[nsp-sec] Botnet at alpha745.server4you.de
Gabriel Iovino
giovino at ren-isac.net
Thu Mar 13 14:46:24 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
We will send notifications to the following:
47 | 128.125.91.166 | qubit.usc.edu YGGXZWT
1312 | 128.173.92.28 | comets.irean.vt.edu OCWQLN
3794 | 128.194.112.43 | weasel.tamu.edu DKNGXELC
4130 | 136.142.151.187 | mobil1.hgen.pitt.edu JNNPN
31886 | 131.104.48.131 | marvin.cis.uoguelph.ca adrian
Thanks
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
Klaus Moeller wrote:
| ----------- nsp-security Confidential --------
|
|
|
| ------------------------------------------------------------------------
|
| Hi,
|
| There is a C&C server at
|
| alpha745.server4you.de = 85.25.130.204
| Port 113/tcp
| Channel: #whatever3
| Password: bleh
|
| The bots seem to be from machines that were broken into with weak SSH
| passwords and maybe by web applications with weak passwords, too.
|
| The botnet was also located at 217.79.190.56 = r056.red.fastwebserver.de
| (same port and channel).
|
| The compromised machines may have the "Troj/Kaiten-Gen" installed,
| maybe also the "barbut" IRC/DDoS tool.
|
| The list of bots from about 16:00 UTC+1:00 as seen by my IRC client:
|
| ASN | IP address | hostname nickname
|
-
--------+------------------+---------------------------------------------------
| 47 | 128.125.91.166 | qubit.usc.edu YGGXZWT
| 137 | 143.225.229.21 | none ULFR
| 137 | 147.162.53.25 | arrhenius.chfi.unipd.it KVKYMEH
| 137 | 147.162.53.26 | arrhenius32.chfi.unipd.it DXWMBFFN
| 137 | 193.204.32.231 | labtime.unipv.it OTHXW
| 174 | 216.162.92.6 | none ZLCGWR
| 174 | 216.29.200.16 | 216-29-200-16.ip.oribus.net root
| 209 | 207.224.214.206 | none LNNVQSCU
| 209 | 207.225.26.68 | none QFTXUWD
| 224 | 193.156.19.170 | dus12.nta.no fidelity
| 278 | 132.248.173.5 | tigre.aragon.unam.mx edgar
| 278 | 132.248.173.5 | tigre.aragon.unam.mx melina
| 559 | 129.132.223.211 | nanocl.ethz.ch DGOHB
| 577 | 199.243.104.36 | none GLLIKAC
| 577 | 69.159.224.208 | OTWAON23-1168105680.sdsl.bell.ca EOFRVGRE
| 702 | 195.49.179.84 | none YPJLOO
| 766 | 150.214.196.192 | dismol12.ugr.es JONM
| 766 | 155.54.4.52 | fobos.bio.um.es marina
| 813 | 209.167.235.8 | adsl-209-167-235-8.kwic.com LUZJW
| 852 | 207.219.43.11 | none HQBOX
| 852 | 216.123.234.91 | none DCDB
| 1221 | 61.9.223.89 | CPE-61-9-223-89.static.qld.bigpond.net.au
OHKOUQTM
| 1257 | 212.247.35.253 | sparc1.nud.se TMYAFA
| 1267 | 151.38.240.161 | adsl-161-240.38-151.net24.it MEZYDFLI
| 1312 | 128.173.92.28 | comets.irean.vt.edu OCWQLN
| 1659 | 140.120.6.240 | mail.amath.nchu.edu.tw ZRTWJASO
| 1659 | 210.240.232.7 | ns1.mit.edu.tw UXTSGRN
| 1853 | 193.170.208.124 | www.brgwaidhofen-ybbs.ac.at ONDH
| 1955 | 193.224.94.68 | none YQHW
| 2012 | 157.181.161.29 | plc.inf.elte.hu DUBP
| 2119 | 213.115.183.11 | none BKMBJM
| 2119 | 84.202.156.20 | none VZDYDOYA
| 2200 | 193.51.25.187 | persee.prism.uvsq.fr OJNX
| 2200 | 194.167.199.36 | opera.enstimac.fr HAIQOQ
| 2501 | 133.11.92.26 | panda.q.t.u-tokyo.ac.jp JFOE
| 2501 | 133.11.92.26 | panda.q.t.u-tokyo.ac.jp OQNUU
| 2503 | 130.34.18.100 | omega3.tagen.tohoku.ac.jp ZTGBJXX
| 2529 | 80.177.16.227 | hfbltd-adsl.demon.co.uk KXJCN
| 2529 | 83.105.25.155 | firewall.dash.co.uk PBVAI
| 2588 | 159.148.96.76 | none MRSW
| 2607 | 147.175.55.175 | none DZWJUNRB
| 2614 | 217.73.168.142 | none KWBPIAW
| 2687 | 202.135.231.57 | none HWTJF
| 2706 | 210.17.246.247 | none HJQVP
| 2706 | 220.232.214.36 | none ECZX
| 2716 | 200.19.255.218 | spitfire.ee.furg.br ZKBHQQD
| 2828 | 206.111.181.21 | none QNHX
| 2856 | 217.35.80.115 | host217-35-80-115.in-addr.btopenworld.com
PKPHSO
| 2856 | 81.138.4.120 | host81-138-4-120.in-addr.btopenworld.com
RQAASCM
| 3215 | 193.252.32.126 |
LNeuilly-152-23-101-126.w193-252.abo.wanadoo.fr cedric
| 3215 | 217.128.248.249 |
LPuteaux-151-43-9-249.w217-128.abo.wanadoo.fr APXXTIDB
| 3215 | 80.13.20.92 |
LMontsouris-152-62-21-92.w80-13.abo.wanadoo.fr ZJPJEBV
| 3216 | 81.211.39.18 | mail.mumgss.ru JYNTFLI
| 3216 | 81.211.39.217 | omzmgss.koptevo.net WZKPI
| 3255 | 194.44.160.142 | none YUSRF
| 3265 | 213.84.188.254 | barn.xs4all.nl ENGMOVYC
| 3265 | 213.84.191.223 | sounds.xs4all.nl PKUV
| 3269 | 195.120.101.75 | none WGOE
| 3269 | 80.180.241.186 | none WTFAPJ
| 3269 | 80.183.147.42 |
host42-147-static.183-80-b.business.telecomitalia.it XMERI
| 3269 | 80.183.153.230 | none XBHYWVJ
| 3269 | 81.72.196.38 | none JMPUPIXA
| 3269 | 81.73.179.128 | none OWTO
| 3269 | 81.75.126.101 |
host101-126-static.75-81-b.business.telecomitalia.it HJKTBHOB
| 3269 | 82.106.60.162 |
host162-60-static.106-82-b.business.telecomitalia.it OELV
| 3269 | 82.88.55.72 |
host72-55-static.88-82-b.business.telecomitalia.it CMOWUKWD
| 3269 | 82.89.182.61 | none ECQIPWB
| 3269 | 85.39.252.226 | none MVTQHX
| 3269 | 87.24.45.132 |
host132-45-static.24-87-b.business.telecomitalia.it ERQLSEQ
| 3269 | 87.25.22.155 |
host155-22-static.25-87-b.business.telecomitalia.it RADW
| 3269 | 87.25.46.32 |
host32-46-static.25-87-b.business.telecomitalia.it BFAJLOHQ
| 3269 | 88.34.229.68 |
host68-229-static.34-88-b.business.telecomitalia.it andrea
| 3269 | 88.46.85.115 |
host115-85-static.46-88-b.business.telecomitalia.it TQWFD
| 3287 | 217.144.98.133 | host3.ripc.redline.ru PCKS
| 3292 | 213.187.208.194 |
suck.my.sausage.so.I.can.cum.in.your.face.nu XWWM
| 3292 | 62.236.98.227 | mx1.sycratec.fi PALAI
| 3292 | 80.166.213.254 |
cpe.atm2-0-1271189.0x50a6d5fe.kd4nxx13.customer.tele.dk DYVZ
| 3292 | 80.62.156.3 | 0x503e9c03.naenxx2.adsl-dhcp.tele.dk MXSF
| 3292 | 80.62.156.3 | 0x503e9c03.naenxx2.adsl-dhcp.tele.dk SEDFQ
| 3292 | 83.90.62.241 | none PYUNE
| 3320 | 217.91.65.130 | pd95b4182.dip0.t-ipconnect.de TEXPTBD
| 3320 | 62.159.113.66 | none KLZEWGD
| 3320 | 87.139.14.178 | p578b0eb2.dip0.t-ipconnect.de AEXEQPGV
| 3330 | 194.112.210.90 | none TAHCE
| 3340 | 194.149.10.38 | none ZSXPUMSS
| 3340 | 195.56.96.92 | melinda.europakiado.hu FOLCVQ
| 3352 | 217.125.54.170 | 170.Red-217-125-54.staticIP.rima-tde.net
KFJZXZ
| 3352 | 217.126.121.204 | 204.Red-217-126-121.staticIP.rima-tde.net
LNZOCOC
| 3352 | 217.126.31.206 | 206.Red-217-126-31.staticIP.rima-tde.net
NACGAIKI
| 3352 | 80.35.201.112 | 112.Red-80-35-201.staticIP.rima-tde.net GUXH
| 3352 | 80.35.236.230 | 230.Red-80-35-236.staticIP.rima-tde.net
ACFLVM
| 3352 | 80.35.39.157 | 157.Red-80-35-39.staticIP.rima-tde.net QLEWMQ
| 3352 | 80.36.62.183 | 183.Red-80-36-62.staticIP.rima-tde.net YOTW
| 3356 | 63.214.236.159 | none OFXQDFOY
| 3356 | 64.194.82.80 | www.hypercube-llc.com BZMFWBEI
| 3462 | 210.241.229.146 | none YVGXCNU
| 3462 | 211.23.73.67 | 211-23-73-67.HINET-IP.hinet.net EFWSASXX
| 3462 | 220.130.152.234 | 220-130-152-234.HINET-IP.hinet.net KKYCGRB
| 3462 | 220.130.2.247 | 220-130-2-247.HINET-IP.hinet.net PNLSUXRG
| 3549 | 208.49.234.33 | rws-208-49-234-33.ip.corp.visto.com OBKYZAT
| 3549 | 64.212.161.253 | none JFEPBEQX
| 3549 | 68.142.3.211 | dsl-3-211.cofs.net ASHP
| 3561 | 72.21.50.122 | none larry
| 3561 | 72.232.136.22 |
22.136.232.72.static.reverse.ltdomains.com CNHFUIU
| 3561 | 72.36.215.226 |
226.215.36.72.static.reverse.ltdomains.com KVGOTU
| 3561 | 72.36.215.226 |
226.215.36.72.static.reverse.ltdomains.com KVGOTU
| 3561 | 72.36.226.138 | none ZGCUR
| 3595 | 72.9.250.172 | none UPGMS
| 3602 | 149.99.41.218 |
Z-a2-1-0-494-S1.tls3.tor1.rogerstelecom.net SMZWITLG
| 3741 | 196.211.116.162 | mail.wickedpixels.com mysql
| 3741 | 196.211.53.74 | none EVANN
| 3741 | 196.211.53.74 | none GEDDVMS
| 3741 | 196.211.8.90 | mail.contiprint.co.za DYVZ
| 3741 | 196.34.133.59 | none VRPG
| 3758 | 203.124.1.201 | kela.singnet.com.sg LWOJEZK
| 3786 | 211.115.112.45 | none mail
| 3786 | 211.60.234.201 | none GJMV
| 3794 | 128.194.112.43 | weasel.tamu.edu DKNGXELC
| 3816 | 200.21.104.66 | none HJUW
| 3816 | 200.21.231.45 | metano.gasan.com.co HEFPQMW
| 4130 | 136.142.151.187 | mobil1.hgen.pitt.edu JNNPN
| 4130 | 136.142.151.187 | mobil1.hgen.pitt.edu KRWKS
| 4134 | 202.105.212.109 | none VDOUJ
| 4181 | 69.128.70.86 | h69-128-70-86.69-128.unk.tds.net AUCTSDV
| 4230 | 200.172.166.2 | none TKDCFNGA
| 4230 | 200.241.233.130 | none TRSDSVAH
| 4230 | 200.241.63.132 | orion.marata.com.br UFCLS
| 4230 | 200.241.90.2 | none MOSD
| 4230 | 201.38.214.18 | none HHBT
| 4230 | 201.65.247.90 | none GZPKNAC
| 4323 | 207.235.95.226 | none GZBUDDSJ
| 4515 | 202.82.144.29 | none VGLQGUIK
| 4515 | 210.177.97.249 | mail.taipingcarpets.com WKVL
| 4538 | 162.105.73.82 | none AVVBVLL
| 4538 | 202.118.76.61 | none news
| 4645 | 202.67.150.135 | e135.ip.nettersworld.net ENKK
| 4645 | 202.67.150.135 | e135.ip.nettersworld.net WQNQLV
| 4685 | 219.121.16.36 | m016036.ppp.asahi-net.or.jp LKHGIZAT
| 4685 | 61.125.195.160 | i195160.ppp.asahi-net.or.jp mailtest
| 4780 | 203.73.21.52 | edm01.iwant-in.net MTQVPY
| 4780 | 203.73.21.52 | edm01.iwant-in.net NUTVIWM
| 4788 | 210.187.78.195 | none GPJL
| 4788 | 210.187.78.195 | none QRTI
| 4802 | 203.206.182.19 | 203-206-182-19.perm.iinet.net.au NZRQUJMM
| 4808 | 61.135.234.140 | none IRFHFB
| 4812 | 61.129.70.126 | none RKBRBWBP
| 4837 | 221.209.150.115 | none PCVNQQ
| 4837 | 221.6.71.42 | none CMOGU
| 4837 | 60.19.28.157 | none oracle
| 4837 | 60.28.222.5 | none PXIAKGAH
| 5390 | 85.144.129.243 | s559081f3.adsl.wanadoo.nl UTJNKDJ
| 5483 | 81.183.216.68 | dsl51B7D844.fixip.t-online.hu QFDRUQI
| 5483 | 81.183.218.191 | dsl51B7DABF.fixip.t-online.hu FCKGNRI
| 5486 | 192.116.243.241 | none FIQWZN
| 5578 | 212.81.23.56 | static-081-023-056.dsl.nextra.sk QMDWKS
| 5602 | 62.173.171.118 | none OYOXDLX
| 5603 | 193.77.157.104 | BSN-77-157-104.dsl.siol.net VBULKBE
| 5603 | 193.95.221.236 | BSN-95-221-236.dsl.siol.net RIHDL
| 5610 | 83.208.25.65 | 65.25.broadband2.iol.cz YCCIAH
| 5617 | 212.160.102.132 | none YMMEX
| 5617 | 80.48.204.226 | none ZEDPBJJZ
| 5617 | 83.14.93.178 | dzp178.internetdsl.tpnet.pl SDGCIKPY
| 5617 | 83.15.142.18 | eli18.internetdsl.tpnet.pl IOJG
| 5617 | 83.16.1.162 | aab162.internetdsl.tpnet.pl mysql
| 5617 | 83.18.111.74 | ayh74.internetdsl.tpnet.pl BQKHH
| 5617 | 83.18.178.18 | buw18.internetdsl.tpnet.pl PBPGPTOK
| 5617 | 83.3.174.58 | gqs58.internetdsl.tpnet.pl VPHKAO
| 5692 | 163.10.30.2 | none mariano
| 5692 | 163.10.30.2 | none nobody
| 6057 | 200.40.138.178 | correo.punto.com.uy JWKZOWOT
| 6128 | 67.83.188.171 | ool-4353bcab.dyn.optonline.net WEQRM
| 6147 | 200.60.107.66 | master01.solmar.com.pe IIPINNM
| 6147 | 200.60.107.66 | master01.solmar.com.pe LYOUIRB
| 6147 | 200.60.70.211 | mail.navarrete.com.pe FKNTG
| 6147 | 200.60.70.211 | mail.navarrete.com.pe WLDCHA
| 6388 | 68.209.202.195 |
adsl-068-209-202-195.sip.hsv.bellsouth.net FXDM
| 6388 | 68.209.202.195 |
adsl-068-209-202-195.sip.hsv.bellsouth.net OOSSVJLM
| 6429 | 190.54.31.132 | none jam
| 6429 | 190.54.35.179 | montt.procint.cl PZWMCXBU
| 6461 | 82.98.201.172 | none jens
| 6503 | 148.245.157.217 | none EPTRHUQS
| 6503 | 200.39.246.106 | sirius.inoc.avantel.net.mx SRYW
| 6505 | 209.88.103.104 | none monitor
| 6539 | 139.142.72.50 | architect.mindzplay.com DOWML
| 6661 | 213.135.236.32 | ip-213-135-236-32.static.luxdsl.pt.lu UHCV
| 6714 | 85.219.222.6 | ip-85-219-222-6.static.system77.pl mysql
| 6854 | 213.243.100.84 | none BLXDY
| 6855 | 87.197.51.74 | edunet-static-74.87-197-51.telecom.sk HVHWGPZ
| 6893 | 62.220.134.13 | web-troubles.ch jessica
| 6911 | 62.84.188.13 | blade-4-7-13.lon1.as6911.net NPQVIPP
| 6939 | 64.71.167.63 | none PHVEWNX
| 7004 | 200.91.14.32 | none XFKOFRKT
| 7018 | 12.175.144.99 | mail.augustmack.com mail
| 7018 | 209.169.216.55 | none NIIKSGI
| 7065 | 208.201.244.72 | host72.netvulture.com LYEJD
| 7065 | 208.201.244.72 | host72.netvulture.com QHZDESO
| 7065 | 69.12.167.195 | 69-12-167-195.dsl.static.sonic.net QSJV
| 7065 | 69.12.226.165 | outel.org richard
| 7132 | 208.189.14.194 | adsl-208-189-14-194.dsl.ltrkar.swbell.net
DJNGBSPR
| 7132 | 66.122.59.6 | adsl-66-122-59-6.dsl.sntc01.pacbell.net RPXF
| 7132 | 70.243.99.210 | none RJWI
| 7228 | 209.254.234.18 | TROYMIMNDS0A910.mcleodusa.net HEEXOQL
| 7303 | 190.31.110.174 | host174.190-31-110.telecom.net.ar OVMEDD
| 7303 | 200.43.219.138 | none jose
| 7385 | 64.122.117.107 | none ERZSYIQU
| 7470 | 210.213.13.4 | 210-213-13-4.static.asianet.co.th FCTZID
| 7474 | 203.83.238.10 | mail.onewirenetwork.net.au JSAMKGL
| 7497 | 124.16.146.61 | none FVSOXBJA
| 7543 | 202.7.93.11 | b180B.static.pacific.net.au kirk
| 7633 | 203.129.194.23 | none WCLUKQ
| 7725 | 70.90.196.137 | provone.provsol.net MEIQMDJE
| 7992 | 72.38.63.165 | d38-63-165.commercial1.cgocable.net FXGFZF
| 7992 | 72.38.63.165 | d38-63-165.commercial1.cgocable.net LFEYI
| 8062 | 70.145.116.241 |
adsl-070-145-116-241.sip.pns.bellsouth.net WWANU
| 8151 | 200.67.193.252 |
dsl-200-67-193-252.prod-empresarial.com.mx IAVIZW
| 8167 | 200.138.199.6 | none luke
| 8167 | 200.152.199.168 | none USVDT
| 8167 | 200.180.201.210 | none NDFHFHJ
| 8190 | 135.196.168.89 | none TSIDAZC
| 8196 | 62.176.151.36 | none TUKP
| 8220 | 213.246.239.99 | none LXFKFJT
| 8220 | 62.72.101.154 | habousha-771-u.customer.be.colt.net david
| 8220 | 87.241.33.10 | none linda
| 8251 | 81.201.54.102 | holub.klfree.cz VKDFLRD
| 8258 | 195.64.224.62 | softpress-gw7r.visti.net TLRCMLFR
| 8267 | 149.156.141.212 | izwbit.wil.pk.edu.pl proxyuser
| 8342 | 195.161.108.90 | none FCUTFNHX
| 8342 | 81.176.214.22 | none UOGICA
| 8359 | 62.118.210.94 | none TYTDXLSI
| 8359 | 62.118.210.94 | none UAMDYK
| 8404 | 62.2.211.46 | 62-2-211-46.static.cablecom.ch IOBYPAGW
| 8447 | 80.122.176.206 | none AQKA
| 8512 | 195.199.153.218 | szerver2.simonyi.sulinet.hu TCCMN
| 8512 | 195.199.236.113 | szerver1.harmat88.sulinet.hu OEQZAEVY
| 8512 | 195.199.32.129 |
szerver1.kalvariaparti-gyongyos.sulinet.hu UAWNEK
| 8514 | 62.99.188.49 | 62-99-188-49.static.adsl-line.inode.at TWRYHF
| 8514 | 81.223.198.130 | mail.marx.at PTOOJDCM
| 8514 | 85.126.20.50 | 85-126-20-50.sh-wien.inode.at OZGBUAF
| 8584 | 212.150.167.61 | none BWEAJK
| 8696 | 213.163.50.55 | dial050055.pool.invitel.hu FQJSBRSY
| 8708 | 79.113.167.237 | none NLBKDHWS
| 8708 | 84.232.150.18 | none root
| 8708 | 86.123.8.3 | cablelink-86-123-8-3.rdstm.ro HZEYULPZ
| 8732 | 213.171.61.24 | none IDZH
| 8737 | 84.81.110.157 | ip54516e9d.direct-adsl.nl WZYULW
| 8751 | 85.204.225.208 | global-valori-imobiliare.mediasat.ro LCIUA
| 8778 | 195.28.78.117 | daniela.cps.sk KHYBD
| 8865 | 212.33.66.76 | none EKZBOYX
| 8912 | 62.128.130.94 | none LRUAPWE
| 8970 | 156.17.13.3 | none ZVUVBM
| 8970 | 156.17.94.18 | algol.cbk.pan.wroc.pl GDPC
| 8972 | 62.75.221.160 | sofia083.server4you.de psybnc
| 9121 | 88.247.87.69 | none NZCUQAU
| 9127 | 84.238.186.211 | none PJECKXJ
| 9132 | 212.99.221.231 | d463dde7.datahighways.de QYOWI
| 9132 | 62.206.228.188 | none downloads
| 9167 | 213.173.255.104 | 104-255-173-213.static.dsl.webpartner.net
KVAVV
| 9304 | 218.189.211.24 | none VSJQ
| 9304 | 218.189.211.30 | none FAWC
| 9353 | 210.233.74.25 | ns01.okinawa-joho.net JJVAHYZJ
| 9394 | 124.243.195.67 | none EPQORP
| 9498 | 125.22.240.180 | mail.morganind.com CQEG
| 9583 | 210.18.76.166 | 210.18.76.166.sify.net UOBODJTO
| 9691 | 210.110.181.70 | pl.kyungsung.ac.kr ICUMMY
| 9808 | 218.200.191.30 | none YIMH
| 9822 | 202.89.176.250 | sunlong.arach.net.au UJTNAG
| 9916 | 140.113.144.250 | cmbsd.cm.nctu.edu.tw EHXDU
| 9916 | 140.113.208.97 | cyber17.cs.nctu.edu.tw YXVYNDXS
| 9924 | 124.10.129.9 | 124-10-129-9.static.tfn.net.tw GOLOQW
| 9929 | 211.154.254.89 | none ZYEDZFM
| 9942 | 203.32.87.174 | 174.87.32.203-static.velocitynet.com.au
ODBSERY
| 9989 | 202.79.202.165 | none JXKKQIVJ
| 10010 | 210.171.168.65 | none LLAJA
| 10015 | 61.114.228.12 | none postgres
| 10148 | 128.250.29.6 | kryten.csse.unimelb.edu.au IIZQY
| 10318 | 200.89.168.90 | 90-168-89-200.fibertel.com.ar MPHF
| 10439 | 66.240.221.176 | none RBLGG
| 10439 | 66.240.255.166 | none YDHJC
| 10481 | 200.127.112.176 | none HWBWNC
| 10620 | 200.71.50.254 | none GUXCZRBD
| 10834 | 200.51.40.154 | none EQCDWD
| 10838 | 67.53.56.38 | rrcs-67-53-56-38.west.biz.rr.com GNEZ
| 10933 | 146.145.215.50 | hummernetworkforums.com QBWIMKRK
| 11172 | 200.94.18.212 | host-200-94-18-212.block.alestra.net.mx
XFCHNEZQ
| 11172 | 200.94.23.18 | host-200-94-23-18.block.alestra.net.mx
SFJVDFD
| 11175 | 209.197.145.160 | config.cybersurf.net XSOB
| 11242 | 150.162.114.4 | morrodaspedras.led.ufsc.br CKPXM
| 11426 | 75.182.109.34 | cpe-075-182-109-034.nc.res.rr.com NDHCB
| 11456 | 70.43.165.34 | 70.43.165.34.nw.nuvox.net USCNGZKL
| 11664 | 200.80.203.130 | mx.litoralcitrus.com.ar WWHFEARN
| 11841 | 206.251.70.81 | host-206-251-70-81.static.linkline.com QOUDTZ
| 12028 | 216.86.207.13 | mail.mminternet.com BKSN
| 12252 | 200.62.177.91 | mail.moldes.com.pe BFFXFHD
| 12252 | 200.62.177.94 | mail.ememsa.com.pe DAHGW
| 12252 | 200.62.227.204 | none ZWAN
| 12306 | 213.83.30.4 | v103.1blu.de ABLOV
| 12306 | 82.98.78.109 | rl158.1blu.de ICRZHR
| 12322 | 62.147.149.124 |
lns-bzn-48f-62-147-149-124.adsl.proxad.net GKXKEM
| 12322 | 62.147.203.49 | lns-bzn-51f-62-147-203-49.adsl.proxad.net
QGMV
| 12322 | 81.56.199.24 | lns-bzn-50f-81-56-199-24.adsl.proxad.net
BRJPO
| 12322 | 82.227.151.219 | mar92-6-82-227-151-219.fbx.proxad.net
OJIKWOQO
| 12322 | 82.227.31.48 | sgc91-2-82-227-31-48.fbx.proxad.net DVCVH
| 12322 | 82.228.43.151 | did75-8-82-228-43-151.fbx.proxad.net ZGDYSZSD
| 12322 | 82.245.41.248 | home.gourichon.com AZZQNNT
| 12322 | 82.246.150.252 | hy183-1-82-246-150-252.fbx.proxad.net WDWBIB
| 12322 | 88.191.31.88 | sd-3461.dedibox.fr HTOBAT
| 12322 | 88.191.37.211 | sd-5435.dedibox.fr KBGEXEVF
| 12322 | 88.191.44.3 | sd-6539.dedibox.fr NDGZ
| 12332 | 82.162.157.38 | none DHHU
| 12334 | 212.51.52.244 | none ZMQWP
| 12334 | 83.165.217.84 | cm217084.red83-165.mundo-r.com VVZJPV
| 12334 | 83.165.217.84 | cm217084.red83-165.mundo-r.com WTSXZ
| 12340 | 195.137.136.55 | none REFO
| 12340 | 195.137.150.219 | none UWQPM
| 12348 | 212.34.165.10 | mail.huss-filters.com admin
| 12348 | 212.34.185.166 | mail.artschwager-kohl.de admin
| 12365 | 81.95.230.84 | mail.zenitel.uz QKWA
| 12386 | 88.87.195.14 | none KECRQRIM
| 12530 | 212.109.37.141 | none HUKYYLX
| 12530 | 212.82.218.140 | mail.pinvest.kiev.ua EZWVDJYO
| 12741 | 62.148.83.142 | none admin
| 12741 | 81.219.182.17 | host17.182.219.81.magma-net.pl GDGBE
| 12742 | 212.9.255.162 | 212.9.255.162.iptelecom.net.ua XLXS
| 12874 | 81.208.117.234 | 81-208-117-234.ip.fastwebnet.it WPQTMGM
| 12874 | 85.18.102.76 | 85-18-102-76.ip.fastwebnet.it FFYB
| 12907 | 213.252.17.22 | mail3.teampool.de LYEQMY
| 12968 | 213.134.152.66 | none DLACVIN
| 13041 | 84.88.32.22 | mediacat22.i2cat.net BTWRE
| 13193 | 213.41.176.229 | eav30900.net8.nerim.net JKPNPZF
| 13263 | 213.139.195.100 | none XIFMDV
| 13272 | 82.131.7.254 | ip254.cab7.lsn.starman.ee CSEGBGMH
| 13301 | 85.14.219.67 | 85.14.219.67.static.rdns-uclo.net bart
| 13301 | 85.14.219.67 | 85.14.219.67.static.rdns-uclo.net chris
| 14046 | 216.241.132.5 | shell0.kconline.com PBKHXVDC
| 14080 | 200.26.134.108 | none MVKBL
| 14117 | 200.126.119.91 | mail.clinandes.cl MZCKUXH
| 14265 | 64.73.250.213 | 64-73-250-213.static-ip.telepacific.net XYNSL
| 14361 | 209.61.208.35 | knowledge-web.superb.net PKASZV
| 14522 | 200.25.149.122 | none SFJWIC
| 14905 | 67.76.162.9 | va-67-76-162-9.sta.embarqhsd.net SITBC
| 15083 | 69.60.118.190 | none EDHBOHL
| 15083 | 69.60.118.190 | none NUXCVSJA
| 15102 | 64.56.147.171 | support.wiband.com XGVFH
| 15311 | 201.236.108.204 | none QSVV
| 15419 | 82.140.184.52 | 52.184.140.82.ip.erdves.lt NVRE
| 15435 | 62.45.27.108 | none KQJULE
| 15557 | 86.64.14.155 | 155.14.64-86.rev.gaoland.net UYEQZ
| 15598 | 80.190.233.22 | none NLHB
| 15685 | 82.208.29.165 | none GRWPNLST
| 15703 | 80.247.203.105 | none SAIQVGLM
| 15734 | 217.149.150.2 | none OPWC
| 15833 | 62.233.185.118 | none CNCCKV
| 15857 | 84.40.195.73 | xdsl-3145.elblag.dialog.net.pl LABMOOJ
| 15919 | 213.134.40.19 | imadip.c.mad.interhost.com UOZNWVR
| 16257 | 193.41.235.225 | none FHECOA
| 16276 | 213.186.45.34 | ns2374.ovh.net LIJMN
| 16276 | 213.251.174.12 | ks34622.kimsufi.com WBEF
| 16276 | 213.251.177.145 | ns21435.ovh.net GVUZ
| 16276 | 213.251.185.91 | ns35748.ovh.net RTIXLR
| 16276 | 87.98.222.145 | ns6626.ovh.net WFSRD
| 16338 | 213.37.70.13 | 213.37.70.13.static.user.ono.com PSIAH
| 16526 | 69.53.127.250 | host127-250.dissent.birch.net JUMFQYA
| 16629 | 200.68.45.66 | none admin
| 16791 | 208.254.200.162 | none FKLXVB
| 16805 | 216.218.203.223 | none TPCC
| 16814 | 200.123.174.145 | none GNZU
| 16814 | 200.123.181.213 | none WIQM
| 16814 | 200.68.83.177 | none emma
| 17086 | 200.13.185.34 | none root
| 17222 | 200.196.50.62 | mvx-200-196-50-62.mundivox.com UFIT
| 17506 | 221.254.175.172 | 221x254x175x172.ap221.ftth.ucom.ne.jp MPAUM
| 17557 | 202.125.156.122 | none SWNYRBT
| 17676 | 219.18.38.2 | softbank219018038002.bbtec.net GGCSPT
| 17713 | 140.117.169.177 | slpl.cse.nsysu.edu.tw guest
| 17829 | 203.34.9.53 | none IDQJUHT
| 17877 | 211.232.103.213 | none GKKS
| 17913 | 203.77.199.201 | none OBFQMIL
| 18042 | 61.63.6.144 | mail.atlas.com.tw CVWWEZ
| 18042 | 61.63.6.144 | mail.atlas.com.tw NFYSEM
| 18047 | 140.114.78.231 | dclab.cs.nthu.edu.tw KABDOMT
| 18047 | 140.114.79.113 | oscar1.cs.nthu.edu.tw jerry
| 18047 | 140.114.91.70 | hla.cs.nthu.edu.tw SZWTVDUC
| 18177 | 140.116.226.211 | none jimmy
| 18187 | 203.82.42.130 | none TKDIOHQ
| 18302 | 124.0.52.161 | none DROVJM
| 18420 | 140.115.204.52 | 52-204.dorm.ncu.edu.tw KKURRQ
| 18566 | 66.166.79.34 | h-66-166-79-34.snvacaid.covad.net PCJZHKBF
| 18747 | 200.91.236.35 | 35.236.91.200.host.ifx.com.co CZDYV
| 18881 | 201.47.43.70 | ns2.vhinfoserv.com.br CXRHDFV
| 19262 | 70.107.224.252 |
static-70-107-224-252.ny325.east.verizon.net SFHTHW
| 19262 | 70.107.240.182 |
static-70-107-240-182.ny325.east.verizon.net HICLM
| 19262 | 70.107.240.182 |
static-70-107-240-182.ny325.east.verizon.net SXUMJNVX
| 19318 | 66.45.225.2 | none EKPLCJTJ
| 19429 | 200.93.164.53 | none YJJARARW
| 19429 | 201.245.129.62 | none GHTGTJ
| 19429 | 201.245.183.123 | correo.he-products.com QHFBB
| 20001 | 199.89.247.6 | none JPVRY
| 20115 | 71.81.28.50 | 71-81-28-50.dhcp.gwnt.ga.charter.com XGAG
| 20299 | 200.13.185.34 | none root
| 20485 | 80.237.90.51 | mail.vyazma-ti.ru EAXVW
| 20520 | 83.217.111.122 | none JSMCXQ
| 20632 | 84.204.218.43 | none GIALRGDU
| 20632 | 84.204.80.186 | none VEXZR
| 20633 | 141.2.229.62 | euklas.kristall.uni-frankfurt.de AYBEO
| 20648 | 212.34.136.159 | none XPWPY
| 20960 | 88.199.28.3 | 88-199-28-3.tktelekom.pl DQQCKHBK
| 20961 | 80.244.142.193 | main.brzesko.edu.pl CLGYL
| 21021 | 80.244.142.193 | main.brzesko.edu.pl CLGYL
| 21062 | 217.21.36.102 | none ESEGETOX
| 21189 | 193.109.160.238 | makzmk.dn.ua office
| 21193 | 82.151.203.249 | ceipsantjordimollet.xtec.net FZYR
| 21193 | 82.151.209.201 | ies-provenzana.xtec.net AZZJ
| 21479 | 83.221.196.202 | 202.196.221.83.donpac.ru ERQLKGTI
| 21488 | 193.110.106.34 | air.net.ua OLNNGDOP
| 21694 | 206.78.36.133 | gauss.cyberhigh.org PCPZJIIF
| 21911 | 200.169.97.235 | none GLLIKAC
| 22368 | 201.221.140.186 | none NZJFT
| 22773 | 70.176.25.172 | ip70-176-25-172.ph.ph.cox.net UHLCHF
| 23702 | 124.254.80.216 | 124-254-80-216-static-dsl.ispone.net.au MDIY
| 23702 | 124.254.80.216 | 124-254-80-216-static-dsl.ispone.net.au RWDD
| 24679 | 83.246.119.56 | server8324611956.serverpool.info DIYTA
| 24718 | 85.204.218.195 | none alex
| 24940 | 213.239.214.71 | mail1.crossmedianetwork.de OJTDYKJ
| 24940 | 85.10.208.45 | altair4.kubitza.de YFHMTSU
| 24940 | 88.198.50.74 |
static.88-198-50-74.clients.your-server.de DVLX
| 24940 | 88.198.50.74 |
static.88-198-50-74.clients.your-server.de SELHEB
| 24961 | 217.79.182.91 | y091.yellow.fastwebserver.de x
| 24961 | 62.141.42.54 | k2j.de HVKZ
| 24961 | 85.114.129.215 | w215.white.fastwebserver.de EOLHZZ
| 24989 | 88.84.152.95 | v31795.1blu.de XAOEE
| 25072 | 130.239.11.76 | ryp76.ryp.umu.se GVNB
| 25074 | 213.131.241.97 | 97.241.131.213.static.inetbone.net ZCDDBGJ
| 25180 | 83.244.156.204 | 83-244-156-204.cust-83.exponential-e.net
XBYOI
| 25248 | 85.207.120.188 |
188-120-207-85.vychcechy.adsl-llu.static.bluetone.cz ALMDMUIC
| 25405 | 82.208.90.2 | ns.echo.nnov.ru DMMBPIG
| 25504 | 193.254.190.98 | none FDDM
| 25512 | 85.13.122.80 | none AZNW
| 25525 | 85.92.137.138 | ns1.webitall.nl XCID
| 25543 | 196.28.253.47 | www.tanaliz.bf OHNNAVF
| 25620 | 200.119.199.34 | none LQNVCZX
| 26105 | 200.46.204.186 | movelinfo.com.br FDFGNO
| 26228 | 64.151.93.110 | none WTZJD
| 26505 | 200.124.136.36 | none TQCVMJEY
| 26806 | 204.83.155.20 | 204-83-155-20.innovationplace.com ETCDGQBB
| 27699 | 200.207.84.137 | 200-207-84-137.dsl.telesp.net.br master
| 27725 | 200.55.143.98 | none admin
| 27768 | 201.217.4.214 | none PQQOKUHD
| 27792 | 200.2.127.156 | none CDFTNQ
| 27864 | 190.8.192.66 | dns.cablecentro.net.co postmaster
| 28571 | 143.107.110.29 | none DPJIZKJ
| 28573 | 201.21.210.151 | none AZKKQOFN
| 28573 | 201.21.210.151 | none TPDVMIMS
| 28707 | 62.213.207.147 | 62-213-207-147.colo.kangaroot.net HYMR
| 28787 | 217.64.31.37 | mail.kredaqro.com VTTJJW
| 28870 | 82.179.222.150 | mail.pythagor.ru YFMITPDH
| 28968 | 62.181.56.4 | none fox
| 29002 | 213.232.254.90 | mail.iec.msk.ru AJEG
| 29208 | 82.119.244.205 | none AMGYHYJU
| 30452 | 207.218.129.9 | mail.profitsonline.com KZHEMOJF
| 30788 | 77.94.1.2 | none DZTEQT
| 31103 | 87.118.108.60 | none SREBUA
| 31204 | 83.218.196.63 | none LFJP
| 31408 | 81.140.3.90 |
dsl-sp-81-140-3-90.in-addr.broadbandscope.com WPSHNJM
| 31535 | 83.136.120.37 | b.ns.186k.co.uk JQLZMPUY
| 31543 | 83.218.176.249 | none JABJJ
| 31886 | 131.104.48.131 | marvin.cis.uoguelph.ca adrian
| 32097 | 69.30.204.70 | none XRZLYKMA
| 32519 | 209.251.80.194 | none ZALLYP
| 33210 | 69.41.165.114 | junction.ivo.nu XBMFL
| 33210 | 69.41.170.174 | colo.acacamps.org FEBE
| 33287 | 74.94.57.214 | none REMKRVNK
| 33668 | 71.205.237.26 | c-71-205-237-26.hsd1.mi.comcast.net APRXLDC
| 33895 | 194.6.241.3 | do.dupy.org BXZC
| 33970 | 195.3.136.61 | web05.starfields.net rachel
| 34050 | 84.234.110.86 | none IVWXF
| 34781 | 85.218.33.22 | 85-218-33-22.static.citycable.ch andre
| 35228 | 87.194.32.209 | 87-194-32-209.bethere.co.uk PJPWIZU
| 35244 | 85.233.48.21 | 85.233.48.21.static.cablesurf.de XWYRRHFX
| 35425 | 80.68.90.168 | concept.mallabar.co.uk LCRBA
| 35449 | 193.223.101.101 | none RQPN
| 35612 | 88.149.158.50 | 88-149-158-50.vps.virtuo.it MBOZ
| 35612 | 88.149.192.134 | 88-149-192-134.vps.virtuo.it CEQELCP
| 35810 | 87.255.2.129 | none BOAM
| 36866 | 196.201.225.94 | none QPOI
| 36866 | 196.201.225.94 | router.ad-tel.com ANXIZO
| 36898 | 196.28.87.86 | mail.btech.co.za TQDTXE
| 39022 | 195.66.134.34 | orchitis.gs.ams.nlisp.net OYIBEMK
| 39023 | 195.225.104.128 | v1368.vanager.de bouncer
| 39180 | 81.18.176.38 | noc1.mwsp.net SCMGJLKM
| 39535 | 194.50.0.185 | none JNRJFPJ
| 39561 | 89.108.91.105 | none RWNBQ
| 39709 | 81.88.210.77 | evilgeniy666.ru BTMARF
| 39709 | 81.88.210.77 | evilgeniy666.ru GYANJ
| 39742 | 193.93.184.147 | none JHXU
| 41497 | 83.137.233.37 | none andrea
| 42255 | 195.222.124.22 | www.sigmaru.com PIPWNYC
| 42431 | 91.92.170.156 | none GZFAN
| 42585 | 213.249.64.34 | s069.networking4all.com JHCD
| 42585 | 213.249.64.34 | s069.networking4all.com KXRQXF
|
|
|
| ------------------------------------------------------------------------
|
|
|
| _______________________________________________
| nsp-security mailing list
| nsp-security at puck.nether.net
| https://puck.nether.net/mailman/listinfo/nsp-security
|
| Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
| community. Confidentiality is essential for effective Internet
security counter-measures.
| _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfZdoAACgkQwqygxIz+pTtXegCdFIF2DcH9nAziZDVgXLqJqcar
sI4Anis7bpoOC2wPbntvtmHe/ToApSlS
=22XI
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list