[nsp-sec] List of possible botnet-hosts participating in attack (was: Re: Persistent and escalating DDoS against the Norwegian academic library system provider)
Rune Sydskjør
rune.sydskjor at uninett.no
Fri Apr 10 10:22:33 EDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi again teams,
BIBSYS just gave me a list of hosts that are doing DoS searches on
their search engine. These IP's have done a TCP handshake and are
therefore not forged.
These IP's are probably part of a botnet used in DDoS against BIBSYS.
Any help in cleaning these hosts would be very much appreciated.
The file include ASN, IP-address, one timestamp for when this
IP-address has done a search, how many hours the log differs from UTC,
the number of occurences this IP-address have been seen in the
apache-log doing this search, and ASN-name
So this host has been visiting this server 3020 times, and one of the
visits was done 13:32:01 2015-03-27 UTC + 1:
20473 | 108.61.179.208 | 27/Mar/2015:13:32:01 0100 3020 |
AS-CHOOPA - Choopa, LLC,US
Timestamp: UTC + column 4.
Regards,
Rune Sydskjør, UNINETT CERT
On 08/04/15 11:26, Rune Sydskjor wrote:
> ----------- nsp-security Confidential --------
>
> Hi teams,
>
> BIBSYS, the Norwegian academic library and information system
> provider, is currently targeted by a persistent and escalating
> DDOS attack.
>
> The attacks started before Easter, and were countered by rate
> limiting traffic to the initially targeted host. BIBSYS is part of
> NTNU, the Norwegian polytechnical university. We (UNINETT, the
> Norwegian NREN) are their ISP and provide peering with other
> Norwegian ISPs. Our upstream provider is NORDUnet, the "umbrella"
> ISP for the Nordic NRENs which provides global peering. The rate
> limiting is implemented at the links between UNINETT and NORDUnet,
> so that the services are generally not degraded from within
> Norway.
>
> The attacks ceased the weekend before Easter, but immediately after
> Easter, the attack returned, escalated, diversified and spread to
> other and more important hosts.
>
> Any information which might help understand the attack is
> appreciated. A possible lead might be that BIBSYS is currently in
> the process of migrating to systems from the Ex Libris Group,
> which though very international and widespread has Israeli origins
> and ownership.
>
>
> Timeline:
>
> Time: 2015-03-19 13:35 UTC Target: 129.241.16.59 Type of attack:
> D(R)DOS UDP SSDP reflection with destination port 80 and some
> backscatter ICMP destination port unreachable.
>
> Time: 2015-03-23 07:30 UTC Target: 129.241.16.59 Type of attack:
> D(R)DOS UDP SSDP reflection with destination port 80 and some
> backscatter ICMP destination port unreachable.
>
> Rate limiting against 129.241.16.59 Due to misunderstandings
> BIBSYS changed the IP address during that evening, and the attack
> quickly moved to the new unprotected IP address.
>
> Time: 2015-03-24 11:10 UTC Target: 129.241.16.62 Type of attack:
> D(R)DOS UDP SSDP reflection with destination port 80. TCP SYN
> flooding with destination port 80. Some backscatter ICMP
> destination port unreachable.
>
> Rate limiting against 129.241.16.62
>
> The attack is ongoing for the whole week with a combination of
> DRDOS, TCP SYN flooding and heavy search queries against the
> BIBSYS search engine. On friday 2015-03-27 the attack stops
> gradually from 14:20 UTC - 16:00 UTC. In Norway, many people take a
> prolonged Easter holiday from the Palm Sunday weekend to the Monday
> after Easter Sunday. Nothing happens during this period.
>
> After the holidays the attackers are back.
>
> Time: Starts at 2015-04-07 08:15 UTC and last during the day.
> Target: 129.241.16.62 Type of attack: D(R)DOS UDP SSDP reflection
> with destination port 80 and heavy search queries against the
> BIBSYS search engine. TCP SYN flooding with destination port 80
> and some backscatter icmp destination port unreachable.
>
> Even more rate limiting against 129.241.16.62
>
> The attackers probably now know about the rate limiting and moves
> the attack to a new destination today:
>
> Time: 2015-04-08 08:15 UTC Target: 129.241.16.36 Type of attack:
> D(R)DOS UDP SSDP reflection with destination port 80. TCP SYN
> flooding with destination port 80 and some backscatter icmp
> destination port unreachable. Here also with heavy searces on this
> library search engine.
>
> Today we implemented rate limiting against 129.241.16.36 also.
>
> While writing this mail the attack moved to www.bibsys.no
> (129.241.16.93 ) The magnitude of the attack is currently at 2.5
> million packets per seconds, or 6 Gbit/s.
>
> Regards, Rune Sydskjør, UNINETT CERT
>
>
>
> _______________________________________________ nsp-security
> mailing list nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iEYEARECAAYFAlUn3KkACgkQRY0ei6C6y0k7pACeNydwKMjGCNpncZEMj72HXrB7
h5cAoN5bLjNq/AmXNAs4+JJmhgOWMckP
=H90f
-----END PGP SIGNATURE-----
-------------- next part --------------
174 | 38.88.187.35 | 09/Apr/2015:21:17:40 0200 2192 | COGENT-174 - Cogent Communications,US
2269 | 160.228.152.4 | 27/Mar/2015:13:20:33 0100 4229 | FR-U-PARISSUD-ORSAY,FR
3269 | 95.252.98.102 | 09/Apr/2015:21:13:31 0200 1291 | ASN-IBSNAZ Telecom Italia S.p.a.,IT
3462 | 1.162.40.64 | 08/Apr/2015:07:24:09 0200 9426 | HINET Data Communication Business Group,TW
3462 | 1.162.43.37 | 09/Apr/2015:23:33:40 0200 1250 | HINET Data Communication Business Group,TW
3462 | 1.163.23.144 | 08/Apr/2015:08:09:26 0200 2390 | HINET Data Communication Business Group,TW
3462 | 111.248.86.151 | 09/Apr/2015:21:13:28 0200 2176 | HINET Data Communication Business Group,TW
3462 | 111.251.222.54 | 08/Apr/2015:07:30:26 0200 13816 | HINET Data Communication Business Group,TW
3462 | 111.252.243.123 | 08/Apr/2015:07:24:09 0200 1695 | HINET Data Communication Business Group,TW
3462 | 111.254.161.95 | 08/Apr/2015:07:27:27 0200 2260 | HINET Data Communication Business Group,TW
3462 | 111.254.182.67 | 08/Apr/2015:13:28:40 0200 2089 | HINET Data Communication Business Group,TW
3462 | 114.38.60.129 | 09/Apr/2015:22:02:47 0200 2818 | HINET Data Communication Business Group,TW
3462 | 114.40.227.2 | 09/Apr/2015:21:30:00 0200 3515 | HINET Data Communication Business Group,TW
3462 | 114.40.63.177 | 09/Apr/2015:21:13:24 0200 1779 | HINET Data Communication Business Group,TW
3462 | 114.47.63.10 | 09/Apr/2015:21:13:24 0200 1660 | HINET Data Communication Business Group,TW
3462 | 118.166.172.176 | 09/Apr/2015:21:54:01 0200 1505 | HINET Data Communication Business Group,TW
3462 | 125.224.75.97 | 08/Apr/2015:07:24:09 0200 1514 | HINET Data Communication Business Group,TW
3462 | 220.129.52.142 | 09/Apr/2015:07:22:59 0200 2969 | HINET Data Communication Business Group,TW
3462 | 36.232.44.184 | 09/Apr/2015:21:13:32 0200 4363 | HINET Data Communication Business Group,TW
3462 | 36.237.208.187 | 09/Apr/2015:07:27:11 0200 3701 | HINET Data Communication Business Group,TW
4134 | 110.153.9.250 | 27/Mar/2015:13:23:33 0100 7633 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 112.117.56.197 | 09/Apr/2015:19:40:14 0200 1002 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 113.102.102.220 | 08/Apr/2015:13:28:44 0200 1067 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 113.122.247.198 | 10/Apr/2015:07:26:54 0200 2125 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 113.128.195.42 | 09/Apr/2015:07:25:23 0200 1533 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 114.106.74.96 | 08/Apr/2015:13:28:35 0200 1316 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 114.216.176.171 | 08/Apr/2015:13:28:32 0200 2888 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 115.196.181.149 | 08/Apr/2015:13:28:41 0200 1055 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 117.85.228.162 | 10/Apr/2015:11:55:12 0200 1052 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 117.88.177.37 | 09/Apr/2015:08:29:33 0200 7207 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 118.125.87.26 | 08/Apr/2015:10:17:36 0200 1895 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 119.132.228.182 | 09/Apr/2015:08:30:45 0200 4047 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 120.35.81.87 | 10/Apr/2015:11:55:13 0200 1469 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 124.114.229.76 | 09/Apr/2015:07:22:59 0200 3753 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 125.72.137.22 | 08/Apr/2015:13:38:17 0200 1699 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 125.77.185.122 | 09/Apr/2015:19:45:58 0200 1120 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 125.82.97.45 | 08/Apr/2015:13:28:34 0200 1276 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 125.83.72.202 | 08/Apr/2015:10:35:37 0200 1537 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 125.83.75.196 | 09/Apr/2015:07:22:49 0200 5645 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 125.86.62.117 | 10/Apr/2015:11:55:13 0200 1229 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 182.85.231.145 | 08/Apr/2015:10:17:16 0200 2195 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 202.100.166.132 | 27/Mar/2015:13:21:46 0100 5351 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 202.102.22.182 | 27/Mar/2015:13:22:35 0100 33037 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 218.73.148.150 | 10/Apr/2015:07:22:48 0200 1109 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 218.90.70.138 | 09/Apr/2015:07:22:49 0200 1613 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 222.76.173.254 | 08/Apr/2015:10:17:29 0200 1674 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 27.17.240.112 | 08/Apr/2015:10:17:30 0200 2490 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 27.18.116.16 | 10/Apr/2015:11:55:13 0200 1210 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 27.19.224.8 | 08/Apr/2015:10:17:29 0200 1855 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4134 | 61.154.127.136 | 08/Apr/2015:07:24:35 0200 1309 | CHINANET-BACKBONE No.31,Jin-rong Street,CN
4538 | 101.4.136.101 | 27/Mar/2015:13:20:37 0100 36737 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 101.4.136.103 | 07/Apr/2015:23:31:35 0200 46097 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 101.4.136.104 | 07/Apr/2015:23:31:37 0200 16631 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 101.4.136.2 | 07/Apr/2015:23:31:35 0200 23012 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 101.4.136.3 | 27/Mar/2015:13:20:38 0100 7318 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 101.4.136.4 | 07/Apr/2015:23:31:35 0200 18371 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 101.4.136.6 | 27/Mar/2015:13:20:56 0100 32457 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 111.186.100.150 | 27/Mar/2015:13:20:47 0100 5921 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 115.155.100.189 | 08/Apr/2015:13:28:32 0200 1473 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 118.229.239.17 | 27/Mar/2015:13:20:38 0100 1176 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.114.14.24 | 08/Apr/2015:13:28:33 0200 1122 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.227 | 27/Mar/2015:13:20:55 0100 28406 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.228 | 07/Apr/2015:23:31:35 0200 14038 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.69 | 27/Mar/2015:13:33:36 0100 25243 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.70 | 27/Mar/2015:13:22:52 0100 41421 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.71 | 27/Mar/2015:13:20:37 0100 35916 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.72 | 27/Mar/2015:13:21:24 0100 1899 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 202.119.25.73 | 27/Mar/2015:13:20:37 0100 45446 | ERX-CERNET-BKB China Education and Research Network Center,CN
4538 | 211.68.122.171 | 27/Mar/2015:13:20:39 0100 5351 | ERX-CERNET-BKB China Education and Research Network Center,CN
4760 | 219.77.70.87 | 08/Apr/2015:07:23:39 0200 1911 | HKTIMS-AP PCCW Limited,HK
4780 | 112.105.112.18 | 07/Apr/2015:23:34:31 0200 2409 | SEEDNET Digital United Inc.,TW
4780 | 112.105.248.156 | 09/Apr/2015:21:13:28 0200 1214 | SEEDNET Digital United Inc.,TW
4780 | 175.182.168.38 | 07/Apr/2015:23:31:48 0200 3459 | SEEDNET Digital United Inc.,TW
4808 | 111.206.86.75 | 08/Apr/2015:13:28:36 0200 7382 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 111.206.86.76 | 07/Apr/2015:23:31:37 0200 8891 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 123.125.19.44 | 27/Mar/2015:13:21:18 0100 8296 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 123.125.81.246 | 27/Mar/2015:13:20:49 0100 3909 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 123.125.81.247 | 27/Mar/2015:13:20:48 0100 3825 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 123.125.81.248 | 27/Mar/2015:13:20:49 0100 3872 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 123.125.81.249 | 27/Mar/2015:13:20:51 0100 3974 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4808 | 202.106.182.248 | 27/Mar/2015:13:20:43 0100 35373 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN
4809 | 202.55.23.113 | 27/Mar/2015:13:20:40 0100 302842 | CHINATELECOM-CORE-WAN-CN2 China Telecom Next Generation Carrier Network,CN
4812 | 101.226.3.10 | 27/Mar/2015:13:21:19 0100 5572 | CHINANET-SH-AP China Telecom (Group),CN
4812 | 180.160.72.114 | 08/Apr/2015:18:39:54 0200 3936 | CHINANET-SH-AP China Telecom (Group),CN
4812 | 61.165.100.130 | 09/Apr/2015:07:22:55 0200 3131 | CHINANET-SH-AP China Telecom (Group),CN
4837 | 101.69.199.75 | 09/Apr/2015:08:08:15 0200 2698 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 111.161.0.102 | 08/Apr/2015:13:28:37 0200 5911 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 111.161.126.82 | 27/Mar/2015:13:20:44 0100 18145 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 111.161.126.83 | 08/Apr/2015:14:50:41 0200 4399 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 111.161.126.84 | 08/Apr/2015:18:39:54 0200 24590 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 111.161.126.89 | 07/Apr/2015:23:31:36 0200 16271 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 111.161.126.94 | 09/Apr/2015:23:34:40 0200 6155 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 119.5.220.132 | 09/Apr/2015:07:22:47 0200 1165 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 123.138.245.171 | 27/Mar/2015:13:20:48 0100 20019 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 124.94.33.106 | 09/Apr/2015:07:22:49 0200 1201 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 175.44.87.102 | 10/Apr/2015:11:55:13 0200 1145 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 182.118.20.171 | 27/Mar/2015:13:22:21 0100 1046 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 182.118.20.174 | 27/Mar/2015:13:22:06 0100 1008 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 182.236.163.244 | 09/Apr/2015:08:29:34 0200 1019 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 182.91.130.168 | 10/Apr/2015:11:55:12 0200 1600 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
4837 | 27.212.252.87 | 10/Apr/2015:11:55:11 0200 1166 | CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
6629 | 140.90.222.188 | 08/Apr/2015:13:28:37 0200 131943 | NOAA-AS - NOAA,US
8048 | 190.201.213.229 | 27/M5.101.138.140 - 1 | CANTV Servicios, Venezuela,VE
8048 | 190.202.178.184 | 27/Mar/2015:13:21:18 0100 1347 | CANTV Servicios, Venezuela,VE
8048 | 190.78.50.141 | 27/Mar/2015:13:20:59 0100 1079 | CANTV Servicios, Venezuela,VE
8048 | 190.78.70.98 | 27/Mar/2015:13:51:46 0100 1120 | CANTV Servicios, Venezuela,VE
8048 | 190.79.196.70 | 08/Apr/2015:07:24:49 0200 1167 | CANTV Servicios, Venezuela,VE
8708 | 86.123.64.49 | 09/Apr/2015:07:22:44 0200 1010 | RCS-RDS RCS & RDS SA,RO
9123 | 92.53.96.71 | 09/Apr/2015:23:32:36 0200 3206 | TIMEWEB-AS OOO TimeWeb,RU
9304 | 113.254.219.212 | 08/Apr/2015:13:30:24 0200 2971 | HUTCHISON-AS-AP Hutchison Global Communications,HK
9304 | 223.19.236.177 | 08/Apr/2015:07:35:44 0200 1803 | HUTCHISON-AS-AP Hutchison Global Communications,HK
9394 | 222.46.123.163 | 27/Mar/2015:13:20:43 0100 2507 | CTTNET China TieTong Telecommunications Corporation,CN
9498 | 59.144.8.142 | 27/Mar/2015:13:20:42 0100 8089 | BBIL-AP BHARTI Airtel Ltd.,IN
9808 | 111.11.255.11 | 08/Apr/2015:10:17:59 0200 84420 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 111.40.196.68 | 27/Mar/2015:13:20:43 0100 109015 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.135.251.74 | 27/Mar/2015:13:20:44 0100 34177 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.29 | 27/Mar/2015:13:22:57 0100 8035 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.30 | 27/Mar/2015:13:21:19 0100 8176 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.31 | 27/Mar/2015:13:21:35 0100 8369 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.32 | 27/Mar/2015:13:22:05 0100 8239 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.34 | 27/Mar/2015:13:22:39 0100 8500 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.35 | 27/Mar/2015:13:21:38 0100 8271 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.36 | 27/Mar/2015:13:21:32 0100 8364 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.37 | 27/Mar/2015:13:22:00 0100 8284 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.38 | 27/Mar/2015:13:21:04 0100 8515 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.39 | 27/Mar/2015:13:21:55 0100 8340 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.40 | 27/Mar/2015:13:21:34 0100 8236 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.64 | 27/Mar/2015:13:21:56 0100 8216 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.65 | 27/Mar/2015:13:20:48 0100 8315 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.66 | 27/Mar/2015:13:21:39 0100 8384 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 117.177.240.67 | 27/Mar/2015:13:20:47 0100 8306 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 183.224.1.12 | 27/Mar/2015:13:20:53 0100 16230 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 183.224.1.13 | 27/Mar/2015:13:20:49 0100 16221 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 183.224.1.29 | 07/Apr/2015:23:31:36 0200 14249 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 183.224.1.55 | 07/Apr/2015:23:31:36 0200 14143 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 183.224.1.56 | 27/Mar/2015:13:20:54 0100 16141 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 211.137.57.65 | 08/Apr/2015:13:28:44 0200 5398 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9808 | 211.137.57.66 | 08/Apr/2015:13:28:35 0200 7963 | CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN
9812 | 211.144.72.153 | 27/Mar/2015:13:20:48 0100 13500 | CNNIC-CN-COLNET Oriental Cable Network Co., Ltd.,CN
9812 | 211.144.72.154 | 27/Mar/2015:13:22:41 0100 19833 | CNNIC-CN-COLNET Oriental Cable Network Co., Ltd.,CN
9929 | 218.240.131.12 | 07/Apr/2015:23:31:35 0200 22760 | CNCNET-CN China Netcom Corp.,CN
9929 | 218.240.156.82 | 27/Mar/2015:13:20:56 0100 200409 | CNCNET-CN China Netcom Corp.,CN
10318 | 181.30.27.18 | 27/Mar/2015:13:20:35 0100 25364 | CABLEVISION S.A.,AR
10318 | 181.30.27.19 | 27/Mar/2015:13:20:45 0100 43084 | CABLEVISION S.A.,AR
10318 | 181.30.27.20 | 27/Mar/2015:13:20:33 0100 7084 | CABLEVISION S.A.,AR
10318 | 181.30.27.21 | 27/Mar/2015:13:20:33 0100 56908 | CABLEVISION S.A.,AR
11427 | 97.77.104.22 | 27/Mar/2015:13:20:33 0100 64984 | SCRR-11427 - Time Warner Cable Internet LLC,US
12772 | 79.122.209.154 | 08/Apr/2015:13:30:07 0200 2741 | ENFORTA-AS Enforta Autonomous System,RU
13213 | 176.67.168.133 | 27/Mar/2015:13:20:33 0100 3109 | UK2NET-AS UK2 - Ltd,GB
17816 | 103.27.24.113 | 27/Mar/2015:13:20:44 0100 3044 | CHINA169-GZ China Unicom IP network China169 Guangdong province,CN
17816 | 103.27.24.114 | 27/Mar/2015:13:20:42 0100 12470 | CHINA169-GZ China Unicom IP network China169 Guangdong province,CN
17964 | 60.207.228.236 | 27/Mar/2015:13:20:39 0100 2423 | DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd.,CN
18403 | 210.245.31.15 | 27/Mar/2015:13:20:53 0100 32921 | FPT-AS-AP The Corporation for Financing & Promoting Technology,VN
20473 | 108.61.179.208 | 27/Mar/2015:13:32:01 0100 3020 | AS-CHOOPA - Choopa, LLC,US
23724 | 117.117.139.4 | 07/Apr/2015:23:31:36 0200 11928 | CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation,CN
23724 | 218.240.131.12 | 07/Apr/2015:23:31:35 0200 22760 | CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation,CN
23724 | 218.240.156.82 | 27/Mar/2015:13:20:56 0100 200409 | CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation,CN
23724 | 49.4.178.68 | 07/Apr/2015:23:31:35 0200 6119 | CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation,CN
24881 | 193.43.255.33 | 09/Apr/2015:21:12:38 0200 1131 | INTERPHONE-AS Interphone Ltd.,UA
25019 | 84.235.53.23 | 10/Apr/2015:07:22:42 0200 3917 | SAUDINETSTC-AS Saudi Telecom Company JSC,SA
26397 | 67.58.38.246 | 07/Apr/2015:23:32:57 0200 9541 | OPTIPUTER - The Regents of the University of California; University of California, San Diego.,US
28665 | 177.12.14.26 | 27/Mar/2015:13:20:33 0100 1812 | PREDIALNET PROVEDOR DE INTERNET LTDA,BR
35530 | 93.126.94.144 | 07/Apr/2015:23:31:41 0200 10203 | PROLINE Proline TM Ltd.,UA
37963 | 121.40.123.27 | 09/Apr/2015:19:36:14 0200 1947 | CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.,CN
38689 | 114.141.47.173 | 27/Mar/2015:13:20:54 0100 71758 | YHKR3 Yahoo! Korea, Corp.,KR
39001 | 91.185.65.195 | 07/Apr/2015:23:31:41 0200 5239 | NEWTONE MTS OJSC,RU
41435 | 176.104.36.1 | 08/Apr/2015:07:25:54 0200 1117 | UNDERNET-AS1 UnderNET Ltd.,UA
41535 | 89.253.228.225 | 10/Apr/2015:10:12:07 0200 1823 | RUSONYX-AS Rusonyx, Ltd.,RU
42610 | 109.173.68.122 | 07/Apr/2015:13:26:01 0200 1299 | NCNET-AS OJSC Rostelecom,RU
42831 | 5.101.138.140 | 27/Mar/2015:13:20:33 0100 3367 | UKSERVERS-AS UK Dedicated Servers Limited,GB
44217 | 62.201.200.5 | 07/Apr/2015:23:31:35 0200 84829 | IQNETWORKS IQ networks,IQ
48400 | 62.220.54.186 | 08/Apr/2015:13:28:39 0200 22147 | TRUNK-AS Mobile TeleSystems Open Joint Stock Company,RU
50710 | 37.239.46.74 | 27/Mar/2015:13:20:35 0100 18958 | EARTHLINK-AS EarthLink Ltd. Communications&Internet Services,IQ
56041 | 111.1.3.36 | 08/Apr/2015:07:23:14 0200 1158 | CMNET-ZHEJIANG-AP China Mobile communications corporation,CN
56046 | 183.208.203.221 | 10/Apr/2015:11:55:12 0200 1794 | CMNET-JIANGSU-AP China Mobile communications corporation,CN
56127 | 118.193.11.35 | 27/Mar/2015:13:20:39 0100 1670 | SHIDAIHONGYUAN Beijing Shidaihongyuan Network Communication Co.,Ltd.,CN
60490 | 77.66.201.163 | 10/Apr/2015:07:22:49 0200 4636 | KR-KRASNODAR Mobile TeleSystems Open Joint Stock Company,RU
60781 | 85.17.155.77 | 07/Apr/2015:23:31:35 0200 1081 | LEASEWEB-NL LeaseWeb B.V.,NL
62044 | 185.46.212.95 | 09/Apr/2015:07:22:44 0200 84414 | ZSCALER-EMEA Zscaler Switzerland GmbH,CH
62044 | 185.46.212.96 | 09/Apr/2015:08:29:28 0200 66955 | ZSCALER-EMEA Zscaler Switzerland GmbH,CH
More information about the nsp-security
mailing list