Unwanted ircu.krypt.com Port Scans

ircu.krypt.com Port Scans

We have been port scanning by ircu.krypt.com for a long time now. We have contacted krypt.com via fax, email, and via their live chat about the problem. To date, we have received no response with the exception of their live support stating it would take at least a week to review our complaint. We have had to set our firewall to block krypt.com from scanning our server by blocking their IP address but it still logs all attempts.

Examples of ircu.krypt.com port scans: 66.186.59.50 = (US/United States/ircu.krypt.com)

Jun 20 11:17:30 Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:21:4d:b7:e3:00:50:2a:c0:2a:80:08:00 SRC=66.186.59.50 DST=206.212.255.94 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=6087 DF PROTO=TCP SPT=6667 DPT=1094 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Jun 20 11:05:18 Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:21:4d:b7:e3:00:50:2a:c0:2a:80:08:00 SRC=66.186.59.50 DST=206.212.255.93 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=38857 DF PROTO=TCP SPT=6667 DPT=1144 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Jun 20 10:16:31 Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:21:4d:b7:e3:00:50:2a:c0:2a:80:08:00 SRC=66.186.59.50 DST=206.212.255.94 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=59145 DF PROTO=TCP SPT=6667 DPT=1191 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Jun 20 08:15:49 Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:21:4d:b7:e3:00:50:2a:c0:2a:80:08:00 SRC=66.186.59.50 DST=206.212.255.93 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=30539 DF PROTO=TCP SPT=6667 DPT=1087 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Jun 20 08:15:40 Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:21:4d:b7:e3:00:50:2a:c0:2a:80:08:00 SRC=66.186.59.50 DST=206.212.255.93 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=34698 DF PROTO=TCP SPT=6667 DPT=1042 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Jun 20 08:12:09 Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:21:4d:b7:e3:00:50:2a:c0:2a:80:08:00 SRC=66.186.59.50 DST=206.212.255.94 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=55242 DF PROTO=TCP SPT=6667 DPT=1272 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Ports Targeted by Krypt.com: Port 1102, Port 1039, Port 1042, Port 1050, Port 1087, Port 1094, Port 1144, Port 1191, Port 1225, Port 1264, Port 1272.

Why the daily port scans?

It is very strange that this company refuses to stop targeting our server for repetitive scans. Another question is what they intend to do if they could access those closed ports if they were not blocked? What’s the purpose of the scans?

We are not the only server being port scanned by this company. This Dshield website also lists ircu.krypt.com port scans as well.

Whois ircu.krypt.com?

IP: 66.186.59.50
Route: 66.186.59.0/24
AS: AS35908 VPLS

Domain Name: KRYPT.COM
(DBA VPLS, Inc.)
1744 W. Katella Avenue
Suite 200
Orange, California 92867
United States

Why is ircu.krypt.com port scanning?