Crimepack 3.1.3 Exploit kit info

Download Crimepack 3.1.3 Deny IP list CrimepackDenyiplist.txt

Download deny ip list as is, without whois info

Please note that I am not the owner of the exploit pack and will not post any files for the download. Thank you ~ Mila

Update 2 Sept 29

The cryptor.php, which is the pdf builder, indeed contains enough code to build malicious pdf for the last Adobe zero day CVE-2010-2883. However, it appears to be work in progress and not a fully implemented feature. Will post more information as it becomes available.

Update 1 sept 27 Percy Sabourin @Garlandors pointed out that one piece of code was taken from the Metasploit exploit for the "Cooltype" Adobe 0 day CVE-2010-2883, which became public on Sept. 9, 2010. See the last screenshot and below this paragraph. The code indeed looks the same, we first thought it was only for the content part of the pdf but at this time it is not clear whether the pdf generator would actually generate a working pdf exploit using this vulnerability CVE-2010-2883. There are no corresponding ini or php files in the pack too. Also, nearly all php files in the pack are encrypted with ionCube encoder.

Also, it means the pack or at least crypter.php was produced during the period Sept 9-21, 2010

        $PDFFile .= self::rndSeparators("<>",0);
        $PDFFile .= self::rndSeparators("endobj",0);
        $PDFFile .= self::rndSeparators("8 0 obj ",0);
        $PDFFile .= self::rndSeparators("<>",0);
        $PDFFile .= self::rndSeparators("stream",0);
        $PDFFile .= self::rndSeparators("0 g BT /F7 32 Tf 32 Tc 1 0 0 1 32 773.872 Tm (Hello World!) Tj   ET",0);
        $PDFFile .= self::rndSeparators("endstream",0);
        $PDFFile .= self::rndSeparators("endobj",0);
        $PDFFile .= self::rndSeparators("9 0 obj ",0);
        $PDFFile .= self::rndSeparators("<>",0);
        $PDFFile .= self::rndSeparators("endobj",0);

Crimepack 3.1.3 Java exploit analysis is available at InReverse.net by Donato 'ratsoul' Ferrante
Crimepack 3.1.3 – checking vital signs

 Crimpack 3.1.3 Deny IP list
(to prevent analysis and detection by security companies and ISP providers) 


131 | 128.111.48.151 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California 2637 | 143.215.130.24 | 143.215.0.0/16 | US | GEORGIA-TECH - Georgia Institute of Technology 7725 | 173.160.79.81 | 173.160.64.0/19 | US | COMCAST-7725 - Comcast Cable Communications Holdings 209 | 174.19.99.218 | 174.16.0.0/12 | US | ASN-QWEST - Qwest Communications Company, LLC 16276 | 188.165.12.112 | 188.165.0.0/16 | FR | OVH OVH 3209 | 188.99.247.113 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 6057 | 190.0.135.87 | 190.0.128.0/20 | UY | Administracion Nacional de Telecomunicaciones 1853 | 192.102.1.115 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 8193 | 195.158.5.144 | 195.158.0.0/19 | UZ | UZPAK National Data Network Company _UzPAK_ 15968 | 195.214.79.22 | 195.214.79.0/24 | DE | NETPILOT NETpilot GmbH , Muenchen , Germany 14522 | 200.25.135.149 | 200.25.132.0/22 | EC | Satnet 2500 | 203.178.128.7 | 203.178.128.0/17 | JP | WIDE-BB WIDE Project 2500 | 203.178.143.167 | 203.178.128.0/17 | JP | WIDE-BB WIDE Project 1239 | 204.118.31.201 | 204.118.0.0/15 | US | SPRINTLINK - Sprint 13448 | 208.80.193.55 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 14361 | 209.160.20.35 | 209.160.16.0/21 | US | HOPONE-GLOBAL - HopOne Internet Corporation 6871 | 212.56.95.253 | 212.56.64.0/18 | GB | PLUSNET PlusNet PLC 24940 | 213.239.215.61 | 213.239.192.0/18 | DE | HETZNER-AS Hetzner Online AG RZ 6539 | 216.18.100.139 | 216.18.100.0/23 | CA | GT-BELL - Bell Canada 30490 | 216.224.124.124 | 216.224.112.0/20 | US | ETHRN - Ethr.Net LLC 17803 | 220.224.243.83 | 220.224.243.0/24 | IN | BSES-AS-AP BSES TeleCom Limited 4725 | 61.123.230.221 | 61.123.0.0/16 | JP | ODN SOFTBANK TELECOM Corp. 3786 | 61.32.46.3 | 61.32.0.0/13 | KR | LGDACOM LG DACOM Corporation 29944 | 67.217.160.100 | 67.217.160.0/19 | US | PULLTHEPLUG - PullThePlug Technologies LLC 26347 | 69.163.129.35 | 69.163.128.0/18 | US | DREAMHOST-AS - New Dream Network, LLC 3356 | 72.236.167.154 | 72.236.166.0/23 | US | LEVEL3 Level 3 Communications 19262 | 74.105.132.104 | 74.105.0.0/16 | US | VZGNI-TRANSIT - Verizon Online LLC 25500 | 77.47.188.87 | 77.47.188.0/24 | UA | NTUU-KPI-AS National Technical University of Ukr 42313 | 79.106.109.57 | 79.106.109.0/24 | AL | ALBTELECOM-AS Telecom Albania 8551 | 79.181.11.131 | 79.181.0.0/20 | IL | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone 6830 | 80.108.65.8 | 80.108.0.0/16 | AT | UPC UPC Broadband 8404 | 80.218.6.161 | 80.218.0.0/15 | CH | CABLECOM Cablecom GmbH 21274 | 80.94.160.207 | 80.94.160.0/21 | BY | BAS-NET-AS BAS-NET Network 20804 | 82.177.23.30 | 82.177.0.0/16 | PL | ASN-TELENERGO EXATEL S.A. Autonomous System 34267 | 84.42.39.75 | 84.42.32.0/19 | RU | DEBRYANSK-AS-1 Joint Stock Company _Central Telecommunications Company_ Bryansk Branch 3209 | 84.60.232.57 | 84.56.0.0/13 | DE | VODANET International IP-Backbone of Vodafone 6724 | 85.214.73.63 | 85.214.0.0/16 | DE | STRATO STRATO AG 12479 | 85.54.199.80 | 85.54.192.0/19 | ES | UNI2-AS Uni2 - Lince telecomunicaciones 6799 | 85.75.230.186 | 85.75.0.0/16 | GR | OTENET-GR OTEnet S.A. Multiprotocol Backbone & ISP 12338 | 85.85.181.72 | 85.85.0.0/16 | ES | EUSKALTEL Euskaltel Autonomous System 3269 | 87.11.184.27 | 87.10.0.0/15 | IT | ASN-IBSNAZ Telecom Italia S.p.a. 6830 | 89.176.236.175 | 89.176.0.0/16 | CZ | UPC UPC Broadband 8402 | 89.178.102.145 | 89.178.0.0/15 | RU | CORBINA-AS Corbina Telecom 30890 | 89.41.179.39 | 89.41.176.0/20 | RO | EVOLVA Evolva Telecom s.r.l. 6828 | 90.150.237.5 | 90.150.237.0/24 | RU | USI Uralsviazinform 15895 | 94.153.104.253 | 94.153.96.0/19 | UA | KSNET-AS Kyivstar GSM 8402 | 95.25.207.20 | 95.24.0.0/13 | RU | CORBINA-AS Corbina Telecom 8402 | 95.27.245.62 | 95.24.0.0/13 | RU | CORBINA-AS Corbina Telecom 29761 | 98.143.144.75 | 98.143.144.0/20 | US | OC3-NETWORKS-AS-NUMBER - OC3 Networks & Web Solutions, LLC 131 | 128.111.0.0 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California, Santa Barbara 29944 | 67.217.160.100 | 67.217.160.0/19 | US | PULLTHEPLUG - PullThePlug Technologies LLC 174 | 38.103.37.245 | 38.0.0.0/8 | US | COGENT Cogent/PSI 34011 | 188.93.8.150 | 188.93.8.0/21 | DE | DOMAINFACTORY domainfactory GmbH 6871 | 212.56.95.253 | 212.56.64.0/18 | GB | PLUSNET PlusNet PLC 8560 | 74.208.16.163 | 74.208.0.0/16 | US | ONEANDONE-AS 1&1 Internet AG 21844 | 67.15.250.18 | 67.15.0.0/16 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 33552 | 204.14.90.25 | 204.14.90.0/24 | US | FLUIDHOSTING - Fluid Hosting LLC 6871 | 212.56.95.253 | 212.56.64.0/18 | GB | PLUSNET PlusNet PLC 7132 | 99.189.54.161 | 99.176.0.0/12 | US | SBIS-AS - AT&T Internet Services 7132 | 99.189.52.191 | 99.176.0.0/12 | US | SBIS-AS - AT&T Internet Services 7132 | 99.14.103.153 | 99.0.0.0/12 | US | SBIS-AS - AT&T Internet Services 33491 | 98.223.73.83 | 98.222.0.0/15 | US | COMCAST-33491 - Comcast Cable Communications, Inc. 20115 | 97.80.137.110 | 97.80.128.0/18 | US | CHARTER-NET-HKY-NC - Charter Communications 6849 | 95.134.160.15 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.8.238 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.23.221 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.23.171 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.146.219 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.117.128 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 15962 | 95.105.173.253 | 95.105.128.0/17 | SK | OSK-DNI ORANGE Slovensko - ISP IP backbone 35002 | 94.53.2.19 | 94.53.0.0/19 | RO | NEWCOM-ASN New Com Telecomunicatii SA 16276 | 94.23.201.45 | 94.23.0.0/16 | FR | OVH OVH 6849 | 94.179.55.249 | 94.179.0.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.179.48.200 | 94.179.0.0/18 | UA | UKRTELNET JSC UKRTELECOM, NA | 192.168.0.0 | NA | | NA 6849 | 94.179.19.65 | 94.179.0.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.179.115.241 | 94.179.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.178.65.37 | 94.178.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 12874 | 93.39.197.60 | 93.36.0.0/14 | IT | FASTWEB Fastweb SpA 31147 | 93.186.171.177 | 93.186.168.0/22 | DE | INLINE-AS Inline Internet Online Dienste GmbH 5391 | 93.136.83.241 | 93.136.0.0/16 | HR | T-HT T-Com Croatia Internet network 21220 | 93.112.91.3 | 93.112.64.0/19 | RO | TELEMOBIL Telemobil S.A. 9050 | 92.86.197.202 | 92.86.0.0/16 | RO | RTD ROMTELECOM S.A 9050 | 92.80.81.98 | 92.80.0.0/16 | RO | RTD ROMTELECOM S.A 9050 | 92.80.121.16 | 92.80.0.0/16 | RO | RTD ROMTELECOM S.A 3209 | 92.74.32.41 | 92.72.0.0/13 | DE | VODANET International IP-Backbone of Vodafone 6849 | 92.113.86.1 | 92.113.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 92.113.72.136 | 92.113.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 92.113.207.114 | 92.113.192.0/18 | UA | UKRTELNET JSC UKRTELECOM, 31334 | 91.65.6.43 | 91.65.0.0/17 | DE | KABELDEUTSCHLAND-AS Kabel Deutschland Breitband Service GmbH 44418 | 91.199.104.15 | 91.199.104.0/24 | RO | BITDEFENDER-AS SC Bitdefender SRL 3215 | 90.54.97.86 | 90.54.0.0/16 | FR | AS3215 France Telecom - Orange 5607 | 90.195.34.160 | 90.192.0.0/11 | GB | BSKYB-BROADBAND-AS BSkyB Broadband 3249 | 90.191.234.113 | 90.190.0.0/15 | EE | ESTPAK Elion Enterprises Ltd. 35592 | 89.187.132.181 | 89.187.128.0/19 | CZ | COOLHOUSING-AS COOLHOUSING Autonomous System 2860 | 89.180.176.86 | 89.180.0.0/16 | PT | NOVIS Novis Telecom, S.A. 9121 | 88.246.118.245 | 88.246.0.0/17 | TR | TTNET TTnet Autonomous System 12322 | 88.121.16.199 | 88.120.0.0/13 | FR | PROXAD Free SAS 3320 | 87.179.7.66 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.6.239 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.5.124 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.45.29 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.43.93 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.43.212 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.47 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.41 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.219 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.187 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.40.247 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.38.193 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.34.65 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.34.233 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.3.112 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.23.207 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.23.18 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.23.119 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.22.175 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.21.28 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.255.247 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.249.211 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.249.145 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.238.107 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.231.174 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.198.190 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.189.93 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.173.7 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3269 | 87.13.223.119 | 87.13.128.0/17 | IT | ASN-IBSNAZ Telecom Italia S.p.a. 31103 | 87.118.104.203 | 87.118.64.0/18 | DE | KEYWEB-AS Keyweb AG 15557 | 86.70.223.209 | 86.64.0.0/12 | FR | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS) 35191 | 86.63.126.147 | 86.63.64.0/18 | PL | ASTA-NET ASTA-NET MALDZINSKI, RYCZEK S.J. 2856 | 86.169.235.51 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.159.221.195 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.155.122.216 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.154.5.173 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.152.202.39 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 16265 | 85.17.130.250 | 85.17.0.0/16 | NL | LEASEWEB LEASEWEB AS 8404 | 84.74.152.59 | 84.72.0.0/14 | CH | CABLECOM Cablecom GmbH 25408 | 84.52.118.133 | 84.52.64.0/18 | RU | WESTCALL-SPB-AS West Call Ltd carrier services ISP, St.Petersburg 3292 | 83.91.86.29 | 83.88.0.0/13 | DK | TDC TDC Data Networks 3292 | 83.89.217.82 | 83.88.0.0/13 | DK | TDC TDC Data Networks 21021 | 83.68.75.74 | 83.68.64.0/19 | PL | MULTIMEDIA-AS Multimedia Polska Sp.z o.o. 3352 | 83.36.198.244 | 83.36.0.0/16 | ES | TELEFONICA-DATA-ESPANA TELEFONICA DE ESPANA 6854 | 83.229.245.130 | 83.229.128.0/17 | RU | SYNTERRA-AS CJSC Synterra 3215 | 83.202.222.11 | 83.202.128.0/17 | FR | AS3215 France Telecom - Orange 5089 | 82.41.59.130 | 82.40.0.0/15 | GB | NTL NTL Group Limited 25148 | 81.93.167.102 | 81.93.160.0/20 | NO | BASEFARM-ASN Basefarm AS. Oslo - Norway 5432 | 81.244.229.86 | 81.244.0.0/14 | BE | BELGACOM-SKYNET-AS Belgacom regional ASN 25272 | 80.92.107.72 | 80.92.96.0/20 | RU | SINSTELECOM-AS JSC _AKADO-Stolitsa_ 5617 | 80.54.117.13 | 80.48.0.0/13 | PL | TPNET Polish Telecom_s commercial IP network 3356 | 8.6.118.7 | 8.0.0.0/9 | US | LEVEL3 Level 3 Communications 3320 | 79.215.113.102 | 79.192.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 79.215.105.58 | 79.192.0.0/10 | DE | DTAG Deutsche Telekom AG 8551 | 79.178.131.27 | 79.178.128.0/20 | IL | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone 15658 | 79.134.64.221 | 79.134.64.0/19 | RU | INETCOMM-AS INET LTD 1241 | 79.103.75.247 | 79.103.64.0/19 | GR | FORTHNET-GR FORTHnet 8764 | 78.57.6.12 | 78.57.0.0/17 | LT | TEOLTAB TEO LT AB Autonomous System 29562 | 78.42.47.81 | 78.42.0.0/15 | DE | KABELBW-ASN Kabel Baden-Wuerttemberg GmbH & Co. KG 13285 | 78.149.83.182 | 78.148.0.0/14 | GB | OPALTELECOM-AS Opal Telecom 8612 | 78.14.83.162 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 8612 | 78.14.82.76 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 8612 | 78.14.80.118 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 8612 | 78.14.79.31 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 35549 | 78.134.229.219 | 78.134.128.0/17 | HR | METRONET-AS Metronet telekomunikacije d.d. 29256 | 78.110.96.7 | 78.110.96.0/20 | SY | STE-AS Syrian Telecommunications Establishment 8400 | 77.46.208.146 | 77.46.128.0/17 | RS | TELEKOM-AS TELEKOM SRBIJA a.d. 10796 | 76.189.138.157 | 76.189.0.0/16 | US | SCRR-10796 - Road Runner HoldCo LLC 25973 | 72.37.244.76 | 72.37.244.0/22 | US | MZIMA - Mzima Networks, Inc. 3356 | 72.236.167.154 | 72.236.166.0/23 | US | LEVEL3 Level 3 Communications 22773 | 72.192.165.221 | 72.192.128.0/18 | US | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 7015 | 71.192.35.21 | 71.192.0.0/16 | US | COMCAST-7015 - Comcast Cable Communications Holdings, Inc 7015 | 71.192.32.59 | 71.192.0.0/16 | US | COMCAST-7015 - Comcast Cable Communications Holdings, Inc 19262 | 71.179.3.141 | 71.179.0.0/16 | US | VZGNI-TRANSIT - Verizon Online LLC 21844 | 70.84.211.98 | 70.84.0.0/14 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 22773 | 70.181.48.131 | 70.181.0.0/18 | US | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 6128 | 69.126.7.12 | 69.120.0.0/13 | US | CABLE-NET-1 - Cablevision Systems Corp. 33657 | 68.50.103.11 | 68.50.0.0/16 | US | CMCS - Comcast Cable Communications, Inc. 46218 | 68.235.227.208 | 68.235.226.0/23 | US | COMPORIUM-BREVARD-AS - Comporium Communications 36666 | 68.168.113.163 | 68.168.112.0/20 | CA | GTCOMM - GloboTech Communications 3356 | 67.97.80.5 | 67.97.80.0/23 | US | LEVEL3 Level 3 Communications 17370 | 67.97.80.5 | 67.97.80.0/23 | US | MCAFEE-COM - McAfee, Inc. 29944 | 67.217.160.100 | 67.217.160.0/19 | US | PULLTHEPLUG - PullThePlug Technologies LLC 2828 | 67.111.14.147 | 67.104.0.0/13 | US | XO-AS15 - XO Communications 30217 | 66.230.230.230 | 66.230.224.0/20 | US | DESYNC - Desync Networks 15149 | 66.199.253.178 | 66.199.224.0/19 | US | EZZI-101-BGP - Access Integrated Technologies, Inc. 20115 | 66.168.80.34 | 66.168.80.0/20 | US | CHARTER-NET-HKY-NC - Charter Communications 6128 | 65.51.52.90 | 65.51.0.0/16 | US | CABLE-NET-1 - Cablevision Systems Corp. 6488 | 65.39.67.100 | 65.39.64.0/19 | US | AMUG - Arizona Macintosh Users Group 22822 | 65.23.158.193 | 65.23.128.0/19 | US | LLNW - Limelight Networks, Inc. 15169 | 64.233.172.18 | 64.233.172.0/24 | US | GOOGLE - Google Inc. 3561 | 64.14.68.27 | 64.14.0.0/16 | US | SAVVIS - Savvis 4323 | 64.128.133.180 | 64.128.128.0/20 | US | TWTC - tw telecom holdings, inc. 4323 | 64.128.133.131 | 64.128.128.0/20 | US | TWTC - tw telecom holdings, inc. 6461 | 64.124.203.77 | 64.124.0.0/15 | US | MFNX MFN - Metromedia Fiber Network 21788 | 64.120.158.0 | 64.120.128.0/18 | US | NOC - Network Operations Center Inc. 17232 | 63.240.91.179 | 63.240.64.0/18 | US | AT&T US 20845 | 62.165.196.117 | 62.165.196.0/23 | HU | DIGICABLE DIGI Ltd. 31103 | 62.141.58.13 | 62.141.48.0/20 | DE | KEYWEB-AS Keyweb AG 4766 | 61.73.43.30 | 61.72.0.0/13 | KR | KIXS-AS-KR Korea Telecom 10013 | 61.12.150.166 | 61.12.128.0/17 | JP | FBDC FreeBit Co.,Ltd. 4788 | 60.52.98.126 | 60.52.64.0/18 | MY | TMNET-AS-AP TM Net, Internet Service Provider 9829 | 59.93.78.49 | 59.93.64.0/20 | IN | BSNL-NIB National Internet Backbone 4755 | 59.160.150.49 | 59.160.144.0/20 | IN | TATACOMM-AS TATA Communications formerly VSNL is Leading ISP 17622 | 58.248.188.68 | 58.248.160.0/19 | CN | CNCGROUP-GZ CNCGROUP IP network of GuangZhou region MAN network 8452 | 41.238.75.245 | 41.238.75.0/24 | EG | TE-AS TE-AS 23028 | 38.229.0.75 | 38.229.0.0/19 | US | TEAM-CYMRU - Team Cymru Inc. 174 | 38.105.71.115 | 38.0.0.0/8 | US | COGENT Cogent/PSI 33651 | 24.4.75.188 | 24.4.0.0/15 | US | CMCS - Comcast Cable Communications, Inc. 11426 | 24.199.184.123 | 24.199.128.0/18 | US | SCRR-11426 - Road Runner HoldCo LLC 7015 | 24.128.146.21 | 24.128.128.0/17 | US | COMCAST-7015 - Comcast Cable Communications Holdings, Inc 4134 | 222.216.51.97 | 222.216.48.0/20 | CN | CHINANET-BACKBONE No.31,Jin-rong Street 4766 | 222.112.143.129 | 222.112.0.0/13 | KR | KIXS-AS-KR Korea Telecom 4837 | 221.6.44.8 | 221.6.0.0/16 | CN | CHINA169-BACKBONE CNCGROUP China169 Backbone 2510 | 219.116.48.74 | 219.116.0.0/16 | JP | INFOWEB FUJITSU LIMITED 3320 | 217.91.177.21 | 217.80.0.0/12 | DE | DTAG Deutsche Telekom AG 15756 | 217.23.143.149 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.143.148 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.143.146 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.142.67 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.140.61 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.134.60 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.134.59 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.99 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.197 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.100 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.132.226 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.132.189 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15734 | 217.149.155.195 | 217.149.144.0/20 | ES | IDH Telvent Housing, S.A. 6994 | 216.38.144.175 | 216.38.128.0/19 | US | FASTMETRICS - Fastmetrics, LLC 26250 | 216.17.247.47 | 216.17.247.0/24 | US | WEBROOT-CORP-AS1 - Webroot Software, Inc. 2119 | 213.115.201.4 | 213.112.0.0/14 | SE | TELENOR-NEXTEL T.net 15658 | 212.152.49.227 | 212.152.32.0/19 | RU | INETCOMM-AS INET LTD 15658 | 212.152.47.173 | 212.152.32.0/19 | RU | INETCOMM-AS INET LTD 1680 | 212.143.70.165 | 212.143.0.0/16 | IL | NV-ASN 013 NetVision Ltd. 9443 | 211.26.92.124 | 211.26.92.0/24 | AU | INTERNETPRIMUS-AS-AP Primus Telecommunications 9269 | 210.6.70.131 | 210.6.64.0/18 | HK | CTIHK-AS-AP City Telecom (H.K.) Ltd. 4766 | 210.105.37.123 | 210.105.0.0/16 | KR | KIXS-AS-KR Korea Telecom 14361 | 209.160.33.8 | 209.160.32.0/20 | US | HOPONE-GLOBAL - HopOne Internet Corporation 13448 | 208.80.193.0 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 14972 | 208.75.57.100 | 208.75.56.0/22 | US | BITPU-AS - BitPusher, LLC 3549 | 208.50.101.157 | 208.50.0.0/17 | US | GBLX Global Crossing Ltd. 3549 | 208.50.101.151 | 208.50.0.0/17 | US | GBLX Global Crossing Ltd. 7296 | 208.118.60.155 | 208.118.48.0/20 | US | ALCHEMYNET - Alchemy Communications, Inc. 7296 | 208.118.60.154 | 208.118.48.0/20 | US | ALCHEMYNET - Alchemy Communications, Inc. 852 | 207.219.97.51 | 207.219.0.0/16 | CA | ASN852 - Telus Advanced Communications 13911 | 204.209.56.56 | 204.209.56.0/23 | CA | TERA-BYTE - Tera-byte Online Services 37907 | 202.172.28.100 | 202.172.24.0/21 | JP | DIGIROCK DigiRock, Inc. 28573 | 201.53.196.195 | 201.53.192.0/19 | BR | NET Servicos de Comunicao S.A. 6503 | 200.38.74.135 | 200.38.64.0/19 | MX | Axtel, S.A.B. de C. V. 14522 | 200.25.135.149 | 200.25.132.0/22 | EC | Satnet 125 | 199.64.0.252 | 199.64.0.0/24 | US | HI-NET-AS - Honeywell International, Inc. 1680 | 199.203.92.238 | 199.203.0.0/16 | US | NV-ASN 013 NetVision Ltd. 49238 | 195.88.252.11 | 195.88.252.0/23 | CZ | DRWEB-AS Doctor Web Ltd 15968 | 195.214.79.22 | 195.214.79.0/24 | DE | NETPILOT NETpilot GmbH , Muenchen , Germany 8497 | 195.134.168.251 | 195.134.160.0/19 | FR | TRANSEO Autonomous System 3292 | 194.192.187.15 | 194.192.0.0/16 | DK | TDC TDC Data Networks 9064 | 194.102.94.245 | 194.102.94.0/24 | RO | IIRUC-DIGICOM-SA Satellite Communications Operator 131 | 192.35.222.209 | 192.35.222.0/24 | US | UCSB-NET-AS - University of California, Santa Barbara 6805 | 192.251.226.206 | 192.251.226.0/24 | EU | TDDE-ASN1 Telefonica o2 Germany Autonomous System 28573 | 189.32.115.52 | 189.32.96.0/19 | BR | NET Servicos de Comunicao S.A. 3209 | 188.99.253.32 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.248.83 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.244.80 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.244.241 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.236.159 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.229.61 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.228.134 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.98.79.8 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 39758 | 188.240.47.24 | 188.240.47.0/24 | RO | SIMPLIQ-AS SimpliQ SRL 21844 | 174.133.89.0 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 10994 | 173.169.76.143 | 173.168.0.0/14 | US | TAMPA2-TWC-5 - Road Runner HoldCo LLC 174 | 149.9.0.58 | 149.9.0.0/16 | US | COGENT Cogent/PSI 174 | 149.9.0.237 | 149.9.0.0/16 | US | COGENT Cogent/PSI 5483 | 145.236.111.144 | 145.236.0.0/16 | EU | HTC-AS Hungarian Telecom ; Magyar Telekom 680 | 141.76.45.35 | 141.76.0.0/16 | EU | DFN-IP service X-WiN 680 | 141.76.45.34 | 141.76.0.0/16 | EU | DFN-IP service X-WiN 1659 | 140.115.83.203 | 140.115.0.0/16 | TW | ERX-TANET-ASN1 Tiawan Academic Network (TANet) Information Center 18420 | 140.115.83.203 | 140.115.0.0/16 | TW | NCU-TW National Central University 553 | 134.155.241.17 | 134.155.0.0/16 | EU | BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue) 196 | 130.76.54.187 | 130.76.32.0/19 | US | RISC-SYSTEM - Rockwell Scientific Company 196 | 130.76.32.16 | 130.76.32.0/19 | US | RISC-SYSTEM - Rockwell Scientific Company 30674 | 129.62.185.238 | 129.62.160.0/19 | US | BAYLORU - Baylor University 30674 | 129.62.100.70 | 129.62.96.0/19 | US | BAYLORU - Baylor University 679 | 128.130.56.0 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 131 | 128.111.48.95 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California, Santa Barbara 131 | 128.111.48.6 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California, Santa Barbara 2497 | 125.30.121.219 | 125.30.0.0/16 | JP | IIJ Internet Initiative Japan Inc. 17858 | 124.49.72.145 | 124.48.0.0/13 | KR | KRNIC-ASBLOCK-AP KRNIC 4713 | 123.225.16.153 | 123.224.0.0/14 | JP | OCN NTT Communications Corporation 4713 | 122.17.132.10 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 4713 | 122.17.117.124 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 24560 | 122.169.95.33 | 122.169.0.0/17 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.167.194.37 | 122.167.192.0/22 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.167.179.50 | 122.167.176.0/21 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.165.53.117 | 122.165.48.0/20 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.164.95.140 | 122.164.0.0/16 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.164.104.101 | 122.164.0.0/16 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 4766 | 121.129.201.42 | 121.128.0.0/13 | KR | KIXS-AS-KR Korea Telecom 7018 | 12.54.227.250 | 12.0.0.0/9 | US | ATT-INTERNET4 - AT&T WorldNet Services 18403 | 118.70.127.134 | 118.70.112.0/20 | VN | FPT-AS-AP The Corporation for Financing & Promoting Technology 7552 | 115.75.57.160 | 115.75.48.0/20 | VN | VIETEL-AS-AP Vietel Corporation 34400 | 109.82.154.162 | 109.82.128.0/19 | SA | ASN-ETTIHADETISALAT Etihad Etisalat 34400 | 109.83.102.58 | 109.83.96.0/20 | SA | ASN-ETTIHADETISALAT Etihad Etisalat 34400 | 109.83.250.97 | 109.83.248.0/22 | SA | ASN-ETTIHADETISALAT Etihad Etisalat 4713 | 114.145.4.142 | 114.144.0.0/12 | JP | OCN NTT Communications Corporation 10199 | 115.118.147.149 | 115.118.144.0/20 | IN | TATA-AS Tata Communications Ltd 10199 | 115.118.252.132 | 115.118.240.0/20 | IN | TATA-AS Tata Communications Ltd 2518 | 119.240.213.124 | 119.240.0.0/14 | JP | BIGLOBE NEC BIGLOBE, Ltd. 2518 | 119.242.52.109 | 119.240.0.0/14 | JP | BIGLOBE NEC BIGLOBE, Ltd. 9658 | 120.89.55.3 | 120.89.32.0/19 | PH | ETPI-IDS-AS-AP Eastern Telecoms Phils., Inc. 2510 | 121.92.105.194 | 121.92.0.0/15 | JP | INFOWEB FUJITSU LIMITED 2510 | 121.94.179.158 | 121.94.0.0/15 | JP | INFOWEB FUJITSU LIMITED 2518 | 122.135.145.157 | 122.132.0.0/14 | JP | BIGLOBE NEC BIGLOBE, Ltd. 2518 | 122.135.164.187 | 122.132.0.0/14 | JP | BIGLOBE NEC BIGLOBE, Ltd. 24560 | 122.164.26.129 | 122.164.0.0/16 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.164.31.31 | 122.164.0.0/16 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 4713 | 122.21.246.192 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 4713 | 122.21.253.4 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 4713 | 122.26.227.45 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 4808 | 123.116.127.247 | 123.116.64.0/18 | CN | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network 2518 | 125.195.50.124 | 125.192.0.0/13 | JP | BIGLOBE NEC BIGLOBE, Ltd. 2518 | 125.195.93.12 | 125.192.0.0/13 | JP | BIGLOBE NEC BIGLOBE, Ltd. 4713 | 125.200.86.195 | 125.200.0.0/13 | JP | OCN NTT Communications Corporation 239 | 128.100.171.54 | 128.100.0.0/16 | CA | UTORONTO-AS - University of Toronto 174 | 149.5.168.2 | 149.5.0.0/16 | US | COGENT Cogent/PSI 36351 | 173.244.197.210 | 173.244.196.0/23 | US | SOFTLAYER - SoftLayer Technologies Inc. 36351 | 173.244.197.211 | 173.244.196.0/23 | US | SOFTLAYER - SoftLayer Technologies Inc. 25019 | 188.49.125.90 | 188.49.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.49.9.213 | 188.49.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.50.119.45 | 188.50.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.50.14.21 | 188.50.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.50.72.250 | 188.50.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.51.105.80 | 188.51.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.51.11.225 | 188.51.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.51.62.194 | 188.51.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.51.7.172 | 188.51.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.51.96.108 | 188.51.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.52.12.78 | 188.52.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.52.124.191 | 188.52.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.52.25.179 | 188.52.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.52.42.23 | 188.52.0.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 25019 | 188.52.77.127 | 188.52.64.0/18 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 1853 | 192.102.1.105 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.106 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.107 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.108 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.114 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.115 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.116 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 1853 | 192.102.1.117 | 192.102.1.0/24 | EU | ACONET ACOnet Backbone 36224 | 192.8.109.71 | 192.8.96.0/20 | US | HCLTA94085 - HCLTechnologiesInc-MA 9064 | 194.102.94.245 | 194.102.94.0/24 | RO | IIRUC-DIGICOM-SA Satellite Communications Operator 24835 | 196.221.181.202 | 196.221.181.0/24 | EG | RAYA-AS 2914 | 198.65.166.200 | 198.64.0.0/15 | US | NTT-COMMUNICATIONS-2914 - NTT America, Inc. 2914 | 207.67.144.167 | 207.67.128.0/17 | US | NTT-COMMUNICATIONS-2914 - NTT America, Inc. 6539 | 209.17.173.91 | 209.17.128.0/18 | CA | GT-BELL - Bell Canada 2914 | 209.59.50.192 | 209.59.32.0/19 | US | NTT-COMMUNICATIONS-2914 - NTT America, Inc. 25019 | 212.118.143.148 | 212.118.140.0/22 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 35388 | 212.162.130.92 | 212.162.128.0/19 | SA | JEEL-AS Arabic Computer System Co. 25019 | 212.215.206.44 | 212.215.128.0/17 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 12850 | 212.29.138.28 | 212.29.128.0/19 | IT | ASN-ENTER Enter S.r.l. http://www.enter.it 12670 | 213.30.189.66 | 213.30.128.0/18 | FR | Completel Autonomous System in France 15756 | 217.23.132.188 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.195 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.140.59 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 17676 | 219.3.138.6 | 219.3.0.0/16 | JP | GIGAINFRA Softbank BB Corp. 24863 | 41.217.160.34 | 41.217.160.0/19 | EG | LINKdotNET-AS 15706 | 41.218.3.234 | 41.218.0.0/22 | SD | Sudatel 8452 | 41.234.4.31 | 41.232.0.0/13 | EG | TE-AS TE-AS 2510 | 58.1.139.239 | 58.0.0.0/15 | JP | INFOWEB FUJITSU LIMITED 2518 | 60.237.181.199 | 60.236.0.0/14 | JP | BIGLOBE NEC BIGLOBE, Ltd. 702 | 62.190.39.205 | 62.190.0.0/16 | GB | AS702 Verizon Business EMEA - Commercial IP service provider in Europe 15169 | 64.233.172.18 | 64.233.172.0/24 | US | GOOGLE - Google Inc. 15169 | 72.14.192.1 | 72.14.192.0/24 | US | GOOGLE - Google Inc. 15169 | 72.14.193.67 | 72.14.192.0/18 | US | GOOGLE - Google Inc. 15169 | 72.14.194.1 | 72.14.194.0/24 | US | GOOGLE - Google Inc. 15169 | 74.125.74.196 | 74.125.74.0/24 | US | GOOGLE - Google Inc. 15169 | 74.125.75.4 | 74.125.75.0/24 | US | GOOGLE - Google Inc. 25233 | 78.93.110.232 | 78.93.0.0/16 | SA | AWALNET-ASN Autonomus System number for Awalnet 25019 | 84.235.75.19 | 84.235.72.0/22 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 34267 | 84.42.39.75 | 84.42.32.0/19 | RU | DEBRYANSK-AS-1 Joint Stock Company _Central Telecommunications Company_ Bryansk Branch 2856 | 86.174.102.77 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 25233 | 86.60.15.159 | 86.60.0.0/18 | SA | AWALNET-ASN Autonomus System number for Awalnet NA | 87.109.186.85 | NA | SA | NA NA | 87.109.198.29 | NA | SA | NA 25019 | 87.109.65.250 | 87.109.64.0/21 | SA | SAUDINETSTC-AS Autonomus System Number for SaudiNet 41176 | 89.108.54.36 | 89.108.0.0/18 | SA | SAHARANET-AS Sahara Net Main NOC AS 9050 | 92.80.116.167 | 92.80.0.0/16 | RO | RTD ROMTELECOM S.A 9050 | 92.80.76.129 | 92.80.0.0/16 | RO | RTD ROMTELECOM S.A 21220 | 93.112.79.244 | 93.112.64.0/19 | RO | TELEMOBIL Telemobil S.A. 7132 | 99.173.3.100 | 99.168.0.0/13 | US | SBIS-AS - AT&T Internet Services 13448 | 208.80.194.32 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 9116 | 87.68.70.180 | 87.68.64.0/20 | IL | GOLDENLINES-ASN 012 Smile Communications Main Autonomous System 15734 | 88.84.65.7 | 88.84.64.0/19 | ES | IDH Telvent Housing, S.A. 2518 | 125.192.112.110 | 125.192.0.0/13 | JP | BIGLOBE NEC BIGLOBE, Ltd. 13448 | 208.80.194.26 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 719 | 91.152.70.126 | 91.152.0.0/13 | FI | ELISA-AS Elisa Oyj 13448 | 208.80.194.31 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 18101 | 115.252.105.100 | 115.252.105.0/24 | IN | RIL-IDC Reliance Infocom Ltd Internet Data Centre, 13448 | 208.80.194.30 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.194.34 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 4713 | 123.224.99.61 | 123.224.0.0/14 | JP | OCN NTT Communications Corporation 9116 | 77.124.145.20 | 77.124.144.0/20 | IL | GOLDENLINES-ASN 012 Smile Communications Main Autonomous System 7385 | 70.98.34.147 | 70.96.0.0/14 | US | INTEGRATELECOM - Integra Telecom, Inc. 2914 | 128.241.107.7 | 128.241.0.0/16 | US | NTT-COMMUNICATIONS-2914 - NTT America, Inc. 9116 | 87.70.86.117 | 87.70.64.0/18 | IL | GOLDENLINES-ASN 012 Smile Communications Main Autonomous System 6994 | 216.38.144.173 | 216.38.128.0/19 | US | FASTMETRICS - Fastmetrics, LLC 13448 | 208.80.194.27 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 5089 | 82.16.102.87 | 82.16.0.0/13 | GB | NTL NTL Group Limited 24436 | 203.5.112.28 | 203.5.112.0/24 | AU | UQ-AS-AP University of Queensland 131 | 128.111.48.95 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California, Santa Barbara 29944 | 67.217.160.100 | 67.217.160.0/19 | US | PULLTHEPLUG - PullThePlug Technologies LLC 174 | 38.103.37.245 | 38.0.0.0/8 | US | COGENT Cogent/PSI 34011 | 188.93.8.150 | 188.93.8.0/21 | DE | DOMAINFACTORY domainfactory GmbH 6871 | 212.56.95.253 | 212.56.64.0/18 | GB | PLUSNET PlusNet PLC 8560 | 74.208.16.163 | 74.208.0.0/16 | US | ONEANDONE-AS 1&1 Internet AG 21844 | 67.15.250.18 | 67.15.0.0/16 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 33552 | 204.14.90.25 | 204.14.90.0/24 | US | FLUIDHOSTING - Fluid Hosting LLC 6871 | 212.56.95.253 | 212.56.64.0/18 | GB | PLUSNET PlusNet PLC 7132 | 99.189.54.161 | 99.176.0.0/12 | US | SBIS-AS - AT&T Internet Services 7132 | 99.189.52.191 | 99.176.0.0/12 | US | SBIS-AS - AT&T Internet Services 7132 | 99.14.103.153 | 99.0.0.0/12 | US | SBIS-AS - AT&T Internet Services 33491 | 98.223.73.83 | 98.222.0.0/15 | US | COMCAST-33491 - Comcast Cable Communications, Inc. 20115 | 97.80.137.110 | 97.80.128.0/18 | US | CHARTER-NET-HKY-NC - Charter Communications 6849 | 95.134.160.15 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.8.238 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.23.221 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.23.171 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.146.219 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 95.133.117.128 | 95.132.0.0/14 | UA | UKRTELNET JSC UKRTELECOM, 15962 | 95.105.173.253 | 95.105.128.0/17 | SK | OSK-DNI ORANGE Slovensko - ISP IP backbone 35002 | 94.53.2.19 | 94.53.0.0/19 | RO | NEWCOM-ASN New Com Telecomunicatii SA 16276 | 94.23.201.45 | 94.23.0.0/16 | FR | OVH OVH 6849 | 94.179.55.249 | 94.179.0.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.179.48.200 | 94.179.0.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.179.19.65 | 94.179.0.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.179.115.241 | 94.179.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 94.178.65.37 | 94.178.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 12874 | 93.39.197.60 | 93.36.0.0/14 | IT | FASTWEB Fastweb SpA 31147 | 93.186.171.177 | 93.186.168.0/22 | DE | INLINE-AS Inline Internet Online Dienste GmbH 5391 | 93.136.83.241 | 93.136.0.0/16 | HR | T-HT T-Com Croatia Internet network 21220 | 93.112.91.3 | 93.112.64.0/19 | RO | TELEMOBIL Telemobil S.A. 9050 | 92.86.197.202 | 92.86.0.0/16 | RO | RTD ROMTELECOM S.A 9050 | 92.80.81.98 | 92.80.0.0/16 | RO | RTD ROMTELECOM S.A 9050 | 92.80.121.16 | 92.80.0.0/16 | RO | RTD ROMTELECOM S.A 3209 | 92.74.32.41 | 92.72.0.0/13 | DE | VODANET International IP-Backbone of Vodafone 6849 | 92.113.86.1 | 92.113.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 92.113.72.136 | 92.113.64.0/18 | UA | UKRTELNET JSC UKRTELECOM, 6849 | 92.113.207.114 | 92.113.192.0/18 | UA | UKRTELNET JSC UKRTELECOM, 31334 | 91.65.6.43 | 91.65.0.0/17 | DE | KABELDEUTSCHLAND-AS Kabel Deutschland Breitband Service GmbH 44418 | 91.199.104.15 | 91.199.104.0/24 | RO | BITDEFENDER-AS SC Bitdefender SRL 3215 | 90.54.97.86 | 90.54.0.0/16 | FR | AS3215 France Telecom - Orange 5607 | 90.195.34.160 | 90.192.0.0/11 | GB | BSKYB-BROADBAND-AS BSkyB Broadband 3249 | 90.191.234.113 | 90.190.0.0/15 | EE | ESTPAK Elion Enterprises Ltd. 35592 | 89.187.132.181 | 89.187.128.0/19 | CZ | COOLHOUSING-AS COOLHOUSING Autonomous System 2860 | 89.180.176.86 | 89.180.0.0/16 | PT | NOVIS Novis Telecom, S.A. 9121 | 88.246.118.245 | 88.246.0.0/17 | TR | TTNET TTnet Autonomous System 12322 | 88.121.16.199 | 88.120.0.0/13 | FR | PROXAD Free SAS 3320 | 87.179.7.66 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.6.239 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.5.124 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.45.29 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.43.93 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.43.212 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.47 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.41 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.219 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.41.187 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.40.247 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.38.193 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.34.65 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.34.233 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.3.112 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.23.207 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.23.18 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.23.119 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.22.175 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.179.21.28 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.255.247 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.249.211 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.249.145 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.238.107 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.231.174 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.198.190 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.189.93 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 87.177.173.7 | 87.128.0.0/10 | DE | DTAG Deutsche Telekom AG 3269 | 87.13.223.119 | 87.13.128.0/17 | IT | ASN-IBSNAZ Telecom Italia S.p.a. 31103 | 87.118.104.203 | 87.118.64.0/18 | DE | KEYWEB-AS Keyweb AG 15557 | 86.70.223.209 | 86.64.0.0/12 | FR | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS) 35191 | 86.63.126.147 | 86.63.64.0/18 | PL | ASTA-NET ASTA-NET MALDZINSKI, RYCZEK S.J. 2856 | 86.169.235.51 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.159.221.195 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.155.122.216 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.154.5.173 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 2856 | 86.152.202.39 | 86.128.0.0/10 | GB | BT-UK-AS BTnet UK Regional network 16265 | 85.17.130.250 | 85.17.0.0/16 | NL | LEASEWEB LEASEWEB AS 8404 | 84.74.152.59 | 84.72.0.0/14 | CH | CABLECOM Cablecom GmbH 25408 | 84.52.118.133 | 84.52.64.0/18 | RU | WESTCALL-SPB-AS West Call Ltd carrier services ISP, St.Petersburg 3292 | 83.91.86.29 | 83.88.0.0/13 | DK | TDC TDC Data Networks 3292 | 83.89.217.82 | 83.88.0.0/13 | DK | TDC TDC Data Networks 21021 | 83.68.75.74 | 83.68.64.0/19 | PL | MULTIMEDIA-AS Multimedia Polska Sp.z o.o. 3352 | 83.36.198.244 | 83.36.0.0/16 | ES | TELEFONICA-DATA-ESPANA TELEFONICA DE ESPANA 6854 | 83.229.245.130 | 83.229.128.0/17 | RU | SYNTERRA-AS CJSC Synterra 3215 | 83.202.222.11 | 83.202.128.0/17 | FR | AS3215 France Telecom - Orange 5089 | 82.41.59.130 | 82.40.0.0/15 | GB | NTL NTL Group Limited 25148 | 81.93.167.102 | 81.93.160.0/20 | NO | BASEFARM-ASN Basefarm AS. Oslo - Norway 5432 | 81.244.229.86 | 81.244.0.0/14 | BE | BELGACOM-SKYNET-AS Belgacom regional ASN 25272 | 80.92.107.72 | 80.92.96.0/20 | RU | SINSTELECOM-AS JSC _AKADO-Stolitsa_ 5617 | 80.54.117.13 | 80.48.0.0/13 | PL | TPNET Polish Telecom_s commercial IP network 3356 | 8.6.118.7 | 8.0.0.0/9 | US | LEVEL3 Level 3 Communications 3320 | 79.215.113.102 | 79.192.0.0/10 | DE | DTAG Deutsche Telekom AG 3320 | 79.215.105.58 | 79.192.0.0/10 | DE | DTAG Deutsche Telekom AG 8551 | 79.178.131.27 | 79.178.128.0/20 | IL | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone 15658 | 79.134.64.221 | 79.134.64.0/19 | RU | INETCOMM-AS INET LTD 1241 | 79.103.75.247 | 79.103.64.0/19 | GR | FORTHNET-GR FORTHnet 8764 | 78.57.6.12 | 78.57.0.0/17 | LT | TEOLTAB TEO LT AB Autonomous System 29562 | 78.42.47.81 | 78.42.0.0/15 | DE | KABELBW-ASN Kabel Baden-Wuerttemberg GmbH & Co. KG 13285 | 78.149.83.182 | 78.148.0.0/14 | GB | OPALTELECOM-AS Opal Telecom 8612 | 78.14.83.162 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 8612 | 78.14.82.76 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 8612 | 78.14.80.118 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 8612 | 78.14.79.31 | 78.12.0.0/14 | IT | TISCALI-IT Tiscali Italia SpA. 35549 | 78.134.229.219 | 78.134.128.0/17 | HR | METRONET-AS Metronet telekomunikacije d.d. 29256 | 78.110.96.7 | 78.110.96.0/20 | SY | STE-AS Syrian Telecommunications Establishment 8400 | 77.46.208.146 | 77.46.128.0/17 | RS | TELEKOM-AS TELEKOM SRBIJA a.d. 10796 | 76.189.138.157 | 76.189.0.0/16 | US | SCRR-10796 - Road Runner HoldCo LLC 25973 | 72.37.244.76 | 72.37.244.0/22 | US | MZIMA - Mzima Networks, Inc. 3356 | 72.236.167.154 | 72.236.166.0/23 | US | LEVEL3 Level 3 Communications 22773 | 72.192.165.221 | 72.192.128.0/18 | US | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 7015 | 71.192.35.21 | 71.192.0.0/16 | US | COMCAST-7015 - Comcast Cable Communications Holdings, Inc 7015 | 71.192.32.59 | 71.192.0.0/16 | US | COMCAST-7015 - Comcast Cable Communications Holdings, Inc 19262 | 71.179.3.141 | 71.179.0.0/16 | US | VZGNI-TRANSIT - Verizon Online LLC 21844 | 70.84.211.98 | 70.84.0.0/14 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 22773 | 70.181.48.131 | 70.181.0.0/18 | US | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 6128 | 69.126.7.12 | 69.120.0.0/13 | US | CABLE-NET-1 - Cablevision Systems Corp. 33657 | 68.50.103.11 | 68.50.0.0/16 | US | CMCS - Comcast Cable Communications, Inc. 46218 | 68.235.227.208 | 68.235.226.0/23 | US | COMPORIUM-BREVARD-AS - Comporium Communications 36666 | 68.168.113.163 | 68.168.112.0/20 | CA | GTCOMM - GloboTech Communications 3356 | 67.97.80.5 | 67.97.80.0/23 | US | LEVEL3 Level 3 Communications 17370 | 67.97.80.5 | 67.97.80.0/23 | US | MCAFEE-COM - McAfee, Inc. 29944 | 67.217.160.100 | 67.217.160.0/19 | US | PULLTHEPLUG - PullThePlug Technologies LLC 2828 | 67.111.14.147 | 67.104.0.0/13 | US | XO-AS15 - XO Communications 30217 | 66.230.230.230 | 66.230.224.0/20 | US | DESYNC - Desync Networks 15149 | 66.199.253.178 | 66.199.224.0/19 | US | EZZI-101-BGP - Access Integrated Technologies, Inc. 20115 | 66.168.80.34 | 66.168.80.0/20 | US | CHARTER-NET-HKY-NC - Charter Communications 6128 | 65.51.52.90 | 65.51.0.0/16 | US | CABLE-NET-1 - Cablevision Systems Corp. 6488 | 65.39.67.100 | 65.39.64.0/19 | US | AMUG - Arizona Macintosh Users Group 22822 | 65.23.158.193 | 65.23.128.0/19 | US | LLNW - Limelight Networks, Inc. 15169 | 64.233.172.18 | 64.233.172.0/24 | US | GOOGLE - Google Inc. 3561 | 64.14.68.27 | 64.14.0.0/16 | US | SAVVIS - Savvis 4323 | 64.128.133.180 | 64.128.128.0/20 | US | TWTC - tw telecom holdings, inc. 4323 | 64.128.133.131 | 64.128.128.0/20 | US | TWTC - tw telecom holdings, inc. 6461 | 64.124.203.77 | 64.124.0.0/15 | US | MFNX MFN - Metromedia Fiber Network 21788 | 64.120.158.96 | 64.120.128.0/18 | US | NOC - Network Operations Center Inc. 21788 | 64.120.158.77 | 64.120.128.0/18 | US | NOC - Network Operations Center Inc. 21788 | 64.120.158.57 | 64.120.128.0/18 | US | NOC - Network Operations Center Inc. 21788 | 64.120.158.3 | 64.120.128.0/18 | US | NOC - Network Operations Center Inc. 21788 | 64.120.158.123 | 64.120.128.0/18 | US | NOC - Network Operations Center Inc. 17232 | 63.240.91.179 | 63.240.64.0/18 | US | AT&T US 20845 | 62.165.196.117 | 62.165.196.0/23 | HU | DIGICABLE DIGI Ltd. 31103 | 62.141.58.13 | 62.141.48.0/20 | DE | KEYWEB-AS Keyweb AG 4766 | 61.73.43.30 | 61.72.0.0/13 | KR | KIXS-AS-KR Korea Telecom 10013 | 61.12.150.166 | 61.12.128.0/17 | JP | FBDC FreeBit Co.,Ltd. 4788 | 60.52.98.126 | 60.52.64.0/18 | MY | TMNET-AS-AP TM Net, Internet Service Provider 9829 | 59.93.78.49 | 59.93.64.0/20 | IN | BSNL-NIB National Internet Backbone 4755 | 59.160.150.49 | 59.160.144.0/20 | IN | TATACOMM-AS TATA Communications formerly VSNL is Leading ISP 17622 | 58.248.188.68 | 58.248.160.0/19 | CN | CNCGROUP-GZ CNCGROUP IP network of GuangZhou region MAN network 8452 | 41.238.75.245 | 41.238.75.0/24 | EG | TE-AS TE-AS 23028 | 38.229.0.75 | 38.229.0.0/19 | US | TEAM-CYMRU - Team Cymru Inc. 174 | 38.105.71.115 | 38.0.0.0/8 | US | COGENT Cogent/PSI 33651 | 24.4.75.188 | 24.4.0.0/15 | US | CMCS - Comcast Cable Communications, Inc. 11426 | 24.199.184.123 | 24.199.128.0/18 | US | SCRR-11426 - Road Runner HoldCo LLC 7015 | 24.128.146.21 | 24.128.128.0/17 | US | COMCAST-7015 - Comcast Cable Communications Holdings, Inc 4134 | 222.216.51.97 | 222.216.48.0/20 | CN | CHINANET-BACKBONE No.31,Jin-rong Street 4766 | 222.112.143.129 | 222.112.0.0/13 | KR | KIXS-AS-KR Korea Telecom 4837 | 221.6.44.8 | 221.6.0.0/16 | CN | CHINA169-BACKBONE CNCGROUP China169 Backbone 2510 | 219.116.48.74 | 219.116.0.0/16 | JP | INFOWEB FUJITSU LIMITED 3320 | 217.91.177.21 | 217.80.0.0/12 | DE | DTAG Deutsche Telekom AG 15756 | 217.23.143.149 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.143.148 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.143.146 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.142.67 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.140.61 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.134.60 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.134.59 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.99 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.197 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.133.100 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.132.226 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15756 | 217.23.132.189 | 217.23.128.0/19 | RU | CARAVAN CJSC Caravan-Telecom 15734 | 217.149.155.195 | 217.149.144.0/20 | ES | IDH Telvent Housing, S.A. 6994 | 216.38.144.175 | 216.38.128.0/19 | US | FASTMETRICS - Fastmetrics, LLC 26250 | 216.17.247.47 | 216.17.247.0/24 | US | WEBROOT-CORP-AS1 - Webroot Software, Inc. 2119 | 213.115.201.4 | 213.112.0.0/14 | SE | TELENOR-NEXTEL T.net 15658 | 212.152.49.227 | 212.152.32.0/19 | RU | INETCOMM-AS INET LTD 15658 | 212.152.47.173 | 212.152.32.0/19 | RU | INETCOMM-AS INET LTD 1680 | 212.143.70.165 | 212.143.0.0/16 | IL | NV-ASN 013 NetVision Ltd. 9443 | 211.26.92.124 | 211.26.92.0/24 | AU | INTERNETPRIMUS-AS-AP Primus Telecommunications 9269 | 210.6.70.131 | 210.6.64.0/18 | HK | CTIHK-AS-AP City Telecom (H.K.) Ltd. 4766 | 210.105.37.123 | 210.105.0.0/16 | KR | KIXS-AS-KR Korea Telecom 14361 | 209.160.33.8 | 209.160.32.0/20 | US | HOPONE-GLOBAL - HopOne Internet Corporation 13448 | 208.80.193.55 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.54 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.53 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.45 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.44 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.42 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.40 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.29 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.28 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 13448 | 208.80.193.27 | 208.80.192.0/21 | US | WEBSENSE Websense, Inc. 14972 | 208.75.57.100 | 208.75.56.0/22 | US | BITPU-AS - BitPusher, LLC 3549 | 208.50.101.157 | 208.50.0.0/17 | US | GBLX Global Crossing Ltd. 3549 | 208.50.101.151 | 208.50.0.0/17 | US | GBLX Global Crossing Ltd. 7296 | 208.118.60.155 | 208.118.48.0/20 | US | ALCHEMYNET - Alchemy Communications, Inc. 7296 | 208.118.60.154 | 208.118.48.0/20 | US | ALCHEMYNET - Alchemy Communications, Inc. 852 | 207.219.97.51 | 207.219.0.0/16 | CA | ASN852 - Telus Advanced Communications 13911 | 204.209.56.56 | 204.209.56.0/23 | CA | TERA-BYTE - Tera-byte Online Services 37907 | 202.172.28.100 | 202.172.24.0/21 | JP | DIGIROCK DigiRock, Inc. 28573 | 201.53.196.195 | 201.53.192.0/19 | BR | NET Servicos de Comunicao S.A. 6503 | 200.38.74.135 | 200.38.64.0/19 | MX | Axtel, S.A.B. de C. V. 14522 | 200.25.135.149 | 200.25.132.0/22 | EC | Satnet 125 | 199.64.0.252 | 199.64.0.0/24 | US | HI-NET-AS - Honeywell International, Inc. 1680 | 199.203.92.238 | 199.203.0.0/16 | US | NV-ASN 013 NetVision Ltd. 49238 | 195.88.252.11 | 195.88.252.0/23 | CZ | DRWEB-AS Doctor Web Ltd 15968 | 195.214.79.22 | 195.214.79.0/24 | DE | NETPILOT NETpilot GmbH , Muenchen , Germany 8497 | 195.134.168.251 | 195.134.160.0/19 | FR | TRANSEO Autonomous System 3292 | 194.192.187.15 | 194.192.0.0/16 | DK | TDC TDC Data Networks 9064 | 194.102.94.245 | 194.102.94.0/24 | RO | IIRUC-DIGICOM-SA Satellite Communications Operator 131 | 192.35.222.209 | 192.35.222.0/24 | US | UCSB-NET-AS - University of California, Santa Barbara 6805 | 192.251.226.206 | 192.251.226.0/24 | EU | TDDE-ASN1 Telefonica o2 Germany Autonomous System 28573 | 189.32.115.52 | 189.32.96.0/19 | BR | NET Servicos de Comunicao S.A. 3209 | 188.99.253.32 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.248.83 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.244.80 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.244.241 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.236.159 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.229.61 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.99.228.134 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 3209 | 188.98.79.8 | 188.96.0.0/12 | DE | VODANET International IP-Backbone of Vodafone 39758 | 188.240.47.24 | 188.240.47.0/24 | RO | SIMPLIQ-AS SimpliQ SRL 21844 | 174.133.89.90 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.89 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.88 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.87 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.86 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.85 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.84 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.83 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.82 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 36727 | 74.133.89.81 | 74.133.0.0/17 | US | INSIGHT-COMMUNICATIONS-CORP-AS1 - INSIGHT COMMUNICATIONS COMPANY, L.P. 21844 | 174.133.89.80 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.79 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.78 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.77 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.76 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.75 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.74 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.73 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.72 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.71 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 21844 | 174.133.89.70 | 174.132.0.0/15 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc. 10994 | 173.169.76.143 | 173.168.0.0/14 | US | TAMPA2-TWC-5 - Road Runner HoldCo LLC 174 | 149.9.0.58 | 149.9.0.0/16 | US | COGENT Cogent/PSI 174 | 149.9.0.237 | 149.9.0.0/16 | US | COGENT Cogent/PSI 5483 | 145.236.111.144 | 145.236.0.0/16 | EU | HTC-AS Hungarian Telecom ; Magyar Telekom 680 | 141.76.45.35 | 141.76.0.0/16 | EU | DFN-IP service X-WiN 680 | 141.76.45.34 | 141.76.0.0/16 | EU | DFN-IP service X-WiN 1659 | 140.115.83.203 | 140.115.0.0/16 | TW | ERX-TANET-ASN1 Tiawan Academic Network (TANet) Information Center 18420 | 140.115.83.203 | 140.115.0.0/16 | TW | NCU-TW National Central University 553 | 134.155.241.17 | 134.155.0.0/16 | EU | BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue) 196 | 130.76.54.187 | 130.76.32.0/19 | US | RISC-SYSTEM - Rockwell Scientific Company 196 | 130.76.32.16 | 130.76.32.0/19 | US | RISC-SYSTEM - Rockwell Scientific Company 30674 | 129.62.185.238 | 129.62.160.0/19 | US | BAYLORU - Baylor University 30674 | 129.62.100.70 | 129.62.96.0/19 | US | BAYLORU - Baylor University 679 | 128.130.56.9 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.8 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.7 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.6 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.5 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.4 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.30 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.3 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.29 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.28 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.27 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.26 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.25 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.24 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.23 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.22 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.21 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.20 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.2 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.19 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.18 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.17 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.16 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.15 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.14 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.13 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.12 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.11 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.10 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.1 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 679 | 128.130.56.0 | 128.130.0.0/15 | EU | TUNET-AS Vienna University of Technology 131 | 128.111.48.95 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California, Santa Barbara 131 | 128.111.48.6 | 128.111.0.0/16 | US | UCSB-NET-AS - University of California, Santa Barbara 2497 | 125.30.121.219 | 125.30.0.0/16 | JP | IIJ Internet Initiative Japan Inc. 17858 | 124.49.72.145 | 124.48.0.0/13 | KR | KRNIC-ASBLOCK-AP KRNIC 4713 | 123.225.16.153 | 123.224.0.0/14 | JP | OCN NTT Communications Corporation 4713 | 122.17.132.10 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 4713 | 122.17.117.124 | 122.16.0.0/12 | JP | OCN NTT Communications Corporation 24560 | 122.169.95.33 | 122.169.0.0/17 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.167.194.37 | 122.167.192.0/22 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.167.179.50 | 122.167.176.0/21 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.165.53.117 | 122.165.48.0/20 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.164.95.140 | 122.164.0.0/16 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 24560 | 122.164.104.101 | 122.164.0.0/16 | IN | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 4766 | 121.129.201.42 | 121.128.0.0/13 | KR | KIXS-AS-KR Korea Telecom 7018 | 12.54.227.250 | 12.0.0.0/9 | US | ATT-INTERNET4 - AT&T WorldNet Services 18403 | 118.70.127.134 | 118.70.112.0/20 | VN | FPT-AS-AP The Corporation for Financing & Promoting Technology 7552 | 115.75.57.160 | 115.75.48.0/20 | VN | VIETEL-AS-AP Vietel Corporation 2510 | 164.71.1.146 | 164.71.0.0/16 | JP | INFOWEB FUJITSU LIMITED 2510 | 164.71.1.147 | 164.71.0.0/16 | JP | INFOWEB FUJITSU LIMITED 2510 | 164.71.1.148 | 164.71.0.0/16 | JP | INFOWEB FUJITSU LIMITED 2510 | 164.71.1.149 | 164.71.0.0/16 | JP | INFOWEB FUJITSU LIMITED 2510 | 192.51.44.10 | 192.51.44.0/24 | JP | INFOWEB FUJITSU LIMITED 2510 | 192.51.44.13 | 192.51.44.0/24 | JP | INFOWEB FUJITSU LIMITED 2510 | 192.51.44.18 | 192.51.44.0/24 | JP | INFOWEB FUJITSU LIMITED 2510 | 192.51.44.19 | 192.51.44.0/24 | JP | INFOWEB FUJITSU LIMITED 2510 | 210.131.75.80 | 210.131.0.0/17 | JP | INFOWEB FUJITSU LIMITED 2510 | 210.131.75.81 | 210.131.0.0/17 | JP | INFOWEB FUJITSU LIMITED 2510 | 210.131.75.82 | 210.131.0.0/17 | JP | INFOWEB FUJITSU LIMITED 2510 | 210.131.75.83 | 210.131.0.0/17 | JP | INFOWEB FUJITSU LIMITED 2510 | 210.131.75.84 | 210.131.0.0/17 | JP | INFOWEB FUJITSU LIMITED 3561 | 216.33.229.163 | 216.32.0.0/14 | US | SAVVIS - Savvis 15169 | 216.239.33.96 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.33.97 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.33.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.33.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.37.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.37.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.39.98 | 216.239.39.0/24 | US | GOOGLE - Google Inc. 15169 | 216.239.39.99 | 216.239.39.0/24 | US | GOOGLE - Google Inc. 15169 | 216.239.41.96 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.41.97 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.41.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.41.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 36384 | 216.239.45.4 | 216.239.44.0/23 | US | GOOGLE-IT - Google Incorporated 15169 | 216.239.51.96 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.51.97 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.51.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.51.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.53.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.53.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.57.96 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.57.97 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.57.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.57.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.59.98 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 15169 | 216.239.59.99 | 216.239.32.0/19 | US | GOOGLE - Google Inc. 12312 | 62.27.59.227 | 62.26.0.0/15 | DE | ECOTEL ecotel communication ag 701 | 63.83.186.67 | 63.80.0.0/12 | US | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business 3561 | 64.68.80.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.81.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.82.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.83.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.84.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.85.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.86.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.87.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.88.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.89.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.90.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.91.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 3561 | 64.68.92.0 | 64.68.64.0/19 | US | SAVVIS - Savvis 21844 | 69.93.20.34 | 69.93.0.0/16 | US | THEPLANET-AS - ThePlanet.com Internet Services, Inc.

Crimepack 3.1.3 includes 15 exploits listed below. 

001
name="mdac"
desc="IE6 COM CreateObject Code Execution"
CVE-2006-0003 -MS06-014 for lE6/Microsoft Data Access Components (MDAC) Remote Code Execution

002
name="msiemc"
desc="IE7 Uninitialized Memory Corruption"
CVE-2009-0075/0076 - MS09-002 - lE7 Memory Corruption

003
name="javagetval"
desc="Java getValue Remote Code Execution"
CVE-2010-0840 Java Trusted Method Chaining

004
name="javanew"
desc="JRE 'WebStart' RCE"
CVE-2010-1423 - Java Deployment Toolkit Remote Argument Injection Vulnerability

005
name="javaold"
desc="Java Deserialize"
CVE-2008-5353 - Javad0—JRECalendar  Java Deserialize

006
name="hcp"
desc="Microsoft Help & Support Centre"
CVE-2010-1885 - Help Center URL Validation Vulnerability

007
name="iepeers"
desc="IEPeers Remote Code Execution"
CVE-2010-0806 - IEPeers Remote Code Execution

008
name="pdfexpl"
desc="PDF Exploits (collectEmailInfo, getIcon, util.printf)"
CVE-2008-2992 - PDF Exploit• util.printf     
CVE-2009-0927 - PDF Exploit- collab.getlcon      
CVE-2007-5659/2008-0655 - PDF Exploit -collab, collectEmaillnfo

009
name="opera"
desc="Opera TN3270"
CVE-2009-3269 - Telnet for Opera Th3270 

010
name="aol"
desc="AOL Radio AmpX Buffer Overflow"
CVE-2007-5755 - AOL Radio AmpX Buffer Overflow 

011
name="iexml"
desc="Internet Explorer 7 XML Exploit"
CVE-2008-4844 - Internet Explorer 7 XML Exploit 

012
name="firefoxdiffer"
desc="Firefox 3.5/1.4/1.5 exploits"
CVE-2009-0355 - Firefox - Components/sessionstore/src/nsSessionStore.js 

013
name="spreadsheet"
desc="OWC Spreadsheet Memory Corruption"
CVE-2009-1136 - MSO9-043 - lE OWC Spreadsheet ActiveX control Memory Corruption
 

The following exploits that were present in the previous versions were removed:
CVE-2008-2463 - M508-041 - MS Access Snapshot Viewer
CVE-2009-3867 - Java Runtime Env. getSoundBank Stack BOF  
CVE-2010-0188    PDF Exploit - LibTiff Integer Overflow  

PDF Generator
This version of exploit pack does not include many pdf exploits - only three older ones using the following vulnerabilities. 
CVE-2008-2992 - PDF Exploit• util.printf     
CVE-2009-0927 - PDF Exploit- collab.getlcon      
CVE-2007-5659/2008-0655 - PDF Exploit -collab, collectEmaillnfo


However, it includes a pdf exploit builder - generator cryptor.php, which will generate malicious pdfs on the fly with various MD5 hash values for each victim.
Please read a bit more at InReverse.net

hello world

The week has been busy and no new updates were done. I am planning to post some this weekend - mostly CVE-2010-2883 and older (i.e. no new cve at the moment). Have a great weekend.

Sep 21 CVE-2010-2883 PDF Agenda of the United Nations Criminal Justice Events in October 2010

CVE-2010-2883 Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.3.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. 

Download  ac4a484bb27e08433f822d4120291be4 UNICRI-Agenda-2010.pdf as a password protected archive (contact me if you need the password)


From: Cook Henry [mailto:henry.b.cook@gmail.com]
Sent: Tuesday, September 21, 2010 2:46 PM
To: XXXXXXXXXX
Subject: Agenda of the United Nations Criminal Justice Events in October 2010

 sir,
   In case this is useful for you.

File name:
UNICRI-Agenda-2010.pdf
http://www.virustotal.com/file-scan/report.html?id=b058fcc16446464c0aa94edabbc98cfd87d5d2ac2f9e3009b11a3aff96ed53b7-1286451255
13/ 43 (30.2%)
AntiVir    7.10.12.146    2010.10.07    HTML/Malicious.PDF.Gen
Avast    4.8.1351.0    2010.10.07    PDF:CVE-2010-2883
Avast5    5.0.594.0    2010.10.07    PDF:CVE-2010-2883
AVG    9.0.0.851    2010.10.07    Exploit_c.KLX
BitDefender    7.2    2010.10.07    Exploit.PDF-TTF.Gen
Emsisoft    5.0.0.50    2010.10.07    Exploit.Win32.CVE-2010-2883.a!A2
F-Secure    9.0.15370.0    2010.10.07    Exploit.PDF-TTF.Gen
Fortinet    4.2.249.0    2010.10.07    PDF/CoolType!exploit.CVE20102883
GData    21    2010.10.07    Exploit.PDF-TTF.Gen
Kaspersky    7.0.0.125    2010.10.07    Exploit.Win32.CVE-2010-2883.a
Microsoft    1.6201    2010.10.07    Exploit:Win32/CVE-2010-2883.A
PCTools    7.0.3.5    2010.10.07    HeurEngine.MaliciousExploit
Symantec    20101.2.0.161    2010.10.07    Bloodhound.Exploit.357
Additional information
MD5   : ac4a484bb27e08433f822d4120291be4

CVE-2010-2883 Adobe 0-Day David Leadbetter's One Point Lesson from 193.106.85.61 thomasbennett34@yahoo.com

CVE-2010-2883 Security Advisory for Adobe Reader and Acrobat
A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

Technical Analysis and Research links (just a few, in no particular order, send more if you want me to add)

• Brief Analysis On Adobe Reader SING Table Parsing Vulnerability (CVE-2010-2883) Matt Oh
• Return of the Unpublished Adobe Vulnerability http://blog.metasploit.com/ Joshua J. Drake
• New Adobe 0day Demonstration - Attack Vector  Matt 
• Adobe advises on new Reader and Acrobat vulnerability Chester Wisniewski’s Blog  
• VUPEN Vulnerability Research Team (VRT) Blog- Criminals Are Getting Smarter: Analysis of the Adobe Acrobat / Reader 0-Day Exploit << very detailed analysis
• 
  
  
  
  Technical Analysis of Adobe Acrobat and Reader Zero-Day Exploit by by Yuki Chen Trendlabs
• =================================================================

Download  687b8d2112f25e330820143ede7fedce Golf Clinic.pdf as a password protected archive (contact me if you need the password)

Download files

• golf clinic.pdf - (\Application Data) - 6AF93ED231AEA3B00769FC8283943E75
• iso88591 - (same location as the original) F7A341ACBB05F6A597EC33ACCB7AD04E
• wincrng.exe + winhelp32.exe (downloaded from academyhouse.us)  687B8D2112F25E330820143EDE7FEDCE
• igfxver.exe (%tmp%)   E8CE9CB98C71405F0FB3888235302568 - dropped by the original

Download hlp.cpl signed with the stolen Verisign certificate issued to secure2.ccuu.com

Update 10

Lead Adobe 0-day CVE-2010-2883 Made in Korea  - by villy

Update9

[Unofficial] 0-Day Acrobat SING Table Vulnerability Patch (sent by INT3 CC, thank you)

https://www.rafzar.com/node/22

I did not test but heard it works well. Try it, test it

Update 8

 DEP Bypass in Golf Clinic PDF by Cédric Gilbert, SkyRecon Systems

Cédric Gilbert, from  SkyRecon Systems sent a short and later (per my request, because I wanted to understand it ) , a more detailed explanation for the DEP bypass  - in clear terms, for people who don't already know everything :)
Please comment and correct, if you find mistakes, we will add the corrections. Many thanks!
---------------------------------------------

There are 4 settings for DEP :

-          AlwaysOff

-          Opt-in

-          Opt-out

-          Always On

‘Opt-in’ is the one used by default on every Desktop Edition of Windows, while ‘opt-out’ is the default for Server Editions.

‘Opt-in’ only protects software that is fully compatible with DEP (those software programs are marked at compilation with the flag ‘/NXCOMPAT’).

‘Opt-out’ protects every software program (even the ones without /NXCOMPAT) except the ones explicitly added by the administrator to a white list.

“AcroRd32.exe” is not /NXCOMPAT, thus if an execution occurs in a page in memory marked as ‘not executable’ (the heap for instance), DEP in ‘opt-in’ mode will ignore the fault and silently change the rights of the page to ‘EXECUTE’. On the other hand, if DEP is set to ‘opt-out’, it will immediately kill the faulting process. This is why most exploits using heap spraying actually do work. Because even though execution occurs on the heap (NO EXEC) when the execution flow is redirected into the ‘nop’ slide, DEP in opt-in mode will not block the attack.

Now the writers of the exploit used in this case obviously wanted to go a step further by bypassing DEP even in its ‘opt-out’ or ‘always-on’ mode.

Which means that they had to find a way to execute their payload without triggering any ‘page fault’ in NO EXECUTE memory.

The best way to do so is to use some kind of ‘ret into libc’ technique (in this case a ROP technique). Instead of redirecting the execution flow into the heap, they redirect it to a CODE section in a DLL (which got EXECUTE rights) by overwriting saved eip on the stack. Of course no DLL exactly have the code that the attacker would like to execute, so the idea is to chain calls into this DLL on small code portions using return addresses smartly placed on the stack before the vulnerability is triggered. The problem with this technique is that it requires the attacker to use ‘hardcoded’ addresses pointing at each code portion that he wishes to execute. 

Starting with Windows Vista, Microsoft introduced a new protection called ‘ASLR’ for Address Space Layout Randomization. This protection, among other things, randomize the base address of each DLL when they get loaded into a process address space (the random base address changes at each boot). This protection was meant to defeat attacks, which used hardcoded addresses, since a randomized DLL place in memory is changing at each boot.

So to defeat both DEP and ASLR, the attacker got AcroRd32.exe to load a DLL not compatible with ASLR into its address space (I do not know how they managed to do so at the moment).

The DLL used is “icucnv34.dll”, the fact that it is not compatible with ASLR means that it will always get loaded at the same address in memory, thus allowing the attacker to use ‘hardcoded’ addresses pointing to this DLL.

The thing is, it’s very complicated to build a whole shellcode using this kind chained call into a DLL. So the attacker used it only to get a place in memory allocated with exec rights, copy his shellcode on it and, eventually, jump on it and do whatever he wants without caring about DEP anymore.

In this exploit, the attacker manages to do so by chaining 4 API call in “icucnv34.dll”.

1)      CreateFileA:

IN      LPCTSTR lpFileName                       = 4a8254e0                 = « iso88591 »
IN      DWORD dwDesiredAccess              = 0x 10000000           = GENERIC_ALL
IN      DWORD dwShareMode                   = 0                               = not shared
IN      lpSecurityAttributes (OPTIONAL)   = 0
IN      DWORD dwCreationDisposition      = 2                              = CREATE_ALWAYS

IN      DWORD dwFlagsAndAttributes      = 0x102                      = FILE_ATTRIBUTE_TEMPORARY | FILE_ATTRIBUTE_HIDDEN

Here the attacker creates an empty file called “iso88591” at the location where the pdf was opened.

2)      CreateFileMappingA

IN           HANDLE               hFile                                       = 0x1c4                = handle on « iso88591 » 

IN OPT  lpAttributes                                                            = NULL

IN           DWORD               flProtect                                  = 0x40                  = PAGE_EXECUTE_READWRITE

IN           DWORD               dwMaximumSizeHigh            = 0

IN           DWORD               dwMaximumSizeLow            = 0x10000

IN OPT  LPCTSTR              lpName                                    = NULL

Since the file is empty, the attacker has to specify an arbitrary size for the file mapping.

At this point the attacker is ready to map the file into memory.

3)      MapViewOfFile

IN           HANDLE               hFileMappingObject              = 0x2dc          = Handle from CreateFileMappingA

IN           DWORD                dwDesiredAccess                  = 0x22            = FILE_MAP_EXECUTE | FILE_MAP_WRITE

IN           DWORD               dwFileOffsetHigh                  = 0

IN           DWORD               dwFileOffsetLow                   = 0

IN           SIZE_T                  dwNumberOfBytesToMap    = 0x10000

Now the attacker’s got a 0x10000 bytes space with EXECUTE rights allocated into memory. All that he has to do to complete his ‘DEP-evading-technique’ is to copy the shellcode that he wishes to execute in this newly allocated exec space and jump on it.

Which he does by calling :

4)       MSVCR80!memcpy

Dst = 0x05bc0000     // Base Address returned from the MapViewOfFile above

Src = 0885f118          // Not sure whether it is an address from the mapping of the pdf itself or something that he sprayed on the heap before

Len = 0x1000

And here we are, after this call the real payload (at 0x0885f118) is mapped into an ‘EXEC’ memory space (at 0x05bc0000). The jump to the the payload is actually made by the memcpy call itself since the return address set on the stack by the attacker for this call is the destination of the copy (0x05bc0000) ! BAM! Both ASLR and DEP are defeated!

Now one may ask : ”Ok nice, icucnv34.dll is not ASLR-compatible, but kernel32.dll is, so how did the attacker get the required API addresses?”. Well, it is pretty simple actually, he just had to use API imported by icucnv34.dll ! When this DLL got loaded, its import table got fixed by the loader with the addresses of all API required by the DLL.

Since the base address of icucnv34.dll is known by the attacker, he just had to retrieve the needed addresses from icucnv34.dll import table :)

  Cédric Gilbert, SkyRecon Systems

 

Update7    - Aurora?

Here here an interesting observation by Itzhak Avraham (Zuk) @ihackbanme about the fact that this pdf is using a technique similar to one found in Aurora.


DMS.bat mentioned in Update 6, has been observed during analysis of ad_1_.jpg file, which was one of the files recovered during the Aurora investigation (see Aurora US-CERT advisory here)

ad_1_.jpg unpacking/analysis - Aurora by Itzhak Avraham (Zuk)

DFS.bat from ad_1_.jpg (Aurora)

The DMS.bat from CVE-2010-2883 Adobe 0-Day

:Repeat
DEL "C:\DOCUME~1\USER\LOCALS~1\Temp\hlp.cpl"
if exist "C:\DOCUME~1\USER\LOCALS~1\Temp\hlp.cpl" goto Repeat
DEL "C:\DOCUME~1\USER\LOCALS~1\Temp\DMS.bat" 

Update6

Exploit in action:(see a video demo in the end of this post)
According to Sophos researchers (many thanks to Chester Wisniewski) -

• the shellcode drops hlp.cpl  DLL to  user %tmp% folder and then manually parses to its StartUp export and runs from there. 
• wincrng .exe gets downloaded using the DLLs's "DownloadFile" export from hxxp://academyhouse .us/from/wincrng exe to user Application Data folder, renames it to winhelp32.exe and runs it. The domain is currently under the control of Shadow Server (http:/internal/tools/whois/?domain=academyhouse.us)
• The DLL then calls its "MakeAndShowEgg" export, which reads a filename from the original PDF ("Golf Clinic.pdf") and then drops a clean PDF file (golf clinic.pdf 6AF93ED231AEA3B00769FC8283943E75) and launches it in Acrobat Reader so as not to arouse suspicion.  The text of the PDF, however, still arouses a lot of suspicion - see below :)
• Finally the DLL calls the imaginatively-titled "DeleteMyself" export to drop the file DMS.bat which deletes the DLL and then itself.

  The DMS.bat contents are

:Repeat
DEL "C:\DOCUME~1\USER\LOCALS~1\Temp\hlp.cpl"
if exist "C:\DOCUME~1\USER\LOCALS~1\Temp\hlp.cpl" goto Repeat
DEL "C:\DOCUME~1\USER\LOCALS~1\Temp\DMS.bat"  

 

Update5

 

A few more variants of this message

Variant 2

from 119.247.163.249 MD5 2802c47b48cced7f1f027f3b278d6bb3

From: Thomas Bennett [mailto:Thomas.Bennett@gmx.com]
Sent: Tuesday, September 07, 2010 5:41 AM
To: xxx
Subject: Golf Clinic, David Leadbetter's One Point Lesson
Importance: High

Hi
Want to improve your score?
In these golf tips David Leadbetter shows you some important principles Cause & Effect, which have been helpful to thousands of amateur golfers around world.

Whatever your handicap, Whatever your age or ability, the tips will improve your game!

bye