Monday, August 31, 2009

Green AV ** Bogus Antivirus Scanner



Bogus Antivirus - 174.142.96.2

Domains sharing the same IP address:

avsolutiondwn.info
green-av-pro.com
mail.green-av-pro.com
my-green-av.com
ntrytodownload.info
p4678z.my-green-av.com
progresivescan.info
zp4.green-av.com
at 10:00 AM 0 comments
Labels: , ,

Bogus Firefox Add-on Plugin Spies Google Search

TrendMicro researcher discover spyware as "Adobe Flash Player 0.2", installed add-on have capabilities to monitor users browsing activities using Firefox browser.

Make sure you always get the update from legitimate source, downloading from unknown source will putting yourself unsecure when browsing in Internet.

Read more from TrendMicro
at 9:49 AM 0 comments
Labels: , ,

Sunday, August 30, 2009

Google Ads list bogus Antispywarebot at web2secure.com

One of my reader sent me a message regarding this blog's Google Ads list bogus Antispywarebot. This bogus Antispywarebot still active and look like figure 2.




antispywarebot.com IP Address (75.125.61.162)

Domains sharing the same IP address:

2squared.com
antispywarebot.com
errorsweeper.com
privacycontrol.com
regclean.com
www.2squared.com
www.antispywarebot.com
www.errorsweeper.com
www.privacycontrol.com

The installer file was submitted to Virustotal and only 8/41 able to detect it as Fake Antivirus.


--X0end

at 9:53 AM 0 comments
Labels: , ,

Saturday, August 29, 2009

Search http://a0v.org/x.js in Google, Yahoo and Bing

Recently, malicious iframe related to http://a0v.org/x.js catched lots of media attention. Although thousand of websites were compromised to contain this malicious link, users are no harm with this links anymore because "http://a0v.org/x.js" no contain any exploits link when users browsing to those websites.

This "http://a0v.org/x.js" actually exist almost one month ago, first detection was found on 27-July according to Wepawet and last detection was found on 11-Aug according to Wepawet.

According to ScanSafe blog, this malicious link compromised lots of legitimate website. So I try to search how many hits related to tag "http://a0v.org/x.js".

Google:


Bing:

Yahoo:




Reference:


--X0end


at 10:02 AM 0 comments
Labels: ,

Friday, August 28, 2009

Rogue Antivirus ** 28 Aug

IP Address: 64.213.140.68

Domains sharing same IP address:

mail.foryousite.net
mail.protectedsky.info
mail.sheltercloud.info
mail.thesafeguard.info
pay1.fastantivirpro.com
pay2.prestotuneup.com
pay2.windowspcsuite.com
pay2.windowsprotectionsuite.com
pay2.windowssystemsuite.com
relevantwebsearches.com
secure-pro.cn
shieldcaskad.info
update2.malwaresdestructor.com
update2.prestotuneup.com
winprotectionsuite.com
www.fast-antivirus.com
www.foryousite.net
www.virusshield-scan.net
www.windowspcsuite.com


IP address: 94.102.51.26

Domains sharing same IP address:

antivirus-online-scan5.com
antivirus-online-scan7.com
bestpersonalprotectionv7.com
computer-antivirus-scanv9.com
fastvirusscanv6.com
govirusscanner.com
live-virus-scanner3.com
ns1.ia-report.com
ns2.ia-report.com
online-best-scanv3.com
online-pro-antivirus-scan.com
onlinebestscannerv3.com
onlinepersonalscanner.com
onlineproantivirusscan.com
onlineproantivirusscanner.com
personalantivirusprotection.com
premium-antispy-scanv3.com
premium-antispy-scanv7.com
professionalcomputerscanv2.com
safeonlinescannerv4.com
safeonlinescanv4.com
secure-antispyware-scanv3.com
secure-virus-scannerv5.com
securepersonalscanner.com
securityfolderprotection.com
spyware-scannerv2.com
spywarescannerv4.com



IP Address: 88.198.233.225

Domains sharing same IP address:

antispywarebestscanner.com
antivirus-my-pc-scan.com
best-adware-scanner.com
best-spyware-scanner.com
best-virus-scanner.com
clean-all-spyware.com
free-live-scanner.com
homeantispywarescan.com
homespywarescanner.com
livetimeprotectionscan.com
livetimesecurityscan.com
protectmycomputernow.com
remove-pc-spyware.com
remove-pc-virus.com
removeallthreatsnow.com
removepcvirus.com
scan-my-computer-now.com
scan-my-pc-now.com
scan-your-computer-now.com
scan-your-pc-now.com
scan4virusnow.com
static.88-198-233-225.clients.your-server.de
total-software-antivirus.com
totalspywarescan1.com
virus-scan-org.com


IP Address: 78.47.91.154

Domains sharing same IP address:

city-of-amber.com
satisfatcionvulture.com
secure.buybestsoftwareonline.com
secure.buysoftwaresubscription.com
secure.purchuase-premium-soft.com
secure.purchuaseliveprotection.com
secure.purchuaseonlinedefence.com
secure.softwere-store-payments.com
static.154.91.47.78.clients.your-server.de
websecurepayments.com
www.buysoftwaresubscription.com
www.purchuase-premium-soft.com
www.purchuaseliveprotection.com
www.softwere-store-payments.com
at 9:03 AM 0 comments
Labels: , ,

Thursday, August 27, 2009

Complex Obfuscated JS code in PDF ** fhijafif.cn

Obfuscated Javascript codes in pdf exploit become more complex from day to day, especially Wepawet ( Free service for detecting JavaScript, flash and PDF file) hardly to produce the result. Sample "hereEvenMore.pdf" is one of the example that wepawet unable to produce any exploit and eval code.




Below is the javascript codes that found after filter with FlateDecode method. It look really mess and hardly to understand what algorithm used to decode it.



However, after carefully read though the JavaScript codes, replace function was found. It gave me idea to replace character "!@?" with blank quote to end with result.



Below screen displayed UCS2 codes that can be de-obfuscated.



The de-obfuscated code end with malicious link to "http://fhijafif.cn/fex/update.php?id=2"
Sample "load.exe" submitted to Virustotal end with minor detection rate 4/41 and the "hereEvenMore.pdf" only gain 8/38







fhijafif.cn = 195.88.191.46 (Blacklisted)

Domains sharing the same IP address:

*.drocuwil.cn
*.hnifuzof.cn
*.jagbibiv.cn
*.npeyugux.cn
*.qtorifik.cn
*.smoxewac.cn
*.svefipuj.cn
*.vtuyocew.cn
*.wetyotix.cn
*.xceyadij.cn
bsidiket.cn
cazkafuq.cn
cqodezuz.cn
doflolab.cn
drocuwil.cn
fhijafif.cn
fteqimop.cn
hnifuzof.cn
jagbibiv.cn
lhamedep.cn
ndirekoc.cn
npeyugux.cn
ns1.jagbibiv.cn
ns2.jagbibiv.cn
nvujinaw.cn
qtorifik.cn
smoxewac.cn
svefipuj.cn
vtuyocew.cn
wetyotix.cn
wjaxoxeh.cn
wvahexip.cn
www.drocuwil.cn
www.hnifuzof.cn
www.npeyugux.cn
www.qtorifik.cn
www.smoxewac.cn
www.svefipuj.cn
www.vtuyocew.cn
www.wetyotix.cn
www.xceyadij.cn
xceyadij.cn
yawxowaj.cn
zekxowiv.cn
zyejanag.cn


--X0end
at 9:49 AM 0 comments
Labels: , ,

Wednesday, August 26, 2009

Microsoft released patch to Autorun hole

In Windows XP, Windows Vista, and Windows Server 2003, AutoRun entries were populated for all devices that had mass storage and had a validly formatted AutoRun.inf file in the root directory. This included CDs, DVDs, USB thumb drives, external hard disks, and any volume that exposed itself as mass storage. This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.

The patches can be download from

Update for Windows XP (KB971029)

Update for Windows Vista (KB971029)


Reference:
http://support.microsoft.com/kb/971029
at 7:15 PM 0 comments
Labels: , ,

Monday, August 24, 2009

HSBC Phishing Site

HSBC Phishing Site






Domains using same IP address: 209.151.4.62

*.co.uk-v.cn
*.uk-v.cn
co.uk-v.cn
hsbc.co.uk-v.cn
uk-v.cn
at 8:23 AM 0 comments
Labels: ,

Rogue Antivirus ** 24 Aug



Domains sharing same IP address: 91.213.29.250

gombely.cn
gopiby.cn
goqfap.cn
gortuwe.cn
gotceyr.cn
gotuqjy.cn
govaqip.cn
gowyti.cn
goxweyc.cn
gubcyil.cn
gubywef.cn
gudxyv.cn
gugema.cn
gugkyaf.cn
gujdywa.cn
gurqyak.cn
gutciko.cn
guxryac.cn
gybukop.cn
gybwuv.cn
hagnuor.cn
haronpi.cn
idyzok.cn
igayzde.cn
iguyzmo.cn
ihaegup.cn
mail.gombely.cn
mail.goqfap.cn
mail.gortuwe.cn
mail.gotceyr.cn
mail.gotuqjy.cn
mail.govaqip.cn
mail.goxweyc.cn
mail.gubcyil.cn
mail.gugema.cn
mail.gujdywa.cn
mail.gurqyak.cn
mail.gutciko.cn
mail.guxryac.cn
mail.gybukop.cn
mail.gybwuv.cn
mail.hagnuor.cn
mail.idyise.cn
mail.idyzok.cn
mail.ns-free-acc7.com
ns-free-acc7.com
ns1.ns-free-acc7.com
ns2.ns-free-acc7.com
www.goqfap.cn
www.gortuwe.cn
www.gotceyr.cn
www.gotuqjy.cn
www.govaqip.cn
www.gowyti.cn
www.goxweyc.cn
www.gubcyil.cn
www.gugema.cn
www.gybwuv.cn
www.hagnuor.cn


Domains sharing same IP address: 209.44.126.81

dealsplanet.info
mail.safetywirelessonline.com
mail.securitybestonline.com
mail.securityscaninternet.com
mail.securitytestavailable.com
mx081.braqsil.com
safetywirelessonline.com
securitybestonline.com
securityscaninternet.com
securitytoolsite.com
www.safetywirelessonline.com
www.securitytestavailable.com


Domains sharing same IP address: 195.95.151.176



addedantiviruslive.com
addedantivirusonline.com
addedantiviruspro.com
addedantivirusstore.com
antivirus-plus-now.com
antivirusplus-ok.com
antivirusplus09.com
antivirusplusnow.com
avplus247.com
bestcountedantivirus.com
countedantiviruspro.com
easyaddedantivirus.com
freeantivirusplus09.com
getantivirusplusnow.com
goodantivirusplus.com
i-antivirusplus.com
internetantivirusplus.com
mail.addedantiviruslive.com
mail.addedantivirusonline.com
mail.addedantiviruspro.com
mail.addedantivirusstore.com
mail.antivirusplus-ok.com
mail.antivirusplus09.com
mail.antivirusplusnow.com
mail.avplus247.com
mail.bestcountedantivirus.com
mail.easyaddedantivirus.com
mail.freeantivirusplus09.com
mail.getantivirusplusnow.com
mail.getavplusnow.com
mail.goodantivirusplus.com
mail.i-antivirusplus.com
mail.internetantivirusplus.com
mail.megaantivirusplus.com
mail.mybestantivirusplus.com
mail.myplusantiviruslive.com
mail.myplusantiviruspro.com
mail.nextantivirusplus.com
mail.realantivirusplus.com
mail.realantivirusplus09.com
mail.safewebway2009.com
mail.trusted-web-way.com
mail.web-safe-and-clean.com
mail.yesantivirusplus.com
mail.yourcountedantivirus.com
megaantivirusplus.com
mybestantivirusplus.com
myplusantiviruslive.com
myplusantiviruspro.com
nextantivirusplus.com
ns-free-acc6.com
ns1.ns-free-acc6.com
ns2.ns-free-acc6.com
realantivirusplus.com
realantivirusplus09.com
rightsafeway.com
safewebway2009.com
trusted-web-way.com
web-safe-and-clean.com
www.addedantiviruslive.com
www.addedantiviruspro.com
www.addedantivirusstore.com
www.antivirus-plus-now.com
www.antivirusplus-ok.com
www.antivirusplus09.com
www.antivirusplus2010.com
www.antivirusplusnow.com
www.bestcountedantivirus.com
www.easyaddedantivirus.com
www.getantivirusplus09.com
www.getantivirusplusnow.com
www.getavplusnow.com
www.goodantivirusplus.com
www.i-antivirusplus.com
www.megaantivirusplus.com
www.myplusantiviruspro.com
www.nextantivirusplus.com
www.protect-my-web.com
www.rightsafeway.com
www.safewebway2009.com
www.smartantivirusplus09.com
www.trusted-web-way.com
www.web-safe-and-clean.com
www.yesantivirusplus.com
www.yourcountedantivirus.com
yesantivirusplus.com
yourcountedantivirus.com


Domains sharing same IP address: 78.46.201.89

b2b-forums.cn
bestvanillaresorts.cn
consensualart.cn
delayyouranswer.cn
gazsnippets.cn
getbestsales.cn
goldensunshine.cn
guidetogalaxy.cn
lifewepromote.cn
mywatermakrs.cn
nothing-to-wear.cn
personalrespect.cn
poundsofinterests.com
securecommercialnews.cn
securedvirusproscan.com
static.89.201.46.78.clients.your-server.de
steplessculture.cn
vipsoccermanager.cn
yourholidaytoday.cn

Domains sharing same IP address: 91.212.127.200

antivirus-scannerv12.com
antivirus-scannerv15.com
professionalcomputerscanv2.com
professionalmalwarescanv7.com
safeonlinescannerv4.com
safeonlinescanv4.com

Domains sharing same IP address: 209.44.126.52

antimalwareonlinescanv4.com
antivirus-scannerv17.com
best-security-scanv8.com
bestantispywarescanv4.com
professionalspywarescanv8.com
professionalvirusscanv3.com
virusonlinescanv3.com
at 7:32 AM 0 comments
Labels: , ,

Spam ** 24 Aug

Domains sharing same IP address: 69.64.147.211

www.zzzz1.com
190.tv
3geb.com
4.tv
99h.biz
absolute-hosting.net
actimmo14.com
alrashidhospital.com
amateur3.com
americanfootballodds.com
anakon.com
antrimcd.org
arai.tv
axisgold.com
backupmx1.theoconcept.com
balmandir.org
bbwpicture.com
billblog23.com
blackrhinostudio.com
bloggfer.com
bmrda.org
bunjeejump.com
canadasdelnaranjo.com
coeusinc.com
connect-cc.com
costadelsolnews.com
crewgreen.net
dandevideo.com
darajial.net
diecastexchange.com
diegolainez.com
divadigital.net
donotstandatmygrave.com
dtz.tv
dudobb.com
e-nvi.com
eazyhunt.com
epicfashions.com
erehwon.cc
everythingyankee.com
ffxiphotos.com
floormastr.com
ftp.le-cellulairologue.com
gamerzhost.com
gerrardpb.com
globelexchange.com
goldenharvestfarms.com
gpj-cpa.com
graffmedia.com
hotjapangirls.com
hutory.net
ilovehuatulco.com
imm-minot.com
irc.tv
joker.anakon.com
kennedyschopper.com
le-cellulairologue.com
learning4good.com
magalnet.org
mail.absolute-hosting.net
mail.ns.absolute-hosting.net
mail.snd-sa.com
mail.yumi-mod.com
manutdonline.org
mikesgunshop.com
modartman.com
mx.learning4good.com
nbv10.billblog23.com
nbv15.billblog23.com
nbv18.billblog23.com
nbv21.billblog23.com
nbv22.billblog23.com
nbv25.billblog23.com
nbv26.billblog23.com
nbv31.billblog23.com
nbv34.billblog23.com
nbv46.billblog23.com
nbv47.billblog23.com
nbv6.billblog23.com
nnumc.com
ns.absolute-hosting.net
ns1.powerplayhosting.com
ns2.crewgreen.net
ns2.escortshosting.com
oswegoalliance.com
palmsinnca.com
porn.video-n.com
powerplayhosting.com
proxy.multicom-bg.net
ptcenter.net
revolcom.com
robarsandals.com
rtd.tv
server2008.theserverdns.net
serverbunda.com
siior.com
siraje.com
snd-sa.com
sparkling-media.com
sperm-attack.info
svideocodec.com
the-enclave.net
theoconcept.com
theserverdns.net
uttranchal.org
video-n.com
voyalmedico.com
www.alrashidhospital.com
www.bunjeejump.com
www.diegolainez.com
www.donotstandatmygrave.com
www.ffxiphotos.com
www.kennedyschopper.com
www.learning4good.com
www.salelavoglia.com
www.sperm-attack.info
www.splurgeinc.com
xambi.com
xszone.net
xuxa-usa.com
yahyaliihl.com
yournetjob.com


Domains sharing same IP address: 216.8.179.24

abercromiekids.com
aboutforex.net
adultfriendffinder.com
agile-graphics.com
alco-chemicals.nl
amadar.com
ancienthistory.net
apo.com
arsenalsoftware.com
asko-mobler.se
ausom.com
azdiamondbacks.org
basicrights.de
bbs.apo.com
benjamin.info
betterbattery.com
bewellnaturally.net
bkm.info
blackgirlssex.com
boredwithporn.org
boxborough.info
brendasblog.org
brendasjourney.com
cabal.se
cafe-stroget.nl
capsud.fr
celebritybirthday.com
cerbernet.co.uk
cercleshop.be
chimborazo.com
cm.nu
continuum.cm.nu
dbiv.com
dbweb.de
ddp3.com
designersofcanada.com
disneychannelsex.com
dropshipping.info
e28.org
fey.se
fmcg.se
funtime.org
giedelta.com
greenshoe.com
hellfire.com
hertmed.com
hondatestdrive.com
host.houseofbitlord.com
houseofbitlord.com
i3f.fr
ida.se
ik1znw.org
internetz.org
klbar.org
kopsalj.se
lancetilla.org
lawena.se
ljudochbildarkivet.se
londonpropertynews.co.uk
lusterware.com
lww.org
mail.cabal.se
mail.cafe-stroget.nl
mail.cercleshop.be
mail.cm.nu
mail.ddp3.com
mail.fey.se
mail.funtime.org
mail.hondatestdrive.com
mail.pattisoncollege.com
mail.projetel.com
mail.thewell.ca
mailbak0.cerbernet.co.uk
mailbak1.cerbernet.co.uk
menoweb.fr
miniwaresoft.com
mydigitalpaper.com
nice-ping.de
no-panic.com
ns0.cerbernet.co.uk
ns1.funtime.org
ns1.opleidenindeschool.nl
ns1.terrax-computer.org
ns2.funtime.org
odyssey-ns.cm.nu
odyssey.cm.nu
opleidenindeschool.nl
paneltec.com
pattisoncollege.com
petsmatr.com
presort.info
profilprodukter.se
projetel.com
ragtime.internetz.org
ribbonofpromise.org
screentools.com
shahalam.org
simplytouch.com
simsfilevault.com
smallbusinessweb.ca
sodastuff.com
speed.ik1znw.org
swechoir.se
tanarede.info
tce.se
terravoip.com
terrax-computer.org
thewell.ca
tls.se
top10fishing.se
tostitilburg.nl
unyouthsummit.org
upm.net
vmail1.cerbernet.co.uk
www.ddp3.com
www.dropshipping.info
www.mydigitalpaper.com
www.presort.info
www.sodastuff.com
zeroforums.com

Domains sharing same IP address: 59.148.181.82

*.3qrz.cn
appliedinnovation.net
guyongjun.cn
happyboys.cn
websurfing.cn
www.tmz.cn
www.kaspersky7.com.cn


Domains sharing same IP address: 216.86.155.41

007ihost.com
110949-www1.irealestategroup.com
24fun.com
addictingameing.com
air-crashes.info
air-crashes.net
applications.w2com.com
arcadevault.com
asecureadvice.com
bodysculpter.com
bostenceltics.com
calwayinsurance.com
carrington-legal.com
charterleague.com
cngular.com
com.emuledream.com
commerce-bank.info
creditprovide.net
crepac.com
custom-address-labels.com
darkcorp.com
daytonamottlaw.com
dnredirect.com
dreamfiancee.com
e-taxclinic.com
easybadcreditloans.net
eliteplace.com
emuledream.com
exampilot.com
gtctelecom.com
healthinsurance-usa.com
hgh-maximum-result.info
homeloansavers.com
hotvideosshowcase.com
hr-dept.com
ikaw.paruparo.net
indianladies.com
irealestategroup.com
joincrossing.com
ks-labo.com
lakewoodcottages.com
leadershiptrainingcourses.com
linkdatabase.com
lymphedemacircleofhope.org
madermex.com
mail.arcadevault.com
mail.asecureadvice.com
mail.blogdreams.net
mail.crepac.com
mail.emuledream.com
mail.forfones.com
mail.ks-labo.com
mail.paruparo.net
mail.preemiemagazine.com
mail.pulse2music.com
mail.queenofsuspension.com
mail.twistingpixels.com
maildefer.simucockpit.com
mailspool.simucockpit.com
misk.com.emuledream.com
mobatomo.net
mobitel.com
monacofunds.com
monteryhotel.com
mountainheritageacademy.com
multi-models.net
mx.007ihost.com
ns1.007ihost.com
ns1.hydehosting.com
ns1.madermex.com
ns1.misk.com.emuledream.com
ns1.sm7b.com
ns2.hydehosting.com
ns2.sm7b.com
ns3.coppierhosting.com
numbersrestaurant.com
onlinecasinogalaxy.com
paruparo.net
pinnaclelearningonline.com
preemiemagazine.com
pulse2music.com
queenofsuspension.com
quigibo.com
revistaxtreme.com
runnings.com
sarisari.paruparo.net
secretshopacra.com
server13.bannerservers.com
simucockpit.com
sl5.my76.com
sl6.my76.com
sl7.my76.com
sm7b.com
ste59.com
stoptextbully.com
super.lan4.us
sv.mobatomo.net
tattootradeschool.com
thecoolpics.net
thesimplegallery.com
twistingpixels.com
unionapprenticeships.com
vanaaken.com
videokita.net
virusranger.com
w2com.com
wiflyer.com
www.bannerservers.com
www.calwayinsurance.com
www.dreamfiancee.com
www.gtctelecom.com
www.linkdatabase.com
www.lymphedemacircleofhope.org
www.ste59.com
www.twistingpixels.com
www.uipjapan.com
www.unionapprenticeships.com
www.videokita.net
www.wiflyer.com
xinhuiit.com
xs01.preemiemagazine.com
at 7:11 AM 0 comments
Labels:

Thursday, August 20, 2009

Spam ** 20 Aug

hostnames sharing same IP address: 211.95.78.84 (Blacklisted)

*.aicgifgo.cn
*.aiiecupo.cn
*.aiivugko.cn
*.ailmwexo.cn
*.aimmjtlo.cn
*.aiuvzhbo.cn
*.aixnyewo.cn
*.cupdow.com
*.dnsuperreq.com
*.gullygrowly.com
*.nicecome.com
*.nicejack.com
*.superserverpro.com
aiasfsro.cn
aicgifgo.cn
aicjhcto.cn
aiiecupo.cn
aiivugko.cn
aijmwino.cn
aiksrppo.cn
ailmwexo.cn
ailvujko.cn
aimmjtlo.cn
aiqgwhuo.cn
aithoulo.cn
aiuvzhbo.cn
aiwcetno.cn
aixnyewo.cn
aifldxzo.cn
cupdow.com
evedish.com
gullygrowly.com
gullyzulu.com
ns1.5-2005-search.com
ns1.aicjhcto.cn
ns1.aiiecupo.cn
ns1.aiivugko.cn
ns1.aijmwino.cn
ns1.ailmwexo.cn
ns1.aimmjtlo.cn
ns1.aithoulo.cn
ns1.aiuvzhbo.cn
ns1.aixnyewo.cn
ns1.cupdow.com
ns1.gullygrowly.com
ns1.gullyzulu.com
ns1.superserverpro.com
ns2.aicjhcto.cn
ns2.aiiecupo.cn
ns2.aiivugko.cn
ns2.aijmwino.cn
ns2.ailmwexo.cn
ns2.aimmjtlo.cn
ns2.aiqgwhuo.cn
ns2.aithoulo.cn
ns2.aiuvzhbo.cn
ns2.aixnyewo.cn
ns2.cupdow.com
ns2.gullygrowly.com
ns2.gullyzulu.com
purport.nicecome.com
superserverpro.com
www.aicgifgo.cn
www.aiivugko.cn
www.ailmwexo.cn
www.aimmjtlo.cn
www.aiuvzhbo.cn
www.aixnyewo.cn
www.aiwcthwo.cn
www.aiftkfto.cn



hostnames sharing same IP address
(203.93.208.86
220.196.59.35
91.213.33.10 -Blacklisted)

*.cmuviraz.cn
*.cvupuqal.cn
*.trazawib.cn
*.wrotehumor.ru
9d1.cmuviraz.cn
cmuviraz.cn
ns3.wrotehumor.ru
wrotehumor.ru
msn.pnasiviq.cn
8efae.bfiledet.cn
315.kgugavec.cn
6f92b.bgoyibej.cn
2ab3e.zfoxafip.cn
www.aiwatjco.cn


hostnames sharing same IP address:( 201.218.228.154 )

clippingsports.com
ns1.clippingsports.com
pills-planet.info
www.pills-planet.info



at 11:09 AM 0 comments
Labels:

Wednesday, August 19, 2009

Spam, Rogue Antivirus, Gmail Phishing ** 19 Aug

Phishing -> gmail-pop3.com (210.51.10.189)



hostnames sharing same IP address: 210.51.10.189

haos-in.ru
infinitccoopp.cn
mgekohii.cn
nigmo.cn
porno-inter.ru
sexiland.ru
us18.ru
vse-buddet-zae.biz
www.091809.ru


securitysupplycenter.com - 62.90.136.237
Trojan - http://securitysupplycenter.com/download.php?affid=00000


hostnames sharing same IP address: 62.90.136.237

cheapsecurityscan.com
mail.cheapsecurityscan.com
mail.securityread.com
mail.securitysupplycenter.com
ns1.cheapsecurityscan.com
ns1.securityread.com
ns1.securitysupplycenter.com
officesecuritysupply.com
scanasite.com
securityread.com
securitysupplycenter.com



hostnames sharing same IP address: 216.240.143.7

besttubebender.com
fllcorp.com
meintubedir.com
onlysteeltube.com
supertubetop.com
the-blue-tube.com
thegrouttube.com
thetubefeeding.com
tubesdiscount.com
vacuumtubevideo.com
www.fllcorp.com
redrocktube.com
best0tube.com


hostnames sharing same IP address: (204.27.57.227 - Blacklisted)

*.cowish.info
*.goscanslim.com
*.goscansoon.com
*.pickknob.info
*.scan6atom.com
*.scan6lux.com
briers.info
cowish.info
crazel.info
curtle.info
enteri.info
espied.info
extirp.info
fauste.info
gobackscan.com
gomapscan.com
goparkscan.com
goscanslim.com
goscansoon.com
gotechscan.com
highscan4.info
inb4ch.com
inb4it.com
kahold.info
niobes.info
ns1.genilch.com
ns1.inb4ch.com
ns1.inb4co.com
ns1.inb4it.com
pattle.info
pickknob.info
pleach.info
pridge.info
scan4bay.info
scan6atom.com
scan6lux.com
scanfile4.info
scanmore4.info
unmast.info
www.cowish.info
www.golikescan.com
www.goparkscan.com
www.goscanslim.com
www.goscansnap.com
www.goscansoon.com
www.pickknob.info
www.scan4note.info
www.scan6atom.com
www.scan6lux.com
www.top4scan.info


hostnames sharing same IP address: 84.16.235.187
*.gen6scan.info
*.scannote6.info
84-16-235-187.internetserviceteam.com
fanscan6.info
goscansnap.com
in6iq.com
in6sd.com
jennyfy.info
miniscan6.info
ns2.in6iq.com
ns2.in6sd.com
plantof.info
scannote6.info
www.gen6scan.info
www.in6iq.com
www.scannote6.info


hostnames sharing same IP address: 78.109.25.216
*.4sx2.cn
*.m77s.cn
*.mywarworld.cn
*.qwr11mn.cn
*.reloadcom.cn
*.rubirol.cn
*.sinasan.cn
4sx2.cn
adwards.mywarworld.cn
gemmakt.cn
miralive.cn
mywarworld.cn
nevervhudo.ru
qwr11mn.cn
reloadcom.cn
rollstar.m77s.cn
rubirol.cn
sinasan.cn
socksps.ru
www.4sx2.cn
www.miralive.cn
www.mywarworld.cn
www.reloadcom.cn
www.rubirol.cn
www.sinasan.cn
www.socksps.ru
wwwitems.cn
xmidnight.cn
zeus.qwr11mn.cn
at 9:35 AM 0 comments
Labels: , , ,

Tuesday, August 18, 2009

Zbot and other suspcious domains ** 18 Aug

zuka.dsl.ge (213.157.196.22) - zbot

hostnames sharing same IP address:

*.chat.ge
24hours.ge
24saati.ge
5linesradio.ge
adjara.gov.ge
adjaratv.ge
agritechnics.ge
aidscenter.ge
ajcci.ge
alionitour.ge
ambafrance-ge.org
ave.ge
bali.chat.ge
bgi.ge
bologna-supporters.ge
canargo.ge
cdsmeg.ge
chaganava.ge
chat.ge
chet.ge
cims.ge
dadiholding.com
device.ge
diaamo.com
diogene.ge
dkd.ge
done.ge
dro.ge
ecom.ge
ena.ge
energo-pro.ge
euli.ge
eva.ge
fresh.ge
gba.ge
gbg.ge
gelink.ge
genet.ge
geocinema.ge
geopak.ge
gidi.ge
gs1.ge
gse.com.ge
gtc.com.ge
gudgio.com
guramex.com
gvaramia.com
hacking.ge
host.online.ge
irex.ge
itmgroup.ge
jag.ge
jambo.ge
madloba.ge
magti.chat.ge
mofea.ge
ncib.ge
nekamusic.com
paulownia.ge
polyglot.ge
procredit.ge
procreditbank.ge
refresh.ge
rustavi.ge
scouts.ge
sme-business.org.ge
taobank.ge
tcg.ge
telvo.ge
tfs.ge
translators.ge
traveler.ge
traveller.ge
ubisa.ge
ugt.ge
undp.org.ge
uta.gov.ge
www.adjaratv.ge
www.alta.ge
www.ambafrance-ge.org
www.bgi.ge
www.chat.ge
www.cims.ge
www.done.ge
www.dro.ge
www.eva.ge
www.fresh.ge
www.gba.ge
www.gelink.ge
www.gidi.ge
www.hacking.ge
www.procredit.ge
www.procreditbank.ge
www.stcompany.net
www.traveler.ge
www.undp.org.ge
www.wissol.ge
youth.ge
zuka.dsl.ge

demonchik.real-host.org (92.60.176.41 - Blacklisted) - zbot

hostnames sharing same IP address:

demonchik.real-host.org
fxpaying.ru
innobean.ru
mail.fxpaying.ru
mail.real-host.org
mail.real-host.ru
real-host.org
real-host.ru
wmrbux.org.ru
www.bobrenok.net.ru
www.fxpaying.ru
www.prodobavki.com
www.real-host.ru
www.xeberdar.info
xeberdar.info
yovee.ru

mibris.nl (85.12.15.147) - zbot

*.dutchmagic.nl
*.enerdes.com
*.futuretrain.eu
*.futuretrain.nl
*.keizerenvanstraten.nl
*.kozamc.nl
*.meteorfoundation.eu
*.thenetforce.nl
*.vissermakelaardij.nl
amc-cru.nl
artiestenfoyer.com
dekleijn.net
dutchmagic.nl
futuretrain.eu
futuretrain.nl
keizerenvanstraten.nl
kozamc.nl
mdaemon.futuretrain.nl
meteorfoundation.com
mibris.com
mibris.nl
ns4.futuretrain.nl
server.futuretrain.nl
service4science.com
strategencollectief.com
strategencollectief.nl
thenetforce.nl
vissermakelaardij.nl
web01.futuretrain.eu
www.keizerenvanstraten.nl
www.thenetforce.nl
www.vissermakelaardij.nl

otdel-k.cn (211.95.78.98 - Blacklisted) zbot

autodoregison.ru
download.sttcounter.cn
driveupdate.cn
hotsummerstaff.ru
immortalisdomen.ru
italia-lavoro.com
linkdrive.be
mail.driveupdate.cn
mail.google-newbot.cn
mail.italia-lavoro.com
mail.nupoprobuyloknia.com.cn
mail.okilas.cn
mail.otdel-k.cn
mail.sttcounter.cn
mail.top1959.cn
mail.wedskay.cn
ns1.dcn5100.com
nupoprobuyloknia.com.cn
okilas.cn
otdel-k.cn
rapidsystemsend.ru
sttcounter.cn
sujetline.ru
top1959.cn
updateservisetf.ru
wedskay.cn

mx041.belmony.com (209.44.126.41 - Blacklisted)
at 8:52 AM 0 comments
Labels: ,

Spam/Phishing ** 18 Aug

www.rlebiqed.cn (222.186.13.57 - Blacklisted)

Hostnames sharing same IP address:

ganjh.com
hbb711.com
ns1.eversugar.in
ns1.helptire.in
ns1.meekalive.com
ns1.rosyboost.com
ns6.powerheard.com
ns6.pressbreezy.com
renxiaoyao.com
www.pfizer-corporation.com
www.mcowunoy.cn

Domains that using as nameserver:
avoluv.ru
fixreseb.cn
fotlavaz.cn
hyinineb.cn
nmiyuxop.cn
nsinoxiy.cn
qyebimah.cn
rreqimus.cn
vremucol.cn
vvugutin.cn
wnesawuy.cn
xsafotet.cn
ymunuvub.cn


Hostnames sharing same IP address: 207.210.122.159
*.bigcartel.com
*.virocksworkshop.bigcartel.com
antrepo.bigcartel.com
appshirt.bigcartel.com
ashkahn.bigcartel.com
bigcartel.com
blackdicekustomz.bigcartel.com
blackdicekustomz.com
dazzleband.com
dazzlebands.com
drumstargear.com
effineffigy.com
envyusclothing.com
feedinglist.com
goldenlifeclothing.com
guitarstargear.com
milkboston.bigcartel.com
milkboston.com
musicstargear.com
p2merch.com
plutostore.com
shipekart.com
shopjill.com
shopjillgreen.com
smokeabowlwithanole.com
trailerparktshirts.bigcartel.com
trailerparktshirts.com
undertowstore.com
virocksworkshop.bigcartel.com
virocksworkshoponlinestore.com
www.antreposhop.com
www.appshirt.com
www.bigcartel.com
www.dazzleband.com
www.dazzlebands.com
www.getslapt.com
www.lintyfresh.com
www.plutostore.com
www.shopshopa.com
www.turnnocturnal.com
www.virocksworkshop.bigcartel.com
z-box.net

Hostnames sharing same IP address: ( 220.196.59.35 - Blacklisted)

*.cmuviraz.cn
*.cvupuqal.cn
*.trazawib.cn
*.wrotehumor.ru
9d1.cmuviraz.cn
cmuviraz.cn
ns2.sailcalm.com
ns3.wrotehumor.ru
wrotehumor.ru

Domains use as nameserver ( 220.196.59.35 - Blacklisted)
baccafur.cn
behvigiv.cn
bevkoney.cn
bokninuz.cn
boqxejuf.cn
ciqziqad.cn
cowgentle.com
cunpuyav.cn
daykogex.cn
ditkarev.cn
diwhupas.cn
gekhuboc.cn
kuqxatan.cn
toglehoz.cn
vitalhe.com
wrotehumor.ru

Hostnames sharing same IP address: ( 216.145.222.3 -Blacklisted)

actionemailoffers.com
adknowledgemail.com
agamioffermail.com
americanmadecompany.com
americanmadedeals.com
americanmadedeals.net
americanmademail.com
americanmadeoffers.com
americanmadeoffers.net
amnyemailoffers.com
amnyemailoffers2.com
automotiveservicesgroupemails.com
baltsunemailoffers.com
baltsunemailoffers2.com
caauthority-mail.com
cashadvanceauthority-mail.com
cashadvanceauthority-mail2.com
cashadvanceauthoritymail.com
chictriboffers.com
chictriboffers2.com
circularmail.com
eliteidea.net
elitepartners.net
eliterelationships.net
eliteromance.net
fast-cashdeals.net
fast-cashemail.com
fast-cashloans.net
fast-cashoffers.com
fast-cashoffers.net
fast-email-cash.com
fastconsumercash.com
fastconsumerdeals.com
fastconsumerdeals.net
fastconsumeroffers.com
fastconsumeroffers.net
good-onlinedeals.com
good-onlinedeals.net
good-onlineoffers.com
good-onlineoffers.net
great-onlinedeals.com
great-onlinedeals.net
great-onlineoffers.com
great-onlineoffers.net
greatamericanoffers.com
hamregistergifts.com
hapromos.com
hotoffthepressoffers.com
hotoffthepressoffers2.com
lanewsoffers.com
lanewsoffers2.com
mail.members-benefit.com
mailout-88-140.premierspecialoffers.net
mailout-88-145.premierspecialoffers.net
marketsurveysmail.com
mediaoffermail.com
mediapromos.net
membersbenefit-mail.com
membersbenefit-mail2.com
membersbenefitmail.com
netsurveyrewardsmail.com
offsurvey.com
perfectonlinedeals.com
perfectonlinedeals.net
perfectonlineoffers.com
perfectonlineoffers.net
premierspecialoffers.net
sentinelemaildeals.com
sentinelemaildeals2.com
sldresolver.com
socmarksys-alumnimail.net
socmarksys-artisticmail.net
socmarksys-artsmail.net
socmarksys-automail.net
socmarksys-awarenessmail.net
socmarksys-businessmail.net
socmarksys-citiesmail.net
socmarksys-communitymail.net
socmarksys-companymail.net
socmarksys-computermail.net
socmarksys-countrymail.net
socmarksys-craftsmail.net
socmarksys-creativemail.net
socmarksys-culturemail.net
socmarksys-entertainmentmail.net
socmarksys-familymail.net
socmarksys-gamesmail.net
socmarksys-govmail.net
socmarksys-healthmail.net
socmarksys-hobbiesmail.net
socmarksys-neighborhoodsmail.net
socmarksys-offer.net
socmarksys-politicsmail.net
socmarksys-post.net
socmarksys-regionsmail.net
socmarksys-ruralmail.net
socmarksys-techmail.net
socmarksys-wellnessmail.net
socmarksys-zonemail.net
surfcentralemails.com
tribaloffer.net
tribalpost.net
tribe-businessmail.net
tribe-citiesmail.net
tribe-entertainmentmail.net
tribe-hobbiesmail.net
trinetprodeals.com
trinetprodeals.net
trinetproemail.com
trinetprooffers.com
trinetprooffers.net
uppereyedeals.com
uppereyedeals.net
uppereyeoffers.com
uppereyeoffers.net
usaconsumerdeals.com
usaconsumerdeals.net
usaconsumermail.com
washpostemailoffers.com
washpostemailoffers2.com
websurveyrewardsmail.com


Hostnames sharing same IP address: (213.202.225.44 - Blacklisted)

*.tr.ohost.de
*.up.ohost.de
*.ve.ohost.de
*.wa.ohost.de
*.wallhacker.org
*.we.ohost.de
*.www-tipp.com
*.www-tipps.com
213.202.225.44.rdns.funpic.de
ballkleid-ballkleider.net
klartraum-forum.com
proxy.be.ma
server20.ohost.de
server21.ohost.de
server22.ohost.de
server23.ohost.de
sm18.ohost.de
traumwelt.tr.ohost.de
updatesession.up.ohost.de
verifyyourscotia.ve.ohost.de
wallhacker.wa.ohost.de
webkatalog.we.ohost.de
wewewetipp.we.ohost.de
www.freegamesbase.com

Hostnames sharing same IP address: (211.91.237.5 - Blacklisted)

*.abilityshort.com
*.farmresolution.com
*.fieldtook.com
*.foqmeyop.cn
*.lafec.com
*.likemodern.com
*.linemeasure.com
*.mixkept.com
*.operatedefinition.com
*.propertymeat.com
*.seatstrength.com
*.startdictionary.com
*.touchbrought.com
abilitychord.com
abilitydone.com
abilityshort.com
achievementoriginal.com
advocacykeep.com
ahp.distantthan.com
ajo.formrealization.com
angeredge.com
angermillion.com
areapiece.com
aspirationor.com
atwarm.com
broughtstay.com
catresolution.com
causegenerosity.com
couldwhole.com
courageprocess.com
dearclimb.com
definitionmoney.com
determinecountry.com
dividebar.com
farm.likemodern.com
farmresolution.com
fieldtook.com
fjk.materialgreat.com
forgivenessdiscuss.com
forgivenessexcite.com
founddid.com
fum.liftexample.com
fumyeqih.cn
gasheavy.com
grewnotice.com
happinessnecessary.com
hardappear.com
icp.witdiffer.com
independencesight.com
ingenuityparty.com
intuitionclaim.com
legacyegg.com
legacyup.com
legbusy.com
likeaspiration.com
likemodern.com
linemeasure.com
lur.deepmain.com
mixkept.com
motivationtruck.com
motivationwife.com
ns1.storepharmbrands.com
oil.distantthan.com
operatedefinition.com
originalintuition.com
ouv.eitherbook.com
pathreflection.com
poemrespect.com
poselove.com
producestrength.com
propertymeat.com
pyt.formrealization.com
qif.materialgreat.com
qrz.formrealization.com
reflectionsit.com
seatstrength.com
seestrength.com
selfice.com
severalmeet.com
shapedefinition.com
shoreobject.com
spacesolve.com
startdictionary.com
steamcount.com
strengthinch.com
thereoptimism.com
theseevery.com
threeran.com
touchbrought.com
traditionunder.com
trustdegree.com
twomotivation.com
upgenerosity.com
vty.liftexample.com
vuv.formrealization.com
waitbox.com
whatwent.com
wisdomprove.com
www.foqmeyop.cn
www.gasheavy.com
www.lafec.com
www.mixkept.com
www.touchbrought.com
xaqninoh.cn
xzb.startdictionary.com
ynx.formrealization.com

Hostnames sharing same IP address: (87.242.78.57 - Blacklisted)

*.by.ru
*.max-foto.info
*.pos1.by.ru
*.wwretsapio.by.ru
2007-scams.by.ru
45-24-03.com
alsu.by.ru
atb.by.ru
awn.by.ru
bancaposte.by.ru
belgorod.by.ru
bpolbancoposta.by.ru
e-zbuild.com
elik.by.ru
em83.by.ru
forsyte.by.ru
goz.by.ru
grayxufyfy.by.ru
gwtw.by.ru
gym.by.ru
host.by.ru
indetails.info
lag12.by.ru
localexploit.by.ru
login-yahoo-config.by.ru
ns3.by.ru
pos1.by.ru
primero.by.ru
rebelde-mexico.by.ru
reklamaru.by.ru
shura.by.ru
snape.by.ru
tenek.by.ru
tp.by.ru
transazia.by.ru
tut.by.ru
vof.by.ru
wwretsapio.by.ru
www.max-foto.info

Hostnames sharing same IP address: (78.46.39.209 - Blacklisted)

0.1.vg
1.0.1.vg
1.vg
156112.1.vg
18.17.16.15.14.13.12.11.10.9.8.7.6.5.4.3.2.1.vg
19.18.17.16.15.14.13.12.11.10.9.8.7.6.5.4.3.2.1.vg
2.ag
20.19.18.17.16.15.14.13.12.11.10.9.8.7.6.5.4.3.2.1.vg
212.120.5.1.vg
3.1.vg
a.gp
a.pro.vg
adil.will.break.all.systems.top.tc
adriansyah.is.my.name.vg
all.co.uk
allah.alwatan.almalik.edu.ms
always.in.da.top.tc
am.prins.edu.ms
angelo.1.vg
army.of.1.vg
au.nf
banjaluka.edu.ms
biz.uz
blow.your.top.tc
boqdan.edu.ms
born.without.name.vg
bottom.to.top.tc
call.my.name.vg
can.you.see.my.name.vg
coding.team.pro.vg
counter-strike.pro.vg
cracker.pro.vg
d.1.vg
da.cx
de.ki
dekster.1.vg
dont.blow.your.top.tc
dr.ag
edu.ms
elev.edu.ms
emang.top.tc
est.deus.in.nobis.top.tc
eu.ki
gaestebuch-1.de
gentoo.1.vg
gige.fast-ethernet.london.eu.edu.ms
giovanni.edu.ms
hacked.domain.name.vg
house.1.vg
i.will.be.pro.vg
ice.edu.ms
im.a.pro.vg
im.pro.vg
intel.pentium.dual-xeon-ht.3.0ghz.lap.top.tc
introduce.your.name.vg
invisible.is.my.devilish.name.vg
irc.host.name.vg
is.my.name.vg
itesm.edu.ms
its.call.my.name.vg
jixx.de
justjuice.au.nf
l.1.vg
learn.how.to.set.up.an.eggdrop.at.university.of.baghdad.edu.ms
linux-servers.edu.ms
macquarie.edu.ms
mail.1.vg
mail.2.ag
mail.edu.ms
mail.gaestebuch-1.de
mail.name.vg
mail.npx.de
mail.pro.vg
mail.top.tc
malaysiahelp.1.vg
michagorov.on.top.tc
miraculous.edu.ms
moshi.da.sadness.master.plu.pro.vg
mujahid.university.edu.ms
myth.busters.edu.ms
name.vg
neko.noz.neko.kalash.a.mi.top.tc
nick.name.vg
non.vg.vs.pro.vg
noz.neko.kalash.a.mi.top.tc
npx.de
one.and.1.vg
ooops.i.forget.my.name.vg
operator.yang.paling.keren.dan.top.tc
pakistani.edu.ms
paling.nge.top.tc
please.introduce.your.name.vg
pro.vg
put.1.vg
reyes.rock.1.vg
san.fransisco.city.college.edu.ms
schoolofhardknocks.edu.ms
scodetto.milik.juventus.emang.top.tc
selalu.main.internet.di.rumah.pakai.lap.top.tc
skini.tange.a.onda.i.top.tc
sobota-info.edu.ms
sono.sempre.al.top.tc
student.edu.ms
sunway.edu.ms
super.top.tc
tange.a.onda.i.top.tc
tech.harvard.edu.ms
this.nick.name.vg
tip.top.tc
tm.82.192.56.120.1.vg
top.tc
using-adsl.connection.in.harvard.edu.ms
vil.1.vg
what.da.fuck.you.lookin.at.my.nick.name.vg
will.be.pro.vg
www.a.gp
x-com.m-w.randd.mitsubishi.jp.edu.ms
yaa.ali.madad.edu.ms
you.give.love.a.bad.name.vg
your.dumb.mother.has.a.fucking.bitch.name.vg
zzsspp.1.vg

Hostnames sharing same IP address: (196.26.208.173 )

airall.com
amabubesi.net
amabubesicapital.com
amabubesicapital.net
amabubesifinancialservices.com
amabubesifsg.com
amabubesigroup.com
amabubesigroup.net
amabubesiict.com
amabubesiinformationservices.com
amabubesipropertygroup.com
amabubesires.com
amabubesiresources.com
artslink.co.za
av.dial-up.net
av.ixweb.co.za
ittconnect.co.za
mail.callman.com
mail.ival.co.za
mail.open-edit.com
mail.webhouse.co.za
visp05.dial-up.net
vmail.dial-up.net
vwww.dial-up.net
www.4x4hire.co.za
www.54.co.za
www.artslink.co.za
www.irishslang.co.za
www.ittconnect.co.za
www.mhondoro.com
www.noordhoek.co.za
www.paddlers.co.za
www.sortino.co.za
www.suelederle.co.za
www.vuyani.co.za
www.wammetals.co.za
at 8:19 AM 0 comments
Labels: ,

Monday, August 17, 2009

Spam ** 17 Aug

121.12.127.241 (Blacklisted)

Domains sharing IP with a-records:

00freewebhost.cn
dia-company.net
googleehits.com
mail.cn3215.com
mail.dia-company.net
mail.dns-forward.com
mail.mavr-best.com
mail.spyware-systems.info
mail.spywarehome.info
mail.tinrussia.cn
mavr-best.com
ns1.cn3215.com
ns1.dns-forward.com
ns2.cn3215.com
ns2.dns-forward.com
spyware-systems.info
spyware-file.info
spywarehome.info
viphack.ru
www.spyware-systems.info
www.spywarehome.info
www.spywarepc.info


dadimsexa.ru (87.118.126.66)

Domains sharing nameservers:
vonal.ru
popconvert.ru
tvoyadueta.ru
cool.tvoyadueta.ru
firestarter.vonal.ru

www.aiuvzhbo.cn (211.95.78.84)
aieenlko.cn
aivlopuo.cn
carcold.com
carlast.com
nightgreat.com
www.aiscjmuo.cn
www.aiuvzhbo.cn
www.aicgifgo.cn
www.grandpricer.com
www.tentbear.com
*.aiiecupo.cn
*.aiivugko.cn
*.ailmwexo.cn
*.aimmjtlo.cn
*.aiuvzhbo.cn
*.aixnyewo.cn
*.cupdow.com
*.dnsuperreq.com
*.gullygrowly.com
*.superserverpro.com
aiasfsro.cn
aicjhcto.cn
aiiecupo.cn
aiivugko.cn
aijmwino.cn
ailmwexo.cn
ailvujko.cn
aimmjtlo.cn
aithoulo.cn
aiuvzhbo.cn
aiwcetno.cn
aixnyewo.cn
cupdow.com
eveawe.com
gullygrowly.com
gullyzulu.com
ns1.5-2005-search.com
ns1.aicjhcto.cn
ns1.aiiecupo.cn
ns1.aiivugko.cn
ns1.aijmwino.cn
ns1.ailmwexo.cn
ns1.aimmjtlo.cn
ns1.aithoulo.cn
ns1.aixnyewo.cn
ns1.cupdow.com
ns1.gullygrowly.com
ns1.gullyzulu.com
ns1.superserverpro.com
ns2.aicjhcto.cn
ns2.aiiecupo.cn
ns2.aiivugko.cn
ns2.aijmwino.cn
ns2.ailmwexo.cn
ns2.aimmjtlo.cn
ns2.aithoulo.cn
ns2.aixnyewo.cn
ns2.cupdow.com
ns2.gullygrowly.com
ns2.gullyzulu.com
superserverpro.com
www.aiivugko.cn
www.ailmwexo.cn
www.aimmjtlo.cn
www.aixnyewo.cn


exactswell.com (220.196.59.35 - Blacklisted)
pfizer.exactswell.com
dmipezop.cn
sontingle.com

www.yujifad.cn (218.75.144.6 - Blacklisted)
byatotar.cn
cddd.net
real-pfizer.com
skufukad.cn
sontingle.com

lag12.by.ru (87.242.78.57)

*.by.ru
*.max-foto.info
*.pos1.by.ru
*.wwretsapio.by.ru
2007-scams.by.ru
45-24-03.com
alsu.by.ru
atb.by.ru
awn.by.ru
bancaposte.by.ru
belgorod.by.ru
bpolbancoposta.by.ru
e-zbuild.com
elik.by.ru
em83.by.ru
forsyte.by.ru
goz.by.ru
grayxufyfy.by.ru
gwtw.by.ru
gym.by.ru
host.by.ru
indetails.info
localexploit.by.ru
login-yahoo-config.by.ru
ns3.by.ru
pos1.by.ru
primero.by.ru
rebelde-mexico.by.ru
reklamaru.by.ru
shura.by.ru
snape.by.ru
tenek.by.ru
tp.by.ru
transazia.by.ru
tut.by.ru
vof.by.ru
wwretsapio.by.ru
www.max-foto.info

03aef.pvedexof.cn
220.196.59.35
91.213.33.10
203.93.208.86
218.75.144.6 - Blacklisted

*.cmuviraz.cn
*.cvupuqal.cn
*.trazawib.cn
*.wrotehumor.ru
9d1.cmuviraz.cn
cmuviraz.cn
ns1.chartflat.in
ns2.ba43.com
ns2.bluesign.in
ns2.buysudden.com
ns2.chartflat.in
ns2.coateach.com
ns2.da39.com
ns2.heartcorner.in
ns2.himwhich.in
ns2.med22.org
ns2.mu77.net
ns2.tonephrase.com
ns2.via11.net
ns2.via86.com
ns2.via99.org
ns2.wooddoes.in
ns3.valuedflower.com
ns3.wrotehumor.ru
wrotehumor.ru
033c.grozolux.cn


bziwukus.cn -
220.196.59.35
91.213.33.10
203.93.208.86
218.75.144.6

b6q.ru
bkupeqop.cn
cvazubun.cn
cvupuqal.cn
domeek.com
fvofekal.cn
gnocirav.cn
gsifuxas.cn
ncokodap.cn
nkovofus.cn
pmabereh.cn
pmugukax.cn
pxizidas.cn
qdedexoh.cn
qnahatep.cn
rvisumel.cn
sgemukek.cn
tfubixol.cn
tieperson.com
xsafuwiq.cn
ykafudul.cn
zguqulet.cn

80cf6c.ldetamur.cn
eff.gfasawot.cn
a9d4.ypaniyuh.cn

at 9:49 AM 0 comments
Labels: ,

Tuesday, August 11, 2009

avira-offline-updates.qarchive.org is phishing website??

avira-offline-updates.qarchive.org with IP address 174.132.135.50 hosts 944 others domains and one of suspicious website is adult-spelling.qarchive.org

MyWOT rate avira-offline-updates.qarchive.org have poor reputation.


You judge it !!
--X0end
at 10:14 AM 0 comments
Labels: ,

Get Antivir Premium Full version redirecting user purchase software at suspicious www.inklineglobal.com ??

Today, my curiosity arise when I planned to download Antir Free Antivirus for personal purpose use when visiting at website http://www.free-av.de/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html

Suddenly I attracted with advertisement "Get Antivir Premium - Full Version Free", and it really enticing me to continue providing my fake id details in order for me to continue browsing to next page ( I believed that nothing is for free, normally it will come together with some rules and regulation). It redirecting me to another website trialpay.com that provide customers online purchase products and services.

http://www.trialpay.com/campaign/?c=3c168ad&tid=6rG-Y--


It seem like I need click on "Continue" in order for me to purchase PC Booster software before free downloading Antivir Premium for free. Wow...one small window pop-up to make sure I need purchased PC Booster before access to free product. :D


Without doubt, I clicked on "Complete this offer" and I was redirected to within few seconds
http://www.inklineglobal.com/adsales/trialpay/pcb_offer_pcbooster_new.html?subID=U24762215&mcp=xxx

Er.... MyWOT icon installed in my FF browser indicate RED color. Emm....is www.inklineglobal.com safe enough to surf ?? Can I trust on this website ?? Suddenly few questions raised in my mind.... I might need to check in detail by browse to www.mywot.com


http://www.mywot.com/en/scorecard/www.inklineglobal.com


So, from the figure above, it seem like some users provide bad comments on this website and rest of them gave positive comments.... How do you think? Do you want continue purchase from http://www.inklineglobal.com ??

It the site owner claimed that this website safe and legal to use, then he/she might email to mywot.com to clarify those rating because it might be at stopper from users continuing purchase any softwares from http://www.inklineglobal.com ?

How about Antivir ? Do they aware about this also when third party websites redirecting their antivir fans or supporter to http://www.inklineglobal.com ?


It really scratch my head when thinking about this..... Huh.....I better choice others free antivirus.
at 9:26 AM 0 comments
Labels: , ,

Fake Malware Domains List Providers #2

Blacklisted - 83.133.123.113



Domains:

allfootballmanager.cn
bennysaintscathedral.com
besthockeyteams.cn
bestjokesever.cn
commercialali.cn
discovernewchina.cn
emmyawardslist.cn
events-team-manager.com
explorersecurityhelper.com
gowildtours.cn
hardwarefactories.cn
honda-recycle.cn
i-dont-care-much.com
lambadacinema.cn
maliciousbaseupdates.com
malwareurlblock.com
natalieportmansite.cn
newyorkcitytaste.cn
notebookcomplaints.cn
onlyprimetrust.cn
overallstuff.cn
panamaislands.cn
rollerskatesadvise.cn
securitybrowseradviser.com
seedtoleech.cn
spacefunk.cn
statisticalmetrics.cn
struckyorluck.cn
t1010.greatnet.de
windowssecurityinfo.com
www.bennysaintscathedral.com


Tools:

at 9:11 AM 0 comments
Labels: , , ,

WordPress <= 2.8.3 Remote admin reset password

Reference: http://milw0rm.com/exploits/9410

II. BACKGROUND -------------------------
WordPress is a state-of-the-art publishing platform with a focus on 
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time. More simply, WordPress is what you use 
when you want to work with your blogging software, not fight it.  

III. DESCRIPTION -------------------------
The way Wordpress handle a password reset looks like this: 
You submit your email adress or username via this 
form /wp-login.php?action=lostpassword ; 
Wordpress send you a reset confirmation like that via email:
 " Someone has asked to reset the password for the following site and username. 
http://DOMAIN_NAME.TLD/wordpress Username: 
admin To reset your password visit the following address, 
otherwise just ignore this email and nothing will happen  
http://DOMAIN_NAME.TLD/wordpress/wp-login.php?action=rp&key=o7naCKN3OoeU2KJMMsag " 
You click on the link, and then Wordpress reset your admin password,
and sends you over another email with your new credentials. 
Let's see how it works: Full article   

--X0end
at 9:04 AM 0 comments
Labels:

Monday, August 10, 2009

Suspicious and Porn Domains ** 10 Aug

porn-free-tube.com - 94.75.233.162
*.spyware-killer.biz
www.spyware-killer.biz

xgirlsplay.com - 66.40.56.10

Suspicious Domains:
50webs2.50webs.com
abletosave.com
alb-crew.com
algate.net
alifah.50webs.com
alltypes.biz
alshbabwalmosstakball.com
ambalapuzha.net
ambitionn.com
ameilius.com
ana-c-amorim.com
anevka.com
ankaraotelleri.net
anses.com.ar
arcturusmusic.com
arkansasriver.net
bandamonttana.com
basradio.50webs.com
bednbathstore.com
blacksilver.net
borderlinesuperheroes.com
bostonacupuncture.net
bostonbroll.com
braillesignsinc.com
cellmonkey.com
coffeebids.com
cognichem.com
costax.50webs.com
croem.ac.pr
cypressgroveapartments.com
deep8.com
detroitpunk.net
diall.com
dns2.50webs.com
doubleshotduo.com
eachney.com
earth2link.net
ebizpoint.net
emailtools.com
emailtools.net
envate.com
fake-louis-vuitton.com
fastbank.com
flashsite.50webs.org
frankandchristina.com
garbmonger.com
genbucksmaster.we.bs
glass-musicians-figurines.com
goldfus.com
gpschartplotter.com
gwk.cl
hoahongtrang.us
holidayhomeincroatia.com
ianschaffa.com
idiomaspuertoreal.com
joemann.com
karateonline.com.ar
kooregani.com
koyuk.ca
lambrouchihuahuas.com
lifestylepublishinginc.com
livingroommusic.net
lloydstbnk.we.bs
loana.net
loanatv.com
loanatv.net
loyalcare.net
luckyacornchairs.com
lwvah.org
malamutehealth.org
malewska.com
mbbr-siding.com
moduleregistry.com
mycarolinamemories.com
nenkov.com
olallabiblechurch.com
paginaempleo.com
pb-r.com
philomenacato.com
phonechitchat.com
pkcrew.com
planetaespanol.net
pluginregistry.com
qtheboss.com
ravalear.com
robertdumont.com
rpgchat.net
scottprodigy.com
seanmicmba.com
seopp.com
sgoyal.net
sheedco.com
solaffect.com
stevensandcross.com
t2y.com
tabernaclehymns.com
taiwandocuments.org
thesamesong.com
tinhdautien.com
tonetail.com
trabajogalicia.com
trachys.com
unicornwebsites.com
urdux.com
vficonstudio.com
walkingforwellness.com
waterlinedesignsinc.com
webcamyahoo.com
westlondonlandsearches.com
wickes.net
wilsphotos.com
www.alb-crew.com
www.anses.com.ar
www.diall.com
www.fleawars.com
www.jsua.we.bs
www.lloydstbnk.we.bs
www.luckyacornchairs.com
www.lwvah.org
youtwo.com
zoneaffiliates.com

bazyrpe.cn - 195.95.151.174
Suspicious Domains:
acajelu.cn
adayby.cn
adiuqga.cn
ajyawif.cn
akoetly.cn
anoemyx.cn
apauzy.cn
atiguko.cn
ativoma.cn
atoacu.cn
atoceuk.cn
atoylev.cn
atuican.cn
atuyfe.cn
atyorzi.cn
avayhik.cn
avemyk.cn
aveyco.cn
aveylpa.cn
avotyab.cn
avyewi.cn
avygip.cn
avyodu.cn
avyofzu.cn
avyxaze.cn
awakuvi.cn
awaokfy.cn
awaviyh.cn
awetudo.cn
awohebu.cn
bestcover2u.cn
exuvage.cn
ezeunac.cn
ezoagu.cn
fevopru.cn
fexonhu.cn
finwuyc.cn
fixguat.cn
fobrim.cn
focunqa.cn
fogpak.cn
fomazej.cn
fombual.cn
foszecy.cn
fotkum.cn
gebomuk.cn
gihugyx.cn
gojaxty.cn
mail.adayby.cn
mail.adiuqga.cn
mail.ajyawif.cn
mail.akoetly.cn
mail.anoemyx.cn
mail.apauzy.cn
mail.ativoma.cn
mail.atoacu.cn
mail.atoylev.cn
mail.atuican.cn
mail.atuyfe.cn
mail.atyorzi.cn
mail.avemyk.cn
mail.aveyco.cn
mail.aveylpa.cn
mail.avyodu.cn
mail.avyofzu.cn
mail.avyxaze.cn
mail.awakuvi.cn
mail.awaokfy.cn
mail.awaviyh.cn
mail.awetudo.cn
mail.awohebu.cn
mail.bestcover2u.cn
mail.exuvage.cn
mail.ezeunac.cn
mail.ezoagu.cn
mail.fexonhu.cn
mail.finwuyc.cn
mail.focunqa.cn
mail.fogpak.cn
mail.foszecy.cn
mail.fotkum.cn
mail.gebomuk.cn
mail.gihugyx.cn
mail.gojaxty.cn
mail.yourfriskinfection.cn
ns1.pubilcnameserver7.com
ns2.pubilcnameserver7.com
pubilcnameserver7.com
searchopt7.com
www.ajyawif.cn
www.akoetly.cn
www.atiguko.cn
www.atoacu.cn
www.atoceuk.cn
www.atofaf.cn
www.atoylev.cn
www.atuican.cn
www.atuyfe.cn
www.atyorzi.cn
www.avayhik.cn
www.avemyk.cn
www.aveyco.cn
www.aveylpa.cn
www.avotyab.cn
www.awaokfy.cn
www.exuvage.cn
www.ezeunac.cn
www.ezoagu.cn
www.fevopru.cn
www.fexonhu.cn
www.fimcuoj.cn
www.finwuyc.cn
www.fisruba.cn
www.fixguat.cn
www.fomazej.cn
www.gebomuk.cn
www.gihugyx.cn
www.gojaxty.cn
yourfriskinfection.cn
at 7:40 AM 0 comments
Labels: , , , ,

Fake Malware Domains List Providers

Recently, lots of fake Malware Domains List Providers exists to entice users to purchase rogue antivirus (credit cards) once visiting their phishing websites.






IP address: 78.47.91.155

bbcnewsstyleguide.com
bestdeliverynews.cn
bestoilrigs.cn
bestpricesoverview.cn
brooklyn-bounty.com
gartnerdedault.cn
jessicasimpsonblog.cn
offroaddrivingcentres.com
securingyourwebbrowser.com
spywaredomainlists.com
static.155.91.47.78.clients.your-server.de
www.bbcnewsstyleguide.com
www.brooklyn-bounty.com
www.securingyourwebbrowser.com
yamato-mori.cn
your-bride-pride.com

IP address: 78.46.216.236

onlinesoftwarebilling.com
secure.onlinesoftwarebilling.com
static.236.216.46.78.clients.your-server.de
at 7:05 AM 0 comments
Labels: ,

Spam ** 10 Aug

IP Address: 211.95.78.84

Domains:
*.aiiecupo.cn
*.aiivugko.cn
*.ailmwexo.cn
*.aimmjtlo.cn
*.aixnyewo.cn
*.cupdow.com
*.dnsuperreq.com
*.gullygrowly.com
*.superserverpro.com
aicjhcto.cn
aiiecupo.cn
aiivugko.cn
aijmwino.cn
ailmwexo.cn
aimmjtlo.cn
aithoulo.cn
aiwcetno.cn
aixnyewo.cn
cupdow.com
gullygrowly.com
gullyzulu.com
ns1.5-2005-search.com
ns1.aicjhcto.cn
ns1.aiiecupo.cn
ns1.aijmwino.cn
ns1.aimmjtlo.cn
ns1.aithoulo.cn
ns1.cupdow.com
ns1.gullygrowly.com
ns1.gullyzulu.com
ns1.superserverpro.com
ns2.aicjhcto.cn
ns2.aiiecupo.cn
ns2.aijmwino.cn
ns2.ailmwexo.cn
ns2.aithoulo.cn
ns2.cupdow.com
ns2.gullygrowly.com
ns2.gullyzulu.com
superserverpro.com
www.ailmwexo.cn
www.aimmjtlo.cn
www.aixnyewo.cn


IP Address:
91.213.33.10
203.93.208.86
218.75.144.6
220.196.59.35

Domains:
dmipezop.cn
allowhow.com
b5u.ru
ckufugad.cn
dryregion.com
fqubijov.cn
gpucivek.cn
hjorecap.cn
jsizorip.cn
lgadehet.cn
qcuvohah.cn
qpenovaj.cn
rcisagar.cn
spofasac.cn
tfajasuh.cn
trazawib.cn
tsekolek.cn
tvolenan.cn
wdapisil.cn
wmupizuw.cn
wnazijap.cn
yviwewox.cn
zjecimed.cn

nkizikuw.cn
b5i.ru
cnojufil.cn
ctoqemaf.cn
dcogijus.cn
fdivuxef.cn
gsayubeq.cn
jxofumod.cn
lcelaliv.cn
ndasopiv.cn
nmatoxok.cn
nzatapij.cn
pjacopeq.cn
pjebujox.cn
qpiroxud.cn
qsoveyuq.cn
rqunegic.cn
secondwee.com
snowsudden.com
tluduzob.cn
wgewopuz.cn
xxumajop.cn
ygalexib.cn
zkixukiq.cn


IP Address: 87.242.78.57

Domains:

*.by.ru
*.max-foto.info
*.pos1.by.ru
*.wwretsapio.by.ru
2007-scams.by.ru
45-24-03.com
alsu.by.ru
atb.by.ru
awn.by.ru
belgorod.by.ru
e-zbuild.com
elik.by.ru
em83.by.ru
forsyte.by.ru
goz.by.ru
gwtw.by.ru
gym.by.ru
host.by.ru
indetails.info
localexploit.by.ru
ns3.by.ru
pos1.by.ru
primero.by.ru
rebelde-mexico.by.ru
reklamaru.by.ru
shura.by.ru
snape.by.ru
tp.by.ru
tut.by.ru
vof.by.ru
wwretsapio.by.ru
www.max-foto.info
at 7:02 AM 0 comments
Labels:

Thursday, August 6, 2009

Malicious #2 ** 6-Aug, webalfa.cn

webalfa.cn ( 210.51.51.176 -Blacklisted)


Others domain share same IP address

mail.webalfa.cn
ns1.webalfa.cn
security-access-control.cn
street-info.com
webalfa.cn

Level 0:http://webalfa.cn/pab/index.php
Level 1:http://webalfa.cn/pab/load.php (Trojan Virustotal 30/41, Anubis Report)
Level 1:http://webalfa.cn/pab/include/iframe.html
Level 1:http://webalfa.cn/pab/include/spl.php?stat=Windows XP|Internet Explorer 7.0|U (PDF exploit Virustotal 13/41)

"index.php" contain malicious codes that exploit
-Office Snapshot Viewer CVE-2008-2463


"iframe.html" actually contain code that exploit "MS Internet Explorer XML Parsing Buffer Overflow Exploit" according http://www.milw0rm.com/exploits/7477



--X0end
at 8:08 AM 0 comments
Labels: , , , ,

Malicious ** 6-Aug, xf0.ru

xf0.ru domains - Blacklisted

213.251.176.169
80.248.208.205
90.156.145.198
94.102.208.74
94.23.198.97




Other domains that sharing ip with a-records:

*.emonest.com
*.findbigshots.cn
*.findbigsoftpack.cn
*.findbigthinkers.cn
*.harleyhousedomain.cn
*.hhbg.in
*.premiumlocate.cn
*.thehomename.cn
*.x9m.ru
a3l.at
a3q.at
autobestwestern.cn
b5r.ru
bestfindaloan.cn
bestfinderr.cn
bestmortgagefind.cn
bigappletopworld.cn
bigpremiumfind.cn
bigtopcabaret.cn
blendbet.cn
c-webstudio.ru
c6y.ru
c8k.at
consomacteurs.com
credityem.ru
cutpricepot.cn
emonest.com
findbigmoneygame.cn
findbigshots.cn
findbigsoftpack.cn
findbigthinkers.cn
finditbig.cn
giantbeaversdiet.cn
giantpremium.cn
gianttopdiscover.cn
gianttopnano.cn
globalnameshop.cn
gqil.in
harleyhousedomain.cn
hhbg.in
hugetopseek.cn
intermarksa.ru
ixcx.in
kbgg.in
kkxv.in
ks35069.kimsufi.com
litetopfinddirect.cn
ltkq.in
lzwn.in
mail.c-webstudio.ru
mail.credityem.ru
mail.emonest.com
mail.maatc.ru
mail.ph-factory.com
mail.ph-factory.ru
mail.spravim.ru
mail.stukov.net
mediahousenamebuyvideo.cn
michaelsbestway2findalawyer.cn
mixmediadirect.cn
mixwagerdirect.cn
namemartfilmlife.cn
nanotopdiscover.cn
ns.stukov.net
ns1.emonest.com
ns2.c-webstudio.ru
ns2.credityem.ru
ns2.maatc.ru
ns2.ph-factory.ru
ns2.spravim.ru
ns2.stukov.net
nyfilmlife.cn
oaty.in
ph-factory.com
ph-factory.ru
premiumlocate.cn
premiumnonfat.cn
readymixbet.cn
soac.in
spravim.ru
taxi-k.ru
thehomename.cn
torrentoreactor.net
u5t.ru
u6b.ru
u9k.ru
v3928.vps.masterhost.ru
vds534.sivit.org
vds773.sivit.org
vds924.sivit.org
www.b7g.ru
www.consomacteurs.com
www.emonest.com
www.hhbg.in
www.premiumlocate.cn
x3y.ru
x9m.ru
x9y.ru
ynaa.in
yourbettas.cn
yourlotcar.cn
zsyr.in
at 6:57 AM 0 comments
Labels: ,

Google Safe Browsing list www.adoimagazine.com as suspicious?

Today, I received email from my reader to report out www.adoimagazine.com was rated as suspicious by Google. www.adoimagazine.com ranked 275,938 according Alexa. Most of the visitors are from Malaysia.







As usual, I will manually view the contents for that website but can't find any suspicious codes or scripts inside the pages. Hence, viewing google diagnosis page will be will next step http://www.google.com/safebrowsing/diagnostic?site=adoimagazine.com.



According to the figure above, it seem www.adoimagazine.com hosted at the same suspicious ip address "202.75.43.26" that contain other domains

blog.adoimagazine.com
jobs.marketingmagazine.com.my
marketingmagazine.com.my
sub.adoimagazine.com
www.adoimagazine.com
www.marketingmagazine.com.my
www.obamamagickl.com


I hope that site owner can report back to Google regarding for their false alarms rating.

--X0end
at 6:17 AM 0 comments
Labels:

Wednesday, August 5, 2009

Spam ** 5 Aug

Suspicious Domain lists:


xisazar.cn/
cdh.110mb.com/
bekikitchen.110mb.com/
avydemo.com/
alivehour.com/
bajka.bis.fm.interia.pl
leavelofty.com/
flyhour.com/
www.latriblesemint.info/
baiamarepoze.110mb.com/
alivehour.com/
61.109.150.7/www.paypal.com.php
www.latriblesemint.info/?
redi.by.ru/1
www.cardsvcs.info/
www4.secure-card-services.info:29111/
dbigomah.cn/
w316775.s144.ufhost.com/
www.yenaedvd.com/she/
leavelofty.com/
tastyyou.com/
alivehour.com/
qaed130.thegloomtoeat.info/
www.lvlve.com/
flyhour.com/
leavelofty.com/
alivehour.com/
beep.webd.pl/
righthumble.com/
redi.by.ru/
alivehour.com/
rental.by.ru
72ab7.yesijub.cn/
leavelofty.com/
www.latriblesemint.net/
k888.tw/tv/dm/
cookgoqyro.livejournal.com/
lrres.allmike.com/
s53.radikal.ru/
clubonyx.biz/
www.latriblesemint.info/
www.your-dress.ru/
www.yawqaziy.cn/
email.wegame.com/
phx.corporate-ir.net/
uslifeinsurancesite.com/
myinsuranceusa.net/
yourclubmember.com/
www.hotelclub.com/
littlenight.com/
nyavekep.cn/
littlenight.com/
www.unsforkiltes.biz/
raiseyear.com/
desirehas.com/
mcakifij.cn/
www.catiguq.cn/
www.lvlve.com/
drug-ed.info/
stop.mail-image.com/
www.saginat.cn/
www.gisler-systems.ch/
www.esetnod32.ru/
remont-best-project.by.ru/
equalbought.com/
www.cogbutoz.cn/
www.i-comu.com/
freefreemoneys.net/
khirirat.suratthani.doae.go.th/
vnet.hu/relabordor/
sm3.bigfishgames.com:80/
fasterdid.com/
ziphim.com/
littlenight.com/
nyavekep.cn/
invitel.hu/reklamiroda/
www.battt.ru/
www.savmisom.cn/
www.jamsonfarms.net/
ziphim.com/
idnetserver5.idmailing.eu/
gsmkoolets.com/
www.bofa.com/
epost.allersforlag.se/
www.jamsonfarms.net/
nyavekep.cn/
littlenight.com/
www.cmppdeperigueux.org/
remont-best-project.by.ru/
www.oex.ro/
www.zojlugov.cn/
www.mucequc.cn/
redi.by.ru/
www.i-comu.com/
lav-u.net/
24945.doragoq.cn/
ziphim.com/
tastyyou.com/
mobileringsite.com/
adk.mobileringsite.com/
www.battt.ru/
dbigomah.cn/
www.greatgamegalaxy.net/
www.jamsonfarms.com/
www.wavecasinoluxury.net/
www.jamsonfarms.com/
flmenp.bestpriceporsche.com/
b83.qqxbzaq.cn/
www.wavecasinoluxury.net/de/
www.yoga.org.nz/
www.aweber.com/
www.jamsonfarms.com/?
enjoychick.com/
righthumble.com/
adk.canhandleonline.com/
www.enjinia-777.com/
funskoolindia.com/
www.colonyinfo.com/
equalbought.com/
remontnik-andrey.by.ru/
stylelushblog.com/
www.galaxygreatgame.net/
ecee.ideacnm.cn/
db987.ideacnm.cn/
www.fasterdirection.com/
www.jamsonfarms.com/
invitel.hu/reklamiroda/
vnet.hu/relabordor/
diefinzelbergs.de/
earthmag.org/
remont-best-project.by.ru/
71d.dejivas.cn/
270.vndizdc.cn/
5cd.qzfihlv.cn/
www.xirwasab.cn/
fasterdifference.com/
rental.by.ru/
www.yoga.org.nz/
clicks.aweber.com/
www.yawqaziy.cn/
adk.mobileringsite.com/
mobileringsite.com/u
www.battt.ru/
mekioie.com/platinasex/
dbigomah.cn/
trial.simpleaffect.com/
slimfitagreement.com/
www.virenschutz-runterladen.info/
school38.by.ru/
8e993.pnbixkq.cn/
fun-games4u.net/
un.zepoquh.cn/
www.sonicdrivein.com/
abs.yojuvaj.cn/
www.pbcompliance.net/
pbcompliance.net/
tarantyl.by.ru/
kittensedop.com/
26d0cd.mijolck.cn/
www.weic15.com/
rrbs123coffeesspikes333.com/
greatestrxhere.com/
www.kasbila.com/
www.zadkuon.com/
www.truongxua.vn/
www.sonicdrivein.com/
www.yubicew.cn/
wwwsonicdrivein.com/
www.kasbila.net/
9023.bnsuahh.cn/
capwatches.cn/
easyactual.com/
capwatches.cn/
veryaboard.com/
www.powercomm.com/
98.137.34.58/
7dbb.ehasygt.cn/
reliablerxforyou.com/
www.kasbila.net/
visitedwhat.net/
05bd.bnsuahh.cn/
djfofo.lx.ro/
www.zadkuon.net/
capwatches.cn/
reliablerxforyou.com/
wncg.thebugattisport.com/
d94871.wfjagua.cn/
www.tevhujiz.cn/
8a511.bhuextn.cn/
trial.simpleaffect.com/
hytuyxp.cn/
www.zadkuon.com/
ticket.sewedak.cn/
www.rakcakid.cn/
www.sonicdrivein.com/
ticket.sewedak.cn/
www.onlinemedaroma.com/
img17.imageshack.us/
43ade.zpyabfj.cn/
85.17.213.130/
www.worldtech2009.com/
www.zadkuon.com/
veryaboard.com/
free.veryanywhere.com/
www.trestactivizion.net/
enjoychick.com/
veryact.com/
www.trestactivizion.net/
sample.veryahead.com/
free.veryaccording.com/
free.veryacres.com/
www.casinoclubwonderful.net/
www.casinoglobalsilver.net/
tadade55.com/pc/?koukoku
www.himitu-blog.org/
220.144.155.100/
flyers.ne.jp/
ado55.com/
www.himitu-blog.org/
free.veryacross.com/
veryacross.com/
free.veryacres.com/
www.id-baken.jp/
sample.veryaccording.com/
veryanywhere.com/
ad.zanox.com/ppc/
www.bars73.com/
www.casinoclubwonderful.net/
www.veryaccount.com/
sample.veryaccount.com/
ad.zanox.com/
veryaccording.com/
enjoychick.com/
events.maildirect.se/
epost.allersforlag.se/
www.starcasinoglobal.net/
surajdevelopers.in/
piastminkowskie.yoyo.pl/
guesthouse-solen.com/
altinsoy.com.tr/images/
sklapace.sk/
www.mypartnersprogram.yoyo.pl/
peletovekachle.sk/
reklamaru.by.ru/
enjoychick.com/
www.seemsokonberder.net/
dbigomah.cn/
veryacross.com/
www.veryahead.com/
veryaccount.com/
randywernerenterprises.us/
catsop.com/
kittensedop.com/
mothercarry.com/
www.lynnwizz.co.uk/
www.badgermarketing.co.uk/
www.tools72.com/
moreh.zepoquh.cn/
watch.zepoquh.cn/
tw.youtube.com/
www.seemsokonberder.net/
free.veryacres.com/
www.streetmoney.ru/
fun-games4u.net/
tvoeimya.home.sapo.pt/
sextuta.ok.ru/
enjoychick.com/
veryacres.com/
www.clubcasinowonderful.net/

--X0end
at 9:41 AM 0 comments
Labels:
Subscribe to: Posts (Atom)