The Shadow Brokers dropped another server list today–is it relevant?

// October 31st, 2016 // Hacking and Security

Equation Group victims map

The Shadow Brokers published another encrypted drop today on Medium which they say reveals NSA IP addresses linked to the Equation Group (some believe Equation Group is a NSA hacking cooperative). TSB’s drop, titled “Trick or Treat”, uses the same PGP as previous drops so it appears to be legit.

The contents of the drop seem to be broken into folders organized by toolset and include directory names dewdrop, incision, jackladder, orangutan, patchicillin, reticulum, sidetrack, stoicsurgeon, intonation, and pitchimpair. Inside each folder are output files for each target that include the target’s name, ip address, and OS/version. It is believed that the servers/devices/clients listed are compromised or owned Equation Group boxes that were used as staging platforms to launch attacks. Servers in China and Japan top the list.

Note that the servers on the list may be several years old. Most were running Solaris but some were running FreeBSD or Linux variants.  The servers I tested were unreachable.  However, the IP addresses may be useful in determining if you were previously targeted.

The Shadow Brokers readme

The rambling, broken English Readme said:

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.

Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being free press? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing Free Press is not being Free as in free beer or Free as in free of government influence?

Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? one person, one vote? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking one person, one vote? Money isn’t corrupting elections, politics, govenments?

USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?

Ok peoples theshadowbrokers is promising you a trick or treating, here it is

https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ

https://yadi.sk/d/NCEyJQsBxrQxz

Password = payus

This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don’t be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?

How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v2

iQIcBAEBCAAGBQJYCwLeAAoJEAQSTyzLXAwbzDcP/1TWHz9lhjNte7PD/wd5JPQp

ohn6UGbh4t++VXUFwbHgcm7ex++ByG0p68LOPY8Q3G5eq/3EqtVN57br8vtBKgew

UomySsoPfpzIagV1vdb3IntcoO/5OvtaMyAePih5S0ND4jwjrMx0G9DG3bWB5yPy

/laQb+zozYRqtDkbvz7LVyEhT6ohAn0rPebbeItHgIGQiJ96Oh5KG2xw4+3qkXDc

Q+1ZKaHk/0pVQRRO/7TvNgX7XPKFM5KllsP5HShecnL2PZwjBj362yGd3vUqdFZL

mun+J5iDZHs0r79e1+SxVJ2zWrHvaruciT8uw+tI13C2tJYjyAV2h/pPI558ecLp

iLnemae9zvx4veLmmaxzPJy4vtUdYFFO3h6F/QMdxZVA+eGbusQ9sJ4yWMFkNBaB

M7hjzQz7cdI6lF/xydLEmJf8voGxsei+gRi4kB6+TXN5WNIMM03aImZjv11KefmG

Rwn+MaUFerQorxK7MNRXrNHzSgcOI3ooQRf/T+Ly3K1qJnP01x24BhRQVdw6wSsS

J9aYZaVoIqeZw0j6IaAlKFGX7yaWaXQ+ZrBZZw7YToB4PCNwCG54rNO2kG79r8si

RfYKyF//fOUHDlWi5TVhGz8mEZMkfL4Yc8i2RFtWTr4fRLMj9Trx7P7KsnxNrG1Y

IbyF+34RTur6klsCCMpa

=Y6Dc

—–END PGP SIGNATURE—–

Servers in The Shadow Brokers drop

The following list of servers were included in the drop. Again, the ones I tested were unreachable.

\intonation\fw433.npic.ac.cn___168.160.71.3

\intonation\gambero3.cs..tin.it___194.243.154.62

\intonation\gate.technopolis.kirov.ru___217.9.148.61

\intonation\hakuba.janis.or.jp___210.232.42.3

\intonation\imms1.macau.ctm.net___202.175.36.54

\intonation\indy.fjmu.edu.cn___202.112.176.3

\intonation\jur.unn.ac.ru___62.76.114.22

\intonation\kacstserv.kacst.edu.sa___212.26.44.132

\intonation\known.counsellor.gov.cn___61.151.243.13

\intonation\kserv.krldysh.ru___194.226.57.53

\intonation\laleh.itrc.ac.ir.___80.191.2.2

\intonation\laleh.itrc.ac.ir___80.191.2.2

\intonation\m0-s.san.ru___88.147.128.28

\intonation\mail.bangla.net___203.188.252.3

\intonation\mail.edi.edu.cn___218.104.71.61

\intonation\mail.hallym.ac.kr___210.115.225.25

\intonation\mail.hangzhouit.gov.cn___202.107.197.199

\intonation\mail.hz.zh.cn___202.101.172.6

\intonation\mail.imamu.edu.sa___212.138.48.8

\intonation\mail.interq.or.jp___210.157.0.87

\intonation\mail.ioc.ac.ru___193.233.3.6

\intonation\mail.issas.ac.cn___159.226.121.1

\intonation\mail.pmo.ac.cn___159.226.71.3

\intonation\mail.siom.ac.cn___210.72.9.2

\intonation\mail.tropmet.res.in___203.199.143.2

\intonation\mail.tsinghua.edu.cn___166.111.8.17

\intonation\mail.zzu.edu.cn___222.22.32.88

\intonation\mail1.371.net___218.29.0.195

\intonation\mailgate.sbell.com.cn___202.96.203.173

\intonation\mail-gw.jbic.go.jp___210.155.61.54

\intonation\mailgw.thtf.com.cn___218.107.133.12

\intonation\mailhub.minaffet.gov.rw___62.56.174.152

\intonation\mails.cneic.com.cn___218.247.159.113

\intonation\mailscan3.cau.ctm.net___202.175.36.180

\intonation\mailsrv02.macau.ctm.net___202.175.3.120

\intonation\mailsvra.macau.ctm.net___202.175.3.119

\intonation\mbi3.kuicr.kyoto-u.ac.jp___133.103.101.21

\intonation\mcd-su-2.mos.ru___10.34.100.2

\intonation\metcoc5cm.clarent.com___213.132.50.10

\intonation\mipsa.ciae.ac.cn___202.38.8.1

\intonation\mn.mn.co.cu___216.72.24.114

\intonation\most.cob.net.ba___195.222.48.5

\intonation\mpkhi-bk.multi.net.pk___202.141.224.40

\intonation\msgstore2.pldtprv.net___192.168.120.3

\intonation\mtccsun.imtech.ernet.in___202.141.121.198

\intonation\mx1.freemail.ne.jp___210.235.164.21

\intonation\n02.unternehmen.com___62.116.144.147

\intonation\nd11mx1-a-fixed.sancharnet.in___61.0.0.46

\intonation\ndl1mc1-a-fixed.sancharnet.in___61.0.0.46

\intonation\ndl1mx1-a-fixed.sancharnet.in___61.0.0.46

\intonation\ndl1pp1-a-fixed.sancharnet.in___61.0.0.71

\intonation\no1.unternehemen.com___62.116.144.150

\intonation\no3.unternehmen.org___62.116.144.190

\intonation\ns.cac.com.cn___202.98.102.5

\intonation\ns.huawei.com.cn___202.96.135.140

\intonation\ns.nint.ac.cn___210.83.3.26

\intonation\ns1.2911.net___202.99.41.9

\intonation\ns1.multi.net.pk___202.141.224.34

\intonation\ns2.rosprint.ru___194.84.23.125

\intonation\ns2.xidian.edu.cn___202.117.112.4

\intonation\opcwdns.opcw.nl___195.193.177.150

\intonation\opserver01.iti.net.pk___202.125.138.184

\intonation\orange.npix.net___211.43.194.48

\intonation\orion.platino.gov.ve___161.196.215.67

\intonation\outweb.nudt.edu.cn___202.197.0.185

\intonation\pdns.nudt.edu.cn___202.197.0.180

\intonation\petra.nic.gov.jo___193.188.71.4

\intonation\pop.net21pk.com___203.135.45.66

\intonation\post.netchina.com.cn___202.94.1.48

\intonation\postbox.mos.ru___10.30.10.32

\intonation\public2.zz.ha.cn___218.29.0.200

\intonation\rayo.pereira.multi.net.co___206.49.164.2

\intonation\sea.net.edu.cn___202.112.5.66

\intonation\sedesol.sedesol.gob.mx___148.233.6.164

\intonation\segob.gob.mx___200.38.166.2

\intonation\sky.kies.co.kr___203.236.114.1

\intonation\smmu-ipv6.smmu.edu.cn___202.121.224.5

\intonation\smtp.2911.net___218.245.255.5

\intonation\smtp.macau.ctm.net___202.175.36.220

\intonation\sonatns.sonatrach.dz___193.194.75.35

\intonation\sparc.nour.net.sa___212.12.160.26

\intonation\sps01.office.ctm.net___202.175.4.38

\intonation\sunhe.jinr.ru___159.93.18.100

\intonation\sussi.cressoft.com.pk___202.125.140.194

\intonation\tx.micro.net.pk___203.135.2.194

\intonation\ultra2.tsinghua.edu.cn___166.111.120.10

\intonation\unk.vver.kiae.rr___144.206.175.2

\intonation\unknown.counsellor.gov.cn___61.151.243.13

\intonation\voyager1.telesat.com.co___66.128.32.68

\intonation\web-ccfr.tsinghua.edu.cn___166.111.96.91

\intonation\webnetra.entelnet.bo___166.114.10.28

\intonation\webserv.mos.ru___10.30.10.2

\intonation\ws.xjb.ac.cn___159.226.135.12

\intonation\www.caramail.com___195.68.99.20

\intonation\www.siom.ac.cn___202.127.16.44

\intonation\www21.counsellor.gov.cn___61.151.243.13

\intonation\www21.counsellor.gov.cn___130.34.115.132

\intonation\bgl1dr1-a-fixed.sancharnet.in___61.1.128.17

\intonation\bgl1pp1-a-fixed.sancharnet.in___61.1.128.71

\intonation\bj02.cww.com___202.84.16.34

\intonation\butt-head.mos.ru___10.30.1.130

\intonation\dcproxy1.thrunet.com___210.117.65.44

\intonation\dmn2.bjpeu.edu.cn___202.204.193.1

\intonation\dns2.net1.it___213.140.195.7

\intonation\doors.co.kr___211.43.193.9

\intonation\enterprise.telesat.com.co___66.128.32.67

\intonation\eol1.egyptonline.com___206.48.31.2

\pitchimpair\ccmman.rz.unibw–muenchen.de___137.93.10.6

\pitchimpair\ci970000.sut.ac.jp___133.31.106.46

\pitchimpair\ciidet.rtn.net.mx___204.153.24.32

\pitchimpair\cmusun8.unige.ch___129.194.97.8

\pitchimpair\colpisaweb.sarenet.es___194.30.32.229

\pitchimpair\connection1.connection.com.br___200.160.208.4

\pitchimpair\connection2.connection.com.br___200.160.208.8

\pitchimpair\cs-serv02.meiji.ac.jp___133.26.135.224

\pitchimpair\debby.vub.ac.be___134.184.15.79

\pitchimpair\dns1.unam.mx___132.248.204.1

\pitchimpair\dns2.chinamobile.com___211.137.241.34

\pitchimpair\dns2.unam.mx___132.248.10.2

\pitchimpair\docs.ccs.net.mx___200.36.53.150

\pitchimpair\dragon.unideb.hu___193.6.138.65

\pitchimpair\dukas.upc.es___147.83.2.62

\pitchimpair\e3000.hallym.ac.kr___210.115.225.16

\pitchimpair\electra.otenet.gr___195.170.2.3

\pitchimpair\expos.ee.nctu.edu.tw___140.113.212.20

\pitchimpair\fl.sun-ip.or.jp___150.27.1.10

\pitchimpair\ftp.hyunwoo.co.kr___211.232.97.195

\pitchimpair\ganeran.sarenet.es___194.30.32.177

\pitchimpair\geosun1.unige.ch___129.194.41.4

\pitchimpair\giada.ing.unirc.it___192.167.50.14

\pitchimpair\hk.sun-ip.or.jp___150.27.1.5

\pitchimpair\iconoce1.sarenet.es___194.30.0.16

\pitchimpair\icrsun.kuicr.kyoto-u.ac.jp___133.3.5.20

\pitchimpair\ids2.int.ids.pl___195.117.3.32

\pitchimpair\info.ccs.net.mx___200.36.53.160

\pitchimpair\itellin1.eafix.net___212.49.95.133

\pitchimpair\iti-idsc.net.eg___163.121.12.2

\pitchimpair\jumi.hyunwoo.co.kr___211.232.97.217

\pitchimpair\jupiter.mni.fh.giessen.de___212.201.7.17

\pitchimpair\kalliope.rz.unibw–muenchen.de___137.193.10.12

\pitchimpair\kommsrv.rz.unibw-muenchen.de___137.193.10.8

\pitchimpair\logos.uba.uva.nl___145.18.84.96

\pitchimpair\ltv.com.ve___200.75.112.26

\pitchimpair\m16.kazibao.net___213.41.77.50

\pitchimpair\mail.a-1.net.cn___210.77.147.84

\pitchimpair\mail.bangla.net___203.188.252.3

\pitchimpair\mail.bhu.ac.in___202.141.107.15

\pitchimpair\mail.btbu.edu.cn___211.82.112.23

\pitchimpair\mail.dyu.edu.tw___163.23.1.73

\pitchimpair\mail.et.ntust.edu.tw___140.118.2.53

\pitchimpair\mail.hanseo.ac.kr___203.234.72.4

\pitchimpair\mail.hccc.gov.tw___210.241.6.97

\pitchimpair\mail.howon.ac.kr___203.146.64.14

\pitchimpair\mail.howon.ac.kr___203.246.64.14

\pitchimpair\mail.irtemp.na.cnr.it___140.164.20.20

\pitchimpair\mail.jccs.com.sa___212.70.32.100

\pitchimpair\mail.lzu.edu.cn___202.201.0.136

\pitchimpair\mail.mae.co.kr___210.118.179.1

\pitchimpair\mail.must.edu.tw___203.68.220.40

\pitchimpair\mail.ncue.edu.tw___163.23.225.100

\pitchimpair\mail.tccn.edu.tw___203.64.35.108

\pitchimpair\mail.tpo.fi___193.185.60.42

\pitchimpair\mail.univaq.it___192.150.195.10

\pitchimpair\mail.utc21.co.kr___211.40.103.194

\pitchimpair\mail1.imtech.res.in___203.90.127.22

\pitchimpair\mailer.ing.unirc.it___192.167.50.202

\pitchimpair\mailgw.idom.es___194.30.33.29

\pitchimpair\mailhost.fh-muenchen.de___129.187.244.204

\pitchimpair\mars.ee.nctu.tw___140.113.212.13

\pitchimpair\matematica.univaq.it___192.150.195.38

\pitchimpair\mbox.com.eg___213.212.208.10

\pitchimpair\mercurio.rtn.net.mx___204.153.24.14

\pitchimpair\milko.stacken.kth.se___130.237.234.3

\pitchimpair\moneo.upc.es___147.83.2.91

\pitchimpair\mtrader2.grupocorreo.es___194.30.32.29

\pitchimpair\mum1mr1-a-fixed.sancharnet.in___61.1.64.45

\pitchimpair\mu-me01-ns-ctm001.vsnl.net.in___202.54.4.39

\pitchimpair\mxtpa.biglobe.net.tw___202.166.255.103

\pitchimpair\myhome.elim.net___203.239.130.7

\pitchimpair\newin.int.rtbf.be___212.35.107.2

\pitchimpair\niveau.math.uni-bremen.de___134.102.124.201

\pitchimpair\nl37.yourname.nl___82.192.68.37

\pitchimpair\noc21.corp.home.ad.jp___203.165.5.78

\pitchimpair\noc23.corp.home.ad.jp___203.165.5.80

\pitchimpair\noc25.corp.home.ad.jp___203.165.5.82

\pitchimpair\noc26.corp.home.ad.jp___203.165.5.83

\pitchimpair\noc33.corp.home.ad.jp___203.165.5.74

\pitchimpair\noc35.corp.home.ad.jp___203.165.5.114

\pitchimpair\noc37.corp.home.ad.jp___203.165.5.117

\pitchimpair\noc38.corp.home.ad.jp___203.165.5.118

\pitchimpair\nodep.sun-ip.or.jp___150.27.1.2

\pitchimpair\noya.bupt.edu.cn___202.112.96.2

\pitchimpair\ns.anseo.dankook.ac.kr___203.237.216.2

\pitchimpair\ns.bigobe.net.tw___202.166.255.98

\pitchimpair\ns.bur.hiroshima-u.ac.jp___133.41.145.11

\pitchimpair\ns.cec.uchile.cl___200.9.97.3

\pitchimpair\ns.chining.com.tw___202.39.26.50

\pitchimpair\ns.eyes.co.kr___210.98.224.88

\pitchimpair\ns.gabontelecom.com___217.77.71.52

\pitchimpair\ns.global-one.dk___194.234.33.5

\pitchimpair\ns.hallym.ac.kr___210.115.225.11

\pitchimpair\ns.hanseo.ac.kr___203.234.72.1

\pitchimpair\ns.hufs.ac.kr___203.253.64.1

\pitchimpair\ns.icu.ac.kr___210.107.128.31

\pitchimpair\ns.ing.unirc.it___192.167.50.2

\pitchimpair\ns.khmc.or.kr___203.231.128.1

\pitchimpair\ns.kimm.re.kr___203.241.84.10

\pitchimpair\ns.kix.ne.kr___202.30.94.10

\pitchimpair\ns.rtn.net.mx___204.153.24.1

\pitchimpair\ns.stacken.kth.se___130.237.234.17

\pitchimpair\ns.unam.mx___132.248.253.1

\pitchimpair\ns.univaq.it___192.150.195.20

\pitchimpair\ns.youngdong.ac.kr___202.30.58.1

\pitchimpair\ns1.bangla.net___203.188.252.2

\pitchimpair\ns1.btc.bw___168.167.168.34

\pitchimpair\ns1.bttc.ru___80.82.162.118

\pitchimpair\ns1.gx.chinamobile.com___211.138.252.30

\pitchimpair\ns1.ias.ac.in___203.197.183.66

\pitchimpair\ns1.starnets.ro___193.226.61.68

\pitchimpair\ns1.sun-ip.or.jp___150.27.1.8

\pitchimpair\ns1.youngdong.ac.kr___202.30.58.5

\pitchimpair\ns2.ans.co.kr___210.126.104.74

\pitchimpair\ns2.chem.tohoku.ac.jp___130.34.115.132

\pitchimpair\ns2.chem.tohoku.ac.jp___130.134.115.132

\pitchimpair\ns2.otenet.gr___195.170.2.1

\pitchimpair\ns2-backup.tpo.fi___193.185.60.40

\pitchimpair\nsce1.ji-net.com___203.147.62.229

\pitchimpair\oiz.sarenet.es___192.148.167.17

\pitchimpair\okapi.ict.pwr.wroc.pl___156.17.42.30

\pitchimpair\orhi.sarenet.es___192.148.167.5

\pitchimpair\pastow.e-technik.uni-rostock.de___139.30.200.36

\pitchimpair\paula.e-technik.uni-rostock.de___139.30.200.225

\pitchimpair\pfdsun.kuicr.kyoto-u.ac.jp___133.3.5.2

\pitchimpair\photon.sci-museum.kita.osaka.jp___202.243.222.7

\pitchimpair\photon.sci-museum.osaka.jp___202.243.222.7

\pitchimpair\pitepalt.stacken.kth.se___130.237.234.151

\pitchimpair\pksweb.austria.eu.net___193.154.165.79

\pitchimpair\proxy1.tcn.ed.jp___202.231.176.242

\pitchimpair\rabbit.uj.edu.pl___149.156.89.33

\pitchimpair\royals.ee.nctu.edu.tw___140.113.212.9

\pitchimpair\s03.informatik.uni-bremin.de___134.102.201.53

\pitchimpair\san.hufs.ac.kr___203.253.64.2

\pitchimpair\saturn.mni.fh-giessen.de___212.201.7.21

\pitchimpair\sci.s-t.au.ac.th___168.120.9.1

\pitchimpair\scsun25.unige.ch___129.194.49.47

\pitchimpair\seoildsp.co.kr___218.36.28.250

\pitchimpair\servercip92.e-technik.uni-rostock.de___139.30.200.132

\pitchimpair\servidor2.upc.es___147.83.2.3

\pitchimpair\smtp.bangla.net___203.188.252.10

\pitchimpair\smuc.smuc.ac.kr___203.237.176.1

\pitchimpair\snacks.stacken.kth.se___130.237.234.152

\pitchimpair\soldier.ee.nctu.edu.tw___140.113.212.31

\pitchimpair\son-goki.sun-ip.or.jp___150.27.1.11

\pitchimpair\sparc20mc.ing.unirc.it___192.167.50.12

\pitchimpair\spin.lzu.edu.cn___202.201.0.131

\pitchimpair\spirit.das2.ru___81.94.47.83

\pitchimpair\splash-atm.upc.es___147.83.2.116

\pitchimpair\sun.bq.ub.es___161.116.154.1

\pitchimpair\sunbath.rrze.uni-erlangen.de___131.188.3.200

\pitchimpair\sunbath.rrze.uni–erlangen.de___131.188.3.200

\pitchimpair\sunfirev250.cancilleria.gob.ni___165.98.181.5

\pitchimpair\sunl.scl.kyoto-u.ac.jp___133.3.5.30

\pitchimpair\tamarugo.cec.uchile.cl___200.9.97.3

\pitchimpair\tayuman.info.com.ph___203.172.11.21

\pitchimpair\theta.uoks.uj.edu.pl___149.156.89.30

\pitchimpair\tologorri.grupocorreo.es___194.30.32.109

\pitchimpair\tuapewa.polytechnic.edu.na___196.31.225.2

\pitchimpair\twins.ee.nctu.edu.tw___140.113.212.26

\pitchimpair\uji.kyoyo-u.ac.jp___133.3.5.33

\pitchimpair\ultra10.nanya.edu.tw___203.68.40.6

\pitchimpair\unknown.unknown___125.10.31.145

\pitchimpair\utc-web.utc21.co.kr___211.40.103.194

\pitchimpair\v243.scl.kyoto-u.ac.jp___133.3.5.30

\pitchimpair\v244.kyoyo-u.ac.jp___133.3.5.33

\pitchimpair\v246.kyoyo-u.ac.jp___133.3.5.2

\pitchimpair\vnet3.vub.ac.be___134.184.15.13

\pitchimpair\vsn1radius1.vsn1.net.in___202.54.4.61

\pitchimpair\vsnl-navis.emc-sec.vsnl.net.in___202.54.49.70

\pitchimpair\vsnlradius1.vsnl.net.in___202.54.4.61

\pitchimpair\war.rkts.com.tr___195.142.144.125

\pitchimpair\webmail.s-t.au.ac.th___168.120.9.2

\pitchimpair\webshared-admin.colt.net___213.41.78.10

\pitchimpair\webshared-front2.colt.net___213.41.78.12

\pitchimpair\webshared-front3.colt.net___213.41.78.13

\pitchimpair\webshared-front4.colt.net___213.41.78.14

\pitchimpair\win.hallym.ac.kr___210.115.225.17

\pitchimpair\winner.hallym.ac.kr___210.115.225.10

\pitchimpair\winners.yonsei.ac.kr___210.115.225.14

\pitchimpair\www.bygden.nu___192.176.10.178

\pitchimpair\www.cfd.or.jp___210.198.16.75

\pitchimpair\www.elim.net___203.239.130.7

\pitchimpair\www.nursat.kz___194.226.128.26

\pitchimpair\www.pue.uia.mx___192.100.196.7

\pitchimpair\www2.din.or.jp___210.135.90.7

\pitchimpair\www3.din.or.jp___210.135.90.8

\pitchimpair\xilinx.e-technik.uni-rostock.de___139.30.202.12

\pitchimpair\xn--anna-ahlstrm-fjb.stacken.kth.se___130.237.234.53

\pitchimpair\xn--selma-lagerlf-tmb.stacken.kth.se___130.237.234.51

\pitchimpair\zanburu.grupocorreo.es___194.30.32.113

\pitchimpair\anie.sarenet.es___192.148.167.2

\pitchimpair\aries.ficnet.net___202.145.137.19

\pitchimpair\asic.e-technik.uni-rostock.de___139.30.202.8

\pitchimpair\axil.eureka.lk___202.21.32.1

\pitchimpair\bambero1.cs.tin.it___194.243.154.57

\pitchimpair\burgoa.sarenet.es___194.30.32.242

\pitchimpair\cad-server1.ee.nctu.edu.tw___140.113.212.150

Misc details on the drop

  • 352 IP addresses
  • 306 domain names
  • Dates ranged from 2000 to 2010
  • 32 .edu domains
  • 9 .gov domains
  • 49 countries in the list
  • Countries: China, Japan, South Korea, Spain, Germany, India, Taiwan, Mexico, Italy, Russian Federation, U.K., Pakistan, Sweden, Bangladesh, Macau, Saudi Arabia, Poland, Thailand, U.S., Finland, Iran, Netherlands, Argentina, Belgium, Brazil, Chile, Algeria, Egypt, Greece, Turkey, Venezuela, United Arab Emirates, Austria, Bolivia, Botswana, Cyprus, Gabon, Bosnia and Herzegovina, Hungary, Jordan, Kenya, Sri Lanka, Namibia, Nicaragua, Norway, Philippines, Romania and the European Union.

No related articles or news found.





« « Previous Article: Why we should fear Mirai and IoT botnets (and how stupidly simple it is to quash those fears)     » » Next Article: Here are the recommended maximum data-length limits for common database and programming fields


Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: