Green AV ** Bogus Antivirus Scanner

Bogus Antivirus - 174.142.96.2

Domains sharing the same IP address:

avsolutiondwn.info
green-av-pro.com
mail.green-av-pro.com
my-green-av.com
ntrytodownload.info
p4678z.my-green-av.com
progresivescan.info
zp4.green-av.com

Bogus Firefox Add-on Plugin Spies Google Search

TrendMicro researcher discover spyware as "Adobe Flash Player 0.2", installed add-on have capabilities to monitor users browsing activities using Firefox browser.

Make sure you always get the update from legitimate source, downloading from unknown source will putting yourself unsecure when browsing in Internet.

Read more from TrendMicro

Google Ads list bogus Antispywarebot at web2secure.com

One of my reader sent me a message regarding this blog's Google Ads list bogus Antispywarebot. This bogus Antispywarebot still active and look like figure 2.

antispywarebot.com IP Address (75.125.61.162)

Domains sharing the same IP address:

2squared.com

antispywarebot.com

errorsweeper.com

privacycontrol.com

regclean.com

www.2squared.com

www.antispywarebot.com

www.errorsweeper.com

www.privacycontrol.com

The installer file was submitted to Virustotal and only 8/41 able to detect it as Fake Antivirus.

--X0end

Search http://a0v.org/x.js in Google, Yahoo and Bing

Recently, malicious iframe related to http://a0v.org/x.js catched lots of media attention. Although thousand of websites were compromised to contain this malicious link, users are no harm with this links anymore because "http://a0v.org/x.js" no contain any exploits link when users browsing to those websites.

This "http://a0v.org/x.js" actually exist almost one month ago, first detection was found on 27-July according to Wepawet and last detection was found on 11-Aug according to Wepawet.

According to ScanSafe blog, this malicious link compromised lots of legitimate website. So I try to search how many hits related to tag "http://a0v.org/x.js".

Google:

Bing:

Yahoo:

Reference:

- http://blog.scansafe.com/journal/2009/8/21/up-to-55k-compromised-by-potent-backdoordata-theft-cocktail.html

- http://securitylabs.websense.com/content/Blogs/3465.aspx

--X0end

Rogue Antivirus ** 28 Aug

IP Address: 64.213.140.68

Domains sharing same IP address:

mail.foryousite.net

mail.protectedsky.info

mail.sheltercloud.info

mail.thesafeguard.info

pay1.fastantivirpro.com

pay2.prestotuneup.com

pay2.windowspcsuite.com

pay2.windowsprotectionsuite.com

pay2.windowssystemsuite.com

relevantwebsearches.com

secure-pro.cn

shieldcaskad.info

update2.malwaresdestructor.com

update2.prestotuneup.com

winprotectionsuite.com

www.fast-antivirus.com

www.foryousite.net

www.virusshield-scan.net

www.windowspcsuite.com

IP address: 94.102.51.26

Domains sharing same IP address:

antivirus-online-scan5.com

antivirus-online-scan7.com

bestpersonalprotectionv7.com

computer-antivirus-scanv9.com

fastvirusscanv6.com

govirusscanner.com

live-virus-scanner3.com

ns1.ia-report.com

ns2.ia-report.com

online-best-scanv3.com

online-pro-antivirus-scan.com

onlinebestscannerv3.com

onlinepersonalscanner.com

onlineproantivirusscan.com

onlineproantivirusscanner.com

personalantivirusprotection.com

premium-antispy-scanv3.com

premium-antispy-scanv7.com

professionalcomputerscanv2.com

safeonlinescannerv4.com

safeonlinescanv4.com

secure-antispyware-scanv3.com

secure-virus-scannerv5.com

securepersonalscanner.com

securityfolderprotection.com

spyware-scannerv2.com

spywarescannerv4.com

IP Address: 88.198.233.225

Domains sharing same IP address:

antispywarebestscanner.com

antivirus-my-pc-scan.com

best-adware-scanner.com

best-spyware-scanner.com

best-virus-scanner.com

clean-all-spyware.com

free-live-scanner.com

homeantispywarescan.com

homespywarescanner.com

livetimeprotectionscan.com

livetimesecurityscan.com

protectmycomputernow.com

remove-pc-spyware.com

remove-pc-virus.com

removeallthreatsnow.com

removepcvirus.com

scan-my-computer-now.com

scan-my-pc-now.com

scan-your-computer-now.com

scan-your-pc-now.com

scan4virusnow.com

static.88-198-233-225.clients.your-server.de

total-software-antivirus.com

totalspywarescan1.com

virus-scan-org.com

IP Address: 78.47.91.154

Domains sharing same IP address:

city-of-amber.com

satisfatcionvulture.com

secure.buybestsoftwareonline.com

secure.buysoftwaresubscription.com

secure.purchuase-premium-soft.com

secure.purchuaseliveprotection.com

secure.purchuaseonlinedefence.com

secure.softwere-store-payments.com

static.154.91.47.78.clients.your-server.de

websecurepayments.com

www.buysoftwaresubscription.com

www.purchuase-premium-soft.com

www.purchuaseliveprotection.com

www.softwere-store-payments.com

Complex Obfuscated JS code in PDF ** fhijafif.cn

Obfuscated Javascript codes in pdf exploit become more complex from day to day, especially Wepawet ( Free service for detecting JavaScript, flash and PDF file) hardly to produce the result. Sample "hereEvenMore.pdf" is one of the example that wepawet unable to produce any exploit and eval code.




Below is the javascript codes that found after filter with FlateDecode method. It look really mess and hardly to understand what algorithm used to decode it.



However, after carefully read though the JavaScript codes, replace function was found. It gave me idea to replace character "!@?" with blank quote to end with result.



Below screen displayed UCS2 codes that can be de-obfuscated.



The de-obfuscated code end with malicious link to "http://fhijafif.cn/fex/update.php?id=2"
Sample "load.exe" submitted to Virustotal end with minor detection rate 4/41 and the "hereEvenMore.pdf" only gain 8/38







fhijafif.cn = 195.88.191.46 (Blacklisted)

Domains sharing the same IP address:

*.drocuwil.cn
*.hnifuzof.cn
*.jagbibiv.cn
*.npeyugux.cn
*.qtorifik.cn
*.smoxewac.cn
*.svefipuj.cn
*.vtuyocew.cn
*.wetyotix.cn
*.xceyadij.cn
bsidiket.cn
cazkafuq.cn
cqodezuz.cn
doflolab.cn
drocuwil.cn
fhijafif.cn
fteqimop.cn
hnifuzof.cn
jagbibiv.cn
lhamedep.cn
ndirekoc.cn
npeyugux.cn
ns1.jagbibiv.cn
ns2.jagbibiv.cn
nvujinaw.cn
qtorifik.cn
smoxewac.cn
svefipuj.cn
vtuyocew.cn
wetyotix.cn
wjaxoxeh.cn
wvahexip.cn
www.drocuwil.cn
www.hnifuzof.cn
www.npeyugux.cn
www.qtorifik.cn
www.smoxewac.cn
www.svefipuj.cn
www.vtuyocew.cn
www.wetyotix.cn
www.xceyadij.cn
xceyadij.cn
yawxowaj.cn
zekxowiv.cn
zyejanag.cn


--X0end

Microsoft released patch to Autorun hole

In Windows XP, Windows Vista, and Windows Server 2003, AutoRun entries were populated for all devices that had mass storage and had a validly formatted AutoRun.inf file in the root directory. This included CDs, DVDs, USB thumb drives, external hard disks, and any volume that exposed itself as mass storage. This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.

The patches can be download from

Update for Windows XP (KB971029)

Update for Windows Vista (KB971029)


Reference:
http://support.microsoft.com/kb/971029

HSBC Phishing Site

HSBC Phishing Site






Domains using same IP address: 209.151.4.62

*.co.uk-v.cn
*.uk-v.cn
co.uk-v.cn
hsbc.co.uk-v.cn
uk-v.cn

Rogue Antivirus ** 24 Aug

Domains sharing same IP address: 91.213.29.250

gombely.cn
gopiby.cn
goqfap.cn
gortuwe.cn
gotceyr.cn
gotuqjy.cn
govaqip.cn
gowyti.cn
goxweyc.cn
gubcyil.cn
gubywef.cn
gudxyv.cn
gugema.cn
gugkyaf.cn
gujdywa.cn
gurqyak.cn
gutciko.cn
guxryac.cn
gybukop.cn
gybwuv.cn
hagnuor.cn
haronpi.cn
idyzok.cn
igayzde.cn
iguyzmo.cn
ihaegup.cn
mail.gombely.cn
mail.goqfap.cn
mail.gortuwe.cn
mail.gotceyr.cn
mail.gotuqjy.cn
mail.govaqip.cn
mail.goxweyc.cn
mail.gubcyil.cn
mail.gugema.cn
mail.gujdywa.cn
mail.gurqyak.cn
mail.gutciko.cn
mail.guxryac.cn
mail.gybukop.cn
mail.gybwuv.cn
mail.hagnuor.cn
mail.idyise.cn
mail.idyzok.cn
mail.ns-free-acc7.com
ns-free-acc7.com
ns1.ns-free-acc7.com
ns2.ns-free-acc7.com
www.goqfap.cn
www.gortuwe.cn
www.gotceyr.cn
www.gotuqjy.cn
www.govaqip.cn
www.gowyti.cn
www.goxweyc.cn
www.gubcyil.cn
www.gugema.cn
www.gybwuv.cn
www.hagnuor.cn


Domains sharing same IP address: 209.44.126.81

dealsplanet.info
mail.safetywirelessonline.com
mail.securitybestonline.com
mail.securityscaninternet.com
mail.securitytestavailable.com
mx081.braqsil.com
safetywirelessonline.com
securitybestonline.com
securityscaninternet.com
securitytoolsite.com
www.safetywirelessonline.com
www.securitytestavailable.com


Domains sharing same IP address: 195.95.151.176



addedantiviruslive.com
addedantivirusonline.com
addedantiviruspro.com
addedantivirusstore.com
antivirus-plus-now.com
antivirusplus-ok.com
antivirusplus09.com
antivirusplusnow.com
avplus247.com
bestcountedantivirus.com
countedantiviruspro.com
easyaddedantivirus.com
freeantivirusplus09.com
getantivirusplusnow.com
goodantivirusplus.com
i-antivirusplus.com
internetantivirusplus.com
mail.addedantiviruslive.com
mail.addedantivirusonline.com
mail.addedantiviruspro.com
mail.addedantivirusstore.com
mail.antivirusplus-ok.com
mail.antivirusplus09.com
mail.antivirusplusnow.com
mail.avplus247.com
mail.bestcountedantivirus.com
mail.easyaddedantivirus.com
mail.freeantivirusplus09.com
mail.getantivirusplusnow.com
mail.getavplusnow.com
mail.goodantivirusplus.com
mail.i-antivirusplus.com
mail.internetantivirusplus.com
mail.megaantivirusplus.com
mail.mybestantivirusplus.com
mail.myplusantiviruslive.com
mail.myplusantiviruspro.com
mail.nextantivirusplus.com
mail.realantivirusplus.com
mail.realantivirusplus09.com
mail.safewebway2009.com
mail.trusted-web-way.com
mail.web-safe-and-clean.com
mail.yesantivirusplus.com
mail.yourcountedantivirus.com
megaantivirusplus.com
mybestantivirusplus.com
myplusantiviruslive.com
myplusantiviruspro.com
nextantivirusplus.com
ns-free-acc6.com
ns1.ns-free-acc6.com
ns2.ns-free-acc6.com
realantivirusplus.com
realantivirusplus09.com
rightsafeway.com
safewebway2009.com
trusted-web-way.com
web-safe-and-clean.com
www.addedantiviruslive.com
www.addedantiviruspro.com
www.addedantivirusstore.com
www.antivirus-plus-now.com
www.antivirusplus-ok.com
www.antivirusplus09.com
www.antivirusplus2010.com
www.antivirusplusnow.com
www.bestcountedantivirus.com
www.easyaddedantivirus.com
www.getantivirusplus09.com
www.getantivirusplusnow.com
www.getavplusnow.com
www.goodantivirusplus.com
www.i-antivirusplus.com
www.megaantivirusplus.com
www.myplusantiviruspro.com
www.nextantivirusplus.com
www.protect-my-web.com
www.rightsafeway.com
www.safewebway2009.com
www.smartantivirusplus09.com
www.trusted-web-way.com
www.web-safe-and-clean.com
www.yesantivirusplus.com
www.yourcountedantivirus.com
yesantivirusplus.com
yourcountedantivirus.com


Domains sharing same IP address: 78.46.201.89

b2b-forums.cn
bestvanillaresorts.cn
consensualart.cn
delayyouranswer.cn
gazsnippets.cn
getbestsales.cn
goldensunshine.cn
guidetogalaxy.cn
lifewepromote.cn
mywatermakrs.cn
nothing-to-wear.cn
personalrespect.cn
poundsofinterests.com
securecommercialnews.cn
securedvirusproscan.com
static.89.201.46.78.clients.your-server.de
steplessculture.cn
vipsoccermanager.cn
yourholidaytoday.cn

Domains sharing same IP address: 91.212.127.200

antivirus-scannerv12.com
antivirus-scannerv15.com
professionalcomputerscanv2.com
professionalmalwarescanv7.com
safeonlinescannerv4.com
safeonlinescanv4.com

Domains sharing same IP address: 209.44.126.52

antimalwareonlinescanv4.com
antivirus-scannerv17.com
best-security-scanv8.com
bestantispywarescanv4.com
professionalspywarescanv8.com
professionalvirusscanv3.com
virusonlinescanv3.com

Spam ** 24 Aug

Domains sharing same IP address: 69.64.147.211

www.zzzz1.com
190.tv
3geb.com
4.tv
99h.biz
absolute-hosting.net
actimmo14.com
alrashidhospital.com
amateur3.com
americanfootballodds.com
anakon.com
antrimcd.org
arai.tv
axisgold.com
backupmx1.theoconcept.com
balmandir.org
bbwpicture.com
billblog23.com
blackrhinostudio.com
bloggfer.com
bmrda.org
bunjeejump.com
canadasdelnaranjo.com
coeusinc.com
connect-cc.com
costadelsolnews.com
crewgreen.net
dandevideo.com
darajial.net
diecastexchange.com
diegolainez.com
divadigital.net
donotstandatmygrave.com
dtz.tv
dudobb.com
e-nvi.com
eazyhunt.com
epicfashions.com
erehwon.cc
everythingyankee.com
ffxiphotos.com
floormastr.com
ftp.le-cellulairologue.com
gamerzhost.com
gerrardpb.com
globelexchange.com
goldenharvestfarms.com
gpj-cpa.com
graffmedia.com
hotjapangirls.com
hutory.net
ilovehuatulco.com
imm-minot.com
irc.tv
joker.anakon.com
kennedyschopper.com
le-cellulairologue.com
learning4good.com
magalnet.org
mail.absolute-hosting.net
mail.ns.absolute-hosting.net
mail.snd-sa.com
mail.yumi-mod.com
manutdonline.org
mikesgunshop.com
modartman.com
mx.learning4good.com
nbv10.billblog23.com
nbv15.billblog23.com
nbv18.billblog23.com
nbv21.billblog23.com
nbv22.billblog23.com
nbv25.billblog23.com
nbv26.billblog23.com
nbv31.billblog23.com
nbv34.billblog23.com
nbv46.billblog23.com
nbv47.billblog23.com
nbv6.billblog23.com
nnumc.com
ns.absolute-hosting.net
ns1.powerplayhosting.com
ns2.crewgreen.net
ns2.escortshosting.com
oswegoalliance.com
palmsinnca.com
porn.video-n.com
powerplayhosting.com
proxy.multicom-bg.net
ptcenter.net
revolcom.com
robarsandals.com
rtd.tv
server2008.theserverdns.net
serverbunda.com
siior.com
siraje.com
snd-sa.com
sparkling-media.com
sperm-attack.info
svideocodec.com
the-enclave.net
theoconcept.com
theserverdns.net
uttranchal.org
video-n.com
voyalmedico.com
www.alrashidhospital.com
www.bunjeejump.com
www.diegolainez.com
www.donotstandatmygrave.com
www.ffxiphotos.com
www.kennedyschopper.com
www.learning4good.com
www.salelavoglia.com
www.sperm-attack.info
www.splurgeinc.com
xambi.com
xszone.net
xuxa-usa.com
yahyaliihl.com
yournetjob.com


Domains sharing same IP address: 216.8.179.24

abercromiekids.com
aboutforex.net
adultfriendffinder.com
agile-graphics.com
alco-chemicals.nl
amadar.com
ancienthistory.net
apo.com
arsenalsoftware.com
asko-mobler.se
ausom.com
azdiamondbacks.org
basicrights.de
bbs.apo.com
benjamin.info
betterbattery.com
bewellnaturally.net
bkm.info
blackgirlssex.com
boredwithporn.org
boxborough.info
brendasblog.org
brendasjourney.com
cabal.se
cafe-stroget.nl
capsud.fr
celebritybirthday.com
cerbernet.co.uk
cercleshop.be
chimborazo.com
cm.nu
continuum.cm.nu
dbiv.com
dbweb.de
ddp3.com
designersofcanada.com
disneychannelsex.com
dropshipping.info
e28.org
fey.se
fmcg.se
funtime.org
giedelta.com
greenshoe.com
hellfire.com
hertmed.com
hondatestdrive.com
host.houseofbitlord.com
houseofbitlord.com
i3f.fr
ida.se
ik1znw.org
internetz.org
klbar.org
kopsalj.se
lancetilla.org
lawena.se
ljudochbildarkivet.se
londonpropertynews.co.uk
lusterware.com
lww.org
mail.cabal.se
mail.cafe-stroget.nl
mail.cercleshop.be
mail.cm.nu
mail.ddp3.com
mail.fey.se
mail.funtime.org
mail.hondatestdrive.com
mail.pattisoncollege.com
mail.projetel.com
mail.thewell.ca
mailbak0.cerbernet.co.uk
mailbak1.cerbernet.co.uk
menoweb.fr
miniwaresoft.com
mydigitalpaper.com
nice-ping.de
no-panic.com
ns0.cerbernet.co.uk
ns1.funtime.org
ns1.opleidenindeschool.nl
ns1.terrax-computer.org
ns2.funtime.org
odyssey-ns.cm.nu
odyssey.cm.nu
opleidenindeschool.nl
paneltec.com
pattisoncollege.com
petsmatr.com
presort.info
profilprodukter.se
projetel.com
ragtime.internetz.org
ribbonofpromise.org
screentools.com
shahalam.org
simplytouch.com
simsfilevault.com
smallbusinessweb.ca
sodastuff.com
speed.ik1znw.org
swechoir.se
tanarede.info
tce.se
terravoip.com
terrax-computer.org
thewell.ca
tls.se
top10fishing.se
tostitilburg.nl
unyouthsummit.org
upm.net
vmail1.cerbernet.co.uk
www.ddp3.com
www.dropshipping.info
www.mydigitalpaper.com
www.presort.info
www.sodastuff.com
zeroforums.com

Domains sharing same IP address: 59.148.181.82

*.3qrz.cn
appliedinnovation.net
guyongjun.cn
happyboys.cn
websurfing.cn
www.tmz.cn
www.kaspersky7.com.cn


Domains sharing same IP address: 216.86.155.41

007ihost.com
110949-www1.irealestategroup.com
24fun.com
addictingameing.com
air-crashes.info
air-crashes.net
applications.w2com.com
arcadevault.com
asecureadvice.com
bodysculpter.com
bostenceltics.com
calwayinsurance.com
carrington-legal.com
charterleague.com
cngular.com
com.emuledream.com
commerce-bank.info
creditprovide.net
crepac.com
custom-address-labels.com
darkcorp.com
daytonamottlaw.com
dnredirect.com
dreamfiancee.com
e-taxclinic.com
easybadcreditloans.net
eliteplace.com
emuledream.com
exampilot.com
gtctelecom.com
healthinsurance-usa.com
hgh-maximum-result.info
homeloansavers.com
hotvideosshowcase.com
hr-dept.com
ikaw.paruparo.net
indianladies.com
irealestategroup.com
joincrossing.com
ks-labo.com
lakewoodcottages.com
leadershiptrainingcourses.com
linkdatabase.com
lymphedemacircleofhope.org
madermex.com
mail.arcadevault.com
mail.asecureadvice.com
mail.blogdreams.net
mail.crepac.com
mail.emuledream.com
mail.forfones.com
mail.ks-labo.com
mail.paruparo.net
mail.preemiemagazine.com
mail.pulse2music.com
mail.queenofsuspension.com
mail.twistingpixels.com
maildefer.simucockpit.com
mailspool.simucockpit.com
misk.com.emuledream.com
mobatomo.net
mobitel.com
monacofunds.com
monteryhotel.com
mountainheritageacademy.com
multi-models.net
mx.007ihost.com
ns1.007ihost.com
ns1.hydehosting.com
ns1.madermex.com
ns1.misk.com.emuledream.com
ns1.sm7b.com
ns2.hydehosting.com
ns2.sm7b.com
ns3.coppierhosting.com
numbersrestaurant.com
onlinecasinogalaxy.com
paruparo.net
pinnaclelearningonline.com
preemiemagazine.com
pulse2music.com
queenofsuspension.com
quigibo.com
revistaxtreme.com
runnings.com
sarisari.paruparo.net
secretshopacra.com
server13.bannerservers.com
simucockpit.com
sl5.my76.com
sl6.my76.com
sl7.my76.com
sm7b.com
ste59.com
stoptextbully.com
super.lan4.us
sv.mobatomo.net
tattootradeschool.com
thecoolpics.net
thesimplegallery.com
twistingpixels.com
unionapprenticeships.com
vanaaken.com
videokita.net
virusranger.com
w2com.com
wiflyer.com
www.bannerservers.com
www.calwayinsurance.com
www.dreamfiancee.com
www.gtctelecom.com
www.linkdatabase.com
www.lymphedemacircleofhope.org
www.ste59.com
www.twistingpixels.com
www.uipjapan.com
www.unionapprenticeships.com
www.videokita.net
www.wiflyer.com
xinhuiit.com
xs01.preemiemagazine.com

Spam ** 20 Aug

hostnames sharing same IP address: 211.95.78.84 (Blacklisted)

*.aicgifgo.cn

*.aiiecupo.cn

*.aiivugko.cn

*.ailmwexo.cn

*.aimmjtlo.cn

*.aiuvzhbo.cn

*.aixnyewo.cn

*.cupdow.com

*.dnsuperreq.com

*.gullygrowly.com

*.nicecome.com

*.nicejack.com

*.superserverpro.com

aiasfsro.cn

aicgifgo.cn

aicjhcto.cn

aiiecupo.cn

aiivugko.cn

aijmwino.cn

aiksrppo.cn

ailmwexo.cn

ailvujko.cn

aimmjtlo.cn

aiqgwhuo.cn

aithoulo.cn

aiuvzhbo.cn

aiwcetno.cn

aixnyewo.cn

aifldxzo.cn

cupdow.com

evedish.com

gullygrowly.com

gullyzulu.com

ns1.5-2005-search.com

ns1.aicjhcto.cn

ns1.aiiecupo.cn

ns1.aiivugko.cn

ns1.aijmwino.cn

ns1.ailmwexo.cn

ns1.aimmjtlo.cn

ns1.aithoulo.cn

ns1.aiuvzhbo.cn

ns1.aixnyewo.cn

ns1.cupdow.com

ns1.gullygrowly.com

ns1.gullyzulu.com

ns1.superserverpro.com

ns2.aicjhcto.cn

ns2.aiiecupo.cn

ns2.aiivugko.cn

ns2.aijmwino.cn

ns2.ailmwexo.cn

ns2.aimmjtlo.cn

ns2.aiqgwhuo.cn

ns2.aithoulo.cn

ns2.aiuvzhbo.cn

ns2.aixnyewo.cn

ns2.cupdow.com

ns2.gullygrowly.com

ns2.gullyzulu.com

purport.nicecome.com

superserverpro.com

www.aicgifgo.cn

www.aiivugko.cn

www.ailmwexo.cn

www.aimmjtlo.cn

www.aiuvzhbo.cn

www.aixnyewo.cn

www.aiwcthwo.cn

www.aiftkfto.cn

hostnames sharing same IP address

(203.93.208.86

220.196.59.35

91.213.33.10 -Blacklisted)

*.cmuviraz.cn

*.cvupuqal.cn

*.trazawib.cn

*.wrotehumor.ru

9d1.cmuviraz.cn

cmuviraz.cn

ns3.wrotehumor.ru

wrotehumor.ru

msn.pnasiviq.cn

8efae.bfiledet.cn

315.kgugavec.cn

6f92b.bgoyibej.cn

2ab3e.zfoxafip.cn

www.aiwatjco.cn

hostnames sharing same IP address:( 201.218.228.154 )

clippingsports.com

ns1.clippingsports.com

pills-planet.info

www.pills-planet.info

Spam, Rogue Antivirus, Gmail Phishing ** 19 Aug

Phishing -> gmail-pop3.com (210.51.10.189)

hostnames sharing same IP address: 210.51.10.189

haos-in.ru

infinitccoopp.cn

mgekohii.cn

nigmo.cn

porno-inter.ru

sexiland.ru

us18.ru

vse-buddet-zae.biz

www.091809.ru

securitysupplycenter.com - 62.90.136.237

Trojan - http://securitysupplycenter.com/download.php?affid=00000

Virustotal report (12/40)

Anubis report

hostnames sharing same IP address: 62.90.136.237

cheapsecurityscan.com

mail.cheapsecurityscan.com

mail.securityread.com

mail.securitysupplycenter.com

ns1.cheapsecurityscan.com

ns1.securityread.com

ns1.securitysupplycenter.com

officesecuritysupply.com

scanasite.com

securityread.com

securitysupplycenter.com

hostnames sharing same IP address: 216.240.143.7

besttubebender.com

fllcorp.com

meintubedir.com

onlysteeltube.com

supertubetop.com

the-blue-tube.com

thegrouttube.com

thetubefeeding.com

tubesdiscount.com

vacuumtubevideo.com

www.fllcorp.com

redrocktube.com

best0tube.com

hostnames sharing same IP address: (204.27.57.227 - Blacklisted)

*.cowish.info

*.goscanslim.com

*.goscansoon.com

*.pickknob.info

*.scan6atom.com

*.scan6lux.com

briers.info

cowish.info

crazel.info

curtle.info

enteri.info

espied.info

extirp.info

fauste.info

gobackscan.com

gomapscan.com

goparkscan.com

goscanslim.com

goscansoon.com

gotechscan.com

highscan4.info

inb4ch.com

inb4it.com

kahold.info

niobes.info

ns1.genilch.com

ns1.inb4ch.com

ns1.inb4co.com

ns1.inb4it.com

pattle.info

pickknob.info

pleach.info

pridge.info

scan4bay.info

scan6atom.com

scan6lux.com

scanfile4.info

scanmore4.info

unmast.info

www.cowish.info

www.golikescan.com

www.goparkscan.com

www.goscanslim.com

www.goscansnap.com

www.goscansoon.com

www.pickknob.info

www.scan4note.info

www.scan6atom.com

www.scan6lux.com

www.top4scan.info

hostnames sharing same IP address: 84.16.235.187

*.gen6scan.info

*.scannote6.info

84-16-235-187.internetserviceteam.com

fanscan6.info

goscansnap.com

in6iq.com

in6sd.com

jennyfy.info

miniscan6.info

ns2.in6iq.com

ns2.in6sd.com

plantof.info

scannote6.info

www.gen6scan.info

www.in6iq.com

www.scannote6.info

hostnames sharing same IP address: 78.109.25.216

*.4sx2.cn

*.m77s.cn

*.mywarworld.cn

*.qwr11mn.cn

*.reloadcom.cn

*.rubirol.cn

*.sinasan.cn

4sx2.cn

adwards.mywarworld.cn

gemmakt.cn

miralive.cn

mywarworld.cn

nevervhudo.ru

qwr11mn.cn

reloadcom.cn

rollstar.m77s.cn

rubirol.cn

sinasan.cn

socksps.ru

www.4sx2.cn

www.miralive.cn

www.mywarworld.cn

www.reloadcom.cn

www.rubirol.cn

www.sinasan.cn

www.socksps.ru

wwwitems.cn

xmidnight.cn

zeus.qwr11mn.cn

Zbot and other suspcious domains ** 18 Aug

zuka.dsl.ge (213.157.196.22) - zbot

hostnames sharing same IP address:

*.chat.ge

24hours.ge

24saati.ge

5linesradio.ge

adjara.gov.ge

adjaratv.ge

agritechnics.ge

aidscenter.ge

ajcci.ge

alionitour.ge

ambafrance-ge.org

ave.ge

bali.chat.ge

bgi.ge

bologna-supporters.ge

canargo.ge

cdsmeg.ge

chaganava.ge

chat.ge

chet.ge

cims.ge

dadiholding.com

device.ge

diaamo.com

diogene.ge

dkd.ge

done.ge

dro.ge

ecom.ge

ena.ge

energo-pro.ge

euli.ge

eva.ge

fresh.ge

gba.ge

gbg.ge

gelink.ge

genet.ge

geocinema.ge

geopak.ge

gidi.ge

gs1.ge

gse.com.ge

gtc.com.ge

gudgio.com

guramex.com

gvaramia.com

hacking.ge

host.online.ge

irex.ge

itmgroup.ge

jag.ge

jambo.ge

madloba.ge

magti.chat.ge

mofea.ge

ncib.ge

nekamusic.com

paulownia.ge

polyglot.ge

procredit.ge

procreditbank.ge

refresh.ge

rustavi.ge

scouts.ge

sme-business.org.ge

taobank.ge

tcg.ge

telvo.ge

tfs.ge

translators.ge

traveler.ge

traveller.ge

ubisa.ge

ugt.ge

undp.org.ge

uta.gov.ge

www.adjaratv.ge

www.alta.ge

www.ambafrance-ge.org

www.bgi.ge

www.chat.ge

www.cims.ge

www.done.ge

www.dro.ge

www.eva.ge

www.fresh.ge

www.gba.ge

www.gelink.ge

www.gidi.ge

www.hacking.ge

www.procredit.ge

www.procreditbank.ge

www.stcompany.net

www.traveler.ge

www.undp.org.ge

www.wissol.ge

youth.ge

zuka.dsl.ge

demonchik.real-host.org (92.60.176.41 - Blacklisted) - zbot

hostnames sharing same IP address:

demonchik.real-host.org

fxpaying.ru

innobean.ru

mail.fxpaying.ru

mail.real-host.org

mail.real-host.ru

real-host.org

real-host.ru

wmrbux.org.ru

www.bobrenok.net.ru

www.fxpaying.ru

www.prodobavki.com

www.real-host.ru

www.xeberdar.info

xeberdar.info

yovee.ru

mibris.nl (85.12.15.147) - zbot

*.dutchmagic.nl

*.enerdes.com

*.futuretrain.eu

*.futuretrain.nl

*.keizerenvanstraten.nl

*.kozamc.nl

*.meteorfoundation.eu

*.thenetforce.nl

*.vissermakelaardij.nl

amc-cru.nl

artiestenfoyer.com

dekleijn.net

dutchmagic.nl

futuretrain.eu

futuretrain.nl

keizerenvanstraten.nl

kozamc.nl

mdaemon.futuretrain.nl

meteorfoundation.com

mibris.com

mibris.nl

ns4.futuretrain.nl

server.futuretrain.nl

service4science.com

strategencollectief.com

strategencollectief.nl

thenetforce.nl

vissermakelaardij.nl

web01.futuretrain.eu

www.keizerenvanstraten.nl

www.thenetforce.nl

www.vissermakelaardij.nl

otdel-k.cn (211.95.78.98 - Blacklisted) zbot

autodoregison.ru

download.sttcounter.cn

driveupdate.cn

hotsummerstaff.ru

immortalisdomen.ru

italia-lavoro.com

linkdrive.be

mail.driveupdate.cn

mail.google-newbot.cn

mail.italia-lavoro.com

mail.nupoprobuyloknia.com.cn

mail.okilas.cn

mail.otdel-k.cn

mail.sttcounter.cn

mail.top1959.cn

mail.wedskay.cn

ns1.dcn5100.com

nupoprobuyloknia.com.cn

okilas.cn

otdel-k.cn

rapidsystemsend.ru

sttcounter.cn

sujetline.ru

top1959.cn

updateservisetf.ru

wedskay.cn

mx041.belmony.com (209.44.126.41 - Blacklisted)

Spam/Phishing ** 18 Aug

www.rlebiqed.cn (222.186.13.57 - Blacklisted)

Hostnames sharing same IP address:

ganjh.com

hbb711.com

ns1.eversugar.in

ns1.helptire.in

ns1.meekalive.com

ns1.rosyboost.com

ns6.powerheard.com

ns6.pressbreezy.com

renxiaoyao.com

www.pfizer-corporation.com

www.mcowunoy.cn

Domains that using as nameserver:

avoluv.ru

fixreseb.cn

fotlavaz.cn

hyinineb.cn

nmiyuxop.cn

nsinoxiy.cn

qyebimah.cn

rreqimus.cn

vremucol.cn

vvugutin.cn

wnesawuy.cn

xsafotet.cn

ymunuvub.cn

Hostnames sharing same IP address: 207.210.122.159

*.bigcartel.com

*.virocksworkshop.bigcartel.com

antrepo.bigcartel.com

appshirt.bigcartel.com

ashkahn.bigcartel.com

bigcartel.com

blackdicekustomz.bigcartel.com

blackdicekustomz.com

dazzleband.com

dazzlebands.com

drumstargear.com

effineffigy.com

envyusclothing.com

feedinglist.com

goldenlifeclothing.com

guitarstargear.com

milkboston.bigcartel.com

milkboston.com

musicstargear.com

p2merch.com

plutostore.com

shipekart.com

shopjill.com

shopjillgreen.com

smokeabowlwithanole.com

trailerparktshirts.bigcartel.com

trailerparktshirts.com

undertowstore.com

virocksworkshop.bigcartel.com

virocksworkshoponlinestore.com

www.antreposhop.com

www.appshirt.com

www.bigcartel.com

www.dazzleband.com

www.dazzlebands.com

www.getslapt.com

www.lintyfresh.com

www.plutostore.com

www.shopshopa.com

www.turnnocturnal.com

www.virocksworkshop.bigcartel.com

z-box.net

Hostnames sharing same IP address: ( 220.196.59.35 - Blacklisted)

*.cmuviraz.cn

*.cvupuqal.cn

*.trazawib.cn

*.wrotehumor.ru

9d1.cmuviraz.cn

cmuviraz.cn

ns2.sailcalm.com

ns3.wrotehumor.ru

wrotehumor.ru

Domains use as nameserver ( 220.196.59.35 - Blacklisted)

baccafur.cn

behvigiv.cn

bevkoney.cn

bokninuz.cn

boqxejuf.cn

ciqziqad.cn

cowgentle.com

cunpuyav.cn

daykogex.cn

ditkarev.cn

diwhupas.cn

gekhuboc.cn

kuqxatan.cn

toglehoz.cn

vitalhe.com

wrotehumor.ru

Hostnames sharing same IP address: ( 216.145.222.3 -Blacklisted)

actionemailoffers.com

adknowledgemail.com

agamioffermail.com

americanmadecompany.com

americanmadedeals.com

americanmadedeals.net

americanmademail.com

americanmadeoffers.com

americanmadeoffers.net

amnyemailoffers.com

amnyemailoffers2.com

automotiveservicesgroupemails.com

baltsunemailoffers.com

baltsunemailoffers2.com

caauthority-mail.com

cashadvanceauthority-mail.com

cashadvanceauthority-mail2.com

cashadvanceauthoritymail.com

chictriboffers.com

chictriboffers2.com

circularmail.com

eliteidea.net

elitepartners.net

eliterelationships.net

eliteromance.net

fast-cashdeals.net

fast-cashemail.com

fast-cashloans.net

fast-cashoffers.com

fast-cashoffers.net

fast-email-cash.com

fastconsumercash.com

fastconsumerdeals.com

fastconsumerdeals.net

fastconsumeroffers.com

fastconsumeroffers.net

good-onlinedeals.com

good-onlinedeals.net

good-onlineoffers.com

good-onlineoffers.net

great-onlinedeals.com

great-onlinedeals.net

great-onlineoffers.com

great-onlineoffers.net

greatamericanoffers.com

hamregistergifts.com

hapromos.com

hotoffthepressoffers.com

hotoffthepressoffers2.com

lanewsoffers.com

lanewsoffers2.com

mail.members-benefit.com

mailout-88-140.premierspecialoffers.net

mailout-88-145.premierspecialoffers.net

marketsurveysmail.com

mediaoffermail.com

mediapromos.net

membersbenefit-mail.com

membersbenefit-mail2.com

membersbenefitmail.com

netsurveyrewardsmail.com

offsurvey.com

perfectonlinedeals.com

perfectonlinedeals.net

perfectonlineoffers.com

perfectonlineoffers.net

premierspecialoffers.net

sentinelemaildeals.com

sentinelemaildeals2.com

sldresolver.com

socmarksys-alumnimail.net

socmarksys-artisticmail.net

socmarksys-artsmail.net

socmarksys-automail.net

socmarksys-awarenessmail.net

socmarksys-businessmail.net

socmarksys-citiesmail.net

socmarksys-communitymail.net

socmarksys-companymail.net

socmarksys-computermail.net

socmarksys-countrymail.net

socmarksys-craftsmail.net

socmarksys-creativemail.net

socmarksys-culturemail.net

socmarksys-entertainmentmail.net

socmarksys-familymail.net

socmarksys-gamesmail.net

socmarksys-govmail.net

socmarksys-healthmail.net

socmarksys-hobbiesmail.net

socmarksys-neighborhoodsmail.net

socmarksys-offer.net

socmarksys-politicsmail.net

socmarksys-post.net

socmarksys-regionsmail.net

socmarksys-ruralmail.net

socmarksys-techmail.net

socmarksys-wellnessmail.net

socmarksys-zonemail.net

surfcentralemails.com

tribaloffer.net

tribalpost.net

tribe-businessmail.net

tribe-citiesmail.net

tribe-entertainmentmail.net

tribe-hobbiesmail.net

trinetprodeals.com

trinetprodeals.net

trinetproemail.com

trinetprooffers.com

trinetprooffers.net

uppereyedeals.com

uppereyedeals.net

uppereyeoffers.com

uppereyeoffers.net

usaconsumerdeals.com

usaconsumerdeals.net

usaconsumermail.com

washpostemailoffers.com

washpostemailoffers2.com

websurveyrewardsmail.com

Hostnames sharing same IP address: (213.202.225.44 - Blacklisted)

*.tr.ohost.de

*.up.ohost.de

*.ve.ohost.de

*.wa.ohost.de

*.wallhacker.org

*.we.ohost.de

*.www-tipp.com

*.www-tipps.com

213.202.225.44.rdns.funpic.de

ballkleid-ballkleider.net

klartraum-forum.com

proxy.be.ma

server20.ohost.de

server21.ohost.de

server22.ohost.de

server23.ohost.de

sm18.ohost.de

traumwelt.tr.ohost.de

updatesession.up.ohost.de

verifyyourscotia.ve.ohost.de

wallhacker.wa.ohost.de

webkatalog.we.ohost.de

wewewetipp.we.ohost.de

www.freegamesbase.com

Hostnames sharing same IP address: (211.91.237.5 - Blacklisted)

*.abilityshort.com

*.farmresolution.com

*.fieldtook.com

*.foqmeyop.cn

*.lafec.com

*.likemodern.com

*.linemeasure.com

*.mixkept.com

*.operatedefinition.com

*.propertymeat.com

*.seatstrength.com

*.startdictionary.com

*.touchbrought.com

abilitychord.com

abilitydone.com

abilityshort.com

achievementoriginal.com

advocacykeep.com

ahp.distantthan.com

ajo.formrealization.com

angeredge.com

angermillion.com

areapiece.com

aspirationor.com

atwarm.com

broughtstay.com

catresolution.com

causegenerosity.com

couldwhole.com

courageprocess.com

dearclimb.com

definitionmoney.com

determinecountry.com

dividebar.com

farm.likemodern.com

farmresolution.com

fieldtook.com

fjk.materialgreat.com

forgivenessdiscuss.com

forgivenessexcite.com

founddid.com

fum.liftexample.com

fumyeqih.cn

gasheavy.com

grewnotice.com

happinessnecessary.com

hardappear.com

icp.witdiffer.com

independencesight.com

ingenuityparty.com

intuitionclaim.com

legacyegg.com

legacyup.com

legbusy.com

likeaspiration.com

likemodern.com

linemeasure.com

lur.deepmain.com

mixkept.com

motivationtruck.com

motivationwife.com

ns1.storepharmbrands.com

oil.distantthan.com

operatedefinition.com

originalintuition.com

ouv.eitherbook.com

pathreflection.com

poemrespect.com

poselove.com

producestrength.com

propertymeat.com

pyt.formrealization.com

qif.materialgreat.com

qrz.formrealization.com

reflectionsit.com

seatstrength.com

seestrength.com

selfice.com

severalmeet.com

shapedefinition.com

shoreobject.com

spacesolve.com

startdictionary.com

steamcount.com

strengthinch.com

thereoptimism.com

theseevery.com

threeran.com

touchbrought.com

traditionunder.com

trustdegree.com

twomotivation.com

upgenerosity.com

vty.liftexample.com

vuv.formrealization.com

waitbox.com

whatwent.com

wisdomprove.com

www.foqmeyop.cn

www.gasheavy.com

www.lafec.com

www.mixkept.com

www.touchbrought.com

xaqninoh.cn

xzb.startdictionary.com

ynx.formrealization.com

Hostnames sharing same IP address: (87.242.78.57 - Blacklisted)

*.by.ru

*.max-foto.info

*.pos1.by.ru

*.wwretsapio.by.ru

2007-scams.by.ru

45-24-03.com

alsu.by.ru

atb.by.ru

awn.by.ru

bancaposte.by.ru

belgorod.by.ru

bpolbancoposta.by.ru

e-zbuild.com

elik.by.ru

em83.by.ru

forsyte.by.ru

goz.by.ru

grayxufyfy.by.ru

gwtw.by.ru

gym.by.ru

host.by.ru

indetails.info

lag12.by.ru

localexploit.by.ru

login-yahoo-config.by.ru

ns3.by.ru

pos1.by.ru

primero.by.ru

rebelde-mexico.by.ru

reklamaru.by.ru

shura.by.ru

snape.by.ru

tenek.by.ru

tp.by.ru

transazia.by.ru

tut.by.ru

vof.by.ru

wwretsapio.by.ru

www.max-foto.info

Hostnames sharing same IP address: (78.46.39.209 - Blacklisted)

0.1.vg

1.0.1.vg

1.vg

156112.1.vg

18.17.16.15.14.13.12.11.10.9.8.7.6.5.4.3.2.1.vg

19.18.17.16.15.14.13.12.11.10.9.8.7.6.5.4.3.2.1.vg

2.ag

20.19.18.17.16.15.14.13.12.11.10.9.8.7.6.5.4.3.2.1.vg

212.120.5.1.vg

3.1.vg

a.gp

a.pro.vg

adil.will.break.all.systems.top.tc

adriansyah.is.my.name.vg

all.co.uk

allah.alwatan.almalik.edu.ms

always.in.da.top.tc

am.prins.edu.ms

angelo.1.vg

army.of.1.vg

au.nf

banjaluka.edu.ms

biz.uz

blow.your.top.tc

boqdan.edu.ms

born.without.name.vg

bottom.to.top.tc

call.my.name.vg

can.you.see.my.name.vg

coding.team.pro.vg

counter-strike.pro.vg

cracker.pro.vg

d.1.vg

da.cx

de.ki

dekster.1.vg

dont.blow.your.top.tc

dr.ag

edu.ms

elev.edu.ms

emang.top.tc

est.deus.in.nobis.top.tc

eu.ki

gaestebuch-1.de

gentoo.1.vg

gige.fast-ethernet.london.eu.edu.ms

giovanni.edu.ms

hacked.domain.name.vg

house.1.vg

i.will.be.pro.vg

ice.edu.ms

im.a.pro.vg

im.pro.vg

intel.pentium.dual-xeon-ht.3.0ghz.lap.top.tc

introduce.your.name.vg

invisible.is.my.devilish.name.vg

irc.host.name.vg

is.my.name.vg

itesm.edu.ms

its.call.my.name.vg

jixx.de

justjuice.au.nf

l.1.vg

learn.how.to.set.up.an.eggdrop.at.university.of.baghdad.edu.ms

linux-servers.edu.ms

macquarie.edu.ms

mail.1.vg

mail.2.ag

mail.edu.ms

mail.gaestebuch-1.de

mail.name.vg

mail.npx.de

mail.pro.vg

mail.top.tc

malaysiahelp.1.vg

michagorov.on.top.tc

miraculous.edu.ms

moshi.da.sadness.master.plu.pro.vg

mujahid.university.edu.ms

myth.busters.edu.ms

name.vg

neko.noz.neko.kalash.a.mi.top.tc

nick.name.vg

non.vg.vs.pro.vg

noz.neko.kalash.a.mi.top.tc

npx.de

one.and.1.vg

ooops.i.forget.my.name.vg

operator.yang.paling.keren.dan.top.tc

pakistani.edu.ms

paling.nge.top.tc

please.introduce.your.name.vg

pro.vg

put.1.vg

reyes.rock.1.vg

san.fransisco.city.college.edu.ms

schoolofhardknocks.edu.ms

scodetto.milik.juventus.emang.top.tc

selalu.main.internet.di.rumah.pakai.lap.top.tc

skini.tange.a.onda.i.top.tc

sobota-info.edu.ms

sono.sempre.al.top.tc

student.edu.ms

sunway.edu.ms

super.top.tc

tange.a.onda.i.top.tc

tech.harvard.edu.ms

this.nick.name.vg

tip.top.tc

tm.82.192.56.120.1.vg

top.tc

using-adsl.connection.in.harvard.edu.ms

vil.1.vg

what.da.fuck.you.lookin.at.my.nick.name.vg

will.be.pro.vg

www.a.gp

x-com.m-w.randd.mitsubishi.jp.edu.ms

yaa.ali.madad.edu.ms

you.give.love.a.bad.name.vg

your.dumb.mother.has.a.fucking.bitch.name.vg

zzsspp.1.vg

Hostnames sharing same IP address: (196.26.208.173 )

airall.com

amabubesi.net

amabubesicapital.com

amabubesicapital.net

amabubesifinancialservices.com

amabubesifsg.com

amabubesigroup.com

amabubesigroup.net

amabubesiict.com

amabubesiinformationservices.com

amabubesipropertygroup.com

amabubesires.com

amabubesiresources.com

artslink.co.za

av.dial-up.net

av.ixweb.co.za

ittconnect.co.za

mail.callman.com

mail.ival.co.za

mail.open-edit.com

mail.webhouse.co.za

visp05.dial-up.net

vmail.dial-up.net

vwww.dial-up.net

www.4x4hire.co.za

www.54.co.za

www.artslink.co.za

www.irishslang.co.za

www.ittconnect.co.za

www.mhondoro.com

www.noordhoek.co.za

www.paddlers.co.za

www.sortino.co.za

www.suelederle.co.za

www.vuyani.co.za

www.wammetals.co.za

Spam ** 17 Aug

121.12.127.241 (Blacklisted)

Domains sharing IP with a-records:

00freewebhost.cn

dia-company.net

googleehits.com

mail.cn3215.com

mail.dia-company.net

mail.dns-forward.com

mail.mavr-best.com

mail.spyware-systems.info

mail.spywarehome.info

mail.tinrussia.cn

mavr-best.com

ns1.cn3215.com

ns1.dns-forward.com

ns2.cn3215.com

ns2.dns-forward.com

spyware-systems.info

spyware-file.info

spywarehome.info

viphack.ru

www.spyware-systems.info

www.spywarehome.info

www.spywarepc.info

dadimsexa.ru (87.118.126.66)

Domains sharing nameservers:

vonal.ru

popconvert.ru

tvoyadueta.ru

cool.tvoyadueta.ru

firestarter.vonal.ru

www.aiuvzhbo.cn (211.95.78.84)

aieenlko.cn

aivlopuo.cn

carcold.com

carlast.com

nightgreat.com

www.aiscjmuo.cn

www.aiuvzhbo.cn

www.aicgifgo.cn

www.grandpricer.com

www.tentbear.com

*.aiiecupo.cn

*.aiivugko.cn

*.ailmwexo.cn

*.aimmjtlo.cn

*.aiuvzhbo.cn

*.aixnyewo.cn

*.cupdow.com

*.dnsuperreq.com

*.gullygrowly.com

*.superserverpro.com

aiasfsro.cn

aicjhcto.cn

aiiecupo.cn

aiivugko.cn

aijmwino.cn

ailmwexo.cn

ailvujko.cn

aimmjtlo.cn

aithoulo.cn

aiuvzhbo.cn

aiwcetno.cn

aixnyewo.cn

cupdow.com

eveawe.com

gullygrowly.com

gullyzulu.com

ns1.5-2005-search.com

ns1.aicjhcto.cn

ns1.aiiecupo.cn

ns1.aiivugko.cn

ns1.aijmwino.cn

ns1.ailmwexo.cn

ns1.aimmjtlo.cn

ns1.aithoulo.cn

ns1.aixnyewo.cn

ns1.cupdow.com

ns1.gullygrowly.com

ns1.gullyzulu.com

ns1.superserverpro.com

ns2.aicjhcto.cn

ns2.aiiecupo.cn

ns2.aiivugko.cn

ns2.aijmwino.cn

ns2.ailmwexo.cn

ns2.aimmjtlo.cn

ns2.aithoulo.cn

ns2.aixnyewo.cn

ns2.cupdow.com

ns2.gullygrowly.com

ns2.gullyzulu.com

superserverpro.com

www.aiivugko.cn

www.ailmwexo.cn

www.aimmjtlo.cn

www.aixnyewo.cn

exactswell.com (220.196.59.35 - Blacklisted)

pfizer.exactswell.com

dmipezop.cn

sontingle.com

www.yujifad.cn (218.75.144.6 - Blacklisted)

byatotar.cn

cddd.net

real-pfizer.com

skufukad.cn

sontingle.com

lag12.by.ru (87.242.78.57)

*.by.ru

*.max-foto.info

*.pos1.by.ru

*.wwretsapio.by.ru

2007-scams.by.ru

45-24-03.com

alsu.by.ru

atb.by.ru

awn.by.ru

bancaposte.by.ru

belgorod.by.ru

bpolbancoposta.by.ru

e-zbuild.com

elik.by.ru

em83.by.ru

forsyte.by.ru

goz.by.ru

grayxufyfy.by.ru

gwtw.by.ru

gym.by.ru

host.by.ru

indetails.info

localexploit.by.ru

login-yahoo-config.by.ru

ns3.by.ru

pos1.by.ru

primero.by.ru

rebelde-mexico.by.ru

reklamaru.by.ru

shura.by.ru

snape.by.ru

tenek.by.ru

tp.by.ru

transazia.by.ru

tut.by.ru

vof.by.ru

wwretsapio.by.ru

www.max-foto.info

03aef.pvedexof.cn

220.196.59.35
91.213.33.10
203.93.208.86
218.75.144.6 - Blacklisted

*.cmuviraz.cn

*.cvupuqal.cn

*.trazawib.cn

*.wrotehumor.ru

9d1.cmuviraz.cn

cmuviraz.cn

ns1.chartflat.in

ns2.ba43.com

ns2.bluesign.in

ns2.buysudden.com

ns2.chartflat.in

ns2.coateach.com

ns2.da39.com

ns2.heartcorner.in

ns2.himwhich.in

ns2.med22.org

ns2.mu77.net

ns2.tonephrase.com

ns2.via11.net

ns2.via86.com

ns2.via99.org

ns2.wooddoes.in

ns3.valuedflower.com

ns3.wrotehumor.ru

wrotehumor.ru

033c.grozolux.cn

bziwukus.cn -

220.196.59.35
91.213.33.10
203.93.208.86
218.75.144.6

b6q.ru

bkupeqop.cn

cvazubun.cn

cvupuqal.cn

domeek.com

fvofekal.cn

gnocirav.cn

gsifuxas.cn

ncokodap.cn

nkovofus.cn

pmabereh.cn

pmugukax.cn

pxizidas.cn

qdedexoh.cn

qnahatep.cn

rvisumel.cn

sgemukek.cn

tfubixol.cn

tieperson.com

xsafuwiq.cn

ykafudul.cn

zguqulet.cn

80cf6c.ldetamur.cn

eff.gfasawot.cn

a9d4.ypaniyuh.cn

avira-offline-updates.qarchive.org is phishing website??

avira-offline-updates.qarchive.org with IP address 174.132.135.50 hosts 944 others domains and one of suspicious website is adult-spelling.qarchive.org

MyWOT rate avira-offline-updates.qarchive.org have poor reputation.

You judge it !!

--X0end

Get Antivir Premium Full version redirecting user purchase software at suspicious www.inklineglobal.com ??

Today, my curiosity arise when I planned to download Antir Free Antivirus for personal purpose use when visiting at website http://www.free-av.de/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html

Suddenly I attracted with advertisement "Get Antivir Premium - Full Version Free", and it really enticing me to continue providing my fake id details in order for me to continue browsing to next page ( I believed that nothing is for free, normally it will come together with some rules and regulation). It redirecting me to another website trialpay.com that provide customers online purchase products and services.

http://www.trialpay.com/campaign/?c=3c168ad&tid=6rG-Y--

It seem like I need click on "Continue" in order for me to purchase PC Booster software before free downloading Antivir Premium for free. Wow...one small window pop-up to make sure I need purchased PC Booster before access to free product. :D

Without doubt, I clicked on "Complete this offer" and I was redirected to within few seconds

http://www.inklineglobal.com/adsales/trialpay/pcb_offer_pcbooster_new.html?subID=U24762215&mcp=xxx

Er.... MyWOT icon installed in my FF browser indicate RED color. Emm....is www.inklineglobal.com safe enough to surf ?? Can I trust on this website ?? Suddenly few questions raised in my mind.... I might need to check in detail by browse to www.mywot.com

http://www.mywot.com/en/scorecard/www.inklineglobal.com

So, from the figure above, it seem like some users provide bad comments on this website and rest of them gave positive comments.... How do you think? Do you want continue purchase from http://www.inklineglobal.com ??

It the site owner claimed that this website safe and legal to use, then he/she might email to mywot.com to clarify those rating because it might be at stopper from users continuing purchase any softwares from http://www.inklineglobal.com ?

How about Antivir ? Do they aware about this also when third party websites redirecting their antivir fans or supporter to http://www.inklineglobal.com ?

It really scratch my head when thinking about this..... Huh.....I better choice others free antivirus.

Fake Malware Domains List Providers #2

Blacklisted - 83.133.123.113

Domains:

allfootballmanager.cn

bennysaintscathedral.com

besthockeyteams.cn

bestjokesever.cn

commercialali.cn

discovernewchina.cn

emmyawardslist.cn

events-team-manager.com

explorersecurityhelper.com

gowildtours.cn

hardwarefactories.cn

honda-recycle.cn

i-dont-care-much.com

lambadacinema.cn

maliciousbaseupdates.com

malwareurlblock.com

natalieportmansite.cn

newyorkcitytaste.cn

notebookcomplaints.cn

onlyprimetrust.cn

overallstuff.cn

panamaislands.cn

rollerskatesadvise.cn

securitybrowseradviser.com

seedtoleech.cn

spacefunk.cn

statisticalmetrics.cn

struckyorluck.cn

t1010.greatnet.de

windowssecurityinfo.com

www.bennysaintscathedral.com

Tools:

Robtex

WordPress <= 2.8.3 Remote admin reset password

Reference: http://milw0rm.com/exploits/9410

II. BACKGROUND -------------------------
WordPress is a state-of-the-art publishing platform with a focus on 
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time. More simply, WordPress is what you use 
when you want to work with your blogging software, not fight it.  

III. DESCRIPTION -------------------------
The way Wordpress handle a password reset looks like this: 
You submit your email adress or username via this 
form /wp-login.php?action=lostpassword ; 
Wordpress send you a reset confirmation like that via email:
 " Someone has asked to reset the password for the following site and username. 
http://DOMAIN_NAME.TLD/wordpress Username: 
admin To reset your password visit the following address, 
otherwise just ignore this email and nothing will happen  
http://DOMAIN_NAME.TLD/wordpress/wp-login.php?action=rp&key=o7naCKN3OoeU2KJMMsag " 
You click on the link, and then Wordpress reset your admin password,
and sends you over another email with your new credentials. 
Let's see how it works: Full article   

--X0end

Suspicious and Porn Domains ** 10 Aug

porn-free-tube.com - 94.75.233.162

*.spyware-killer.biz

www.spyware-killer.biz

xgirlsplay.com - 66.40.56.10

Suspicious Domains:

50webs2.50webs.com

abletosave.com

alb-crew.com

algate.net

alifah.50webs.com

alltypes.biz

alshbabwalmosstakball.com

ambalapuzha.net

ambitionn.com

ameilius.com

ana-c-amorim.com

anevka.com

ankaraotelleri.net

anses.com.ar

arcturusmusic.com

arkansasriver.net

bandamonttana.com

basradio.50webs.com

bednbathstore.com

blacksilver.net

borderlinesuperheroes.com

bostonacupuncture.net

bostonbroll.com

braillesignsinc.com

cellmonkey.com

coffeebids.com

cognichem.com

costax.50webs.com

croem.ac.pr

cypressgroveapartments.com

deep8.com

detroitpunk.net

diall.com

dns2.50webs.com

doubleshotduo.com

eachney.com

earth2link.net

ebizpoint.net

emailtools.com

emailtools.net

envate.com

fake-louis-vuitton.com

fastbank.com

flashsite.50webs.org

frankandchristina.com

garbmonger.com

genbucksmaster.we.bs

glass-musicians-figurines.com

goldfus.com

gpschartplotter.com

gwk.cl

hoahongtrang.us

holidayhomeincroatia.com

ianschaffa.com

idiomaspuertoreal.com

joemann.com

karateonline.com.ar

kooregani.com

koyuk.ca

lambrouchihuahuas.com

lifestylepublishinginc.com

livingroommusic.net

lloydstbnk.we.bs

loana.net

loanatv.com

loanatv.net

loyalcare.net

luckyacornchairs.com

lwvah.org

malamutehealth.org

malewska.com

mbbr-siding.com

moduleregistry.com

mycarolinamemories.com

nenkov.com

olallabiblechurch.com

paginaempleo.com

pb-r.com

philomenacato.com

phonechitchat.com

pkcrew.com

planetaespanol.net

pluginregistry.com

qtheboss.com

ravalear.com

robertdumont.com

rpgchat.net

scottprodigy.com

seanmicmba.com

seopp.com

sgoyal.net

sheedco.com

solaffect.com

stevensandcross.com

t2y.com

tabernaclehymns.com

taiwandocuments.org

thesamesong.com

tinhdautien.com

tonetail.com

trabajogalicia.com

trachys.com

unicornwebsites.com

urdux.com

vficonstudio.com

walkingforwellness.com

waterlinedesignsinc.com

webcamyahoo.com

westlondonlandsearches.com

wickes.net

wilsphotos.com

www.alb-crew.com

www.anses.com.ar

www.diall.com

www.fleawars.com

www.jsua.we.bs

www.lloydstbnk.we.bs

www.luckyacornchairs.com

www.lwvah.org

youtwo.com

zoneaffiliates.com

bazyrpe.cn - 195.95.151.174

Suspicious Domains:

acajelu.cn

adayby.cn

adiuqga.cn

ajyawif.cn

akoetly.cn

anoemyx.cn

apauzy.cn

atiguko.cn

ativoma.cn

atoacu.cn

atoceuk.cn

atoylev.cn

atuican.cn

atuyfe.cn

atyorzi.cn

avayhik.cn

avemyk.cn

aveyco.cn

aveylpa.cn

avotyab.cn

avyewi.cn

avygip.cn

avyodu.cn

avyofzu.cn

avyxaze.cn

awakuvi.cn

awaokfy.cn

awaviyh.cn

awetudo.cn

awohebu.cn

bestcover2u.cn

exuvage.cn

ezeunac.cn

ezoagu.cn

fevopru.cn

fexonhu.cn

finwuyc.cn

fixguat.cn

fobrim.cn

focunqa.cn

fogpak.cn

fomazej.cn

fombual.cn

foszecy.cn

fotkum.cn

gebomuk.cn

gihugyx.cn

gojaxty.cn

mail.adayby.cn

mail.adiuqga.cn

mail.ajyawif.cn

mail.akoetly.cn

mail.anoemyx.cn

mail.apauzy.cn

mail.ativoma.cn

mail.atoacu.cn

mail.atoylev.cn

mail.atuican.cn

mail.atuyfe.cn

mail.atyorzi.cn

mail.avemyk.cn

mail.aveyco.cn

mail.aveylpa.cn

mail.avyodu.cn

mail.avyofzu.cn

mail.avyxaze.cn

mail.awakuvi.cn

mail.awaokfy.cn

mail.awaviyh.cn

mail.awetudo.cn

mail.awohebu.cn

mail.bestcover2u.cn

mail.exuvage.cn

mail.ezeunac.cn

mail.ezoagu.cn

mail.fexonhu.cn

mail.finwuyc.cn

mail.focunqa.cn

mail.fogpak.cn

mail.foszecy.cn

mail.fotkum.cn

mail.gebomuk.cn

mail.gihugyx.cn

mail.gojaxty.cn

mail.yourfriskinfection.cn

ns1.pubilcnameserver7.com

ns2.pubilcnameserver7.com

pubilcnameserver7.com

searchopt7.com

www.ajyawif.cn

www.akoetly.cn

www.atiguko.cn

www.atoacu.cn

www.atoceuk.cn

www.atofaf.cn

www.atoylev.cn

www.atuican.cn

www.atuyfe.cn

www.atyorzi.cn

www.avayhik.cn

www.avemyk.cn

www.aveyco.cn

www.aveylpa.cn

www.avotyab.cn

www.awaokfy.cn

www.exuvage.cn

www.ezeunac.cn

www.ezoagu.cn

www.fevopru.cn

www.fexonhu.cn

www.fimcuoj.cn

www.finwuyc.cn

www.fisruba.cn

www.fixguat.cn

www.fomazej.cn

www.gebomuk.cn

www.gihugyx.cn

www.gojaxty.cn

yourfriskinfection.cn

Fake Malware Domains List Providers

Recently, lots of fake Malware Domains List Providers exists to entice users to purchase rogue antivirus (credit cards) once visiting their phishing websites.

IP address: 78.47.91.155

bbcnewsstyleguide.com

bestdeliverynews.cn

bestoilrigs.cn

bestpricesoverview.cn

brooklyn-bounty.com

gartnerdedault.cn

jessicasimpsonblog.cn

offroaddrivingcentres.com

securingyourwebbrowser.com

spywaredomainlists.com

static.155.91.47.78.clients.your-server.de

www.bbcnewsstyleguide.com

www.brooklyn-bounty.com

www.securingyourwebbrowser.com

yamato-mori.cn

your-bride-pride.com

IP address: 78.46.216.236

onlinesoftwarebilling.com

secure.onlinesoftwarebilling.com

static.236.216.46.78.clients.your-server.de

Spam ** 10 Aug

IP Address: 211.95.78.84

Domains:

*.aiiecupo.cn

*.aiivugko.cn

*.ailmwexo.cn

*.aimmjtlo.cn

*.aixnyewo.cn

*.cupdow.com

*.dnsuperreq.com

*.gullygrowly.com

*.superserverpro.com

aicjhcto.cn

aiiecupo.cn

aiivugko.cn

aijmwino.cn

ailmwexo.cn

aimmjtlo.cn

aithoulo.cn

aiwcetno.cn

aixnyewo.cn

cupdow.com

gullygrowly.com

gullyzulu.com

ns1.5-2005-search.com

ns1.aicjhcto.cn

ns1.aiiecupo.cn

ns1.aijmwino.cn

ns1.aimmjtlo.cn

ns1.aithoulo.cn

ns1.cupdow.com

ns1.gullygrowly.com

ns1.gullyzulu.com

ns1.superserverpro.com

ns2.aicjhcto.cn

ns2.aiiecupo.cn

ns2.aijmwino.cn

ns2.ailmwexo.cn

ns2.aithoulo.cn

ns2.cupdow.com

ns2.gullygrowly.com

ns2.gullyzulu.com

superserverpro.com

www.ailmwexo.cn

www.aimmjtlo.cn

www.aixnyewo.cn

IP Address:

91.213.33.10

203.93.208.86

218.75.144.6

220.196.59.35

Domains:

dmipezop.cn

allowhow.com

b5u.ru

ckufugad.cn

dryregion.com

fqubijov.cn

gpucivek.cn

hjorecap.cn

jsizorip.cn

lgadehet.cn

qcuvohah.cn

qpenovaj.cn

rcisagar.cn

spofasac.cn

tfajasuh.cn

trazawib.cn

tsekolek.cn

tvolenan.cn

wdapisil.cn

wmupizuw.cn

wnazijap.cn

yviwewox.cn

zjecimed.cn

nkizikuw.cn

b5i.ru

cnojufil.cn

ctoqemaf.cn

dcogijus.cn

fdivuxef.cn

gsayubeq.cn

jxofumod.cn

lcelaliv.cn

ndasopiv.cn

nmatoxok.cn

nzatapij.cn

pjacopeq.cn

pjebujox.cn

qpiroxud.cn

qsoveyuq.cn

rqunegic.cn

secondwee.com

snowsudden.com

tluduzob.cn

wgewopuz.cn

xxumajop.cn

ygalexib.cn

zkixukiq.cn

IP Address: 87.242.78.57

Domains:

*.by.ru

*.max-foto.info

*.pos1.by.ru

*.wwretsapio.by.ru

2007-scams.by.ru

45-24-03.com

alsu.by.ru

atb.by.ru

awn.by.ru

belgorod.by.ru

e-zbuild.com

elik.by.ru

em83.by.ru

forsyte.by.ru

goz.by.ru

gwtw.by.ru

gym.by.ru

host.by.ru

indetails.info

localexploit.by.ru

ns3.by.ru

pos1.by.ru

primero.by.ru

rebelde-mexico.by.ru

reklamaru.by.ru

shura.by.ru

snape.by.ru

tp.by.ru

tut.by.ru

vof.by.ru

wwretsapio.by.ru

www.max-foto.info

Malicious #2 ** 6-Aug, webalfa.cn

webalfa.cn ( 210.51.51.176 -Blacklisted)

Others domain share same IP address

mail.webalfa.cn

ns1.webalfa.cn

security-access-control.cn

street-info.com

webalfa.cn

Level 0:http://webalfa.cn/pab/index.php

Level 1:http://webalfa.cn/pab/load.php (Trojan Virustotal 30/41, Anubis Report)

Level 1:http://webalfa.cn/pab/include/iframe.html

Level 1:http://webalfa.cn/pab/include/spl.php?stat=Windows XP|Internet Explorer 7.0|U (PDF exploit Virustotal 13/41)

"index.php" contain malicious codes that exploit

-Office Snapshot Viewer CVE-2008-2463

-MDAC CVE-2006-0003

"iframe.html" actually contain code that exploit "MS Internet Explorer XML Parsing Buffer Overflow Exploit" according http://www.milw0rm.com/exploits/7477

--X0end

Malicious ** 6-Aug, xf0.ru

xf0.ru domains - Blacklisted

213.251.176.169
80.248.208.205
90.156.145.198
94.102.208.74
94.23.198.97




Other domains that sharing ip with a-records:

*.emonest.com
*.findbigshots.cn
*.findbigsoftpack.cn
*.findbigthinkers.cn
*.harleyhousedomain.cn
*.hhbg.in
*.premiumlocate.cn
*.thehomename.cn
*.x9m.ru
a3l.at
a3q.at
autobestwestern.cn
b5r.ru
bestfindaloan.cn
bestfinderr.cn
bestmortgagefind.cn
bigappletopworld.cn
bigpremiumfind.cn
bigtopcabaret.cn
blendbet.cn
c-webstudio.ru
c6y.ru
c8k.at
consomacteurs.com
credityem.ru
cutpricepot.cn
emonest.com
findbigmoneygame.cn
findbigshots.cn
findbigsoftpack.cn
findbigthinkers.cn
finditbig.cn
giantbeaversdiet.cn
giantpremium.cn
gianttopdiscover.cn
gianttopnano.cn
globalnameshop.cn
gqil.in
harleyhousedomain.cn
hhbg.in
hugetopseek.cn
intermarksa.ru
ixcx.in
kbgg.in
kkxv.in
ks35069.kimsufi.com
litetopfinddirect.cn
ltkq.in
lzwn.in
mail.c-webstudio.ru
mail.credityem.ru
mail.emonest.com
mail.maatc.ru
mail.ph-factory.com
mail.ph-factory.ru
mail.spravim.ru
mail.stukov.net
mediahousenamebuyvideo.cn
michaelsbestway2findalawyer.cn
mixmediadirect.cn
mixwagerdirect.cn
namemartfilmlife.cn
nanotopdiscover.cn
ns.stukov.net
ns1.emonest.com
ns2.c-webstudio.ru
ns2.credityem.ru
ns2.maatc.ru
ns2.ph-factory.ru
ns2.spravim.ru
ns2.stukov.net
nyfilmlife.cn
oaty.in
ph-factory.com
ph-factory.ru
premiumlocate.cn
premiumnonfat.cn
readymixbet.cn
soac.in
spravim.ru
taxi-k.ru
thehomename.cn
torrentoreactor.net
u5t.ru
u6b.ru
u9k.ru
v3928.vps.masterhost.ru
vds534.sivit.org
vds773.sivit.org
vds924.sivit.org
www.b7g.ru
www.consomacteurs.com
www.emonest.com
www.hhbg.in
www.premiumlocate.cn
x3y.ru
x9m.ru
x9y.ru
ynaa.in
yourbettas.cn
yourlotcar.cn
zsyr.in

Google Safe Browsing list www.adoimagazine.com as suspicious?

Today, I received email from my reader to report out www.adoimagazine.com was rated as suspicious by Google. www.adoimagazine.com ranked 275,938 according Alexa. Most of the visitors are from Malaysia.







As usual, I will manually view the contents for that website but can't find any suspicious codes or scripts inside the pages. Hence, viewing google diagnosis page will be will next step http://www.google.com/safebrowsing/diagnostic?site=adoimagazine.com.



According to the figure above, it seem www.adoimagazine.com hosted at the same suspicious ip address "202.75.43.26" that contain other domains

blog.adoimagazine.com
jobs.marketingmagazine.com.my
marketingmagazine.com.my
sub.adoimagazine.com
www.adoimagazine.com
www.marketingmagazine.com.my
www.obamamagickl.com


I hope that site owner can report back to Google regarding for their false alarms rating.

--X0end

Spam ** 5 Aug

Suspicious Domain lists:

xisazar.cn/

cdh.110mb.com/

bekikitchen.110mb.com/

avydemo.com/

alivehour.com/

bajka.bis.fm.interia.pl

leavelofty.com/

flyhour.com/

www.latriblesemint.info/

baiamarepoze.110mb.com/

alivehour.com/

61.109.150.7/www.paypal.com.php

www.latriblesemint.info/?

redi.by.ru/1

www.cardsvcs.info/

www4.secure-card-services.info:29111/

dbigomah.cn/

w316775.s144.ufhost.com/

www.yenaedvd.com/she/

leavelofty.com/

tastyyou.com/

alivehour.com/

qaed130.thegloomtoeat.info/

www.lvlve.com/

flyhour.com/

leavelofty.com/

alivehour.com/

beep.webd.pl/

righthumble.com/

redi.by.ru/

alivehour.com/

rental.by.ru

72ab7.yesijub.cn/

leavelofty.com/

www.latriblesemint.net/

k888.tw/tv/dm/

cookgoqyro.livejournal.com/

lrres.allmike.com/

s53.radikal.ru/

clubonyx.biz/

www.latriblesemint.info/

www.your-dress.ru/

www.yawqaziy.cn/

email.wegame.com/

phx.corporate-ir.net/

uslifeinsurancesite.com/

myinsuranceusa.net/

yourclubmember.com/

www.hotelclub.com/

littlenight.com/

nyavekep.cn/

littlenight.com/

www.unsforkiltes.biz/

raiseyear.com/

desirehas.com/

mcakifij.cn/

www.catiguq.cn/

www.lvlve.com/

drug-ed.info/

stop.mail-image.com/

www.saginat.cn/

www.gisler-systems.ch/

www.esetnod32.ru/

remont-best-project.by.ru/

equalbought.com/

www.cogbutoz.cn/

www.i-comu.com/

freefreemoneys.net/

khirirat.suratthani.doae.go.th/

vnet.hu/relabordor/

sm3.bigfishgames.com:80/

fasterdid.com/

ziphim.com/

littlenight.com/

nyavekep.cn/

invitel.hu/reklamiroda/

www.battt.ru/

www.savmisom.cn/

www.jamsonfarms.net/

ziphim.com/

idnetserver5.idmailing.eu/

gsmkoolets.com/

www.bofa.com/

epost.allersforlag.se/

www.jamsonfarms.net/

nyavekep.cn/

littlenight.com/

www.cmppdeperigueux.org/

remont-best-project.by.ru/

www.oex.ro/

www.zojlugov.cn/

www.mucequc.cn/

redi.by.ru/

www.i-comu.com/

lav-u.net/

24945.doragoq.cn/

ziphim.com/

tastyyou.com/

mobileringsite.com/

adk.mobileringsite.com/

www.battt.ru/

dbigomah.cn/

www.greatgamegalaxy.net/

www.jamsonfarms.com/

www.wavecasinoluxury.net/

www.jamsonfarms.com/

flmenp.bestpriceporsche.com/

b83.qqxbzaq.cn/

www.wavecasinoluxury.net/de/

www.yoga.org.nz/

www.aweber.com/

www.jamsonfarms.com/?

enjoychick.com/

righthumble.com/

adk.canhandleonline.com/

www.enjinia-777.com/

funskoolindia.com/

www.colonyinfo.com/

equalbought.com/

remontnik-andrey.by.ru/

stylelushblog.com/

www.galaxygreatgame.net/

ecee.ideacnm.cn/

db987.ideacnm.cn/

www.fasterdirection.com/

www.jamsonfarms.com/

invitel.hu/reklamiroda/

vnet.hu/relabordor/

diefinzelbergs.de/

earthmag.org/

remont-best-project.by.ru/

71d.dejivas.cn/

270.vndizdc.cn/

5cd.qzfihlv.cn/

www.xirwasab.cn/

fasterdifference.com/

rental.by.ru/

www.yoga.org.nz/

clicks.aweber.com/

www.yawqaziy.cn/

adk.mobileringsite.com/

mobileringsite.com/u

www.battt.ru/

mekioie.com/platinasex/

dbigomah.cn/

trial.simpleaffect.com/

slimfitagreement.com/

www.virenschutz-runterladen.info/

school38.by.ru/

8e993.pnbixkq.cn/

fun-games4u.net/

un.zepoquh.cn/

www.sonicdrivein.com/

abs.yojuvaj.cn/

www.pbcompliance.net/

pbcompliance.net/

tarantyl.by.ru/

kittensedop.com/

26d0cd.mijolck.cn/

www.weic15.com/

rrbs123coffeesspikes333.com/

greatestrxhere.com/

www.kasbila.com/

www.zadkuon.com/

www.truongxua.vn/

www.sonicdrivein.com/

www.yubicew.cn/

wwwsonicdrivein.com/

www.kasbila.net/

9023.bnsuahh.cn/

capwatches.cn/

easyactual.com/

capwatches.cn/

veryaboard.com/

www.powercomm.com/

98.137.34.58/

7dbb.ehasygt.cn/

reliablerxforyou.com/

www.kasbila.net/

visitedwhat.net/

05bd.bnsuahh.cn/

djfofo.lx.ro/

www.zadkuon.net/

capwatches.cn/

reliablerxforyou.com/

wncg.thebugattisport.com/

d94871.wfjagua.cn/

www.tevhujiz.cn/

8a511.bhuextn.cn/

trial.simpleaffect.com/

hytuyxp.cn/

www.zadkuon.com/

ticket.sewedak.cn/

www.rakcakid.cn/

www.sonicdrivein.com/

ticket.sewedak.cn/

www.onlinemedaroma.com/

img17.imageshack.us/

43ade.zpyabfj.cn/

85.17.213.130/

www.worldtech2009.com/

www.zadkuon.com/

veryaboard.com/

free.veryanywhere.com/

www.trestactivizion.net/

enjoychick.com/

veryact.com/

www.trestactivizion.net/

sample.veryahead.com/

free.veryaccording.com/

free.veryacres.com/

www.casinoclubwonderful.net/

www.casinoglobalsilver.net/

tadade55.com/pc/?koukoku

www.himitu-blog.org/

220.144.155.100/

flyers.ne.jp/

ado55.com/

www.himitu-blog.org/

free.veryacross.com/

veryacross.com/

free.veryacres.com/

www.id-baken.jp/

sample.veryaccording.com/

veryanywhere.com/

ad.zanox.com/ppc/

www.bars73.com/

www.casinoclubwonderful.net/

www.veryaccount.com/

sample.veryaccount.com/

ad.zanox.com/

veryaccording.com/

enjoychick.com/

events.maildirect.se/

epost.allersforlag.se/

www.starcasinoglobal.net/

surajdevelopers.in/

piastminkowskie.yoyo.pl/

guesthouse-solen.com/

altinsoy.com.tr/images/

sklapace.sk/

www.mypartnersprogram.yoyo.pl/

peletovekachle.sk/

reklamaru.by.ru/

enjoychick.com/

www.seemsokonberder.net/

dbigomah.cn/

veryacross.com/

www.veryahead.com/

veryaccount.com/

randywernerenterprises.us/

catsop.com/

kittensedop.com/

mothercarry.com/

www.lynnwizz.co.uk/

www.badgermarketing.co.uk/

www.tools72.com/

moreh.zepoquh.cn/

watch.zepoquh.cn/

tw.youtube.com/

www.seemsokonberder.net/

free.veryacres.com/

www.streetmoney.ru/

fun-games4u.net/

tvoeimya.home.sapo.pt/

sextuta.ok.ru/

enjoychick.com/

veryacres.com/

www.clubcasinowonderful.net/

--X0end