# DataPlane.org - for operators, by operators # sipregistration # 2019-04-16 05:00 - 2019-04-23 05:00 # # The sipregistration report is free for non-commercial use ONLY. If # you wish to discuss commercial use of this service, please contact us # at info@dataplane.org. Redistribution of the sipregistration report # in whole or in part without the express permission of DataPlane is # expressly prohibited. # # This report is made possible through the generous support of people # like you. Sensor, processing and distribution systems require # non-free resources to setup and maintain. We are always looking for # financial contributions to help pay the bills and hosting to increase # visibility. If you find what we do useful, please consider supporting # us. # # This report is informational. It is not a block list, but some may # choose to use it to actively protect their networks and systems. The # report is provided on an as-is basis with no expressed warranty or # guarantee of accuracy. Use of this data is at your own risk. If you # have questions about this report do not hesitate to contact us. # # Entries below consist of fields with identifying characteristics of a # a source IP address that has been seen initiating a SIP REGISTER # operation to a remote host. This report lists hosts that are # suspicious of more than just port scanning. These hosts may be SIP # client cataloging or conducting various forms of telephony abuse. # Each entry is sorted according to a route origination ASN. An entry # for the IP address may be listed more than once if there are multiple # origin AS (MOAS) announcements for the covering prefix. We use the # Team Cymru IP address to ASN mapping service to construct an origin AS # number and name. For details about this Team Cymru service, see: # # . # # The report format is as follows: # # ASN | ASname | saddr | utc | category # # Each field is described below. Please note any special formatting # rules to aid in processing this file with automated tools and scripts. # Blank lines may be present to improve the visual display of this file. # Lines beginning with a hash ('#') character are comment lines. All # other lines are report entries. Each field is separated by a pipe # symbol ('|') and at least two whitespace characters on either side. # # ASN Autonomous system number originating a route for the entry # IP address. Note, 4-byte ASNs are supported and will be # displayed as a 32-bit integer. # # ASname A descriptive network name for the associated ASN. The # name is truncated to 30 characters. # # saddr The source IPv4 or IPv6 address that is being reported. # # utc A last seen timestamp formatted as YYYY-MM-DD HH:MM:SS # and in UTC time. # # category Descriptive tag name for this entry. For this report, # the text sipregistration will appear. # # A commented footer section shows an aggregate count of ASNs and # addresses seen in the current report. # 4134 | CHINANET-BACKBONE No.31,Jin-ro | 113.12.192.42 | 2019-04-16 12:46:41 | sipregistration 4134 | CHINANET-BACKBONE No.31,Jin-ro | 106.86.154.3 | 2019-04-18 17:34:22 | sipregistration 4134 | CHINANET-BACKBONE No.31,Jin-ro | 125.77.216.69 | 2019-04-19 09:24:43 | sipregistration 4134 | CHINANET-BACKBONE No.31,Jin-ro | 117.81.198.122 | 2019-04-19 08:26:24 | sipregistration 4134 | CHINANET-BACKBONE No.31,Jin-ro | 115.195.200.222 | 2019-04-19 18:37:14 | sipregistration 4134 | CHINANET-BACKBONE No.31,Jin-ro | 117.90.3.39 | 2019-04-20 00:11:42 | sipregistration 4538 | ERX-CERNET-BKB China Education | 202.118.128.166 | 2019-04-18 15:22:30 | sipregistration 4808 | CHINA169-BJ China Unicom Beiji | 61.51.129.194 | 2019-04-16 18:31:30 | sipregistration 4812 | CHINANET-SH-AP China Telecom ( | 180.161.123.64 | 2019-04-16 15:37:24 | sipregistration 4816 | CHINANET-IDC-GD China Telecom | 121.12.81.70 | 2019-04-17 10:31:05 | sipregistration 4837 | CHINA169-BACKBONE CHINA UNICOM | 125.40.238.181 | 2019-04-16 16:36:38 | sipregistration 9808 | CMNET-GD Guangdong Mobile Comm | 183.233.215.226 | 2019-04-17 12:20:40 | sipregistration 9808 | CMNET-GD Guangdong Mobile Comm | 112.50.195.127 | 2019-04-16 18:08:05 | sipregistration 12876 | AS12876, FR | 212.83.143.187 | 2019-04-21 04:11:12 | sipregistration 12876 | AS12876, FR | 212.129.63.196 | 2019-04-18 16:28:32 | sipregistration 12876 | AS12876, FR | 195.154.39.141 | 2019-04-16 10:39:12 | sipregistration 12876 | AS12876, FR | 195.154.48.30 | 2019-04-19 09:02:37 | sipregistration 12876 | AS12876, FR | 195.154.40.99 | 2019-04-20 19:54:55 | sipregistration 12876 | AS12876, FR | 195.154.32.212 | 2019-04-22 12:55:13 | sipregistration 12876 | AS12876, FR | 212.83.174.245 | 2019-04-21 23:40:27 | sipregistration 12876 | AS12876, FR | 195.154.34.96 | 2019-04-16 13:05:19 | sipregistration 12876 | AS12876, FR | 212.129.60.153 | 2019-04-16 17:22:59 | sipregistration 12876 | AS12876, FR | 212.129.63.214 | 2019-04-19 21:00:41 | sipregistration 12876 | AS12876, FR | 163.172.99.30 | 2019-04-17 17:37:21 | sipregistration 12876 | AS12876, FR | 212.83.189.253 | 2019-04-16 18:31:31 | sipregistration 12876 | AS12876, FR | 212.83.153.209 | 2019-04-16 15:02:16 | sipregistration 12876 | AS12876, FR | 212.129.55.148 | 2019-04-19 20:08:21 | sipregistration 12989 | HWNG, NL | 81.171.71.128 | 2019-04-23 04:52:53 | sipregistration 12989 | HWNG, NL | 81.171.71.126 | 2019-04-22 04:02:39 | sipregistration 12989 | HWNG, NL | 81.171.71.127 | 2019-04-23 02:17:05 | sipregistration 12989 | HWNG, NL | 81.171.71.134 | 2019-04-16 06:35:51 | sipregistration 12989 | HWNG, NL | 209.107.214.145 | 2019-04-21 08:50:13 | sipregistration 12989 | HWNG, NL | 81.171.71.129 | 2019-04-22 05:32:05 | sipregistration 12989 | HWNG, NL | 209.107.214.146 | 2019-04-16 18:25:48 | sipregistration 16276 | OVH, FR | 5.196.119.157 | 2019-04-17 17:01:34 | sipregistration 29066 | VELIANET-AS velia.net Internet | 185.19.216.246 | 2019-04-20 17:24:37 | sipregistration 31034 | ARUBA-ASN, IT | 89.46.72.81 | 2019-04-22 20:25:04 | sipregistration 31034 | ARUBA-ASN, IT | 212.237.45.75 | 2019-04-22 17:41:38 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 81.171.71.128 | 2019-04-23 04:52:53 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 81.171.71.126 | 2019-04-22 04:02:39 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 81.171.71.127 | 2019-04-23 02:17:05 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 81.171.71.134 | 2019-04-16 06:35:51 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 209.107.214.145 | 2019-04-21 08:50:13 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 81.171.71.129 | 2019-04-22 05:32:05 | sipregistration 33438 | HIGHWINDS2 - Highwinds Network | 209.107.214.146 | 2019-04-16 18:25:48 | sipregistration 34300 | SPACENET-AS Internet Service P | 62.173.138.240 | 2019-04-17 13:46:17 | sipregistration 36352 | AS-COLOCROSSING - ColoCrossing | 107.172.39.18 | 2019-04-20 23:35:33 | sipregistration 46664 | VDI-NETWORK - VolumeDrive, US | 102.165.33.74 | 2019-04-20 23:46:01 | sipregistration 51167 | CONTABO, DE | 173.249.14.216 | 2019-04-23 00:36:47 | sipregistration 56040 | CMNET-GUANGDONG-AP China Mobil | 183.233.215.226 | 2019-04-17 12:20:40 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.109.175 | 2019-04-22 23:35:19 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.109.129 | 2019-04-22 21:49:41 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.109.146 | 2019-04-22 01:11:02 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.109.93 | 2019-04-16 20:32:33 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.109.140 | 2019-04-22 21:51:22 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.109.201 | 2019-04-22 10:41:58 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 185.53.88.2 | 2019-04-23 04:59:09 | sipregistration # # Statistics # ASNs: 19 # Addresses: 49