CRAN HTTPS Mirrors

library(xml2)
library(httr)
library(curl)
library(stringi)
library(urltools)
library(ipinfo)
library(openssl)
library(furrr)
library(vershist) # install.packages("vershist", repos = "https://cinc.rud.is/")
library(ggalt)
library(ggbeeswarm)
library(hrbrthemes)
library(tidyverse)

Collect CRAN mirrors’ metadata

if (!file.exists(here::here("data/mir-dat.rds"))) {
  mdoc <- xml2::read_xml("~/data/mirrors.html", as_html = TRUE)

  xml_find_all(mdoc, ".//td/a[contains(@href, 'https')]") %>%
    xml_attr("href") %>%
    unique() -> ssl_mirrors

  plan(multiprocess)

  dl_cert <- possibly(openssl::download_ssl_cert, NULL)
  HEAD_ <- possibly(httr::HEAD, NULL)
  dig <- possibly(curl::nslookup, NULL)
  query_ip_ <- possibly(ipinfo::query_ip, NULL)

  ssl_mirrors %>%
    future_map(~{
      host <- domain(.x)
      ip <- dig(host, TRUE)
      ip_info <- if (length(ip)) query_ip_(ip) else NULL
      list(
        host = host,
        cert = dl_cert(host),
        head = HEAD_(.x),
        ip = ip,
        ip_info = ip_info
      )
    }) -> mir_dat

  saveRDS(mir_dat, here::here("data/mir-dat.rds"))
} else {
  mir_dat <- readRDS(here::here("data/mir-dat.rds"))
}

str(mir_dat[1], 3)

## List of 1
##  $ :List of 5
##   ..$ host   : chr "cloud.r-project.org"
##   ..$ cert   :List of 4
##   .. ..$ :List of 8
##   .. ..$ :List of 8
##   .. ..$ :List of 8
##   .. ..$ :List of 8
##   ..$ head   :List of 10
##   .. ..$ url        : chr "https://cloud.r-project.org/"
##   .. ..$ status_code: int 200
##   .. ..$ headers    :List of 13
##   .. .. ..- attr(*, "class")= chr [1:2] "insensitive" "list"
##   .. ..$ all_headers:List of 1
##   .. ..$ cookies    :'data.frame':   0 obs. of  7 variables:
##   .. ..$ content    : raw(0) 
##   .. ..$ date       : POSIXct[1:1], format: "2018-11-29 09:41:27"
##   .. ..$ times      : Named num [1:6] 0 0.0507 0.0512 0.0666 0.0796 ...
##   .. .. ..- attr(*, "names")= chr [1:6] "redirect" "namelookup" "connect" "pretransfer" ...
##   .. ..$ request    :List of 7
##   .. .. ..- attr(*, "class")= chr "request"
##   .. ..$ handle     :Class 'curl_handle' <externalptr> 
##   .. ..- attr(*, "class")= chr "response"
##   ..$ ip     : chr "52.85.89.62"
##   ..$ ip_info:List of 8
##   .. ..$ ip      : chr "52.85.89.62"
##   .. ..$ hostname: chr "server-52-85-89-62.jfk6.r.cloudfront.net"
##   .. ..$ city    : chr "Seattle"
##   .. ..$ region  : chr "Washington"
##   .. ..$ country : chr "US"
##   .. ..$ loc     : chr "47.6348,-122.3450"
##   .. ..$ postal  : chr "98109"
##   .. ..$ org     : chr "AS16509 Amazon.com, Inc."

Gratuitous map of CRAN mirror locations

maps::map("world", ".", exact = FALSE, plot = FALSE,  fill = TRUE) %>%
  fortify() %>%
  filter(region != "Antarctica") -> world

map_chr(mir_dat, ~.x$ip_info$loc) %>%
  stri_split_fixed(pattern = ",", n = 2, simplify = TRUE) %>%
  as.data.frame(stringsAsFactors = FALSE) %>%
  as_tibble() %>%
  mutate_all(list(as.numeric)) -> wheres_cran

ggplot() +
  ggalt::geom_cartogram(
    data = world, map = world, aes(long, lat, map_id=region),
    color = ft_cols$gray, size = 0.125
  ) +
  geom_point(
    data = wheres_cran, aes(V2, V1), size = 2,
    color = ft_cols$slate, fill = alpha(ft_cols$yellow, 3/4), shape = 21
  ) +
  ggalt::coord_proj("+proj=wintri") +
  labs(
    x = NULL, y = NULL,
    title = "Geolocation of HTTPS-'enabled' CRAN Mirrors"
  ) +
  theme_ft_rc(grid="") +
  theme(axis.text = element_blank())

Look at certificate info

map_df(mir_dat, ~{
  tibble(
    host = .x$host,
    s_issuer = .x$cert[[1]]$issuer %||% NA_character_,
    i_issuer = .x$cert[[2]]$issuer %||% NA_character_,
    algo = .x$cert[[1]]$algorithm %||% NA_character_,
    names = .x$cert[[1]]$alt_names %||% NA_character_,
    nm_ct = length(.x$cert[[1]]$alt_names),
    key_size = .x$cert[[1]]$pubkey$size %||% NA_integer_
  )
}) -> certs

How many either blocked the connection or don’t exist

certs[!complete.cases(certs),]

host	s_issuer	i_issuer	algo	names	nm_ct	key_size
mirrors.shu.edu.cn	NA	NA	NA	NA	0	NA
ftp.heanet.ie	NA	NA	NA	NA	0	NA

certs <- filter(certs, complete.cases(certs))

How many domains do these certs serve?

count(certs, host, sort=TRUE) %>%
  ggplot() +
  geom_quasirandom(
    aes("", n), size = 2,
    color = ft_cols$slate, fill = alpha(ft_cols$yellow, 3/4), shape = 21
  ) +
  scale_y_comma() +
  labs(
    x = NULL, y = "# Servers",
    title = "Distribution of the number of alt-names in CRAN mirror certificates"
  ) +
  theme_ft_rc(grid="Y")

Take a look at some of them

filter(certs, host == "cran.cnr.berkeley.edu") %>%
  select(names) %>%
  head(20)

names
nature.berkeley.edu
ag-labor.cnr.berkeley.edu
agro-laboral.cnr.berkeley.edu
agroecology.berkeley.edu
anthoff.erg.berkeley.edu
are-dev.cnr.berkeley.edu
are-prod.cnr.berkeley.edu
are-qa.cnr.berkeley.edu
are.berkeley.edu
arebeta.berkeley.edu
areweb.berkeley.edu
atkins-dev.cnr.berkeley.edu
atkins-prod.cnr.berkeley.edu
atkins-qa.cnr.berkeley.edu
atkins.berkeley.edu
bakerlab-dev.cnr.berkeley.edu
bakerlab-prod.cnr.berkeley.edu
bakerlab-qa.cnr.berkeley.edu
bamg.cnr.berkeley.edu
beahrselp-dev.cnr.berkeley.edu

filter(certs, host == "cran.rapporter.net") %>%
  select(names) %>%
  head(20)

names
sni45256.cloudflaressl.com
*.aplusacademicresources.org
*.bjjandfitness.com
*.bytheyard.com
*.ces-nc.com
*.ddgalesinc.com
*.doa-ncgov.com
*.emmabhairextensions.com
*.enovateih.com
*.enuerto.media
*.erp-mc.com
*.gaylejohnsonmassage.com
*.gobl.eu
*.greaterny-realestate.com
*.guidinglightseniorresources.com
*.hightech-store.net
*.holandacontabil.com.br
*.iabg-consulting.com
*.iltempiodellenergiafemminile.eu
*.jnt-woodworks.com

filter(certs, host == "cran-r.c3sl.ufpr.br") %>%
  select(names) %>%
  head(20)

names
alpinelinux.c3sl.ufpr.br
aptosid.c3sl.ufpr.br
archlinux.c3sl.ufpr.br
biglinux.c3sl.ufpr.br
chakra.c3sl.ufpr.br
clamavdb.c3sl.ufpr.br
cran-r.c3sl.ufpr.br
dadosabertos.c3sl.ufpr.br
debian.c3sl.ufpr.br
demoiselle.c3sl.ufpr.br
devuan.c3sl.ufpr.br
eclipse.c3sl.ufpr.br
f123.c3sl.ufpr.br
fedora-alt.c3sl.ufpr.br
fedora.c3sl.ufpr.br
gentoo.c3sl.ufpr.br
gnu.c3sl.ufpr.br
grml.c3sl.ufpr.br
kde-applicationdata.c3sl.ufpr.br
kde.c3sl.ufpr.br

filter(certs, host == "fourdots.com") %>%
  select(names) %>%
  head(20)

names
ssl390890.cloudflaressl.com
*.alghuraircentre.com
*.cachealumni.org.uk
*.chla.com
*.djborhan.com
*.easypay.am
*.fourdots.com
*.isteadrise.org.uk
*.japand.biz
*.lunaimani.com
*.qualhub.co.uk
*.qvest.io
*.samuelbernstein.com
*.soulsplit.net
*.southbeachavenue.com
*.urbanbellemag.com
alghuraircentre.com
cachealumni.org.uk
chla.com
djborhan.com

Certificate algo/key

distinct(certs, host, algo, key_size) %>%
  count(algo, key_size, sort=TRUE)

algo	key_size	n
sha256WithRSAEncryption	2048	59
sha256WithRSAEncryption	4096	13
ecdsa-with-SHA256	256	2
sha256WithRSAEncryption	256	1
sha256WithRSAEncryption	384	1
sha512WithRSAEncryption	2048	1
sha512WithRSAEncryption	4096	1

Certificate issuers

distinct(certs, host, i_issuer) %>%
  count(i_issuer, sort = TRUE) %>%
  head(28)

i_issuer	n
CN=DST Root CA X3,O=Digital Signature Trust Co.	20
CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	7
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US	7
CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US	6
CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US	6
CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM	5
CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US	5
CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE	4
CN=Trusted Root CA SHA256 G2,O=GlobalSign nv-sa,OU=Trusted Root,C=BE	3
CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	2
CN=DFN-Verein PCA Global - G01,OU=DFN-PKI,O=DFN-Verein,C=DE	2
OU=Security Communication RootCA2,O=SECOM Trust Systems CO.,LTD.,C=JP	2
CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	1
CN=Amazon Root CA 1,O=Amazon,C=US	1
CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE	1
CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL	1
CN=DFN-Verein Certification Authority 2,OU=DFN-PKI,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,C=DE	1
CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com, Inc.,L=Scottsdale,ST=Arizona,C=US	1
CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US	1
CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM	1
CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM	1

Interactive SSL tests

Using testssl.sh.

list.files(here::here("data/ssl"), "json$", full.names = TRUE) %>%
  map_df(jsonlite::fromJSON) %>%
  as_tibble() -> ssl_tests

sev <- c("OK", "LOW", "MEDIUM", "HIGH", "WARN", "CRITICAL")

filter(ssl_tests, severity %in% sev) %>%
  group_by(ip) %>%
  count(severity) %>%
  ungroup() %>%
  complete(ip = unique(ip), severity = sev) %>%
  mutate(severity = factor(severity, levels = sev)) %>%
  arrange(ip) %>%
  mutate(ip = factor(ip, levels = rev(unique(ip)))) %>%
  ggplot(aes(severity, ip, fill=n)) +
  geom_tile(color = "#b2b2b2", size = 0.125) +
  scale_x_discrete(name = NULL, expand = c(0,0.1), position = "top") +
  scale_y_discrete(name = NULL, expand = c(0,0)) +
  viridis::scale_fill_viridis(
    name = "# Tests", option = "cividis", na.value = ft_cols$gray
  ) +
  labs(
    title = "CRAN Mirror SSL Test Summary Findings by Severity"
  ) +
  theme_ft_rc(grid="") +
  theme(axis.text.y = element_text(size = 8, family = "mono")) -> gg

# We're going to move the title vs have too wide of a plot

gb <- ggplot2::ggplotGrob(gg)
gb$layout$l[gb$layout$name %in% "title"] <- 2

grid::grid.newpage()
grid::grid.draw(gb)

Web server headers

map_df(mir_dat, ~{

  if (length(.x$head$headers) == 0) return(NULL)

  host <- .x$host

  flatten_df(.x$head$headers) %>%
    gather(name, value) %>%
    mutate(host = host)

}) -> hdrs

count(hdrs, name, sort=TRUE) %>%
  head(nrow(.))

name	n
content-type	79
date	79
server	79
last-modified	72
content-length	67
accept-ranges	65
etag	65
content-encoding	38
connection	28
vary	28
strict-transport-security	13
x-frame-options	8
x-content-type-options	7
cache-control	4
expires	3
x-xss-protection	3
cf-ray	2
expect-ct	2
set-cookie	2
via	2
ms-author-via	1
pragma	1
referrer-policy	1
upgrade	1
x-amz-cf-id	1
x-cache	1
x-permitted-cross-domain	1
x-powered-by	1
x-robots-tag	1
x-tuna-mirror-id	1
x-ua-compatible	1

‘Security’ Headers

c(
  "content-security-policy", "x-frame-options", "x-xss-protection",
  "x-content-type-options", "strict-transport-security", "referrer-policy"
) -> secure_headers

count(hdrs, name, sort=TRUE) %>%
  filter(name %in% secure_headers)

name	n
strict-transport-security	13
x-frame-options	8
x-content-type-options	7
x-xss-protection	3
referrer-policy	1

filter(hdrs, name %in% secure_headers) %>%
  count(host, sort = TRUE)

host	n
cran.csiro.au	5
fourdots.com	3
ftp.gwdg.de	3
ftp.uni-sofia.bg	3
ftp.yzu.edu.tw	3
www.freestatistics.org	3
mirrors.nics.utk.edu	2
vps.fmvz.usp.br	2
cran.case.edu	1
cran.cnr.berkeley.edu	1
cran.hafro.is	1
cran.ncc.metu.edu.tr	1
cran.stat.upd.edu.ph	1
mirror.cedia.org.ec	1
mirrors.tongji.edu.cn	1
mirrors.tuna.tsinghua.edu.cn	1

filter(hdrs, host == "cran.csiro.au", name %in% secure_headers)

name	value	host
x-content-type-options	nosniff	cran.csiro.au
x-frame-options	SAMEORIGIN	cran.csiro.au
x-xss-protection	1; mode=block	cran.csiro.au
referrer-policy	strict-origin-when-cross-origin	cran.csiro.au
strict-transport-security	max-age=15768000; includeSubdomains;	cran.csiro.au

‘Server’ Types

filter(hdrs, name == "server") %>%
  separate(
    value, c("kind", "version"), sep="/", fill="right", extra="merge"
  ) -> svr

count(svr, kind, sort=TRUE)

kind	n
Apache	57
nginx	15
cloudflare	2
CSIRO	1
Hiawatha v10.8.4	1
High Performance 8bit Web Server	1
none	1
openresty	1

apache

apache_httpd_version_history() %>%
  arrange(rls_date) %>%
  mutate(
    vers = factor(as.character(vers), levels = as.character(vers))
  ) -> apa_all

filter(svr, kind == "Apache") %>%
  filter(!is.na(version)) %>%
  mutate(version = stri_replace_all_regex(version, " .*$", "")) %>%
  count(version) %>%
  separate(version, c("maj", "min", "pat"), sep="\\.", convert = TRUE, fill = "right") %>%
  mutate(pat = ifelse(is.na(pat), 1, pat)) %>%
  mutate(v = sprintf("%s.%s.%s", maj, min, pat)) %>%
  mutate(v = factor(v, levels = apa_all$vers)) %>%
  arrange(v) -> apa_vers

filter(apa_all, vers %in% apa_vers$v) %>%
  arrange(rls_date) %>%
  group_by(rls_year) %>%
  slice(1) %>%
  ungroup() %>%
  arrange(rls_date) -> apa_yrs

ggplot() +
  geom_blank(
    data = apa_vers, aes(v, n)
  ) +
  geom_segment(
    data = apa_yrs, aes(vers, 0, xend=vers, yend=Inf),
    linetype = "dotted", size = 0.25, color = "white"
  ) +
  geom_segment(
    data = apa_vers, aes(v, n, xend=v, yend=0),
    color = ft_cols$gray, size = 8
  ) +
  geom_label(
    data = apa_yrs, aes(vers, Inf, label = rls_year),
    family = font_rc, color = "white", fill = "#262a31", size = 4,
    vjust = 1, hjust = 0, nudge_x = 0.01, label.size = 0
  ) +
  scale_y_comma(limits = c(0, 15)) +
  labs(
    x = "Apache Version #", y = "# Servers",
    title = "CRAN Mirrors Apache Version History"
  ) +
  theme_ft_rc(grid="Y") +
  theme(axis.text.x = element_text(family = "mono", size = 8, color = "white"))

nginx

nginx_version_history() %>%
  arrange(rls_date) %>%
  mutate(
    vers = factor(as.character(vers), levels = as.character(vers))
  ) -> ngx_all

filter(svr, kind == "nginx") %>%
  filter(!is.na(version)) %>%
  mutate(version = stri_replace_all_regex(version, " .*$", "")) %>%
  count(version) %>%
  separate(version, c("maj", "min", "pat"), sep="\\.", convert = TRUE, fill = "right") %>%
  mutate(v = sprintf("%s.%s.%s", maj, min, pat)) %>%
  mutate(v = factor(v, levels = ngx_all$vers)) %>%
  arrange(v) -> ngx_vers

filter(ngx_all, vers %in% ngx_vers$v) %>%
  arrange(rls_date) %>%
  group_by(rls_year) %>%
  slice(1) %>%
  ungroup() %>%
  arrange(rls_date) -> ngx_yrs

ggplot() +
  geom_blank(
    data = ngx_vers, aes(v, n)
  ) +
  geom_segment(
    data = ngx_yrs, aes(vers, 0, xend=vers, yend=Inf),
    linetype = "dotted", size = 0.25, color = "white"
  ) +
  geom_segment(
    data = ngx_vers, aes(v, n, xend=v, yend=0),
    color = ft_cols$gray, size = 8
  ) +
  geom_label(
    data = ngx_yrs, aes(vers, Inf, label = rls_year),
    family = font_rc, color = "white", fill = "#262a31", size = 4,
    vjust = 1, hjust = 0, nudge_x = 0.01, label.size = 0
  ) +
  scale_y_comma(limits = c(0, 15)) +
  labs(
    x = "nginx Version #", y = "# Servers",
    title = "CRAN Mirrors nginx Version History"
  ) +
  theme_ft_rc(grid="Y") +
  theme(axis.text.x = element_text(family = "mono", color = "white"))

What else do CRAN mirrors run?

cran_mirror_other_things <- readRDS(here::here("data/cran-mirror-other-things.rds"))

A look by port

distinct(cran_mirror_other_things, ip, port) %>%
  count(ip, sort = TRUE) %>%
  head(20)

ip	n
104.25.94.23	8
143.107.10.17	7
104.27.133.206	5
137.208.57.37	5
192.75.96.254	5
208.81.1.244	5
119.40.117.175	4
130.225.254.116	4
133.24.248.17	4
14.49.99.238	4
148.205.148.16	4
190.64.49.124	4
194.214.26.146	4
200.236.31.1	4
201.159.221.67	4
202.90.159.172	4
217.31.202.63	4
222.66.109.32	4
45.63.11.93	4
62.44.96.11	4

distinct(cran_mirror_other_things, ip, port) %>%
  filter(!(port %in% c(21, 80, 443))) %>%
  count(ip) %>%
  count(n) %>%
  mutate(n = factor(n)) %>%
  ggplot() +
  geom_segment(
    aes(n, nn, xend = n, yend = 0), size = 10, color = ft_cols$gray
  ) +
  scale_y_comma() +
  labs(
    x = "Total number of running services", y = "# hosts",
    title = "How many other services do CRAN mirrors run?",
    subtitle = "NOTE: Not counting 80/443/21"
  ) +
  theme_ft_rc(grid="Y")

Take a look at a few of them

distinct(cran_mirror_other_things, ip, port) %>%
  count(port, sort=TRUE)

port	n
80	75
443	75
21	29
22	18
8080	6
25	5
53	2
2082	2
2086	2
8000	2
8008	2
8443	2
111	1
465	1
587	1
993	1
995	1
2083	1
2087	1

distinct(cran_mirror_other_things, ip, port) %>%
  filter(ip == "104.25.94.23")

ip	port
104.25.94.23	8443
104.25.94.23	2082
104.25.94.23	2087
104.25.94.23	8080
104.25.94.23	80
104.25.94.23	2083
104.25.94.23	443
104.25.94.23	2086

distinct(cran_mirror_other_things, ip, port) %>%
  filter(ip == "143.107.10.17")

ip	port
143.107.10.17	993
143.107.10.17	587
143.107.10.17	80
143.107.10.17	443
143.107.10.17	465
143.107.10.17	25
143.107.10.17	995

distinct(cran_mirror_other_things, ip, port) %>%
  filter(ip == "137.208.57.37")

ip	port
137.208.57.37	443
137.208.57.37	22
137.208.57.37	80
137.208.57.37	21
137.208.57.37	8080

What kinds of services were detected?

cran_recog <- readRDS(here::here("data/cran-recog.rds"))

distinct(cran_recog, ip, cpe) %>%
  count(cpe, sort = TRUE) %>%
  head(50)

cpe	n
cpe:/a:apache:http_server:-	13
cpe:/o:debian:debian_linux:-	13
cpe:/a:apache:http_server:2.4.6	11
cpe:/o:canonical:ubuntu_linux:-	11
cpe:/o:centos:centos:-	9
cpe:/a:apache:http_server:2.4.25	6
cpe:/a:nginx:nginx:-	6
cpe:/a:nginx:nginx:1.10.3	6
cpe:/o:redhat:linux:-	5
cpe:/a:apache:http_server:2.2.15	4
cpe:/a:openbsd:openssh:7.4p1	4
cpe:/o:debian:debian_linux:9.0	4
cpe:/a:apache:http_server:2.4.7	3
cpe:/a:openbsd:openssh:6.7p1	3
cpe:/a:openbsd:openssh:7.4	3
cpe:/a:apache:http_server:2.4.10	2
cpe:/a:apache:http_server:2.4.18	2
cpe:/a:apache:http_server:2.4.29	2
cpe:/a:openbsd:openssh:7.6p1	2
cpe:/o:debian:debian_linux:8.0	2
cpe:/a:apache:http_server:2.2.16	1
cpe:/a:apache:http_server:2.2.22	1
cpe:/a:apache:http_server:2.2.3	1
cpe:/a:apache:http_server:2.2.32	1
cpe:/a:apache:http_server:2.2.34	1
cpe:/a:apache:http_server:2.4	1
cpe:/a:apache:http_server:2.4.16	1
cpe:/a:apache:http_server:2.4.34	1
cpe:/a:apache:http_server:2.4.37	1
cpe:/a:apache:http_server:2.4.38	1
cpe:/a:apache:tomcat:-	1
cpe:/a:cherrypy:cherrypy:6.0.2	1
cpe:/a:isc:bind:9.11.2	1
cpe:/a:isc:bind:9.11.5-P1	1
cpe:/a:nginx:nginx:1.14.0	1
cpe:/a:nginx:nginx:1.15.8	1
cpe:/a:nginx:nginx:1.15.9	1
cpe:/a:nginx:nginx:1.9.4	1
cpe:/a:openbsd:openssh:5.5p1	1
cpe:/a:openbsd:openssh:6.6.1	1
cpe:/a:openbsd:openssh:6.6.1p1	1
cpe:/a:openbsd:openssh:7.2p2	1
cpe:/a:openbsd:openssh:7.6	1
cpe:/a:proftpd:proftpd:1.3.5b	1
cpe:/a:proftpd:proftpd:1.3.5rc3	1
cpe:/o:canonical:ubuntu_linux:14.04	1
cpe:/o:debian:debian_linux:6.0	1
cpe:/o:freebsd:freebsd:-	1

What other DNS entries use CRAN IPs?

cran_dns <- readRDS(here::here("data/cran-dns.rds"))

filter(cran_dns, !grepl("CLOUDFLARENET|AMAZON", as_name)) %>%
  count(value, as_name, sort = TRUE)

value	as_name	n
222.66.109.32	CHINANET-SH-AP China Telecom (Group), CN	243
200.3.192.46	EMPRESAS MUNICIPALES DE CALI E.I.C.E. E.S.P., CO	30
176.9.40.200	HETZNER-AS, DE	18
137.208.57.37	Wirtschaftsuniversitaet Wien, AT	10
169.229.19.202	UCB - University of California at Berkeley, US	10
202.121.199.235	ERX-CERNET-BKB China Education and Research Network Center, CN	10
150.229.0.204	CSIRO Commonwealth Scientific and Industrial, AU	8
130.206.13.2	REDIRIS RedIRIS Autonomous System, ES	6
192.80.24.196	Universidad de Chile, CL	6
202.141.176.110	CMNET-GD Guangdong Mobile Communication Co.Ltd., CN	6
45.63.11.93	AS-CHOOPA - Choopa, LLC, US	6
64.50.233.100	TDS-AS - TDS TELECOM, US	5
119.29.56.102	CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN	4
13.66.202.75	MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US	4
131.188.12.211	DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE	4
194.214.26.146	FR-RENATER Reseau National de telecommunications pour la Technologie, FR	4
200.236.31.1	FUNPAR - Fundacao da UFPR para o DCTC, BR	4
130.225.254.116	FSKNET-DK Forskningsnettet - Danish network for Research and Education, DK	3
133.58.120.95	SINET-AS Research Organization of Information and Systems, National Institute of Informatics, JP	3
142.58.101.156	SFU-AS - Simon Fraser University, CA	3
148.205.148.16	Instituto Tecnologico Autonomo de Mexico(ITAM), MX	3
155.198.195.11	JANET Jisc Services Limited, GB	3
157.193.230.39	BELNET, BE	3
193.1.193.64	HEANET, IE	3
193.40.0.5	EENET-AS, EE	3
194.71.11.165	SUNET SUNET Swedish University Network, SE	3
202.90.159.172	DOST-PH-AP Department of Science and Technology, PH	3
46.143.212.45	IR-FUM, IR	3
101.6.8.193	ERX-CERNET-BKB China Education and Research Network Center, CN	2
128.176.148.9	DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE	2
129.237.125.92	UKANS - University of Kansas, US	2
14.49.99.238	KIXS-AS-KR Korea Telecom, KR	2
143.107.10.17	UNIVERSIDADE DE SAO PAULO, BR	2
144.122.156.22	METU-NET Middle East Technical University / Orta Dogu Teknik Universitesi, TR	2
190.96.111.43	Escuela Politecnica Nacional, EC	2
192.75.96.254	DALUNIV - Dalhousie University, CA	2
194.254.245.138	FR-RENATER Reseau National de telecommunications pour la Technologie, FR	2
200.144.254.65	UNIVERSIDADE DE SAO PAULO, BR	2
201.159.221.67	CEDIA, EC	2
210.218.217.24	KREONET-AS-KR KISTI, KR	2
62.44.96.11	SU-NET-AS, BG	2
103.109.101.20	AMARUTU-TECHNOLOGY, NL	1
103.224.137.193	IDNIC-PDISBPPT-AS-ID PDIS - BADAN PENGKAJIAN DAN PENERAPAN TEKNOLOGI, ID	1
119.40.117.175	UPM-AS-AP Universiti Putra Malaysia AS, MY	1
128.250.213.6	UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU	1
129.132.119.195	SWITCH Peering requests: (peering@switch.ch), CH	1
129.177.13.120	UNINETT UNINETT, The Norwegian University & Research Network, NO	1
129.186.138.51	IASTATE-AS - Iowa State University, US	1
129.22.208.161	CWRU-AS-1 - Case Western Reserve University, US	1
130.208.58.81	RHNET SURIS/RHnet, IS	1
130.216.2.235	AKUNI-NZ The University of Auckland, NZ	1
133.24.248.17	AS-YAMAGATAU Yamagata University, JP	1
134.214.32.76	FR-RENATER RENATER_ASNBLOCK1, FR	1
134.76.12.6	DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE	1
137.132.33.20	NUS-AS-AP NUS Information Technology, SG	1
137.222.10.189	JANET Jisc Services Limited, GB	1
140.138.144.169	ERX-TANET-ASN1 Taiwan Academic Network (TANet) Information Center, TW	1
141.219.191.249	MICHIGANTECH - Michigan Technological University, US	1
146.155.23.20	Pontificia Universidad Catolica de Chile, CL	1
147.162.35.231	ASGARR Consortium GARR, IT	1
147.52.159.12	UCNET, GR	1
156.56.247.193	INDIANA-AS - Indiana University, US	1
157.86.96.98	FUNDACAO INSTITUTO OSWALDO CRUZ, BR	1
165.229.11.55	YU-AS-KR Yeungnam University, KR	1
190.64.49.124	Administracion Nacional de Telecomunicaciones, UY	1
192.249.6.222	UTK - University of Tennessee, Knoxville, US	1
193.144.61.75	REDIRIS RedIRIS Autonomous System, ES	1
193.194.89.173	ARN, DZ	1
193.255.52.152	ULAKNET, TR	1
193.50.6.155	FR-RENATER Reseau National de telecommunications pour la Technologie, FR	1
202.158.214.106	AARNET-AS-AP Australian Academic and Reasearch Network (AARNet), AU	1
202.201.0.160	ERX-CERNET-BKB China Education and Research Network Center, CN	1
208.81.1.244	LESNET - LES.NET, CA	1
217.31.202.63	CZNIC-AS, CZ	1
87.98.155.219	OVH, FR	1