Over on the Malcovery Security Blog yesterday we covered a new version of GameOver Zeus (see:
) that was distributed in three spam campaigns on July 10, 2014. At the bottom of that blog post, we're sharing a detailed "T3 Report" by analysts Brendan Griffin and Wayne Snow that gives all the details. In our reporting yesterday we mentioned that the new bot is using a Fast Flux Command & Control structure and that it is using a Domain Generation Algorithm to allow the malware distributed in the spam to locate and connect to the Command & Control servers.
I wanted to geek that a bit deeper for those who want more details on both of those subjects. First, let's look at the Fast Flux.
Fast Flux is a technique that allows a criminal who controls many servers to obfuscate the true location of his server by building a tiered infrastructure.
Sometimes there are additional "tiers" or levels of misdirection. We don't yet know how many layers there are in this newGOZ botnet.
Here's the flow . . .
All of the servers (or workstations) in this table were used as Fast Flux C&C nodes last night by the newGOZ botnet. We'll keep tracking this with friends from ShadowServer, DissectCyber.com and others and sharing this information with our trusted partners, but I wanted to throw out this example. If you have ability to look at "Net Flow" for any of these computers, you may be able to help us locate "The Evil Lair of the newGOZ Criminal." (Which sounds like a lot more fun than just looking at packet dumps, doesn't it? Sorry, this isn't my job, it is my passion. Geeks have to convince themselves they are Fighting Evil or we would get bored. Since the first GOZ enabled the theft of $100 Million or so ( for more see as an example
where Brian even shares the FBI Wanted Poster of the guy who is thought to be behind Zeus.
2014-07-10 20:37:10-05 | 92.248.160.157 | 92.248.128.0/17 | OLYMPUS-NSP-AS ZAO _AKADO-Ekaterinburg_,RU | 30868 | RU | ripencc |
2014-07-10 20:38:04-05 | 108.20.219.49 | 108.20.0.0/16 | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US | 701 | US | arin |
2014-07-10 20:38:36-05 | 113.163.13.252 | 113.163.0.0/19 | VNPT-AS-VN VNPT Corp,VN | 45899 | VN | apnic |
2014-07-10 20:39:03-05 | 114.46.251.46 | 114.46.0.0/16 | HINET Data Communication Business Group,TW | 3462 | TW | apnic |
2014-07-10 20:39:24-05 | 176.108.15.141 | 176.108.0.0/19 | KADRTV-AS Cadr-TV LLE TVRC,CZ | 57800 | UA | ripencc |
2014-07-10 20:40:39-05 | 178.150.136.252 | 178.150.136.0/22 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-10 20:40:52-05 | 37.25.4.162 | 37.25.0.0/19 | BELCOMUA-AS ZAO _Belcom_,UA | 25385 | UA | ripencc |
2014-07-10 20:41:05-05 | 69.143.45.75 | 69.143.0.0/16 | CMCS - Comcast Cable Communications, Inc.,US | 33657 | US | arin |
2014-07-10 20:41:18-05 | 77.242.172.30 | 77.242.172.0/24 | UHT-AS UHT - Ukrainian High Technologies Ltd.,UA | 30955 | UA | ripencc |
2014-07-10 20:41:31-05 | 85.29.179.7 | 85.29.179.0/24 | ORBITA-PLUS-AS ORBITA-PLUS Autonomous System,KZ | 21299 | KZ | ripencc |
2014-07-10 20:47:43-05 | 24.101.46.15 | 24.101.32.0/19 | ACS-INTERNET - Armstrong Cable Services,US | 27364 | US | arin |
2014-07-10 20:47:56-05 | 37.115.246.222 | 37.115.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 20:48:10-05 | 67.68.99.137 | 67.68.96.0/22 | BACOM - Bell Canada,CA | 577 | CA | arin |
2014-07-10 20:48:23-05 | 70.24.225.245 | 70.24.224.0/22 | BACOM - Bell Canada,CA | 577 | CA | arin |
2014-07-10 20:48:43-05 | 75.76.166.8 | 75.76.128.0/17 | WOW-INTERNET - WideOpenWest Finance LLC,US | 12083 | US | arin |
2014-07-10 20:48:57-05 | 76.127.161.112 | 76.127.128.0/17 | COMCAST-7015 - Comcast Cable Communications Holdings, Inc,US | 7015 | US | arin |
2014-07-10 20:49:21-05 | 91.197.171.38 | 91.197.168.0/22 | INTRAFFIC-AS Intraffic LLC,UA | 43658 | UA | ripencc |
2014-07-10 20:49:44-05 | 99.248.110.218 | 99.224.0.0/11 | ROGERS-CABLE - Rogers Cable Communications Inc.,CA | 812 | CA | arin |
2014-07-10 20:50:02-05 | 100.44.184.18 | 100.44.160.0/19 | WAYPORT - Wayport, Inc.,US | 14654 | US | arin |
2014-07-10 20:52:54-05 | 109.207.127.59 | 109.207.112.0/20 | TELELAN-AS Teleradiocompany TeleLan LLC,UA | 196740 | UA | ripencc |
2014-07-10 21:07:24-05 | 178.214.223.104 | 178.214.192.0/19 | UOS Ukraine Optical Systems LLC,UA | 42546 | UA | ripencc |
2014-07-10 21:07:56-05 | 212.22.192.224 | 212.22.192.0/24 | FREENET-AS Freenet Ltd.,UA | 31148 | UA | ripencc |
2014-07-10 21:08:11-05 | 31.133.118.121 | 31.133.118.0/24 | ENTERRA-AS Private Enterprise _Enterra_,UA | 48964 | UA | ripencc |
2014-07-10 21:08:24-05 | 37.229.149.56 | 37.229.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:08:45-05 | 46.119.77.105 | 46.119.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:09:21-05 | 98.14.34.141 | 98.14.0.0/16 | SCRR-12271 - Time Warner Cable Internet LLC,US | 12271 | US | arin |
2014-07-10 21:09:37-05 | 98.109.164.97 | 98.109.0.0/16 | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US | 701 | US | arin |
2014-07-10 21:12:28-05 | 109.162.0.21 | 109.162.0.0/18 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:12:41-05 | 178.140.183.193 | 178.140.0.0/16 | NCNET-AS OJSC Rostelecom,RU | 42610 | RU | ripencc |
2014-07-10 21:13:42-05 | 178.158.135.20 | 178.158.134.0/23 | ISP-EASTNET-AS EAST.NET Ltd.,UA | 50780 | UA | ripencc |
2014-07-10 21:28:15-05 | 192.162.118.118 | 192.162.116.0/22 | ANOXIN FIZICHNA OSOBA-PIDPRIEMEC ANOHIN IGOR VALENTINOVICH,UA | 39056 | UA | ripencc |
2014-07-10 21:28:18-05 | 208.120.58.109 | 208.120.0.0/18 | SCRR-12271 - Time Warner Cable Internet LLC,US | 12271 | US | arin |
2014-07-10 21:28:18-05 | 213.111.221.67 | 213.111.192.0/18 | MAINSTREAM-AS PP MainStream,UA | 44924 | UA | ripencc |
2014-07-10 21:28:18-05 | 24.207.209.129 | 24.207.128.0/17 | CHARTER-NET-HKY-NC - Charter Communications,US | 20115 | US | arin |
2014-07-10 21:28:18-05 | 46.181.215.20 | 46.180.0.0/15 | ELIGHT-AS E-Light-Telecom,RU | 39927 | RU | ripencc |
2014-07-10 21:28:19-05 | 68.45.64.5 | 68.44.0.0/15 | CMCS - Comcast Cable Communications, Inc.,US | 33659 | US | arin |
2014-07-10 21:28:19-05 | 75.131.252.100 | 75.131.224.0/19 | CHARTER-NET-HKY-NC - Charter Communications,US | 20115 | US | arin |
2014-07-10 21:28:19-05 | 91.196.60.108 | 91.196.60.0/22 | ARHAT-AS PE Bondar TN,UA | 50204 | UA | ripencc |
2014-07-10 21:28:19-05 | 91.243.218.157 | 91.243.192.0/19 | ID-TELECOM-AS Intellect Dnepr Telecom LLC,UA | 59567 | UA | ripencc |
2014-07-10 21:28:19-05 | 96.246.91.160 | 96.246.0.0/17 | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US | 701 | US | arin |
2014-07-10 21:28:19-05 | 134.249.11.2 | 134.249.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:49:21-05 | 188.190.5.162 | 188.190.0.0/19 | ASINTTEL Inttel Ltd.,UA | 56370 | UA | ripencc |
2014-07-10 21:49:22-05 | 5.248.110.252 | 5.248.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:49:22-05 | 31.43.162.96 | 31.43.160.0/19 | KRASNET-UA-AS Krasnet ltd.,UA | 50576 | UA | ripencc |
2014-07-10 21:49:22-05 | 31.135.144.54 | 31.135.144.0/22 | Technical Centre Radio Systems Ltd.,UA | 20539 | UA | ripencc |
2014-07-10 21:49:22-05 | 37.112.195.140 | 37.112.192.0/22 | KRSK-AS CJSC _ER-Telecom Holding_,RU | 50544 | RU | ripencc |
2014-07-10 21:49:22-05 | 46.119.181.97 | 46.118.0.0/15 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:49:22-05 | 50.83.36.2 | 50.83.32.0/21 | MEDIACOM-ENTERPRISE-BUSINESS - Mediacom Communications Corp,US | 30036 | US | arin |
2014-07-10 21:49:23-05 | 176.8.92.131 | 176.8.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 21:49:23-05 | 176.98.12.218 | 176.98.0.0/19 | CRYSTAL-AS Crystal Telecom Ltd,CZ | 49889 | UA | ripencc |
2014-07-10 21:49:23-05 | 178.137.8.215 | 178.137.0.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 22:08:06-05 | 95.110.45.151 | 95.110.0.0/17 | JSCBIS-AS OJSC _Bashinformsvyaz_,RU | 28812 | RU | ripencc |
2014-07-10 22:08:08-05 | 176.8.21.85 | 176.8.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 22:08:08-05 | 178.150.89.211 | 178.150.89.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-10 22:08:08-05 | 188.231.191.140 | 188.231.191.0/24 | FREENET-AS Freenet Ltd.,UA | 31148 | UA | ripencc |
2014-07-10 22:08:08-05 | 80.66.79.74 | 80.66.76.0/22 | RISS-AS LLC _Ris-Tel_,RU | 20803 | RU | ripencc |
2014-07-10 22:08:09-05 | 81.200.148.6 | 81.200.144.0/20 | ARTEM-CATV-AS JSC Artemovskoye Interaktivnoe Televidenie,RU | 41070 | RU | ripencc |
2014-07-10 22:08:09-05 | 95.46.219.178 | 95.46.219.0/24 | VITEBSK-TV-ISP-AS OAO Vitebskiy Oblastnoy Techno-Torgoviy Center Garant,BY | 50528 | CZ | ripencc |
2014-07-10 22:08:09-05 | 95.78.166.17 | 95.78.128.0/18 | ERTH-CHEL-AS CJSC _ER-Telecom Holding_,RU | 41661 | RU | ripencc |
2014-07-10 22:29:38-05 | 178.214.169.234 | 178.214.160.0/19 | LUGANET-AS ARTA Ltd,UA | 39728 | UA | ripencc |
2014-07-10 22:29:38-05 | 188.16.223.225 | 188.16.192.0/18 | USI OJSC Rostelecom,RU | 6828 | RU | ripencc |
2014-07-10 22:29:38-05 | 194.246.105.173 | 194.246.104.0/23 | ASN-FUJILINE Trade House _Inet_ Ltd,UA | 31000 | UA | ripencc |
2014-07-10 22:29:39-05 | 70.75.230.0 | 70.75.0.0/16 | SHAW - Shaw Communications Inc.,CA | 6327 | CA | arin |
2014-07-10 22:29:39-05 | 78.137.17.91 | 78.137.0.0/19 | MCLAUT-AS LLC _McLaut-Invest_,UA | 25133 | UA | ripencc |
2014-07-10 22:29:39-05 | 176.117.86.162 | 176.117.80.0/20 | LURENET-AS PP _Lurenet_,UA | 50643 | UA | ripencc |
2014-07-10 22:48:09-05 | 213.111.163.205 | 213.111.128.0/18 | ALNET-AS PP SKS-Lugan,UA | 35804 | UA | ripencc |
2014-07-10 22:48:10-05 | 99.249.29.20 | 99.249.0.0/16 | ROGERS-CABLE - Rogers Cable Communications Inc.,CA | 812 | CA | arin |
2014-07-10 22:48:10-05 | 109.254.35.236 | 109.254.0.0/16 | DEC-AS Donbass Electronic Communications Ltd.,UA | 20590 | UA | ripencc |
2014-07-10 22:48:10-05 | 136.169.151.67 | 136.169.128.0/19 | UBN-AS OJSC _Ufanet_,RU | 24955 | RU | ripencc |
2014-07-10 22:48:10-05 | 176.102.209.127 | 176.102.192.0/19 | KUTS-AS Center for Information Technologies _Fobos_ Ltd.,UA | 39822 | UA | ripencc |
2014-07-10 22:48:10-05 | 178.141.160.202 | 178.141.0.0/16 | MTS-KRV-AS MTS OJSC,RU | 44677 | RU | ripencc |
2014-07-10 22:48:10-05 | 178.213.191.181 | 178.213.184.0/21 | SKYNET-UA-AS FOP Shoruk Andriy Olexanderovich,UA | 196777 | UA | ripencc |
2014-07-10 22:48:10-05 | 184.152.102.159 | 184.152.0.0/16 | SCRR-12271 - Time Warner Cable Internet LLC,US | 12271 | US | arin |
2014-07-10 22:48:10-05 | 213.110.137.77 | 213.110.128.0/19 | SUNNET-AS PE Gritcun Oleksandr Viktorovich,UA | 47889 | UA | ripencc |
2014-07-10 23:08:56-05 | 91.219.254.25 | 91.219.254.0/24 | MONOLITH-AS LLC MONOLITH.NET,UA | 48230 | UA | ripencc |
2014-07-10 23:08:58-05 | 109.87.83.213 | 109.87.80.0/22 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-10 23:09:00-05 | 178.137.176.9 | 178.137.128.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 23:09:00-05 | 78.109.46.210 | 78.109.46.0/24 | SIBRON-AS Closed Joint Stock Company COMSTAR-Regiony,RU | 13155 | RU | ripencc |
2014-07-10 23:09:00-05 | 80.70.71.41 | 80.70.64.0/20 | ENERGYTEL Energytel LLC,UA | 51317 | UA | ripencc |
2014-07-10 23:27:45-05 | 71.75.52.101 | 71.75.0.0/16 | SCRR-11426 - Time Warner Cable Internet LLC,US | 11426 | US | arin |
2014-07-10 23:27:45-05 | 176.8.72.36 | 176.8.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 23:27:45-05 | 178.74.214.94 | 178.74.192.0/18 | EVEREST-AS _Everest_ Broadcasting Company Ltd,UA | 49223 | UA | ripencc |
2014-07-10 23:27:45-05 | 178.141.9.72 | 178.141.0.0/16 | MTS-KRV-AS MTS OJSC,RU | 44677 | RU | ripencc |
2014-07-10 23:27:45-05 | 188.230.87.17 | 188.230.80.0/21 | ABUA-AS LLC AB Ukraine,UA | 43266 | UA | ripencc |
2014-07-10 23:27:45-05 | 37.229.79.59 | 37.229.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 23:27:45-05 | 62.16.38.131 | 62.16.32.0/19 | FPIC-AS CJSC _COMSTAR-regions_,RU | 15640 | RU | ripencc |
2014-07-10 23:49:05-05 | 176.113.227.109 | 176.113.224.0/19 | LUGANET-AS ARTA Ltd,UA | 39728 | UA | ripencc |
2014-07-10 23:49:05-05 | 193.106.184.92 | 193.106.184.0/22 | BOSPOR-AS Bospor-Telecom LLC,UA | 42238 | UA | ripencc |
2014-07-10 23:49:05-05 | 46.172.231.154 | 46.172.224.0/19 | TOPHOST-AS SPD Kurilov Sergiy Oleksandrovich,UA | 45043 | UA | ripencc |
2014-07-10 23:49:05-05 | 74.129.235.88 | 74.128.0.0/12 | SCRR-10796 - Time Warner Cable Internet LLC,US | 10796 | US | arin |
2014-07-10 23:49:05-05 | 77.121.129.181 | 77.121.128.0/21 | VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA | 25229 | UA | ripencc |
2014-07-10 23:49:05-05 | 78.27.159.112 | 78.27.128.0/18 | DOMASHKA-AS Domashnya Merezha LLC,UA | 15683 | UA | ripencc |
2014-07-10 23:49:05-05 | 91.196.55.7 | 91.196.52.0/22 | KOMITEX-AS PP KOM i TEX,UA | 30886 | UA | ripencc |
2014-07-10 23:49:06-05 | 94.153.23.170 | 94.153.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-10 23:49:06-05 | 109.87.222.148 | 109.87.222.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 00:07:17-05 | 178.215.178.112 | 178.215.176.0/20 | FENIXVT-AS Private Enterprise Firma Fenix VT,RU | 39399 | UA | ripencc |
2014-07-11 00:07:19-05 | 195.90.130.19 | 195.90.128.0/18 | ROSNET-AS OJSC Rostelecom,RU | 6863 | RU | ripencc |
2014-07-11 00:07:19-05 | 37.25.118.55 | 37.25.96.0/19 | WILDPARK-AS ISP WildPark, Ukraine, Nikolaev,UA | 31272 | UA | ripencc |
2014-07-11 00:07:19-05 | 37.229.215.18 | 37.229.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 00:07:19-05 | 87.244.34.238 | 87.244.32.0/21 | SUNLINK-AS Sunlink Telecom ISP, Tula, Russia,RU | 35401 | RU | ripencc |
2014-07-11 00:07:19-05 | 91.219.233.40 | 91.219.232.0/22 | REALWEB-AS Private Enterprise RealWeb,UA | 41161 | UA | ripencc |
2014-07-11 00:07:20-05 | 173.95.149.72 | 173.92.0.0/14 | SCRR-11426 - Time Warner Cable Internet LLC,US | 11426 | US | arin |
2014-07-11 00:07:20-05 | 178.150.221.2 | 178.150.220.0/23 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 00:07:20-05 | 178.151.165.182 | 178.151.165.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 00:28:03-05 | 109.87.42.122 | 109.87.40.0/21 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 00:28:04-05 | 109.200.228.156 | 109.200.224.0/19 | BREEZE-NETWORK TOV TRK _Briz_,UA | 34661 | UA | ripencc |
2014-07-11 00:28:04-05 | 31.135.226.91 | 31.135.224.0/20 | TRYTECH-AS Trytech Ltd.,RU | 44056 | RU | ripencc |
2014-07-11 00:28:04-05 | 46.172.145.109 | 46.172.128.0/19 | UTEAM-AS Uteam LTD,UA | 49125 | UA | ripencc |
2014-07-11 00:49:18-05 | 109.229.198.37 | 109.229.192.0/19 | PRONET_LV SIA _PRONETS_,LV | 43075 | LV | ripencc |
2014-07-11 00:49:20-05 | 178.165.98.17 | 178.165.64.0/18 | CITYNET-AS Maxnet Autonomous System,UA | 34700 | UA | ripencc |
2014-07-11 00:49:20-05 | 195.114.145.69 | 195.114.144.0/20 | DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_,UA | 21219 | UA | ripencc |
2014-07-11 00:49:20-05 | 5.58.15.61 | 5.58.0.0/18 | NOLAN-AS Lanet Network Ltd,UA | 43120 | UA | ripencc |
2014-07-11 00:49:20-05 | 46.147.186.225 | 46.147.184.0/22 | NEOLINK CJSC _ER-Telecom Holding_,RU | 34590 | RU | ripencc |
2014-07-11 00:49:20-05 | 46.219.50.56 | 46.219.50.0/24 | FREENET-AS Freenet Ltd.,UA | 31148 | UA | ripencc |
2014-07-11 00:49:20-05 | 89.185.24.218 | 89.185.24.0/21 | TVCOM-AS TVCOM Ltd.,UA | 34092 | UA | ripencc |
2014-07-11 00:49:20-05 | 94.158.73.89 | 94.158.64.0/20 | BIGNET-AS PE Yuri Stanislavovich Demenin,UA | 43668 | UA | ripencc |
2014-07-11 00:49:20-05 | 95.47.151.247 | 95.47.148.0/22 | TKS-AS Sumski Telecom Systems Ltd,UA | 41967 | CZ | ripencc |
2014-07-11 01:09:51-05 | 71.227.196.156 | 71.227.128.0/17 | COMCAST-33650 - Comcast Cable Communications, Inc.,US | 33650 | US | arin |
2014-07-11 01:09:52-05 | 87.224.164.135 | 87.224.128.0/17 | TELENET-AS OJSC Rostelecom,RU | 35154 | RU | ripencc |
2014-07-11 01:09:52-05 | 93.127.60.17 | 93.127.60.0/23 | ALKAR-AS PRIVATE JOINT-STOCK COMPANY _FARLEP-INVEST_,RU | 6703 | UA | ripencc |
2014-07-11 01:09:52-05 | 109.227.127.25 | 109.227.96.0/19 | MCLAUT-AS LLC _McLaut-Invest_,UA | 25133 | UA | ripencc |
2014-07-11 01:09:52-05 | 178.151.9.221 | 178.151.9.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 01:09:52-05 | 178.151.154.233 | 178.151.154.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 01:09:52-05 | 194.187.108.182 | 194.187.108.0/22 | TERABIT TERABIT LLC,UA | 29491 | UA | ripencc |
2014-07-11 01:09:52-05 | 37.229.149.148 | 37.229.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 01:09:52-05 | 46.118.151.246 | 46.118.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 01:09:52-05 | 46.219.77.143 | 46.219.77.0/24 | FREENET-AS Freenet Ltd.,UA | 31148 | UA | ripencc |
2014-07-11 01:28:30-05 | 178.137.232.234 | 178.137.128.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 01:28:31-05 | 178.150.177.83 | 178.150.176.0/23 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 01:28:31-05 | 178.151.14.223 | 178.151.14.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 01:28:31-05 | 178.151.227.102 | 178.151.227.0/24 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 01:28:31-05 | 188.231.170.228 | 188.231.170.0/24 | FREENET-AS Freenet Ltd.,UA | 31148 | UA | ripencc |
2014-07-11 01:28:31-05 | 5.34.112.211 | 5.34.0.0/17 | SATELCOM-AS SA-Telcom LLP,KZ | 35566 | KZ | ripencc |
2014-07-11 01:28:31-05 | 46.56.64.196 | 46.56.64.0/19 | MTSBY-AS Mobile TeleSystems JLLC,BY | 25106 | BY | ripencc |
2014-07-11 01:28:31-05 | 46.173.171.188 | 46.173.168.0/22 | BEREZHANY-AS Galitski Telekommunications Ltd,UA | 49183 | UA | ripencc |
2014-07-11 01:28:31-05 | 176.215.86.177 | 176.215.84.0/22 | KRSK-AS CJSC _ER-Telecom Holding_,RU | 50544 | RU | ripencc |
2014-07-11 01:49:53-05 | 31.202.226.233 | 31.202.224.0/22 | FORMAT-TV-AS MSP Format Ltd.,UA | 6712 | UA | ripencc |
2014-07-11 01:49:53-05 | 46.33.59.6 | 46.33.56.0/22 | BLACKSEA TV Company _Black Sea_ Ltd,UA | 31593 | UA | ripencc |
2014-07-11 01:49:53-05 | 46.149.179.87 | 46.149.179.0/24 | ISP-KIM-NET Kalush Information Network LTD,UA | 197522 | UA | ripencc |
2014-07-11 01:49:53-05 | 82.112.53.75 | 82.112.32.0/19 | KTEL-AS K Telecom Ltd.,RU | 48642 | RU | ripencc |
2014-07-11 01:49:53-05 | 95.133.181.160 | 95.133.128.0/18 | UKRTELNET JSC UKRTELECOM,UA | 6849 | UA | ripencc |
2014-07-11 01:49:53-05 | 109.86.112.170 | 109.86.112.0/22 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 01:49:53-05 | 124.197.73.68 | 124.197.64.0/18 | MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore,SG | 4773 | SG | apnic |
2014-07-11 01:49:54-05 | 178.137.97.155 | 178.137.0.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 01:49:54-05 | 217.112.220.202 | 217.112.208.0/20 | TELEPORTSV PrivateJSC DataGroup,UA | 15785 | UA | ripencc |
2014-07-11 02:08:05-05 | 94.76.127.113 | 94.76.127.0/24 | FREENET-AS Freenet Ltd.,UA | 31148 | UA | ripencc |
2014-07-11 02:08:05-05 | 213.231.6.9 | 213.231.0.0/18 | BREEZE-NETWORK TOV TRK _Briz_,UA | 34661 | UA | ripencc |
2014-07-11 02:08:05-05 | 37.57.203.171 | 37.57.200.0/21 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 02:29:13-05 | 31.40.33.46 | 31.40.32.0/19 | GORSET-AS Gorodskaya Set Ltd.,RU | 49776 | RU | ripencc |
2014-07-11 02:29:13-05 | 37.53.73.152 | 37.52.0.0/14 | | 6849 6877 | UA | ripencc |
2014-07-11 02:29:14-05 | 46.119.213.230 | 46.119.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 02:29:14-05 | 46.175.73.188 | 46.175.64.0/20 | MEDIANA-AS Mediana ltd.,UA | 56347 | UA | ripencc |
2014-07-11 02:29:14-05 | 176.73.87.120 | 176.73.0.0/17 | CAUCASUS-CABLE-SYSTEM Caucasus Online Ltd.,GE | 20771 | GE | ripencc |
2014-07-11 02:29:14-05 | 178.219.91.40 | 178.219.90.0/23 | ASDNEPRONET Dnepronet Ltd.,UA | 51069 | UA | ripencc |
2014-07-11 02:29:14-05 | 185.14.102.108 | 185.14.102.0/24 | ORBITA-PLUS-AS ORBITA-PLUS Autonomous System,KZ | 21299 | KZ | ripencc |
2014-07-11 02:29:14-05 | 195.225.147.101 | 195.225.144.0/22 | UA-LINK-AS NPF LINK Ltd.,UA | 34359 | UA | ripencc |
2014-07-11 02:50:03-05 | 46.150.74.97 | 46.150.64.0/19 | VIVANET-AS Vivanet Ltd,UA | 44728 | UA | ripencc |
2014-07-11 02:50:04-05 | 46.150.91.162 | 46.150.64.0/19 | VIVANET-AS Vivanet Ltd,UA | 44728 | UA | ripencc |
2014-07-11 02:50:04-05 | 76.14.215.195 | 76.14.192.0/18 | WAVE-CABLE - Wave Broadband,US | 32107 | US | arin |
2014-07-11 02:50:04-05 | 82.193.220.254 | 82.193.192.0/19 | VODATEL-AS Metronet telekomunikacije d.d.,HR | 25528 | HR | ripencc |
2014-07-11 02:50:04-05 | 178.136.227.61 | 178.136.226.0/23 | ALKAR-AS PRIVATE JOINT-STOCK COMPANY _FARLEP-INVEST_,RU | 6703 | UA | ripencc |
2014-07-11 02:50:04-05 | 178.137.69.209 | 178.137.0.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 02:50:04-05 | 194.28.176.201 | 194.28.176.0/22 | KUZNETSOVSK-AS FOP Chaika Nadija Jakivna,UA | 197073 | UA | ripencc |
2014-07-11 02:50:04-05 | 212.87.183.197 | 212.87.160.0/19 | EDN-AS Online Technologies LTD,UA | 45025 | UA | ripencc |
2014-07-11 02:50:04-05 | 213.231.12.80 | 213.231.0.0/18 | BREEZE-NETWORK TOV TRK _Briz_,UA | 34661 | UA | ripencc |
2014-07-11 02:50:04-05 | 46.119.175.13 | 46.119.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 03:09:01-05 | 46.33.50.175 | 46.33.48.0/21 | LIS Telecompany LiS LTD,UA | 35588 | UA | ripencc |
2014-07-11 03:09:04-05 | 46.98.237.27 | 46.98.0.0/16 | FREGAT-AS ISP _Fregat_ Ltd.,UA | 15377 | UA | ripencc |
2014-07-11 03:09:04-05 | 46.185.73.100 | 46.185.64.0/18 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 03:09:04-05 | 79.164.171.236 | 79.164.0.0/16 | CNT-AS OJSC Central telegraph,RU | 8615 | RU | ripencc |
2014-07-11 03:09:04-05 | 91.244.137.151 | 91.244.128.0/20 | PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA | 44798 | UA | ripencc |
2014-07-11 03:09:05-05 | 109.86.234.51 | 109.86.232.0/21 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 03:09:05-05 | 109.207.121.193 | 109.207.112.0/20 | TELELAN-AS Teleradiocompany TeleLan LLC,UA | 196740 | UA | ripencc |
2014-07-11 03:09:05-05 | 176.108.235.203 | 176.108.232.0/22 | SKM-AS PE Yaremenko O.V.,UA | 39422 | UA | ripencc |
2014-07-11 03:09:05-05 | 193.106.82.45 | 193.106.80.0/22 | DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_,UA | 21219 | UA | ripencc |
2014-07-11 03:09:05-05 | 31.129.65.152 | 31.129.64.0/19 | ASDNEPRONET Dnepronet Ltd.,UA | 51069 | UA | ripencc |
2014-07-11 03:09:05-05 | 37.232.181.13 | 37.232.160.0/19 | INTERNET-CENTER-AS Net By Net Holding LLC,RU | 42420 | RU | ripencc |
2014-07-11 03:29:59-05 | 109.201.240.84 | 109.201.224.0/19 | VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA | 25229 | UA | ripencc |
2014-07-11 03:30:00-05 | 141.101.11.69 | 141.101.0.0/19 | WILDPARK-AS ISP WildPark, Ukraine, Nikolaev,UA | 31272 | UA | ripencc |
2014-07-11 03:30:00-05 | 188.230.1.99 | 188.230.0.0/21 | ABUA-AS LLC AB Ukraine,UA | 43266 | UA | ripencc |
2014-07-11 03:30:01-05 | 46.119.134.13 | 46.118.0.0/15 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 03:30:01-05 | 77.79.140.237 | 77.79.128.0/18 | UBN-AS OJSC _Ufanet_,RU | 24955 | RU | ripencc |
2014-07-11 03:30:01-05 | 77.121.125.112 | 77.121.96.0/19 | VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA | 25229 | UA | ripencc |
2014-07-11 03:30:01-05 | 77.123.241.141 | 77.123.224.0/19 | IVC IVC-Donbass Ltd,UA | 48169 | UA | ripencc |
2014-07-11 03:48:03-05 | 213.231.4.163 | 213.231.0.0/18 | BREEZE-NETWORK TOV TRK _Briz_,UA | 34661 | UA | ripencc |
2014-07-11 03:48:03-05 | 5.248.133.146 | 5.248.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 03:48:03-05 | 81.163.136.160 | 81.163.128.0/19 | DIDAN-AS Didan Group LTD,UA | 47694 | UA | ripencc |
2014-07-11 03:48:03-05 | 91.244.232.200 | 91.244.232.0/22 | VITA-AS Teleradiokompaniya Vizit-A Limited Liability Company,UA | 197175 | UA | ripencc |
2014-07-11 03:48:03-05 | 176.112.17.229 | 176.112.0.0/19 | MAINSTREAM-AS PP MainStream,UA | 44924 | UA | ripencc |
2014-07-11 03:48:03-05 | 176.124.1.31 | 176.124.0.0/19 | DIDAN-AS Didan Group LTD,UA | 47694 | UA | ripencc |
2014-07-11 03:48:03-05 | 193.93.238.13 | 193.93.236.0/22 | STAVSET-AS Kvartal Plus Ltd,RU | 49325 | RU | ripencc |
2014-07-11 04:09:03-05 | 46.118.136.44 | 46.118.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 04:09:05-05 | 46.172.128.249 | 46.172.128.0/19 | UTEAM-AS Uteam LTD,UA | 49125 | UA | ripencc |
2014-07-11 04:09:05-05 | 94.41.219.215 | 94.41.192.0/18 | UBN-AS OJSC _Ufanet_,RU | 24955 | RU | ripencc |
2014-07-11 04:09:05-05 | 109.162.59.249 | 109.162.0.0/18 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 04:09:05-05 | 178.45.188.246 | 178.45.160.0/19 | OJSC Rostelecom,RU | 15500 | RU | ripencc |
2014-07-11 04:09:05-05 | 178.88.215.41 | 178.88.0.0/16 | KAZTELECOM-AS JSC Kazakhtelecom,KZ | 9198 | KZ | ripencc |
2014-07-11 04:09:05-05 | 188.163.29.68 | 188.163.0.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 04:09:05-05 | 5.14.25.76 | 5.12.0.0/14 | RCS-RDS RCS & RDS SA,RO | 8708 | RO | ripencc |
2014-07-11 04:09:05-05 | 5.248.99.163 | 5.248.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 04:27:48-05 | 178.151.23.241 | 178.151.22.0/23 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 04:27:50-05 | 31.169.23.129 | 31.169.20.0/22 | DTVKZ-AS JSC Kazakhtelecom,KZ | 39725 | KZ | ripencc |
2014-07-11 04:27:50-05 | 77.122.235.167 | 77.122.192.0/18 | VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA | 25229 | UA | ripencc |
2014-07-11 04:27:50-05 | 78.62.94.153 | 78.62.80.0/20 | TEOLTAB TEO LT AB Autonomous System,LT | 8764 | LT | ripencc |
2014-07-11 04:27:50-05 | 89.209.96.231 | 89.209.0.0/16 | MTS MTS OJSC,RU | 8359 | UA | ripencc |
2014-07-11 04:27:50-05 | 93.79.143.194 | 93.79.128.0/17 | VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA | 25229 | UA | ripencc |
2014-07-11 04:27:50-05 | 176.8.79.228 | 176.8.0.0/16 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 04:27:50-05 | 178.141.98.171 | 178.141.0.0/16 | MTS-KRV-AS MTS OJSC,RU | 44677 | RU | ripencc |
2014-07-11 04:49:18-05 | 176.113.146.32 | 176.113.144.0/20 | BELICOM-AS FOP Bilenkiy Olexander Naumovich,UA | 44010 | UA | ripencc |
2014-07-11 04:49:21-05 | 178.137.109.91 | 178.137.0.0/17 | KSNET-AS _Kyivstar_ PJSC,UA | 15895 | UA | ripencc |
2014-07-11 04:49:21-05 | 213.111.226.174 | 213.111.192.0/18 | MAINSTREAM-AS PP MainStream,UA | 44924 | UA | ripencc |
2014-07-11 04:49:21-05 | 217.73.84.131 | 217.73.80.0/21 | INFOMIR-NET Infomir JSC,UA | 44291 | UA | ripencc |
2014-07-11 04:49:21-05 | 5.20.162.237 | 5.20.160.0/19 | CGATES-AS UAB _Cgates_,LT | 21412 | LT | ripencc |
2014-07-11 04:49:21-05 | 5.105.1.241 | 5.105.0.0/16 | CDS-AS Cifrovye Dispetcherskie Sistemy,UA | 43554 | UA | ripencc |
2014-07-11 04:49:21-05 | 77.122.193.42 | 77.122.192.0/18 | VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC,UA | 25229 | UA | ripencc |
2014-07-11 04:49:21-05 | 91.225.162.98 | 91.225.160.0/22 | ASSPDCHERNEGA SPD Chernega Aleksandr Anatolevich,UA | 56400 | UA | ripencc |
2014-07-11 04:49:21-05 | 91.236.249.33 | 91.236.248.0/22 | SNAK-AS IP-Connect LLC,UA | 57944 | UA | ripencc |
2014-07-11 04:49:21-05 | 91.244.139.49 | 91.244.128.0/20 | PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA | 44798 | UA | ripencc |
2014-07-11 04:49:21-05 | 109.86.76.58 | 109.86.64.0/20 | BANKINFORM-AS TOV _Bank-Inform_,UA | 13188 | UA | ripencc |
2014-07-11 04:49:21-05 | 176.36.67.204 | 176.36.0.0/14 | LANETUA-AS Lanet Network Ltd.,UA | 39608 | UA | ripencc |
2014-07-11 05:08:15-05 | 46.46.96.199 | 46.46.64.0/18 | FLAGMAN-AS TOV _Flagman Telecom_,UA | 48045 | UA | ripencc |
2014-07-11 05:08:16-05 | 46.149.178.203 | 46.149.176.0/20 | ISP-KIM-NET Kalush Information Network LTD,UA | 197522 | UA | ripencc |
2014-07-11 05:08:16-05 | 95.37.213.26 | 95.37.128.0/17 | NMTS-AS OJSC Rostelecom,RU | 25405 | RU | ripencc |
2014-07-11 05:08:16-05 | 178.251.109.168 | 178.251.104.0/21 | DATALINE-AS Dataline LLC,UA | 35297 | UA | ripencc |
2014-07-11 05:08:17-05 | 31.41.128.57 | 31.41.128.0/21 | ANOXIN FIZICHNA OSOBA-PIDPRIEMEC ANOHIN IGOR VALENTINOVICH,UA | 39056 | UA | ripencc |
2014-07-11 05:27:32-05 | 81.90.233.231 | 81.90.233.0/24 | RADIOCOM-AS RadioCom ISP Autonomous System,UA | 25071 | UA | ripencc |
2014-07-11 05:27:32-05 | 81.162.70.217 | 81.162.64.0/20 | GIGABYTE-AS Private Company Center for Development Information Technology _Gigabyte_,UA | 198293 | UA | ripencc |
2014-07-11 05:27:32-05 | 89.44.89.68 | 89.44.88.0/22 | DNC-AS IM Data Network Communication SRL,MD | 41053 | RO | ripencc |
2014-07-11 05:27:32-05 | 91.244.148.241 | 91.244.144.0/21 | PERVOMAYSK-AS PP _SKS-Pervomaysk_,UA | 44798 | UA | ripencc |
2014-07-11 05:27:32-05 | 188.168.94.122 | 188.168.0.0/16 | TTK-RTL Closed Joint Stock Company TransTeleCom,RU | 15774 | RU | ripencc |
2014-07-11 05:27:32-05 | 62.80.161.77 | 62.80.160.0/19 | INTERTELECOM-AS PJSC Inter-Telecom,UA | 25386 | UA | ripencc |
2014-07-11 05:30:03-05 | 198.105.254.240 | 198.105.254.0/24 | SGINC - Search Guide Inc,US | 36029 | US | arin |
2014-07-11 05:30:03-05 | 198.105.244.240 | 198.105.244.0/24 | SGINC - Search Guide Inc,US | 36029 | US | arin |