72.static.reverse.ltdomains.com KVGOTU
3561    | 72.36.215.226    | 226.215.36.72.static.reverse.ltdomains.com KVGOTU
3561    | 72.36.226.138    | none ZGCUR     
3595    | 72.9.250.172     | none UPGMS     
3602    | 149.99.41.218    | Z-a2-1-0-494-S1.tls3.tor1.rogerstelecom.net SMZWITLG
3741    | 196.211.116.162  | mail.wickedpixels.com mysql
3741    | 196.211.53.74    | none EVANN     
3741    | 196.211.53.74    | none GEDDVMS   
3741    | 196.211.8.90     | mail.contiprint.co.za DYVZ
3741    | 196.34.133.59    | none VRPG      
3758    | 203.124.1.201    | kela.singnet.com.sg LWOJEZK
3786    | 211.115.112.45   | none mail      
3786    | 211.60.234.201   | none GJMV      
3794    | 128.194.112.43   | weasel.tamu.edu DKNGXELC
3816    | 200.21.104.66    | none HJUW      
3816    | 200.21.231.45    | metano.gasan.com.co HEFPQMW
4130    | 136.142.151.187  | mobil1.hgen.pitt.edu JNNPN
4130    | 136.142.151.187  | mobil1.hgen.pitt.edu KRWKS
4134    | 202.105.212.109  | none VDOUJ     
4181    | 69.128.70.86     | h69-128-70-86.69-128.unk.tds.net AUCTSDV
4230    | 200.172.166.2    | none TKDCFNGA  
4230    | 200.241.233.130  | none TRSDSVAH  
4230    | 200.241.63.132   | orion.marata.com.br UFCLS
4230    | 200.241.90.2     | none MOSD      
4230    | 201.38.214.18    | none HHBT      
4230    | 201.65.247.90    | none GZPKNAC   
4323    | 207.235.95.226   | none GZBUDDSJ  
4515    | 202.82.144.29    | none VGLQGUIK  
4515    | 210.177.97.249   | mail.taipingcarpets.com WKVL
4538    | 162.105.73.82    | none AVVBVLL   
4538    | 202.118.76.61    | none news      
4645    | 202.67.150.135   | e135.ip.nettersworld.net ENKK
4645    | 202.67.150.135   | e135.ip.nettersworld.net WQNQLV
4685    | 219.121.16.36    | m016036.ppp.asahi-net.or.jp LKHGIZAT
4685    | 61.125.195.160   | i195160.ppp.asahi-net.or.jp mailtest
4780    | 203.73.21.52     | edm01.iwant-in.net MTQVPY
4780    | 203.73.21.52     | edm01.iwant-in.net NUTVIWM
4788    | 210.187.78.195   | none GPJL      
4788    | 210.187.78.195   | none QRTI      
4802    | 203.206.182.19   | 203-206-182-19.perm.iinet.net.au NZRQUJMM
4808    | 61.135.234.140   | none IRFHFB    
4812    | 61.129.70.126    | none RKBRBWBP  
4837    | 221.209.150.115  | none PCVNQQ    
4837    | 221.6.71.42      | none CMOGU     
4837    | 60.19.28.157     | none oracle    
4837    | 60.28.222.5      | none PXIAKGAH  
5390    | 85.144.129.243   | s559081f3.adsl.wanadoo.nl UTJNKDJ
5483    | 81.183.216.68    | dsl51B7D844.fixip.t-online.hu QFDRUQI
5483    | 81.183.218.191   | dsl51B7DABF.fixip.t-online.hu FCKGNRI
5486    | 192.116.243.241  | none FIQWZN    
5578    | 212.81.23.56     | static-081-023-056.dsl.nextra.sk QMDWKS
5602    | 62.173.171.118   | none OYOXDLX   
5603    | 193.77.157.104   | BSN-77-157-104.dsl.siol.net VBULKBE
5603    | 193.95.221.236   | BSN-95-221-236.dsl.siol.net RIHDL
5610    | 83.208.25.65     | 65.25.broadband2.iol.cz YCCIAH
5617    | 212.160.102.132  | none YMMEX     
5617    | 80.48.204.226    | none ZEDPBJJZ  
5617    | 83.14.93.178     | dzp178.internetdsl.tpnet.pl SDGCIKPY
5617    | 83.15.142.18     | eli18.internetdsl.tpnet.pl IOJG
5617    | 83.16.1.162      | aab162.internetdsl.tpnet.pl mysql
5617    | 83.18.111.74     | ayh74.internetdsl.tpnet.pl BQKHH
5617    | 83.18.178.18     | buw18.internetdsl.tpnet.pl PBPGPTOK
5617    | 83.3.174.58      | gqs58.internetdsl.tpnet.pl VPHKAO
5692    | 163.10.30.2      | none mariano   
5692    | 163.10.30.2      | none nobody    
6057    | 200.40.138.178   | correo.punto.com.uy JWKZOWOT
6128    | 67.83.188.171    | ool-4353bcab.dyn.optonline.net WEQRM
6147    | 200.60.107.66    | master01.solmar.com.pe IIPINNM
6147    | 200.60.107.66    | master01.solmar.com.pe LYOUIRB
6147    | 200.60.70.211    | mail.navarrete.com.pe FKNTG
6147    | 200.60.70.211    | mail.navarrete.com.pe WLDCHA
6388    | 68.209.202.195   | adsl-068-209-202-195.sip.hsv.bellsouth.net FXDM
6388    | 68.209.202.195   | adsl-068-209-202-195.sip.hsv.bellsouth.net OOSSVJLM
6429    | 190.54.31.132    | none jam       
6429    | 190.54.35.179    | montt.procint.cl PZWMCXBU
6461    | 82.98.201.172    | none jens      
6503    | 148.245.157.217  | none EPTRHUQS  
6503    | 200.39.246.106   | sirius.inoc.avantel.net.mx SRYW
6505    | 209.88.103.104   | none monitor   
6539    | 139.142.72.50    | architect.mindzplay.com DOWML
6661    | 213.135.236.32   | ip-213-135-236-32.static.luxdsl.pt.lu UHCV
6714    | 85.219.222.6     | ip-85-219-222-6.static.system77.pl mysql
6854    | 213.243.100.84   | none BLXDY     
6855    | 87.197.51.74     | edunet-static-74.87-197-51.telecom.sk HVHWGPZ
6893    | 62.220.134.13    | web-troubles.ch jessica
6911    | 62.84.188.13     | blade-4-7-13.lon1.as6911.net NPQVIPP
6939    | 64.71.167.63     | none PHVEWNX   
7004    | 200.91.14.32     | none XFKOFRKT  
7018    | 12.175.144.99    | mail.augustmack.com mail
7018    | 209.169.216.55   | none NIIKSGI   
7065    | 208.201.244.72   | host72.netvulture.com LYEJD
7065    | 208.201.244.72   | host72.netvulture.com QHZDESO
7065    | 69.12.167.195    | 69-12-167-195.dsl.static.sonic.net QSJV
7065    | 69.12.226.165    | outel.org richard
7132    | 208.189.14.194   | adsl-208-189-14-194.dsl.ltrkar.swbell.net DJNGBSPR
7132    | 66.122.59.6      | adsl-66-122-59-6.dsl.sntc01.pacbell.net RPXF
7132    | 70.243.99.210    | none RJWI      
7228    | 209.254.234.18   | TROYMIMNDS0A910.mcleodusa.net HEEXOQL
7303    | 190.31.110.174   | host174.190-31-110.telecom.net.ar OVMEDD
7303    | 200.43.219.138   | none jose      
7385    | 64.122.117.107   | none ERZSYIQU  
7470    | 210.213.13.4     | 210-213-13-4.static.asianet.co.th FCTZID
7474    | 203.83.238.10    | mail.onewirenetwork.net.au JSAMKGL
7497    | 124.16.146.61    | none FVSOXBJA  
7543    | 202.7.93.11      | b180B.static.pacific.net.au kirk
7633    | 203.129.194.23   | none WCLUKQ    
7725    | 70.90.196.137    | provone.provsol.net MEIQMDJE
7992    | 72.38.63.165     | d38-63-165.commercial1.cgocable.net FXGFZF
7992    | 72.38.63.165     | d38-63-165.commercial1.cgocable.net LFEYI
8062    | 70.145.116.241   | adsl-070-145-116-241.sip.pns.bellsouth.net WWANU
8151    | 200.67.193.252   | dsl-200-67-193-252.prod-empresarial.com.mx IAVIZW
8167    | 200.138.199.6    | none luke      
8167    | 200.152.199.168  | none USVDT     
8167    | 200.180.201.210  | none NDFHFHJ   
8190    | 135.196.168.89   | none TSIDAZC   
8196    | 62.176.151.36    | none TUKP      
8220    | 213.246.239.99   | none LXFKFJT   
8220    | 62.72.101.154    | habousha-771-u.customer.be.colt.net david
8220    | 87.241.33.10     | none linda     
8251    | 81.201.54.102    | holub.klfree.cz VKDFLRD
8258    | 195.64.224.62    | softpress-gw7r.visti.net TLRCMLFR
8267    | 149.156.141.212  | izwbit.wil.pk.edu.pl proxyuser
8342    | 195.161.108.90   | none FCUTFNHX  
8342    | 81.176.214.22    | none UOGICA    
8359    | 62.118.210.94    | none TYTDXLSI  
8359    | 62.118.210.94    | none UAMDYK    
8404    | 62.2.211.46      | 62-2-211-46.static.cablecom.ch IOBYPAGW
8447    | 80.122.176.206   | none AQKA      
8512    | 195.199.153.218  | szerver2.simonyi.sulinet.hu TCCMN
8512    | 195.199.236.113  | szerver1.harmat88.sulinet.hu OEQZAEVY
8512    | 195.199.32.129   | szerver1.kalvariaparti-gyongyos.sulinet.hu UAWNEK
8514    | 62.99.188.49     | 62-99-188-49.static.adsl-line.inode.at TWRYHF
8514    | 81.223.198.130   | mail.marx.at PTOOJDCM
8514    | 85.126.20.50     | 85-126-20-50.sh-wien.inode.at OZGBUAF
8584    | 212.150.167.61   | none BWEAJK    
8696    | 213.163.50.55    | dial050055.pool.invitel.hu FQJSBRSY
8708    | 79.113.167.237   | none NLBKDHWS  
8708    | 84.232.150.18    | none root      
8708    | 86.123.8.3       | cablelink-86-123-8-3.rdstm.ro HZEYULPZ
8732    | 213.171.61.24    | none IDZH      
8737    | 84.81.110.157    | ip54516e9d.direct-adsl.nl WZYULW
8751    | 85.204.225.208   | global-valori-imobiliare.mediasat.ro LCIUA
8778    | 195.28.78.117    | daniela.cps.sk KHYBD
8865    | 212.33.66.76     | none EKZBOYX   
8912    | 62.128.130.94    | none LRUAPWE   
8970    | 156.17.13.3      | none ZVUVBM    
8970    | 156.17.94.18     | algol.cbk.pan.wroc.pl GDPC
8972    | 62.75.221.160    | sofia083.server4you.de psybnc
9121    | 88.247.87.69     | none NZCUQAU   
9127    | 84.238.186.211   | none PJECKXJ   
9132    | 212.99.221.231   | d463dde7.datahighways.de QYOWI
9132    | 62.206.228.188   | none downloads 
9167    | 213.173.255.104  | 104-255-173-213.static.dsl.webpartner.net KVAVV
9304    | 218.189.211.24   | none VSJQ      
9304    | 218.189.211.30   | none FAWC      
9353    | 210.233.74.25    | ns01.okinawa-joho.net JJVAHYZJ
9394    | 124.243.195.67   | none EPQORP    
9498    | 125.22.240.180   | mail.morganind.com CQEG
9583    | 210.18.76.166    | 210.18.76.166.sify.net UOBODJTO
9691    | 210.110.181.70   | pl.kyungsung.ac.kr ICUMMY
9808    | 218.200.191.30   | none YIMH      
9822    | 202.89.176.250   | sunlong.arach.net.au UJTNAG
9916    | 140.113.144.250  | cmbsd.cm.nctu.edu.tw EHXDU
9916    | 140.113.208.97   | cyber17.cs.nctu.edu.tw YXVYNDXS
9924    | 124.10.129.9     | 124-10-129-9.static.tfn.net.tw GOLOQW
9929    | 211.154.254.89   | none ZYEDZFM   
9942    | 203.32.87.174    | 174.87.32.203-static.velocitynet.com.au ODBSERY
9989    | 202.79.202.165   | none JXKKQIVJ  
10010   | 210.171.168.65   | none LLAJA     
10015   | 61.114.228.12    | none postgres  
10148   | 128.250.29.6     | kryten.csse.unimelb.edu.au IIZQY
10318   | 200.89.168.90    | 90-168-89-200.fibertel.com.ar MPHF
10439   | 66.240.221.176   | none RBLGG     
10439   | 66.240.255.166   | none YDHJC     
10481   | 200.127.112.176  | none HWBWNC    
10620   | 200.71.50.254    | none GUXCZRBD  
10834   | 200.51.40.154    | none EQCDWD    
10838   | 67.53.56.38      | rrcs-67-53-56-38.west.biz.rr.com GNEZ
10933   | 146.145.215.50   | hummernetworkforums.com QBWIMKRK
11172   | 200.94.18.212    | host-200-94-18-212.block.alestra.net.mx XFCHNEZQ
11172   | 200.94.23.18     | host-200-94-23-18.block.alestra.net.mx SFJVDFD
11175   | 209.197.145.160  | config.cybersurf.net XSOB
11242   | 150.162.114.4    | morrodaspedras.led.ufsc.br CKPXM
11426   | 75.182.109.34    | cpe-075-182-109-034.nc.res.rr.com NDHCB
11456   | 70.43.165.34     | 70.43.165.34.nw.nuvox.net USCNGZKL
11664   | 200.80.203.130   | mx.litoralcitrus.com.ar WWHFEARN
11841   | 206.251.70.81    | host-206-251-70-81.static.linkline.com QOUDTZ
12028   | 216.86.207.13    | mail.mminternet.com BKSN
12252   | 200.62.177.91    | mail.moldes.com.pe BFFXFHD
12252   | 200.62.177.94    | mail.ememsa.com.pe DAHGW
12252   | 200.62.227.204   | none ZWAN      
12306   | 213.83.30.4      | v103.1blu.de ABLOV
12306   | 82.98.78.109     | rl158.1blu.de ICRZHR
12322   | 62.147.149.124   | lns-bzn-48f-62-147-149-124.adsl.proxad.net GKXKEM
12322   | 62.147.203.49    | lns-bzn-51f-62-147-203-49.adsl.proxad.net QGMV
12322   | 81.56.199.24     | lns-bzn-50f-81-56-199-24.adsl.proxad.net BRJPO
12322   | 82.227.151.219   | mar92-6-82-227-151-219.fbx.proxad.net OJIKWOQO
12322   | 82.227.31.48     | sgc91-2-82-227-31-48.fbx.proxad.net DVCVH
12322   | 82.228.43.151    | did75-8-82-228-43-151.fbx.proxad.net ZGDYSZSD
12322   | 82.245.41.248    | home.gourichon.com AZZQNNT
12322   | 82.246.150.252   | hy183-1-82-246-150-252.fbx.proxad.net WDWBIB
12322   | 88.191.31.88     | sd-3461.dedibox.fr HTOBAT
12322   | 88.191.37.211    | sd-5435.dedibox.fr KBGEXEVF
12322   | 88.191.44.3      | sd-6539.dedibox.fr NDGZ
12332   | 82.162.157.38    | none DHHU      
12334   | 212.51.52.244    | none ZMQWP     
12334   | 83.165.217.84    | cm217084.red83-165.mundo-r.com VVZJPV
12334   | 83.165.217.84    | cm217084.red83-165.mundo-r.com WTSXZ
12340   | 195.137.136.55   | none REFO      
12340   | 195.137.150.219  | none UWQPM     
12348   | 212.34.165.10    | mail.huss-filters.com admin
12348   | 212.34.185.166   | mail.artschwager-kohl.de admin
12365   | 81.95.230.84     | mail.zenitel.uz QKWA
12386   | 88.87.195.14     | none KECRQRIM  
12530   | 212.109.37.141   | none HUKYYLX   
12530   | 212.82.218.140   | mail.pinvest.kiev.ua EZWVDJYO
12741   | 62.148.83.142    | none admin     
12741   | 81.219.182.17    | host17.182.219.81.magma-net.pl GDGBE
12742   | 212.9.255.162    | 212.9.255.162.iptelecom.net.ua XLXS
12874   | 81.208.117.234   | 81-208-117-234.ip.fastwebnet.it WPQTMGM
12874   | 85.18.102.76     | 85-18-102-76.ip.fastwebnet.it FFYB
12907   | 213.252.17.22    | mail3.teampool.de LYEQMY
12968   | 213.134.152.66   | none DLACVIN   
13041   | 84.88.32.22      | mediacat22.i2cat.net BTWRE
13193   | 213.41.176.229   | eav30900.net8.nerim.net JKPNPZF
13263   | 213.139.195.100  | none XIFMDV    
13272   | 82.131.7.254     | ip254.cab7.lsn.starman.ee CSEGBGMH
13301   | 85.14.219.67     | 85.14.219.67.static.rdns-uclo.net bart
13301   | 85.14.219.67     | 85.14.219.67.static.rdns-uclo.net chris
14046   | 216.241.132.5    | shell0.kconline.com PBKHXVDC
14080   | 200.26.134.108   | none MVKBL     
14117   | 200.126.119.91   | mail.clinandes.cl MZCKUXH
14265   | 64.73.250.213    | 64-73-250-213.static-ip.telepacific.net XYNSL
14361   | 209.61.208.35    | knowledge-web.superb.net PKASZV
14522   | 200.25.149.122   | none SFJWIC    
14905   | 67.76.162.9      | va-67-76-162-9.sta.embarqhsd.net SITBC
15083   | 69.60.118.190    | none EDHBOHL   
15083   | 69.60.118.190    | none NUXCVSJA  
15102   | 64.56.147.171    | support.wiband.com XGVFH
15311   | 201.236.108.204  | none QSVV      
15419   | 82.140.184.52    | 52.184.140.82.ip.erdves.lt NVRE
15435   | 62.45.27.108     | none KQJULE    
15557   | 86.64.14.155     | 155.14.64-86.rev.gaoland.net UYEQZ
15598   | 80.190.233.22    | none NLHB      
15685   | 82.208.29.165    | none GRWPNLST  
15703   | 80.247.203.105   | none SAIQVGLM  
15734   | 217.149.150.2    | none OPWC      
15833   | 62.233.185.118   | none CNCCKV    
15857   | 84.40.195.73     | xdsl-3145.elblag.dialog.net.pl LABMOOJ
15919   | 213.134.40.19    | imadip.c.mad.interhost.com UOZNWVR
16257   | 193.41.235.225   | none FHECOA    
16276   | 213.186.45.34    | ns2374.ovh.net LIJMN
16276   | 213.251.174.12   | ks34622.kimsufi.com WBEF
16276   | 213.251.177.145  | ns21435.ovh.net GVUZ
16276   | 213.251.185.91   | ns35748.ovh.net RTIXLR
16276   | 87.98.222.145    | ns6626.ovh.net WFSRD
16338   | 213.37.70.13     | 213.37.70.13.static.user.ono.com PSIAH
16526   | 69.53.127.250    | host127-250.dissent.birch.net JUMFQYA
16629   | 200.68.45.66     | none admin     
16791   | 208.254.200.162  | none FKLXVB    
16805   | 216.218.203.223  | none TPCC      
16814   | 200.123.174.145  | none GNZU      
16814   | 200.123.181.213  | none WIQM      
16814   | 200.68.83.177    | none emma      
17086   | 200.13.185.34    | none root      
17222   | 200.196.50.62    | mvx-200-196-50-62.mundivox.com UFIT
17506   | 221.254.175.172  | 221x254x175x172.ap221.ftth.ucom.ne.jp MPAUM
17557   | 202.125.156.122  | none SWNYRBT   
17676   | 219.18.38.2      | softbank219018038002.bbtec.net GGCSPT
17713   | 140.117.169.177  | slpl.cse.nsysu.edu.tw guest
17829   | 203.34.9.53      | none IDQJUHT   
17877   | 211.232.103.213  | none GKKS      
17913   | 203.77.199.201   | none OBFQMIL   
18042   | 61.63.6.144      | mail.atlas.com.tw CVWWEZ
18042   | 61.63.6.144      | mail.atlas.com.tw NFYSEM
18047   | 140.114.78.231   | dclab.cs.nthu.edu.tw KABDOMT
18047   | 140.114.79.113   | oscar1.cs.nthu.edu.tw jerry
18047   | 140.114.91.70    | hla.cs.nthu.edu.tw SZWTVDUC
18177   | 140.116.226.211  | none jimmy     
18187   | 203.82.42.130    | none TKDIOHQ   
18302   | 124.0.52.161     | none DROVJM    
18420   | 140.115.204.52   | 52-204.dorm.ncu.edu.tw KKURRQ
18566   | 66.166.79.34     | h-66-166-79-34.snvacaid.covad.net PCJZHKBF
18747   | 200.91.236.35    | 35.236.91.200.host.ifx.com.co CZDYV
18881   | 201.47.43.70     | ns2.vhinfoserv.com.br CXRHDFV
19262   | 70.107.224.252   | static-70-107-224-252.ny325.east.verizon.net SFHTHW
19262   | 70.107.240.182   | static-70-107-240-182.ny325.east.verizon.net HICLM
19262   | 70.107.240.182   | static-70-107-240-182.ny325.east.verizon.net SXUMJNVX
19318   | 66.45.225.2      | none EKPLCJTJ  
19429   | 200.93.164.53    | none YJJARARW  
19429   | 201.245.129.62   | none GHTGTJ    
19429   | 201.245.183.123  | correo.he-products.com QHFBB
20001   | 199.89.247.6     | none JPVRY     
20115   | 71.81.28.50      | 71-81-28-50.dhcp.gwnt.ga.charter.com XGAG
20299   | 200.13.185.34    | none root      
20485   | 80.237.90.51     | mail.vyazma-ti.ru EAXVW
20520   | 83.217.111.122   | none JSMCXQ    
20632   | 84.204.218.43    | none GIALRGDU  
20632   | 84.204.80.186    | none VEXZR     
20633   | 141.2.229.62     | euklas.kristall.uni-frankfurt.de AYBEO
20648   | 212.34.136.159   | none XPWPY     
20960   | 88.199.28.3      | 88-199-28-3.tktelekom.pl DQQCKHBK
20961   | 80.244.142.193   | main.brzesko.edu.pl CLGYL
21021   | 80.244.142.193   | main.brzesko.edu.pl CLGYL
21062   | 217.21.36.102    | none ESEGETOX  
21189   | 193.109.160.238  | makzmk.dn.ua office
21193   | 82.151.203.249   | ceipsantjordimollet.xtec.net FZYR
21193   | 82.151.209.201   | ies-provenzana.xtec.net AZZJ
21479   | 83.221.196.202   | 202.196.221.83.donpac.ru ERQLKGTI
21488   | 193.110.106.34   | air.net.ua OLNNGDOP
21694   | 206.78.36.133    | gauss.cyberhigh.org PCPZJIIF
21911   | 200.169.97.235   | none GLLIKAC   
22368   | 201.221.140.186  | none NZJFT     
22773   | 70.176.25.172    | ip70-176-25-172.ph.ph.cox.net UHLCHF
23702   | 124.254.80.216   | 124-254-80-216-static-dsl.ispone.net.au MDIY
23702   | 124.254.80.216   | 124-254-80-216-static-dsl.ispone.net.au RWDD
24679   | 83.246.119.56    | server8324611956.serverpool.info DIYTA
24718   | 85.204.218.195   | none alex      
24940   | 213.239.214.71   | mail1.crossmedianetwork.de OJTDYKJ
24940   | 85.10.208.45     | altair4.kubitza.de YFHMTSU
24940   | 88.198.50.74     | static.88-198-50-74.clients.your-server.de DVLX
24940   | 88.198.50.74     | static.88-198-50-74.clients.your-server.de SELHEB
24961   | 217.79.182.91    | y091.yellow.fastwebserver.de x
24961   | 62.141.42.54     | k2j.de HVKZ    
24961   | 85.114.129.215   | w215.white.fastwebserver.de EOLHZZ
24989   | 88.84.152.95     | v31795.1blu.de XAOEE
25072   | 130.239.11.76    | ryp76.ryp.umu.se GVNB
25074   | 213.131.241.97   | 97.241.131.213.static.inetbone.net ZCDDBGJ
25180   | 83.244.156.204   | 83-244-156-204.cust-83.exponential-e.net XBYOI
25248   | 85.207.120.188   | 188-120-207-85.vychcechy.adsl-llu.static.bluetone.cz ALMDMUIC
25405   | 82.208.90.2      | ns.echo.nnov.ru DMMBPIG
25504   | 193.254.190.98   | none FDDM      
25512   | 85.13.122.80     | none AZNW      
25525   | 85.92.137.138    | ns1.webitall.nl XCID
25543   | 196.28.253.47    | www.tanaliz.bf OHNNAVF
25620   | 200.119.199.34   | none LQNVCZX   
26105   | 200.46.204.186   | movelinfo.com.br FDFGNO
26228   | 64.151.93.110    | none WTZJD     
26505   | 200.124.136.36   | none TQCVMJEY  
26806   | 204.83.155.20    | 204-83-155-20.innovationplace.com ETCDGQBB
27699   | 200.207.84.137   | 200-207-84-137.dsl.telesp.net.br master
27725   | 200.55.143.98    | none admin     
27768   | 201.217.4.214    | none PQQOKUHD  
27792   | 200.2.127.156    | none CDFTNQ    
27864   | 190.8.192.66     | dns.cablecentro.net.co postmaster
28571   | 143.107.110.29   | none DPJIZKJ   
28573   | 201.21.210.151   | none AZKKQOFN  
28573   | 201.21.210.151   | none TPDVMIMS  
28707   | 62.213.207.147   | 62-213-207-147.colo.kangaroot.net HYMR
28787   | 217.64.31.37     | mail.kredaqro.com VTTJJW
28870   | 82.179.222.150   | mail.pythagor.ru YFMITPDH
28968   | 62.181.56.4      | none fox       
29002   | 213.232.254.90   | mail.iec.msk.ru AJEG
29208   | 82.119.244.205   | none AMGYHYJU  
30452   | 207.218.129.9    | mail.profitsonline.com KZHEMOJF
30788   | 77.94.1.2        | none DZTEQT    
31103   | 87.118.108.60    | none SREBUA    
31204   | 83.218.196.63    | none LFJP      
31408   | 81.140.3.90      | dsl-sp-81-140-3-90.in-addr.broadbandscope.com WPSHNJM
31535   | 83.136.120.37    | b.ns.186k.co.uk JQLZMPUY
31543   | 83.218.176.249   | none JABJJ     
31886   | 131.104.48.131   | marvin.cis.uoguelph.ca adrian
32097   | 69.30.204.70     | none XRZLYKMA  
32519   | 209.251.80.194   | none ZALLYP    
33210   | 69.41.165.114    | junction.ivo.nu XBMFL
33210   | 69.41.170.174    | colo.acacamps.org FEBE
33287   | 74.94.57.214     | none REMKRVNK  
33668   | 71.205.237.26    | c-71-205-237-26.hsd1.mi.comcast.net APRXLDC
33895   | 194.6.241.3      | do.dupy.org BXZC
33970   | 195.3.136.61     | web05.starfields.net rachel
34050   | 84.234.110.86    | none IVWXF     
34781   | 85.218.33.22     | 85-218-33-22.static.citycable.ch andre
35228   | 87.194.32.209    | 87-194-32-209.bethere.co.uk PJPWIZU
35244   | 85.233.48.21     | 85.233.48.21.static.cablesurf.de XWYRRHFX
35425   | 80.68.90.168     | concept.mallabar.co.uk LCRBA
35449   | 193.223.101.101  | none RQPN      
35612   | 88.149.158.50    | 88-149-158-50.vps.virtuo.it MBOZ
35612   | 88.149.192.134   | 88-149-192-134.vps.virtuo.it CEQELCP
35810   | 87.255.2.129     | none BOAM      
36866   | 196.201.225.94   | none QPOI      
36866   | 196.201.225.94   | router.ad-tel.com ANXIZO
36898   | 196.28.87.86     | mail.btech.co.za TQDTXE
39022   | 195.66.134.34    | orchitis.gs.ams.nlisp.net OYIBEMK
39023   | 195.225.104.128  | v1368.vanager.de bouncer
39180   | 81.18.176.38     | noc1.mwsp.net SCMGJLKM
39535   | 194.50.0.185     | none JNRJFPJ   
39561   | 89.108.91.105    | none RWNBQ     
39709   | 81.88.210.77     | evilgeniy666.ru BTMARF
39709   | 81.88.210.77     | evilgeniy666.ru GYANJ
39742   | 193.93.184.147   | none JHXU      
41497   | 83.137.233.37    | none andrea    
42255   | 195.222.124.22   | www.sigmaru.com PIPWNYC
42431   | 91.92.170.156    | none GZFAN     
42585   | 213.249.64.34    | s069.networking4all.com JHCD
42585   | 213.249.64.34    | s069.networking4all.com KXRQXF

-- 
Dipl. Inform. Klaus Moeller (CSIRT)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen   https://www.cert.dfn.de/autowarn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 486 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080313/2436c572/attachment-0001.sig>