Friday, July 11, 2014

New GameOver Zeus Variant uses FastFlux C&C

Over on the Malcovery Security Blog yesterday we covered a new version of GameOver Zeus (see: GameOver Zeus Mutates, Launches Attack ) that was distributed in three spam campaigns on July 10, 2014. At the bottom of that blog post, we're sharing a detailed "T3 Report" by analysts Brendan Griffin and Wayne Snow that gives all the details. In our reporting yesterday we mentioned that the new bot is using a Fast Flux Command & Control structure and that it is using a Domain Generation Algorithm to allow the malware distributed in the spam to locate and connect to the Command & Control servers.

I wanted to geek that a bit deeper for those who want more details on both of those subjects. First, let's look at the Fast Flux.

Fast Flux Command & Controlled Botnet

Fast Flux is a technique that allows a criminal who controls many servers to obfuscate the true location of his server by building a tiered infrastructure.

Sometimes there are additional "tiers" or levels of misdirection. We don't yet know how many layers there are in this newGOZ botnet.


(click to enlarge)

Here's the flow . . .

  1. the newGOZ criminal pays the Cutwail spammers to send out emails to infect new victims
  2. the Cutwail spammer sends out his emails. On July 10th, they were "Essentra Past Due" and emails imitating M&T Bank and NatWest Bank
  3. while many people delete the emails, ignore the emails, or have them blocked by spam, SOME people click on the emails
  4. the ".scr" email attachment infects their computer and starts generating "Domain Generation Algorithm" domains.
  5. each domain is queried for. the Bot computers say "Hey, Internet! Does this domain exist?"
  6. on July 10th, cfs50p1je5ljdfs3p7n17odtuw.biz existed ... "the Internet" said "Yes, this exists and NS1.ZAEHROMFUY.IN is the Nameserver that can tell you where it is."
  7. When most nameservers tell the address of a computer, they give a "Time To Live" that says "The answer I'm giving you is probably good for 24 hours" or 2 days, or a week, or whatever. But the Nameserver used in a FastFlux Bot, like, NS1.ZAEHROMFUY.IN, usually gives a "Time To Live" answer that says "The answer I'm giving you is only good for about 5 minutes. After 5 minutes, you need to ask me again in case the address has changed."
  8. NS1.ZAEHROMFUY.IN receives constant updates from "newGOZ Criminal" of servers all over the world (but mostly in Ukraine) that have been hacked. Almost every time you ask the nameserver "Where is the newGOZ domain?" it will give you a different answer.
  9. the "FastFlux C&C" boxes are now running nginx proxy software that says "Whatever you ask me, I will ask the servers at the Evil Lair of newGOZ. Whatever the Evil Lair of newGOZ wants to say, I will pass back to you.
  10. Updates from the Evil Lair get passed back THROUGH the FastFlux Proxy and give the newGOZ bots new malware or commands
  11. All traffic to and from the newGOZ bot, whether it is the bot "checking in" or the criminal pushing an "update" goes through one of the proxies, which are constantly changing.

Fast Flux newGOZ resolutions

All of the servers (or workstations) in this table were used as Fast Flux C&C nodes last night by the newGOZ botnet. We'll keep tracking this with friends from ShadowServer, DissectCyber.com and others and sharing this information with our trusted partners, but I wanted to throw out this example. If you have ability to look at "Net Flow" for any of these computers, you may be able to help us locate "The Evil Lair of the newGOZ Criminal." (Which sounds like a lot more fun than just looking at packet dumps, doesn't it? Sorry, this isn't my job, it is my passion. Geeks have to convince themselves they are Fighting Evil or we would get bored. Since the first GOZ enabled the theft of $100 Million or so ( for more see as an example Crooks Seek Revival of GameOver Zeus Botnet where Brian even shares the FBI Wanted Poster of the guy who is thought to be behind Zeus.

2014-07-10 20:37:10-05 92.248.160.157 92.248.128.0/17 OLYMPUS-NSP-AS ZAO _AKADO-Ekaterinburg_,RU 30868 RU ripencc
2014-07-10 20:38:04-05 108.20.219.49 108.20.0.0/16 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 701 US arin
2014-07-10 20:38:36-05 113.163.13.252 113.163.0.0/19 VNPT-AS-VN VNPT Corp,VN 45899 VN apnic
2014-07-10 20:39:03-05 114.46.251.46 114.46.0.0/16 HINET Data Communication Business Group,TW 3462 TW apnic
2014-07-10 20:39:24-05 176.108.15.141 176.108.0.0/19 KADRTV-AS Cadr-TV LLE TVRC,CZ 57800 UA ripencc
2014-07-10 20:40:39-05 178.150.136.252 178.150.136.0/22 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-10 20:40:52-05 37.25.4.162 37.25.0.0/19 BELCOMUA-AS ZAO _Belcom_,UA 25385 UA ripencc
2014-07-10 20:41:05-05 69.143.45.75 69.143.0.0/16 CMCS - Comcast Cable Communications, Inc.,US 33657 US arin
2014-07-10 20:41:18-05 77.242.172.30 77.242.172.0/24 UHT-AS UHT - Ukrainian High Technologies Ltd.,UA 30955 UA ripencc
2014-07-10 20:41:31-05 85.29.179.7 85.29.179.0/24 ORBITA-PLUS-AS ORBITA-PLUS Autonomous System,KZ 21299 KZ ripencc
2014-07-10 20:47:43-05 24.101.46.15 24.101.32.0/19 ACS-INTERNET - Armstrong Cable Services,US 27364 US arin
2014-07-10 20:47:56-05 37.115.246.222 37.115.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 20:48:10-05 67.68.99.137 67.68.96.0/22 BACOM - Bell Canada,CA 577 CA arin
2014-07-10 20:48:23-05 70.24.225.245 70.24.224.0/22 BACOM - Bell Canada,CA 577 CA arin
2014-07-10 20:48:43-05 75.76.166.8 75.76.128.0/17 WOW-INTERNET - WideOpenWest Finance LLC,US 12083 US arin
2014-07-10 20:48:57-05 76.127.161.112 76.127.128.0/17 COMCAST-7015 - Comcast Cable Communications Holdings, Inc,US 7015 US arin
2014-07-10 20:49:21-05 91.197.171.38 91.197.168.0/22 INTRAFFIC-AS Intraffic LLC,UA 43658 UA ripencc
2014-07-10 20:49:44-05 99.248.110.218 99.224.0.0/11 ROGERS-CABLE - Rogers Cable Communications Inc.,CA 812 CA arin
2014-07-10 20:50:02-05 100.44.184.18 100.44.160.0/19 WAYPORT - Wayport, Inc.,US 14654 US arin
2014-07-10 20:52:54-05 109.207.127.59 109.207.112.0/20 TELELAN-AS Teleradiocompany TeleLan LLC,UA 196740 UA ripencc
2014-07-10 21:07:24-05 178.214.223.104 178.214.192.0/19 UOS Ukraine Optical Systems LLC,UA 42546 UA ripencc
2014-07-10 21:07:56-05 212.22.192.224 212.22.192.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-10 21:08:11-05 31.133.118.121 31.133.118.0/24 ENTERRA-AS Private Enterprise _Enterra_,UA 48964 UA ripencc
2014-07-10 21:08:24-05 37.229.149.56 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:08:45-05 46.119.77.105 46.119.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:09:21-05 98.14.34.141 98.14.0.0/16 SCRR-12271 - Time Warner Cable Internet LLC,US 12271 US arin
2014-07-10 21:09:37-05 98.109.164.97 98.109.0.0/16 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 701 US arin
2014-07-10 21:12:28-05 109.162.0.21 109.162.0.0/18 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:12:41-05 178.140.183.193 178.140.0.0/16 NCNET-AS OJSC Rostelecom,RU 42610 RU ripencc
2014-07-10 21:13:42-05 178.158.135.20 178.158.134.0/23 ISP-EASTNET-AS EAST.NET Ltd.,UA 50780 UA ripencc
2014-07-10 21:28:15-05 192.162.118.118 192.162.116.0/22 ANOXIN FIZICHNA OSOBA-PIDPRIEMEC ANOHIN IGOR VALENTINOVICH,UA 39056 UA ripencc
2014-07-10 21:28:18-05 208.120.58.109 208.120.0.0/18 SCRR-12271 - Time Warner Cable Internet LLC,US 12271 US arin
2014-07-10 21:28:18-05 213.111.221.67 213.111.192.0/18 MAINSTREAM-AS PP MainStream,UA 44924 UA ripencc
2014-07-10 21:28:18-05 24.207.209.129 24.207.128.0/17 CHARTER-NET-HKY-NC - Charter Communications,US 20115 US arin
2014-07-10 21:28:18-05 46.181.215.20 46.180.0.0/15 ELIGHT-AS E-Light-Telecom,RU 39927 RU ripencc
2014-07-10 21:28:19-05 68.45.64.5 68.44.0.0/15 CMCS - Comcast Cable Communications, Inc.,US 33659 US arin
2014-07-10 21:28:19-05 75.131.252.100 75.131.224.0/19 CHARTER-NET-HKY-NC - Charter Communications,US 20115 US arin
2014-07-10 21:28:19-05 91.196.60.108 91.196.60.0/22 ARHAT-AS PE Bondar TN,UA 50204 UA ripencc
2014-07-10 21:28:19-05 91.243.218.157 91.243.192.0/19 ID-TELECOM-AS Intellect Dnepr Telecom LLC,UA 59567 UA ripencc
2014-07-10 21:28:19-05 96.246.91.160 96.246.0.0/17 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 701 US arin
2014-07-10 21:28:19-05 134.249.11.2 134.249.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:21-05 188.190.5.162 188.190.0.0/19 ASINTTEL Inttel Ltd.,UA 56370 UA ripencc
2014-07-10 21:49:22-05 5.248.110.252 5.248.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:22-05 31.43.162.96 31.43.160.0/19 KRASNET-UA-AS Krasnet ltd.,UA 50576 UA ripencc
2014-07-10 21:49:22-05 31.135.144.54 31.135.144.0/22 Technical Centre Radio Systems Ltd.,UA 20539 UA ripencc
2014-07-10 21:49:22-05 37.112.195.140 37.112.192.0/22 KRSK-AS CJSC _ER-Telecom Holding_,RU 50544 RU ripencc
2014-07-10 21:49:22-05 46.119.181.97 46.118.0.0/15 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:22-05 50.83.36.2 50.83.32.0/21 MEDIACOM-ENTERPRISE-BUSINESS - Mediacom Communications Corp,US 30036 US arin
2014-07-10 21:49:23-05 176.8.92.131 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 21:49:23-05 176.98.12.218 176.98.0.0/19 CRYSTAL-AS Crystal Telecom Ltd,CZ 49889 UA ripencc
2014-07-10 21:49:23-05 178.137.8.215 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 22:08:06-05 95.110.45.151 95.110.0.0/17 JSCBIS-AS OJSC _Bashinformsvyaz_,RU 28812 RU ripencc
2014-07-10 22:08:08-05 176.8.21.85 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 22:08:08-05 178.150.89.211 178.150.89.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-10 22:08:08-05 188.231.191.140 188.231.191.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-10 22:08:08-05 80.66.79.74 80.66.76.0/22 RISS-AS LLC _Ris-Tel_,RU 20803 RU ripencc
2014-07-10 22:08:09-05 81.200.148.6 81.200.144.0/20 ARTEM-CATV-AS JSC Artemovskoye Interaktivnoe Televidenie,RU 41070 RU ripencc
2014-07-10 22:08:09-05 95.46.219.178 95.46.219.0/24 VITEBSK-TV-ISP-AS OAO Vitebskiy Oblastnoy Techno-Torgoviy Center Garant,BY 50528 CZ ripencc
2014-07-10 22:08:09-05 95.78.166.17 95.78.128.0/18 ERTH-CHEL-AS CJSC _ER-Telecom Holding_,RU 41661 RU ripencc
2014-07-10 22:29:38-05 178.214.169.234 178.214.160.0/19 LUGANET-AS ARTA Ltd,UA 39728 UA ripencc
2014-07-10 22:29:38-05 188.16.223.225 188.16.192.0/18 USI OJSC Rostelecom,RU 6828 RU ripencc
2014-07-10 22:29:38-05 194.246.105.173 194.246.104.0/23 ASN-FUJILINE Trade House _Inet_ Ltd,UA 31000 UA ripencc
2014-07-10 22:29:39-05 70.75.230.0 70.75.0.0/16 SHAW - Shaw Communications Inc.,CA 6327 CA arin
2014-07-10 22:29:39-05 78.137.17.91 78.137.0.0/19 MCLAUT-AS LLC _McLaut-Invest_,UA 25133 UA ripencc
2014-07-10 22:29:39-05 176.117.86.162 176.117.80.0/20 LURENET-AS PP _Lurenet_,UA 50643 UA ripencc
2014-07-10 22:48:09-05 213.111.163.205 213.111.128.0/18 ALNET-AS PP SKS-Lugan,UA 35804 UA ripencc
2014-07-10 22:48:10-05 99.249.29.20 99.249.0.0/16 ROGERS-CABLE - Rogers Cable Communications Inc.,CA 812 CA arin
2014-07-10 22:48:10-05 109.254.35.236 109.254.0.0/16 DEC-AS Donbass Electronic Communications Ltd.,UA 20590 UA ripencc
2014-07-10 22:48:10-05 136.169.151.67 136.169.128.0/19 UBN-AS OJSC _Ufanet_,RU 24955 RU ripencc
2014-07-10 22:48:10-05 176.102.209.127 176.102.192.0/19 KUTS-AS Center for Information Technologies _Fobos_ Ltd.,UA 39822 UA ripencc
2014-07-10 22:48:10-05 178.141.160.202 178.141.0.0/16 MTS-KRV-AS MTS OJSC,RU 44677 RU ripencc
2014-07-10 22:48:10-05 178.213.191.181 178.213.184.0/21 SKYNET-UA-AS FOP Shoruk Andriy Olexanderovich,UA 196777 UA ripencc
2014-07-10 22:48:10-05 184.152.102.159 184.152.0.0/16 SCRR-12271 - Time Warner Cable Internet LLC,US 12271 US arin
2014-07-10 22:48:10-05 213.110.137.77 213.110.128.0/19 SUNNET-AS PE Gritcun Oleksandr Viktorovich,UA 47889 UA ripencc
2014-07-10 23:08:56-05 91.219.254.25 91.219.254.0/24 MONOLITH-AS LLC MONOLITH.NET,UA 48230 UA ripencc
2014-07-10 23:08:58-05 109.87.83.213 109.87.80.0/22 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-10 23:09:00-05 178.137.176.9 178.137.128.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:09:00-05 78.109.46.210 78.109.46.0/24 SIBRON-AS Closed Joint Stock Company COMSTAR-Regiony,RU 13155 RU ripencc
2014-07-10 23:09:00-05 80.70.71.41 80.70.64.0/20 ENERGYTEL Energytel LLC,UA 51317 UA ripencc
2014-07-10 23:27:45-05 71.75.52.101 71.75.0.0/16 SCRR-11426 - Time Warner Cable Internet LLC,US 11426 US arin
2014-07-10 23:27:45-05 176.8.72.36 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:27:45-05 178.74.214.94 178.74.192.0/18 EVEREST-AS _Everest_ Broadcasting Company Ltd,UA 49223 UA ripencc
2014-07-10 23:27:45-05 178.141.9.72 178.141.0.0/16 MTS-KRV-AS MTS OJSC,RU 44677 RU ripencc
2014-07-10 23:27:45-05 188.230.87.17 188.230.80.0/21 ABUA-AS LLC AB Ukraine,UA 43266 UA ripencc
2014-07-10 23:27:45-05 37.229.79.59 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:27:45-05 62.16.38.131 62.16.32.0/19 FPIC-AS CJSC _COMSTAR-regions_,RU 15640 RU ripencc
2014-07-10 23:49:05-05 176.113.227.109 176.113.224.0/19 LUGANET-AS ARTA Ltd,UA 39728 UA ripencc
2014-07-10 23:49:05-05 193.106.184.92 193.106.184.0/22 BOSPOR-AS Bospor-Telecom LLC,UA 42238 UA ripencc
2014-07-10 23:49:05-05 46.172.231.154 46.172.224.0/19 TOPHOST-AS SPD Kurilov Sergiy Oleksandrovich,UA 45043 UA ripencc
2014-07-10 23:49:05-05 74.129.235.88 74.128.0.0/12 SCRR-10796 - Time Warner Cable Internet LLC,US 10796 US arin
2014-07-10 23:49:05-05 77.121.129.181 77.121.128.0/21 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-10 23:49:05-05 78.27.159.112 78.27.128.0/18 DOMASHKA-AS Domashnya Merezha LLC,UA 15683 UA ripencc
2014-07-10 23:49:05-05 91.196.55.7 91.196.52.0/22 KOMITEX-AS PP KOM i TEX,UA 30886 UA ripencc
2014-07-10 23:49:06-05 94.153.23.170 94.153.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-10 23:49:06-05 109.87.222.148 109.87.222.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:07:17-05 178.215.178.112 178.215.176.0/20 FENIXVT-AS Private Enterprise Firma Fenix VT,RU 39399 UA ripencc
2014-07-11 00:07:19-05 195.90.130.19 195.90.128.0/18 ROSNET-AS OJSC Rostelecom,RU 6863 RU ripencc
2014-07-11 00:07:19-05 37.25.118.55 37.25.96.0/19 WILDPARK-AS ISP WildPark, Ukraine, Nikolaev,UA 31272 UA ripencc
2014-07-11 00:07:19-05 37.229.215.18 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 00:07:19-05 87.244.34.238 87.244.32.0/21 SUNLINK-AS Sunlink Telecom ISP, Tula, Russia,RU 35401 RU ripencc
2014-07-11 00:07:19-05 91.219.233.40 91.219.232.0/22 REALWEB-AS Private Enterprise RealWeb,UA 41161 UA ripencc
2014-07-11 00:07:20-05 173.95.149.72 173.92.0.0/14 SCRR-11426 - Time Warner Cable Internet LLC,US 11426 US arin
2014-07-11 00:07:20-05 178.150.221.2 178.150.220.0/23 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:07:20-05 178.151.165.182 178.151.165.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:28:03-05 109.87.42.122 109.87.40.0/21 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 00:28:04-05 109.200.228.156 109.200.224.0/19 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 00:28:04-05 31.135.226.91 31.135.224.0/20 TRYTECH-AS Trytech Ltd.,RU 44056 RU ripencc
2014-07-11 00:28:04-05 46.172.145.109 46.172.128.0/19 UTEAM-AS Uteam LTD,UA 49125 UA ripencc
2014-07-11 00:49:18-05 109.229.198.37 109.229.192.0/19 PRONET_LV SIA _PRONETS_,LV 43075 LV ripencc
2014-07-11 00:49:20-05 178.165.98.17 178.165.64.0/18 CITYNET-AS Maxnet Autonomous System,UA 34700 UA ripencc
2014-07-11 00:49:20-05 195.114.145.69 195.114.144.0/20 DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_,UA 21219 UA ripencc
2014-07-11 00:49:20-05 5.58.15.61 5.58.0.0/18 NOLAN-AS Lanet Network Ltd,UA 43120 UA ripencc
2014-07-11 00:49:20-05 46.147.186.225 46.147.184.0/22 NEOLINK CJSC _ER-Telecom Holding_,RU 34590 RU ripencc
2014-07-11 00:49:20-05 46.219.50.56 46.219.50.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 00:49:20-05 89.185.24.218 89.185.24.0/21 TVCOM-AS TVCOM Ltd.,UA 34092 UA ripencc
2014-07-11 00:49:20-05 94.158.73.89 94.158.64.0/20 BIGNET-AS PE Yuri Stanislavovich Demenin,UA 43668 UA ripencc
2014-07-11 00:49:20-05 95.47.151.247 95.47.148.0/22 TKS-AS Sumski Telecom Systems Ltd,UA 41967 CZ ripencc
2014-07-11 01:09:51-05 71.227.196.156 71.227.128.0/17 COMCAST-33650 - Comcast Cable Communications, Inc.,US 33650 US arin
2014-07-11 01:09:52-05 87.224.164.135 87.224.128.0/17 TELENET-AS OJSC Rostelecom,RU 35154 RU ripencc
2014-07-11 01:09:52-05 93.127.60.17 93.127.60.0/23 ALKAR-AS PRIVATE JOINT-STOCK COMPANY _FARLEP-INVEST_,RU 6703 UA ripencc
2014-07-11 01:09:52-05 109.227.127.25 109.227.96.0/19 MCLAUT-AS LLC _McLaut-Invest_,UA 25133 UA ripencc
2014-07-11 01:09:52-05 178.151.9.221 178.151.9.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:09:52-05 178.151.154.233 178.151.154.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:09:52-05 194.187.108.182 194.187.108.0/22 TERABIT TERABIT LLC,UA 29491 UA ripencc
2014-07-11 01:09:52-05 37.229.149.148 37.229.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:09:52-05 46.118.151.246 46.118.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:09:52-05 46.219.77.143 46.219.77.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 01:28:30-05 178.137.232.234 178.137.128.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:28:31-05 178.150.177.83 178.150.176.0/23 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:28:31-05 178.151.14.223 178.151.14.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:28:31-05 178.151.227.102 178.151.227.0/24 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:28:31-05 188.231.170.228 188.231.170.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 01:28:31-05 5.34.112.211 5.34.0.0/17 SATELCOM-AS SA-Telcom LLP,KZ 35566 KZ ripencc
2014-07-11 01:28:31-05 46.56.64.196 46.56.64.0/19 MTSBY-AS Mobile TeleSystems JLLC,BY 25106 BY ripencc
2014-07-11 01:28:31-05 46.173.171.188 46.173.168.0/22 BEREZHANY-AS Galitski Telekommunications Ltd,UA 49183 UA ripencc
2014-07-11 01:28:31-05 176.215.86.177 176.215.84.0/22 KRSK-AS CJSC _ER-Telecom Holding_,RU 50544 RU ripencc
2014-07-11 01:49:53-05 31.202.226.233 31.202.224.0/22 FORMAT-TV-AS MSP Format Ltd.,UA 6712 UA ripencc
2014-07-11 01:49:53-05 46.33.59.6 46.33.56.0/22 BLACKSEA TV Company _Black Sea_ Ltd,UA 31593 UA ripencc
2014-07-11 01:49:53-05 46.149.179.87 46.149.179.0/24 ISP-KIM-NET Kalush Information Network LTD,UA 197522 UA ripencc
2014-07-11 01:49:53-05 82.112.53.75 82.112.32.0/19 KTEL-AS K Telecom Ltd.,RU 48642 RU ripencc
2014-07-11 01:49:53-05 95.133.181.160 95.133.128.0/18 UKRTELNET JSC UKRTELECOM,UA 6849 UA ripencc
2014-07-11 01:49:53-05 109.86.112.170 109.86.112.0/22 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 01:49:53-05 124.197.73.68 124.197.64.0/18 MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore,SG 4773 SG apnic
2014-07-11 01:49:54-05 178.137.97.155 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 01:49:54-05 217.112.220.202 217.112.208.0/20 TELEPORTSV PrivateJSC DataGroup,UA 15785 UA ripencc
2014-07-11 02:08:05-05 94.76.127.113 94.76.127.0/24 FREENET-AS Freenet Ltd.,UA 31148 UA ripencc
2014-07-11 02:08:05-05 213.231.6.9 213.231.0.0/18 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 02:08:05-05 37.57.203.171 37.57.200.0/21 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 02:29:13-05 31.40.33.46 31.40.32.0/19 GORSET-AS Gorodskaya Set Ltd.,RU 49776 RU ripencc
2014-07-11 02:29:13-05 37.53.73.152 37.52.0.0/14 6849 6877 UA ripencc
2014-07-11 02:29:14-05 46.119.213.230 46.119.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 02:29:14-05 46.175.73.188 46.175.64.0/20 MEDIANA-AS Mediana ltd.,UA 56347 UA ripencc
2014-07-11 02:29:14-05 176.73.87.120 176.73.0.0/17 CAUCASUS-CABLE-SYSTEM Caucasus Online Ltd.,GE 20771 GE ripencc
2014-07-11 02:29:14-05 178.219.91.40 178.219.90.0/23 ASDNEPRONET Dnepronet Ltd.,UA 51069 UA ripencc
2014-07-11 02:29:14-05 185.14.102.108 185.14.102.0/24 ORBITA-PLUS-AS ORBITA-PLUS Autonomous System,KZ 21299 KZ ripencc
2014-07-11 02:29:14-05 195.225.147.101 195.225.144.0/22 UA-LINK-AS NPF LINK Ltd.,UA 34359 UA ripencc
2014-07-11 02:50:03-05 46.150.74.97 46.150.64.0/19 VIVANET-AS Vivanet Ltd,UA 44728 UA ripencc
2014-07-11 02:50:04-05 46.150.91.162 46.150.64.0/19 VIVANET-AS Vivanet Ltd,UA 44728 UA ripencc
2014-07-11 02:50:04-05 76.14.215.195 76.14.192.0/18 WAVE-CABLE - Wave Broadband,US 32107 US arin
2014-07-11 02:50:04-05 82.193.220.254 82.193.192.0/19 VODATEL-AS Metronet telekomunikacije d.d.,HR 25528 HR ripencc
2014-07-11 02:50:04-05 178.136.227.61 178.136.226.0/23 ALKAR-AS PRIVATE JOINT-STOCK COMPANY _FARLEP-INVEST_,RU 6703 UA ripencc
2014-07-11 02:50:04-05 178.137.69.209 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 02:50:04-05 194.28.176.201 194.28.176.0/22 KUZNETSOVSK-AS FOP Chaika Nadija Jakivna,UA 197073 UA ripencc
2014-07-11 02:50:04-05 212.87.183.197 212.87.160.0/19 EDN-AS Online Technologies LTD,UA 45025 UA ripencc
2014-07-11 02:50:04-05 213.231.12.80 213.231.0.0/18 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 02:50:04-05 46.119.175.13 46.119.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:09:01-05 46.33.50.175 46.33.48.0/21 LIS Telecompany LiS LTD,UA 35588 UA ripencc
2014-07-11 03:09:04-05 46.98.237.27 46.98.0.0/16 FREGAT-AS ISP _Fregat_ Ltd.,UA 15377 UA ripencc
2014-07-11 03:09:04-05 46.185.73.100 46.185.64.0/18 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:09:04-05 79.164.171.236 79.164.0.0/16 CNT-AS OJSC Central telegraph,RU 8615 RU ripencc
2014-07-11 03:09:04-05 91.244.137.151 91.244.128.0/20 PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA 44798 UA ripencc
2014-07-11 03:09:05-05 109.86.234.51 109.86.232.0/21 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 03:09:05-05 109.207.121.193 109.207.112.0/20 TELELAN-AS Teleradiocompany TeleLan LLC,UA 196740 UA ripencc
2014-07-11 03:09:05-05 176.108.235.203 176.108.232.0/22 SKM-AS PE Yaremenko O.V.,UA 39422 UA ripencc
2014-07-11 03:09:05-05 193.106.82.45 193.106.80.0/22 DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_,UA 21219 UA ripencc
2014-07-11 03:09:05-05 31.129.65.152 31.129.64.0/19 ASDNEPRONET Dnepronet Ltd.,UA 51069 UA ripencc
2014-07-11 03:09:05-05 37.232.181.13 37.232.160.0/19 INTERNET-CENTER-AS Net By Net Holding LLC,RU 42420 RU ripencc
2014-07-11 03:29:59-05 109.201.240.84 109.201.224.0/19 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 03:30:00-05 141.101.11.69 141.101.0.0/19 WILDPARK-AS ISP WildPark, Ukraine, Nikolaev,UA 31272 UA ripencc
2014-07-11 03:30:00-05 188.230.1.99 188.230.0.0/21 ABUA-AS LLC AB Ukraine,UA 43266 UA ripencc
2014-07-11 03:30:01-05 46.119.134.13 46.118.0.0/15 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:30:01-05 77.79.140.237 77.79.128.0/18 UBN-AS OJSC _Ufanet_,RU 24955 RU ripencc
2014-07-11 03:30:01-05 77.121.125.112 77.121.96.0/19 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 03:30:01-05 77.123.241.141 77.123.224.0/19 IVC IVC-Donbass Ltd,UA 48169 UA ripencc
2014-07-11 03:48:03-05 213.231.4.163 213.231.0.0/18 BREEZE-NETWORK TOV TRK _Briz_,UA 34661 UA ripencc
2014-07-11 03:48:03-05 5.248.133.146 5.248.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 03:48:03-05 81.163.136.160 81.163.128.0/19 DIDAN-AS Didan Group LTD,UA 47694 UA ripencc
2014-07-11 03:48:03-05 91.244.232.200 91.244.232.0/22 VITA-AS Teleradiokompaniya Vizit-A Limited Liability Company,UA 197175 UA ripencc
2014-07-11 03:48:03-05 176.112.17.229 176.112.0.0/19 MAINSTREAM-AS PP MainStream,UA 44924 UA ripencc
2014-07-11 03:48:03-05 176.124.1.31 176.124.0.0/19 DIDAN-AS Didan Group LTD,UA 47694 UA ripencc
2014-07-11 03:48:03-05 193.93.238.13 193.93.236.0/22 STAVSET-AS Kvartal Plus Ltd,RU 49325 RU ripencc
2014-07-11 04:09:03-05 46.118.136.44 46.118.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:09:05-05 46.172.128.249 46.172.128.0/19 UTEAM-AS Uteam LTD,UA 49125 UA ripencc
2014-07-11 04:09:05-05 94.41.219.215 94.41.192.0/18 UBN-AS OJSC _Ufanet_,RU 24955 RU ripencc
2014-07-11 04:09:05-05 109.162.59.249 109.162.0.0/18 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:09:05-05 178.45.188.246 178.45.160.0/19 OJSC Rostelecom,RU 15500 RU ripencc
2014-07-11 04:09:05-05 178.88.215.41 178.88.0.0/16 KAZTELECOM-AS JSC Kazakhtelecom,KZ 9198 KZ ripencc
2014-07-11 04:09:05-05 188.163.29.68 188.163.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:09:05-05 5.14.25.76 5.12.0.0/14 RCS-RDS RCS & RDS SA,RO 8708 RO ripencc
2014-07-11 04:09:05-05 5.248.99.163 5.248.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:27:48-05 178.151.23.241 178.151.22.0/23 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 04:27:50-05 31.169.23.129 31.169.20.0/22 DTVKZ-AS JSC Kazakhtelecom,KZ 39725 KZ ripencc
2014-07-11 04:27:50-05 77.122.235.167 77.122.192.0/18 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 04:27:50-05 78.62.94.153 78.62.80.0/20 TEOLTAB TEO LT AB Autonomous System,LT 8764 LT ripencc
2014-07-11 04:27:50-05 89.209.96.231 89.209.0.0/16 MTS MTS OJSC,RU 8359 UA ripencc
2014-07-11 04:27:50-05 93.79.143.194 93.79.128.0/17 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 04:27:50-05 176.8.79.228 176.8.0.0/16 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:27:50-05 178.141.98.171 178.141.0.0/16 MTS-KRV-AS MTS OJSC,RU 44677 RU ripencc
2014-07-11 04:49:18-05 176.113.146.32 176.113.144.0/20 BELICOM-AS FOP Bilenkiy Olexander Naumovich,UA 44010 UA ripencc
2014-07-11 04:49:21-05 178.137.109.91 178.137.0.0/17 KSNET-AS _Kyivstar_ PJSC,UA 15895 UA ripencc
2014-07-11 04:49:21-05 213.111.226.174 213.111.192.0/18 MAINSTREAM-AS PP MainStream,UA 44924 UA ripencc
2014-07-11 04:49:21-05 217.73.84.131 217.73.80.0/21 INFOMIR-NET Infomir JSC,UA 44291 UA ripencc
2014-07-11 04:49:21-05 5.20.162.237 5.20.160.0/19 CGATES-AS UAB _Cgates_,LT 21412 LT ripencc
2014-07-11 04:49:21-05 5.105.1.241 5.105.0.0/16 CDS-AS Cifrovye Dispetcherskie Sistemy,UA 43554 UA ripencc
2014-07-11 04:49:21-05 77.122.193.42 77.122.192.0/18 VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA 25229 UA ripencc
2014-07-11 04:49:21-05 91.225.162.98 91.225.160.0/22 ASSPDCHERNEGA SPD Chernega Aleksandr Anatolevich,UA 56400 UA ripencc
2014-07-11 04:49:21-05 91.236.249.33 91.236.248.0/22 SNAK-AS IP-Connect LLC,UA 57944 UA ripencc
2014-07-11 04:49:21-05 91.244.139.49 91.244.128.0/20 PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA 44798 UA ripencc
2014-07-11 04:49:21-05 109.86.76.58 109.86.64.0/20 BANKINFORM-AS TOV _Bank-Inform_,UA 13188 UA ripencc
2014-07-11 04:49:21-05 176.36.67.204 176.36.0.0/14 LANETUA-AS Lanet Network Ltd.,UA 39608 UA ripencc
2014-07-11 05:08:15-05 46.46.96.199 46.46.64.0/18 FLAGMAN-AS TOV _Flagman Telecom_,UA 48045 UA ripencc
2014-07-11 05:08:16-05 46.149.178.203 46.149.176.0/20 ISP-KIM-NET Kalush Information Network LTD,UA 197522 UA ripencc
2014-07-11 05:08:16-05 95.37.213.26 95.37.128.0/17 NMTS-AS OJSC Rostelecom,RU 25405 RU ripencc
2014-07-11 05:08:16-05 178.251.109.168 178.251.104.0/21 DATALINE-AS Dataline LLC,UA 35297 UA ripencc
2014-07-11 05:08:17-05 31.41.128.57 31.41.128.0/21 ANOXIN FIZICHNA OSOBA-PIDPRIEMEC ANOHIN IGOR VALENTINOVICH,UA 39056 UA ripencc
2014-07-11 05:27:32-05 81.90.233.231 81.90.233.0/24 RADIOCOM-AS RadioCom ISP Autonomous System,UA 25071 UA ripencc
2014-07-11 05:27:32-05 81.162.70.217 81.162.64.0/20 GIGABYTE-AS Private Company Center for Development Information Technology _Gigabyte_,UA 198293 UA ripencc
2014-07-11 05:27:32-05 89.44.89.68 89.44.88.0/22 DNC-AS IM Data Network Communication SRL,MD 41053 RO ripencc
2014-07-11 05:27:32-05 91.244.148.241 91.244.144.0/21 PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA 44798 UA ripencc
2014-07-11 05:27:32-05 188.168.94.122 188.168.0.0/16 TTK-RTL Closed Joint Stock Company TransTeleCom,RU 15774 RU ripencc
2014-07-11 05:27:32-05 62.80.161.77 62.80.160.0/19 INTERTELECOM-AS PJSC Inter-Telecom,UA 25386 UA ripencc
2014-07-11 05:30:03-05 198.105.254.240 198.105.254.0/24 SGINC - Search Guide Inc,US 36029 US arin
2014-07-11 05:30:03-05 198.105.244.240 198.105.244.0/24 SGINC - Search Guide Inc,US 36029 US arin
Posted by Gary Warner at 5:53 AM
Labels: , , , , , , ,

1 comment:

  1. Unknown1:44 AM

    This comment has been removed by a blog administrator.

    ReplyDelete

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.

Subscribe to: Post Comments (Atom)