# DataPlane.org - for operators, by operators # sipregistration # 2020-03-26 17:00 - 2020-04-02 17:00 # # The sipregistration report is free for non-commercial use ONLY. If # you wish to discuss commercial use of this service, please contact us # at info@dataplane.org. Redistribution of the sipregistration report # in whole or in part without the express permission of DataPlane is # expressly prohibited. # # This report is made possible through the generous support of people # like you. Sensor, processing and distribution systems require # non-free resources to setup and maintain. We are always looking for # financial contributions to help pay the bills and hosting to increase # visibility. If you find what we do useful, please consider supporting # us. # # This report is informational. It is not a block list, but some may # choose to use it to actively protect their networks and systems. The # report is provided on an as-is basis with no expressed warranty or # guarantee of accuracy. Use of this data is at your own risk. If you # have questions about this report do not hesitate to contact us. # # Entries below consist of fields with identifying characteristics of a # a source IP address that has been seen initiating a SIP REGISTER # operation to a remote host. This report lists hosts that are # suspicious of more than just port scanning. These hosts may be SIP # client cataloging or conducting various forms of telephony abuse. # Each entry is sorted according to a route origination ASN. An entry # for the IP address may be listed more than once if there are multiple # origin AS (MOAS) announcements for the covering prefix. We use the # Team Cymru IP address to ASN mapping service to construct an origin AS # number and name. For details about this Team Cymru service, see: # # . # # The report format is as follows: # # ASN | ASname | saddr | utc | category # # Each field is described below. Please note any special formatting # rules to aid in processing this file with automated tools and scripts. # Blank lines may be present to improve the visual display of this file. # Lines beginning with a hash ('#') character are comment lines. All # other lines are report entries. Each field is separated by a pipe # symbol ('|') and at least two whitespace characters on either side. # # ASN Autonomous system number originating a route for the entry # IP address. Note, 4-byte ASNs are supported and will be # displayed as a 32-bit integer. # # ASname A descriptive network name for the associated ASN. The # name is truncated to 30 characters. # # saddr The source IPv4 or IPv6 address that is being reported. # # utc A last seen timestamp formatted as YYYY-MM-DD HH:MM:SS # and in UTC time. # # category Descriptive tag name for this entry. For this report, # the text sipregistration will appear. # # A commented footer section shows an aggregate count of ASNs and # addresses seen in the current report. # 9009 | M247, GB | 176.113.74.252 | 2020-03-26 17:19:51 | sipregistration 9009 | M247, GB | 45.148.11.28 | 2020-04-01 20:05:53 | sipregistration 12876 | Online SAS, FR | 212.129.63.196 | 2020-04-01 14:32:18 | sipregistration 12876 | Online SAS, FR | 163.172.35.135 | 2020-03-29 03:52:14 | sipregistration 12876 | Online SAS, FR | 212.83.183.113 | 2020-03-30 17:06:20 | sipregistration 12876 | Online SAS, FR | 163.172.36.117 | 2020-04-02 03:14:18 | sipregistration 12876 | Online SAS, FR | 62.4.14.123 | 2020-03-31 04:19:00 | sipregistration 12876 | Online SAS, FR | 163.172.42.71 | 2020-03-31 14:45:26 | sipregistration 12876 | Online SAS, FR | 51.158.24.19 | 2020-04-02 04:35:35 | sipregistration 12876 | Online SAS, FR | 62.4.14.122 | 2020-04-02 15:33:34 | sipregistration 12876 | Online SAS, FR | 163.172.40.191 | 2020-04-02 09:03:36 | sipregistration 12876 | Online SAS, FR | 163.172.114.154 | 2020-03-28 03:32:53 | sipregistration 12876 | Online SAS, FR | 212.129.23.120 | 2020-04-01 02:28:23 | sipregistration 12876 | Online SAS, FR | 163.172.35.103 | 2020-03-28 19:10:34 | sipregistration 12876 | Online SAS, FR | 163.172.35.209 | 2020-04-02 11:28:49 | sipregistration 12876 | Online SAS, FR | 51.158.31.243 | 2020-04-02 13:19:04 | sipregistration 12876 | Online SAS, FR | 163.172.24.209 | 2020-03-27 23:49:59 | sipregistration 12876 | Online SAS, FR | 163.172.26.245 | 2020-04-02 05:44:25 | sipregistration 12876 | Online SAS, FR | 163.172.41.179 | 2020-03-29 22:49:10 | sipregistration 12876 | Online SAS, FR | 163.172.44.89 | 2020-04-01 21:30:07 | sipregistration 12876 | Online SAS, FR | 195.154.28.229 | 2020-04-02 05:14:52 | sipregistration 12876 | Online SAS, FR | 212.129.9.187 | 2020-03-30 03:31:17 | sipregistration 12876 | Online SAS, FR | 212.83.149.159 | 2020-03-26 17:09:26 | sipregistration 12876 | Online SAS, FR | 163.172.28.231 | 2020-03-27 01:02:48 | sipregistration 12876 | Online SAS, FR | 51.15.19.210 | 2020-03-31 22:01:23 | sipregistration 12876 | Online SAS, FR | 163.172.204.72 | 2020-04-02 15:21:20 | sipregistration 14061 | DIGITALOCEAN-ASN, US | 167.71.84.185 | 2020-04-02 16:09:09 | sipregistration 14061 | DIGITALOCEAN-ASN, US | 198.211.112.228 | 2020-04-01 21:39:40 | sipregistration 14061 | DIGITALOCEAN-ASN, US | 134.122.30.211 | 2020-03-28 14:06:59 | sipregistration 14061 | DIGITALOCEAN-ASN, US | 165.22.61.50 | 2020-04-01 10:19:23 | sipregistration 14061 | DIGITALOCEAN-ASN, US | 167.71.12.65 | 2020-04-01 05:48:16 | sipregistration 16276 | OVH, FR | 51.79.57.12 | 2020-04-02 16:50:33 | sipregistration 23724 | CHINANET-IDC-BJ-AP IDC, China | 119.61.6.132 | 2020-03-29 04:35:27 | sipregistration 24940 | HETZNER-AS, DE | 95.216.117.54 | 2020-04-02 05:49:04 | sipregistration 36351 | SOFTLAYER, US | 169.44.138.28 | 2020-03-28 02:16:07 | sipregistration 46475 | LIMESTONENETWORKS, US | 74.63.223.110 | 2020-03-28 16:35:28 | sipregistration 46562 | TOTAL-SERVER-SOLUTIONS, US | 66.115.173.74 | 2020-03-31 10:12:15 | sipregistration 51167 | CONTABO, DE | 62.171.134.191 | 2020-03-28 11:28:04 | sipregistration 51167 | CONTABO, DE | 62.171.147.26 | 2020-03-28 18:51:57 | sipregistration 60781 | LEASEWEB-NL-AMS-01 Netherlands | 95.168.171.98 | 2020-03-27 18:57:48 | sipregistration 60781 | LEASEWEB-NL-AMS-01 Netherlands | 95.168.171.112 | 2020-04-02 16:41:33 | sipregistration 199653 | ARUBAFR-AS, FR | 94.177.238.86 | 2020-03-30 00:42:46 | sipregistration 208346 | ZUMY, NL | 45.143.222.192 | 2020-03-31 16:18:58 | sipregistration 208666 | ESTROWEB, NL | 37.49.226.105 | 2020-03-31 18:12:29 | sipregistration 208666 | ESTROWEB, NL | 37.49.230.32 | 2020-04-02 12:37:16 | sipregistration 208666 | ESTROWEB, NL | 37.49.226.118 | 2020-04-02 14:37:04 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.51 | 2020-04-02 14:53:10 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.110.25 | 2020-04-02 14:05:22 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.213 | 2020-04-02 13:27:19 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.28 | 2020-03-28 05:13:45 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.163 | 2020-04-01 13:45:26 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.53 | 2020-04-02 04:08:59 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 77.247.110.245 | 2020-04-02 08:04:52 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.214 | 2020-04-02 13:42:28 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.52 | 2020-04-02 03:25:27 | sipregistration 209299 | VITOX-TELECOM VITOX TELECOM, N | 45.143.220.251 | 2020-04-01 21:10:03 | sipregistration # # Statistics # ASNs: 15 # Addresses: 56