Tuesday, July 15, 2014

.pif files, Polish spam from Orange, and Tiny Banker (Tinba)

Tonight I was looking at my Twitter feed and saw @SCMagazine talking about ZBerp. It was actually a tweet back to a story from July 11th where Danielle Walker wrote ZBerp Evolves: Spreads through Phishing Campaign which was actually quoting the July 7th story from WebSense Labs, where Elad Sharf wrote Zeus PIF: The Evolving Strain Looking to Defeat Your Security Software. I thought that sounded interesting, so I went over to the Malcovery Security systems to see what the malware team had done with .PIF files recently.

.PIF files are like those organs we are said to have for some reason that are not necessary in these modern times. If you still remember the pain of migrating from DOS 5.0 to Windows 3.0, you will remember that we had .PIF files because DOS binaries did not have all the niceties of Windows programs, such as embedded icons and a place to store the default start-up path. Back when Ugg the Caveman was discovering fire and Bill Gates was leading a development team, you could make your DOS Executables APPEAR to be Windows files by sticking a .PIF file of the same name in the same directory. Windows knew that it should associate the .PIF file with the .EXE or .COM file of the same name, and suddenly we had icons! Of course the malware authors have done some sneaky things with this in the past. When Sality was a young pup, browsing a directory that contained the ".pif" format of Sality was enough to get Windows to execute the malware -- because "Active Desktop" knew that if it saw a .PIF file, it should load it so it would know what graphical icon to associate with which programs in the directory listing. Unfortunately, that was all Sality needed to launch itself! So many people were victimized thinking that the AUTORUN=OFF on their thumb drive had failed without realizing it was just what .PIF files did back then.

So, this morning in the Malcovery Spam Data Mine we saw 1,440 copies of a spam message claiming to be from "orange.pl" with the subject "MMS-ie" and a 70,390 byte .zip file with a randomly numbered IMG#####.zip filename. The .ZIP file contained a 126,976 byte .PIF file that was named "IMG875002763.JPEG.pif" and had an MD5 hash of d382068a8666914584d0ae51dd162c6b. When I just checked the file a few minutes ago on VirusTotal, thinking I would see various Zeus-related malware names based on the SCMag / WebSense articles, I was surprised to see that the file was actually TinBa or "Tiny Banker"!

Late last week I was one of the many folks trying to get a friend to get me a copy of the Tinba source code that had been leaked, as Peter Kruse over at CSIS told us on July 10, 2014 (See Tinba/Hunterz source code published. Peter shared a talk The Hunterz Inside Tinba at the recent Cyber Threat Summit, and, with Trend Micro's Robert McArdle and Feike Hacquebord, released a paper called "W32.Tinba, The Turkish Incident" (a 24-page PDF that gives great insights into the malware family).

Tinba: The Polish Incident

If the earlier paper was called "The Turkish Incident", perhaps the current version should be called "The Polish Incident". Here is the email that was distributed so prolifically this morning:

Jeżeli Twój telefon nie obsługuje wiadomości multimedialnych, możesz je wysyłać i odbierać korzystając ze Skrzynki MMS lub Albumu MMS. Wystarczy, że zalogujesz się na www.orange.pl. O każdym otrzymanym na skrzynkę MMS-ie powiadomimy Cię E-mail.

Jeśli odbiorca wiadomości nie ma telefonu z obsługą MMS będzie mógł ją odebrać logując się w portalu www.orange.pl, a następnie wybierając Multi Box i zakładkę MMS. Wiadomości multimedialne możesz też wysyłać na dowolny adres e-mail.

In case you aren't as fluent in Polish as the rest of us, here is how Google Translate renders that:

If your phone does not support multimedia messages, you can send and receive using the Crates MMS or MMS Album. Simply log on www.orange.pl. For each received in an MMS message box will send you e-mail. If the recipient of the message does not have MMS-capable phone will be able to pick it up by logging into the portal www.orange.pl, and then select Multi Box and MMS tab. Multimedia messages can also be sent to any e-mail.
The spam from Monday, July 14th, was Tinba spam according to VirusTotal. Late this evening (about 18 hours after the spam campaign) VirusTotal reported a (25 of 53) detection rate.

The spam from July 11th was also in Polish, and also imitated Orange, although this time the sender was Orange.com. There was a .zip file attached, which contained a file named "DKT_Faktura_indywidualna_2014_07_11_R.pdf.pif" which was 102,400 bytes in size and had an MD5 hash of da9330aa6d275ba28954b88ecf27dedb. The .zip file was 70,323 bytes with MD5 hash of fc1e0a665f99b347e424281a8a6a2526. The spam from July 11th was also Tinba spam, according to many vendors at VirusTotal. But the email body was much simpler. The message, still in Polish, was:

Witamy,

Przesyłamy fakturę Telekomunikacji Polskiej w wersji elektronicznej za czerwiec 2014.

Welcome,

We send an invoice Polish Telecom in the electronic version for June 2014.

But of course it was more malware, disquised as an invoice but actually a .pif file.

The current detection at VirusTotal for that campaign is 33 of 53 detections.

Unlike the Turkish Incident, where Tinba was being dropped by the Blackhole Exploit Kit, in the current spam, Tinba is directly attached to the email message.

Sunday, July 13, 2014

Urgent Court Notice from GreenWinick Lawyers delivers malware

I spent some time yesterday in the Malcovery Security Spam Data Mine looking at the E-Z Pass malware campaign. The ASProx spammers behind that campaign have moved on to Court Notice again . . .

Subjects like these:

  • Hearing of your case in Court No#
  • Notice of appearance
  • Notice of appearance in court No#
  • Notice to Appear
  • Notice to Appear in Court
  • Notice to appear in court No#
  • Urgent court notice
  • Urgent court Notice No#
(All of the subjects that have "No#" are followed by a four digit integer.)


(click to enlarge)

As normal, the spammers for these "Court Appearance" spam campaigns have just grabbed an innocent law firm to imitate. No indication of any real problem at Green Winick, but I sure wish one or more of these abused law firms would step up and file a "John Doe" lawsuit against these spammers so we could get some civil discovery going on!

These are the same criminals who have Previously imitated other law firms including Jones Day (jonesday.com), Latham Watkins (lw.com), Hogan Lovells (hoganlovells.com), McDermitt, Will & Emery (wme.com), and many more! Come on! Let's go get these spammers and the malware authors that pay them!

We've seen 88 destination hosts between July 10th and this morning (list below) but it is likely there are many more!

When malware spammers use malicious links in their email instead of attachments, they tend to have a much better success rate if they deliver unique URLs for every recipient. That is what is happening in this case, and what always happens in these ASProx / Kuluoz spam campaigns. An encoded pseudo-directory is used in the path portion of the URL, which is combined with rotating through hundreds of 'pre-compromised' websites to host their malicious content.

Four patterns in the path portion of the URL are better indicators as we believe there will be MANY more destination hosts.

  • tmp/api/…STUFF…=/notice
  • components/api/…STUFF…=/notice
  • wp-content/api/…STUFF…=/notice
  • capitulo/components/api/…STUFF...=/notice
where "...STUFF..." is an encoding that we believe is related to the original recipient's email address, but have been unable to confirm at this time.

http:// arhiconigroup.com / wp-content / api / pwCYg4Ac5gk0WlQIVFEkRSPGL2E7vZhP8Qh4LMGbbAk= /notice

(to protect the spam donor, the pwCYg... string above has been slightly altered. If you want to work on de-coding, let me know and I'm happy to provide a couple hundred non-altered strings.)

Just like with last week's E-Z Pass spam campaign, visiting the destination website results in a uniquely geo-coded drop .zip file that contains a .exe file.

As an example, when downloading from my home in Birmingham Alabama where my zip code is 35242, the copy I received was named:

Notice_Birmingham_35242.zip

which contained

Notice_Birmingham_35242.exe, which is icon'ed in such a way that it appears to be a Microsoft Word document.

The MD5 of my '.exe' was: 5c255479cb9283fea75284c68afeb7d4

The VirusTotal report for my .exe is here:

VirusTotal Report (7 of 53 detects)

Extra credit points to Kaspersky and Norman for useful and accurate naming !

Kaspersky = Net-Worm.Win32.Aspxor.bpyb
Norman = Kuluoz.EP

Each of the 88 destination websites that we observed was likely compromised to host the malware. We do not believe these are necessarily "Bad Websites" but they either have a vulnerability or have had the webmaster credentials stolen by criminals.

If these are YOUR website - look for one of those directories I mentioned ...

/tmp/api/
/components/api/
/wp-content/api/
/capitulo/components/api/

www.metcalfplumbing.com
www.mikevanhattum.nl
www.mieszkaniaradomsko.pl
www.millionairemakeovertour.com
www.mkefalas.com
www.moldovatourism.ro
www.mobitrove.com
www.modultyp.com
www.mommyabc.com
www.monsterscalper.com
www.myconcilium.de
www.nellalongari.com
www.northsidecardetailers.com.au
www.parasitose.de
www.paulruminski.eu
www.petitecoach.com
www.phasebooks.net
www.plr-content.com
www.profimercadeo.com
www.propertyumbrellablueprint.com
www.proviewhomeservices.com
www.puntanews.com.uy
www.qifc.ir
www.rado-adventures.com
www.rantandraveweddingplanning.com
www.registrosakasicos.es
www.rimaconsulting.com
www.romiko.pl
www.saffronelectronics.co.uk
www.sasregion.com
www.saxonthewall.com
www.sealscandinavia.se
www.stkatharinedrexel.org
www.tecza.org
www.theanimationacademy.com
www.thehitekgroup.com
www.tusoco.com
www.urmasphoto.com
www.vicmy.net
www.viscom-online.com
www.vtretailers.com
www.warp.org.pl
www.webelonghere.ca
www.weihnachten-total.de
www.wesele.eu
www.whistlereh.com
www.wicta.nl
www.widitec.com.br
www.wonderlandinteractive.dk
www.wpprophet.com
www.xin8.org
www.zabytkowe.net
www.zeitgeistportugal.org
www.zmianywpodatkach.pl
www.znamsiebie.pl
www.zuidoost-brabant.nl
www.zs1grodzisk.pl
yourmentoraffiliatemarketing.com
atenea.edu.ec
comopuedoblanquearmisdientes.com
arhiconigroup.com
chris-coupe.com
drnancycooper.com
ian-mcconnell.com
izkigolf.com
kalemaquil.com
kingdommessengernetwork.com

Friday, July 11, 2014

New GameOver Zeus Variant uses FastFlux C&C

Over on the Malcovery Security Blog yesterday we covered a new version of GameOver Zeus (see: GameOver Zeus Mutates, Launches Attack ) that was distributed in three spam campaigns on July 10, 2014. At the bottom of that blog post, we're sharing a detailed "T3 Report" by analysts Brendan Griffin and Wayne Snow that gives all the details. In our reporting yesterday we mentioned that the new bot is using a Fast Flux Command & Control structure and that it is using a Domain Generation Algorithm to allow the malware distributed in the spam to locate and connect to the Command & Control servers.

I wanted to geek that a bit deeper for those who want more details on both of those subjects. First, let's look at the Fast Flux.

Fast Flux Command & Controlled Botnet

Fast Flux is a technique that allows a criminal who controls many servers to obfuscate the true location of his server by building a tiered infrastructure.

Sometimes there are additional "tiers" or levels of misdirection. We don't yet know how many layers there are in this newGOZ botnet.


(click to enlarge)

Here's the flow . . .

  1. the newGOZ criminal pays the Cutwail spammers to send out emails to infect new victims
  2. the Cutwail spammer sends out his emails. On July 10th, they were "Essentra Past Due" and emails imitating M&T Bank and NatWest Bank
  3. while many people delete the emails, ignore the emails, or have them blocked by spam, SOME people click on the emails
  4. the ".scr" email attachment infects their computer and starts generating "Domain Generation Algorithm" domains.
  5. each domain is queried for. the Bot computers say "Hey, Internet! Does this domain exist?"
  6. on July 10th, cfs50p1je5ljdfs3p7n17odtuw.biz existed ... "the Internet" said "Yes, this exists and NS1.ZAEHROMFUY.IN is the Nameserver that can tell you where it is."
  7. When most nameservers tell the address of a computer, they give a "Time To Live" that says "The answer I'm giving you is probably good for 24 hours" or 2 days, or a week, or whatever. But the Nameserver used in a FastFlux Bot, like, NS1.ZAEHROMFUY.IN, usually gives a "Time To Live" answer that says "The answer I'm giving you is only good for about 5 minutes. After 5 minutes, you need to ask me again in case the address has changed."
  8. NS1.ZAEHROMFUY.IN receives constant updates from "newGOZ Criminal" of servers all over the world (but mostly in Ukraine) that have been hacked. Almost every time you ask the nameserver "Where is the newGOZ domain?" it will give you a different answer.
  9. the "FastFlux C&C" boxes are now running nginx proxy software that says "Whatever you ask me, I will ask the servers at the Evil Lair of newGOZ. Whatever the Evil Lair of newGOZ wants to say, I will pass back to you.
  10. Updates from the Evil Lair get passed back THROUGH the FastFlux Proxy and give the newGOZ bots new malware or commands
  11. All traffic to and from the newGOZ bot, whether it is the bot "checking in" or the criminal pushing an "update" goes through one of the proxies, which are constantly changing.

Fast Flux newGOZ resolutions

All of the servers (or workstations) in this table were used as Fast Flux C&C nodes last night by the newGOZ botnet. We'll keep tracking this with friends from ShadowServer, DissectCyber.com and others and sharing this information with our trusted partners, but I wanted to throw out this example. If you have ability to look at "Net Flow" for any of these computers, you may be able to help us locate "The Evil Lair of the newGOZ Criminal." (Which sounds like a lot more fun than just looking at packet dumps, doesn't it? Sorry, this isn't my job, it is my passion. Geeks have to convince themselves they are Fighting Evil or we would get bored. Since the first GOZ enabled the theft of $100 Million or so ( for more see as an example Crooks Seek Revival of GameOver Zeus Botnet where Brian even shares the FBI Wanted Poster of the guy who is thought to be behind Zeus.

2014-07-10 20:37:10-05 92.248.160.157 92.248.128.0/17 OLYMPUS-NSP-AS ZAO _AKADO-Ekaterinburg_,RU 30868 RU ripencc
2014-07-10 20:38:04-05 108.20.219.49 108.20.0.0/16 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 701 US arin
2014-07-10 20:38:36-05 113.163.13.252 113.163.0.0/19 VNPT-AS-VN VNPT Corp,VN 45899 VN apnic
2014-07-10 20:39:03-05 114.46.251.46 114.46.0.0/16 HINET Data Communication Business Group,TW 3462 TW apnic
2014-07-10 20:39:24-05 176.108.15.141 176.108.0.0/19 KADRTV-AS Cadr-TV LLE TVRC,CZ 57800 UA ripencc
2014-07-10 20:40:39-05 178.150.136.252 178.150.136.0/22 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-10 20:40:52-05 37.25.4.162 37.25.0.0/19 BELCOMUA-AS ZAO _Belcom_,UA 25385 UA ripencc
2014-07-10 20:41:05-05 69.143.45.75 69.143.0.0/16 CMCS - Comcast Cable Communications, Inc.,US 33657 US arin
2014-07-10 20:41:18-05 77.242.172.30 77.242.172.0/24 UHT-AS UHT - Ukrainian High Technologies Ltd.,UA 30955 UA ripencc
2014-07-10 20:41:31-05 85.29.179.7 85.29.179.0/24 ORBITA-PLUS-AS ORBITA-PLUS Autonomous System,KZ 21299 KZ ripencc
2014-07-10 20:47:43-05 24.101.46.15 24.101.32.0/19 ACS-INTERNET - Armstrong Cable Services,US 27364 US arin
2014-07-10 20:47:56-05 37.115.246.222 37.115.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 20:48:10-05 67.68.99.137 67.68.96.0/22 BACOM - Bell Canada,CA 577 CA arin
2014-07-10 20:48:23-05 70.24.225.245 70.24.224.0/22 BACOM - Bell Canada,CA 577 CA arin
2014-07-10 20:48:43-05 75.76.166.8 75.76.128.0/17 WOW-INTERNET - WideOpenWest Finance LLC,US 12083 US arin
2014-07-10 20:48:57-05 76.127.161.112 76.127.128.0/17 COMCAST-7015 - Comcast Cable Communications Holdings, Inc,US 7015 US arin
2014-07-10 20:49:21-05 91.197.171.38 91.197.168.0/22 INTRAFFIC-AS Intraffic LLC,UA 43658 UA ripencc
2014-07-10 20:49:44-05 99.248.110.218 99.224.0.0/11 ROGERS-CABLE - Rogers Cable Communications Inc.,CA 812 CA arin
2014-07-10 20:50:02-05 100.44.184.18 100.44.160.0/19 WAYPORT - Wayport, Inc.,US 14654 US arin
2014-07-10 20:52:54-05 109.207.127.59 109.207.112.0/20 TELELAN-AS Teleradiocompany TeleLan LLC,UA 196740 UA ripencc
2014-07-10 21:07:24-05 178.214.223.104 178.214.192.0/19 UOS Ukraine Optical Systems LLC,UA 42546 UA ripencc
2014-07-10 21:07:56-05 212.22.192.224 212.22.192.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-10 21:08:11-05 31.133.118.121 31.133.118.0/24 ENTERRA-AS Private Enterprise _Enterra_,UA 48964 UA ripencc
2014-07-10 21:08:24-05 37.229.149.56 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:08:45-05 46.119.77.105 46.119.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:09:21-05 98.14.34.141 98.14.0.0/16 SCRR-12271 - Time Warner Cable Internet LLC,US 12271 US arin
2014-07-10 21:09:37-05 98.109.164.97 98.109.0.0/16 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 701 US arin
2014-07-10 21:12:28-05 109.162.0.21 109.162.0.0/18 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:12:41-05 178.140.183.193 178.140.0.0/16 NCNET-AS OJSC Rostelecom,RU 42610 RU ripencc
2014-07-10 21:13:42-05 178.158.135.20 178.158.134.0/23 ISP-EASTNET-AS EAST.NET Ltd.,UA 50780 UA ripencc
2014-07-10 21:28:15-05 192.162.118.118 192.162.116.0/22 ANOXIN FIZICHNA OSOBA-PIDPRIEMEC ANOHIN IGOR VALENTINOVICH,UA 39056 UA ripencc
2014-07-10 21:28:18-05 208.120.58.109 208.120.0.0/18 SCRR-12271 - Time Warner Cable Internet LLC,US 12271 US arin
2014-07-10 21:28:18-05 213.111.221.67 213.111.192.0/18 MAINSTREAM-AS PP MainStream,UA 44924 UA ripencc
2014-07-10 21:28:18-05 24.207.209.129 24.207.128.0/17 CHARTER-NET-HKY-NC - Charter Communications,US 20115 US arin
2014-07-10 21:28:18-05 46.181.215.20 46.180.0.0/15 ELIGHT-AS E-Light-Telecom,RU 39927 RU ripencc
2014-07-10 21:28:19-05 68.45.64.5 68.44.0.0/15 CMCS - Comcast Cable Communications, Inc.,US 33659 US arin
2014-07-10 21:28:19-05 75.131.252.100 75.131.224.0/19 CHARTER-NET-HKY-NC - Charter Communications,US 20115 US arin
2014-07-10 21:28:19-05 91.196.60.108 91.196.60.0/22 ARHAT-AS PE Bondar TN,UA 50204 UA ripencc
2014-07-10 21:28:19-05 91.243.218.157 91.243.192.0/19 ID-TELECOM-AS Intellect Dnepr Telecom LLC,UA 59567 UA ripencc
2014-07-10 21:28:19-05 96.246.91.160 96.246.0.0/17 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 701 US arin
2014-07-10 21:28:19-05 134.249.11.2 134.249.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:21-05 188.190.5.162 188.190.0.0/19 ASINTTEL Inttel Ltd.,UA 56370 UA ripencc
2014-07-10 21:49:22-05 5.248.110.252 5.248.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:22-05 31.43.162.96 31.43.160.0/19 KRASNET-UA-AS Krasnet ltd.,UA 50576 UA ripencc
2014-07-10 21:49:22-05 31.135.144.54 31.135.144.0/22 Technical Centre Radio Systems Ltd.,UA 20539 UA ripencc
2014-07-10 21:49:22-05 37.112.195.140 37.112.192.0/22 KRSK-AS CJSC _ER-Telecom Holding_,RU 50544 RU ripencc
2014-07-10 21:49:22-05 46.119.181.97 46.118.0.0/15 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:22-05 50.83.36.2 50.83.32.0/21 MEDIACOM-ENTERPRISE-BUSINESS - Mediacom Communications Corp,US 30036 US arin
2014-07-10 21:49:23-05 176.8.92.131 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:23-05 176.98.12.218 176.98.0.0/19 CRYSTAL-AS Crystal Telecom Ltd,CZ 49889 UA ripencc
2014-07-10 21:49:23-05 178.137.8.215 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 22:08:06-05 95.110.45.151 95.110.0.0/17 JSCBIS-AS OJSC _Bashinformsvyaz_,RU 28812 RU ripencc
2014-07-10 22:08:08-05 176.8.21.85 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 22:08:08-05 178.150.89.211 178.150.89.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-10 22:08:08-05 188.231.191.140 188.231.191.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-10 22:08:08-05 80.66.79.74 80.66.76.0/22 RISS-AS LLC _Ris-Tel_,RU 20803 RU ripencc
2014-07-10 22:08:09-05 81.200.148.6 81.200.144.0/20 ARTEM-CATV-AS JSC Artemovskoye Interaktivnoe Televidenie,RU 41070 RU ripencc
2014-07-10 22:08:09-05 95.46.219.178 95.46.219.0/24 VITEBSK-TV-ISP-AS OAO Vitebskiy Oblastnoy Techno-Torgoviy Center Garant,BY 50528 CZ ripencc
2014-07-10 22:08:09-05 95.78.166.17 95.78.128.0/18 ERTH-CHEL-AS CJSC _ER-Telecom Holding_,RU 41661 RU ripencc
2014-07-10 22:29:38-05 178.214.169.234 178.214.160.0/19 LUGANET-AS ARTA Ltd,UA 39728 UA ripencc
2014-07-10 22:29:38-05 188.16.223.225 188.16.192.0/18 USI OJSC Rostelecom,RU 6828 RU ripencc
2014-07-10 22:29:38-05 194.246.105.173 194.246.104.0/23 ASN-FUJILINE Trade House _Inet_ Ltd,UA 31000 UA ripencc
2014-07-10 22:29:39-05 70.75.230.0 70.75.0.0/16 SHAW - Shaw Communications Inc.,CA 6327 CA arin
2014-07-10 22:29:39-05 78.137.17.91 78.137.0.0/19 MCLAUT-AS LLC _McLaut-Invest_,UA 25133 UA ripencc
2014-07-10 22:29:39-05 176.117.86.162 176.117.80.0/20 LURENET-AS PP _Lurenet_,UA 50643 UA ripencc
2014-07-10 22:48:09-05 213.111.163.205 213.111.128.0/18 ALNET-AS PP SKS-Lugan,UA 35804 UA ripencc
2014-07-10 22:48:10-05 99.249.29.20 99.249.0.0/16 ROGERS-CABLE - Rogers Cable Communications Inc.,CA 812 CA arin
2014-07-10 22:48:10-05 109.254.35.236 109.254.0.0/16 DEC-AS Donbass Electronic Communications Ltd.,UA 20590 UA ripencc
2014-07-10 22:48:10-05 136.169.151.67 136.169.128.0/19 UBN-AS OJSC _Ufanet_,RU 24955 RU ripencc
2014-07-10 22:48:10-05 176.102.209.127 176.102.192.0/19 KUTS-AS Center for Information Technologies _Fobos_ Ltd.,UA 39822 UA ripencc
2014-07-10 22:48:10-05 178.141.160.202 178.141.0.0/16 MTS-KRV-AS MTS OJSC,RU 44677 RU ripencc
2014-07-10 22:48:10-05 178.213.191.181 178.213.184.0/21 SKYNET-UA-AS FOP Shoruk Andriy Olexanderovich,UA 196777 UA ripencc
2014-07-10 22:48:10-05 184.152.102.159 184.152.0.0/16 SCRR-12271 - Time Warner Cable Internet LLC,US 12271 US arin
2014-07-10 22:48:10-05 213.110.137.77 213.110.128.0/19 SUNNET-AS PE Gritcun Oleksandr Viktorovich,UA 47889 UA ripencc
2014-07-10 23:08:56-05 91.219.254.25 91.219.254.0/24 MONOLITH-AS LLC MONOLITH.NET,UA 48230 UA ripencc
2014-07-10 23:08:58-05 109.87.83.213 109.87.80.0/22 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-10 23:09:00-05 178.137.176.9 178.137.128.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:09:00-05 78.109.46.210 78.109.46.0/24 SIBRON-AS Closed Joint Stock Company COMSTAR-Regiony,RU 13155 RU ripencc
2014-07-10 23:09:00-05 80.70.71.41 80.70.64.0/20 ENERGYTEL Energytel LLC,UA 51317 UA ripencc
2014-07-10 23:27:45-05 71.75.52.101 71.75.0.0/16 SCRR-11426 - Time Warner Cable Internet LLC,US 11426 US arin
2014-07-10 23:27:45-05 176.8.72.36 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:27:45-05 178.74.214.94 178.74.192.0/18 EVEREST-AS _Everest_ Broadcasting Company Ltd,UA 49223 UA ripencc
2014-07-10 23:27:45-05 178.141.9.72 178.141.0.0/16 MTS-KRV-AS MTS OJSC,RU 44677 RU ripencc
2014-07-10 23:27:45-05 188.230.87.17 188.230.80.0/21 ABUA-AS LLC AB Ukraine,UA 43266 UA ripencc
2014-07-10 23:27:45-05 37.229.79.59 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:27:45-05 62.16.38.131 62.16.32.0/19 FPIC-AS CJSC _COMSTAR-regions_,RU 15640 RU ripencc
2014-07-10 23:49:05-05 176.113.227.109 176.113.224.0/19 LUGANET-AS ARTA Ltd,UA 39728 UA ripencc
2014-07-10 23:49:05-05 193.106.184.92 193.106.184.0/22 BOSPOR-AS Bospor-Telecom LLC,UA 42238 UA ripencc
2014-07-10 23:49:05-05 46.172.231.154 46.172.224.0/19 TOPHOST-AS SPD Kurilov Sergiy Oleksandrovich,UA 45043 UA ripencc
2014-07-10 23:49:05-05 74.129.235.88 74.128.0.0/12 SCRR-10796 - Time Warner Cable Internet LLC,US 10796 US arin
2014-07-10 23:49:05-05 77.121.129.181 77.121.128.0/21 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-10 23:49:05-05 78.27.159.112 78.27.128.0/18 DOMASHKA-AS Domashnya Merezha LLC,UA 15683 UA ripencc
2014-07-10 23:49:05-05 91.196.55.7 91.196.52.0/22 KOMITEX-AS PP KOM i TEX,UA 30886 UA ripencc
2014-07-10 23:49:06-05 94.153.23.170 94.153.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:49:06-05 109.87.222.148 109.87.222.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:07:17-05 178.215.178.112 178.215.176.0/20 FENIXVT-AS Private Enterprise Firma Fenix VT,RU 39399 UA ripencc
2014-07-11 00:07:19-05 195.90.130.19 195.90.128.0/18 ROSNET-AS OJSC Rostelecom,RU 6863 RU ripencc
2014-07-11 00:07:19-05 37.25.118.55 37.25.96.0/19 WILDPARK-AS ISP WildPark, Ukraine, Nikolaev,UA 31272 UA ripencc
2014-07-11 00:07:19-05 37.229.215.18 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 00:07:19-05 87.244.34.238 87.244.32.0/21 SUNLINK-AS Sunlink Telecom ISP, Tula, Russia,RU 35401 RU ripencc
2014-07-11 00:07:19-05 91.219.233.40 91.219.232.0/22 REALWEB-AS Private Enterprise RealWeb,UA 41161 UA ripencc
2014-07-11 00:07:20-05 173.95.149.72 173.92.0.0/14 SCRR-11426 - Time Warner Cable Internet LLC,US 11426 US arin
2014-07-11 00:07:20-05 178.150.221.2 178.150.220.0/23 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:07:20-05 178.151.165.182 178.151.165.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:28:03-05 109.87.42.122 109.87.40.0/21 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:28:04-05 109.200.228.156 109.200.224.0/19 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 00:28:04-05 31.135.226.91 31.135.224.0/20 TRYTECH-AS Trytech Ltd.,RU 44056 RU ripencc
2014-07-11 00:28:04-05 46.172.145.109 46.172.128.0/19 UTEAM-AS Uteam LTD,UA 49125 UA ripencc
2014-07-11 00:49:18-05 109.229.198.37 109.229.192.0/19 PRONET_LV SIA _PRONETS_,LV 43075 LV ripencc
2014-07-11 00:49:20-05 178.165.98.17 178.165.64.0/18 CITYNET-AS Maxnet Autonomous System,UA 34700 UA ripencc
2014-07-11 00:49:20-05 195.114.145.69 195.114.144.0/20 DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_,UA 21219 UA ripencc
2014-07-11 00:49:20-05 5.58.15.61 5.58.0.0/18 NOLAN-AS Lanet Network Ltd,UA 43120 UA ripencc
2014-07-11 00:49:20-05 46.147.186.225 46.147.184.0/22 NEOLINK CJSC _ER-Telecom Holding_,RU 34590 RU ripencc
2014-07-11 00:49:20-05 46.219.50.56 46.219.50.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 00:49:20-05 89.185.24.218 89.185.24.0/21 TVCOM-AS TVCOM Ltd.,UA 34092 UA ripencc
2014-07-11 00:49:20-05 94.158.73.89 94.158.64.0/20 BIGNET-AS PE Yuri Stanislavovich Demenin,UA 43668 UA ripencc
2014-07-11 00:49:20-05 95.47.151.247 95.47.148.0/22 TKS-AS Sumski Telecom Systems Ltd,UA 41967 CZ ripencc
2014-07-11 01:09:51-05 71.227.196.156 71.227.128.0/17 COMCAST-33650 - Comcast Cable Communications, Inc.,US 33650 US arin
2014-07-11 01:09:52-05 87.224.164.135 87.224.128.0/17 TELENET-AS OJSC Rostelecom,RU 35154 RU ripencc
2014-07-11 01:09:52-05 93.127.60.17 93.127.60.0/23 ALKAR-AS PRIVATE JOINT-STOCK COMPANY _FARLEP-INVEST_,RU 6703 UA ripencc
2014-07-11 01:09:52-05 109.227.127.25 109.227.96.0/19 MCLAUT-AS LLC _McLaut-Invest_,UA 25133 UA ripencc
2014-07-11 01:09:52-05 178.151.9.221 178.151.9.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:09:52-05 178.151.154.233 178.151.154.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:09:52-05 194.187.108.182 194.187.108.0/22 TERABIT TERABIT LLC,UA 29491 UA ripencc
2014-07-11 01:09:52-05 37.229.149.148 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:09:52-05 46.118.151.246 46.118.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:09:52-05 46.219.77.143 46.219.77.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 01:28:30-05 178.137.232.234 178.137.128.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:28:31-05 178.150.177.83 178.150.176.0/23 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:28:31-05 178.151.14.223 178.151.14.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:28:31-05 178.151.227.102 178.151.227.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:28:31-05 188.231.170.228 188.231.170.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 01:28:31-05 5.34.112.211 5.34.0.0/17 SATELCOM-AS SA-Telcom LLP,KZ 35566 KZ ripencc
2014-07-11 01:28:31-05 46.56.64.196 46.56.64.0/19 MTSBY-AS Mobile TeleSystems JLLC,BY 25106 BY ripencc
2014-07-11 01:28:31-05 46.173.171.188 46.173.168.0/22 BEREZHANY-AS Galitski Telekommunications Ltd,UA 49183 UA ripencc
2014-07-11 01:28:31-05 176.215.86.177 176.215.84.0/22 KRSK-AS CJSC _ER-Telecom Holding_,RU 50544 RU ripencc
2014-07-11 01:49:53-05 31.202.226.233 31.202.224.0/22 FORMAT-TV-AS MSP Format Ltd.,UA 6712 UA ripencc
2014-07-11 01:49:53-05 46.33.59.6 46.33.56.0/22 BLACKSEA TV Company _Black Sea_ Ltd,UA 31593 UA ripencc
2014-07-11 01:49:53-05 46.149.179.87 46.149.179.0/24 ISP-KIM-NET Kalush Information Network LTD,UA 197522 UA ripencc
2014-07-11 01:49:53-05 82.112.53.75 82.112.32.0/19 KTEL-AS K Telecom Ltd.,RU 48642 RU ripencc
2014-07-11 01:49:53-05 95.133.181.160 95.133.128.0/18 UKRTELNET JSC UKRTELECOM,UA 6849 UA ripencc
2014-07-11 01:49:53-05 109.86.112.170 109.86.112.0/22 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:49:53-05 124.197.73.68 124.197.64.0/18 MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore,SG 4773 SG apnic
2014-07-11 01:49:54-05 178.137.97.155 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:49:54-05 217.112.220.202 217.112.208.0/20 TELEPORTSV PrivateJSC DataGroup,UA 15785 UA ripencc
2014-07-11 02:08:05-05 94.76.127.113 94.76.127.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 02:08:05-05 213.231.6.9 213.231.0.0/18 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 02:08:05-05 37.57.203.171 37.57.200.0/21 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 02:29:13-05 31.40.33.46 31.40.32.0/19 GORSET-AS Gorodskaya Set Ltd.,RU 49776 RU ripencc
2014-07-11 02:29:13-05 37.53.73.152 37.52.0.0/14 6849 6877 UA ripencc
2014-07-11 02:29:14-05 46.119.213.230 46.119.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 02:29:14-05 46.175.73.188 46.175.64.0/20 MEDIANA-AS Mediana ltd.,UA 56347 UA ripencc
2014-07-11 02:29:14-05 176.73.87.120 176.73.0.0/17 CAUCASUS-CABLE-SYSTEM Caucasus Online Ltd.,GE 20771 GE ripencc
2014-07-11 02:29:14-05 178.219.91.40 178.219.90.0/23 ASDNEPRONET Dnepronet Ltd.,UA 51069 UA ripencc
2014-07-11 02:29:14-05 185.14.102.108 185.14.102.0/24 ORBITA-PLUS-AS ORBITA-PLUS Autonomous System,KZ 21299 KZ ripencc
2014-07-11 02:29:14-05 195.225.147.101 195.225.144.0/22 UA-LINK-AS NPF LINK Ltd.,UA 34359 UA ripencc
2014-07-11 02:50:03-05 46.150.74.97 46.150.64.0/19 VIVANET-AS Vivanet Ltd,UA 44728 UA ripencc
2014-07-11 02:50:04-05 46.150.91.162 46.150.64.0/19 VIVANET-AS Vivanet Ltd,UA 44728 UA ripencc
2014-07-11 02:50:04-05 76.14.215.195 76.14.192.0/18 WAVE-CABLE - Wave Broadband,US 32107 US arin
2014-07-11 02:50:04-05 82.193.220.254 82.193.192.0/19 VODATEL-AS Metronet telekomunikacije d.d.,HR 25528 HR ripencc
2014-07-11 02:50:04-05 178.136.227.61 178.136.226.0/23 ALKAR-AS PRIVATE JOINT-STOCK COMPANY _FARLEP-INVEST_,RU 6703 UA ripencc
2014-07-11 02:50:04-05 178.137.69.209 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 02:50:04-05 194.28.176.201 194.28.176.0/22 KUZNETSOVSK-AS FOP Chaika Nadija Jakivna,UA 197073 UA ripencc
2014-07-11 02:50:04-05 212.87.183.197 212.87.160.0/19 EDN-AS Online Technologies LTD,UA 45025 UA ripencc
2014-07-11 02:50:04-05 213.231.12.80 213.231.0.0/18 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 02:50:04-05 46.119.175.13 46.119.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:09:01-05 46.33.50.175 46.33.48.0/21 LIS Telecompany LiS LTD,UA 35588 UA ripencc
2014-07-11 03:09:04-05 46.98.237.27 46.98.0.0/16 FREGAT-AS ISP _Fregat_ Ltd.,UA 15377 UA ripencc
2014-07-11 03:09:04-05 46.185.73.100 46.185.64.0/18 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:09:04-05 79.164.171.236 79.164.0.0/16 CNT-AS OJSC Central telegraph,RU 8615 RU ripencc
2014-07-11 03:09:04-05 91.244.137.151 91.244.128.0/20 PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA 44798 UA ripencc
2014-07-11 03:09:05-05 109.86.234.51 109.86.232.0/21 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 03:09:05-05 109.207.121.193 109.207.112.0/20 TELELAN-AS Teleradiocompany TeleLan LLC,UA 196740 UA ripencc
2014-07-11 03:09:05-05 176.108.235.203 176.108.232.0/22 SKM-AS PE Yaremenko O.V.,UA 39422 UA ripencc
2014-07-11 03:09:05-05 193.106.82.45 193.106.80.0/22 DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_,UA 21219 UA ripencc
2014-07-11 03:09:05-05 31.129.65.152 31.129.64.0/19 ASDNEPRONET Dnepronet Ltd.,UA 51069 UA ripencc
2014-07-11 03:09:05-05 37.232.181.13 37.232.160.0/19 INTERNET-CENTER-AS Net By Net Holding LLC,RU 42420 RU ripencc
2014-07-11 03:29:59-05 109.201.240.84 109.201.224.0/19 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 03:30:00-05 141.101.11.69 141.101.0.0/19 WILDPARK-AS ISP WildPark, Ukraine, Nikolaev,UA 31272 UA ripencc
2014-07-11 03:30:00-05 188.230.1.99 188.230.0.0/21 ABUA-AS LLC AB Ukraine,UA 43266 UA ripencc
2014-07-11 03:30:01-05 46.119.134.13 46.118.0.0/15 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:30:01-05 77.79.140.237 77.79.128.0/18 UBN-AS OJSC _Ufanet_,RU 24955 RU ripencc
2014-07-11 03:30:01-05 77.121.125.112 77.121.96.0/19 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 03:30:01-05 77.123.241.141 77.123.224.0/19 IVC IVC-Donbass Ltd,UA 48169 UA ripencc
2014-07-11 03:48:03-05 213.231.4.163 213.231.0.0/18 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 03:48:03-05 5.248.133.146 5.248.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:48:03-05 81.163.136.160 81.163.128.0/19 DIDAN-AS Didan Group LTD,UA 47694 UA ripencc
2014-07-11 03:48:03-05 91.244.232.200 91.244.232.0/22 VITA-AS Teleradiokompaniya Vizit-A Limited Liability Company,UA 197175 UA ripencc
2014-07-11 03:48:03-05 176.112.17.229 176.112.0.0/19 MAINSTREAM-AS PP MainStream,UA 44924 UA ripencc
2014-07-11 03:48:03-05 176.124.1.31 176.124.0.0/19 DIDAN-AS Didan Group LTD,UA 47694 UA ripencc
2014-07-11 03:48:03-05 193.93.238.13 193.93.236.0/22 STAVSET-AS Kvartal Plus Ltd,RU 49325 RU ripencc
2014-07-11 04:09:03-05 46.118.136.44 46.118.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:09:05-05 46.172.128.249 46.172.128.0/19 UTEAM-AS Uteam LTD,UA 49125 UA ripencc
2014-07-11 04:09:05-05 94.41.219.215 94.41.192.0/18 UBN-AS OJSC _Ufanet_,RU 24955 RU ripencc
2014-07-11 04:09:05-05 109.162.59.249 109.162.0.0/18 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:09:05-05 178.45.188.246 178.45.160.0/19 OJSC Rostelecom,RU 15500 RU ripencc
2014-07-11 04:09:05-05 178.88.215.41 178.88.0.0/16 KAZTELECOM-AS JSC Kazakhtelecom,KZ 9198 KZ ripencc
2014-07-11 04:09:05-05 188.163.29.68 188.163.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:09:05-05 5.14.25.76 5.12.0.0/14 RCS-RDS RCS & RDS SA,RO 8708 RO ripencc
2014-07-11 04:09:05-05 5.248.99.163 5.248.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:27:48-05 178.151.23.241 178.151.22.0/23 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 04:27:50-05 31.169.23.129 31.169.20.0/22 DTVKZ-AS JSC Kazakhtelecom,KZ 39725 KZ ripencc
2014-07-11 04:27:50-05 77.122.235.167 77.122.192.0/18 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 04:27:50-05 78.62.94.153 78.62.80.0/20 TEOLTAB TEO LT AB Autonomous System,LT 8764 LT ripencc
2014-07-11 04:27:50-05 89.209.96.231 89.209.0.0/16 MTS MTS OJSC,RU 8359 UA ripencc
2014-07-11 04:27:50-05 93.79.143.194 93.79.128.0/17 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 04:27:50-05 176.8.79.228 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:27:50-05 178.141.98.171 178.141.0.0/16 MTS-KRV-AS MTS OJSC,RU 44677 RU ripencc
2014-07-11 04:49:18-05 176.113.146.32 176.113.144.0/20 BELICOM-AS FOP Bilenkiy Olexander Naumovich,UA 44010 UA ripencc
2014-07-11 04:49:21-05 178.137.109.91 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:49:21-05 213.111.226.174 213.111.192.0/18 MAINSTREAM-AS PP MainStream,UA 44924 UA ripencc
2014-07-11 04:49:21-05 217.73.84.131 217.73.80.0/21 INFOMIR-NET Infomir JSC,UA 44291 UA ripencc
2014-07-11 04:49:21-05 5.20.162.237 5.20.160.0/19 CGATES-AS UAB _Cgates_,LT 21412 LT ripencc
2014-07-11 04:49:21-05 5.105.1.241 5.105.0.0/16 CDS-AS Cifrovye Dispetcherskie Sistemy,UA 43554 UA ripencc
2014-07-11 04:49:21-05 77.122.193.42 77.122.192.0/18 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 04:49:21-05 91.225.162.98 91.225.160.0/22 ASSPDCHERNEGA SPD Chernega Aleksandr Anatolevich,UA 56400 UA ripencc
2014-07-11 04:49:21-05 91.236.249.33 91.236.248.0/22 SNAK-AS IP-Connect LLC,UA 57944 UA ripencc
2014-07-11 04:49:21-05 91.244.139.49 91.244.128.0/20 PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA 44798 UA ripencc
2014-07-11 04:49:21-05 109.86.76.58 109.86.64.0/20 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 04:49:21-05 176.36.67.204 176.36.0.0/14 LANETUA-AS Lanet Network Ltd.,UA 39608 UA ripencc
2014-07-11 05:08:15-05 46.46.96.199 46.46.64.0/18 FLAGMAN-AS TOV _Flagman Telecom_,UA 48045 UA ripencc
2014-07-11 05:08:16-05 46.149.178.203 46.149.176.0/20 ISP-KIM-NET Kalush Information Network LTD,UA 197522 UA ripencc
2014-07-11 05:08:16-05 95.37.213.26 95.37.128.0/17 NMTS-AS OJSC Rostelecom,RU 25405 RU ripencc
2014-07-11 05:08:16-05 178.251.109.168 178.251.104.0/21 DATALINE-AS Dataline LLC,UA 35297 UA ripencc
2014-07-11 05:08:17-05 31.41.128.57 31.41.128.0/21 ANOXIN FIZICHNA OSOBA-PIDPRIEMEC ANOHIN IGOR VALENTINOVICH,UA 39056 UA ripencc
2014-07-11 05:27:32-05 81.90.233.231 81.90.233.0/24 RADIOCOM-AS RadioCom ISP Autonomous System,UA 25071 UA ripencc
2014-07-11 05:27:32-05 81.162.70.217 81.162.64.0/20 GIGABYTE-AS Private Company Center for Development Information Technology _Gigabyte_,UA 198293 UA ripencc
2014-07-11 05:27:32-05 89.44.89.68 89.44.88.0/22 DNC-AS IM Data Network Communication SRL,MD 41053 RO ripencc
2014-07-11 05:27:32-05 91.244.148.241 91.244.144.0/21 PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA 44798 UA ripencc
2014-07-11 05:27:32-05 188.168.94.122 188.168.0.0/16 TTK-RTL Closed Joint Stock Company TransTeleCom,RU 15774 RU ripencc
2014-07-11 05:27:32-05 62.80.161.77 62.80.160.0/19 INTERTELECOM-AS PJSC Inter-Telecom,UA 25386 UA ripencc
2014-07-11 05:30:03-05 198.105.254.240 198.105.254.0/24 SGINC - Search Guide Inc,US 36029 US arin
2014-07-11 05:30:03-05 198.105.244.240 198.105.244.0/24 SGINC - Search Guide Inc,US 36029 US arin