# Dragon Research Group (DRG) # vncprobe report # 2013-05-15 10:00:01 - 2013-05-22 10:00:01 # # To read more about VNC scanning issues and how to mitigate # VNC password authentication brute force attacks based on # report data such as this, see: # # # # README: The vncprobe report is for free for non-commercial use # ONLY. If you wish to discuss commercial use of this # service, please contact the Dragon Research Group (DRG) # for more information. Redistribution of the vncprobe # report is prohibited without the express permission of # the Dragon Research Group (DRG). # # This report is informational. It is not a blacklist, but some # operators may choose to use it to help protect their networks # and hosts in the forms of automated reporting and mitigation # services. The data is provided on an as-is basis with no # expressed warranty or guarantee of accuracy. Use of this data # is at your own risk. If you have questions about this report # do not hesitate to contact us by any of the means below. # # The Dragon Research Group (DRG) is a volunteer research # organization dedicated to further the understanding of # online criminality and to provide actionable intelligence # for the benefit of the entire Internet community. # # URL: # email: dragon@dragonresearchgroup.org # PGP key: 0x47196BBF # IRC: irc://irc.freenode.net/drg # Twitter: http://twitter.com/dragonresearch # # Entries consist of fields with identifying characteristics of a # a source IP address that has been seen attempting to remotely # connect to a host running the VNC application service. This report # lists hosts that are highly suspicious and are likely conducting # malicious VNC probes or VNC brute force attacks. Each entry is # sorted according to a route origination ASN. An entry for the # IP address may be listed more than once if there are multiple # origin AS (MOAS) announcements for the covering prefix. We use # the Team Cymru IP address to ASN mapping service to construct a # origin AS number and name. For details about this Team Cymru # service, see . # # Formatting is as follows: # # ASN | ASname | saddr | utc | category # # Each field is described below. Please note any special formatting # rules to aid in processing this file with automated tools and scripts. # Blank lines may be present to improve the visual display of this file. # Lines beginning with a hash ('#') character are comment lines. All # other lines are report entries. Each field is separated by a pipe # symbol ('|') and at least two whitespace characters on either side. # # ASN Autonomous system number originating a route for the entry # IP address. Note, 4-byte ASNs are supported and will be # displayed as a 32-bit integer. # # ASname A descriptive network name for the associated ASN. The # name is truncated to 30 characters. # # saddr The source IPv4 or IPv6 address that is being reported. # # utc A last seen timestamp formatted as YYYY-MM-DD HH:MM:SS # and in UTC time. # # category Descriptive tag name for this entry. For this report, # the text vncprobe will appear. # 209 | ASN-QWEST-US NOVARTIS-DMZ-US | 63.145.0.46 | 2013-05-18 07:59:45 | vncprobe 1221 | ASN-TELSTRA Telstra Pty Ltd | 203.45.72.84 | 2013-05-21 01:10:44 | vncprobe 1785 | AS-PAETEC-NET - PaeTec Communi | 209.254.4.71 | 2013-05-22 10:00:00 | vncprobe 2706 | PI-HK Pacnet Internet (Hong Ko | 202.64.109.202 | 2013-05-21 02:08:09 | vncprobe 3255 | UARNET-AS State Enterprise Sci | 194.44.191.130 | 2013-05-20 14:59:56 | vncprobe 3255 | UARNET-AS State Enterprise Sci | 194.44.192.142 | 2013-05-22 09:44:26 | vncprobe 3269 | ASN-IBSNAZ Telecom Italia S.p. | 79.39.183.19 | 2013-05-17 11:47:29 | vncprobe 3269 | ASN-IBSNAZ Telecom Italia S.p. | 5.98.9.145 | 2013-05-17 12:30:17 | vncprobe 3303 | SWISSCOM Swisscom (Switzerland | 62.202.37.117 | 2013-05-18 07:45:19 | vncprobe 3462 | HINET Data Communication Busin | 59.120.151.241 | 2013-05-22 01:19:51 | vncprobe 3786 | LGDACOM LG DACOM Corporation | 211.32.180.10 | 2013-05-17 08:22:48 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 202.96.127.246 | 2013-05-17 02:00:23 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 117.28.237.118 | 2013-05-19 08:30:37 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 119.146.131.151 | 2013-05-21 11:21:40 | vncprobe 4134 | CHINANET-BACKBONE No.31,Jin-ro | 202.101.174.246 | 2013-05-21 12:45:22 | vncprobe 4181 | TDS-AS - TDS TELECOM | 69.11.214.138 | 2013-05-20 15:35:20 | vncprobe 4538 | ERX-CERNET-BKB China Education | 121.251.19.10 | 2013-05-20 05:13:50 | vncprobe 4538 | ERX-CERNET-BKB China Education | 210.32.133.40 | 2013-05-22 09:17:40 | vncprobe 4755 | TATACOMM-AS TATA Communication | 121.241.186.66 | 2013-05-17 13:04:59 | vncprobe 4775 | GLOBE-TELECOM-AS Globe Telecom | 203.177.51.186 | 2013-05-22 08:29:00 | vncprobe 4788 | TMNET-AS-AP TM Net, Internet S | 60.51.236.60 | 2013-05-22 08:09:18 | vncprobe 4809 | CHINATELECOM-CORE-WAN-CN2 Chin | 117.28.237.118 | 2013-05-19 08:30:37 | vncprobe 4812 | CHINANET-SH-AP China Telecom ( | 180.168.208.18 | 2013-05-16 07:48:01 | vncprobe 4812 | CHINANET-SH-AP China Telecom ( | 222.66.209.181 | 2013-05-22 06:57:37 | vncprobe 4812 | CHINANET-SH-AP China Telecom ( | 114.81.220.47 | 2013-05-17 09:01:07 | vncprobe 5607 | BSKYB-BROADBAND-AS British Sky | 151.224.76.121 | 2013-05-22 06:52:42 | vncprobe 5617 | TPNET Telekomunikacja Polska S | 79.187.216.93 | 2013-05-21 01:11:37 | vncprobe 5617 | TPNET Telekomunikacja Polska S | 79.187.178.194 | 2013-05-20 11:05:41 | vncprobe 5713 | SAIX-NET | 196.25.126.230 | 2013-05-18 14:56:24 | vncprobe 6306 | TELEFONICA VENEZOLANA, C.A. | 200.71.189.209 | 2013-05-17 19:55:24 | vncprobe 6407 | PRIMUS-AS6407 - Primus Telecom | 207.112.116.76 | 2013-05-21 21:16:24 | vncprobe 6412 | KW KEMS | 168.187.228.33 | 2013-05-19 05:58:14 | vncprobe 6412 | KW KEMS | 168.187.253.210 | 2013-05-20 09:18:52 | vncprobe 6503 | Axtel, S.A.B. de C.V. | 148.245.102.225 | 2013-05-17 07:30:00 | vncprobe 6535 | Telmex Servicios Empresariales | 186.36.200.30 | 2013-05-22 07:35:41 | vncprobe 6539 | GT-BELL - Bell Canada | 209.17.151.175 | 2013-05-21 04:46:31 | vncprobe 6848 | TELENET-AS Telenet N.V. | 213.224.23.110 | 2013-05-22 01:12:45 | vncprobe 6871 | PLUSNET PlusNet PLC | 80.229.200.19 | 2013-05-17 08:22:19 | vncprobe 7018 | ATT-INTERNET4 - AT&T Services, | 12.205.192.2 | 2013-05-22 08:51:17 | vncprobe 7018 | ATT-INTERNET4 - AT&T Services, | 12.99.46.183 | 2013-05-21 18:24:16 | vncprobe 7020 | QDATA-AS | 196.29.140.107 | 2013-05-22 09:57:02 | vncprobe 7029 | WINDSTREAM - Windstream Commun | 66.64.216.35 | 2013-05-20 20:21:33 | vncprobe 7132 | SBIS-AS AS for SBIS-AS | 69.104.220.190 | 2013-05-15 20:35:08 | vncprobe 7132 | SBIS-AS AS for SBIS-AS | 99.21.18.110 | 2013-05-22 09:20:43 | vncprobe 7303 | Telecom Argentina S.A. | 190.138.157.153 | 2013-05-18 03:43:14 | vncprobe 7341 | VELOCITY - Velocity Network, I | 66.211.252.146 | 2013-05-16 04:46:23 | vncprobe 7643 | VNPT-AS-VN Vietnam Posts and T | 222.255.28.208 | 2013-05-20 17:27:22 | vncprobe 7738 | Telemar Norte Leste S.A. | 189.105.12.175 | 2013-05-16 01:48:26 | vncprobe 7738 | Telemar Norte Leste S.A. | 179.236.8.21 | 2013-05-19 15:18:14 | vncprobe 7738 | Telemar Norte Leste S.A. | 186.241.113.36 | 2013-05-18 13:01:07 | vncprobe 7738 | Telemar Norte Leste S.A. | 187.126.209.139 | 2013-05-16 18:00:11 | vncprobe 8048 | CANTV Servicios, Venezuela | 190.37.108.117 | 2013-05-20 14:51:21 | vncprobe 8069 | MICROSOFT-CORP---MSN-AS-BLOCK | 168.63.149.225 | 2013-05-22 08:07:45 | vncprobe 8151 | Uninet S.A. de C.V. | 189.249.126.106 | 2013-05-21 05:02:02 | vncprobe 8151 | Uninet S.A. de C.V. | 189.238.194.247 | 2013-05-22 01:46:36 | vncprobe 8167 | Brasil Telecom S/A - Filial Di | 187.55.181.126 | 2013-05-22 06:59:40 | vncprobe 8386 | KOCNET VODAFONE NET ILETISIM H | 213.248.140.118 | 2013-05-18 14:24:00 | vncprobe 8437 | UTA-AS Tele2 Telecommunication | 62.218.58.114 | 2013-05-22 09:52:42 | vncprobe 8551 | BEZEQ-INTERNATIONAL-AS Bezeqin | 62.219.110.116 | 2013-05-17 04:41:04 | vncprobe 8560 | ONEANDONE-AS 1&1 Internet AG | 74.208.64.172 | 2013-05-22 05:02:14 | vncprobe 8732 | COMCOR-AS AS for Moscow Teleco | 62.117.105.44 | 2013-05-22 04:52:12 | vncprobe 9199 | RENAM RENAM Association | 81.180.68.113 | 2013-05-17 04:47:27 | vncprobe 9318 | HANARO-AS Hanaro Telecom Inc. | 211.44.8.168 | 2013-05-18 15:37:47 | vncprobe 9394 | CRNET CHINA RAILWAY Internet(C | 222.45.58.147 | 2013-05-17 09:07:00 | vncprobe 9812 | CNNIC-CN-COLNET Oriental Cable | 211.144.73.2 | 2013-05-19 07:16:19 | vncprobe 9829 | BSNL-NIB National Internet Bac | 117.204.245.230 | 2013-05-16 00:39:21 | vncprobe 10297 | ENET-2 - eNET Inc. | 209.190.31.58 | 2013-05-16 08:00:45 | vncprobe 10318 | CABLEVISION S.A. | 190.18.222.180 | 2013-05-18 13:15:44 | vncprobe 10474 | MWEB-10474 | 41.134.172.34 | 2013-05-20 12:12:36 | vncprobe 11426 | SCRR-11426 - Time Warner Cable | 98.101.81.246 | 2013-05-17 12:36:56 | vncprobe 11427 | SCRR-11427 - Time Warner Cable | 67.78.101.173 | 2013-05-21 08:35:51 | vncprobe 12322 | PROXAD Free SAS | 88.191.148.121 | 2013-05-18 04:52:30 | vncprobe 12322 | PROXAD Free SAS | 88.191.156.100 | 2013-05-21 10:29:01 | vncprobe 12389 | ROSTELECOM-AS OJSC Rostelecom | 95.167.19.184 | 2013-05-22 09:38:22 | vncprobe 12874 | FASTWEB Fastweb SpA | 89.97.62.145 | 2013-05-20 01:29:06 | vncprobe 12874 | FASTWEB Fastweb SpA | 89.96.146.134 | 2013-05-19 09:39:47 | vncprobe 13055 | CSVLG-AS JSC _Comstar-Regions_ | 213.176.244.40 | 2013-05-16 03:10:41 | vncprobe 13367 | COMCAST-13367 - Comcast Cable | 66.41.125.77 | 2013-05-20 15:48:45 | vncprobe 15146 | CABLEBAHAMAS - Cable Bahamas | 64.150.238.136 | 2013-05-22 06:52:28 | vncprobe 15657 | SPEEDBONE-AS Speedbone Interne | 80.81.242.68 | 2013-05-17 13:49:15 | vncprobe 15915 | IBERCOM World Wide Web Ibercom | 213.195.72.134 | 2013-05-16 06:12:50 | vncprobe 16265 | LEASEWEB LeaseWeb B.V. | 82.192.75.237 | 2013-05-22 07:32:51 | vncprobe 16810 | CAVTEL02 - Cavalier Telephone | 76.161.106.202 | 2013-05-19 21:24:13 | vncprobe 17019 | JCHOST-NET - JCHost Internet S | 199.91.174.132 | 2013-05-19 07:32:37 | vncprobe 17974 | TELKOMNET-AS2-AP PT Telekomuni | 180.254.41.15 | 2013-05-17 06:31:04 | vncprobe 18229 | CTRLS-AS-IN CtrlS Datacenters | 202.65.159.58 | 2013-05-19 16:31:54 | vncprobe 18881 | Global Village Telecom | 177.40.213.109 | 2013-05-17 20:10:11 | vncprobe 20454 | SSASN2 - SECURED SERVERS LLC | 198.15.119.114 | 2013-05-15 13:43:16 | vncprobe 20495 | WEDARE We Dare BV Autonomous S | 217.148.166.179 | 2013-05-22 09:47:11 | vncprobe 20773 | HOSTEUROPE-AS Host Europe GmbH | 88.80.223.152 | 2013-05-19 19:19:39 | vncprobe 20773 | HOSTEUROPE-AS Host Europe GmbH | 88.80.216.107 | 2013-05-18 02:33:41 | vncprobe 22118 | PERRYJOHNSON-REGISTRAR - PERRY | 209.254.4.71 | 2013-05-22 10:00:00 | vncprobe 22990 | ALBANYEDU - The University at | 169.226.52.48 | 2013-05-21 19:36:18 | vncprobe 23352 | SERVERCENTRAL - Server Central | 216.246.77.234 | 2013-05-16 06:27:24 | vncprobe 24560 | AIRTELBROADBAND-AS-AP Bharti A | 122.180.134.53 | 2013-05-17 22:21:26 | vncprobe 24863 | LINKdotNET-AS | 41.128.145.66 | 2013-05-17 17:59:08 | vncprobe 24940 | HETZNER-AS Hetzner Online AG | 78.46.113.205 | 2013-05-18 18:00:19 | vncprobe 26272 | FT-ASN-1001 - FortaTrust USA C | 198.154.63.205 | 2013-05-20 09:51:06 | vncprobe 26496 | AS-26496-GO-DADDY-COM-LLC - Go | 97.74.197.183 | 2013-05-16 09:43:14 | vncprobe 26496 | AS-26496-GO-DADDY-COM-LLC - Go | 97.74.124.104 | 2013-05-16 08:49:43 | vncprobe 27594 | UTSA - University of Texas at | 129.115.235.42 | 2013-05-22 09:57:54 | vncprobe 27699 | TELEFÔNICA BRASIL S.A | 201.0.21.126 | 2013-05-15 18:12:30 | vncprobe 28573 | NET Serviços de Comunicação | 201.83.4.72 | 2013-05-21 09:40:27 | vncprobe 28573 | NET Serviços de Comunicação | 177.83.110.228 | 2013-05-22 05:20:01 | vncprobe 28677 | AMEN AMEN Network | 62.193.249.144 | 2013-05-16 07:39:36 | vncprobe 29073 | ECATEL-AS AS29073, Ecatel Netw | 89.248.171.97 | 2013-05-19 16:30:51 | vncprobe 30036 | MEDIACOM-ENTERPRISE-BUSINESS - | 108.178.204.98 | 2013-05-15 18:22:44 | vncprobe 32613 | IWEB-AS - iWeb Technologies In | 67.205.67.135 | 2013-05-18 13:40:45 | vncprobe 33028 | THENEBULACLOUD - vexxhost | 199.19.212.208 | 2013-05-22 09:30:55 | vncprobe 39743 | VOXILITY-AS Voxility S.R.L. | 89.45.14.90 | 2013-05-22 09:37:48 | vncprobe 41820 | ICSERV-AS PE InfoComService | 193.34.172.26 | 2013-05-17 13:28:37 | vncprobe 43503 | HERBST-AS Herbst Datentechnik | 81.16.49.10 | 2013-05-22 07:00:13 | vncprobe 43988 | ABSERVER-AS Access Basic Serve | 5.134.112.204 | 2013-05-16 23:10:29 | vncprobe 45629 | JASTEL-NETWORK-TH-AP JasTel Ne | 180.183.18.130 | 2013-05-22 09:53:14 | vncprobe 47794 | ATHEEB-AS Etihad Atheeb Teleco | 94.77.199.110 | 2013-05-17 19:51:59 | vncprobe 48185 | AMEN AMEN DEDICATED | 62.193.249.144 | 2013-05-16 07:39:36 | vncprobe 48380 | ATTIKI-ODOS-SA Attiki Odos S.A | 91.208.57.7 | 2013-05-15 11:01:19 | vncprobe 50195 | UM University of Maribor | 164.8.107.4 | 2013-05-18 13:30:52 | vncprobe 50613 | THORDC-AS THOR Data Center ehf | 82.221.99.235 | 2013-05-21 10:31:22 | vncprobe 50613 | THORDC-AS THOR Data Center ehf | 82.221.99.225 | 2013-05-18 08:15:03 | vncprobe 52830 | Jone Casamali | 177.52.202.17 | 2013-05-20 20:29:51 | vncprobe 55492 | DFN-BD Suit | 27.131.13.8 | 2013-05-16 00:25:57 | vncprobe 58271 | ASLINKUP LinkUp Ltd. | 176.119.15.21 | 2013-05-18 00:25:39 | vncprobe # # Statistics # ASNs: 101 # Addresses: 120