# Dragon Research Group (DRG) # vncprobe report # 2012-05-11 12:00:04 - 2012-05-18 12:00:04 # # To read more about VNC scanning issues and how to mitigate # VNC password authentication brute force attacks based on # report data such as this, see: # # # # README: The vncprobe report is for free for non-commercial use # ONLY. If you wish to discuss commercial use of this # service, please contact the Dragon Research Group (DRG) # for more information. Redistribution of the vncprobe # report is prohibited without the express permission of # the Dragon Research Group (DRG). # # This report is informational. It is not a blacklist, but some # operators may choose to use it to help protect their networks # and hosts in the forms of automated reporting and mitigation # services. The data is provided on an as-is basis with no # expressed warranty or guarantee of accuracy. Use of this data # is at your own risk. If you have questions about this report # do not hesitate to contact us by any of the means below. # # The Dragon Research Group (DRG) is a volunteer research # organization dedicated to further the understanding of # online criminality and to provide actionable intelligence # for the benefit of the entire Internet community. # # URL: # email: dragon@dragonresearchgroup.org # PGP key: 0x47196BBF # IRC: irc://irc.freenode.net/drg # Twitter: http://twitter.com/dragonresearch # # Entries consist of fields with identifying characteristics of a # a source IP address that has been seen attempting to remotely # connect to a host running the VNC application service. This report # lists hosts that are highly suspicious and are likely conducting # malicious VNC probes or VNC brute force attacks. Each entry is # sorted according to a route origination ASN. An entry for the # IP address may be listed more than once if there are multiple # origin AS (MOAS) announcements for the covering prefix. We use # the Team Cymru IP address to ASN mapping service to construct a # origin AS number and name. For details about this Team Cymru # service, see . # # Formatting is as follows: # # ASN | ASname | saddr | utc | category # # Each field is described below. Please note any special formatting # rules to aid in processing this file with automated tools and scripts. # Blank lines may be present to improve the visual display of this file. # Lines beginning with a hash ('#') character are comment lines. All # other lines are report entries. Each field is separated by a pipe # symbol ('|') and at least two whitespace characters on either side. # # ASN Autonomous system number originating a route for the entry # IP address. Note, 4-byte ASNs are supported and will be # displayed as a 32-bit integer. # # ASname A descriptive network name for the associated ASN. The # name is truncated to 30 characters. # # saddr The source IPv4 or IPv6 address that is being reported. # # utc A last seen timestamp formatted as YYYY-MM-DD HH:MM:SS # and in UTC time. # # category Descriptive tag name for this entry. For this report, # the text vncprobe will appear. # 174 | COGENT Cogent/PSI | 38.109.100.235 | 2012-05-12 15:38:52 | vncprobe 1239 | SPRINTLINK - Sprint | 65.160.172.250 | 2012-05-12 16:16:43 | vncprobe 1659 | ERX-TANET-ASN1 Tiawan Academic | 140.134.36.26 | 2012-05-12 16:18:03 | vncprobe 2607 | SANET Slovak Academic Network | 194.160.28.190 | 2012-05-16 16:15:30 | vncprobe 3249 | ESTPAK Elion Enterprises Ltd. | 195.50.206.89 | 2012-05-16 07:17:13 | vncprobe 3269 | ASN-IBSNAZ Telecom Italia S.p. | 79.48.76.164 | 2012-05-15 22:49:09 | vncprobe 3292 | TDC TDC Data Networks | 2.107.162.214 | 2012-05-15 10:40:39 | vncprobe 3786 | LGDACOM LG DACOM Corporation | 121.254.172.8 | 2012-05-12 07:08:28 | vncprobe 3786 | LGDACOM LG DACOM Corporation | 121.254.179.200 | 2012-05-11 21:37:26 | vncprobe 3786 | LGDACOM LG DACOM Corporation | 61.32.184.130 | 2012-05-12 15:29:44 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 117.79.91.252 | 2012-05-18 05:54:07 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 14.210.156.43 | 2012-05-12 10:42:42 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 220.178.58.167 | 2012-05-12 11:33:11 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 59.50.112.50 | 2012-05-16 10:29:19 | vncprobe 4201 | ORST-AS - Oregon State Univers | 128.193.191.241 | 2012-05-15 20:14:12 | vncprobe 4713 | OCN NTT Communications Corpora | 180.0.240.200 | 2012-05-15 14:53:14 | vncprobe 4739 | INTERNODE-AS Internode Pty Ltd | 203.122.230.244 | 2012-05-15 16:26:47 | vncprobe 4765 | WORLDNET-AS World Net & Servic | 61.47.14.202 | 2012-05-12 12:13:14 | vncprobe 4788 | TMNET-AS-AP TM Net, Internet S | 175.139.182.147 | 2012-05-18 05:57:46 | vncprobe 4804 | MPX-AS Microplex PTY LTD | 114.77.187.35 | 2012-05-14 02:43:46 | vncprobe 4808 | CHINA169-BJ CNCGROUP IP networ | 124.248.32.246 | 2012-05-14 08:24:22 | vncprobe 4837 | CHINA169-BACKBONE CNCGROUP Chi | 222.134.212.212 | 2012-05-13 07:12:09 | vncprobe 5408 | GR-NET Greek Research & Techno | 62.217.120.134 | 2012-05-13 08:22:16 | vncprobe 5602 | KPNQwest Italia S.p.a | 89.186.73.197 | 2012-05-17 20:35:49 | vncprobe 5603 | SIOL-NET Telekom Slovenije d.d | 89.142.227.114 | 2012-05-16 14:20:00 | vncprobe 5769 | VIDEOTRON - Videotron Telecom | 69.70.31.154 | 2012-05-11 16:17:55 | vncprobe 6799 | OTENET-GR Ote SA (Hellenic Tel | 94.69.13.149 | 2012-05-14 15:22:30 | vncprobe 7018 | ATT-INTERNET4 - AT&T Services, | 209.65.66.214 | 2012-05-15 19:52:32 | vncprobe 7018 | ATT-INTERNET4 - AT&T Services, | 70.245.214.166 | 2012-05-13 16:57:33 | vncprobe 7018 | ATT-INTERNET4 - AT&T Services, | 99.107.222.37 | 2012-05-14 13:01:08 | vncprobe 7132 | SBIS-AS - AT&T Internet Servic | 75.17.22.220 | 2012-05-12 19:56:13 | vncprobe 7132 | SBIS-AS - AT&T Internet Servic | 75.10.210.212 | 2012-05-14 06:35:37 | vncprobe 7132 | SBIS-AS - AT&T Internet Servic | 75.61.199.177 | 2012-05-17 10:55:52 | vncprobe 7552 | VIETEL-AS-AP Vietel Corporatio | 203.113.130.203 | 2012-05-12 13:13:55 | vncprobe 7738 | Telecomunicacoes da Bahia S.A. | 189.83.139.225 | 2012-05-15 05:44:14 | vncprobe 7738 | Telecomunicacoes da Bahia S.A. | 201.78.112.27 | 2012-05-14 13:52:14 | vncprobe 7738 | Telecomunicacoes da Bahia S.A. | 201.78.5.118 | 2012-05-12 05:42:29 | vncprobe 8167 | TELESC - Telecomunicacoes de S | 200.103.127.245 | 2012-05-16 04:21:54 | vncprobe 8346 | SONATEL-AS Autonomous System | 217.64.98.68 | 2012-05-16 03:15:15 | vncprobe 8400 | TELEKOM-AS TELEKOM SRBIJA a.d. | 212.200.74.162 | 2012-05-15 06:42:55 | vncprobe 8972 | PLUSSERVER-AS intergenia AG | 62.75.162.249 | 2012-05-12 11:49:17 | vncprobe 8972 | PLUSSERVER-AS intergenia AG | 62.75.235.70 | 2012-05-12 14:14:07 | vncprobe 8972 | PLUSSERVER-AS intergenia AG | 62.75.153.86 | 2012-05-12 11:41:11 | vncprobe 9050 | RTD ROMTELECOM S.A | 92.87.255.27 | 2012-05-18 11:14:41 | vncprobe 9121 | TTNET Turk Telekomunikasyon An | 85.105.168.172 | 2012-05-17 03:03:47 | vncprobe 9269 | CTIHK-AS-AP City Telecom (H.K. | 59.148.193.108 | 2012-05-12 16:09:21 | vncprobe 9318 | HANARO-AS Hanaro Telecom Inc. | 218.232.108.104 | 2012-05-12 16:46:39 | vncprobe 9829 | BSNL-NIB National Internet Bac | 59.97.170.44 | 2012-05-15 10:45:23 | vncprobe 9924 | TFN-TW Taiwan Fixed Network, T | 61.31.200.49 | 2012-05-12 16:02:32 | vncprobe 10733 | Matrix Informatica | 200.201.194.134 | 2012-05-13 05:45:04 | vncprobe 11427 | SCRR-11427 - Road Runner HoldC | 67.78.75.27 | 2012-05-16 00:58:43 | vncprobe 12271 | SCRR-12271 - Road Runner HoldC | 50.74.170.68 | 2012-05-13 16:50:25 | vncprobe 12741 | INTERNETIA-AS Netia SA | 62.233.197.190 | 2012-05-12 18:43:23 | vncprobe 13184 | HANSENET Telefonica Germany Gm | 85.178.29.97 | 2012-05-16 09:29:49 | vncprobe 13576 | SDNET - SOUTH DAKOTA NETWORK | 216.249.231.169 | 2012-05-14 03:02:27 | vncprobe 13645 | BROADBANDONE - BroadbandONE, I | 64.135.84.240 | 2012-05-18 06:24:57 | vncprobe 13768 | PEER1 - Peer 1 Network Inc. | 216.157.93.235 | 2012-05-12 19:47:41 | vncprobe 14080 | Telmex Colombia S.A. | 190.144.12.134 | 2012-05-14 15:09:46 | vncprobe 14080 | Telmex Colombia S.A. | 190.145.0.251 | 2012-05-16 20:31:09 | vncprobe 14744 | INTERNAP-BLOCK-4 - Internap Ne | 66.150.174.151 | 2012-05-16 07:57:29 | vncprobe 14828 | HBCI-1999TA - Hiawatha Broadba | 65.126.99.50 | 2012-05-12 12:08:21 | vncprobe 15696 | ARIAN-AS Communication and inf | 188.126.135.213 | 2012-05-15 08:38:14 | vncprobe 16221 | PIPELINE CH-PIPELINE Autonomou | 217.118.205.130 | 2012-05-11 20:48:08 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 94.75.233.15 | 2012-05-16 09:28:04 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 95.211.129.159 | 2012-05-17 22:08:53 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 94.75.205.18 | 2012-05-16 09:32:49 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 95.211.74.173 | 2012-05-16 16:17:41 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 95.211.39.72 | 2012-05-15 10:08:00 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 62.212.72.207 | 2012-05-12 11:28:00 | vncprobe 16276 | OVH OVH Systems | 176.31.254.161 | 2012-05-15 11:34:51 | vncprobe 17184 | ATL-CBEYOND - CBEYOND COMMUNIC | 69.199.237.43 | 2012-05-11 16:16:57 | vncprobe 17672 | CHINATELECOM-HE-AS-AP asn for | 124.248.32.246 | 2012-05-14 08:24:22 | vncprobe 19262 | VZGNI-TRANSIT - Verizon Online | 129.44.51.58 | 2012-05-18 08:24:57 | vncprobe 21271 | SOTELMABGP | 217.64.98.68 | 2012-05-16 03:15:15 | vncprobe 21826 | Internet Cable Plus C. A. | 190.142.165.237 | 2012-05-11 21:28:49 | vncprobe 21844 | THEPLANET-AS - ThePlanet.com I | 207.44.194.116 | 2012-05-18 07:07:08 | vncprobe 21844 | THEPLANET-AS - ThePlanet.com I | 74.54.94.162 | 2012-05-13 13:02:27 | vncprobe 21844 | THEPLANET-AS - ThePlanet.com I | 74.52.102.26 | 2012-05-18 10:40:27 | vncprobe 21844 | THEPLANET-AS - ThePlanet.com I | 207.44.240.7 | 2012-05-18 11:34:30 | vncprobe 22394 | CELLCO - Cellco Partnership DB | 75.250.48.110 | 2012-05-15 17:31:50 | vncprobe 22576 | LAYER3-ASN - Layered Technolog | 72.232.189.194 | 2012-05-12 04:35:59 | vncprobe 23352 | SERVERCENTRAL - Server Central | 204.93.130.136 | 2012-05-16 11:20:03 | vncprobe 23462 | SAUNSTAR-PARKPLAZA - SaunStar | 208.71.37.88 | 2012-05-14 07:19:29 | vncprobe 23724 | CHINANET-IDC-BJ-AP IDC, China | 117.79.91.252 | 2012-05-18 05:54:07 | vncprobe 24158 | TAIWANMOBILE-AS Taiwan Mobile | 101.14.99.154 | 2012-05-13 10:10:21 | vncprobe 25019 | SAUDINETSTC-AS Autonomus Syste | 2.88.196.97 | 2012-05-12 21:47:36 | vncprobe 26496 | AS-26496-GO-DADDY-COM-LLC - Go | 97.74.118.151 | 2012-05-18 01:17:30 | vncprobe 27699 | TELECOMUNICACOES DE SAO PAULO | 189.19.194.184 | 2012-05-15 05:30:56 | vncprobe 28518 | Cablevision de Saltillo, S.A. | 201.162.22.71 | 2012-05-12 01:11:11 | vncprobe 28518 | Cablevision de Saltillo, S.A. | 201.158.82.193 | 2012-05-16 01:05:55 | vncprobe 28518 | Cablevision de Saltillo, S.A. | 201.162.25.144 | 2012-05-15 15:52:53 | vncprobe 28677 | AMEN AMEN Network | 62.193.224.212 | 2012-05-11 13:49:33 | vncprobe 28677 | AMEN AMEN Network | 62.193.233.114 | 2012-05-17 18:04:27 | vncprobe 29182 | ISPSYSTEM-AS ISPsystem Autonom | 62.109.25.235 | 2012-05-12 11:56:18 | vncprobe 29182 | ISPSYSTEM-AS ISPsystem Autonom | 62.109.16.42 | 2012-05-12 12:40:07 | vncprobe 29252 | ODR-TKG-AS ODR Technologie und | 62.152.181.171 | 2012-05-12 12:24:35 | vncprobe 29550 | SIMPLYTRANSIT Simply Transit L | 109.203.112.244 | 2012-05-15 21:43:39 | vncprobe 29550 | SIMPLYTRANSIT Simply Transit L | 91.186.10.4 | 2012-05-18 11:28:48 | vncprobe 29632 | NASSIST-AS The NetAssist auton | 62.205.159.42 | 2012-05-12 13:35:38 | vncprobe 29684 | NOURNET-ASN Nour Communication | 88.85.251.3 | 2012-05-17 10:53:12 | vncprobe 29802 | HVC-AS - HIVELOCITY VENTURES C | 66.232.101.228 | 2012-05-13 06:55:00 | vncprobe 31027 | NIANET-AS Nianet A/S | 87.116.25.132 | 2012-05-16 16:43:46 | vncprobe 31034 | ARUBA-ASN Aruba S.p.A. - Netwo | 62.149.243.208 | 2012-05-12 15:21:54 | vncprobe 31334 | KABELDEUTSCHLAND-AS Kabel Deut | 31.17.192.50 | 2012-05-16 16:48:15 | vncprobe 31820 | PUGMARKS - PUGMARKS | 65.182.191.70 | 2012-05-12 19:21:01 | vncprobe 32475 | SINGLEHOP-INC - SingleHop | 184.154.42.194 | 2012-05-18 11:57:42 | vncprobe 35376 | TRE-FOR-BREDBAAND-AS TRE-FOR B | 87.104.233.122 | 2012-05-18 10:58:40 | vncprobe 39743 | VOXILITY-AS Voxility SRL | 188.212.152.7 | 2012-05-13 22:58:50 | vncprobe 39743 | VOXILITY-AS Voxility SRL | 188.212.152.18 | 2012-05-18 08:10:35 | vncprobe 42555 | OPTIC-COM-EU OPTICCOM- BULGARI | 94.236.192.198 | 2012-05-16 11:55:12 | vncprobe 42610 | NCNET-AS National Cable Networ | 77.37.209.156 | 2012-05-11 14:46:33 | vncprobe 42926 | RADORE Radore Hosting Telekomu | 213.128.67.130 | 2012-05-16 09:35:31 | vncprobe 44957 | OPITEL OPITEL AS number | 2.32.157.54 | 2012-05-13 11:01:42 | vncprobe 45773 | HECPERN-AS-PK PERN AS Content | 111.68.105.215 | 2012-05-12 18:42:36 | vncprobe 48185 | AMEN AMEN DEDICATED | 62.193.224.212 | 2012-05-11 13:49:33 | vncprobe 48185 | AMEN AMEN DEDICATED | 62.193.233.114 | 2012-05-17 18:04:27 | vncprobe 48185 | AMEN AMEN DEDICATED | 85.10.136.129 | 2012-05-17 02:16:08 | vncprobe 49169 | ETA2U-AS SC ETA2U SRL | 91.212.162.75 | 2012-05-18 10:58:43 | vncprobe 49169 | ETA2U-AS SC ETA2U SRL | 91.212.162.78 | 2012-05-18 10:59:23 | vncprobe 49770 | SERVERCONNECT-AS ServerConnect | 95.143.193.81 | 2012-05-11 17:18:40 | vncprobe 56872 | VIDEOKLASS-AS Vadim Kyrilovich | 188.130.251.77 | 2012-05-17 11:51:21 | vncprobe 197043 | WEBTRAFFIC Marcel Edler tradin | 46.251.237.241 | 2012-05-18 11:43:12 | vncprobe 197043 | WEBTRAFFIC Marcel Edler tradin | 109.230.246.54 | 2012-05-18 11:03:34 | vncprobe # # Statistics # ASNs: 91 # Addresses: 118