Sunday, May 21, 2017

Random Internet Connections ~ 5/21/2017

Random Internet Connections ~ 5/21/2017

Uninvited guests randomly scanning my honeypot.

No DNS = IOT device or ??

Count | IP Address | Port | DNS (if available)

APNIC (Asia)

1 103.218.100.242 2323
1 103.219.246.174 23
1 103.29.69.96 554 96.69.29.103.in-addr.arpa. 81788 IN PTR li1542-96.members.linode.com.
1 103.50.4.26 23

1 103.79.143.231 22
1 103.79.143.232 22
[ ^^ Typo or looking for 22 (SSH) ]

1 103.87.48.43 23
1 106.111.110.147 23
1 110.17.165.146 1433
1 110.8.84.206 1433
1 111.40.166.130 22
1 111.51.27.231 23
1 111.9.180.188 1433

1 111.91.144.95 1900
1 111.91.148.45 1900
[ ^^ Looking for 1900 ~ popular in Asia]

1 112.227.103.160 23
1 112.53.235.40 23
1 113.128.64.128 23
1 113.224.152.95 23
1 113.235.19.185 23
1 113.30.60.166 1900
1 114.199.214.140 1900
1 114.219.158.32 23
1 115.72.154.122 23 122.154.72.115.in-addr.arpa. 80342 IN PTR adsl.viettel.vn.
1 116.232.85.239 23
1 116.97.239.78 81
1 117.199.230.116 23
1 117.222.180.30 445
1 117.34.72.18 23
1 118.69.197.149 1433
1 119.57.141.165 23
1 120.142.132.198 1900
1 120.210.134.26 23

1 121.199.4.219 1433
1 121.250.100.7 1433
1 121.254.246.12 1433
[ ^^ Looking for 1433 (SQL Server)]

1 122.114.169.198 1433
1 122.114.169.198 23
1 122.114.182.100 1433
1 122.114.182.230 1433
1 122.114.39.80 23
1 122.114.46.62 1433
1 122.114.49.115 23
[ ^^ Likely a bad network looking to exploit port 23 (telnet) and 1433 (SQL Server)]

1 122.116.159.107 32761 107.159.116.122.in-addr.arpa. 38775 IN PTR 122-116-159-107.HINET-IP.hinet.net.
1 122.128.249.38 1900
1 122.194.229.10 8080
1 123.100.168.114 1900
1 123.133.65.58 993
1 123.207.111.120 23
1 123.207.126.103 23
1 123.207.159.29 1433
1 124.195.171.85 1900
1 125.211.221.233 1433
1 128.114.234.201 3389 201.234.114.128.in-addr.arpa. 24617 IN PTR dhcp-234-201.ucsc.edu.
1 14.118.251.235 23
1 14.210.166.26 23
1 180.106.225.30 22
1 180.112.96.16 23
1 180.114.97.146 23
1 182.100.67.118 22
1 182.130.183.118 23
1 182.69.57.241 23 241.57.69.182.in-addr.arpa. 81981 IN PTR abts-north-dynamic-241.57.69.182.airtelbroadband.in.
1 183.93.223.235 2222
1 202.65.220.205 1433 205.220.65.202.in-addr.arpa. 82060 IN PTR static-ip-205-220-65-202.rev.dyxnet.com.
1 203.189.83.131 23 131.83.189.203.in-addr.arpa. 3600 IN PTR 203-189-83-131.dynamic.acenet.com.au.
1 203.195.147.204 1433
1 203.50.80.157 0 157.80.50.203.in-addr.arpa. 82094 IN PTR gigabitethernet0-1.win17.melbourne.telstra.net.
1 210.48.154.99 52306 99.154.48.210.in-addr.arpa. 3216 IN PTR quid.centralmalaysia.com.
1 210.48.154.99 57845 99.154.48.210.in-addr.arpa. 3211 IN PTR quid.centralmalaysia.com.
1 210.48.154.99 65439 99.154.48.210.in-addr.arpa. 3206 IN PTR quid.centralmalaysia.com.
1 211.143.111.235 23
1 211.159.172.178 23
1 211.176.166.179 1900
1 218.60.136.106 22 106.136.60.218.in-addr.arpa. 139 IN PTR cncln.online.ln.cn.
1 218.62.97.247 23 247.97.62.218.in-addr.arpa. 82769 IN PTR 247.97.62.218.adsl-pool.jlccptt.net.cn.
1 219.153.18.157 22
1 220.85.169.58 23
1 222.186.134.8 808
1 222.186.39.41 2433
1 222.186.39.61 1433
1 222.186.58.161 9200
1 222.186.58.172 1533
1 222.220.92.86 23
1 222.34.18.27 0
1 222.81.144.20 23
1 223.3.39.9 22
1 223.3.39.9 2222
1 23.235.162.41 3389
1 27.153.124.59 23 59.124.153.27.in-addr.arpa. 82294 IN PTR 59.124.153.27.broad.qz.fj.dynamic.163data.com.cn.
1 27.3.89.163 23
1 36.110.169.36 1433
1 39.32.197.63 81
1 42.2.40.118 22 118.40.2.42.in-addr.arpa. 81624 IN PTR 42-2-40-118.static.netvigator.com.
1 42.51.16.5 3306 5.16.51.42.in-addr.arpa. 300 IN PTR htuidc.bgp.ip.
1 43.230.114.115 2433
1 43.240.245.45 23
1 43.240.245.88 23
1 49.81.19.231 0
1 59.110.136.70 3306
[ ^^ Trying to connect to MySQL]

1 59.45.175.192 22
1 60.190.67.253 0
[ ^^ 0 is an invalid port ]

1 60.191.38.77 1962
1 58.143.3.75 3389
3 210.6.141.217 23 217.141.6.210.in-addr.arpa. 80908 IN PTR 210006141217.ctinets.com.

ARIN (North America)

1 107.150.2.67 3306 67.2.150.107.in-addr.arpa. 83460 IN PTR 107.150.2.67.static.quadranet.com.
1 108.176.247.184 445 184.247.176.108.in-addr.arpa. 83551 IN PTR cpe-108-176-247-184.twcny.res.rr.com.
[ ^^ 445 - block it! Or pay the price...]

1 13.58.84.211 8880 211.84.58.13.in-addr.arpa. 300 IN PTR ec2-13-58-84-211.us-east-2.compute.amazonaws.com.
1 141.212.122.17 1900 17.122.212.141.in-addr.arpa. 900 IN PTR researchscan272.eecs.umich.edu.
1 184.0.91.60 0 60.91.0.184.in-addr.arpa. 81985 IN PTR nv-184-0-91-60.dhcp.embarqhsd.net.
1 184.105.139.76 123 76.139.105.184.in-addr.arpa. 86357 IN CNAME 76.64-26.139.105.184.in-addr.arpa. 76.64-26.139.105.184.in-addr.arpa. 86357 IN PTR scan-02b.shadowserver.org.
1 184.105.139.82 69 82.139.105.184.in-addr.arpa. 86400 IN CNAME 82.64-26.139.105.184.in-addr.arpa. 82.64-26.139.105.184.in-addr.arpa. 86400 IN PTR scan-04c.shadowserver.org.
1 184.105.139.85 177 85.139.105.184.in-addr.arpa. 86400 IN CNAME 85.64-26.139.105.184.in-addr.arpa. 85.64-26.139.105.184.in-addr.arpa. 86400 IN PTR scan-03c.shadowserver.org.
1 184.105.247.198 623 198.247.105.184.in-addr.arpa. 85518 IN CNAME 198.192-26.247.105.184.in-addr.arpa. 198.192-26.247.105.184.in-addr.arpa. 85518 IN PTR scan-13a.shadowserver.org.
1 184.105.247.220 53413 220.247.105.184.in-addr.arpa. 86400 IN CNAME 220.192-26.247.105.184.in-addr.arpa. 220.192-26.247.105.184.in-addr.arpa. 86400 IN PTR scan-15f.shadowserver.org.
1 208.84.200.21 445
1 209.126.136.5 23
1 216.218.206.111 137 111.206.218.216.in-addr.arpa. 85980 IN CNAME 111.64-26.206.218.216.in-addr.arpa. 111.64-26.206.218.216.in-addr.arpa. 85980 IN PTR scan-06k.shadowserver.org.
1 216.218.206.94 500 94.206.218.216.in-addr.arpa. 86400 IN CNAME 94.64-26.206.218.216.in-
1 23.254.130.88 1433 88.130.254.23.in-addr.arpa. 10154 IN PTR client-23-254-130-88.hostwindsdns.com.
1 45.32.216.149 445 149.216.32.45.in-addr.arpa. 3600 IN PTR 45.32.216.149.vultr.com.
1 45.55.10.21 110 21.10.55.45.in-addr.arpa. 1800 IN PTR worker-4-27b-8.stretchoid.com.
1 45.58.136.98 80 98.136.58.45.in-addr.arpa. 22432 IN PTR nookrie-yet.ringlooks.net.
1 46.101.118.25 7991 25.118.101.46.in-addr.arpa. 1800 IN PTR min-extra-scan-12-de-do-dev.binaryedge.ninja.
1 64.184.116.177 81 177.116.184.64.in-addr.arpa. 3600 IN PTR ip-64-184-116-177.ligtel.com.
1 67.210.208.133 20366 133.208.210.67.in-addr.arpa. 6729 IN PTR 133.208.210-67.q9.net.
1 67.210.208.133 59108 133.208.210.67.in-addr.arpa. 6724 IN PTR 133.208.210-67.q9.net.
1 71.234.215.22 8080 22.215.234.71.in-addr.arpa. 1975 IN PTR c-71-234-215-22.hsd1.ct.comcast.net.
1 71.6.158.166 3689 166.158.6.71.in-addr.arpa. 37130 IN PTR ninja.census.shodan.io.
1 71.6.158.166 4070 166.158.6.71.in-addr.arpa. 37125 IN PTR ninja.census.shodan.io.
1 71.6.158.166 5985 166.158.6.71.in-addr.arpa. 37120 IN PTR ninja.census.shodan.io.
1 74.123.18.142 49867
1 74.82.47.34 53 34.47.82.74.in-addr.arpa. 86400 IN CNAME 34.0-26.47.82.74.in-addr.arpa. 34.0-26.47.82.74.in-addr.arpa. 86400 IN PTR scan-09h.shadowserver.org.
1 74.82.47.48 523 48.47.82.74.in-addr.arpa. 86400 IN CNAME 48.0-26.47.82.74.in-addr.arpa. 48.0-26.47.82.74.in-addr.arpa. 86400 IN PTR scan-11k.shadowserver.org.

1 75.102.21.12 32175 12.21.102.75.in-addr.arpa. 3600 IN PTR mail.sarangak.com.
[ ^^ Hmm. A mail server...]

1 99.67.126.150 717 150.126.67.99.in-addr.arpa. 1714 IN PTR adsl-99-67-126-150.dsl.covlil.sbcglobal.net.
2 209.49.192.54 3389
2 52.31.147.77 3389 77.147.31.52.in-addr.arpa. 300 IN PTR ec2-52-31-147-77.eu-west-1.compute.amazonaws.com.
[ ^^ Could be typo - someone's EC2 instance IP address changed...or not.]

RIPE (Europe)

1 151.236.52.243 1433 243.52.236.151.in-addr.arpa. 81857 IN PTR vps.tessyacconciature.it.
1 151.250.37.89 23 89.37.250.151.in-addr.arpa. 122 IN PTR host-151-250-37-89.reverse.superonline.net.

1 163.172.167.164 1020 164.167.172.163.in-addr.arpa. 60 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
1 163.172.167.164 1021 164.167.172.163.in-addr.arpa. 55 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
1 163.172.167.164 1022 164.167.172.163.in-addr.arpa. 50 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
[ ^^ Port Scan ]

1 146.0.77.108 49431
1 139.162.120.76 81 76.120.162.139.in-addr.arpa. 82757 IN PTR li1604-76.members.linode.com.
1 169.54.233.124 5060 124.233.54.169.in-addr.arpa. 81594 IN PTR 7c.e9.36a9.ip4.static.sl-reverse.com.
1 169.54.244.89 17185 89.244.54.169.in-addr.arpa. 82750 IN PTR 59.f4.36a9.ip4.static.sl-reverse.com.
1 169.54.244.93 44818 93.244.54.169.in-addr.arpa. 82779 IN PTR 5d.f4.36a9.ip4.static.sl-reverse.com.
1 170.231.114.47 23
1 171.248.157.193 23
1 171.25.193.131 443 131.193.25.171.in-addr.arpa. 82490 IN PTR tor-exit7-readme.dfri.se.
1 172.82.180.58 1900
1 173.215.141.54 445 54.141.215.173.in-addr.arpa. 169766 IN PTR static-173-215-141-54.prtc.net.
1 176.122.251.15 23
1 176.8.128.19 23 19.128.8.176.in-addr.arpa. 82559 IN PTR 176-8-128-19.broadband.kyivstar.net.
1 178.137.212.9 23 9.212.137.178.in-addr.arpa. 82599 IN PTR 178-137-212-9.broadband.kyivstar.net.
1 178.137.51.246 23 246.51.137.178.in-addr.arpa. 82895 IN PTR 178-137-51-246.broadband.kyivstar.net.
1 178.159.36.60 3389
1 178.47.176.130 23
1 185.128.40.110 1900

1 185.35.62.122 1883
1 185.35.62.135 47808
1 185.35.62.194 502
1 185.56.82.54 5901
1 185.56.82.74 3401
[^^Port scan mixing up the IPs?]

1 185.94.111.1 137
1 195.46.112.154 22
1 212.129.1.60 5060 60.1.129.212.in-addr.arpa. 81939 IN PTR 212-129-1-60.rev.poneytelecom.eu.
1 212.83.157.201 5060 201.157.83.212.in-addr.arpa. 82398 IN PTR 212-83-157-201.rev.poneytelecom.eu.
addr.arpa. 94.64-26.206.218.216.in-addr.arpa. 86400 IN PTR scan-05g.shadowserver.org.
1 217.160.0.34 63393 34.0.160.217.in-addr.arpa. 81832 IN PTR 217-160-0-34.elastic-ssl.ui-r.com.
1 217.65.176.70 23
1 31.207.47.86 3389
1 37.55.197.31 717 31.197.55.37.in-addr.arpa. 82306 IN PTR 31-197-55-37.pool.ukrtel.net.

1 37.115.57.53 23 53.57.115.37.in-addr.arpa. 82201 IN PTR 37-115-57-53.broadband.kyivstar.net.
1 37.229.14.140 23 140.14.229.37.in-addr.arpa. 81539 IN PTR 37-229-14-140.broadband.kyivstar.net.
1 46.118.174.39 23 39.174.118.46.in-addr.arpa. 81709 IN PTR 46-118-174-39.broadband.kyivstar.net.
1 46.118.62.107 23 107.62.118.46.in-addr.arpa. 82099 IN PTR 46-118-62-107.broadband.kyivstar.net.
1 46.118.76.7 23 7.76.118.46.in-addr.arpa. 82660 IN PTR 46-118-76-7.broadband.kyivstar.net.
1 46.118.96.191 23 191.96.118.46.in-addr.arpa. 81153 IN PTR 46-118-96-191.broadband.kyivstar.net.
1 46.119.195.200 23 200.195.119.46.in-addr.arpa. 82159 IN PTR 46-119-195-200.broadband.kyivstar.net.
[^^Lots of port 23 from kyivstar.net]

1 46.139.103.246 445 246.103.139.46.in-addr.arpa. 81864 IN PTR 2E8B67F6.catv.pool.telekom.hu.
1 46.249.74.180 2323 180.74.249.46.in-addr.arpa. 17044 IN PTR 46-249-74-180.net1.bg.
1 5.161.20.26 81
1 5.188.11.10 3389
1 5.188.11.10 3390
1 5.237.151.150 81
1 5.8.50.130 3357
1 51.15.142.103 8080 103.142.15.51.in-addr.arpa. 60 IN PTR probe2.sisyphe.io.
1 51.15.67.132 8443 132.67.15.51.in-addr.arpa. 60 IN PTR 132-67-15-51.rev.cloud.scaleway.com.
1 62.138.14.135 5060 135.14.138.62.in-addr.arpa. 82280 IN PTR loft24103.serverprofi24.eu.
1 77.159.71.216 23 216.71.159.77.in-addr.arpa. 38416 IN PTR 216.71.159.77.rev.sfr.net.
1 78.189.28.120 23 120.28.189.78.in-addr.arpa. 37933 IN PTR 78.189.28.120.dynamic.ttnet.com.tr.
1 79.135.228.161 49867 161.228.135.79.in-addr.arpa. 3600 IN PTR 161.228.135.79.in-addr.arpa.
1 79.2.183.59 23 59.183.2.79.in-addr.arpa. 37903 IN PTR host59-183-static.2-79-b.business.telecomitalia.it.
1 80.24.113.183 23 183.113.24.80.in-addr.arpa. 168532 IN PTR 183.red-80-24-113.staticip.rima-tde.net.
1 80.82.70.26 23 26.70.82.80.in-addr.arpa. 3600 IN PTR vicnovo7x026.securolytics.io.

1 80.82.77.139 12345 139.77.82.80.in-addr.arpa. 2052 IN PTR dojo.census.shodan.io.
1 80.82.77.139 5986 139.77.82.80.in-addr.arpa. 2047 IN PTR dojo.census.shodan.io.
1 80.82.77.33 1099 33.77.82.80.in-addr.arpa. 2790 IN PTR sky.census.shodan.io.
1 80.82.77.33 1962 33.77.82.80.in-addr.arpa. 2785 IN PTR sky.census.shodan.io.
1 80.82.77.33 4040 33.77.82.80.in-addr.arpa. 2780 IN PTR sky.census.shodan.io.
[I don't think I like this shodan IOT thing ^^]

1 81.183.253.3 23 3.253.183.81.in-addr.arpa. 80843 IN PTR dsl51B7FD03.fixip.t-online.hu.
1 81.214.70.186 23 186.70.214.81.in-addr.arpa. 38549 IN PTR 81.214.70.186.dynamic.ttnet.com.tr.
1 83.6.205.173 23 173.205.6.83.in-addr.arpa. 82396 IN PTR abbp173.neoplus.adsl.tpnet.pl.
1 84.94.192.94 23 94.192.94.84.in-addr.arpa. 3600 IN PTR 84.94.192.94.cable.012.net.il.
1 85.101.145.154 23 154.145.101.85.in-addr.arpa. 38445 IN PTR 85.101.145.154.dynamic.ttnet.com.tr.
1 85.109.190.94 23 94.190.109.85.in-addr.arpa. 37842 IN PTR 85.109.190.94.dynamic.ttnet.com.tr.
1 87.106.1.241 16868 241.1.106.87.in-addr.arpa. 2533 IN PTR s527594248.mialojamiento.es.
1 87.13.44.37 81 37.44.13.87.in-addr.arpa. 38279 IN PTR host37-44-dynamic.13-87-r.retail.telecomitalia.it.
1 88.228.97.154 23 154.97.228.88.in-addr.arpa. 37977 IN PTR 88.228.97.154.dynamic.ttnet.com.tr.
1 88.235.30.54 23 54.30.235.88.in-addr.arpa. 37841 IN PTR 88.235.30.54.dynamic.ttnet.com.tr.
1 89.163.157.162 0
1 89.163.251.151 5060 151.251.163.89.in-addr.arpa. 81703 IN PTR ve782.venus.fastwebserver.de.
1 89.248.171.2 443 2.171.248.89.in-addr.arpa. 3131 IN PTR 89.248.171.2.static-nl.cryptolayer.com.
1 91.122.40.86 22 86.40.122.91.in-addr.arpa. 3600 IN PTR ppp91-122-40-86.pppoe.avangarddsl.ru.

1 91.211.2.106 338 106.2.211.91.in-addr.arpa. 78740 IN PTR hostby.chnet.se.
1 91.211.2.106 666 106.2.211.91.in-addr.arpa. 78735 IN PTR hostby.chnet.se.
1 91.211.2.108 3390 108.2.211.91.in-addr.arpa. 56583 IN PTR hostby.chnet.se.
1 91.211.2.108 3392 108.2.211.91.in-addr.arpa. 56578 IN PTR hostby.chnet.se.
1 91.211.2.108 3393 108.2.211.91.in-addr.arpa. 56573 IN PTR hostby.chnet.se.
1 91.211.2.108 3394 108.2.211.91.in-addr.arpa. 56568 IN PTR hostby.chnet.se.
1 91.211.2.108 3395 108.2.211.91.in-addr.arpa. 56563 IN PTR hostby.chnet.se.
1 91.211.2.108 3396 108.2.211.91.in-addr.arpa. 56558 IN PTR hostby.chnet.se.
1 91.211.2.108 4444 108.2.211.91.in-addr.arpa. 56553 IN PTR hostby.chnet.se.
1 91.211.2.108 6666 108.2.211.91.in-addr.arpa. 56548 IN PTR hostby.chnet.se.
[Yeah, that's a port scan ^^]

1 91.230.121.168 123
1 91.98.76.50 445 50.76.98.91.in-addr.arpa. 81378 IN PTR 91.98.76.50.pol.ir.

1 93.174.93.136 3128 136.93.174.93.in-addr.arpa. 3228 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 3333 136.93.174.93.in-addr.arpa. 3223 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 7777 136.93.174.93.in-addr.arpa. 3218 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 8000 136.93.174.93.in-addr.arpa. 3213 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 808 136.93.174.93.in-addr.arpa. 3208 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 8887 136.93.174.93.in-addr.arpa. 3203 IN PTR no-reverse-dns-configured.com.
[Another port scan ^^]

1 94.23.252.163 19 163.252.23.94.in-addr.arpa. 80761 IN PTR ns380322.ip-94-23-252.eu.
1 94.76.206.197 445 197.206.76.94.in-addr.arpa. 81066 IN PTR www.eventogioco.com.
1 95.102.92.146 23 146.92.102.95.in-addr.arpa. 82154 IN PTR adsl-dyn-146.95-102-92.t-com.sk.
1 95.231.117.83 23 83.117.231.95.in-addr.arpa. 38362 IN PTR host83-117-static.231-95-b.business.telecomitalia.it.
1 95.47.132.36 23
2 46.48.215.149 21
5 195.154.241.198 5060 198.241.154.195.in-addr.arpa. 80630 IN PTR 195-154-241-198.rev.poneytelecom.eu.
5 51.15.8.65 5060 65.8.15.51.in-addr.arpa. 80893 IN PTR 51-15-8-65.rev.poneytelecom.eu.
1 134.249.93.92 23 92.93.249.134.in-addr.arpa. 82753 IN PTR 134-249-93-92.broadband.kyivstar.net.

LACNIC (South America)

1 131.0.251.42 23
1 138.219.192.152 23 152.192.219.138.in-addr.arpa. 3600 IN PTR 138-219-192-152.brasilnett.com.br.
1 177.158.181.22 23 22.181.158.177.in-addr.arpa. 83366 IN PTR 177.158.181.22.dynamic.adsl.gvt.net.br.
1 177.221.104.97 22 97.104.221.177.in-addr.arpa. 80232 IN PTR bilink-97-bgp104.bilink.com.br.
1 177.246.184.146 5358 146.184.246.177.in-addr.arpa. 82679 IN PTR customer-COL-184-146.megared.net.mx.
1 179.183.255.131 23 131.255.183.179.in-addr.arpa. 83230 IN PTR 179.183.255.131.dynamic.adsl.gvt.net.br.
1 179.99.200.173 23 173.200.99.179.in-addr.arpa. 83015 IN PTR 179-99-200-173.dsl.telesp.net.br.
1 181.211.229.103 22 103.229.211.181.in-addr.arpa. 3332 IN PTR 103.229.211.181.static.pichincha.andinanet.net.
1 181.26.172.209 23 209.172.26.181.in-addr.arpa. 81925 IN PTR 181-26-172-209.speedy.com.ar.
1 186.119.100.44 23
1 186.178.182.170 23 170.182.178.186.in-addr.arpa. 3582 IN PTR 170.182.178.186.static.pichincha.andinanet.net.
1 186.178.189.236 23 236.189.178.186.in-addr.arpa. 2871 IN PTR 236.189.178.186.static.pichincha.andinanet.net.
1 186.56.147.223 23 223.147.56.186.in-addr.arpa. 82146 IN PTR 186-56-147-223.mrse.com.ar.
1 186.57.50.58 22 58.50.57.186.in-addr.arpa. 82932 IN PTR 186-57-50-58.speedy.com.ar.
1 187.108.150.123 445 123.150.108.187.in-addr.arpa. 3600 IN PTR 187.108.150.123.nqt.com.br.
1 187.123.88.199 23 199.88.123.187.in-addr.arpa. 3600 IN PTR bb7b58c7.virtua.com.br.
1 187.160.216.136 81 136.216.160.187.in-addr.arpa. 24941 IN PTR CableLink-187-160-216-136.PCs.InterCable.net.
1 187.160.217.103 23 103.217.160.187.in-addr.arpa. 24360 IN PTR CableLink-187-160-217-103.PCs.InterCable.net.
1 187.185.113.221 23 221.113.185.187.in-addr.arpa. 3600 IN PTR 187.185.113.221.cable.dyn.cableonline.com.mx.
1 187.87.205.87 23
1 188.49.86.245 23
1 189.219.19.113 23 113.19.219.189.in-addr.arpa. 3600 IN PTR CableLink-189-219-19-113.Hosts.InterCable.net.
1 190.235.230.162 23
1 190.39.93.7 445
1 190.48.228.199 23 199.228.48.190.in-addr.arpa. 83075 IN PTR 190-48-228-199.speedy.com.ar.
1 190.62.151.165 81
1 191.34.101.72 23 72.101.34.191.in-addr.arpa. 81928 IN PTR 191.34.101.72.dynamic.adsl.gvt.net.br.
1 191.82.116.85 22 85.116.82.191.in-addr.arpa. 81973 IN PTR 191-82-116-85.speedy.com.ar.
1 200.77.164.202 717 202.164.77.200.in-addr.arpa. 82571 IN PTR 200-77-164-202.cable.dyn.cablevision.net.mx.
1 200.8.152.168 23
1 200.92.180.72 81 72.180.92.200.in-addr.arpa. 81990 IN PTR customer-MZT-180-72.megared.net.mx.
1 201.10.181.136 23 136.181.10.201.in-addr.arpa. 81472 IN PTR 201-10-181-136.CPCE-MS-MAN-SWTL3-A03.dsl.brasiltelecom.net.br.
1 201.164.201.142 23 142.201.164.201.in-addr.arpa. 82274 IN PTR customer-COL-201-142.megared.net.mx.
1 201.24.92.8 23 8.92.24.201.in-addr.arpa. 81894 IN PTR 201-24-92-8.fnsce701.dsl.brasiltelecom.net.br.
1 201.252.134.197 23 197.134.252.201.in-addr.arpa. 81723 IN PTR host197.201-252-134.telecom.net.ar.
[^^Port 23 is all the rage in Latin America!]

AFRINIC (Africa)

1 196.41.221.58 445
1 197.50.71.27 23 27.71.50.197.in-addr.arpa. 81693 IN PTR host-197.50.71.27.tedata.net.
1 198.50.187.240 1755 240.187.50.198.in-addr.arpa. 81748 IN PTR ddos-protected-l7.198.50.187.240.heavyhost.net.
1 2.184.214.41 7547
1 200.6.170.133 23 133.170.6.200.in-addr.arpa. 82201 IN PTR static-BAFO-200-6-170-133.une.net.co.
1 49.117.21.122 23
1 49.73.95.238 23
1 49.81.146.42 23
1 41.41.84.204 23 204.84.41.41.in-addr.arpa. 81825 IN PTR host-41.41.84.204.tedata.net.
1 41.41.84.204 2323 204.84.41.41.in-addr.arpa. 81820 IN PTR host-41.41.84.204.tedata.net.
[^^Africa is the most well-behaved continent today]

Hits | Port
  107 23 [23 wins! Telnet, likely IOT. More hits than any other port]
  19 1433 [Better not have your database on the Internet. Use layered security (networking)]
  16 22 [Port 22 should be locked down to specific IPs]
  15 5060 [SIP https://www.speedguide.net/port.php?port=5060]
  12 1900 [Block from Internet, upgrade old systems]
  11 445 [Block from Internet, upgrade old systems]
  10 81 [Port 81?? https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/ Obsfucating traffic back to C2?]
  10 3389 [Port 3389 should be locked down to specific IPs]
   6 0 [Don't allow invalid ports on your network]
   3 8080
   3 717
   3 3306
   3 2323
   2 808
   2 49867
   2 443
   2 3390
   2 2433
   2 2222
   2 21
   2 1962
   2 137
   2 123
   1 993
   1 9200
   1 8887
   1 8880
   1 8443
   1 8000
   1 80
   1 7991
   1 7777
   1 7547
   1 69
   1 6666
   1 666
   1 65439
   1 63393
   1 623
   1 5986
   1 5985
   1 59108
   1 5901
   1 57845
   1 554
   1 5358
   1 53413
   1 53
   1 52306
   1 523
   1 502
   1 500
   1 49431
   1 47808
   1 44818
   1 4444
   1 4070
   1 4040
   1 3689
   1 3401
   1 3396
   1 3395
   1 3394
   1 3393
   1 3392
   1 338
   1 3357
   1 3333
   1 32761
   1 32175
   1 3128
   1 20366
   1 19
   1 1883
   1 177
   1 1755
   1 17185
   1 16868
   1 1533
   1 12345
   1 110
   1 1099
   1 1022
   1 1021
   1 1020

Saturday, May 20, 2017

Random Internet Connections ~ May 20, 2017

Back where we started. Do it all over again.

Today's list of visitors to a honeypot after just a few hours:

1.148.60.86.in-addr.arpa. 3469 86-60-148-1-dyn-dsl.ssp.fi.
10.99.172.163.in-addr.arpa. 86076 163-172-99-10.rev.poneytelecom.eu.
100.144.224.42.in-addr.arpa. 86266 hn.kd.ny.adsl.
102.222.82.80.in-addr.arpa. 86268 web2.panel1.de.
102.239.125.64.in-addr.arpa. 86266 64.125.239.102.IPYX-103607-ZYO.zip.zayo.com.
104.91.224.177.in-addr.arpa. 86080 customer-COL-91-104.megared.net.mx.
106.173.147.88.in-addr.arpa. 86271 88-147-173-106-cg-nat.san.ru.
106.95.174.93.in-addr.arpa. 3149 battery.census.shodan.io.
108.2.211.91.in-addr.arpa. 19814 hostby.chnet.se.
111.236.86.67.in-addr.arpa. 86266 ool-4356ec6f.dyn.optonline.net.
111.79.162.139.in-addr.arpa. 85400 li1559-111.members.linode.com.
112.0.211.91.in-addr.arpa. 83109 hostby.chnet.se.
116.10.55.45.in-addr.arpa. 1667 worker-4-27b-12.stretchoid.com.
117.233.54.169.in-addr.arpa. 85856 75.e9.36a9.ip4.static.sl-reverse.com.
117.8.227.68.in-addr.arpa. 86266 ip68-227-8-117.lv.lv.cox.net.
118.233.54.169.in-addr.arpa. 85232 76.e9.36a9.ip4.static.sl-reverse.com.
120.117.170.216.in-addr.arpa. 86262 mail.sell4india.com.
123.20.174.190.in-addr.arpa. 86082 190-174-20-123.speedy.com.ar.
123.87.219.189.in-addr.arpa. 3282 CableLink-189-219-87-123.Hosts.InterCable.net.
124.198.81.110.in-addr.arpa. 86074 124.198.81.110.broad.qz.fj.dynamic.163data.com.cn.
126.66.24.201.in-addr.arpa. 86261 201-24-66-126.fnsce701.dsl.brasiltelecom.net.br.
126.66.24.201.in-addr.arpa. 86261 201-24-66-126.jvece702.dsl.brasiltelecom.net.br.
127.53.4.122.in-addr.arpa. 1271 127.53.4.122.broad.jn.sd.dynamic.163data.com.cn.
129.31.106.177.in-addr.arpa. 53679 177-106-031-129.xd-dynamic.algarnetsuper.com.br.
130.55.65.95.in-addr.arpa. 86273 95-65-55-130.starnet.md.
131.135.6.71.in-addr.arpa. 42488 census7.shodan.io.
131.151.38.89.in-addr.arpa. 86271 host131-151-38-89.static.arubacloud.com.
133.127.159.178.in-addr.arpa. 3282 host-178-159-127-133.mirgiga.net.
136.93.174.93.in-addr.arpa. 1479 no-reverse-dns-configured.com.
139.70.219.189.in-addr.arpa. 3281 CableLink-189-219-70-139.Hosts.InterCable.net.
139.77.82.80.in-addr.arpa. 592 dojo.census.shodan.io.
14.247.188.80.in-addr.arpa. 86268 14.247.broadband.iol.cz.
140.161.54.122.in-addr.arpa. 86083 122.54.161.140.pldt.net.
142.55.249.134.in-addr.arpa. 86074 134-249-55-142.broadband.kyivstar.net.
15.99.13.103.in-addr.arpa. 86073 static-103-13-99-15.ctrls.in.
151.64.118.46.in-addr.arpa. 86268 46-118-64-151.broadband.kyivstar.net.
152.239.125.64.in-addr.arpa. 86266 64.125.239.152.IPYX-103607-ZYO.zip.zayo.com.
152.46.98.91.in-addr.arpa. 86272 91.98.46.152.pol.ir.
153.122.212.141.in-addr.arpa. 575 researchscan408.eecs.umich.edu.
154.122.212.141.in-addr.arpa. 576 researchscan409.eecs.umich.edu.
154.163.160.187.in-addr.arpa. 28479 CableLink-187-160-163-154.PCs.InterCable.net.
155.242.238.177.in-addr.arpa. 3281 177.238.242.155.cable.dyn.cableonline.com.mx.
155.36.2.190.in-addr.arpa. 86083 customer-static-2-36-155.iplannetworks.net.
155.57.19.187.in-addr.arpa. 86080 187-19-57-155.dynamic.infolic.net.br.
155.6.219.189.in-addr.arpa. 3281 CableLink-189-219-6-155.Hosts.InterCable.net.
155.63.92.200.in-addr.arpa. 86260 customer-MZT-63-155.megared.net.mx.
156.58.210.34.in-addr.arpa. 165 ec2-34-210-58-156.us-west-2.compute.amazonaws.com.
16.229.212.173.in-addr.arpa. 85553 vmi118265.contaboserver.net.
161.13.250.88.in-addr.arpa. 43071 88.250.13.161.dynamic.ttnet.com.tr.
161.169.211.181.in-addr.arpa. 6882 161.169.211.181.static.pichincha.andinanet.net.
161.63.15.51.in-addr.arpa. 60 probe1.sisyphe.io.
162.2.46.178.in-addr.arpa. 3281 adsl-178-46-2-162.muravlenko.ru.
162.219.110.200.in-addr.arpa. 42887 static162.219.110.200.cps.com.ar.
162.59.16.190.in-addr.arpa. 86082 162-59-16-190.fibertel.com.ar.
165.216.9.95.in-addr.arpa. 43074 95.9.216.165.dynamic.ttnet.com.tr.
166.158.6.71.in-addr.arpa. 43066 ninja.census.shodan.io.
169.167.56.186.in-addr.arpa. 86079 186-56-167-169.mrse.com.ar.
179.74.8.176.in-addr.arpa. 86079 176-8-74-179.broadband.kyivstar.net.
182.47.76.144.in-addr.arpa. 86076 static.182.47.76.144.clients.your-server.de.
183.158.240.88.in-addr.arpa. 43071 88.240.158.183.dynamic.ttnet.com.tr.
184.13.55.45.in-addr.arpa. 1667 worker-4-27b-100.stretchoid.com.
188.113.213.176.in-addr.arpa. 3278 176x213x113x188.dynamic.tula.ertelecom.ru.
188.6.87.115.in-addr.arpa. 86075 ppp-115-87-6-188.revip4.asianet.co.th.
190.134.118.79.in-addr.arpa. 86268 79-118-134-190.rdsnet.ro.
190.49.102.94.in-addr.arpa. 1452 flower.census.shodan.io.
190.57.92.200.in-addr.arpa. 86260 customer-MZT-57-190.megared.net.mx.
191.72.162.139.in-addr.arpa. 86075 li1552-191.members.linode.com.
193.72.128.217.in-addr.arpa. 172662 LMontsouris-656-1-142-193.w217-128.abo.wanadoo.fr.
198.23.0.122.in-addr.arpa. 89677 static-122-0-23-198.mykris.net.
198.241.154.195.in-addr.arpa. 79427 195-154-241-198.rev.poneytelecom.eu.
199.12.51.42.in-addr.arpa. 166 htuidc.bgp.ip.
2.247.232.221.in-addr.arpa. 86263 2.247.232.221.broad.wh.hb.dynamic.163data.com.cn.
2.46.249.88.in-addr.arpa. 43071 88.249.46.2.static.ttnet.com.tr.
20.0-26.47.82.74.in-addr.arpa. 85795 scan-11d.shadowserver.org.
20.47.82.74.in-addr.arpa. 85795 20.0-26.47.82.74.in-addr.arpa.
205.186.29.174.in-addr.arpa. 42876 174-29-186-205.hlrn.qwest.net.
207.157.227.125.in-addr.arpa. 42873 125-227-157-207.HINET-IP.hinet.net.
212.113.162.139.in-addr.arpa. 86075 li1597-212.members.linode.com.
215.52.0.194.in-addr.arpa. 172485 194-52-0-215.pool.axon-isp.net.
222.111.64.27.in-addr.arpa. 86264 localhost.
223.148.32.114.in-addr.arpa. 42875 114-32-148-223.HINET-IP.hinet.net.
228.217.238.177.in-addr.arpa. 3280 177.238.217.228.cable.dyn.cableonline.com.mx.
229.14.70.193.in-addr.arpa. 86083 ns3063393.ip-193-70-14.eu.
229.251.9.221.in-addr.arpa. 86264 229.251.9.221.adsl-pool.jlccptt.net.cn.
23.152.191.37.in-addr.arpa. 86266 23.37-191-152.fiber.lynet.no.
23.169.75.211.in-addr.arpa. 43062 211-75-169-23.HINET-IP.hinet.net.
23.51.154.195.in-addr.arpa. 86085 195-154-51-23.rev.poneytelecom.eu.
230.252.193.104.in-addr.arpa. 82921 edwardmurphy.clientshostname.com.
230.66.77.128.in-addr.arpa. 258874 cm-128.77.66.230.getinternet.no.
234.174.92.200.in-addr.arpa. 86260 customer-MZT-174-234.megared.net.mx.
234.37.186.113.in-addr.arpa. 86075 localhost.
236.215.27.92.in-addr.arpa. 6884 host-92-27-215-236.static.as13285.net.
238.7.39.77.in-addr.arpa. 3467 host-77-39-7-238.stv.ru.
240.192-26.247.105.184.in-addr.arpa. 86400
240.247.105.184.in-addr.arpa. 86400 240.192-26.247.105.184.in-addr.arpa.
242.97.173.201.in-addr.arpa. 7060 CableLink-173-97-242.CPE.InterCable.net.
246.10.68.106.in-addr.arpa. 86073 106-68-10-246.dyn.iinet.net.au.
246.32.92.200.in-addr.arpa. 86259 customer-MZT-32-246.megared.net.mx.
247.213.60.187.in-addr.arpa. 86081 247.213.60.187.dynamic.ampernet.com.br.
25.22.23.187.in-addr.arpa. 3280 bb171619.virtua.com.br.
25.75.202.196.in-addr.arpa. 86086 host-196.202.75.25-static.tedata.net.
251.145.45.70.in-addr.arpa. 86266 dynamic.libertypr.net.
253.138.173.201.in-addr.arpa. 7060 CableLink-173-138-253.CPE.InterCable.net.
254.140.81.191.in-addr.arpa. 86082 191-81-140-254.speedy.com.ar.
26.239.125.64.in-addr.arpa. 86266 64.125.239.26.IPYX-103607-ZYO.zip.zayo.com.
27.174.56.27.in-addr.arpa. 28664 abts-north-dynamic-27.174.56.27.airtelbroadband.in.
31.52.255.201.in-addr.arpa. 86261 201-255-52-31.mrse.com.ar.
33.236.27.64.in-addr.arpa. 86266 host-64.27.236.33.shawneelink.net.
4.105.118.46.in-addr.arpa. 86267 46-118-105-4.broadband.kyivstar.net.
4.68.253.94.in-addr.arpa. 604673 94-253-68-4.dynvpn.flex.ru.
41.154.8.176.in-addr.arpa. 86078 176-8-154-41.broadband.kyivstar.net.
43.157.232.41.in-addr.arpa. 86265 host-41.232.157.43.tedata.net.
49.137.61.185.in-addr.arpa. 300 hosted-by.blazingfast.io.
52.109.27.198.in-addr.arpa. 86086 ip52.ip-198-27-109.net.
53.61.8.31.in-addr.arpa. 86265 h31-8-61-53.dyn.bashtel.ru.
54.89.10.83.in-addr.arpa. 86269 ackn54.neoplus.adsl.tpnet.pl.
56.135.175.1.in-addr.arpa. 86074 1-175-135-56.dynamic-ip.hinet.net.
56.64.153.189.in-addr.arpa. 89681 dsl-189-153-64-56-dyn.prod-infinitum.com.mx.
57.56.175.110.in-addr.arpa. 172473 110-175-56-57.static.tpgi.com.au.
61.246.248.5.in-addr.arpa. 86269 5-248-246-61.broadband.kyivstar.net.
64.136.160.122.in-addr.arpa. 85187 abts-north-static-064.136.160.122.airtelbroadband.in.
65.12.55.45.in-addr.arpa. 1667 worker-4-27b-51.stretchoid.com.
65.152.69.177.in-addr.arpa. 53681 177-069-152-065.static.ctbctelecom.com.br.
65.64.177.14.in-addr.arpa. 3275 static.vnpt.vn.
67.206.218.216.in-addr.arpa. 86400 67.64-26.206.218.216.in-addr.arpa.
67.234.129.186.in-addr.arpa. 86079 186-129-234-67.speedy.com.ar.
67.64-26.206.218.216.in-addr.arpa. 86400
7.90.32.120.in-addr.arpa. 86078 7.90.32.120.broad.fz.fj.dynamic.163data.com.cn.
71.145.236.177.in-addr.arpa. 3280 177.236.145.71.cable.dyn.cableonline.com.mx.
73.4.39.179.in-addr.arpa. 86082 179-39-4-73.speedy.com.ar.
73.66.15.51.in-addr.arpa. 60 73-66-15-51.rev.cloud.scaleway.com.
74.128.1.168.in-addr.arpa. 86076 4a.80.01a8.ip4.static.sl-reverse.com.
77.79.119.46.in-addr.arpa. 86268 46-119-79-77.broadband.kyivstar.net.
79.183.178.186.in-addr.arpa. 6879 79.183.178.186.static.pichincha.andinanet.net.
79.199.60.86.in-addr.arpa. 3470 86-60-199-79-Dyn-dsl.ssp.fi.
83.223.155.195.in-addr.arpa. 86086 host-195-155-223-83.reverse.superonline.net.
84.244.54.169.in-addr.arpa. 85189 54.f4.36a9.ip4.static.sl-reverse.com.
86.204.116.45.in-addr.arpa. 120 undefined.hostname.localhost.
88.20.2.104.in-addr.arpa. 6873 104-2-20-88.lightspeed.rcsntx.sbcglobal.net.
89.244.81.148.in-addr.arpa. 42877 89.244.81.148.in-addr.arpa.imm.org.pl.
93.84.14.5.in-addr.arpa. 86269 5-14-84-93.residential.rdsnet.ro.
98.83.243.123.in-addr.arpa. 172483 123-243-83-98.static.tpgi.com.au.