lookin for ranges on these assholes: (remember to use more than arin depending on the company etc)
http://www.spywareguide.com/creator_list_full.php
(might have to do a little diggin- goin to their site to find affiliated companies etc)
anyone who knows the spybot peeps can you email them and see what kinda help they need as far as info for immunize and the update definitions?
Full Version: spyware research project
sounds good 
i think these will help too man.
http://research.pestpatrol.com/Search/SitesSearch.asp
http://pestpatrol.com/pestinfo/
i think these will help too man.
http://research.pestpatrol.com/Search/SitesSearch.asp
http://pestpatrol.com/pestinfo/
i'm workin on the first page of the spyware guide- for ones i can't find ranges on i'm emailing them so see what ip....
Belcaro Group
BSSCO, Inc.
CatchCheat
Coft Software
eAcceleration
Electronic Group
ExploreAnywhere Software
Harris Digital Publishing
IamBigBrother
ICUSurf, LLC
Marshal Content Security Solutions
Original Programs
Pearl Software
QuiComm
SafeNet Corp
SentryCam
SilverStone Software Corp.
SoftActivity
Spectorsoft
Spytech
Belcaro Group
BSSCO, Inc.
CatchCheat
Coft Software
eAcceleration
Electronic Group
ExploreAnywhere Software
Harris Digital Publishing
IamBigBrother
ICUSurf, LLC
Marshal Content Security Solutions
Original Programs
Pearl Software
QuiComm
SafeNet Corp
SentryCam
SilverStone Software Corp.
SoftActivity
Spectorsoft
Spytech
here are the ranges i've found so far (i'll add them here as well as i go along and then i'll make sure theyv get in the ad etc blacklist)
post after this will have the ones i couldn't find ranges on (i've emailed some of them to see what ip i'll get from them)
....
Claria Corporation UU-63-103-205-128 (NET-63-103-205-128-1):63.103.205.128-63.103.205.255
CYBERSPACE TO PARADISE, INC UU-65-248-171 (NET-65-248-171-0-1):65.248.171.0-65.248.171.255
SpyGlass, Inc. UU-63-68-20 (NET-63-68-20-0-1:63.68.20.0-63.68.23.255
Belcaro Group, Inc. USW-BELCARO (NET-63-224-68-104-1:63.224.68.104-63.224.68.111
SafeNet Corp USW-SAFENETCORP (NET-63-226-99-88-1:63.226.99.88-63.226.99.95
Spectorsoft Corp. RSPC-6477-1034803939 (NET-64-49-244-48-1:64.49.244.48-64.49.244.55
Spectorsoft Corp. RSPC-6457-1034803940 (NET-64-49-244-56-1:64.49.244.56-64.49.244.63
Spectorsoft Corp. RSPC-6457-1034804457 (NET-64-49-245-184-1:64.49.245.184-64.49.245.191
Net IQ IEN-N45275 (NET-64-249-120-128-1:64.249.120.128-64.249.120.135
Global Internet Management FON-110176000090595 (NET-65-171-134-0-1:65.171.134.0-65.171.134.255
Global Internet Management SAVV-S225053-0 (NET-66-101-232-0-1:66.101.232.0-66.101.232.255
Spectorsoft Corp. RSPC-6457-1031113338 (NET-66-216-103-80-1:66.216.103.80-66.216.103.95
Spy-Patrol.com RSPC-2444-1031273608 (NET-66-216-114-216-1:66.216.114.216-66.216.114.223
Spy-Patrol.com RSPC-36136-1063225021 (NET-69-20-20-32-1:69.20.20.32-69.20.20.47
Spy-Patrol.com RSPC-36136-1063221282 (NET-69-20-21-192-1:69.20.21.192-69.20.21.207
Spyglass, Inc. SPYGLASS (NET-192-246-238-0-1:192.246.238.0-192.246.238.255
Belcaro Group, Inc. NET-199-45-139-64-6 (NET-199-45-139-64-1:199.45.139.64-199.45.139.79
Spectorsoft SPECTORSOFT (NET-199-72-35-168-1:199.72.35.168-199.72.35.175
Global Internet Management SPRINTLINK (NET-204-97-253-32-1:204.97.253.32-204.97.253.39
Global Internet Marketing Ltd. RADCOM-207-232-105-088-29 (NET-207-232-105-88-1:207.232.105.88-207.232.105.95
Spyglass, Inc. UU-208-205-234-D1 (NET-208-205-234-0-1:208.205.234.0-208.205.235.255
Shop at Home, Inc. UU-208-223-205-96 (NET-208-223-205-96-1:208.223.205.96-208.223.205.127
SPYGLASS UU-208-224-123-248-D (NET-208-224-123-248-1:208.224.123.248-208.224.123.255
Spyder Web Enterprises, LLC IP009856-209-10-165 (NET-209-10-165-0-1:209.10.165.0-209.10.165.31
Spyder Web Enterprises, LLC IP009854-209-10-165 (NET-209-10-165-32-1:209.10.165.32-209.10.165.47
Spyder Web Enterprises, LLC IP010184-209-10-165 (NET-209-10-165-72-1:209.10.165.72-209.10.165.79
Global Internet Management CERF-GIM-A (NET-209-186-2-0-1:209.186.2.0-209.186.3.255
Global Internet Management SAVV-S225053-0 (NET-216-88-23-0-1:216.88.23.0-216.88.23.255
Global Internet Management INFLOW-20899-101594-13865 (NET-216-183-124-248-1:216.183.124.248-216.183.124.255
HOP AT HOME NETWORK, LLC ABS-NSVLTN-SAHN (NET-216-248-29-0-1:216.248.29.0-216.248.29.63
post after this will have the ones i couldn't find ranges on (i've emailed some of them to see what ip i'll get from them)
....
Claria Corporation UU-63-103-205-128 (NET-63-103-205-128-1):63.103.205.128-63.103.205.255
CYBERSPACE TO PARADISE, INC UU-65-248-171 (NET-65-248-171-0-1):65.248.171.0-65.248.171.255
SpyGlass, Inc. UU-63-68-20 (NET-63-68-20-0-1:63.68.20.0-63.68.23.255
Belcaro Group, Inc. USW-BELCARO (NET-63-224-68-104-1:63.224.68.104-63.224.68.111
SafeNet Corp USW-SAFENETCORP (NET-63-226-99-88-1:63.226.99.88-63.226.99.95
Spectorsoft Corp. RSPC-6477-1034803939 (NET-64-49-244-48-1:64.49.244.48-64.49.244.55
Spectorsoft Corp. RSPC-6457-1034803940 (NET-64-49-244-56-1:64.49.244.56-64.49.244.63
Spectorsoft Corp. RSPC-6457-1034804457 (NET-64-49-245-184-1:64.49.245.184-64.49.245.191
Net IQ IEN-N45275 (NET-64-249-120-128-1:64.249.120.128-64.249.120.135
Global Internet Management FON-110176000090595 (NET-65-171-134-0-1:65.171.134.0-65.171.134.255
Global Internet Management SAVV-S225053-0 (NET-66-101-232-0-1:66.101.232.0-66.101.232.255
Spectorsoft Corp. RSPC-6457-1031113338 (NET-66-216-103-80-1:66.216.103.80-66.216.103.95
Spy-Patrol.com RSPC-2444-1031273608 (NET-66-216-114-216-1:66.216.114.216-66.216.114.223
Spy-Patrol.com RSPC-36136-1063225021 (NET-69-20-20-32-1:69.20.20.32-69.20.20.47
Spy-Patrol.com RSPC-36136-1063221282 (NET-69-20-21-192-1:69.20.21.192-69.20.21.207
Spyglass, Inc. SPYGLASS (NET-192-246-238-0-1:192.246.238.0-192.246.238.255
Belcaro Group, Inc. NET-199-45-139-64-6 (NET-199-45-139-64-1:199.45.139.64-199.45.139.79
Spectorsoft SPECTORSOFT (NET-199-72-35-168-1:199.72.35.168-199.72.35.175
Global Internet Management SPRINTLINK (NET-204-97-253-32-1:204.97.253.32-204.97.253.39
Global Internet Marketing Ltd. RADCOM-207-232-105-088-29 (NET-207-232-105-88-1:207.232.105.88-207.232.105.95
Spyglass, Inc. UU-208-205-234-D1 (NET-208-205-234-0-1:208.205.234.0-208.205.235.255
Shop at Home, Inc. UU-208-223-205-96 (NET-208-223-205-96-1:208.223.205.96-208.223.205.127
SPYGLASS UU-208-224-123-248-D (NET-208-224-123-248-1:208.224.123.248-208.224.123.255
Spyder Web Enterprises, LLC IP009856-209-10-165 (NET-209-10-165-0-1:209.10.165.0-209.10.165.31
Spyder Web Enterprises, LLC IP009854-209-10-165 (NET-209-10-165-32-1:209.10.165.32-209.10.165.47
Spyder Web Enterprises, LLC IP010184-209-10-165 (NET-209-10-165-72-1:209.10.165.72-209.10.165.79
Global Internet Management CERF-GIM-A (NET-209-186-2-0-1:209.186.2.0-209.186.3.255
Global Internet Management SAVV-S225053-0 (NET-216-88-23-0-1:216.88.23.0-216.88.23.255
Global Internet Management INFLOW-20899-101594-13865 (NET-216-183-124-248-1:216.183.124.248-216.183.124.255
HOP AT HOME NETWORK, LLC ABS-NSVLTN-SAHN (NET-216-248-29-0-1:216.248.29.0-216.248.29.63
the ones from the first page i still need to find info on (ranges)
....
no luck here:
BSSCO, Inc.
http://www.spywareguide.com/creator_show.php?id=19
CatchCheat
http://www.spywareguide.com/creator_show.php?id=21
Coft Software
http://www.spywareguide.com/creator_show.php?id=10
eAcceleration
http://www.spywareguide.com/creator_show.php?id=23
electronic group interactive , sl spain
http://www.spywareguide.com/creator_show.php?id=22
ExploreAnywhere Software
http://www.spywareguide.com/creator_show.php?id=6
( i emailed them)
Harris Digital Publishing
http://www.spywareguide.com/creator_show.php?id=5
(emailed them)
IamBigBrother
http://www.spywareguide.com/creator_show.php?id=17
(emailed them)
ICUSurf, LLC
http://www.spywareguide.com/creator_show.php?id=16
also skm software
(emailed both)
Original Programs
http://www.spywareguide.com/creator_show.php?id=24
(emailed)
Pearl Software
http://www.spywareguide.com/creator_show.php?id=14
(global interent mngmt is related so their ranges are in now)
QuiComm
http://www.spywareguide.com/creator_show.php?id=13
(emailed)
SentryCam
http://www.spywareguide.com/creator_show.php?id=11
(emailed)
SilverStone Software Corp.
http://www.spywareguide.com/creator_show.php?id=18
(emailed)
SoftActivity
http://www.spywareguide.com/creator_show.php?id=7
(emailed)
Spytech
http://www.spywareguide.com/creator_show.php?id=3
.....
looks like a good list of links to check out
http://www.originalprograms.com/contact/team.asp
Other useful websites: spy software at spy-software-spy.com; spy software at keyspy.net; spy software at software4parents.com; spell check at interactivegt.com; ace spy software
....
no luck here:
BSSCO, Inc.
http://www.spywareguide.com/creator_show.php?id=19
CatchCheat
http://www.spywareguide.com/creator_show.php?id=21
Coft Software
http://www.spywareguide.com/creator_show.php?id=10
eAcceleration
http://www.spywareguide.com/creator_show.php?id=23
electronic group interactive , sl spain
http://www.spywareguide.com/creator_show.php?id=22
ExploreAnywhere Software
http://www.spywareguide.com/creator_show.php?id=6
( i emailed them)
Harris Digital Publishing
http://www.spywareguide.com/creator_show.php?id=5
(emailed them)
IamBigBrother
http://www.spywareguide.com/creator_show.php?id=17
(emailed them)
ICUSurf, LLC
http://www.spywareguide.com/creator_show.php?id=16
also skm software
(emailed both)
Original Programs
http://www.spywareguide.com/creator_show.php?id=24
(emailed)
Pearl Software
http://www.spywareguide.com/creator_show.php?id=14
(global interent mngmt is related so their ranges are in now)
QuiComm
http://www.spywareguide.com/creator_show.php?id=13
(emailed)
SentryCam
http://www.spywareguide.com/creator_show.php?id=11
(emailed)
SilverStone Software Corp.
http://www.spywareguide.com/creator_show.php?id=18
(emailed)
SoftActivity
http://www.spywareguide.com/creator_show.php?id=7
(emailed)
Spytech
http://www.spywareguide.com/creator_show.php?id=3
.....
looks like a good list of links to check out
http://www.originalprograms.com/contact/team.asp
Other useful websites: spy software at spy-software-spy.com; spy software at keyspy.net; spy software at software4parents.com; spell check at interactivegt.com; ace spy software
1 of the 4 emails i sent out to adware etc corps helped me on ranges/company etc
and the other 3 did what? didn't respond? Or wouldnt give info? 
BTW, did you get a hold of Spybot Crew? I tried e-mailing them but never got a response either.
BTW, did you get a hold of Spybot Crew? I tried e-mailing them but never got a response either.
the headers on those 3 emails just have regular isp info
i emailed spybot a couple weeks ago- maybe next time i'll make it more clear that we're just trying to help them (maybe they thought i was competing with them or something)
i emailed spybot a couple weeks ago- maybe next time i'll make it more clear that we're just trying to help them (maybe they thought i was competing with them or something)
yea. could be. who knows.
the e-mail I sent them wasnt even about this thing tho I had a few things that AdAware picked up, that Spybot didn't and so I sent them the log(s) that AdAware gathered for them to add the stuff to Spybot heh.
the e-mail I sent them wasnt even about this thing tho
I had a few things that AdAware picked up, that Spybot didn't and so I sent them the log(s) that AdAware gathered for them to add the stuff to Spybot heh.
added to the ads etc blacklist:
(hey y'all there aren'y many ranges in that list so it needs some help!)
Claria Corporation UU-63-103-205-128 (NET-63-103-205-128-1):63.103.205.128-63.103.205.255
CYBERSPACE TO PARADISE, INC UU-65-248-171 (NET-65-248-171-0-1):65.248.171.0-65.248.171.255
SpyGlass, Inc. UU-63-68-20 (NET-63-68-20-0-1:63.68.20.0-63.68.23.255
Belcaro Group, Inc. USW-BELCARO (NET-63-224-68-104-1:63.224.68.104-63.224.68.111
SafeNet Corp USW-SAFENETCORP (NET-63-226-99-88-1:63.226.99.88-63.226.99.95
Spectorsoft Corp. RSPC-6477-1034803939 (NET-64-49-244-48-1:64.49.244.48-64.49.244.55
Spectorsoft Corp. RSPC-6457-1034803940 (NET-64-49-244-56-1:64.49.244.56-64.49.244.63
Spectorsoft Corp. RSPC-6457-1034804457 (NET-64-49-245-184-1:64.49.245.184-64.49.245.191
Net IQ IEN-N45275 (NET-64-249-120-128-1:64.249.120.128-64.249.120.135
Global Internet Management FON-110176000090595 (NET-65-171-134-0-1:65.171.134.0-65.171.134.255
Global Internet Management SAVV-S225053-0 (NET-66-101-232-0-1:66.101.232.0-66.101.232.255
Spectorsoft Corp. RSPC-6457-1031113338 (NET-66-216-103-80-1:66.216.103.80-66.216.103.95
Spy-Patrol.com RSPC-2444-1031273608 (NET-66-216-114-216-1:66.216.114.216-66.216.114.223
Spy-Patrol.com RSPC-36136-1063225021 (NET-69-20-20-32-1:69.20.20.32-69.20.20.47
Spy-Patrol.com RSPC-36136-1063221282 (NET-69-20-21-192-1:69.20.21.192-69.20.21.207
Spyglass, Inc. SPYGLASS (NET-192-246-238-0-1:192.246.238.0-192.246.238.255
Belcaro Group, Inc. NET-199-45-139-64-6 (NET-199-45-139-64-1:199.45.139.64-199.45.139.79
Spectorsoft SPECTORSOFT (NET-199-72-35-168-1:199.72.35.168-199.72.35.175
Global Internet Management SPRINTLINK (NET-204-97-253-32-1:204.97.253.32-204.97.253.39
Global Internet Marketing Ltd. RADCOM-207-232-105-088-29 (NET-207-232-105-88-1:207.232.105.88-207.232.105.95
Spyglass, Inc. UU-208-205-234-D1 (NET-208-205-234-0-1:208.205.234.0-208.205.235.255
Shop at Home, Inc. UU-208-223-205-96 (NET-208-223-205-96-1:208.223.205.96-208.223.205.127
SPYGLASS UU-208-224-123-248-D (NET-208-224-123-248-1:208.224.123.248-208.224.123.255
Spyder Web Enterprises, LLC IP009856-209-10-165 (NET-209-10-165-0-1:209.10.165.0-209.10.165.31
Spyder Web Enterprises, LLC IP009854-209-10-165 (NET-209-10-165-32-1:209.10.165.32-209.10.165.47
Spyder Web Enterprises, LLC IP010184-209-10-165 (NET-209-10-165-72-1:209.10.165.72-209.10.165.79
Global Internet Management CERF-GIM-A (NET-209-186-2-0-1:209.186.2.0-209.186.3.255
Global Internet Management SAVV-S225053-0 (NET-216-88-23-0-1:216.88.23.0-216.88.23.255
Global Internet Management INFLOW-20899-101594-13865 (NET-216-183-124-248-1:216.183.124.248-216.183.124.255
HOP AT HOME NETWORK, LLC ABS-NSVLTN-SAHN (NET-216-248-29-0-1:216.248.29.0-216.248.29.63
(hey y'all there aren'y many ranges in that list so it needs some help!)
Claria Corporation UU-63-103-205-128 (NET-63-103-205-128-1):63.103.205.128-63.103.205.255
CYBERSPACE TO PARADISE, INC UU-65-248-171 (NET-65-248-171-0-1):65.248.171.0-65.248.171.255
SpyGlass, Inc. UU-63-68-20 (NET-63-68-20-0-1:63.68.20.0-63.68.23.255
Belcaro Group, Inc. USW-BELCARO (NET-63-224-68-104-1:63.224.68.104-63.224.68.111
SafeNet Corp USW-SAFENETCORP (NET-63-226-99-88-1:63.226.99.88-63.226.99.95
Spectorsoft Corp. RSPC-6477-1034803939 (NET-64-49-244-48-1:64.49.244.48-64.49.244.55
Spectorsoft Corp. RSPC-6457-1034803940 (NET-64-49-244-56-1:64.49.244.56-64.49.244.63
Spectorsoft Corp. RSPC-6457-1034804457 (NET-64-49-245-184-1:64.49.245.184-64.49.245.191
Net IQ IEN-N45275 (NET-64-249-120-128-1:64.249.120.128-64.249.120.135
Global Internet Management FON-110176000090595 (NET-65-171-134-0-1:65.171.134.0-65.171.134.255
Global Internet Management SAVV-S225053-0 (NET-66-101-232-0-1:66.101.232.0-66.101.232.255
Spectorsoft Corp. RSPC-6457-1031113338 (NET-66-216-103-80-1:66.216.103.80-66.216.103.95
Spy-Patrol.com RSPC-2444-1031273608 (NET-66-216-114-216-1:66.216.114.216-66.216.114.223
Spy-Patrol.com RSPC-36136-1063225021 (NET-69-20-20-32-1:69.20.20.32-69.20.20.47
Spy-Patrol.com RSPC-36136-1063221282 (NET-69-20-21-192-1:69.20.21.192-69.20.21.207
Spyglass, Inc. SPYGLASS (NET-192-246-238-0-1:192.246.238.0-192.246.238.255
Belcaro Group, Inc. NET-199-45-139-64-6 (NET-199-45-139-64-1:199.45.139.64-199.45.139.79
Spectorsoft SPECTORSOFT (NET-199-72-35-168-1:199.72.35.168-199.72.35.175
Global Internet Management SPRINTLINK (NET-204-97-253-32-1:204.97.253.32-204.97.253.39
Global Internet Marketing Ltd. RADCOM-207-232-105-088-29 (NET-207-232-105-88-1:207.232.105.88-207.232.105.95
Spyglass, Inc. UU-208-205-234-D1 (NET-208-205-234-0-1:208.205.234.0-208.205.235.255
Shop at Home, Inc. UU-208-223-205-96 (NET-208-223-205-96-1:208.223.205.96-208.223.205.127
SPYGLASS UU-208-224-123-248-D (NET-208-224-123-248-1:208.224.123.248-208.224.123.255
Spyder Web Enterprises, LLC IP009856-209-10-165 (NET-209-10-165-0-1:209.10.165.0-209.10.165.31
Spyder Web Enterprises, LLC IP009854-209-10-165 (NET-209-10-165-32-1:209.10.165.32-209.10.165.47
Spyder Web Enterprises, LLC IP010184-209-10-165 (NET-209-10-165-72-1:209.10.165.72-209.10.165.79
Global Internet Management CERF-GIM-A (NET-209-186-2-0-1:209.186.2.0-209.186.3.255
Global Internet Management SAVV-S225053-0 (NET-216-88-23-0-1:216.88.23.0-216.88.23.255
Global Internet Management INFLOW-20899-101594-13865 (NET-216-183-124-248-1:216.183.124.248-216.183.124.255
HOP AT HOME NETWORK, LLC ABS-NSVLTN-SAHN (NET-216-248-29-0-1:216.248.29.0-216.248.29.63
wait till ive finished converting my blockpost list to peerguardian , i have literally thousands of adservers.. 
good work there too DDD.
good work there too DDD.
QUOTE (Moore @ Mar 4 2004, 06:10 AM)
wait till ive finished converting my blockpost list to peerguardian , i have literally thousands of adservers..
sounds great, cant wait lol.
sounds good
what a nightmare this editing is but.
doh 
llol. what kinda editting?
I found eDexter, it's like a local DNS server type thing, it runs on port 80 on the local side (so people wont see a webpage if they open there browser and enter my IP) and, like, Im gonna see what that all logs, see if itll log visited sites so I can do somethin like this too.
BTW, what ever happened to that GoogleBot ? I remember seeing it on PG.net I think he was a bot that crawled google for websites? Could he build our list of "webservers" to de-blacklist?
llol. what kinda editting? I found eDexter, it's like a local DNS server type thing, it runs on port 80 on the local side (so people wont see a webpage if they open there browser and enter my IP
) and, like, Im gonna see what that all logs, see if itll log visited sites so I can do somethin like this too.BTW, what ever happened to that GoogleBot ? I remember seeing it on PG.net
I think he was a bot that crawled google for websites? Could he build our list of "webservers" to de-blacklist?
what i used to do was go to the worst ad filled websites i can find and log all the ads ip adresses, they get stored in outpost dns cache..
and the editing , all my lists are mainly in outpost format, so they are impossible to use, like the spyware list , and if i try converting with blm it cuts all the names out, lol.
and the editing , all my lists are mainly in outpost format, so they are impossible to use, like the spyware list , and if i try converting with blm it cuts all the names out, lol.
hey these guys are ripping off spybots name to peddle their own spyware cleaner with a lot of help from google , which they arent supposed to be doing ?? , but i guess they are ex nsa they can do whatever ,lol , anyway i wouldnt dare touch any of these programs ..
so lets block them all hey.. and help look after patricks hard work and goodwill .
check out their crap adware remove pages:
http://www.no-spybot.com/
http://www.adware.info/
http://www.spywareremove.com/
Registrant:
Enigma Software Group, Inc.
213-17 39th Avenue Suite 255
New York, NY 11361
US
718-504-3648
Domain Name: ENIGMASOFTWAREGROUP.COM
Administrative Contact:
Russo, Alex enigma013@india.com
213-17 39th Avenue Suite 255
New York, NY 11361
US
718-504-3648
Technical Contact:
Russo, Alex enigma013@india.com
213-17 39th Avenue Suite 255
New York, NY 11361
US
718-504-3648
Record last updated 01-04-2004 10:56:46 PM
Record expires on 07-08-2004
Record created on 07-08-1999
Domain servers in listed order:
NS1.ENIGMASOFTWAREGROUP.COM:69.57.138.7-69.57.138.7
NS2.ENIGMASOFTWAREGROUP.COM:66.98.154.60-66.98.154.60
NS3.ENIGMASOFTWAREGROUP.COM:207.44.220.11-207.44.220.11
EVRY-BLK-13[Enigma host]:69.57.128.0-69.57.159.255
EVRY-BLK-14[Enigma host]:66.98.128.0-66.98.255.255
EVRY-BLK-11[Enigma host]:207.44.128.0-207.44.255.255
---------------------------------
also Spyware :
http://www.iOpus.com
iOpus.com[Spyware]:66.98.229.110-66.98.229.110
EVRY-BLK-14[Spyware host]:66.98.128.0-66.98.255.255
associated somehow with:
SkyNetWEB Ltd:208.231.0.0-208.231.1.255
NS1.SKYNETWEB.COM:208.231.1.34-208.231.1.34
NS2.SKYNETWEB.COM:208.231.1.35-208.231.1.35
Registrant:
iOpus Software GmbH (IOPUS7-DOM)
Postfach 1343
Walldorf, BW 69184
GERMANY
Domain Name: IOPUS.COM
Administrative Contact, Technical Contact:
Do (DA24881-OR) [AD]
Do, Ann
Iopus Software Gmbh
Postfach 1343
Bw
Walldorf 69184
DEU
999 999 9999 fax: 999 999 9999
Record expires on 29-Nov-2006.
Record created on 30-Nov-1998.
----------------------------------------------------------------
so lets block them all hey.. and help look after patricks hard work and goodwill .
check out their crap adware remove pages:
http://www.no-spybot.com/
http://www.adware.info/
http://www.spywareremove.com/
Registrant:
Enigma Software Group, Inc.
213-17 39th Avenue Suite 255
New York, NY 11361
US
718-504-3648
Domain Name: ENIGMASOFTWAREGROUP.COM
Administrative Contact:
Russo, Alex enigma013@india.com
213-17 39th Avenue Suite 255
New York, NY 11361
US
718-504-3648
Technical Contact:
Russo, Alex enigma013@india.com
213-17 39th Avenue Suite 255
New York, NY 11361
US
718-504-3648
Record last updated 01-04-2004 10:56:46 PM
Record expires on 07-08-2004
Record created on 07-08-1999
Domain servers in listed order:
NS1.ENIGMASOFTWAREGROUP.COM:69.57.138.7-69.57.138.7
NS2.ENIGMASOFTWAREGROUP.COM:66.98.154.60-66.98.154.60
NS3.ENIGMASOFTWAREGROUP.COM:207.44.220.11-207.44.220.11
EVRY-BLK-13[Enigma host]:69.57.128.0-69.57.159.255
EVRY-BLK-14[Enigma host]:66.98.128.0-66.98.255.255
EVRY-BLK-11[Enigma host]:207.44.128.0-207.44.255.255
---------------------------------
also Spyware :
http://www.iOpus.com
iOpus.com[Spyware]:66.98.229.110-66.98.229.110
EVRY-BLK-14[Spyware host]:66.98.128.0-66.98.255.255
associated somehow with:
SkyNetWEB Ltd:208.231.0.0-208.231.1.255
NS1.SKYNETWEB.COM:208.231.1.34-208.231.1.34
NS2.SKYNETWEB.COM:208.231.1.35-208.231.1.35
Registrant:
iOpus Software GmbH (IOPUS7-DOM)
Postfach 1343
Walldorf, BW 69184
GERMANY
Domain Name: IOPUS.COM
Administrative Contact, Technical Contact:
Do (DA24881-OR) [AD]
Do, Ann
Iopus Software Gmbh
Postfach 1343
Bw
Walldorf 69184
DEU
999 999 9999 fax: 999 999 9999
Record expires on 29-Nov-2006.
Record created on 30-Nov-1998.
----------------------------------------------------------------
next list to track:
http://www.regblock.com/product_list_clsid.php
http://www.regblock.com/product_list_clsid.php
i forget moore- were you working on a spyware range list somewhere?
ddd
ddd
yeah somewhere ... I need a bit longer please 
http://www.bluetack.co.uk/forums/index.php?showtopic=1069
http://www.bluetack.co.uk/forums/index.php?showtopic=1069
that's cool- i note where you posted for me to hold off on ranges earlier coz you had ton of ad servers etc but what i'm doin is wildcard searches on adware/spyware companies so i think we'll come up with diff results- also doesn't pw have trouble with ads or is that pop ups specifically?
ddd
ddd
the "problem" PW has with ads, is that PW/IE doesn't like "dropping" the packets, since IE can't see the connection or something. It's been brought to DudeZ attention, but theres no way to fix it I don't think.
added
spyware range:64.49.214.40-64.49.214.47
Total Velocity TOTAL-VELOCITY-NWK-1 (NET-66-159-219-192-1):66.159.219.192-66.159.219.207
eacceleration:65.212.166.0-65.212.166.255
telecom sec group:216.231.96.0-216.231.127.255
ELECTRONIC GROUP INTERACTIVE:213.170.47.88-213.170.47.95
ELECTRONIC GROUP INTERACTIVE:217.110.248.0-217.110.248.255
CYBERSPACE TO PARADISE:65.248.171.0-65.248.171.255
and the ranges with these could use a scan to see what's happening
www.coltsoft.hypermart.net:38.113.1.151
www.catchcheat.com:38.113.1.151
www.exploreanywhere.com:216.118.80.78
www.iambigbrother.com:209.35.183.206
www.pearlsw.com:66.250.40.72
www.quicomm.com:66.40.227.202
www.sentrycam.com:216.110.148.55
www.valueweb.net:207.150.192.17
www.silverstone.net:66.207.137.175
www.softactivity.com:216.109.151.53
www.spytechonline.com:66.98.130.88
www.originalprograms.com:216.205.146.152
spyware range:64.49.214.40-64.49.214.47
Total Velocity TOTAL-VELOCITY-NWK-1 (NET-66-159-219-192-1):66.159.219.192-66.159.219.207
eacceleration:65.212.166.0-65.212.166.255
telecom sec group:216.231.96.0-216.231.127.255
ELECTRONIC GROUP INTERACTIVE:213.170.47.88-213.170.47.95
ELECTRONIC GROUP INTERACTIVE:217.110.248.0-217.110.248.255
CYBERSPACE TO PARADISE:65.248.171.0-65.248.171.255
and the ranges with these could use a scan to see what's happening
www.coltsoft.hypermart.net:38.113.1.151
www.catchcheat.com:38.113.1.151
www.exploreanywhere.com:216.118.80.78
www.iambigbrother.com:209.35.183.206
www.pearlsw.com:66.250.40.72
www.quicomm.com:66.40.227.202
www.sentrycam.com:216.110.148.55
www.valueweb.net:207.150.192.17
www.silverstone.net:66.207.137.175
www.softactivity.com:216.109.151.53
www.spytechonline.com:66.98.130.88
www.originalprograms.com:216.205.146.152
QUOTE (dingdongding @ Mar 22 2004, 03:59 PM)
lol, at least you dont have to look very far for the webroot spyware remover ... hey just get spysweeper , but look out for the oXon trojan lol.
QUOTE
i note where you posted for me to hold off on ranges earlier coz you had ton of ad servers etc but what i'm doin is wildcard searches on adware/spyware companies so i think we'll come up with diff results- also doesn't pw have trouble with ads or is that pop ups specifically?
yeah i still have to go through my old blockpost list and add all the AD stuff and other bad ranges to my current list , im not using protowall at the moment though , but i didnt have any problems blocking anything like ads with it though ..
i'm gonna hit up this list next as it appears to have the companies names as well which is what i'm looking for
http://www.cexx.org/adware.htm
adding these to ads etc (some are listed above and some are gator dups)
WebHancer Corporation MAXLINK-WEBHANCER1 (NET-216-221-200-192-1):216.221.200.192-216.221.200.223
Webhancer STIN-87-238-32-1A (NET-209-87-238-32-1):209.87.238.32-209.87.238.47
New.net, Inc. IBS-NEWNET-01 (NET-66-113-70-0-1):66.113.70.0-66.113.70.255
New.net, Inc. IBS-NEWNET-01N (NET-66-113-92-248-1):66.113.92.248-66.113.92.255
New.net, Inc. PNAP-LAX-NEWNET-RM-01 (NET-66-151-57-0-1):66.151.57.0-66.151.57.255
New.net, Inc. IBS-GW-NEWNET-01N (NET-66-113-93-32-1):66.113.93.32-66.113.93.39
New.net, Inc. PNAP-WDC-NEWNET-DC-01 (NET-64-94-29-0-1):64.94.29.0-64.94.29.255
New.net, Inc. PNAP-SJE-NEWNET-DC-01 (NET-64-74-134-0-1):64.74.134.0-64.74.134.255
Hotbar.com Inc. QWESTA1-65-121-237-0 (NET-65-121-237-0-1):65.121.237.0-65.121.237.255
Hotbar.com MFN-M152-209-133-35-0-24 (NET-209-133-35-0-1):209.133.35.0-209.133.35.255
Hotbar.com MFN-M152-64-125-104-32-29 (NET-64-125-104-32-1):64.125.104.32-64.125.104.39
Hotbar.com-internet Inc. UU-65-220-92-80-D7 (NET-65-220-92-80-1):65.220.92.80-65.220.92.95
everad:64.51.213.208-64.51.213.223
spyware range:64.49.214.40-64.49.214.47
Total Velocity TOTAL-VELOCITY-NWK-1 (NET-66-159-219-192-1):66.159.219.192-66.159.219.207
eacceleration:65.212.166.0-65.212.166.255
telecom sec group:216.231.96.0-216.231.127.255
ELECTRONIC GROUP INTERACTIVE:213.170.47.88-213.170.47.95
ELECTRONIC GROUP INTERACTIVE:217.110.248.0-217.110.248.255
CYBERSPACE TO PARADISE:65.248.171.0-65.248.171.255
ADWARE SYSTEMS INC FON-110147328079759 (NET-65-167-38-0-1):65.167.38.0-65.167.38.127
Aureate Development, Inc. INDYNET-AUREATE-1 (NET-209-183-99-0-1):209.183.99.0-209.183.99.255
Comet Systems PNAP-NYM-COMET-RM-01 (NET-64-94-162-0-1):64.94.162.0-64.94.162.255
Comet Systems PNAP-NYM-COMET-RM-02 (NET-216-52-88-64-1):216.52.88.64-216.52.88.71
Conducent Technologies DIGINET184 (NET-207-233-200-0-1):207.233.200.0-207.233.200.255
Conducent, Inc. UU-63-70-12 (NET-63-70-12-0-1):63.70.12.0-63.70.12.255
Cydoor Technologies Inc. CYDOOR-209-73-225 (NET-209-73-225-0-1):209.73.225.0-209.73.225.255
Cydoor Technologies IP007022-209-10-17 (NET-209-10-17-128-1):209.10.17.128-209.10.17.255
Cydoor Technologies IP009762-209-11-66 (NET-209-11-66-0-1):209.11.66.0-209.11.66.255
Cydoor Technologies IP009978-209-11-67 (NET-209-11-67-0-1):209.11.67.0-209.11.67.255
Cydoor Technologies IP010194-209-73-206 (NET-209-73-206-0-1):209.73.206.0-209.73.206.255
Gator.com LVL3-GATOR-01 (NET-64-152-73-0-1):64.152.73.0-64.152.73.255
Gator Technologies Inc GATOR-TECH (NET-207-59-223-192-1):207.59.223.192-207.59.223.199
Gator.com SBCIS991119010 (NET-63-197-87-0-1):63.197.87.0-63.197.87.255
http://www.cexx.org/adware.htm
adding these to ads etc (some are listed above and some are gator dups)
WebHancer Corporation MAXLINK-WEBHANCER1 (NET-216-221-200-192-1):216.221.200.192-216.221.200.223
Webhancer STIN-87-238-32-1A (NET-209-87-238-32-1):209.87.238.32-209.87.238.47
New.net, Inc. IBS-NEWNET-01 (NET-66-113-70-0-1):66.113.70.0-66.113.70.255
New.net, Inc. IBS-NEWNET-01N (NET-66-113-92-248-1):66.113.92.248-66.113.92.255
New.net, Inc. PNAP-LAX-NEWNET-RM-01 (NET-66-151-57-0-1):66.151.57.0-66.151.57.255
New.net, Inc. IBS-GW-NEWNET-01N (NET-66-113-93-32-1):66.113.93.32-66.113.93.39
New.net, Inc. PNAP-WDC-NEWNET-DC-01 (NET-64-94-29-0-1):64.94.29.0-64.94.29.255
New.net, Inc. PNAP-SJE-NEWNET-DC-01 (NET-64-74-134-0-1):64.74.134.0-64.74.134.255
Hotbar.com Inc. QWESTA1-65-121-237-0 (NET-65-121-237-0-1):65.121.237.0-65.121.237.255
Hotbar.com MFN-M152-209-133-35-0-24 (NET-209-133-35-0-1):209.133.35.0-209.133.35.255
Hotbar.com MFN-M152-64-125-104-32-29 (NET-64-125-104-32-1):64.125.104.32-64.125.104.39
Hotbar.com-internet Inc. UU-65-220-92-80-D7 (NET-65-220-92-80-1):65.220.92.80-65.220.92.95
everad:64.51.213.208-64.51.213.223
spyware range:64.49.214.40-64.49.214.47
Total Velocity TOTAL-VELOCITY-NWK-1 (NET-66-159-219-192-1):66.159.219.192-66.159.219.207
eacceleration:65.212.166.0-65.212.166.255
telecom sec group:216.231.96.0-216.231.127.255
ELECTRONIC GROUP INTERACTIVE:213.170.47.88-213.170.47.95
ELECTRONIC GROUP INTERACTIVE:217.110.248.0-217.110.248.255
CYBERSPACE TO PARADISE:65.248.171.0-65.248.171.255
ADWARE SYSTEMS INC FON-110147328079759 (NET-65-167-38-0-1):65.167.38.0-65.167.38.127
Aureate Development, Inc. INDYNET-AUREATE-1 (NET-209-183-99-0-1):209.183.99.0-209.183.99.255
Comet Systems PNAP-NYM-COMET-RM-01 (NET-64-94-162-0-1):64.94.162.0-64.94.162.255
Comet Systems PNAP-NYM-COMET-RM-02 (NET-216-52-88-64-1):216.52.88.64-216.52.88.71
Conducent Technologies DIGINET184 (NET-207-233-200-0-1):207.233.200.0-207.233.200.255
Conducent, Inc. UU-63-70-12 (NET-63-70-12-0-1):63.70.12.0-63.70.12.255
Cydoor Technologies Inc. CYDOOR-209-73-225 (NET-209-73-225-0-1):209.73.225.0-209.73.225.255
Cydoor Technologies IP007022-209-10-17 (NET-209-10-17-128-1):209.10.17.128-209.10.17.255
Cydoor Technologies IP009762-209-11-66 (NET-209-11-66-0-1):209.11.66.0-209.11.66.255
Cydoor Technologies IP009978-209-11-67 (NET-209-11-67-0-1):209.11.67.0-209.11.67.255
Cydoor Technologies IP010194-209-73-206 (NET-209-73-206-0-1):209.73.206.0-209.73.206.255
Gator.com LVL3-GATOR-01 (NET-64-152-73-0-1):64.152.73.0-64.152.73.255
Gator Technologies Inc GATOR-TECH (NET-207-59-223-192-1):207.59.223.192-207.59.223.199
Gator.com SBCIS991119010 (NET-63-197-87-0-1):63.197.87.0-63.197.87.255
hey dude awesome work , heres a identity for >
spyware range:64.49.214.40-64.49.214.47
Tangled Web Design RSPC-15559-1007744041 (NET-64-49-214-40-1)
64.49.214.40 - 64.49.214.47
Rackspace.com RSPC-NET-3 (NET-64-49-192-0-1)
64.49.192.0 - 64.49.255.255
, heres a identity for >spyware range:64.49.214.40-64.49.214.47
Tangled Web Design RSPC-15559-1007744041 (NET-64-49-214-40-1)
64.49.214.40 - 64.49.214.47
Rackspace.com RSPC-NET-3 (NET-64-49-192-0-1)
64.49.192.0 - 64.49.255.255
thanks, yeah i just got tired of labeling them lol
lol, yeah i can understand that .
keep up the good work mates
after we get spyware done what shall we work on next...the uber pr0n list
after we get spyware done what shall we work on next...the uber pr0n list
bump - i hope peeps take an interest in searching the arin,ripe etc dbs for names of adware/spyware companies to add to the blacklist- it's still in the beginning stages but it would be cool to see it take off
check the stickies and for ads remember to submit the urls of them to the hosts section- (just make sure you use rooted's hosts file so you know what's already being blocked)
for the adware blacklist we're mostly lookign for full ranges of the companies so sometimes that means checking out the website to see who owns the company or finding a good list - some are mentioned in this sticky- also good to check the malware spyware section moore runs
regards
ddd
check the stickies and for ads remember to submit the urls of them to the hosts section- (just make sure you use rooted's hosts file so you know what's already being blocked)
for the adware blacklist we're mostly lookign for full ranges of the companies so sometimes that means checking out the website to see who owns the company or finding a good list - some are mentioned in this sticky- also good to check the malware spyware section moore runs
regards
ddd
Thanks for the bump, ddd.
Even though I'm still feeling like a n00b around here, I wanna help out around here more than just on the tech end, so this seems like a good place to start. This is some great research work guys. So much to learn.
Mike
Even though I'm still feeling like a n00b around here, I wanna help out around here more than just on the tech end, so this seems like a good place to start. This is some great research work guys. So much to learn.
Mike
the great thing about ip research is when you have the company name it makes it a lot easier finding the ranges (wildcard search in arin etc)- not all adware companies have their ranges listed but it's a start
this will be great to hunt down company names domains in wildcard search for arin, and the ripe and apnic searches
http://www.cexx.org/adware.htm (go there for links)
Advertising Spyware
Stealth advertising components that are installed by some "shareware" products (and sometimes, legitimately purchased commercial software) and may collect personal information from your computer. These "adbots" are usually tied to a dodgy shareware program you have installed.
TSADBOT (tsadbot.exe) AdGateway by TimeSink / Conducent Technologies
Aureate/Radiate spyware DLL ADVERT.DLL by Aureate / Radiate AdSoftware Network
FluxPC AdPipe
DSSAGENT (dssagent.exe) Brodcast by Broderbund (tags along with some Mattel/Broderbund software)
CyDoor "Ads On Software ™" - Comes with many ad-enabled products including KaZaA.
Web3000 (MSBB.EXE) aka. N-Case - Dastardly advertising spyware that overwrites your wsock32.dll system file, and may transmit lists of URLs you visit. See Privacy Power! Reference and Network World Reference.
Flyswat: See Privacy Power! Reference.
TransCom's BeeLine : see Web3000.
NewsUpd.exe - "News Engine Update Application" - Creative Labs advertising software installed with SoundBlaster ™ and perhaps other products.
Codehammer Message Mates
BonziBuddy - A talking gorilla/parrot/etc. "software companion" targeting children. Silently Installed with some other software, and difficult to remove. See Privacy Power! Reference.
OnFlow - Installed by BearShare among others. The company that makes this beastie describes its purpose fairly well on its own It is a browser plug-in designed specifically to display advertising, usually of the large, loud and flashing variety.
SaveNow (WhenUShop) - Installed by BearShare among others. Put quickly, an advertising toolbar that monitors what sites you visit and pops up sponsored "deals" when products/shopping/etc. appears on those sites. Microsoft provides removal instructions.
Gator "Trickler" (fsg.exe / fsg-ag.exe), OfferCompanion - installed by AudioGalaxy among others.
PhoenixNet - Spyware embedded in your system BIOS!
WNAD.EXE - secretly installed background task that goes online to transmit personal information and display stealth popup ads. Installed by the "Yo Mamma, Osama" game from TwistedHumor.com, as well as the SwapNut file sharing utility.
Blackstone Data Transponder a.k.a. VX2 / RespondMiter / Sputnik / NetPal / Aadcom. This many-named piece of spyware is installed as an IE Helper (BHO) by third-party software OR website visits, and pops up ads continuously while you surf.
FlashTrack (FTAPP.DLL) - An advertising spyware module (BHO) installed with the iMesh filesharing client. More information and removal procedure are here. Flagged as a Trojan by McAffee.
dlder.exe - An advertising trojan that is installed by Grokster (1.33), Bearshare (2.4.0b7), LimeWire (2.02), Net2Phone (unspecified versions) and KaZaA (unspecified versions). The spyware itself comes from ClickTillUWin.com. Taking the torch from even the worst advertising spyware to date, this one creates a fake Explorer executable and process to hide its activities. More information here. Some antivirus manufacturers have listed this as a virus or trojan horse: TROJ_DLDER.A.
ADP.EXE - Another spyware, distributed with LimeWire(?) and others. Appears to be an installer of Bargain Buddy (below).
BARGAINS.EXE (Bargain Buddy) - Advertising spyware installed with Net2Phone and some versions of LimeWire. Appears related to ADP.EXE above. More info at www.doxdesk.com.
bdeviewer.exe (B3D / BrilliantDigital Projector) - A "3D Web Animation" advertising-display plugin, similar to Onflow, as well as distributed computing client that can sell your hard drive space, CPU cycles, and bandwidth. Installed by KaZaA/Morpheus and probably others. Additional story here. Removal procedure here. This product, along with the SecureInstall software of Altnet (a subsidiary of BrilliantDigital), have been labeled spyware by some sources, a claim which BrilliantDigital disputes.
EverAd - No information currently available.
Expedioware - No information currently available.
adshow.exe - No information currently available.
HelpExpress / Attune (HXIUL.EXE) - Appears to be advertising spyware that displays sponsored ads, e.g. "Buy toner"/etc. messages when you use your printer. No additional information available at this time. Remove by uninstalling "HelpExpress" and "Attune" under Windows' Add/Remove Programs.
Gator GAIN (GMT.exe, CMESys.exe, GAIN_TRICKLER_*.EXE) - Pops up advertising, apparently a new Gator product. A security hole in some versions allows Web sites to install arbitrary software on your computer. This URL will detect GAIN. Gator recommends on its Web site to contact support(at)gator.com for removal instructions. Gator software may be quietly installed by drive-by download.
Wurld Media / Morpheus Shopping Club (bpboh.dll / mbho.dll / MSCStat.exe) - Installed by Morpheus, the "no spyware" (ya, we believe you) filesharing tool. Sneakily redirects IE through advertisers' referral links when certain sites are visited in your Web browser. More details here and here.
NE.EXE (Network Essentials / SmartPops) - Displays stealthy popup ads while surfing the Web or using search engines. Wow! To hear it from them, this is the best service on earth--boy are they helpful. Remove by uninstalling "Network Essentials" in Add/Remove Programs. I have seen reports of this being installed simply by visiting certain Web sites.
dw.exe, Movie Network.exe (Downloadware / Mediacharger / Movienetworks) - Displays lots of popup ads as you surf; Mediacharger may also function as a dialer for 1-900 #s for billing of adult movie downloads. Check for removal entries in Add/Remove Programs. Some removal instructions (may or may not work?) are here. I have had reports that the program will try to deter uninstallation by telling you that doing so will mess up your browser. It is, however, bluffing.
ofrg.dll (FavoriteMan) - Installed by unknown means, possibly by NetPal spyware. More information here. One of its co-bundled products may be a homepage hijacker.
ctbclick.exe (ClickTheButton) - Installed by (NetPal), Favoriteman parasite, and some versions of KaZaA. More information here.
JavaRun.exe (Etraffic / TopMoxie) - Marketing software installed by products from "loyalty marketing partners", that pops up ads and coupons when you visit certain Web sites. TopMoxie description and info here. According to this site, partner software must be removed before an entry for TopMoxie will appear in Add/Remove.
Download_Plugin.exe - SpywareInfo has the scoop on this, it is an infector for the infamous Lop.com portal-potty. It reportedly modifies your browser preference settings to place Lop.com as your start page, adds crap links to your bookmarks, changes your desktop and adds a spyware plugin ("Swish Browser Helper").
openme.exe (xww.de ?) / Fast Download / Full Downloader - Loads at startup and pops up porn ads ("Live Chat mit Cams!") after about 20 minutes, according to this post in the message boards. May also try to install a dialer. To remove, find and delete openme.exe in your Windows directory, and remove it from your Registry's "shell=" line as well.
Radlight DivX Movie Player - The nature of the software itself is unknown. However, it will intentionally search out and delete AD-Aware from your hard drive, then dump a number of malware products on your system. This puts it on the level of a VIRUS in my book; such a behaviour is completely unacceptable.
NETBUIE.EXE (Unknown) - Source unknown. Places itself in C:\windows\system and adds a startup reference to the Registry. Continually loads porn popups (www.sexysquirter.com et al) while the machine is switched on.
INetSpeak - Bundled with the Music Magnet file-sharing tool, installs a permanent ad banner into IE. Installs as a Browser Helper Object. Remove using a BHO remover, by disabling BHO42602.clslnetspeak or similar. See write-up here.
plg_ie0.dll - More Lop.com crap, this one is a BHO that sends your browser to their site for most any IE error page (e.g. "The site cannot be found" becomes instead a bunch of useless lop.com links). See SpywareInfo's writeup for details.
Netbroadcaster(?) - Related to Movienetworks (same registrar, IP block, etc.). There is reported to be a malware product by this name. No additional information available.
Unknown (ftp_back.exe, istabm.exe, bm_insta.exe, attnvg.exe, createsw.exe, driverpg.exe) - Suspected ad/spyware programs. Implicated here. No additional information available.
AdBreak (kvnab.dll) - The name implies an advertising program, but has not been observed in action. May be installed by a trojan. Some info here.
PAgent, Vegas Palms Casino (MicroGaming), KFH, MediaLoads, WinEME - sub-parasites installed by DownloadWare, include casino gaming apps, ad programs and an unknown email-sending background task. Info and removal help here.
HotBar - an advertising toolbar that spies on sites visited and the contents of forms you fill out. Installed by IMesh. More info here.
OnlineDialer (VLoading / Download class and other variants) - A loader or "trickler" that is used to download and execute arbitrary programs, typically dialers, on your PC. More info here.
EchoBahn.com BookmarkExpress (BMupdate.exe) - A program bundled with scanner drivers (!?) that allows you (and marketing partners(!)) to manage your bookmarks from anywhere, and pops up ads at you. The service itself has since been discontinued, and it is recommended to delete this file.
wbeCheck (pbsysie.dll / Floid.dll / wbeCheck.exe) - Spies, and modifies the contents of HTTP traffic in IE. More info here and here.
HuntBar - A browser toolbar and homepage hijacker. See its listing below, under Homepage Hijackers.
Tgdc.exe / shopforgood.com - An affiliate link stealer similar to Wurld Media. More info here.
CnsMin / 3271.com - A Chinese keyword-lookup program, possibly similar to QuickClick? Does not appear that harmful, but is very difficult to remove and re-installs itself even while you are still removing it. More info here.
Search-Explorer - Another useless Browser Toolbar. Displays popup ads and places some cookies on your machine. More info here.
WINSERVS / PurityScan / sear1.exe (winservs.exe, winservn.exe, etc.) - On first running, scans your IE cache/history/cookies for files with porn-words in them and displays a list of any found. Also drops in a background program (winservs.exe) that constantly loads popup ads when the computer is running.
SmartAd (Cybersurf / www.cia.com) (file names unknown) - Canadian advertising program that "enables true one-to-one targeting of advertising messages against audiences defined by demographics, psychographics, lifestyle or location". The company boasts that its software's ads "can never be covered up, moved offscreen, or otherwise disabled." This product appears targeted mainly toward Internet kiosks and "free internet access" companies, not end-users. The company also hypes an "ad player" format similar to Onflow
Permissioned Media (friendgreetings.com / cool-downloads.com / WinSrv Reg / OTMS.EXE / winservc.exe) - Another company that hawks those infamous "online greeting cards". The catch? To view the greeting card, the site attempts to install a 1+ megabyte application that will (unless you carefully read the license agreements and click "NO!") spam everybody in your Outlook address book with phony greeting cards and ads for their service, then place advertising spyware on your computer. The spyware will collect your name, email address and surfing habits, popping up ads and delivering HTML spam to your email address. Removal: Go to Add/Remove Programs and remove "Friend Greetings" and "WinSrv Reg". Possibly the first spyware program that lists "minimum 64MB memory" in its system requirements, and attempts to forbid linking to their Web site. It seems this company may have gone out of business--their web site / domain has ceased to be.
Save / WhenUSave (SAVE.EXE) - Installed by some "free" software including Radlight Media Player. A removal reference is placed in Add/Remove Programs, but warns that removal will also disable the program (e.g. media player) that it was installed with. Appears to be a rebranded version of the SaveNow advertising parasite.
Spyware
Stealth components and background processes that may violate your privacy or expose your computer to attack.
BESS, the notorious censorware program, caught spying on childrens' surfing habits and selling the information. Details at ZDnet.
"The Red Sheriff" Java Applet from imrworldwide.com
C_Dilla - A CD copy-protection program and more. Messes with the system, may interfere with Internet connection and use of CDRW drives. More info here.
"Backdoor Santas"
Non-stealth "freeware" and shareware apps that may transmit personal information or expose your computer to attack, under the pretense of providing a useful service.
Download Demon / Real Download / Netscape Smart Download (same/similar programs)
Comet Cursor
RealJukebox See this article by Richard Smith.
Alexa, Zbubbles See this article. An Alexa representative asserts that the company "no longer receives any personal information as of early 2000".
Microsoft Windows Registration Wizard
DigitalConvergence (DigitalDemographics) C.R.Q. software, CueCat barcode scanner
NBCi QuickClick ™ - See MSNBC article.
Gator, Offer Companion, Trickler (FSG.EXE / fsg-ag.exe)@ - Installed by (EVERYTHING!) - Including AudioGalaxy
Homepage Hijackers
Once one of these nasty ad-trojans worms onto your system, it will constantly reset your homepage (and maybe Search, etc.) to where they want you to go. You can't change it back!
General Homepage Hijacker info
Gohip.com "Browser Enhancement" (Hijacker): More information on this is available at Privacy Power!. Undo hijacking
PassThisOn.com (the newest venture of "Spam King" Sanford Wallace) Hijacker. See this article for details.
United Parcel Service (UPS) - see this article.
Rockstar Software's "Gearbox Connection Kit" used by some ISPs, a tool to let the ISP auto-setup or update users' connection settings, will reportedly attach to the browser and change the IE homepage back to the ISPs everytime the browser is started (more info). Rockstar Software clarifies that the software isn't "evil" or a security concern, and provides this simple procedure for changing the homepage on a computer using Gearbox Connection Kit. This software, unlike other listed here, does not appear to be malicious in nature.
www.ezcybersearch.com - uninstall page to undo the hijacking.
mycpworld.com (a bogus porn site consisting entirely of blind links to a referral script) hijacks the IE settings using a .jse file as well as a .tmp file loaded in at startup with Registry Editor. (Search for and remove .jse files, remove the start-up trash from the registry)
Lop.com also hijacks, and even points IE's DNS Error and other error pages to lop.com. If you can't get rid of this as your homepage, download their two (!) uninstallers, to remove hompage hijacking and remove the Lop.com toolbar. Reportedly, lop.com may also alter the Domain field of your DNS configuration, visible by clicking Start > Settings > Control Panel > Network > (name of adapter) > DNS Configuration . There is also an unconfirmed report of it altering the domain suffix as well.
Unknown portal potties (redirecting to goto.com, topsearcher.com, et al) - add files with names such as: sps.dll, sp.dll, sp.reg, sb.dll or similar to your system. In your StartUp folder you will see one or more lines such as: "regedit -s c:\windows\sp.dll". To fix, delete/rename the files appearing in this manner in the StartUp folder, and (optionally) remove the entries from the StartUp folder. These are actually Registry files that are loaded in at startup via Registry Editor.
www.allcybersearch.com - save this registry file and double-click on it to un-hijack your settings. This will remove the stuff that auto-changes your settings on startup and restore your IE defaults (e.g. MSN start page). If you prefer other settings, you can right-click the file and Edit..., and change the homepage settings to your liking before clicking on it.
www.globesearch.com - no verified fix yet. Possible fix (from examining suspect "Uninstall" binaries from the site): Find and delete the files: gshp.vbs, gsc0.txt, gsc1.txt.
Bonzi Buddy - Unconfirmed, but it is reported that the Bonzi software will change your homepage, and if you change it back, pop up a "Would you like to change your homepage (back to Bonzi's)". Whether you select yes or no, your homepage gets changed.
www.cool-xxx.net - Delete WINSYS.VBS (or .VBA), win0.txt, win1.txt from your Windows directory. Also find and delete the program that is loading them, which may be under a random name (in one case it was "zzgghh").
www.huntbar.com - A browser toolbar and hijacker. Believed to be a drive-by download. Reportedly, even redirects "My Computer" and "Control Panel" to their site. Close IE, use Find to search for "MSIETS.DLL", and write down the path to it. It is normally "C:\Program Files\Common Files\MSIETS". Deregister it by typing the following command into Windows' Run box: "regsvr32.exe /u C:\Program Files\Common Files\MSIETS", replacing C:\Program... with the path you noted earlier.
www.xupiter.com - This site will hijack your start page by way of a "browser enhancement" toolbar BHO. It is difficult to remove manually, but luckily Ad-Aware and SpybotS&D both remove it without any trouble. This sneaky b*stard is sometimes even disguised as an unsubscribe for spam mails: "In a moment a pop-up box will appear. Press Yes to be removed from all future mailings." The popup box, of course, installs the hijacker.
www.provilation.com - Hijacker prefixes the URL prolivation.com/cgi-bin/r.cgi? to Web sites you visit (even when you type the address in manually), allowing the site to monitor visited URLs and/or redirect the requests, add popups, etc. Adult sites may be substituted for the requested site. SpybotS&D will remove this hijacker.
www.searchresult.net - This hijack courtesy of a junk plugin from 'IGetNet', bundled with some p2p applications. More info and removal instructions at Doxdesk. A 'Support' page on the searchresult.net site claims to reset the homepage, but only sets a cookie and displays a popup ad.
Other Adware
Typically not hazardous, just annoying. These programs have bait-and-switched customers into viewing annoying blinky advertisements on the program's main window.
AOL Instant Messenger (SM) by AOL
AOL / Mirabilis ICQ - new AOLified versions
Foistware (Everything-installs-it-can't-get-rid-of-it)
Unwanted application programs that come along, trojan-style, with completely unrelated software. Usually because some jerk is getting paid to foist it on your system whether you want it or not. Since they tag along with so many different pieces of third-party software, it is not uncommon to get re-infected with these foistware products again and again.
Gator, Offer Companion, Trickler (FSG.EXE / fsg-ag.exe)@ - Installed by (EVERYTHING!) - Including AudioGalaxy
WhenUShop / SaveNow@
AOL Instant Messenger@ Installed by Netscape Navigator and other products.
MSN Messenger - Installed by/with a number of Microsoft applications, including MSIE and MSN Explorer
New Net, Inc (NewDotNet) Installed by BearShare among others
EZula TOPtext / ContextPro / HOTText - This is a product some are calling "ThiefWare" - It inserts "yellow highlighter" advertising links in arbitrary web sites you visit! - Installed by KaZaA file-sharing tool among others.
Spedia Surf+ - another "ThiefWare" product. Installed by Spedia software and very difficult to remove. See this site for removal instructions.
WebHancer - a secretive "connection reporting tool" that seems to be quietly installed by dozens of unrelated programs!
Fotino by Meltingpoint Software - A "thiefware" product similar to EZula TopText--see this article. No information currently available.
Mirazo / NetAngel - A "thiefware" product similar to EZula TopText. No information currently available.
CameoCast and CameoONE - May be installed by Western Digital Lifeline Installer.
BackWeb / Western Digital DLGLI.EXE - Installed by Western Digital Data Lifeline among others. Purports to monitor your hard drive for problems, but is suspected of being a vehicle for displaying unwanted advertisements as well. More recently, Backweb was caught installing along with Logitech mouse drivers (!) (Do you really need web-update for ****ing mouse drivers?)
Liveshows - A dialer program that tries to get you to accept a set of Terms it hounds you with on every startup. May be installed via unsolicited mail attachment and some adult Web sites.
NetSetter / Marketscore - A "market research" program along the lines of WebHancer, intended to track your Internet usage and buying habits. Some users seem to have it and not know where it came from. Removal instructions here. (If you did voluntarily sign up for this service and wish to remove it, you can login to the Marketscore Web site for removal procedures.)
IntelliTech Backdoor.Autoupder Trojan / BrowserToolbar (Ausvc.exe, Bvt.exe, Mnsvc.exe, Absr.exe) - A bona-fide backdoor trojan, this one is caught by antivirus. Writeup here and technical info here. A sneaky spyware dropper that was installed by an ad on a Web site (flowgo.com).
CommonName toolbar - "Internet marketing tool" (and resolver of New.Net-esque bogus domain names) which, while it can be downloaded from its maker's Web site, often appears due to KaZaA and similar software. Info here.
UCMore (ucmie.dll) - An IE toolbar that displays "related links" for the site you're visiting. Distributed by FreeWire file-sharing tool among others. Versions 3.x and below report back the URLs you visit along with a unique ID. As of Version 4, the ID has been removed, and the company asserts that the product will no longer be stealth-installed. More info here.
freeaccess.exe - Distributed via adult spam, appears to be a dialer.
sentry.exe, sentrystub.exe, ipinsigt.dll? (IPInsight UserTag / TrafficSensor) - Provides Web sites with demographic and geographic information about you (the company brags that it can determine what city you live in to 90% accuracy), along with connection-speed and other data. Thread here and full write-up on Doxdesk. Interestingly, the company claims its product (installed on YOUR computer) as an alternative to spyware.
Trojan Horses
Programs for the specific purpose of violating your privacy, stealing data, taking over or trashing your computer.
NetBus See also PCHelp Reference , Barton Networking Reference and official NetBus homepage
* NetBus seems to have "gone legit" and progressed from its original form as a Trojan Horse to a non-malevolent, commercial remote-administration tool. Information is provided "for reference" as many of the "trojan" installations persist.
Back Orifice See PCHelp Reference.
ICQtrogen See Trojans Lair Reference (use Find..)
PWSteal (Note: several trojans go under this name) An AOL password stealer is among the most common.
* Norton AntiVirus refers to all password-snarfing trojans under the general name PWSteal.
PrettyPark See PCHelp Reference.
Sub Seven - Another fairly nasty trojan, which can monitor keystrokes on your machine and allow others to access it remotely. While this program has a few limited "helpful" uses (retrieving keystrokes/passwords from your own system, e.g. censorware passwords), it is still a Trojan and should be used with extreme caution. See here for description and here for removal utility.
Worm.Kazaa.Benjamin a.k.a. Full Downloader - A worm that spreads via the Kazaa file-sharing network. Signs of infection include presence of the file "EXPLORER.SCR" and a directory "C:\Windows\Temp\SYS32". To remove, delete both of these components. More info here.
Load.exe - Part of the Nimda virus, can produce error messages ("Windows cannot find load.exe") and possible inability to run programs. To remove, run a virus scanner. To remove error message, open SYSTEM.INI, find the line similar to "Shell=explorer.exe load.exe" and change it to "Shell=explorer.exe". More info here.
The Great Unknown
Some generally bad-behaving software whose purpose and motive are not clear...
RPCSS.EXE, mdm.exe (Remote Procedure Call, Machine Debug Manager) by Microsoft
Update: Purpose clarified. See "What is RPCSS.EXE?" (Guest). It appears to be a glorified port mapper
http://www.cexx.org/adware.htm (go there for links)
Advertising Spyware
Stealth advertising components that are installed by some "shareware" products (and sometimes, legitimately purchased commercial software) and may collect personal information from your computer. These "adbots" are usually tied to a dodgy shareware program you have installed.
TSADBOT (tsadbot.exe) AdGateway by TimeSink / Conducent Technologies
Aureate/Radiate spyware DLL ADVERT.DLL by Aureate / Radiate AdSoftware Network
FluxPC AdPipe
DSSAGENT (dssagent.exe) Brodcast by Broderbund (tags along with some Mattel/Broderbund software)
CyDoor "Ads On Software ™" - Comes with many ad-enabled products including KaZaA.
Web3000 (MSBB.EXE) aka. N-Case - Dastardly advertising spyware that overwrites your wsock32.dll system file, and may transmit lists of URLs you visit. See Privacy Power! Reference and Network World Reference.
Flyswat: See Privacy Power! Reference.
TransCom's BeeLine : see Web3000.
NewsUpd.exe - "News Engine Update Application" - Creative Labs advertising software installed with SoundBlaster ™ and perhaps other products.
Codehammer Message Mates
BonziBuddy - A talking gorilla/parrot/etc. "software companion" targeting children. Silently Installed with some other software, and difficult to remove. See Privacy Power! Reference.
OnFlow - Installed by BearShare among others. The company that makes this beastie describes its purpose fairly well on its own
It is a browser plug-in designed specifically to display advertising, usually of the large, loud and flashing variety. SaveNow (WhenUShop) - Installed by BearShare among others. Put quickly, an advertising toolbar that monitors what sites you visit and pops up sponsored "deals" when products/shopping/etc. appears on those sites. Microsoft provides removal instructions.
Gator "Trickler" (fsg.exe / fsg-ag.exe), OfferCompanion - installed by AudioGalaxy among others.
PhoenixNet - Spyware embedded in your system BIOS!
WNAD.EXE - secretly installed background task that goes online to transmit personal information and display stealth popup ads. Installed by the "Yo Mamma, Osama" game from TwistedHumor.com, as well as the SwapNut file sharing utility.
Blackstone Data Transponder a.k.a. VX2 / RespondMiter / Sputnik / NetPal / Aadcom. This many-named piece of spyware is installed as an IE Helper (BHO) by third-party software OR website visits, and pops up ads continuously while you surf.
FlashTrack (FTAPP.DLL) - An advertising spyware module (BHO) installed with the iMesh filesharing client. More information and removal procedure are here. Flagged as a Trojan by McAffee.
dlder.exe - An advertising trojan that is installed by Grokster (1.33), Bearshare (2.4.0b7), LimeWire (2.02), Net2Phone (unspecified versions) and KaZaA (unspecified versions). The spyware itself comes from ClickTillUWin.com. Taking the torch from even the worst advertising spyware to date, this one creates a fake Explorer executable and process to hide its activities. More information here. Some antivirus manufacturers have listed this as a virus or trojan horse: TROJ_DLDER.A.
ADP.EXE - Another spyware, distributed with LimeWire(?) and others. Appears to be an installer of Bargain Buddy (below).
BARGAINS.EXE (Bargain Buddy) - Advertising spyware installed with Net2Phone and some versions of LimeWire. Appears related to ADP.EXE above. More info at www.doxdesk.com.
bdeviewer.exe (B3D / BrilliantDigital Projector) - A "3D Web Animation" advertising-display plugin, similar to Onflow, as well as distributed computing client that can sell your hard drive space, CPU cycles, and bandwidth. Installed by KaZaA/Morpheus and probably others. Additional story here. Removal procedure here. This product, along with the SecureInstall software of Altnet (a subsidiary of BrilliantDigital), have been labeled spyware by some sources, a claim which BrilliantDigital disputes.
EverAd - No information currently available.
Expedioware - No information currently available.
adshow.exe - No information currently available.
HelpExpress / Attune (HXIUL.EXE) - Appears to be advertising spyware that displays sponsored ads, e.g. "Buy toner"/etc. messages when you use your printer. No additional information available at this time. Remove by uninstalling "HelpExpress" and "Attune" under Windows' Add/Remove Programs.
Gator GAIN (GMT.exe, CMESys.exe, GAIN_TRICKLER_*.EXE) - Pops up advertising, apparently a new Gator product. A security hole in some versions allows Web sites to install arbitrary software on your computer. This URL will detect GAIN. Gator recommends on its Web site to contact support(at)gator.com for removal instructions. Gator software may be quietly installed by drive-by download.
Wurld Media / Morpheus Shopping Club (bpboh.dll / mbho.dll / MSCStat.exe) - Installed by Morpheus, the "no spyware" (ya, we believe you) filesharing tool. Sneakily redirects IE through advertisers' referral links when certain sites are visited in your Web browser. More details here and here.
NE.EXE (Network Essentials / SmartPops) - Displays stealthy popup ads while surfing the Web or using search engines. Wow! To hear it from them, this is the best service on earth--boy are they helpful. Remove by uninstalling "Network Essentials" in Add/Remove Programs. I have seen reports of this being installed simply by visiting certain Web sites.
dw.exe, Movie Network.exe (Downloadware / Mediacharger / Movienetworks) - Displays lots of popup ads as you surf; Mediacharger may also function as a dialer for 1-900 #s for billing of adult movie downloads. Check for removal entries in Add/Remove Programs. Some removal instructions (may or may not work?) are here. I have had reports that the program will try to deter uninstallation by telling you that doing so will mess up your browser. It is, however, bluffing.
ofrg.dll (FavoriteMan) - Installed by unknown means, possibly by NetPal spyware. More information here. One of its co-bundled products may be a homepage hijacker.
ctbclick.exe (ClickTheButton) - Installed by (NetPal), Favoriteman parasite, and some versions of KaZaA. More information here.
JavaRun.exe (Etraffic / TopMoxie) - Marketing software installed by products from "loyalty marketing partners", that pops up ads and coupons when you visit certain Web sites. TopMoxie description and info here. According to this site, partner software must be removed before an entry for TopMoxie will appear in Add/Remove.
Download_Plugin.exe - SpywareInfo has the scoop on this, it is an infector for the infamous Lop.com portal-potty. It reportedly modifies your browser preference settings to place Lop.com as your start page, adds crap links to your bookmarks, changes your desktop and adds a spyware plugin ("Swish Browser Helper").
openme.exe (xww.de ?) / Fast Download / Full Downloader - Loads at startup and pops up porn ads ("Live Chat mit Cams!") after about 20 minutes, according to this post in the message boards. May also try to install a dialer. To remove, find and delete openme.exe in your Windows directory, and remove it from your Registry's "shell=" line as well.
Radlight DivX Movie Player - The nature of the software itself is unknown. However, it will intentionally search out and delete AD-Aware from your hard drive, then dump a number of malware products on your system. This puts it on the level of a VIRUS in my book; such a behaviour is completely unacceptable.
NETBUIE.EXE (Unknown) - Source unknown. Places itself in C:\windows\system and adds a startup reference to the Registry. Continually loads porn popups (www.sexysquirter.com et al) while the machine is switched on.
INetSpeak - Bundled with the Music Magnet file-sharing tool, installs a permanent ad banner into IE. Installs as a Browser Helper Object. Remove using a BHO remover, by disabling BHO42602.clslnetspeak or similar. See write-up here.
plg_ie0.dll - More Lop.com crap, this one is a BHO that sends your browser to their site for most any IE error page (e.g. "The site cannot be found" becomes instead a bunch of useless lop.com links). See SpywareInfo's writeup for details.
Netbroadcaster(?) - Related to Movienetworks (same registrar, IP block, etc.). There is reported to be a malware product by this name. No additional information available.
Unknown (ftp_back.exe, istabm.exe, bm_insta.exe, attnvg.exe, createsw.exe, driverpg.exe) - Suspected ad/spyware programs. Implicated here. No additional information available.
AdBreak (kvnab.dll) - The name implies an advertising program, but has not been observed in action. May be installed by a trojan. Some info here.
PAgent, Vegas Palms Casino (MicroGaming), KFH, MediaLoads, WinEME - sub-parasites installed by DownloadWare, include casino gaming apps, ad programs and an unknown email-sending background task. Info and removal help here.
HotBar - an advertising toolbar that spies on sites visited and the contents of forms you fill out. Installed by IMesh. More info here.
OnlineDialer (VLoading / Download class and other variants) - A loader or "trickler" that is used to download and execute arbitrary programs, typically dialers, on your PC. More info here.
EchoBahn.com BookmarkExpress (BMupdate.exe) - A program bundled with scanner drivers (!?) that allows you (and marketing partners(!)) to manage your bookmarks from anywhere, and pops up ads at you. The service itself has since been discontinued, and it is recommended to delete this file.
wbeCheck (pbsysie.dll / Floid.dll / wbeCheck.exe) - Spies, and modifies the contents of HTTP traffic in IE. More info here and here.
HuntBar - A browser toolbar and homepage hijacker. See its listing below, under Homepage Hijackers.
Tgdc.exe / shopforgood.com - An affiliate link stealer similar to Wurld Media. More info here.
CnsMin / 3271.com - A Chinese keyword-lookup program, possibly similar to QuickClick? Does not appear that harmful, but is very difficult to remove and re-installs itself even while you are still removing it. More info here.
Search-Explorer - Another useless Browser Toolbar. Displays popup ads and places some cookies on your machine. More info here.
WINSERVS / PurityScan / sear1.exe (winservs.exe, winservn.exe, etc.) - On first running, scans your IE cache/history/cookies for files with porn-words in them and displays a list of any found. Also drops in a background program (winservs.exe) that constantly loads popup ads when the computer is running.
SmartAd (Cybersurf / www.cia.com) (file names unknown) - Canadian advertising program that "enables true one-to-one targeting of advertising messages against audiences defined by demographics, psychographics, lifestyle or location". The company boasts that its software's ads "can never be covered up, moved offscreen, or otherwise disabled." This product appears targeted mainly toward Internet kiosks and "free internet access" companies, not end-users. The company also hypes an "ad player" format similar to Onflow
Permissioned Media (friendgreetings.com / cool-downloads.com / WinSrv Reg / OTMS.EXE / winservc.exe) - Another company that hawks those infamous "online greeting cards". The catch? To view the greeting card, the site attempts to install a 1+ megabyte application that will (unless you carefully read the license agreements and click "NO!") spam everybody in your Outlook address book with phony greeting cards and ads for their service, then place advertising spyware on your computer. The spyware will collect your name, email address and surfing habits, popping up ads and delivering HTML spam to your email address. Removal: Go to Add/Remove Programs and remove "Friend Greetings" and "WinSrv Reg". Possibly the first spyware program that lists "minimum 64MB memory" in its system requirements, and attempts to forbid linking to their Web site. It seems this company may have gone out of business--their web site / domain has ceased to be.
Save / WhenUSave (SAVE.EXE) - Installed by some "free" software including Radlight Media Player. A removal reference is placed in Add/Remove Programs, but warns that removal will also disable the program (e.g. media player) that it was installed with. Appears to be a rebranded version of the SaveNow advertising parasite.
Spyware
Stealth components and background processes that may violate your privacy or expose your computer to attack.
BESS, the notorious censorware program, caught spying on childrens' surfing habits and selling the information. Details at ZDnet.
"The Red Sheriff" Java Applet from imrworldwide.com
C_Dilla - A CD copy-protection program and more. Messes with the system, may interfere with Internet connection and use of CDRW drives. More info here.
"Backdoor Santas"
Non-stealth "freeware" and shareware apps that may transmit personal information or expose your computer to attack, under the pretense of providing a useful service.
Download Demon / Real Download / Netscape Smart Download (same/similar programs)
Comet Cursor
RealJukebox See this article by Richard Smith.
Alexa, Zbubbles See this article. An Alexa representative asserts that the company "no longer receives any personal information as of early 2000".
Microsoft Windows Registration Wizard
DigitalConvergence (DigitalDemographics) C.R.Q. software, CueCat barcode scanner
NBCi QuickClick ™ - See MSNBC article.
Gator, Offer Companion, Trickler (FSG.EXE / fsg-ag.exe)@ - Installed by (EVERYTHING!) - Including AudioGalaxy
Homepage Hijackers
Once one of these nasty ad-trojans worms onto your system, it will constantly reset your homepage (and maybe Search, etc.) to where they want you to go. You can't change it back!
General Homepage Hijacker info
Gohip.com "Browser Enhancement" (Hijacker): More information on this is available at Privacy Power!. Undo hijacking
PassThisOn.com (the newest venture of "Spam King" Sanford Wallace) Hijacker. See this article for details.
United Parcel Service (UPS) - see this article.
Rockstar Software's "Gearbox Connection Kit" used by some ISPs, a tool to let the ISP auto-setup or update users' connection settings, will reportedly attach to the browser and change the IE homepage back to the ISPs everytime the browser is started (more info). Rockstar Software clarifies that the software isn't "evil" or a security concern, and provides this simple procedure for changing the homepage on a computer using Gearbox Connection Kit. This software, unlike other listed here, does not appear to be malicious in nature.
www.ezcybersearch.com - uninstall page to undo the hijacking.
mycpworld.com (a bogus porn site consisting entirely of blind links to a referral script) hijacks the IE settings using a .jse file as well as a .tmp file loaded in at startup with Registry Editor. (Search for and remove .jse files, remove the start-up trash from the registry)
Lop.com also hijacks, and even points IE's DNS Error and other error pages to lop.com. If you can't get rid of this as your homepage, download their two (!) uninstallers, to remove hompage hijacking and remove the Lop.com toolbar. Reportedly, lop.com may also alter the Domain field of your DNS configuration, visible by clicking Start > Settings > Control Panel > Network > (name of adapter) > DNS Configuration . There is also an unconfirmed report of it altering the domain suffix as well.
Unknown portal potties (redirecting to goto.com, topsearcher.com, et al) - add files with names such as: sps.dll, sp.dll, sp.reg, sb.dll or similar to your system. In your StartUp folder you will see one or more lines such as: "regedit -s c:\windows\sp.dll". To fix, delete/rename the files appearing in this manner in the StartUp folder, and (optionally) remove the entries from the StartUp folder. These are actually Registry files that are loaded in at startup via Registry Editor.
www.allcybersearch.com - save this registry file and double-click on it to un-hijack your settings. This will remove the stuff that auto-changes your settings on startup and restore your IE defaults (e.g. MSN start page). If you prefer other settings, you can right-click the file and Edit..., and change the homepage settings to your liking before clicking on it.
www.globesearch.com - no verified fix yet. Possible fix (from examining suspect "Uninstall" binaries from the site): Find and delete the files: gshp.vbs, gsc0.txt, gsc1.txt.
Bonzi Buddy - Unconfirmed, but it is reported that the Bonzi software will change your homepage, and if you change it back, pop up a "Would you like to change your homepage (back to Bonzi's)". Whether you select yes or no, your homepage gets changed.
www.cool-xxx.net - Delete WINSYS.VBS (or .VBA), win0.txt, win1.txt from your Windows directory. Also find and delete the program that is loading them, which may be under a random name (in one case it was "zzgghh").
www.huntbar.com - A browser toolbar and hijacker. Believed to be a drive-by download. Reportedly, even redirects "My Computer" and "Control Panel" to their site. Close IE, use Find to search for "MSIETS.DLL", and write down the path to it. It is normally "C:\Program Files\Common Files\MSIETS". Deregister it by typing the following command into Windows' Run box: "regsvr32.exe /u C:\Program Files\Common Files\MSIETS", replacing C:\Program... with the path you noted earlier.
www.xupiter.com - This site will hijack your start page by way of a "browser enhancement" toolbar BHO. It is difficult to remove manually, but luckily Ad-Aware and SpybotS&D both remove it without any trouble. This sneaky b*stard is sometimes even disguised as an unsubscribe for spam mails: "In a moment a pop-up box will appear. Press Yes to be removed from all future mailings." The popup box, of course, installs the hijacker.
www.provilation.com - Hijacker prefixes the URL prolivation.com/cgi-bin/r.cgi? to Web sites you visit (even when you type the address in manually), allowing the site to monitor visited URLs and/or redirect the requests, add popups, etc. Adult sites may be substituted for the requested site. SpybotS&D will remove this hijacker.
www.searchresult.net - This hijack courtesy of a junk plugin from 'IGetNet', bundled with some p2p applications. More info and removal instructions at Doxdesk. A 'Support' page on the searchresult.net site claims to reset the homepage, but only sets a cookie and displays a popup ad.
Other Adware
Typically not hazardous, just annoying. These programs have bait-and-switched customers into viewing annoying blinky advertisements on the program's main window.
AOL Instant Messenger (SM) by AOL
AOL / Mirabilis ICQ - new AOLified versions
Foistware (Everything-installs-it-can't-get-rid-of-it)
Unwanted application programs that come along, trojan-style, with completely unrelated software. Usually because some jerk is getting paid to foist it on your system whether you want it or not. Since they tag along with so many different pieces of third-party software, it is not uncommon to get re-infected with these foistware products again and again.
Gator, Offer Companion, Trickler (FSG.EXE / fsg-ag.exe)@ - Installed by (EVERYTHING!) - Including AudioGalaxy
WhenUShop / SaveNow@
AOL Instant Messenger@ Installed by Netscape Navigator and other products.
MSN Messenger - Installed by/with a number of Microsoft applications, including MSIE and MSN Explorer
New Net, Inc (NewDotNet) Installed by BearShare among others
EZula TOPtext / ContextPro / HOTText - This is a product some are calling "ThiefWare" - It inserts "yellow highlighter" advertising links in arbitrary web sites you visit! - Installed by KaZaA file-sharing tool among others.
Spedia Surf+ - another "ThiefWare" product. Installed by Spedia software and very difficult to remove. See this site for removal instructions.
WebHancer - a secretive "connection reporting tool" that seems to be quietly installed by dozens of unrelated programs!
Fotino by Meltingpoint Software - A "thiefware" product similar to EZula TopText--see this article. No information currently available.
Mirazo / NetAngel - A "thiefware" product similar to EZula TopText. No information currently available.
CameoCast and CameoONE - May be installed by Western Digital Lifeline Installer.
BackWeb / Western Digital DLGLI.EXE - Installed by Western Digital Data Lifeline among others. Purports to monitor your hard drive for problems, but is suspected of being a vehicle for displaying unwanted advertisements as well. More recently, Backweb was caught installing along with Logitech mouse drivers (!) (Do you really need web-update for ****ing mouse drivers?)
Liveshows - A dialer program that tries to get you to accept a set of Terms it hounds you with on every startup. May be installed via unsolicited mail attachment and some adult Web sites.
NetSetter / Marketscore - A "market research" program along the lines of WebHancer, intended to track your Internet usage and buying habits. Some users seem to have it and not know where it came from. Removal instructions here. (If you did voluntarily sign up for this service and wish to remove it, you can login to the Marketscore Web site for removal procedures.)
IntelliTech Backdoor.Autoupder Trojan / BrowserToolbar (Ausvc.exe, Bvt.exe, Mnsvc.exe, Absr.exe) - A bona-fide backdoor trojan, this one is caught by antivirus. Writeup here and technical info here. A sneaky spyware dropper that was installed by an ad on a Web site (flowgo.com).
CommonName toolbar - "Internet marketing tool" (and resolver of New.Net-esque bogus domain names) which, while it can be downloaded from its maker's Web site, often appears due to KaZaA and similar software. Info here.
UCMore (ucmie.dll) - An IE toolbar that displays "related links" for the site you're visiting. Distributed by FreeWire file-sharing tool among others. Versions 3.x and below report back the URLs you visit along with a unique ID. As of Version 4, the ID has been removed, and the company asserts that the product will no longer be stealth-installed. More info here.
freeaccess.exe - Distributed via adult spam, appears to be a dialer.
sentry.exe, sentrystub.exe, ipinsigt.dll? (IPInsight UserTag / TrafficSensor) - Provides Web sites with demographic and geographic information about you (the company brags that it can determine what city you live in to 90% accuracy), along with connection-speed and other data. Thread here and full write-up on Doxdesk. Interestingly, the company claims its product (installed on YOUR computer) as an alternative to spyware.
Trojan Horses
Programs for the specific purpose of violating your privacy, stealing data, taking over or trashing your computer.
NetBus See also PCHelp Reference , Barton Networking Reference and official NetBus homepage
* NetBus seems to have "gone legit" and progressed from its original form as a Trojan Horse to a non-malevolent, commercial remote-administration tool. Information is provided "for reference" as many of the "trojan" installations persist.
Back Orifice See PCHelp Reference.
ICQtrogen See Trojans Lair Reference (use Find..)
PWSteal (Note: several trojans go under this name) An AOL password stealer is among the most common.
* Norton AntiVirus refers to all password-snarfing trojans under the general name PWSteal.
PrettyPark See PCHelp Reference.
Sub Seven - Another fairly nasty trojan, which can monitor keystrokes on your machine and allow others to access it remotely. While this program has a few limited "helpful" uses (retrieving keystrokes/passwords from your own system, e.g. censorware passwords), it is still a Trojan and should be used with extreme caution. See here for description and here for removal utility.
Worm.Kazaa.Benjamin a.k.a. Full Downloader - A worm that spreads via the Kazaa file-sharing network. Signs of infection include presence of the file "EXPLORER.SCR" and a directory "C:\Windows\Temp\SYS32". To remove, delete both of these components. More info here.
Load.exe - Part of the Nimda virus, can produce error messages ("Windows cannot find load.exe") and possible inability to run programs. To remove, run a virus scanner. To remove error message, open SYSTEM.INI, find the line similar to "Shell=explorer.exe load.exe" and change it to "Shell=explorer.exe". More info here.
The Great Unknown
Some generally bad-behaving software whose purpose and motive are not clear...
RPCSS.EXE, mdm.exe (Remote Procedure Call, Machine Debug Manager) by Microsoft
Update: Purpose clarified. See "What is RPCSS.EXE?" (Guest). It appears to be a glorified port mapper
i'll see what i can get from http://www.cexx.org/adware.htm
http://www.cexx.org/adware.htm
left off here
ctbclick.exe (ClickTheButton) - Installed by (NetPal), Favoriteman parasite, and some versions of KaZaA. More information here.
added
MicroStrategy MICROSTRAT-44-21 (NET-4-43-44-32-1:4.43.44.32-4.43.44.63
MicroStrategy MICROSTRAT-44-16 (NET-4-43-44-128-1:4.43.44.128-4.43.44.143
pest related:38.118.144.180-38.118.144.180
Bonzi Software UU-63-68-54 (NET-63-68-54-0-1:63.68.54.0-63.68.55.255
Conducent, Inc. UU-63-70-12 (NET-63-70-12-0-1:63.70.12.0-63.70.12.255
Microstrategy, Inc. UU-63-89-233-64 (NET-63-89-233-64-1:63.89.233.64-63.89.233.71
adware-possible innocents:63.99.224.0-63.99.224.255
American List Counsel SPRINTLINK (NET-63-172-191-240-1:63.172.191.240-63.172.191.255
Phoenix Technologies SBCIS30761 (NET-63-193-230-216-1:63.193.230.216-63.193.230.223
Velocity Networks, Inc. SBCIS35451 (NET-63-194-9-0-1:63.194.9.0-63.194.9.7
Bonzi Software SBC063194103112020711 (NET-63-194-103-112-1:63.194.103.112-63.194.103.119
Velocity Networks Inc. SBCIS38575 (NET-63-195-211-176-1:63.195.211.176-63.195.211.183
CREATIVE LABS SBCIS-100428-161749 (NET-63-206-114-152-1:63.206.114.152-63.206.114.159
Flashpoint Design Group USW-FPDG (NET-63-231-237-120-1:63.231.237.120-63.231.237.127
Phoenix Technologies, Ltd. ATTENS-008745-002195 (NET-63-241-67-128-1:63.241.67.128-63.241.67.159
searchbar:64.21.81.201-64.21.81.201
popup:64.35.113.133-64.35.113.133
Flashpoint Technology HTW-06819 (NET-64-55-105-97-1:64.55.105.97-64.55.105.126
FLASHPOINT HTW-05815 (NET-64-55-124-136-1:64.55.124.136-64.55.124.143
FLASHPOINT HTW-07016 (NET-64-55-147-80-1:64.55.147.80-64.55.147.95
Brilliant Digital Entertainment BRILLIANT-DIGITAL-ENTERTAINMENT (NET-64-60-8-160-1:64.60.8.160-64.60.8.191
MindSet Interactive HP-64-77-29-208 (NET-64-77-29-208-1:64.77.29.208-64.77.29.215
MindSet Interactive HP-64-77-38-112 (NET-64-77-38-112-1:64.77.38.112-64.77.38.120
MindSet Interactive HP-64-77-43-192 (NET-64-77-43-192-1:64.77.43.192-64.77.43.223
MICROSTRATEGY, INC DSLNET-20010512-00322 (NET-64-93-61-96-1:64.93.61.96-64.93.61.127
Network Essentials, Ltd. (NWEL) GCNETBLK-NWEL1 (NET-64-146-147-0-1:64.146.147.0-64.146.147.63
Network Essentials Ltd. GCNETBLK-NWEL1 (NET-64-146-188-0-2:64.146.188.0-64.146.188.127
Velocity Networks, Inc SBCIS-100724-18335 (NET-64-161-254-0-1:64.161.254.0-64.161.255.255
VX2, INC DSLNET-064204210008 (NET-64-204-210-8-1:64.204.210.8-64.204.210.15
AD Tech Inc SBCIS-101921-142515 (NET-65-43-73-104-1:65.43.73.104-65.43.73.111
MICROSTRATEGY DSLNET-20020311-00024 (NET-65-86-103-64-1:65.86.103.64-65.86.103.95
MICROSTRATEGY DSLNET-20020311-00001 (NET-65-86-110-32-1:65.86.110.32-65.86.110.63
MICROSTRATEGY DSLNET-20020311-00023 (NET-65-86-110-64-1:65.86.110.64-65.86.110.95
MICROSTRATEGY DSLNET-20020325-00023 (NET-65-86-111-160-1:65.86.111.160-65.86.111.191
Riverdeep Interactive Learning:65.215.217.208-65.215.217.223
geo loc:66.35.227.98-66.35.227.98
Velocity Networks Inc. PWT-LSAN-FLST-157 (NET-66-42-53-0-1:66.42.53.0-66.42.53.255
Velocity Networks, Inc. VELN-2BLK (NET-66-102-128-0-1:66.102.128.0-66.102.143.255
Wurld Media, Inc. 66-109-33-0-29 (NET-66-109-33-0-1:66.109.33.0-66.109.33.7
Wurld Media, Inc. 66-109-33-48-29 (NET-66-109-33-48-1:66.109.33.48-66.109.33.55
Wurld Media, Inc. 66-109-33-56-29 (NET-66-109-33-56-1:66.109.33.56-66.109.33.63
Phoenix Technologies SBC066126254120030722 (NET-66-126-254-120-1:66.126.254.120-66.126.254.127
Ad Trends SBCIS-101731-102832 (NET-66-136-139-160-1:66.136.139.160-66.136.139.167
AD TRENDS SBCIS-101731-151233 (NET-66-136-139-168-1:66.136.139.168-66.136.139.175
Netsonic NETSONIC-BLK2 (NET-66-180-160-0-1:66.180.160.0-66.180.175.255
Velocity Networks Inc SBC-06711206512825 (NET-67-112-65-128-1:67.112.65.128-67.112.65.255
Velocity Networks Inc SBC-06711206712825 (NET-67-112-67-128-1:67.112.67.128-67.112.67.255
Creative Labs Inc SBC067117138136020511 (NET-67-117-138-136-1:67.117.138.136-67.117.138.143
Ad Tech Industries SBC068079137184031007 (NET-68-79-137-184-1:68.79.137.184-68.79.137.191
Stop Popup Ads Now, Inc RSPC-36956-1063225089 (NET-69-20-19-88-1:69.20.19.88-69.20.19.95
Stop Popup Ads Now, Inc RSPC-35560-1063220469 (NET-69-20-27-208-1:69.20.27.208-69.20.27.215
Stop Popup Ads Now, Inc RSPC-33647-1063220073 (NET-69-20-30-72-1:69.20.30.72-69.20.30.79
Stop Popup Ads Now, Inc RSPC-33648-1063220075 (NET-69-20-30-80-1:69.20.30.80-69.20.30.87
Creative Labs Inc10955584 SBC06911114121629040325203229 (NET-69-111-141-216-1:69.111.141.216-69.111.141.223
Phoenix Technologies Ltd. PHOENIX (NET-134-122-0-0-1:134.122.0.0-134.122.255.255
Cambridge Entrepreneurial Network CENTNET (NET-140-186-0-0-1:140.186.0.0-140.186.255.255
Flashpoint Marketing VZ-FLSHPNTMRKTNG-1 (NET-141-152-37-200-1:141.152.37.200-141.152.37.207
Creative Labs NETBLK-CREAF1 (NET-198-95-32-0-1:198.95.32.0-198.95.63.255
Microstrategy, Inc. STRATEGY-NET (NET-199-173-152-0-1:199.173.152.0-199.173.152.255
Cambridge Entrepreneurial Network CENT-CIDR-01 (NET-199-232-0-0-1:199.232.0.0-199.232.255.255
MICROSTRATEGY MICROSTRATEGY (NET-200-41-126-136-1:200.41.126.136-200.41.126.143
American List Counsel, Inc AMLIST (NET-204-130-201-0-1:204.130.201.0-204.130.201.255
Microstrategy, Inc. MICROSTRATUU2 (NET-205-150-168-160-1:205.150.168.160-205.150.168.175
AD Technologies Inc. ADTECH (NET-205-151-188-0-1:205.151.188.0-205.151.188.255
bargain buddy:205.158.62.116-205.158.62.116
Velocity Networks, Inc. VELN-3BLK (NET-206-126-128-0-1:206.126.128.0-206.126.159.255
Microstrategy, Inc. STRATEGY-NET2 (NET-206-136-136-0-1:206.136.136.0-206.136.136.255
Flashpoint Technology, Inc. FLASHPNT (NET-207-5-52-0-2:207.5.52.0-207.5.52.255
Microstrategy, Inc. MICROSTRATEGY-ANS (NET-207-27-1-0-1:207.27.1.0-207.27.1.255
pest related,pest related site:207.44.198.27-207.44.198.27
Velocity Networks, Inc. VELN (NET-207-182-224-0-1:207.182.224.0-207.182.255.255
Brilliant Digital Entertainment PBI-CUSTNET-3484 (NET-207-213-45-32-1:207.213.45.32-207.213.45.63
Conducent Technologies DIGINET184 (NET-207-233-200-0-1:207.233.200.0-207.233.200.255
VX2 STDIO-VX21 (NET-207-246-124-0-1:207.246.124.0-207.246.124.255
Netsonic INCNET-GB-CUST-NTS-0 (NET-207-250-25-0-1:207.250.25.0-207.250.25.255
Netsonic INCNET-NTSNC-GBY (NET-207-250-84-0-1:207.250.84.0-207.250.84.255
Netsonic INCNET-GB-CUST-NTS-2 (NET-207-250-96-0-1:207.250.96.0-207.250.96.255
Netsonic INCNET-NETSON-250-162 (NET-207-250-162-0-1:207.250.162.0-207.250.162.255
Netsonic INCNET-NETSON-250-184 (NET-207-250-184-0-1:207.250.184.0-207.250.184.255
Netsonic INCNET-NETSON-250-210 (NET-207-250-210-0-1:207.250.210.0-207.250.210.255
Netsonic INCNET-NETSON-250-212 (NET-207-250-212-0-1:207.250.212.0-207.250.212.255
CREATIVE LABS INC SBCIS80232 (NET-208-188-108-96-1:208.188.108.96-208.188.108.103
Microstrategy, Inc. UU-208-206-234 (NET-208-206-234-0-1:208.206.234.0-208.206.234.255
AD Transport Express UU-208-208-57-64 (NET-208-208-57-64-1:208.208.57.64-208.208.57.127
Focus Interactive, Inc. UU-208-208-221-D1 (NET-208-208-221-0-1:208.208.221.0-208.208.221.63
Focus Interactive, Inc. UU-208-225-218-240 (NET-208-225-218-240-1:208.225.218.240-208.225.218.255
Microstrategy, Inc. UU-208-226-118 (NET-208-226-118-0-1:208.226.118.0-208.226.118.255
Microstrategy, Inc. UU-208-238-98 (NET-208-238-98-0-1:208.238.98.0-208.238.98.255
Microstrategy, Inc. UU-208-244-116 (NET-208-244-116-0-1:208.244.116.0-208.244.117.255
Cydoor Technologies IP007022-209-10-17 (NET-209-10-17-128-1:209.10.17.128-209.10.17.255
Cydoor Technologies IP009762-209-11-66 (NET-209-11-66-0-1:209.11.66.0-209.11.66.255
Cydoor Technologies IP009978-209-11-67 (NET-209-11-67-0-1:209.11.67.0-209.11.67.255
AD Technologies INTX-196-32-29 (NET-209-42-196-32-1:209.42.196.32-209.42.196.39
Cydoor Technologies IP010194-209-73-206 (NET-209-73-206-0-1:209.73.206.0-209.73.206.255
Cydoor Technologies Inc. CYDOOR-209-73-225 (NET-209-73-225-0-1:209.73.225.0-209.73.225.255
adware related:209.132.205.222-209.132.205.222
Aureate Development, Inc. INDYNET-AUREATE-1 (NET-209-183-99-0-1:209.183.99.0-209.183.99.255
ions pride:209.234.155.99-209.234.155.99
Creative Labs CREATIVE84 (NET-216-61-164-0-1:216.61.164.0-216.61.167.255
Flashpoint IOSNET-7-131-112-127 (NET-216-97-131-112-1:216.97.131.112-216.97.131.127
Phoenix Technologies, Ltd. ATTENS-008745-001996 (NET-216-148-212-216-1:216.148.212.216-216.148.212.223
Phoenix Technologies, Ltd. ATTENS-008745-001788 (NET-216-148-218-128-1:216.148.218.128-216.148.218.255
web3000:216.168.60.122-216.168.60.122
Ad Tech FDN-559206-92-160 (NET-216-199-92-160-1:216.199.92.160-216.199.92.167
Netsonic NETSONIC (NET-216-235-64-0-1:216.235.64.0-216.235.79.255
aadcom adware:216.237.0.0-216.237.63.255:216.237.10.184-216.237.10.184
dig rooster:216.254.144.0-216.254.144.127
left off here
ctbclick.exe (ClickTheButton) - Installed by (NetPal), Favoriteman parasite, and some versions of KaZaA. More information here.
added
MicroStrategy MICROSTRAT-44-21 (NET-4-43-44-32-1:4.43.44.32-4.43.44.63
MicroStrategy MICROSTRAT-44-16 (NET-4-43-44-128-1:4.43.44.128-4.43.44.143
pest related:38.118.144.180-38.118.144.180
Bonzi Software UU-63-68-54 (NET-63-68-54-0-1:63.68.54.0-63.68.55.255
Conducent, Inc. UU-63-70-12 (NET-63-70-12-0-1:63.70.12.0-63.70.12.255
Microstrategy, Inc. UU-63-89-233-64 (NET-63-89-233-64-1:63.89.233.64-63.89.233.71
adware-possible innocents:63.99.224.0-63.99.224.255
American List Counsel SPRINTLINK (NET-63-172-191-240-1:63.172.191.240-63.172.191.255
Phoenix Technologies SBCIS30761 (NET-63-193-230-216-1:63.193.230.216-63.193.230.223
Velocity Networks, Inc. SBCIS35451 (NET-63-194-9-0-1:63.194.9.0-63.194.9.7
Bonzi Software SBC063194103112020711 (NET-63-194-103-112-1:63.194.103.112-63.194.103.119
Velocity Networks Inc. SBCIS38575 (NET-63-195-211-176-1:63.195.211.176-63.195.211.183
CREATIVE LABS SBCIS-100428-161749 (NET-63-206-114-152-1:63.206.114.152-63.206.114.159
Flashpoint Design Group USW-FPDG (NET-63-231-237-120-1:63.231.237.120-63.231.237.127
Phoenix Technologies, Ltd. ATTENS-008745-002195 (NET-63-241-67-128-1:63.241.67.128-63.241.67.159
searchbar:64.21.81.201-64.21.81.201
popup:64.35.113.133-64.35.113.133
Flashpoint Technology HTW-06819 (NET-64-55-105-97-1:64.55.105.97-64.55.105.126
FLASHPOINT HTW-05815 (NET-64-55-124-136-1:64.55.124.136-64.55.124.143
FLASHPOINT HTW-07016 (NET-64-55-147-80-1:64.55.147.80-64.55.147.95
Brilliant Digital Entertainment BRILLIANT-DIGITAL-ENTERTAINMENT (NET-64-60-8-160-1:64.60.8.160-64.60.8.191
MindSet Interactive HP-64-77-29-208 (NET-64-77-29-208-1:64.77.29.208-64.77.29.215
MindSet Interactive HP-64-77-38-112 (NET-64-77-38-112-1:64.77.38.112-64.77.38.120
MindSet Interactive HP-64-77-43-192 (NET-64-77-43-192-1:64.77.43.192-64.77.43.223
MICROSTRATEGY, INC DSLNET-20010512-00322 (NET-64-93-61-96-1:64.93.61.96-64.93.61.127
Network Essentials, Ltd. (NWEL) GCNETBLK-NWEL1 (NET-64-146-147-0-1:64.146.147.0-64.146.147.63
Network Essentials Ltd. GCNETBLK-NWEL1 (NET-64-146-188-0-2:64.146.188.0-64.146.188.127
Velocity Networks, Inc SBCIS-100724-18335 (NET-64-161-254-0-1:64.161.254.0-64.161.255.255
VX2, INC DSLNET-064204210008 (NET-64-204-210-8-1:64.204.210.8-64.204.210.15
AD Tech Inc SBCIS-101921-142515 (NET-65-43-73-104-1:65.43.73.104-65.43.73.111
MICROSTRATEGY DSLNET-20020311-00024 (NET-65-86-103-64-1:65.86.103.64-65.86.103.95
MICROSTRATEGY DSLNET-20020311-00001 (NET-65-86-110-32-1:65.86.110.32-65.86.110.63
MICROSTRATEGY DSLNET-20020311-00023 (NET-65-86-110-64-1:65.86.110.64-65.86.110.95
MICROSTRATEGY DSLNET-20020325-00023 (NET-65-86-111-160-1:65.86.111.160-65.86.111.191
Riverdeep Interactive Learning:65.215.217.208-65.215.217.223
geo loc:66.35.227.98-66.35.227.98
Velocity Networks Inc. PWT-LSAN-FLST-157 (NET-66-42-53-0-1:66.42.53.0-66.42.53.255
Velocity Networks, Inc. VELN-2BLK (NET-66-102-128-0-1:66.102.128.0-66.102.143.255
Wurld Media, Inc. 66-109-33-0-29 (NET-66-109-33-0-1:66.109.33.0-66.109.33.7
Wurld Media, Inc. 66-109-33-48-29 (NET-66-109-33-48-1:66.109.33.48-66.109.33.55
Wurld Media, Inc. 66-109-33-56-29 (NET-66-109-33-56-1:66.109.33.56-66.109.33.63
Phoenix Technologies SBC066126254120030722 (NET-66-126-254-120-1:66.126.254.120-66.126.254.127
Ad Trends SBCIS-101731-102832 (NET-66-136-139-160-1:66.136.139.160-66.136.139.167
AD TRENDS SBCIS-101731-151233 (NET-66-136-139-168-1:66.136.139.168-66.136.139.175
Netsonic NETSONIC-BLK2 (NET-66-180-160-0-1:66.180.160.0-66.180.175.255
Velocity Networks Inc SBC-06711206512825 (NET-67-112-65-128-1:67.112.65.128-67.112.65.255
Velocity Networks Inc SBC-06711206712825 (NET-67-112-67-128-1:67.112.67.128-67.112.67.255
Creative Labs Inc SBC067117138136020511 (NET-67-117-138-136-1:67.117.138.136-67.117.138.143
Ad Tech Industries SBC068079137184031007 (NET-68-79-137-184-1:68.79.137.184-68.79.137.191
Stop Popup Ads Now, Inc RSPC-36956-1063225089 (NET-69-20-19-88-1:69.20.19.88-69.20.19.95
Stop Popup Ads Now, Inc RSPC-35560-1063220469 (NET-69-20-27-208-1:69.20.27.208-69.20.27.215
Stop Popup Ads Now, Inc RSPC-33647-1063220073 (NET-69-20-30-72-1:69.20.30.72-69.20.30.79
Stop Popup Ads Now, Inc RSPC-33648-1063220075 (NET-69-20-30-80-1:69.20.30.80-69.20.30.87
Creative Labs Inc10955584 SBC06911114121629040325203229 (NET-69-111-141-216-1:69.111.141.216-69.111.141.223
Phoenix Technologies Ltd. PHOENIX (NET-134-122-0-0-1:134.122.0.0-134.122.255.255
Cambridge Entrepreneurial Network CENTNET (NET-140-186-0-0-1:140.186.0.0-140.186.255.255
Flashpoint Marketing VZ-FLSHPNTMRKTNG-1 (NET-141-152-37-200-1:141.152.37.200-141.152.37.207
Creative Labs NETBLK-CREAF1 (NET-198-95-32-0-1:198.95.32.0-198.95.63.255
Microstrategy, Inc. STRATEGY-NET (NET-199-173-152-0-1:199.173.152.0-199.173.152.255
Cambridge Entrepreneurial Network CENT-CIDR-01 (NET-199-232-0-0-1:199.232.0.0-199.232.255.255
MICROSTRATEGY MICROSTRATEGY (NET-200-41-126-136-1:200.41.126.136-200.41.126.143
American List Counsel, Inc AMLIST (NET-204-130-201-0-1:204.130.201.0-204.130.201.255
Microstrategy, Inc. MICROSTRATUU2 (NET-205-150-168-160-1:205.150.168.160-205.150.168.175
AD Technologies Inc. ADTECH (NET-205-151-188-0-1:205.151.188.0-205.151.188.255
bargain buddy:205.158.62.116-205.158.62.116
Velocity Networks, Inc. VELN-3BLK (NET-206-126-128-0-1:206.126.128.0-206.126.159.255
Microstrategy, Inc. STRATEGY-NET2 (NET-206-136-136-0-1:206.136.136.0-206.136.136.255
Flashpoint Technology, Inc. FLASHPNT (NET-207-5-52-0-2:207.5.52.0-207.5.52.255
Microstrategy, Inc. MICROSTRATEGY-ANS (NET-207-27-1-0-1:207.27.1.0-207.27.1.255
pest related,pest related site:207.44.198.27-207.44.198.27
Velocity Networks, Inc. VELN (NET-207-182-224-0-1:207.182.224.0-207.182.255.255
Brilliant Digital Entertainment PBI-CUSTNET-3484 (NET-207-213-45-32-1:207.213.45.32-207.213.45.63
Conducent Technologies DIGINET184 (NET-207-233-200-0-1:207.233.200.0-207.233.200.255
VX2 STDIO-VX21 (NET-207-246-124-0-1:207.246.124.0-207.246.124.255
Netsonic INCNET-GB-CUST-NTS-0 (NET-207-250-25-0-1:207.250.25.0-207.250.25.255
Netsonic INCNET-NTSNC-GBY (NET-207-250-84-0-1:207.250.84.0-207.250.84.255
Netsonic INCNET-GB-CUST-NTS-2 (NET-207-250-96-0-1:207.250.96.0-207.250.96.255
Netsonic INCNET-NETSON-250-162 (NET-207-250-162-0-1:207.250.162.0-207.250.162.255
Netsonic INCNET-NETSON-250-184 (NET-207-250-184-0-1:207.250.184.0-207.250.184.255
Netsonic INCNET-NETSON-250-210 (NET-207-250-210-0-1:207.250.210.0-207.250.210.255
Netsonic INCNET-NETSON-250-212 (NET-207-250-212-0-1:207.250.212.0-207.250.212.255
CREATIVE LABS INC SBCIS80232 (NET-208-188-108-96-1:208.188.108.96-208.188.108.103
Microstrategy, Inc. UU-208-206-234 (NET-208-206-234-0-1:208.206.234.0-208.206.234.255
AD Transport Express UU-208-208-57-64 (NET-208-208-57-64-1:208.208.57.64-208.208.57.127
Focus Interactive, Inc. UU-208-208-221-D1 (NET-208-208-221-0-1:208.208.221.0-208.208.221.63
Focus Interactive, Inc. UU-208-225-218-240 (NET-208-225-218-240-1:208.225.218.240-208.225.218.255
Microstrategy, Inc. UU-208-226-118 (NET-208-226-118-0-1:208.226.118.0-208.226.118.255
Microstrategy, Inc. UU-208-238-98 (NET-208-238-98-0-1:208.238.98.0-208.238.98.255
Microstrategy, Inc. UU-208-244-116 (NET-208-244-116-0-1:208.244.116.0-208.244.117.255
Cydoor Technologies IP007022-209-10-17 (NET-209-10-17-128-1:209.10.17.128-209.10.17.255
Cydoor Technologies IP009762-209-11-66 (NET-209-11-66-0-1:209.11.66.0-209.11.66.255
Cydoor Technologies IP009978-209-11-67 (NET-209-11-67-0-1:209.11.67.0-209.11.67.255
AD Technologies INTX-196-32-29 (NET-209-42-196-32-1:209.42.196.32-209.42.196.39
Cydoor Technologies IP010194-209-73-206 (NET-209-73-206-0-1:209.73.206.0-209.73.206.255
Cydoor Technologies Inc. CYDOOR-209-73-225 (NET-209-73-225-0-1:209.73.225.0-209.73.225.255
adware related:209.132.205.222-209.132.205.222
Aureate Development, Inc. INDYNET-AUREATE-1 (NET-209-183-99-0-1:209.183.99.0-209.183.99.255
ions pride:209.234.155.99-209.234.155.99
Creative Labs CREATIVE84 (NET-216-61-164-0-1:216.61.164.0-216.61.167.255
Flashpoint IOSNET-7-131-112-127 (NET-216-97-131-112-1:216.97.131.112-216.97.131.127
Phoenix Technologies, Ltd. ATTENS-008745-001996 (NET-216-148-212-216-1:216.148.212.216-216.148.212.223
Phoenix Technologies, Ltd. ATTENS-008745-001788 (NET-216-148-218-128-1:216.148.218.128-216.148.218.255
web3000:216.168.60.122-216.168.60.122
Ad Tech FDN-559206-92-160 (NET-216-199-92-160-1:216.199.92.160-216.199.92.167
Netsonic NETSONIC (NET-216-235-64-0-1:216.235.64.0-216.235.79.255
aadcom adware:216.237.0.0-216.237.63.255:216.237.10.184-216.237.10.184
dig rooster:216.254.144.0-216.254.144.127
great stuff , that VX2 shit is all over the place , heres a few im about to add , ill update this post soon with the rest of the ones i got :
TWAIN-TECH.COM[Spyware Terrorists]:63.99.224.57-63.99.224.57
Ready Hosting UU-63-99-224-D4[twaintec spyware hosts]63.99.224.0-63.99.224.255
Peer 1 Network Inc. PEER1-BLK-08[SPYWARE]:69.90.0.0-69.90.191.255
APS Telecom[SPYWARE]:209.66.114.0-209.66.115.255
SOVINTEL-ICSTM2[CWS-TROJANS]:81.211.105.0-81.211.105.255
QXNET[SPYWARE]:64.191.128.0-64.191.159.255
covered by the larger range above ^
Thinking Media PEER1-THINKINGMEDIA-01[SPYWARE]:69.90.32.0-69.90.32.255
already listed by DDD above ^
Vx2 Spyware Terrorists[STDIO-VX21]:207.246.124.0-207.246.124.255
we still have sponges ip list to translate , but i think youve covered a lot already DDD :
http://www.geocities.com/yosponge/blockips.txt
posted by the webhelper , this guy is great :
http://www.freedomlist.com/forum/viewtopic...ic.php?p=109208
TWAIN-TECH.COM[Spyware Terrorists]:63.99.224.57-63.99.224.57
Ready Hosting UU-63-99-224-D4[twaintec spyware hosts]63.99.224.0-63.99.224.255
Peer 1 Network Inc. PEER1-BLK-08[SPYWARE]:69.90.0.0-69.90.191.255
APS Telecom[SPYWARE]:209.66.114.0-209.66.115.255
SOVINTEL-ICSTM2[CWS-TROJANS]:81.211.105.0-81.211.105.255
QXNET[SPYWARE]:64.191.128.0-64.191.159.255
covered by the larger range above ^
Thinking Media PEER1-THINKINGMEDIA-01[SPYWARE]:69.90.32.0-69.90.32.255
already listed by DDD above ^
Vx2 Spyware Terrorists[STDIO-VX21]:207.246.124.0-207.246.124.255
we still have sponges ip list to translate , but i think youve covered a lot already DDD :
http://www.geocities.com/yosponge/blockips.txt
posted by the webhelper , this guy is great :
http://www.freedomlist.com/forum/viewtopic...ic.php?p=109208
QUOTE
Transponder Gangs Known IPs and URLs: Added 6 March 2004
Some of the URL addresses are not accessable except when clicking on the EULA link in a popup install window when surfing. The group has always kept all the domains as they still are used in one way or another in the offeroptimizer ad campains, privacy policies, uninstall information, or they still are used as file servers containing the cab files that are installed thru popups, direct from their sites, or from other installs of 3rd party adware where they are bundled with.
63.99.224.20 thinkingmedia.net
63.99.224.37 stop-popup-ads-now.com
63.99.224.47 cleangetaway.biz
63.99.224.47 mypanicbutton.com
63.99.209.59 Ipinsight.com
63.99.224.62 mail.msview.cc
63.99.224.65 msview.cc
64.191.159.120 xadx.offeroptimizer.com
64.191.159.132 c.abetterinternet.com
64.191.159.133 s.abetterinternet.com
64.191.159.133 update.stop-popup-ads-now.com
64.41.114.15 tps108.org
64.41.111.75 truedata.org:
66.216.73.160 hxxp://belt.abetterinternet.com/bi/servlet/Belt? StubName=Belt
69.20.5.14 cr.stop-popup-ads-now.com
69.20.5.39 69.20.5.39/download/cabs/BI5101/Belt.cab
69.20.5.39 69.20.5.39/download/cabs/BILATEST/bi.cab
69.20.5.39 69.20.5.39/download/cabs/BI5101/belt.exe
69.20.5..51 download.abetterinternet.com
69.20.5..51 download.abetterinternet.com
69.20.5.51 download2.abetterinternet.com
69.20.5..51 download3.abetterinternet.com
69.20.29.247 download.abetterinternet.com
69.20.29.247 download2.abetterinternet.com
69.20.29.247 download3.abetterinternet.com
69.28.146.21 xlime.offeroptimizer.com
207.246.105.49 Celticfestival.org
207.246.124.113 transctl.vx2.cc
207.246.124.120 xads.offeroptimizer.com
207.246.124.130 mail.tps108.org
216.187.118.221 Hostpool.net
216.110.36.129 ipinsight.net
216.110.36.129 mypctuneup.com
Webhelper
209.66.114.0 - 209.66.115.255
81.211.105.0 - 81.211.105.255
The 81.211.105.20 area starts with a lot of porn sites.
Some don't access nothing but a great majority are at CWS type search sites.
209.66.114.0
[Server: whois.arin.net]
CustName: APS Telecom
Address: 1802 N carson street
City: Carson City
StateProv: NV
PostalCode: 89701
Country: US
RegDate: 2003-05-29
Updated: 2003-05-29
NetRange: 209.66.114.0 - 209.66.115.255
CIDR: 209.66.114.0/23
NetName: MFN-C231-209-66-114-0-23
NetHandle: NET-209-66-114-0-1
Parent: NET-209-66-64-0-1
NetType: Reassigned
81.211.105.20
[Server: whois.ripe.net]
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/d.../copyright.html
inetnum: 81.211.105.0 - 81.211.105.255
netname: SOVINTEL-ICSTM2
descr: ICS TM, JSC
descr: 70 Bolshoy pr. V.O.
descr: 199002 St.-Petersburg
country: RU
admin-c: PSA13-RIPE
tech-c: PSA13-RIPE
status: ASSIGNED PA
Some of the URL addresses are not accessable except when clicking on the EULA link in a popup install window when surfing. The group has always kept all the domains as they still are used in one way or another in the offeroptimizer ad campains, privacy policies, uninstall information, or they still are used as file servers containing the cab files that are installed thru popups, direct from their sites, or from other installs of 3rd party adware where they are bundled with.
63.99.224.20 thinkingmedia.net
63.99.224.37 stop-popup-ads-now.com
63.99.224.47 cleangetaway.biz
63.99.224.47 mypanicbutton.com
63.99.209.59 Ipinsight.com
63.99.224.62 mail.msview.cc
63.99.224.65 msview.cc
64.191.159.120 xadx.offeroptimizer.com
64.191.159.132 c.abetterinternet.com
64.191.159.133 s.abetterinternet.com
64.191.159.133 update.stop-popup-ads-now.com
64.41.114.15 tps108.org
64.41.111.75 truedata.org:
66.216.73.160 hxxp://belt.abetterinternet.com/bi/servlet/Belt? StubName=Belt
69.20.5.14 cr.stop-popup-ads-now.com
69.20.5.39 69.20.5.39/download/cabs/BI5101/Belt.cab
69.20.5.39 69.20.5.39/download/cabs/BILATEST/bi.cab
69.20.5.39 69.20.5.39/download/cabs/BI5101/belt.exe
69.20.5..51 download.abetterinternet.com
69.20.5..51 download.abetterinternet.com
69.20.5.51 download2.abetterinternet.com
69.20.5..51 download3.abetterinternet.com
69.20.29.247 download.abetterinternet.com
69.20.29.247 download2.abetterinternet.com
69.20.29.247 download3.abetterinternet.com
69.28.146.21 xlime.offeroptimizer.com
207.246.105.49 Celticfestival.org
207.246.124.113 transctl.vx2.cc
207.246.124.120 xads.offeroptimizer.com
207.246.124.130 mail.tps108.org
216.187.118.221 Hostpool.net
216.110.36.129 ipinsight.net
216.110.36.129 mypctuneup.com
Webhelper
209.66.114.0 - 209.66.115.255
81.211.105.0 - 81.211.105.255
The 81.211.105.20 area starts with a lot of porn sites.
Some don't access nothing but a great majority are at CWS type search sites.
209.66.114.0
[Server: whois.arin.net]
CustName: APS Telecom
Address: 1802 N carson street
City: Carson City
StateProv: NV
PostalCode: 89701
Country: US
RegDate: 2003-05-29
Updated: 2003-05-29
NetRange: 209.66.114.0 - 209.66.115.255
CIDR: 209.66.114.0/23
NetName: MFN-C231-209-66-114-0-23
NetHandle: NET-209-66-114-0-1
Parent: NET-209-66-64-0-1
NetType: Reassigned
81.211.105.20
[Server: whois.ripe.net]
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/d.../copyright.html
inetnum: 81.211.105.0 - 81.211.105.255
netname: SOVINTEL-ICSTM2
descr: ICS TM, JSC
descr: 70 Bolshoy pr. V.O.
descr: 199002 St.-Petersburg
country: RU
admin-c: PSA13-RIPE
tech-c: PSA13-RIPE
status: ASSIGNED PA
QUOTE
SPECIAL NOTE: Adaware from Lavasoft with signature reference file:(01R284 10.04.2004) as of 7PM EST tonight 10 April 2004. Detects and helps clean all of the following below: See Lavasoft Update
As of Friday 9 April 2004, there has been incidents where users have come to the Support Forums asking for help because their Windows Media Player stopped working. As is my way, it only took me one site and a couple of minutes and I too was able to get a silent install of the winpup (pup.exe) that in turn generated random files and created a thinstaller file that renames itself wmplayer.exe and is in the Program Files\Windows Media Player folder.
Each time users click on the Windows Media Player icon, the program does not start but the installer file accesses the Internet to do its dirty work: INSTALL THE TWAINTECH Transponder Variant with all its components. There is no EULA to read, No YES or CANCEL buttons on a Install box to click, and you will only know what is happening is if you have a firewall like Zone Alarms that asks permission for a file ( bdl84126.exe ) to access the Internet. This is when the Twaintech installation takes place.
This installation happened at CYBERTURF.COM and XCHAT.ORG and the code in their page that installs the winpup is from PASSTHISON.COM .
Code in the Cyberturf.com and Xchat.org webpages
hxxp://www.belgiandip.com/go.php?l=0021®=1
hxxp://209.50.252.95/si2//si2.exe
hxxp://209.50.252.95/si2//SI2.CHM\
hxxp://209.50.252.95/si2/si2.htm|
hxxp://209.50.252.95/si2/presi2.htm?from-si
hxxp://209.50.252.95/si1//si1.exe
hxxp://209.50.251.182/vu083003/a024/exploit.htm?si-001
The above are the files that are dropped into the users Temporary Internet Files folder.
Si1.exe
Si1.CHM
Si1.htm
Si2.exe
Si2.CHM
Si2.htm
From this the pup.exe and other files are dropped into the windows or winnt folder. A file is also registered in the Run of the registry.
The thinstaller file is generated and and copies itself as wmplayer.exe overwriting the real file. These files are both 247kb and are exactly the same.
Next the file bdl84126.exe is generated in the windows or winnt folder and immediatly accesses the Internet to install the Twaintech Transponder variant from abetterinternet.com server.
Date Time: 4/10/2004 7:13:35 PM
URL: hxxp://209.50.251.182/vu083003/a024/exploit.htm?si-001
Date Time: 4/10/2004 7:13:36 PM
URL: hxxtp://209.50.252.95/si1/si1.htm
Date Time: 4/10/2004 7:13:37 PM
hxxp://209.50.252.95/si1//SI1.CHM
Date Time: 4/10/2004 7:13:37 PM
URL: hxxp://209.50.252.95/si1//SI1.CHM
Date Time: 4/10/2004 7:13:38 PM
URL: hxxp://209.50.252.95/si1//si1.exe
Date Time: 4/10/2004 7:13:41 PM
URL: hxxp://209.50.252.95/si2/presi2.htm?from-si
Date Time: 4/10/2004 7:13:42 PM
URL: hxxp://209.50.252.95/si2/si2.htm
Date Time: 4/10/2004 7:13:42 PM
URL: hxxp://209.50.252.95/si2//SI2.CHM
Date Time: 4/10/2004 7:13:43 PM
URL: hxxp://209.50.252.95/si2//si2.exe
Date Time: 4/10/2004 7:31:10 PM
URL: hxxp://thinstall.abetterinternet.com/bi/servlet/ThinstallPre
Date Time: 4/10/2004 7:31:11 PM
URL: hxxp://download.abetterinternet.com/download/cabs/TWTDLL/twaintec.cab
The registry entry is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"presultg"="C:\\WINDOWS\\System32\\presultg.exe"
Both the 209.50.252.95 and the 209.50.251.182 IP addresses resolve to Passthison.com
209.50.252.95
traceroute to 209.50.252.95 (209.50.252.95
15 sm2.passthison.com (209.50.252.95) 96.674 ms
209.50.251.182
traceroute to 209.50.251.182 (209.50.251.182
15 sm1.passthison.com (209.50.251.182) 96.674 ms
The following is all sites listed in the web pages code or is owned or affiliated with passthison.com
Domains
Undergroundlair.net
BruggeNet
DATAPIPE.NET
belgiandip.com
POPUPTRAFFIC.com
STANDARDINTERNET.com
CYBERTURF.COM
freehomepages.com
DCOMM.COM
inet-traffic.com
THEMANSEARCH.COM
SMARTBOTPRO.NET
PASSTHISON.COM
DNS Server Addresses:
NS1.DATAPIPE.NET 64.27.65.13
NS2.DATAPIPE.NET 64.27.64.76
NS3.DATAPIPE.NET 66.70.119.39
NS4.DATAPIPE.NET 66.70.119.40
NS1.NATIONAL-NET.COM 66.115.130.4
NS2.NATIONAL-NET.COM 66.115.136.4
NS1.DCOMM.COM 66.250.172.10
NS2.DCOMM.COM 66.250.172.20
NS1.247-1.NET
NS2.247-1.NET
NS1.SMARTBOTPRO.NET 205.236.189.50
NS2.SMARTBOTPRO.NET 198.31.211.34
As of Friday 9 April 2004, there has been incidents where users have come to the Support Forums asking for help because their Windows Media Player stopped working. As is my way, it only took me one site and a couple of minutes and I too was able to get a silent install of the winpup (pup.exe) that in turn generated random files and created a thinstaller file that renames itself wmplayer.exe and is in the Program Files\Windows Media Player folder.
Each time users click on the Windows Media Player icon, the program does not start but the installer file accesses the Internet to do its dirty work: INSTALL THE TWAINTECH Transponder Variant with all its components. There is no EULA to read, No YES or CANCEL buttons on a Install box to click, and you will only know what is happening is if you have a firewall like Zone Alarms that asks permission for a file ( bdl84126.exe ) to access the Internet. This is when the Twaintech installation takes place.
This installation happened at CYBERTURF.COM and XCHAT.ORG and the code in their page that installs the winpup is from PASSTHISON.COM .
Code in the Cyberturf.com and Xchat.org webpages
hxxp://www.belgiandip.com/go.php?l=0021®=1
hxxp://209.50.252.95/si2//si2.exe
hxxp://209.50.252.95/si2//SI2.CHM\
hxxp://209.50.252.95/si2/si2.htm|
hxxp://209.50.252.95/si2/presi2.htm?from-si
hxxp://209.50.252.95/si1//si1.exe
hxxp://209.50.251.182/vu083003/a024/exploit.htm?si-001
The above are the files that are dropped into the users Temporary Internet Files folder.
Si1.exe
Si1.CHM
Si1.htm
Si2.exe
Si2.CHM
Si2.htm
From this the pup.exe and other files are dropped into the windows or winnt folder. A file is also registered in the Run of the registry.
The thinstaller file is generated and and copies itself as wmplayer.exe overwriting the real file. These files are both 247kb and are exactly the same.
Next the file bdl84126.exe is generated in the windows or winnt folder and immediatly accesses the Internet to install the Twaintech Transponder variant from abetterinternet.com server.
Date Time: 4/10/2004 7:13:35 PM
URL: hxxp://209.50.251.182/vu083003/a024/exploit.htm?si-001
Date Time: 4/10/2004 7:13:36 PM
URL: hxxtp://209.50.252.95/si1/si1.htm
Date Time: 4/10/2004 7:13:37 PM
hxxp://209.50.252.95/si1//SI1.CHM
Date Time: 4/10/2004 7:13:37 PM
URL: hxxp://209.50.252.95/si1//SI1.CHM
Date Time: 4/10/2004 7:13:38 PM
URL: hxxp://209.50.252.95/si1//si1.exe
Date Time: 4/10/2004 7:13:41 PM
URL: hxxp://209.50.252.95/si2/presi2.htm?from-si
Date Time: 4/10/2004 7:13:42 PM
URL: hxxp://209.50.252.95/si2/si2.htm
Date Time: 4/10/2004 7:13:42 PM
URL: hxxp://209.50.252.95/si2//SI2.CHM
Date Time: 4/10/2004 7:13:43 PM
URL: hxxp://209.50.252.95/si2//si2.exe
Date Time: 4/10/2004 7:31:10 PM
URL: hxxp://thinstall.abetterinternet.com/bi/servlet/ThinstallPre
Date Time: 4/10/2004 7:31:11 PM
URL: hxxp://download.abetterinternet.com/download/cabs/TWTDLL/twaintec.cab
The registry entry is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"presultg"="C:\\WINDOWS\\System32\\presultg.exe"
Both the 209.50.252.95 and the 209.50.251.182 IP addresses resolve to Passthison.com
209.50.252.95
traceroute to 209.50.252.95 (209.50.252.95
15 sm2.passthison.com (209.50.252.95) 96.674 ms
209.50.251.182
traceroute to 209.50.251.182 (209.50.251.182
15 sm1.passthison.com (209.50.251.182) 96.674 ms
The following is all sites listed in the web pages code or is owned or affiliated with passthison.com
Domains
Undergroundlair.net
BruggeNet
DATAPIPE.NET
belgiandip.com
POPUPTRAFFIC.com
STANDARDINTERNET.com
CYBERTURF.COM
freehomepages.com
DCOMM.COM
inet-traffic.com
THEMANSEARCH.COM
SMARTBOTPRO.NET
PASSTHISON.COM
DNS Server Addresses:
NS1.DATAPIPE.NET 64.27.65.13
NS2.DATAPIPE.NET 64.27.64.76
NS3.DATAPIPE.NET 66.70.119.39
NS4.DATAPIPE.NET 66.70.119.40
NS1.NATIONAL-NET.COM 66.115.130.4
NS2.NATIONAL-NET.COM 66.115.136.4
NS1.DCOMM.COM 66.250.172.10
NS2.DCOMM.COM 66.250.172.20
NS1.247-1.NET
NS2.247-1.NET
NS1.SMARTBOTPRO.NET 205.236.189.50
NS2.SMARTBOTPRO.NET 198.31.211.34
i dont see those in any list yet
hey this is twaintec spyware : 
adware-possible innocents:63.99.224.0-63.99.224.255
http://webhelper.netfirms.com/transponders.../twaintech.html
added these and also those from your awesome post DDD, if any single ranges are already covered by full ranges we can sort them out later .. as long as this crap is blocked..
Ready Hosting UU-63-99-224-D4[twaintec spyware terrorist hosts]:63.99.224.0-63.99.224.255
Peer 1 Network Inc. PEER1-BLK-08[EVIL-SPYWARE]:69.90.0.0-69.90.191.255
APS Telecom[SPYWARE]:209.66.114.0-209.66.115.255
SOVINTEL-ICSTM2[CWS-TROJANS]:81.211.105.0-81.211.105.255
QXNET[SPYWARE]:64.191.128.0-64.191.159.255
AdTools Inc[ATBP]:199.232.158.58-199.232.158.58
Atoque[ATBP]:64.106.230.30-64.106.230.30
Autosearch[ATBP]:66.70.44.60-66.70.44.60
Autosearch[ATBP]:209.50.251.242-209.50.251.242
Backweb Lite[ATBP]:129.253.170.220-129.253.170.220
Best Search[ATBP]:38.113.198.132-38.113.198.132
BrilliantDigital[ATBP]:209.178.57.143-209.178.57.143
BrilliantDigital[ATBP]:217.116.227.250-217.116.227.250
BrilliantDigital[ATBP]:63.196.54.245-63.196.54.245
BrilliantDigital[ATBP]:66.28.223.168-66.28.223.168
BrowserToolBar[ATBP]:139.142.246.76-139.142.246.76
BrowserToolBar[ATBP]:64.141.2.76-64.141.2.76
Clearsearch[ATBP]:66.161.28.166-66.161.28.166
Coolwebsearch[TROJAN]:64.124.210.41-64.124.210.41
CWS.Alfa-search[TROJAN]:216.200.3.32-216.200.3.32
CWS.Tooncomics[TROJAN]:66.40.16.131-66.40.16.131
CWS.Tapicfg[TROJAN]:38.117.144.27-38.117.144.27
CWS.Verisign[TROJAN]:213.159.117.233-213.159.117.233
CWS.Vrape[TROJAN]:65.77.83.222-65.77.83.222
CWS.Lookfor[TROJAN]:66.250.57.226-66.250.57.226
CWS.Lookfor[TROJAN]:81.211.105.26-81.211.105.26
CWS.FreshVideoGals[TROJAN]:69.31.86.13169.31.86.131
CWS.GrabItFast[TROJAN]:64.124.210.131-64.124.210.131
CWS.Loadbat/CWS.MSConfd/IE-Search[TROJAN]:206.161.127.66-206.161.127.66
DivX Networks[ATBP]:66.77.127.64-66.77.127.127
DSSAgent(Broderbund/Mattel):63.71.110.0-63.71.110.0
DSSAgent(Broderbund/Mattel):199.171.54.0-199.171.54.0
EBates/TopMoxie[ATBP]:209.10.225.93-209.10.225.93
EBates/TopMoxie[ATBP]:63.219.179.134-63.219.179.134
EBates/TopMoxie[ATBP]:63.236.57.90-63.236.57.90
eAcceleration[ATBP]:216.231.104.29-216.231.104.29
EGROUP[ATBP]:62.39.85.0-62.39.85.255
eGroup[ATBP]:66.40.9.153-66.40.9.153
eMachines[ATBP]:164.109.144.179-164.109.144.179
eMachines[ATBP]:164.109.144.181-164.109.144.181
Expedioware[ATBP]:207.174.207.177-207.174.207.177
Ezula[ATBP]:64.225.154.175-64.225.154.175
Fastsearch[ATBP]:217.144.235.224-217.144.235.224
FavoriteMan[ATBP]:64.201.101.4-64.201.101.4
FavoriteMan[ATBP]:64.5.48.121-64.5.48.121
FavoriteMan[ATBP]:64.201.100.229-64.201.100.229
FavoriteMan/SpyAssault[ATBP]:66.117.28.130-66.117.28.130
FlashTrack[ATBP]:64.90.160.154-64.90.160.154
Freescratchandwin.com[ATBP]:205.252.89.14-205.252.89.14
Friendgreetings.com worm[W32.Friendgreet.worm]:216.65.63.139-216.65.63.139
Friendgreetings.com worm[W32.Friendgreet.worm]:207.21.232.104-207.21.232.104
Huntbar[ATBP]:209.61.228.23-209.61.228.23
Huntbar[ATBP]:209.61.228.36-209.61.228.36
Huntbar[ATBP]:146.82.109.220-146.82.109.220
IDGsearch[ATBP]:69.56.223.196-69.56.223.196
Internet Optimizer[SPYWARE]:63.245.50.35-63.245.50.35
Internet Washer[ATBP]:64.156.188.61-64.156.188.61
IPInsight[ATBP]:216.110.36.129-216.110.36.129
ISTBar[ATBP]:64.40.36.12-64.40.36.12
JetSeeker[CWS.Bootconf variant]:69.56.130.21-69.56.130.21
related.msn.com[ATBP]:207.68.176.189-207.68.176.189
LinkReplacer[ATBP]:64.237.61.3-64.237.61.3
Look2Me[ATBP]:69.20.20.161-69.20.20.161
Media-Update[ATBP]:64.40.32.201-64.40.32.201
Mojo[ATBP]:66.70.68.147-66.70.68.147
MyPageFinder[ATBP]:66.40.21.68-66.40.21.68
Navexcel[ATBP]:128.121.212.181-128.121.212.181
Naviscope[ATBP]:212.100.224.102-212.100.224.102
Naviscope[ATBP]:216.157.91.36-216.157.91.36
Netpal/FavoriteMan[ATBP]:207.182.237.210-207.182.237.210
Netpal/FavoriteMan[ATBP]:207.182.241.228-207.182.241.228
Netpal/FavoriteMan[ATBP]:64.201.101.4-64.201.101.4
Netdialers/ComLoad[ATBP]:62.39.85.25-62.39.85.25
Netropa/[Hewlett-Packard site]:192.151.53.114-192.151.53.114
Netropa[ATBP]:12.99.231.36-12.99.231.36
Netropa[ATBP]:12.98.204.163-12.98.204.163
Netropa[ATBP]:209.164.21.84-209.164.21.84
NowBox[ATBP]:65.242.156.90-65.242.156.90
1110100011o1window.info/Bulla[ATBP]:208.186.78.81-208.186.78.81
Online-dialer.com:63.219.181.10-63.219.181.10
Onflow:147.208.175.70-147.208.175.70
PassThisOn[ATBP]:205.236.189.50-205.236.189.50
PerMedia[ATBP]:200.75.201.35-200.75.201.35
PerMedia[ATBP]:200.75.201.36-200.75.201.36
Phoenix[DNS server]:68.166.185.186-68.166.185.186
PornDirect/variouS[ATBP]:64.94.110.11-64.94.110.11
PowerStrip[ATBP]:209.139.209.232-209.139.209.232
Pugi[ATBP]:217.157.14.29-217.157.14.29
Pugi/Masterbar[ATBP]:208.62.163.145-208.62.163.145
QHosts-1[ATBP]:207.44.194.56-207.44.194.56
Qhosts-1[ATBP]:69.57.146.14-69.57.146.14
Qhosts-1[ATBP]:69.57.147.175-69.57.147.175
RedSwoosh[ATBP]:64.41.169.141-64.41.169.141
Rfwnad[ATBP]:66.98.178.19-66.98.178.19
SCbar[ATBP]:65.115.110.251-65.115.110.251
Search-Explorer[ATBP]:216.130.177.139-216.130.177.139
SearchCentral[ATBP]:81.211.105.43-81.211.105.43
Searchsprint[ATBP]:207.44.196.98-207.44.196.98
SearchV/Truerecords[ATBP]:217.106.229.248-217.106.229.248
SearchWWW[ATBP]:216.194.70.15-216.194.70.15
ShopatHomeSelect[ATBP]:199.221.131.110199.221.131.110
ShopNAV[ATBP]:66.197.138.235-66.197.138.235
Side-Search[ATBP]:216.52.184.237-216.52.184.237
Side-Search[ATBP]:63.251.83.57-63.251.83.57
SiteFinder[ATBP]:12.158.80.10-12.158.80.10
SmartBrowser[ATBP]:198.64.129.88-198.64.129.88
SmartBrowser[ATBP]:198.64.149.78-198.64.149.78
Smartsearch.ws[CWS.TROJAN]:81.211.105.26-81.211.105.26
Speedbit[ATBP]:128.242.199.42-128.242.199.42
Speedbit[ATBP]:128.242.204.122-128.242.204.122
Speedbit[ATBP]:128.242.213.138-128.242.213.138
Strip-Player[ATBP]:66.40.9.230-66.40.9.230
SupaSeek[ATBP]:64.158.222.3-64.158.222.3
SuperBari/Gigatech[ATBP]:66.250.32.148-66.250.32.148
SurferBar[ATBP]:63.246.130.201-63.246.130.201
SystemSoap[ATBP]:64.156.188.102-64.156.188.102
SystemSoap[ATBP]:12.129.72.201-12.129.72.201
Tibssystems.com[ATBP]:64.49.255.31-64.49.255.31
Tibssystems.com[ATBP]:217.145.64.150-217.145.64.150
Tibssystems.com[ATBP]:66.216.127.40-66.216.127.40
Tinybar:63.215.149.58-63.215.149.58
ToolbarCC[ATBP]:66.111.63.148-66.111.63.148
TopSites[ATBP]:69.28.195.198-69.28.195.198
Transponder[SPYWARE]:208.229.231.83-208.229.231.83
Transponder[SPYWARE]:63.99.224.57-63.99.224.57
TwistedHumor.com[ATBP]:207.44.180.96-207.44.180.96
UMaxSearch[ATBP]:194.245.101.90-194.245.101.90
VFlash[ATBP]:64.28.34.138-64.28.34.138
VirtualBouncer[ATBP]:209.51.152.62-209.51.152.62
VirtualBouncer[ATBP]:64.49.219.20-64.49.219.20
Whazit[ATBP]:66.111.59.70-66.111.59.70
WhenU/SaveNow[ATBP]:63.251.83.40-63.251.83.40
WhenU/SaveNow[ATBP]:64.106.167.23-64.106.167.23
WhenU/SaveNow[ATBP]:64.106.167.122-64.106.167.122
WhenU/SaveNow[ATBP]:64.106.167.223-64.106.167.223
WildTangent[ATBP]:64.124.186.224-64.124.186.255
Winamp[ATBP]:205.188.246.218-205.188.246.218
Winshow[ATBP]:209.66.114.129-209.66.114.129
Winupie[ATBP]:66.98.154.2-66.98.154.2
Wurldmedia[ATBP]:66.109.33.0-66.109.33.7
Wurldmedia[ATBP]:65.216.116.114-65.216.116.114
ZeroPopUp[ATBP]:209.249.147.70-209.249.147.70
adware-possible innocents:63.99.224.0-63.99.224.255
http://webhelper.netfirms.com/transponders.../twaintech.html
added these and also those from your awesome post DDD, if any single ranges are already covered by full ranges we can sort them out later .. as long as this crap is blocked..
Ready Hosting UU-63-99-224-D4[twaintec spyware terrorist hosts]:63.99.224.0-63.99.224.255
Peer 1 Network Inc. PEER1-BLK-08[EVIL-SPYWARE]:69.90.0.0-69.90.191.255
APS Telecom[SPYWARE]:209.66.114.0-209.66.115.255
SOVINTEL-ICSTM2[CWS-TROJANS]:81.211.105.0-81.211.105.255
QXNET[SPYWARE]:64.191.128.0-64.191.159.255
AdTools Inc[ATBP]:199.232.158.58-199.232.158.58
Atoque[ATBP]:64.106.230.30-64.106.230.30
Autosearch[ATBP]:66.70.44.60-66.70.44.60
Autosearch[ATBP]:209.50.251.242-209.50.251.242
Backweb Lite[ATBP]:129.253.170.220-129.253.170.220
Best Search[ATBP]:38.113.198.132-38.113.198.132
BrilliantDigital[ATBP]:209.178.57.143-209.178.57.143
BrilliantDigital[ATBP]:217.116.227.250-217.116.227.250
BrilliantDigital[ATBP]:63.196.54.245-63.196.54.245
BrilliantDigital[ATBP]:66.28.223.168-66.28.223.168
BrowserToolBar[ATBP]:139.142.246.76-139.142.246.76
BrowserToolBar[ATBP]:64.141.2.76-64.141.2.76
Clearsearch[ATBP]:66.161.28.166-66.161.28.166
Coolwebsearch[TROJAN]:64.124.210.41-64.124.210.41
CWS.Alfa-search[TROJAN]:216.200.3.32-216.200.3.32
CWS.Tooncomics[TROJAN]:66.40.16.131-66.40.16.131
CWS.Tapicfg[TROJAN]:38.117.144.27-38.117.144.27
CWS.Verisign[TROJAN]:213.159.117.233-213.159.117.233
CWS.Vrape[TROJAN]:65.77.83.222-65.77.83.222
CWS.Lookfor[TROJAN]:66.250.57.226-66.250.57.226
CWS.Lookfor[TROJAN]:81.211.105.26-81.211.105.26
CWS.FreshVideoGals[TROJAN]:69.31.86.13169.31.86.131
CWS.GrabItFast[TROJAN]:64.124.210.131-64.124.210.131
CWS.Loadbat/CWS.MSConfd/IE-Search[TROJAN]:206.161.127.66-206.161.127.66
DivX Networks[ATBP]:66.77.127.64-66.77.127.127
DSSAgent(Broderbund/Mattel):63.71.110.0-63.71.110.0
DSSAgent(Broderbund/Mattel):199.171.54.0-199.171.54.0
EBates/TopMoxie[ATBP]:209.10.225.93-209.10.225.93
EBates/TopMoxie[ATBP]:63.219.179.134-63.219.179.134
EBates/TopMoxie[ATBP]:63.236.57.90-63.236.57.90
eAcceleration[ATBP]:216.231.104.29-216.231.104.29
EGROUP[ATBP]:62.39.85.0-62.39.85.255
eGroup[ATBP]:66.40.9.153-66.40.9.153
eMachines[ATBP]:164.109.144.179-164.109.144.179
eMachines[ATBP]:164.109.144.181-164.109.144.181
Expedioware[ATBP]:207.174.207.177-207.174.207.177
Ezula[ATBP]:64.225.154.175-64.225.154.175
Fastsearch[ATBP]:217.144.235.224-217.144.235.224
FavoriteMan[ATBP]:64.201.101.4-64.201.101.4
FavoriteMan[ATBP]:64.5.48.121-64.5.48.121
FavoriteMan[ATBP]:64.201.100.229-64.201.100.229
FavoriteMan/SpyAssault[ATBP]:66.117.28.130-66.117.28.130
FlashTrack[ATBP]:64.90.160.154-64.90.160.154
Freescratchandwin.com[ATBP]:205.252.89.14-205.252.89.14
Friendgreetings.com worm[W32.Friendgreet.worm]:216.65.63.139-216.65.63.139
Friendgreetings.com worm[W32.Friendgreet.worm]:207.21.232.104-207.21.232.104
Huntbar[ATBP]:209.61.228.23-209.61.228.23
Huntbar[ATBP]:209.61.228.36-209.61.228.36
Huntbar[ATBP]:146.82.109.220-146.82.109.220
IDGsearch[ATBP]:69.56.223.196-69.56.223.196
Internet Optimizer[SPYWARE]:63.245.50.35-63.245.50.35
Internet Washer[ATBP]:64.156.188.61-64.156.188.61
IPInsight[ATBP]:216.110.36.129-216.110.36.129
ISTBar[ATBP]:64.40.36.12-64.40.36.12
JetSeeker[CWS.Bootconf variant]:69.56.130.21-69.56.130.21
related.msn.com[ATBP]:207.68.176.189-207.68.176.189
LinkReplacer[ATBP]:64.237.61.3-64.237.61.3
Look2Me[ATBP]:69.20.20.161-69.20.20.161
Media-Update[ATBP]:64.40.32.201-64.40.32.201
Mojo[ATBP]:66.70.68.147-66.70.68.147
MyPageFinder[ATBP]:66.40.21.68-66.40.21.68
Navexcel[ATBP]:128.121.212.181-128.121.212.181
Naviscope[ATBP]:212.100.224.102-212.100.224.102
Naviscope[ATBP]:216.157.91.36-216.157.91.36
Netpal/FavoriteMan[ATBP]:207.182.237.210-207.182.237.210
Netpal/FavoriteMan[ATBP]:207.182.241.228-207.182.241.228
Netpal/FavoriteMan[ATBP]:64.201.101.4-64.201.101.4
Netdialers/ComLoad[ATBP]:62.39.85.25-62.39.85.25
Netropa/[Hewlett-Packard site]:192.151.53.114-192.151.53.114
Netropa[ATBP]:12.99.231.36-12.99.231.36
Netropa[ATBP]:12.98.204.163-12.98.204.163
Netropa[ATBP]:209.164.21.84-209.164.21.84
NowBox[ATBP]:65.242.156.90-65.242.156.90
1110100011o1window.info/Bulla[ATBP]:208.186.78.81-208.186.78.81
Online-dialer.com:63.219.181.10-63.219.181.10
Onflow:147.208.175.70-147.208.175.70
PassThisOn[ATBP]:205.236.189.50-205.236.189.50
PerMedia[ATBP]:200.75.201.35-200.75.201.35
PerMedia[ATBP]:200.75.201.36-200.75.201.36
Phoenix[DNS server]:68.166.185.186-68.166.185.186
PornDirect/variouS[ATBP]:64.94.110.11-64.94.110.11
PowerStrip[ATBP]:209.139.209.232-209.139.209.232
Pugi[ATBP]:217.157.14.29-217.157.14.29
Pugi/Masterbar[ATBP]:208.62.163.145-208.62.163.145
QHosts-1[ATBP]:207.44.194.56-207.44.194.56
Qhosts-1[ATBP]:69.57.146.14-69.57.146.14
Qhosts-1[ATBP]:69.57.147.175-69.57.147.175
RedSwoosh[ATBP]:64.41.169.141-64.41.169.141
Rfwnad[ATBP]:66.98.178.19-66.98.178.19
SCbar[ATBP]:65.115.110.251-65.115.110.251
Search-Explorer[ATBP]:216.130.177.139-216.130.177.139
SearchCentral[ATBP]:81.211.105.43-81.211.105.43
Searchsprint[ATBP]:207.44.196.98-207.44.196.98
SearchV/Truerecords[ATBP]:217.106.229.248-217.106.229.248
SearchWWW[ATBP]:216.194.70.15-216.194.70.15
ShopatHomeSelect[ATBP]:199.221.131.110199.221.131.110
ShopNAV[ATBP]:66.197.138.235-66.197.138.235
Side-Search[ATBP]:216.52.184.237-216.52.184.237
Side-Search[ATBP]:63.251.83.57-63.251.83.57
SiteFinder[ATBP]:12.158.80.10-12.158.80.10
SmartBrowser[ATBP]:198.64.129.88-198.64.129.88
SmartBrowser[ATBP]:198.64.149.78-198.64.149.78
Smartsearch.ws[CWS.TROJAN]:81.211.105.26-81.211.105.26
Speedbit[ATBP]:128.242.199.42-128.242.199.42
Speedbit[ATBP]:128.242.204.122-128.242.204.122
Speedbit[ATBP]:128.242.213.138-128.242.213.138
Strip-Player[ATBP]:66.40.9.230-66.40.9.230
SupaSeek[ATBP]:64.158.222.3-64.158.222.3
SuperBari/Gigatech[ATBP]:66.250.32.148-66.250.32.148
SurferBar[ATBP]:63.246.130.201-63.246.130.201
SystemSoap[ATBP]:64.156.188.102-64.156.188.102
SystemSoap[ATBP]:12.129.72.201-12.129.72.201
Tibssystems.com[ATBP]:64.49.255.31-64.49.255.31
Tibssystems.com[ATBP]:217.145.64.150-217.145.64.150
Tibssystems.com[ATBP]:66.216.127.40-66.216.127.40
Tinybar:63.215.149.58-63.215.149.58
ToolbarCC[ATBP]:66.111.63.148-66.111.63.148
TopSites[ATBP]:69.28.195.198-69.28.195.198
Transponder[SPYWARE]:208.229.231.83-208.229.231.83
Transponder[SPYWARE]:63.99.224.57-63.99.224.57
TwistedHumor.com[ATBP]:207.44.180.96-207.44.180.96
UMaxSearch[ATBP]:194.245.101.90-194.245.101.90
VFlash[ATBP]:64.28.34.138-64.28.34.138
VirtualBouncer[ATBP]:209.51.152.62-209.51.152.62
VirtualBouncer[ATBP]:64.49.219.20-64.49.219.20
Whazit[ATBP]:66.111.59.70-66.111.59.70
WhenU/SaveNow[ATBP]:63.251.83.40-63.251.83.40
WhenU/SaveNow[ATBP]:64.106.167.23-64.106.167.23
WhenU/SaveNow[ATBP]:64.106.167.122-64.106.167.122
WhenU/SaveNow[ATBP]:64.106.167.223-64.106.167.223
WildTangent[ATBP]:64.124.186.224-64.124.186.255
Winamp[ATBP]:205.188.246.218-205.188.246.218
Winshow[ATBP]:209.66.114.129-209.66.114.129
Winupie[ATBP]:66.98.154.2-66.98.154.2
Wurldmedia[ATBP]:66.109.33.0-66.109.33.7
Wurldmedia[ATBP]:65.216.116.114-65.216.116.114
ZeroPopUp[ATBP]:209.249.147.70-209.249.147.70
the ones i added should be in there- i use the blm the to clean the lists so they wouldn't have been at the very end
when in doubt i search for one from the posts here to make sure it's in the ftp list
there's still a lot more to do from that cexx list etc- boring shiatt
when in doubt i search for one from the posts here to make sure it's in the ftp list
there's still a lot more to do from that cexx list etc- boring shiatt
hmmm thats weird , i looked waited and then still didnt see them , so i added what i had from sponges list , i hope i didnt wreck anything that you added then by overwriting the list .... but ther in there now so its all good , lol and boring as all hell.. great work though.. yeah still tons to go , ive been keeping an eye on various anti spyware forums to see whats the latest bunch of crap thats been geting people and looking for those ranges to add as well.
great work though.. yeah still tons to go , ive been keeping an eye on various anti spyware forums to see whats the latest bunch of crap thats been geting people and looking for those ranges to add as well.
i really hope the ones i added went in when i did them coz no ftp problems - i guess i should doublecheck each time
did you search for one of the ranges or just look at the bottom of the file?
did you search for one of the ranges or just look at the bottom of the file?
file search by name and ip , couldnt see thenm so i added them lol, hope they are all there now ..
i tried refreshing and also waiting a couple of hours before i added them though to see if the ones you posted showed up , plus i used the BLM to double check as well as the FTP .. .. it should be all good .. strange though..
i tried refreshing and also waiting a couple of hours before i added them though to see if the ones you posted showed up , plus i used the BLM to double check as well as the FTP .. .. it should be all good ..
strange though..
added
EXPERIAN EXPERIAN-62 (NET-12-37-62-0-1:12.37.62.0-12.37.62.255
EXPERIAN EXPERIAN-105-80 (NET-12-39-105-80-1:12.39.105.80-12.39.105.95
NetIQ UU-63-88-212 (NET-63-88-212-0-1:63.88.212.0-63.88.213.255
C2 Media QWST-63-145-92-0 (NET-63-145-92-0-1:63.145.92.0-63.145.92.127
C2 Media QWST-63-146-90-128 (NET-63-146-90-128-1:63.146.90.128-63.146.90.255
Netiq Corp SBCIS18843 (NET-63-192-45-64-1:63.192.45.64-63.192.45.95
Experian Reports Inc (NET-63-206-51-248-1:63.206.51.248-63.206.51.255
Commission Junction QWEST-BUC-COMJUNC1 (NET-63-236-0-48-1:63.236.0.48-63.236.0.55
Commission Junction QWEST-BUC-COMJUNC2 (NET-63-236-5-128-1:63.236.5.128-63.236.5.159
NetIQ Corporation QWEST-IAD-NETIQ (NET-63-236-111-32-1:63.236.111.32-63.236.111.63
C2 Media Inc QWEST-63-236-173-0 (NET-63-236-173-0-1:63.236.173.0-63.236.173.7
C2 Media-Falls Church QWEST-63-237-84-64 (NET-63-237-84-64-1:63.237.84.64-63.237.84.127
C2 Media Inc QQWST-63-237-152-0 (NET-63-237-152-0-1:63.237.152.0-63.237.153.255
C2 Media - Houston QWEST-63-239-124-16 (NET-63-239-124-16-1:63.239.124.16-63.239.124.31
C2 Media QWEST-63-238-126-64 (NET-63-239-126-64-1:63.239.126.64-63.239.126.191
Experian USW-EXPERIAN (NET-65-103-42-224-1:65.103.42.224-65.103.42.231
ADWARE SYSTEMS INC FON-110147328079759 (NET-65-167-38-0-1:65.167.38.0-65.167.38.127
NetIQ UU-65-200-104 (NET-65-200-104-0-1:65.200.104.0-65.200.104.255
NetIQ UU-65-201-90 (NET-65-201-90-0-1:65.201.90.0-65.201.90.255
VALUECLICK INC UU-65-211-61-136 (NET-65-211-61-136-1:65.211.61.136-65.211.61.143
NetIQ UU-65-219-170 (NET-65-219-170-0-1:65.219.170.0-65.219.170.255
NetIQ UU-65-222-200 (NET-65-222-200-0-1:65.222.200.0-65.222.200.255
heetahMail CBCN-CHEE-66-165-100-0 (NET-66-165-100-0-1:66.165.100.0-66.165.100.255
CheetahMail CBCN-CHEE-66-165-105-0 (NET-66-165-105-0-1:66.165.105.0-66.165.105.255
Mojo Advertising HSTR-MOJO-1 (NET-66-187-131-0-1:66.187.131.0-66.187.131.255
C2 Media Ltd HURRICANE-CE1076-331 (NET-66-220-17-0-1:66.220.17.0-66.220.17.255
Experian SBC067065088104030204 (NET-67-65-88-104-1:67.65.88.104-67.65.88.111
Experian SBCIS-1011129-135943 (NET-67-112-62-208-1:67.112.62.208-67.112.62.215
EXPERIAN2527585 SBCIS-1011129-135651 (NET-67-113-92-72-1:67.113.92.72-67.113.92.79
EXPERIAN:67.113.95.0-67.113.95.7
hijack related:69.28.208.77-69.28.208.77
ad tracking tickle.com crap:129.250.0.0-129.250.255.255
Experian Information Solutions:167.107.0.0-167.107.255.255
Experian Bureau EXPERIAN-01 (NET-196-15-244-128-1:196.15.244.128-196.15.244.191
Experian Information Solutions:206.18.229.0-206.18.229.63
C2 Media.com C2MC-CA (NET-206-172-40-0-1:206.172.40.0-206.172.40.31
C2 Media-Washington DC QWEST-208-45-66-64 (NET-208-45-66-64-1:208.45.66.64-208.45.66.127
NetIQ UU-208-223-102 (NET-208-223-102-0-1:208.223.102.0-208.223.102.255
Experian UU-208-231-162 (NET-208-231-162-0-1:208.231.162.0-208.231.162.255
VALUECLICK INC UU-208-255-181-16 (NET-208-255-181-16-1:208.255.181.16-208.255.181.23
large range ad tracking dynamic logic etc:209.67.0.0-209.67.255.255
MediaPlex NXT-MEDIAPLEX (NET-209-81-59-208-1:209.81.59.208-209.81.59.215
ValueClick Corporation:209.85.132.64-209.85.132.95
ValueClick Corporation:209.85.157.0-209.85.157.255
Mojo Advertising IDCI-MOJOADV (NET-209-146-37-0-1:209.146.37.0-209.146.37.255
big block admt.com owner:216.117.128.0-216.117.191.255
C2 Media Productions Group:216.120.143.136-216.120.143.143
Netiquity RESO-216-204-11-192A (NET-216-204-11-192-1:216.204.11.192-216.204.11.255
ValueClick VALUE-216-246-25 (NET-216-246-25-0-1:216.246.25.0-216.246.25.255
ValueClick VALU-216-246-96 (NET-216-246-96-0-1:216.246.96.0-216.246.96.255
EXPERIAN EXPERIAN-62 (NET-12-37-62-0-1:12.37.62.0-12.37.62.255
EXPERIAN EXPERIAN-105-80 (NET-12-39-105-80-1:12.39.105.80-12.39.105.95
NetIQ UU-63-88-212 (NET-63-88-212-0-1:63.88.212.0-63.88.213.255
C2 Media QWST-63-145-92-0 (NET-63-145-92-0-1:63.145.92.0-63.145.92.127
C2 Media QWST-63-146-90-128 (NET-63-146-90-128-1:63.146.90.128-63.146.90.255
Netiq Corp SBCIS18843 (NET-63-192-45-64-1:63.192.45.64-63.192.45.95
Experian Reports Inc (NET-63-206-51-248-1:63.206.51.248-63.206.51.255
Commission Junction QWEST-BUC-COMJUNC1 (NET-63-236-0-48-1:63.236.0.48-63.236.0.55
Commission Junction QWEST-BUC-COMJUNC2 (NET-63-236-5-128-1:63.236.5.128-63.236.5.159
NetIQ Corporation QWEST-IAD-NETIQ (NET-63-236-111-32-1:63.236.111.32-63.236.111.63
C2 Media Inc QWEST-63-236-173-0 (NET-63-236-173-0-1:63.236.173.0-63.236.173.7
C2 Media-Falls Church QWEST-63-237-84-64 (NET-63-237-84-64-1:63.237.84.64-63.237.84.127
C2 Media Inc QQWST-63-237-152-0 (NET-63-237-152-0-1:63.237.152.0-63.237.153.255
C2 Media - Houston QWEST-63-239-124-16 (NET-63-239-124-16-1:63.239.124.16-63.239.124.31
C2 Media QWEST-63-238-126-64 (NET-63-239-126-64-1:63.239.126.64-63.239.126.191
Experian USW-EXPERIAN (NET-65-103-42-224-1:65.103.42.224-65.103.42.231
ADWARE SYSTEMS INC FON-110147328079759 (NET-65-167-38-0-1:65.167.38.0-65.167.38.127
NetIQ UU-65-200-104 (NET-65-200-104-0-1:65.200.104.0-65.200.104.255
NetIQ UU-65-201-90 (NET-65-201-90-0-1:65.201.90.0-65.201.90.255
VALUECLICK INC UU-65-211-61-136 (NET-65-211-61-136-1:65.211.61.136-65.211.61.143
NetIQ UU-65-219-170 (NET-65-219-170-0-1:65.219.170.0-65.219.170.255
NetIQ UU-65-222-200 (NET-65-222-200-0-1:65.222.200.0-65.222.200.255
heetahMail CBCN-CHEE-66-165-100-0 (NET-66-165-100-0-1:66.165.100.0-66.165.100.255
CheetahMail CBCN-CHEE-66-165-105-0 (NET-66-165-105-0-1:66.165.105.0-66.165.105.255
Mojo Advertising HSTR-MOJO-1 (NET-66-187-131-0-1:66.187.131.0-66.187.131.255
C2 Media Ltd HURRICANE-CE1076-331 (NET-66-220-17-0-1:66.220.17.0-66.220.17.255
Experian SBC067065088104030204 (NET-67-65-88-104-1:67.65.88.104-67.65.88.111
Experian SBCIS-1011129-135943 (NET-67-112-62-208-1:67.112.62.208-67.112.62.215
EXPERIAN2527585 SBCIS-1011129-135651 (NET-67-113-92-72-1:67.113.92.72-67.113.92.79
EXPERIAN:67.113.95.0-67.113.95.7
hijack related:69.28.208.77-69.28.208.77
ad tracking tickle.com crap:129.250.0.0-129.250.255.255
Experian Information Solutions:167.107.0.0-167.107.255.255
Experian Bureau EXPERIAN-01 (NET-196-15-244-128-1:196.15.244.128-196.15.244.191
Experian Information Solutions:206.18.229.0-206.18.229.63
C2 Media.com C2MC-CA (NET-206-172-40-0-1:206.172.40.0-206.172.40.31
C2 Media-Washington DC QWEST-208-45-66-64 (NET-208-45-66-64-1:208.45.66.64-208.45.66.127
NetIQ UU-208-223-102 (NET-208-223-102-0-1:208.223.102.0-208.223.102.255
Experian UU-208-231-162 (NET-208-231-162-0-1:208.231.162.0-208.231.162.255
VALUECLICK INC UU-208-255-181-16 (NET-208-255-181-16-1:208.255.181.16-208.255.181.23
large range ad tracking dynamic logic etc:209.67.0.0-209.67.255.255
MediaPlex NXT-MEDIAPLEX (NET-209-81-59-208-1:209.81.59.208-209.81.59.215
ValueClick Corporation:209.85.132.64-209.85.132.95
ValueClick Corporation:209.85.157.0-209.85.157.255
Mojo Advertising IDCI-MOJOADV (NET-209-146-37-0-1:209.146.37.0-209.146.37.255
big block admt.com owner:216.117.128.0-216.117.191.255
C2 Media Productions Group:216.120.143.136-216.120.143.143
Netiquity RESO-216-204-11-192A (NET-216-204-11-192-1:216.204.11.192-216.204.11.255
ValueClick VALUE-216-246-25 (NET-216-246-25-0-1:216.246.25.0-216.246.25.255
ValueClick VALU-216-246-96 (NET-216-246-96-0-1:216.246.96.0-216.246.96.255
!Guys!
Cool - This is some really wicked stuff you are doing! I wish I could help too, but have so much uni work 2 do t the mo. You're all doing an AMAZING job! I would donate via PayPal if I wasn't so stinking poor! Oh well, by next academic year, my website should be up n running, and I should have som emoney then, too, so.. will donate then!
Also, if you want me to host any software on my personal and uni webspace, I would be more than happy to!
Just drop me an email - I believe site ops should have access to my email address!
Anyway - I know I speak for everyone when I say "keep up the great work" and words can't describe my appreciation! lol
'Cedrick'
Cool - This is some really wicked stuff you are doing! I wish I could help too, but have so much uni work 2 do t the mo. You're all doing an AMAZING job! I would donate via PayPal if I wasn't so stinking poor! Oh well, by next academic year, my website should be up n running, and I should have som emoney then, too, so.. will donate then!
Also, if you want me to host any software on my personal and uni webspace, I would be more than happy to!
Just drop me an email - I believe site ops should have access to my email address!
Anyway - I know I speak for everyone when I say "keep up the great work" and words can't describe my appreciation! lol
'Cedrick'
thanks cedrick
oh and forgot to mention i've only been checking arin for these companies (all of them have had arin results except from the first few posts of this thread- they were too small to find ranges for)
so there's another opportunity for peeps to help- think about checking the the companies i've posted ranges for to check ripe, apnic, lacnic etc
and if you can't find a listed range for one of these companies then just ping their website, do a whois on the ip and if you get nothing there just post the single ip you find as
dumbass adware company:12.226.024.224-12.226.024.224
ddd
oh and forgot to mention i've only been checking arin for these companies (all of them have had arin results except from the first few posts of this thread- they were too small to find ranges for)
so there's another opportunity for peeps to help- think about checking the the companies i've posted ranges for to check ripe, apnic, lacnic etc
and if you can't find a listed range for one of these companies then just ping their website, do a whois on the ip and if you get nothing there just post the single ip you find as
dumbass adware company:12.226.024.224-12.226.024.224
ddd
sorted readded
MicroStrategy MICROSTRAT-44-21 (NET-4-43-44-32-1:4.43.44.32-4.43.44.63
MicroStrategy MICROSTRAT-44-16 (NET-4-43-44-128-1:4.43.44.128-4.43.44.143
EXPERIAN EXPERIAN-62 (NET-12-37-62-0-1:12.37.62.0-12.37.62.255
EXPERIAN EXPERIAN-105-80 (NET-12-39-105-80-1:12.39.105.80-12.39.105.95
Netropa[ATBP]:12.98.204.163-12.98.204.163
Netropa[ATBP]:12.99.231.36-12.99.231.36
SystemSoap[ATBP]:12.129.72.201-12.129.72.201
SiteFinder[ATBP]:12.158.80.10-12.158.80.10
Best Search[ATBP]:38.113.198.132-38.113.198.132
CWS.Tapicfg[TROJAN]:38.117.144.27-38.117.144.27
pest related:38.118.144.180-38.118.144.180
EGROUP[ATBP]:62.39.85.0-62.39.85.255
SpyGlass, Inc. UU-63-68-20 (NET-63-68-20-0-1:63.68.20.0-63.68.23.255
Bonzi Software UU-63-68-54 (NET-63-68-54-0-1:63.68.54.0-63.68.55.255
Conducent, Inc. UU-63-70-12 (NET-63-70-12-0-1):63.70.12.0-63.70.12.255
DSSAgent(Broderbund/Mattel):63.71.110.0-63.71.110.0
NetIQ UU-63-88-212 (NET-63-88-212-0-1:63.88.212.0-63.88.213.255
Microstrategy, Inc. UU-63-89-233-64 (NET-63-89-233-64-1:63.89.233.64-63.89.233.71
adware-possible innocents,Ready Hosting UU-63-99-224-D4[twaintec spyware terrorist hosts]:63.99.224.0-63.99.224.255
Claria Corporation UU-63-103-205-128 (NET-63-103-205-128-1):63.103.205.128-63.103.205.255
C2 Media QWST-63-145-92-0 (NET-63-145-92-0-1:63.145.92.0-63.145.92.127
C2 Media QWST-63-146-90-128 (NET-63-146-90-128-1:63.146.90.128-63.146.90.255
American List Counsel SPRINTLINK (NET-63-172-191-240-1:63.172.191.240-63.172.191.255
Netiq Corp SBCIS18843 (NET-63-192-45-64-1:63.192.45.64-63.192.45.95
Phoenix Technologies SBCIS30761 (NET-63-193-230-216-1:63.193.230.216-63.193.230.223
Velocity Networks, Inc. SBCIS35451 (NET-63-194-9-0-1:63.194.9.0-63.194.9.7
Bonzi Software SBC063194103112020711 (NET-63-194-103-112-1:63.194.103.112-63.194.103.119
Velocity Networks Inc. SBCIS38575 (NET-63-195-211-176-1:63.195.211.176-63.195.211.183
BrilliantDigital[ATBP]:63.196.54.245-63.196.54.245
Gator.com SBCIS991119010 (NET-63-197-87-0-1):63.197.87.0-63.197.87.255
Experian Reports Inc (NET-63-206-51-248-1:63.206.51.248-63.206.51.255
CREATIVE LABS SBCIS-100428-161749 (NET-63-206-114-152-1:63.206.114.152-63.206.114.159
Tinybar:63.215.149.58-63.215.149.58
EBates/TopMoxie[ATBP]:63.219.179.134-63.219.179.134
Online-dialer.com:63.219.181.10-63.219.181.10
Belcaro Group, Inc. USW-BELCARO (NET-63-224-68-104-1:63.224.68.104-63.224.68.111
SafeNet Corp USW-SAFENETCORP (NET-63-226-99-88-1:63.226.99.88-63.226.99.95
Flashpoint Design Group USW-FPDG (NET-63-231-237-120-1:63.231.237.120-63.231.237.127
Commission Junction QWEST-BUC-COMJUNC1 (NET-63-236-0-48-1:63.236.0.48-63.236.0.55
Commission Junction QWEST-BUC-COMJUNC2 (NET-63-236-5-128-1:63.236.5.128-63.236.5.159
EBates/TopMoxie[ATBP]:63.236.57.90-63.236.57.90
NetIQ Corporation QWEST-IAD-NETIQ (NET-63-236-111-32-1:63.236.111.32-63.236.111.63
C2 Media Inc QWEST-63-236-173-0 (NET-63-236-173-0-1:63.236.173.0-63.236.173.7
C2 Media-Falls Church QWEST-63-237-84-64 (NET-63-237-84-64-1:63.237.84.64-63.237.84.127
C2 Media Inc QQWST-63-237-152-0 (NET-63-237-152-0-1:63.237.152.0-63.237.153.255
C2 Media - Houston QWEST-63-239-124-16 (NET-63-239-124-16-1:63.239.124.16-63.239.124.31
C2 Media QWEST-63-238-126-64 (NET-63-239-126-64-1:63.239.126.64-63.239.126.191
Phoenix Technologies, Ltd. ATTENS-008745-002195 (NET-63-241-67-128-1:63.241.67.128-63.241.67.159
Internet Optimizer[SPYWARE]:63.245.50.35-63.245.50.35
SurferBar[ATBP]:63.246.130.201-63.246.130.201
WhenU/SaveNow[ATBP]:63.251.83.40-63.251.83.40
Side-Search[ATBP]:63.251.83.57-63.251.83.57
FavoriteMan[ATBP]:64.5.48.121-64.5.48.121
searchbar:64.21.81.201-64.21.81.201
VFlash[ATBP]:64.28.34.138-64.28.34.138
popup:64.35.113.133-64.35.113.133
Media-Update[ATBP]:64.40.32.201-64.40.32.201
ISTBar[ATBP]:64.40.36.12-64.40.36.12
RedSwoosh[ATBP]:64.41.169.141-64.41.169.141
spyware range:64.49.214.40-64.49.214.47
VirtualBouncer[ATBP]:64.49.219.20-64.49.219.20
Spectorsoft Corp. RSPC-6477-1034803939 (NET-64-49-244-48-1:64.49.244.48-64.49.244.55
Spectorsoft Corp. RSPC-6457-1034803940 (NET-64-49-244-56-1:64.49.244.56-64.49.244.63
Spectorsoft Corp. RSPC-6457-1034804457 (NET-64-49-245-184-1:64.49.245.184-64.49.245.191
Tibssystems.com[ATBP]:64.49.255.31-64.49.255.31
everad:64.51.213.208-64.51.213.223
Flashpoint Technology HTW-06819 (NET-64-55-105-97-1:64.55.105.97-64.55.105.126
FLASHPOINT HTW-05815 (NET-64-55-124-136-1:64.55.124.136-64.55.124.143
FLASHPOINT HTW-07016 (NET-64-55-147-80-1:64.55.147.80-64.55.147.95
Brilliant Digital Entertainment BRILLIANT-DIGITAL-ENTERTAINMENT (NET-64-60-8-160-1:64.60.8.160-64.60.8.191
New.net, Inc. PNAP-SJE-NEWNET-DC-01 (NET-64-74-134-0-1):64.74.134.0-64.74.134.255
MindSet Interactive HP-64-77-29-208 (NET-64-77-29-208-1:64.77.29.208-64.77.29.215
MindSet Interactive HP-64-77-38-112 (NET-64-77-38-112-1:64.77.38.112-64.77.38.120
MindSet Interactive HP-64-77-43-192 (NET-64-77-43-192-1:64.77.43.192-64.77.43.223
FlashTrack[ATBP]:64.90.160.154-64.90.160.154
MICROSTRATEGY, INC DSLNET-20010512-00322 (NET-64-93-61-96-1:64.93.61.96-64.93.61.127
New.net, Inc. PNAP-WDC-NEWNET-DC-01 (NET-64-94-29-0-1):64.94.29.0-64.94.29.255
PornDirect/variouS[ATBP]:64.94.110.11-64.94.110.11
Comet Systems PNAP-NYM-COMET-RM-01 (NET-64-94-162-0-1):64.94.162.0-64.94.162.255
WhenU/SaveNow[ATBP]:64.106.167.23-64.106.167.23
WhenU/SaveNow[ATBP]:64.106.167.122-64.106.167.122
WhenU/SaveNow[ATBP]:64.106.167.223-64.106.167.223
Atoque[ATBP]:64.106.230.30-64.106.230.30
WildTangent[ATBP]:64.124.186.224-64.124.186.255
Coolwebsearch[TROJAN]:64.124.210.41-64.124.210.41
CWS.GrabItFast[TROJAN]:64.124.210.131-64.124.210.131
Hotbar.com MFN-M152-64-125-104-32-29 (NET-64-125-104-32-1):64.125.104.32-64.125.104.39
BrowserToolBar[ATBP]:64.141.2.76-64.141.2.76
Network Essentials, Ltd. (NWEL) GCNETBLK-NWEL1 (NET-64-146-147-0-1:64.146.147.0-64.146.147.63
Network Essentials Ltd. GCNETBLK-NWEL1 (NET-64-146-188-0-2:64.146.188.0-64.146.188.127
Gator.com LVL3-GATOR-01 (NET-64-152-73-0-1):64.152.73.0-64.152.73.255
Internet Washer[ATBP]:64.156.188.61-64.156.188.61
SystemSoap[ATBP]:64.156.188.102-64.156.188.102
SupaSeek[ATBP]:64.158.222.3-64.158.222.3
Velocity Networks, Inc SBCIS-100724-18335 (NET-64-161-254-0-1:64.161.254.0-64.161.255.255
QXNET[SPYWARE]:64.191.128.0-64.191.159.255
FavoriteMan[ATBP]:64.201.100.229-64.201.100.229
FavoriteMan[ATBP],Netpal/FavoriteMan[ATBP]:64.201.101.4-64.201.101.4
VX2, INC DSLNET-064204210008 (NET-64-204-210-8-1:64.204.210.8-64.204.210.15
Ezula[ATBP]:64.225.154.175-64.225.154.175
LinkReplacer[ATBP]:64.237.61.3-64.237.61.3
Net IQ IEN-N45275 (NET-64-249-120-128-1:64.249.120.128-64.249.120.135
AD Tech Inc SBCIS-101921-142515 (NET-65-43-73-104-1:65.43.73.104-65.43.73.111
CWS.Vrape[TROJAN]:65.77.83.222-65.77.83.222
MICROSTRATEGY DSLNET-20020311-00024 (NET-65-86-103-64-1:65.86.103.64-65.86.103.95
MICROSTRATEGY DSLNET-20020311-00001 (NET-65-86-110-32-1:65.86.110.32-65.86.110.63
MICROSTRATEGY DSLNET-20020311-00023 (NET-65-86-110-64-1:65.86.110.64-65.86.110.95
MICROSTRATEGY DSLNET-20020325-00023 (NET-65-86-111-160-1:65.86.111.160-65.86.111.191
Experian USW-EXPERIAN (NET-65-103-42-224-1:65.103.42.224-65.103.42.231
SCbar[ATBP]:65.115.110.251-65.115.110.251
Hotbar.com Inc. QWESTA1-65-121-237-0 (NET-65-121-237-0-1):65.121.237.0-65.121.237.255
ADWARE SYSTEMS INC FON-110147328079759 (NET-65-167-38-0-1):65.167.38.0-65.167.38.127
Global Internet Management FON-110176000090595 (NET-65-171-134-0-1:65.171.134.0-65.171.134.255
NetIQ UU-65-200-104 (NET-65-200-104-0-1:65.200.104.0-65.200.104.255
NetIQ UU-65-201-90 (NET-65-201-90-0-1:65.201.90.0-65.201.90.255
VALUECLICK INC UU-65-211-61-136 (NET-65-211-61-136-1:65.211.61.136-65.211.61.143
eacceleration:65.212.166.0-65.212.166.255
Riverdeep Interactive Learning:65.215.217.208-65.215.217.223
Wurldmedia[ATBP]:65.216.116.114-65.216.116.114
NetIQ UU-65-219-170 (NET-65-219-170-0-1:65.219.170.0-65.219.170.255
Hotbar.com-internet Inc. UU-65-220-92-80-D7 (NET-65-220-92-80-1):65.220.92.80-65.220.92.95
NetIQ UU-65-222-200 (NET-65-222-200-0-1:65.222.200.0-65.222.200.255
NowBox[ATBP]:65.242.156.90-65.242.156.90
CYBERSPACE TO PARADISE, INC UU-65-248-171 (NET-65-248-171-0-1):65.248.171.0-65.248.171.255
BrilliantDigital[ATBP]:66.28.223.168-66.28.223.168
geo loc:66.35.227.98-66.35.227.98
eGroup[ATBP]:66.40.9.153-66.40.9.153
Strip-Player[ATBP]:66.40.9.230-66.40.9.230
CWS.Tooncomics[TROJAN]:66.40.16.131-66.40.16.131
MyPageFinder[ATBP]:66.40.21.68-66.40.21.68
Velocity Networks Inc. PWT-LSAN-FLST-157 (NET-66-42-53-0-1:66.42.53.0-66.42.53.255
Autosearch[ATBP]:66.70.44.60-66.70.44.60
Mojo[ATBP]:66.70.68.147-66.70.68.147
DivX Networks[ATBP]:66.77.127.64-66.77.127.127
Winupie[ATBP]:66.98.154.2-66.98.154.2
Rfwnad[ATBP]:66.98.178.19-66.98.178.19
Global Internet Management SAVV-S225053-0 (NET-66-101-232-0-1:66.101.232.0-66.101.232.255
Velocity Networks, Inc. VELN-2BLK (NET-66-102-128-0-1:66.102.128.0-66.102.143.255
Wurld Media, Inc. 66-109-33-0-29 (NET-66-109-33-0-1,Wurldmedia[ATBP]:66.109.33.0-66.109.33.7
Wurld Media, Inc. 66-109-33-48-29 (NET-66-109-33-48-1:66.109.33.48-66.109.33.55
Wurld Media, Inc. 66-109-33-56-29 (NET-66-109-33-56-1:66.109.33.56-66.109.33.63
Whazit[ATBP]:66.111.59.70-66.111.59.70
ToolbarCC[ATBP]:66.111.63.148-66.111.63.148
New.net, Inc. IBS-NEWNET-01 (NET-66-113-70-0-1):66.113.70.0-66.113.70.255
New.net, Inc. IBS-NEWNET-01N (NET-66-113-92-248-1):66.113.92.248-66.113.92.255
New.net, Inc. IBS-GW-NEWNET-01N (NET-66-113-93-32-1):66.113.93.32-66.113.93.39
FavoriteMan/SpyAssault[ATBP]:66.117.28.130-66.117.28.130
Phoenix Technologies SBC066126254120030722 (NET-66-126-254-120-1:66.126.254.120-66.126.254.127
Ad Trends SBCIS-101731-102832 (NET-66-136-139-160-1:66.136.139.160-66.136.139.167
AD TRENDS SBCIS-101731-151233 (NET-66-136-139-168-1:66.136.139.168-66.136.139.175
New.net, Inc. PNAP-LAX-NEWNET-RM-01 (NET-66-151-57-0-1):66.151.57.0-66.151.57.255
Total Velocity TOTAL-VELOCITY-NWK-1 (NET-66-159-219-192-1):66.159.219.192-66.159.219.207
Clearsearch[ATBP]:66.161.28.166-66.161.28.166
heetahMail CBCN-CHEE-66-165-100-0 (NET-66-165-100-0-1:66.165.100.0-66.165.100.255
CheetahMail CBCN-CHEE-66-165-105-0 (NET-66-165-105-0-1:66.165.105.0-66.165.105.255
Netsonic NETSONIC-BLK2 (NET-66-180-160-0-1:66.180.160.0-66.180.175.255
Mojo Advertising HSTR-MOJO-1 (NET-66-187-131-0-1:66.187.131.0-66.187.131.255
ShopNAV[ATBP]:66.197.138.235-66.197.138.235
Spectorsoft Corp. RSPC-6457-1031113338 (NET-66-216-103-80-1:66.216.103.80-66.216.103.95
Spy-Patrol.com RSPC-2444-1031273608 (NET-66-216-114-216-1:66.216.114.216-66.216.114.223
Tibssystems.com[ATBP]:66.216.127.40-66.216.127.40
C2 Media Ltd HURRICANE-CE1076-331 (NET-66-220-17-0-1:66.220.17.0-66.220.17.255
SuperBari/Gigatech[ATBP]:66.250.32.148-66.250.32.148
CWS.Lookfor[TROJAN]:66.250.57.226-66.250.57.226
Experian SBC067065088104030204 (NET-67-65-88-104-1:67.65.88.104-67.65.88.111
Experian SBCIS-1011129-135943 (NET-67-112-62-208-1:67.112.62.208-67.112.62.215
Velocity Networks Inc SBC-06711206512825 (NET-67-112-65-128-1:67.112.65.128-67.112.65.255
Velocity Networks Inc SBC-06711206712825 (NET-67-112-67-128-1:67.112.67.128-67.112.67.255
EXPERIAN2527585 SBCIS-1011129-135651 (NET-67-113-92-72-1:67.113.92.72-67.113.92.79
EXPERIAN:67.113.95.0-67.113.95.7
Creative Labs Inc SBC067117138136020511 (NET-67-117-138-136-1:67.117.138.136-67.117.138.143
Ad Tech Industries SBC068079137184031007 (NET-68-79-137-184-1:68.79.137.184-68.79.137.191
Phoenix[DNS server]:68.166.185.186-68.166.185.186
Stop Popup Ads Now, Inc RSPC-36956-1063225089 (NET-69-20-19-88-1:69.20.19.88-69.20.19.95
Spy-Patrol.com RSPC-36136-1063225021 (NET-69-20-20-32-1:69.20.20.32-69.20.20.47
Look2Me[ATBP]:69.20.20.161-69.20.20.161
Spy-Patrol.com RSPC-36136-1063221282 (NET-69-20-21-192-1:69.20.21.192-69.20.21.207
Stop Popup Ads Now, Inc RSPC-35560-1063220469 (NET-69-20-27-208-1:69.20.27.208-69.20.27.215
Stop Popup Ads Now, Inc RSPC-33647-1063220073 (NET-69-20-30-72-1:69.20.30.72-69.20.30.79
Stop Popup Ads Now, Inc RSPC-33648-1063220075 (NET-69-20-30-80-1:69.20.30.80-69.20.30.87
TopSites[ATBP]:69.28.195.198-69.28.195.198
hijack related:69.28.208.77-69.28.208.77
JetSeeker[CWS.Bootconf variant]:69.56.130.21-69.56.130.21
IDGsearch[ATBP]:69.56.223.196-69.56.223.196
Qhosts-1[ATBP]:69.57.146.14-69.57.146.14
Qhosts-1[ATBP]:69.57.147.175-69.57.147.175
Peer 1 Network Inc. PEER1-BLK-08[SPYWARE],Peer 1 Network Inc. PEER1-BLK-08[EVIL-SPYWARE]:69.90.0.0-69.90.191.255
Creative Labs Inc10955584 SBC06911114121629040325203229 (NET-69-111-141-216-1:69.111.141.216-69.111.141.223
SOVINTEL-ICSTM2[CWS-TROJANS]:81.211.105.0-81.211.105.255
Navexcel[ATBP]:128.121.212.181-128.121.212.181
Speedbit[ATBP]:128.242.199.42-128.242.199.42
Speedbit[ATBP]:128.242.204.122-128.242.204.122
Speedbit[ATBP]:128.242.213.138-128.242.213.138
ad tracking tickle.com crap:129.250.0.0-129.250.255.255
Backweb Lite[ATBP]:129.253.170.220-129.253.170.220
Phoenix Technologies Ltd. PHOENIX (NET-134-122-0-0-1:134.122.0.0-134.122.255.255
BrowserToolBar[ATBP]:139.142.246.76-139.142.246.76
Cambridge Entrepreneurial Network CENTNET (NET-140-186-0-0-1:140.186.0.0-140.186.255.255
Flashpoint Marketing VZ-FLSHPNTMRKTNG-1 (NET-141-152-37-200-1:141.152.37.200-141.152.37.207
Huntbar[ATBP]:146.82.109.220-146.82.109.220
Onflow:147.208.175.70-147.208.175.70
eMachines[ATBP]:164.109.144.179-164.109.144.179
eMachines[ATBP]:164.109.144.181-164.109.144.181
Experian Information Solutions:167.107.0.0-167.107.255.255
Netropa/[Hewlett-Packard site]:192.151.53.114-192.151.53.114
Spyglass, Inc. SPYGLASS (NET-192-246-238-0-1:192.246.238.0-192.246.238.255
UMaxSearch[ATBP]:194.245.101.90-194.245.101.90
Experian Bureau EXPERIAN-01 (NET-196-15-244-128-1:196.15.244.128-196.15.244.191
SmartBrowser[ATBP]:198.64.129.88-198.64.129.88
SmartBrowser[ATBP]:198.64.149.78-198.64.149.78
Creative Labs NETBLK-CREAF1 (NET-198-95-32-0-1:198.95.32.0-198.95.63.255
Belcaro Group, Inc. NET-199-45-139-64-6 (NET-199-45-139-64-1:199.45.139.64-199.45.139.79
Spectorsoft SPECTORSOFT (NET-199-72-35-168-1:199.72.35.168-199.72.35.175
DSSAgent(Broderbund/Mattel):199.171.54.0-199.171.54.0
Microstrategy, Inc. STRATEGY-NET (NET-199-173-152-0-1:199.173.152.0-199.173.152.255
Cambridge Entrepreneurial Network CENT-CIDR-01 (NET-199-232-0-0-1:199.232.0.0-199.232.255.255
MICROSTRATEGY MICROSTRATEGY (NET-200-41-126-136-1:200.41.126.136-200.41.126.143
PerMedia[ATBP]:200.75.201.35-200.75.201.35
PerMedia[ATBP]:200.75.201.36-200.75.201.36
Global Internet Management SPRINTLINK (NET-204-97-253-32-1:204.97.253.32-204.97.253.39
American List Counsel, Inc AMLIST (NET-204-130-201-0-1:204.130.201.0-204.130.201.255
Microstrategy, Inc. MICROSTRATUU2 (NET-205-150-168-160-1:205.150.168.160-205.150.168.175
AD Technologies Inc. ADTECH (NET-205-151-188-0-1:205.151.188.0-205.151.188.255
bargain buddy:205.158.62.116-205.158.62.116
Winamp[ATBP]:205.188.246.218-205.188.246.218
PassThisOn[ATBP]:205.236.189.50-205.236.189.50
Freescratchandwin.com[ATBP]:205.252.89.14-205.252.89.14
Experian Information Solutions:206.18.229.0-206.18.229.63
Velocity Networks, Inc. VELN-3BLK (NET-206-126-128-0-1:206.126.128.0-206.126.159.255
Microstrategy, Inc. STRATEGY-NET2 (NET-206-136-136-0-1:206.136.136.0-206.136.136.255
CWS.Loadbat/CWS.MSConfd/IE-Search[TROJAN]:206.161.127.66-206.161.127.66
C2 Media.com C2MC-CA (NET-206-172-40-0-1:206.172.40.0-206.172.40.31
Flashpoint Technology, Inc. FLASHPNT (NET-207-5-52-0-2:207.5.52.0-207.5.52.255
Friendgreetings.com worm[W32.Friendgreet.worm]:207.21.232.104-207.21.232.104
Microstrategy, Inc. MICROSTRATEGY-ANS (NET-207-27-1-0-1:207.27.1.0-207.27.1.255
TwistedHumor.com[ATBP]:207.44.180.96-207.44.180.96
QHosts-1[ATBP]:207.44.194.56-207.44.194.56
Searchsprint[ATBP]:207.44.196.98-207.44.196.98
pest related,pest related site:207.44.198.27-207.44.198.27
Gator Technologies Inc GATOR-TECH (NET-207-59-223-192-1):207.59.223.192-207.59.223.199
related.msn.com[ATBP]:207.68.176.189-207.68.176.189
Expedioware[ATBP]:207.174.207.177-207.174.207.177
Velocity Networks, Inc. VELN (NET-207-182-224-0-1:207.182.224.0-207.182.255.255
Brilliant Digital Entertainment PBI-CUSTNET-3484 (NET-207-213-45-32-1:207.213.45.32-207.213.45.63
Global Internet Marketing Ltd. RADCOM-207-232-105-088-29 (NET-207-232-105-88-1:207.232.105.88-207.232.105.95
Conducent Technologies DIGINET184 (NET-207-233-200-0-1):207.233.200.0-207.233.200.255
VX2 STDIO-VX21 (NET-207-246-124-0-1:207.246.124.0-207.246.124.255
Netsonic INCNET-GB-CUST-NTS-0 (NET-207-250-25-0-1:207.250.25.0-207.250.25.255
Netsonic INCNET-NTSNC-GBY (NET-207-250-84-0-1:207.250.84.0-207.250.84.255
Netsonic INCNET-GB-CUST-NTS-2 (NET-207-250-96-0-1:207.250.96.0-207.250.96.255
Netsonic INCNET-NETSON-250-162 (NET-207-250-162-0-1:207.250.162.0-207.250.162.255
Netsonic INCNET-NETSON-250-184 (NET-207-250-184-0-1:207.250.184.0-207.250.184.255
Netsonic INCNET-NETSON-250-210 (NET-207-250-210-0-1:207.250.210.0-207.250.210.255
Netsonic INCNET-NETSON-250-212 (NET-207-250-212-0-1:207.250.212.0-207.250.212.255
C2 Media-Washington DC QWEST-208-45-66-64 (NET-208-45-66-64-1:208.45.66.64-208.45.66.127
Pugi/Masterbar[ATBP]:208.62.163.145-208.62.163.145
1110100011o1window.info/Bulla[ATBP]:208.186.78.81-208.186.78.81
CREATIVE LABS INC SBCIS80232 (NET-208-188-108-96-1:208.188.108.96-208.188.108.103
Spyglass, Inc. UU-208-205-234-D1 (NET-208-205-234-0-1:208.205.234.0-208.205.235.255
Microstrategy, Inc. UU-208-206-234 (NET-208-206-234-0-1:208.206.234.0-208.206.234.255
AD Transport Express UU-208-208-57-64 (NET-208-208-57-64-1:208.208.57.64-208.208.57.127
Focus Interactive, Inc. UU-208-208-221-D1 (NET-208-208-221-0-1:208.208.221.0-208.208.221.63
NetIQ UU-208-223-102 (NET-208-223-102-0-1:208.223.102.0-208.223.102.255
Shop at Home, Inc. UU-208-223-205-96 (NET-208-223-205-96-1:208.223.205.96-208.223.205.127
SPYGLASS UU-208-224-123-248-D (NET-208-224-123-248-1:208.224.123.248-208.224.123.255
Focus Interactive, Inc. UU-208-225-218-240 (NET-208-225-218-240-1:208.225.218.240-208.225.218.255
Microstrategy, Inc. UU-208-226-118 (NET-208-226-118-0-1:208.226.118.0-208.226.118.255
Transponder[SPYWARE]:208.229.231.83-208.229.231.83
Experian UU-208-231-162 (NET-208-231-162-0-1:208.231.162.0-208.231.162.255
Microstrategy, Inc. UU-208-238-98 (NET-208-238-98-0-1:208.238.98.0-208.238.98.255
Microstrategy, Inc. UU-208-244-116 (NET-208-244-116-0-1:208.244.116.0-208.244.117.255
VALUECLICK INC UU-208-255-181-16 (NET-208-255-181-16-1:208.255.181.16-208.255.181.23
Cydoor Technologies IP007022-209-10-17 (NET-209-10-17-128-1):209.10.17.128-209.10.17.255
Spyder Web Enterprises, LLC IP009856-209-10-165 (NET-209-10-165-0-1:209.10.165.0-209.10.165.31
Spyder Web Enterprises, LLC IP009854-209-10-165 (NET-209-10-165-32-1:209.10.165.32-209.10.165.47
Spyder Web Enterprises, LLC IP010184-209-10-165 (NET-209-10-165-72-1:209.10.165.72-209.10.165.79
EBates/TopMoxie[ATBP]:209.10.225.93-209.10.225.93
Cydoor Technologies IP009762-209-11-66 (NET-209-11-66-0-1):209.11.66.0-209.11.66.255
Cydoor Technologies IP009978-209-11-67 (NET-209-11-67-0-1):209.11.67.0-209.11.67.255
AD Technologies INTX-196-32-29 (NET-209-42-196-32-1:209.42.196.32-209.42.196.39
Autosearch[ATBP]:209.50.251.242-209.50.251.242
VirtualBouncer[ATBP]:209.51.152.62-209.51.152.62
Huntbar[ATBP]:209.61.228.23-209.61.228.23
Huntbar[ATBP]:209.61.228.36-209.61.228.36
APS Telecom[SPYWARE]:209.66.114.0-209.66.115.255
large range ad tracking dynamic logic etc:209.67.0.0-209.67.255.255
Cydoor Technologies IP010194-209-73-206 (NET-209-73-206-0-1):209.73.206.0-209.73.206.255
Cydoor Technologies Inc. CYDOOR-209-73-225 (NET-209-73-225-0-1):209.73.225.0-209.73.225.255
MediaPlex NXT-MEDIAPLEX (NET-209-81-59-208-1:209.81.59.208-209.81.59.215
ValueClick Corporation:209.85.132.64-209.85.132.95
ValueClick Corporation:209.85.157.0-209.85.157.255
Webhancer STIN-87-238-32-1A (NET-209-87-238-32-1):209.87.238.32-209.87.238.47
adware related:209.132.205.222-209.132.205.222
Hotbar.com MFN-M152-209-133-35-0-24 (NET-209-133-35-0-1):209.133.35.0-209.133.35.255
PowerStrip[ATBP]:209.139.209.232-209.139.209.232
Mojo Advertising IDCI-MOJOADV (NET-209-146-37-0-1:209.146.37.0-209.146.37.255
Netropa[ATBP]:209.164.21.84-209.164.21.84
BrilliantDigital[ATBP]:209.178.57.143-209.178.57.143
Aureate Development, Inc. INDYNET-AUREATE-1 (NET-209-183-99-0-1):209.183.99.0-209.183.99.255
Global Internet Management CERF-GIM-A (NET-209-186-2-0-1:209.186.2.0-209.186.3.255
ions pride:209.234.155.99-209.234.155.99
ZeroPopUp[ATBP]:209.249.147.70-209.249.147.70
Naviscope[ATBP]:212.100.224.102-212.100.224.102
CWS.Verisign[TROJAN]:213.159.117.233-213.159.117.233
ELECTRONIC GROUP INTERACTIVE:213.170.47.88-213.170.47.95
Comet Systems PNAP-NYM-COMET-RM-02 (NET-216-52-88-64-1):216.52.88.64-216.52.88.71
Side-Search[ATBP]:216.52.184.237-216.52.184.237
Creative Labs CREATIVE84 (NET-216-61-164-0-1:216.61.164.0-216.61.167.255
Friendgreetings.com worm[W32.Friendgreet.worm]:216.65.63.139-216.65.63.139
Global Internet Management SAVV-S225053-0 (NET-216-88-23-0-1:216.88.23.0-216.88.23.255
Flashpoint IOSNET-7-131-112-127 (NET-216-97-131-112-1:216.97.131.112-216.97.131.127
IPInsight[ATBP]:216.110.36.129-216.110.36.129
big block admt.com owner:216.117.128.0-216.117.191.255
C2 Media Productions Group:216.120.143.136-216.120.143.143
Search-Explorer[ATBP]:216.130.177.139-216.130.177.139
Phoenix Technologies, Ltd. ATTENS-008745-001996 (NET-216-148-212-216-1:216.148.212.216-216.148.212.223
Phoenix Technologies, Ltd. ATTENS-008745-001788 (NET-216-148-218-128-1:216.148.218.128-216.148.218.255
Naviscope[ATBP]:216.157.91.36-216.157.91.36
web3000:216.168.60.122-216.168.60.122
Global Internet Management INFLOW-20899-101594-13865 (NET-216-183-124-248-1:216.183.124.248-216.183.124.255
SearchWWW[ATBP]:216.194.70.15-216.194.70.15
Ad Tech FDN-559206-92-160 (NET-216-199-92-160-1:216.199.92.160-216.199.92.167
CWS.Alfa-search[TROJAN]:216.200.3.32-216.200.3.32
Netiquity RESO-216-204-11-192A (NET-216-204-11-192-1:216.204.11.192-216.204.11.255
WebHancer Corporation MAXLINK-WEBHANCER1 (NET-216-221-200-192-1):216.221.200.192-216.221.200.223
telecom sec group:216.231.96.0-216.231.127.255
Netsonic NETSONIC (NET-216-235-64-0-1:216.235.64.0-216.235.79.255
aadcom adware:216.237.0.0-216.237.63.255:216.237.10.184-216.237.10.184
ValueClick VALUE-216-246-25 (NET-216-246-25-0-1:216.246.25.0-216.246.25.255
ValueClick VALU-216-246-96 (NET-216-246-96-0-1:216.246.96.0-216.246.96.255
HOP AT HOME NETWORK, LLC ABS-NSVLTN-SAHN (NET-216-248-29-0-1:216.248.29.0-216.248.29.63
dig rooster:216.254.144.0-216.254.144.127
SearchV/Truerecords[ATBP]:217.106.229.248-217.106.229.248
ELECTRONIC GROUP INTERACTIVE:217.110.248.0-217.110.248.255
BrilliantDigital[ATBP]:217.116.227.250-217.116.227.250
Fastsearch[ATBP]:217.144.235.224-217.144.235.224
Tibssystems.com[ATBP]:217.145.64.150-217.145.64.150
Pugi[ATBP]:217.157.14.29-217.157.14.29
MicroStrategy MICROSTRAT-44-21 (NET-4-43-44-32-1:4.43.44.32-4.43.44.63
MicroStrategy MICROSTRAT-44-16 (NET-4-43-44-128-1:4.43.44.128-4.43.44.143
EXPERIAN EXPERIAN-62 (NET-12-37-62-0-1:12.37.62.0-12.37.62.255
EXPERIAN EXPERIAN-105-80 (NET-12-39-105-80-1:12.39.105.80-12.39.105.95
Netropa[ATBP]:12.98.204.163-12.98.204.163
Netropa[ATBP]:12.99.231.36-12.99.231.36
SystemSoap[ATBP]:12.129.72.201-12.129.72.201
SiteFinder[ATBP]:12.158.80.10-12.158.80.10
Best Search[ATBP]:38.113.198.132-38.113.198.132
CWS.Tapicfg[TROJAN]:38.117.144.27-38.117.144.27
pest related:38.118.144.180-38.118.144.180
EGROUP[ATBP]:62.39.85.0-62.39.85.255
SpyGlass, Inc. UU-63-68-20 (NET-63-68-20-0-1:63.68.20.0-63.68.23.255
Bonzi Software UU-63-68-54 (NET-63-68-54-0-1:63.68.54.0-63.68.55.255
Conducent, Inc. UU-63-70-12 (NET-63-70-12-0-1):63.70.12.0-63.70.12.255
DSSAgent(Broderbund/Mattel):63.71.110.0-63.71.110.0
NetIQ UU-63-88-212 (NET-63-88-212-0-1:63.88.212.0-63.88.213.255
Microstrategy, Inc. UU-63-89-233-64 (NET-63-89-233-64-1:63.89.233.64-63.89.233.71
adware-possible innocents,Ready Hosting UU-63-99-224-D4[twaintec spyware terrorist hosts]:63.99.224.0-63.99.224.255
Claria Corporation UU-63-103-205-128 (NET-63-103-205-128-1):63.103.205.128-63.103.205.255
C2 Media QWST-63-145-92-0 (NET-63-145-92-0-1:63.145.92.0-63.145.92.127
C2 Media QWST-63-146-90-128 (NET-63-146-90-128-1:63.146.90.128-63.146.90.255
American List Counsel SPRINTLINK (NET-63-172-191-240-1:63.172.191.240-63.172.191.255
Netiq Corp SBCIS18843 (NET-63-192-45-64-1:63.192.45.64-63.192.45.95
Phoenix Technologies SBCIS30761 (NET-63-193-230-216-1:63.193.230.216-63.193.230.223
Velocity Networks, Inc. SBCIS35451 (NET-63-194-9-0-1:63.194.9.0-63.194.9.7
Bonzi Software SBC063194103112020711 (NET-63-194-103-112-1:63.194.103.112-63.194.103.119
Velocity Networks Inc. SBCIS38575 (NET-63-195-211-176-1:63.195.211.176-63.195.211.183
BrilliantDigital[ATBP]:63.196.54.245-63.196.54.245
Gator.com SBCIS991119010 (NET-63-197-87-0-1):63.197.87.0-63.197.87.255
Experian Reports Inc (NET-63-206-51-248-1:63.206.51.248-63.206.51.255
CREATIVE LABS SBCIS-100428-161749 (NET-63-206-114-152-1:63.206.114.152-63.206.114.159
Tinybar:63.215.149.58-63.215.149.58
EBates/TopMoxie[ATBP]:63.219.179.134-63.219.179.134
Online-dialer.com:63.219.181.10-63.219.181.10
Belcaro Group, Inc. USW-BELCARO (NET-63-224-68-104-1:63.224.68.104-63.224.68.111
SafeNet Corp USW-SAFENETCORP (NET-63-226-99-88-1:63.226.99.88-63.226.99.95
Flashpoint Design Group USW-FPDG (NET-63-231-237-120-1:63.231.237.120-63.231.237.127
Commission Junction QWEST-BUC-COMJUNC1 (NET-63-236-0-48-1:63.236.0.48-63.236.0.55
Commission Junction QWEST-BUC-COMJUNC2 (NET-63-236-5-128-1:63.236.5.128-63.236.5.159
EBates/TopMoxie[ATBP]:63.236.57.90-63.236.57.90
NetIQ Corporation QWEST-IAD-NETIQ (NET-63-236-111-32-1:63.236.111.32-63.236.111.63
C2 Media Inc QWEST-63-236-173-0 (NET-63-236-173-0-1:63.236.173.0-63.236.173.7
C2 Media-Falls Church QWEST-63-237-84-64 (NET-63-237-84-64-1:63.237.84.64-63.237.84.127
C2 Media Inc QQWST-63-237-152-0 (NET-63-237-152-0-1:63.237.152.0-63.237.153.255
C2 Media - Houston QWEST-63-239-124-16 (NET-63-239-124-16-1:63.239.124.16-63.239.124.31
C2 Media QWEST-63-238-126-64 (NET-63-239-126-64-1:63.239.126.64-63.239.126.191
Phoenix Technologies, Ltd. ATTENS-008745-002195 (NET-63-241-67-128-1:63.241.67.128-63.241.67.159
Internet Optimizer[SPYWARE]:63.245.50.35-63.245.50.35
SurferBar[ATBP]:63.246.130.201-63.246.130.201
WhenU/SaveNow[ATBP]:63.251.83.40-63.251.83.40
Side-Search[ATBP]:63.251.83.57-63.251.83.57
FavoriteMan[ATBP]:64.5.48.121-64.5.48.121
searchbar:64.21.81.201-64.21.81.201
VFlash[ATBP]:64.28.34.138-64.28.34.138
popup:64.35.113.133-64.35.113.133
Media-Update[ATBP]:64.40.32.201-64.40.32.201
ISTBar[ATBP]:64.40.36.12-64.40.36.12
RedSwoosh[ATBP]:64.41.169.141-64.41.169.141
spyware range:64.49.214.40-64.49.214.47
VirtualBouncer[ATBP]:64.49.219.20-64.49.219.20
Spectorsoft Corp. RSPC-6477-1034803939 (NET-64-49-244-48-1:64.49.244.48-64.49.244.55
Spectorsoft Corp. RSPC-6457-1034803940 (NET-64-49-244-56-1:64.49.244.56-64.49.244.63
Spectorsoft Corp. RSPC-6457-1034804457 (NET-64-49-245-184-1:64.49.245.184-64.49.245.191
Tibssystems.com[ATBP]:64.49.255.31-64.49.255.31
everad:64.51.213.208-64.51.213.223
Flashpoint Technology HTW-06819 (NET-64-55-105-97-1:64.55.105.97-64.55.105.126
FLASHPOINT HTW-05815 (NET-64-55-124-136-1:64.55.124.136-64.55.124.143
FLASHPOINT HTW-07016 (NET-64-55-147-80-1:64.55.147.80-64.55.147.95
Brilliant Digital Entertainment BRILLIANT-DIGITAL-ENTERTAINMENT (NET-64-60-8-160-1:64.60.8.160-64.60.8.191
New.net, Inc. PNAP-SJE-NEWNET-DC-01 (NET-64-74-134-0-1):64.74.134.0-64.74.134.255
MindSet Interactive HP-64-77-29-208 (NET-64-77-29-208-1:64.77.29.208-64.77.29.215
MindSet Interactive HP-64-77-38-112 (NET-64-77-38-112-1:64.77.38.112-64.77.38.120
MindSet Interactive HP-64-77-43-192 (NET-64-77-43-192-1:64.77.43.192-64.77.43.223
FlashTrack[ATBP]:64.90.160.154-64.90.160.154
MICROSTRATEGY, INC DSLNET-20010512-00322 (NET-64-93-61-96-1:64.93.61.96-64.93.61.127
New.net, Inc. PNAP-WDC-NEWNET-DC-01 (NET-64-94-29-0-1):64.94.29.0-64.94.29.255
PornDirect/variouS[ATBP]:64.94.110.11-64.94.110.11
Comet Systems PNAP-NYM-COMET-RM-01 (NET-64-94-162-0-1):64.94.162.0-64.94.162.255
WhenU/SaveNow[ATBP]:64.106.167.23-64.106.167.23
WhenU/SaveNow[ATBP]:64.106.167.122-64.106.167.122
WhenU/SaveNow[ATBP]:64.106.167.223-64.106.167.223
Atoque[ATBP]:64.106.230.30-64.106.230.30
WildTangent[ATBP]:64.124.186.224-64.124.186.255
Coolwebsearch[TROJAN]:64.124.210.41-64.124.210.41
CWS.GrabItFast[TROJAN]:64.124.210.131-64.124.210.131
Hotbar.com MFN-M152-64-125-104-32-29 (NET-64-125-104-32-1):64.125.104.32-64.125.104.39
BrowserToolBar[ATBP]:64.141.2.76-64.141.2.76
Network Essentials, Ltd. (NWEL) GCNETBLK-NWEL1 (NET-64-146-147-0-1:64.146.147.0-64.146.147.63
Network Essentials Ltd. GCNETBLK-NWEL1 (NET-64-146-188-0-2:64.146.188.0-64.146.188.127
Gator.com LVL3-GATOR-01 (NET-64-152-73-0-1):64.152.73.0-64.152.73.255
Internet Washer[ATBP]:64.156.188.61-64.156.188.61
SystemSoap[ATBP]:64.156.188.102-64.156.188.102
SupaSeek[ATBP]:64.158.222.3-64.158.222.3
Velocity Networks, Inc SBCIS-100724-18335 (NET-64-161-254-0-1:64.161.254.0-64.161.255.255
QXNET[SPYWARE]:64.191.128.0-64.191.159.255
FavoriteMan[ATBP]:64.201.100.229-64.201.100.229
FavoriteMan[ATBP],Netpal/FavoriteMan[ATBP]:64.201.101.4-64.201.101.4
VX2, INC DSLNET-064204210008 (NET-64-204-210-8-1:64.204.210.8-64.204.210.15
Ezula[ATBP]:64.225.154.175-64.225.154.175
LinkReplacer[ATBP]:64.237.61.3-64.237.61.3
Net IQ IEN-N45275 (NET-64-249-120-128-1:64.249.120.128-64.249.120.135
AD Tech Inc SBCIS-101921-142515 (NET-65-43-73-104-1:65.43.73.104-65.43.73.111
CWS.Vrape[TROJAN]:65.77.83.222-65.77.83.222
MICROSTRATEGY DSLNET-20020311-00024 (NET-65-86-103-64-1:65.86.103.64-65.86.103.95
MICROSTRATEGY DSLNET-20020311-00001 (NET-65-86-110-32-1:65.86.110.32-65.86.110.63
MICROSTRATEGY DSLNET-20020311-00023 (NET-65-86-110-64-1:65.86.110.64-65.86.110.95
MICROSTRATEGY DSLNET-20020325-00023 (NET-65-86-111-160-1:65.86.111.160-65.86.111.191
Experian USW-EXPERIAN (NET-65-103-42-224-1:65.103.42.224-65.103.42.231
SCbar[ATBP]:65.115.110.251-65.115.110.251
Hotbar.com Inc. QWESTA1-65-121-237-0 (NET-65-121-237-0-1):65.121.237.0-65.121.237.255
ADWARE SYSTEMS INC FON-110147328079759 (NET-65-167-38-0-1):65.167.38.0-65.167.38.127
Global Internet Management FON-110176000090595 (NET-65-171-134-0-1:65.171.134.0-65.171.134.255
NetIQ UU-65-200-104 (NET-65-200-104-0-1:65.200.104.0-65.200.104.255
NetIQ UU-65-201-90 (NET-65-201-90-0-1:65.201.90.0-65.201.90.255
VALUECLICK INC UU-65-211-61-136 (NET-65-211-61-136-1:65.211.61.136-65.211.61.143
eacceleration:65.212.166.0-65.212.166.255
Riverdeep Interactive Learning:65.215.217.208-65.215.217.223
Wurldmedia[ATBP]:65.216.116.114-65.216.116.114
NetIQ UU-65-219-170 (NET-65-219-170-0-1:65.219.170.0-65.219.170.255
Hotbar.com-internet Inc. UU-65-220-92-80-D7 (NET-65-220-92-80-1):65.220.92.80-65.220.92.95
NetIQ UU-65-222-200 (NET-65-222-200-0-1:65.222.200.0-65.222.200.255
NowBox[ATBP]:65.242.156.90-65.242.156.90
CYBERSPACE TO PARADISE, INC UU-65-248-171 (NET-65-248-171-0-1):65.248.171.0-65.248.171.255
BrilliantDigital[ATBP]:66.28.223.168-66.28.223.168
geo loc:66.35.227.98-66.35.227.98
eGroup[ATBP]:66.40.9.153-66.40.9.153
Strip-Player[ATBP]:66.40.9.230-66.40.9.230
CWS.Tooncomics[TROJAN]:66.40.16.131-66.40.16.131
MyPageFinder[ATBP]:66.40.21.68-66.40.21.68
Velocity Networks Inc. PWT-LSAN-FLST-157 (NET-66-42-53-0-1:66.42.53.0-66.42.53.255
Autosearch[ATBP]:66.70.44.60-66.70.44.60
Mojo[ATBP]:66.70.68.147-66.70.68.147
DivX Networks[ATBP]:66.77.127.64-66.77.127.127
Winupie[ATBP]:66.98.154.2-66.98.154.2
Rfwnad[ATBP]:66.98.178.19-66.98.178.19
Global Internet Management SAVV-S225053-0 (NET-66-101-232-0-1:66.101.232.0-66.101.232.255
Velocity Networks, Inc. VELN-2BLK (NET-66-102-128-0-1:66.102.128.0-66.102.143.255
Wurld Media, Inc. 66-109-33-0-29 (NET-66-109-33-0-1,Wurldmedia[ATBP]:66.109.33.0-66.109.33.7
Wurld Media, Inc. 66-109-33-48-29 (NET-66-109-33-48-1:66.109.33.48-66.109.33.55
Wurld Media, Inc. 66-109-33-56-29 (NET-66-109-33-56-1:66.109.33.56-66.109.33.63
Whazit[ATBP]:66.111.59.70-66.111.59.70
ToolbarCC[ATBP]:66.111.63.148-66.111.63.148
New.net, Inc. IBS-NEWNET-01 (NET-66-113-70-0-1):66.113.70.0-66.113.70.255
New.net, Inc. IBS-NEWNET-01N (NET-66-113-92-248-1):66.113.92.248-66.113.92.255
New.net, Inc. IBS-GW-NEWNET-01N (NET-66-113-93-32-1):66.113.93.32-66.113.93.39
FavoriteMan/SpyAssault[ATBP]:66.117.28.130-66.117.28.130
Phoenix Technologies SBC066126254120030722 (NET-66-126-254-120-1:66.126.254.120-66.126.254.127
Ad Trends SBCIS-101731-102832 (NET-66-136-139-160-1:66.136.139.160-66.136.139.167
AD TRENDS SBCIS-101731-151233 (NET-66-136-139-168-1:66.136.139.168-66.136.139.175
New.net, Inc. PNAP-LAX-NEWNET-RM-01 (NET-66-151-57-0-1):66.151.57.0-66.151.57.255
Total Velocity TOTAL-VELOCITY-NWK-1 (NET-66-159-219-192-1):66.159.219.192-66.159.219.207
Clearsearch[ATBP]:66.161.28.166-66.161.28.166
heetahMail CBCN-CHEE-66-165-100-0 (NET-66-165-100-0-1:66.165.100.0-66.165.100.255
CheetahMail CBCN-CHEE-66-165-105-0 (NET-66-165-105-0-1:66.165.105.0-66.165.105.255
Netsonic NETSONIC-BLK2 (NET-66-180-160-0-1:66.180.160.0-66.180.175.255
Mojo Advertising HSTR-MOJO-1 (NET-66-187-131-0-1:66.187.131.0-66.187.131.255
ShopNAV[ATBP]:66.197.138.235-66.197.138.235
Spectorsoft Corp. RSPC-6457-1031113338 (NET-66-216-103-80-1:66.216.103.80-66.216.103.95
Spy-Patrol.com RSPC-2444-1031273608 (NET-66-216-114-216-1:66.216.114.216-66.216.114.223
Tibssystems.com[ATBP]:66.216.127.40-66.216.127.40
C2 Media Ltd HURRICANE-CE1076-331 (NET-66-220-17-0-1:66.220.17.0-66.220.17.255
SuperBari/Gigatech[ATBP]:66.250.32.148-66.250.32.148
CWS.Lookfor[TROJAN]:66.250.57.226-66.250.57.226
Experian SBC067065088104030204 (NET-67-65-88-104-1:67.65.88.104-67.65.88.111
Experian SBCIS-1011129-135943 (NET-67-112-62-208-1:67.112.62.208-67.112.62.215
Velocity Networks Inc SBC-06711206512825 (NET-67-112-65-128-1:67.112.65.128-67.112.65.255
Velocity Networks Inc SBC-06711206712825 (NET-67-112-67-128-1:67.112.67.128-67.112.67.255
EXPERIAN2527585 SBCIS-1011129-135651 (NET-67-113-92-72-1:67.113.92.72-67.113.92.79
EXPERIAN:67.113.95.0-67.113.95.7
Creative Labs Inc SBC067117138136020511 (NET-67-117-138-136-1:67.117.138.136-67.117.138.143
Ad Tech Industries SBC068079137184031007 (NET-68-79-137-184-1:68.79.137.184-68.79.137.191
Phoenix[DNS server]:68.166.185.186-68.166.185.186
Stop Popup Ads Now, Inc RSPC-36956-1063225089 (NET-69-20-19-88-1:69.20.19.88-69.20.19.95
Spy-Patrol.com RSPC-36136-1063225021 (NET-69-20-20-32-1:69.20.20.32-69.20.20.47
Look2Me[ATBP]:69.20.20.161-69.20.20.161
Spy-Patrol.com RSPC-36136-1063221282 (NET-69-20-21-192-1:69.20.21.192-69.20.21.207
Stop Popup Ads Now, Inc RSPC-35560-1063220469 (NET-69-20-27-208-1:69.20.27.208-69.20.27.215
Stop Popup Ads Now, Inc RSPC-33647-1063220073 (NET-69-20-30-72-1:69.20.30.72-69.20.30.79
Stop Popup Ads Now, Inc RSPC-33648-1063220075 (NET-69-20-30-80-1:69.20.30.80-69.20.30.87
TopSites[ATBP]:69.28.195.198-69.28.195.198
hijack related:69.28.208.77-69.28.208.77
JetSeeker[CWS.Bootconf variant]:69.56.130.21-69.56.130.21
IDGsearch[ATBP]:69.56.223.196-69.56.223.196
Qhosts-1[ATBP]:69.57.146.14-69.57.146.14
Qhosts-1[ATBP]:69.57.147.175-69.57.147.175
Peer 1 Network Inc. PEER1-BLK-08[SPYWARE],Peer 1 Network Inc. PEER1-BLK-08[EVIL-SPYWARE]:69.90.0.0-69.90.191.255
Creative Labs Inc10955584 SBC06911114121629040325203229 (NET-69-111-141-216-1:69.111.141.216-69.111.141.223
SOVINTEL-ICSTM2[CWS-TROJANS]:81.211.105.0-81.211.105.255
Navexcel[ATBP]:128.121.212.181-128.121.212.181
Speedbit[ATBP]:128.242.199.42-128.242.199.42
Speedbit[ATBP]:128.242.204.122-128.242.204.122
Speedbit[ATBP]:128.242.213.138-128.242.213.138
ad tracking tickle.com crap:129.250.0.0-129.250.255.255
Backweb Lite[ATBP]:129.253.170.220-129.253.170.220
Phoenix Technologies Ltd. PHOENIX (NET-134-122-0-0-1:134.122.0.0-134.122.255.255
BrowserToolBar[ATBP]:139.142.246.76-139.142.246.76
Cambridge Entrepreneurial Network CENTNET (NET-140-186-0-0-1:140.186.0.0-140.186.255.255
Flashpoint Marketing VZ-FLSHPNTMRKTNG-1 (NET-141-152-37-200-1:141.152.37.200-141.152.37.207
Huntbar[ATBP]:146.82.109.220-146.82.109.220
Onflow:147.208.175.70-147.208.175.70
eMachines[ATBP]:164.109.144.179-164.109.144.179
eMachines[ATBP]:164.109.144.181-164.109.144.181
Experian Information Solutions:167.107.0.0-167.107.255.255
Netropa/[Hewlett-Packard site]:192.151.53.114-192.151.53.114
Spyglass, Inc. SPYGLASS (NET-192-246-238-0-1:192.246.238.0-192.246.238.255
UMaxSearch[ATBP]:194.245.101.90-194.245.101.90
Experian Bureau EXPERIAN-01 (NET-196-15-244-128-1:196.15.244.128-196.15.244.191
SmartBrowser[ATBP]:198.64.129.88-198.64.129.88
SmartBrowser[ATBP]:198.64.149.78-198.64.149.78
Creative Labs NETBLK-CREAF1 (NET-198-95-32-0-1:198.95.32.0-198.95.63.255
Belcaro Group, Inc. NET-199-45-139-64-6 (NET-199-45-139-64-1:199.45.139.64-199.45.139.79
Spectorsoft SPECTORSOFT (NET-199-72-35-168-1:199.72.35.168-199.72.35.175
DSSAgent(Broderbund/Mattel):199.171.54.0-199.171.54.0
Microstrategy, Inc. STRATEGY-NET (NET-199-173-152-0-1:199.173.152.0-199.173.152.255
Cambridge Entrepreneurial Network CENT-CIDR-01 (NET-199-232-0-0-1:199.232.0.0-199.232.255.255
MICROSTRATEGY MICROSTRATEGY (NET-200-41-126-136-1:200.41.126.136-200.41.126.143
PerMedia[ATBP]:200.75.201.35-200.75.201.35
PerMedia[ATBP]:200.75.201.36-200.75.201.36
Global Internet Management SPRINTLINK (NET-204-97-253-32-1:204.97.253.32-204.97.253.39
American List Counsel, Inc AMLIST (NET-204-130-201-0-1:204.130.201.0-204.130.201.255
Microstrategy, Inc. MICROSTRATUU2 (NET-205-150-168-160-1:205.150.168.160-205.150.168.175
AD Technologies Inc. ADTECH (NET-205-151-188-0-1:205.151.188.0-205.151.188.255
bargain buddy:205.158.62.116-205.158.62.116
Winamp[ATBP]:205.188.246.218-205.188.246.218
PassThisOn[ATBP]:205.236.189.50-205.236.189.50
Freescratchandwin.com[ATBP]:205.252.89.14-205.252.89.14
Experian Information Solutions:206.18.229.0-206.18.229.63
Velocity Networks, Inc. VELN-3BLK (NET-206-126-128-0-1:206.126.128.0-206.126.159.255
Microstrategy, Inc. STRATEGY-NET2 (NET-206-136-136-0-1:206.136.136.0-206.136.136.255
CWS.Loadbat/CWS.MSConfd/IE-Search[TROJAN]:206.161.127.66-206.161.127.66
C2 Media.com C2MC-CA (NET-206-172-40-0-1:206.172.40.0-206.172.40.31
Flashpoint Technology, Inc. FLASHPNT (NET-207-5-52-0-2:207.5.52.0-207.5.52.255
Friendgreetings.com worm[W32.Friendgreet.worm]:207.21.232.104-207.21.232.104
Microstrategy, Inc. MICROSTRATEGY-ANS (NET-207-27-1-0-1:207.27.1.0-207.27.1.255
TwistedHumor.com[ATBP]:207.44.180.96-207.44.180.96
QHosts-1[ATBP]:207.44.194.56-207.44.194.56
Searchsprint[ATBP]:207.44.196.98-207.44.196.98
pest related,pest related site:207.44.198.27-207.44.198.27
Gator Technologies Inc GATOR-TECH (NET-207-59-223-192-1):207.59.223.192-207.59.223.199
related.msn.com[ATBP]:207.68.176.189-207.68.176.189
Expedioware[ATBP]:207.174.207.177-207.174.207.177
Velocity Networks, Inc. VELN (NET-207-182-224-0-1:207.182.224.0-207.182.255.255
Brilliant Digital Entertainment PBI-CUSTNET-3484 (NET-207-213-45-32-1:207.213.45.32-207.213.45.63
Global Internet Marketing Ltd. RADCOM-207-232-105-088-29 (NET-207-232-105-88-1:207.232.105.88-207.232.105.95
Conducent Technologies DIGINET184 (NET-207-233-200-0-1):207.233.200.0-207.233.200.255
VX2 STDIO-VX21 (NET-207-246-124-0-1:207.246.124.0-207.246.124.255
Netsonic INCNET-GB-CUST-NTS-0 (NET-207-250-25-0-1:207.250.25.0-207.250.25.255
Netsonic INCNET-NTSNC-GBY (NET-207-250-84-0-1:207.250.84.0-207.250.84.255
Netsonic INCNET-GB-CUST-NTS-2 (NET-207-250-96-0-1:207.250.96.0-207.250.96.255
Netsonic INCNET-NETSON-250-162 (NET-207-250-162-0-1:207.250.162.0-207.250.162.255
Netsonic INCNET-NETSON-250-184 (NET-207-250-184-0-1:207.250.184.0-207.250.184.255
Netsonic INCNET-NETSON-250-210 (NET-207-250-210-0-1:207.250.210.0-207.250.210.255
Netsonic INCNET-NETSON-250-212 (NET-207-250-212-0-1:207.250.212.0-207.250.212.255
C2 Media-Washington DC QWEST-208-45-66-64 (NET-208-45-66-64-1:208.45.66.64-208.45.66.127
Pugi/Masterbar[ATBP]:208.62.163.145-208.62.163.145
1110100011o1window.info/Bulla[ATBP]:208.186.78.81-208.186.78.81
CREATIVE LABS INC SBCIS80232 (NET-208-188-108-96-1:208.188.108.96-208.188.108.103
Spyglass, Inc. UU-208-205-234-D1 (NET-208-205-234-0-1:208.205.234.0-208.205.235.255
Microstrategy, Inc. UU-208-206-234 (NET-208-206-234-0-1:208.206.234.0-208.206.234.255
AD Transport Express UU-208-208-57-64 (NET-208-208-57-64-1:208.208.57.64-208.208.57.127
Focus Interactive, Inc. UU-208-208-221-D1 (NET-208-208-221-0-1:208.208.221.0-208.208.221.63
NetIQ UU-208-223-102 (NET-208-223-102-0-1:208.223.102.0-208.223.102.255
Shop at Home, Inc. UU-208-223-205-96 (NET-208-223-205-96-1:208.223.205.96-208.223.205.127
SPYGLASS UU-208-224-123-248-D (NET-208-224-123-248-1:208.224.123.248-208.224.123.255
Focus Interactive, Inc. UU-208-225-218-240 (NET-208-225-218-240-1:208.225.218.240-208.225.218.255
Microstrategy, Inc. UU-208-226-118 (NET-208-226-118-0-1:208.226.118.0-208.226.118.255
Transponder[SPYWARE]:208.229.231.83-208.229.231.83
Experian UU-208-231-162 (NET-208-231-162-0-1:208.231.162.0-208.231.162.255
Microstrategy, Inc. UU-208-238-98 (NET-208-238-98-0-1:208.238.98.0-208.238.98.255
Microstrategy, Inc. UU-208-244-116 (NET-208-244-116-0-1:208.244.116.0-208.244.117.255
VALUECLICK INC UU-208-255-181-16 (NET-208-255-181-16-1:208.255.181.16-208.255.181.23
Cydoor Technologies IP007022-209-10-17 (NET-209-10-17-128-1):209.10.17.128-209.10.17.255
Spyder Web Enterprises, LLC IP009856-209-10-165 (NET-209-10-165-0-1:209.10.165.0-209.10.165.31
Spyder Web Enterprises, LLC IP009854-209-10-165 (NET-209-10-165-32-1:209.10.165.32-209.10.165.47
Spyder Web Enterprises, LLC IP010184-209-10-165 (NET-209-10-165-72-1:209.10.165.72-209.10.165.79
EBates/TopMoxie[ATBP]:209.10.225.93-209.10.225.93
Cydoor Technologies IP009762-209-11-66 (NET-209-11-66-0-1):209.11.66.0-209.11.66.255
Cydoor Technologies IP009978-209-11-67 (NET-209-11-67-0-1):209.11.67.0-209.11.67.255
AD Technologies INTX-196-32-29 (NET-209-42-196-32-1:209.42.196.32-209.42.196.39
Autosearch[ATBP]:209.50.251.242-209.50.251.242
VirtualBouncer[ATBP]:209.51.152.62-209.51.152.62
Huntbar[ATBP]:209.61.228.23-209.61.228.23
Huntbar[ATBP]:209.61.228.36-209.61.228.36
APS Telecom[SPYWARE]:209.66.114.0-209.66.115.255
large range ad tracking dynamic logic etc:209.67.0.0-209.67.255.255
Cydoor Technologies IP010194-209-73-206 (NET-209-73-206-0-1):209.73.206.0-209.73.206.255
Cydoor Technologies Inc. CYDOOR-209-73-225 (NET-209-73-225-0-1):209.73.225.0-209.73.225.255
MediaPlex NXT-MEDIAPLEX (NET-209-81-59-208-1:209.81.59.208-209.81.59.215
ValueClick Corporation:209.85.132.64-209.85.132.95
ValueClick Corporation:209.85.157.0-209.85.157.255
Webhancer STIN-87-238-32-1A (NET-209-87-238-32-1):209.87.238.32-209.87.238.47
adware related:209.132.205.222-209.132.205.222
Hotbar.com MFN-M152-209-133-35-0-24 (NET-209-133-35-0-1):209.133.35.0-209.133.35.255
PowerStrip[ATBP]:209.139.209.232-209.139.209.232
Mojo Advertising IDCI-MOJOADV (NET-209-146-37-0-1:209.146.37.0-209.146.37.255
Netropa[ATBP]:209.164.21.84-209.164.21.84
BrilliantDigital[ATBP]:209.178.57.143-209.178.57.143
Aureate Development, Inc. INDYNET-AUREATE-1 (NET-209-183-99-0-1):209.183.99.0-209.183.99.255
Global Internet Management CERF-GIM-A (NET-209-186-2-0-1:209.186.2.0-209.186.3.255
ions pride:209.234.155.99-209.234.155.99
ZeroPopUp[ATBP]:209.249.147.70-209.249.147.70
Naviscope[ATBP]:212.100.224.102-212.100.224.102
CWS.Verisign[TROJAN]:213.159.117.233-213.159.117.233
ELECTRONIC GROUP INTERACTIVE:213.170.47.88-213.170.47.95
Comet Systems PNAP-NYM-COMET-RM-02 (NET-216-52-88-64-1):216.52.88.64-216.52.88.71
Side-Search[ATBP]:216.52.184.237-216.52.184.237
Creative Labs CREATIVE84 (NET-216-61-164-0-1:216.61.164.0-216.61.167.255
Friendgreetings.com worm[W32.Friendgreet.worm]:216.65.63.139-216.65.63.139
Global Internet Management SAVV-S225053-0 (NET-216-88-23-0-1:216.88.23.0-216.88.23.255
Flashpoint IOSNET-7-131-112-127 (NET-216-97-131-112-1:216.97.131.112-216.97.131.127
IPInsight[ATBP]:216.110.36.129-216.110.36.129
big block admt.com owner:216.117.128.0-216.117.191.255
C2 Media Productions Group:216.120.143.136-216.120.143.143
Search-Explorer[ATBP]:216.130.177.139-216.130.177.139
Phoenix Technologies, Ltd. ATTENS-008745-001996 (NET-216-148-212-216-1:216.148.212.216-216.148.212.223
Phoenix Technologies, Ltd. ATTENS-008745-001788 (NET-216-148-218-128-1:216.148.218.128-216.148.218.255
Naviscope[ATBP]:216.157.91.36-216.157.91.36
web3000:216.168.60.122-216.168.60.122
Global Internet Management INFLOW-20899-101594-13865 (NET-216-183-124-248-1:216.183.124.248-216.183.124.255
SearchWWW[ATBP]:216.194.70.15-216.194.70.15
Ad Tech FDN-559206-92-160 (NET-216-199-92-160-1:216.199.92.160-216.199.92.167
CWS.Alfa-search[TROJAN]:216.200.3.32-216.200.3.32
Netiquity RESO-216-204-11-192A (NET-216-204-11-192-1:216.204.11.192-216.204.11.255
WebHancer Corporation MAXLINK-WEBHANCER1 (NET-216-221-200-192-1):216.221.200.192-216.221.200.223
telecom sec group:216.231.96.0-216.231.127.255
Netsonic NETSONIC (NET-216-235-64-0-1:216.235.64.0-216.235.79.255
aadcom adware:216.237.0.0-216.237.63.255:216.237.10.184-216.237.10.184
ValueClick VALUE-216-246-25 (NET-216-246-25-0-1:216.246.25.0-216.246.25.255
ValueClick VALU-216-246-96 (NET-216-246-96-0-1:216.246.96.0-216.246.96.255
HOP AT HOME NETWORK, LLC ABS-NSVLTN-SAHN (NET-216-248-29-0-1:216.248.29.0-216.248.29.63
dig rooster:216.254.144.0-216.254.144.127
SearchV/Truerecords[ATBP]:217.106.229.248-217.106.229.248
ELECTRONIC GROUP INTERACTIVE:217.110.248.0-217.110.248.255
BrilliantDigital[ATBP]:217.116.227.250-217.116.227.250
Fastsearch[ATBP]:217.144.235.224-217.144.235.224
Tibssystems.com[ATBP]:217.145.64.150-217.145.64.150
Pugi[ATBP]:217.157.14.29-217.157.14.29
damn that should put a dent in the spyware infections if more people start using the list , heres a couple more added , and this thread should be stickied i think , so it doesnt get lost ..
also see these posts for more info :
http://www.bluetack.co.uk/forums/index.php?showtopic=2438
http://www.wilderssecurity.com/showthread.php?t=28658
===================================================
added:
Internext Media Inc.QWEST-JSV-INTNEXT1[ATBP]:63.146.114.32-63.146.114.47
Internext Media Inc.QWEST-JSV-INTERNEXT1[ATBP]:63.236.32.0-63.236.32.63
ATRIVOTECHNOLOGIES[CWStrojans-ATBP]:69.50.160.0-69.50.191.255
RU-LINKEY-20021010[spyware-trojans-ATBP]:213.159.96.0-213.159.127.255
Gamma Networking Inc GAMMAE-0001[spyware-ATBP]:216.127.33.0-216.127.33.255
Trojan[ATBP]:64.21.95.7-64.21.95.7
Spyware[ATBP]:69.20.62.53-69.20.62.53
theplanet.com-backdoor-trojan[ATBP]:69.56.176.78-69.56.176.78
www.zestyfind.com[ATBP]:69.20.20.164-69.20.20.164
Spyware[ATBP]:63.251.163.115-63.251.163.115
Paradize RU[CWS TROJANS-ATBP]:81.222.131.0-81.222.131.255
www.payfortraffic.net[ATBP]:69.30.192.53-69.30.192.53
APS Telecom-[CWS TROJANS-ATBP]:209.66.122.0-209.66.122.255
----------------------------------------------------------------------------------
covered by full range instead , ^
lookingfor.cc[CSW TROJAN-ATBP]:81.222.131.48-81.222.131.48
===================================================
CWS TROJANS :
209.66.114.0-209.66.115.255
81.211.105.0-81.211.105.25
81.211.105.*
main.tibssystems.com = 81.211.105.70
nkvd.us = 81.211.105.25
81.211.105.0 - 81.211.105.255
netname: SOVINTEL-ICSTM2
descr: ICS TM, JSC
descr: 70 Bolshoy pr. V.O.
descr: 199002 St.-Petersburg
country: RU
main.tibssystems.com = [ 81.211.105.70 ]
web1.nictechnetworks.com.
web1.nictechnetworks.com
Rackspace.com
Address: 112 E. Pecan St.
Address: Suite 600
City: San Antonio
StateProv: TX
69.20.0.0 - 69.20.127.255
CIDR: 69.20.0.0/17
NetName: RSPC-NET-4
NetHandle: NET-69-20-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
----------------------------------------
but wtf is this report: ????
-----------------------------------------------------------------------------------------
Spyware :
ZESTYFIND.COM
Website Title: Welcome to ZestyFind.com
Server Type: Apache/1.3.27 (Unix) (Red-Hat/Linux) FrontPage/5.0.2.2623 mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26
IP Address: 69.20.20.164
IP Location: United States - Rackspace.com
Name Server: NS2.RACKSPACE.COM NS.RACKSPACE.COM
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 23-jun-2003
Expires: 23-jun-2004
Status: ACTIVE
Registrant:
NicTech Networks, Inc.
11633 Wild Horse Trail
St paul, Minnesota 55124
United States
Registered through: GoDaddy.com
Domain Name: ZESTYFIND.COM
Created on: 23-Jun-03
Expires on: 23-Jun-04
Last Updated on: 18-Nov-03
Administrative Contact:
Patterson, Bill [AD]
NicTech Networks, Inc.
11633 Wild Horse Trail
St paul, Minnesota 55124
United States
9529976168 Fax --
Technical Contact:
Patterson, Bill [AD]
NicTech Networks, Inc.
11633 Wild Horse Trail
St paul, Minnesota 55124
United States
9529976168 Fax --
Domain servers in listed order:
NS.RACKSPACE.COM
NS2.RACKSPACE.COM
----------------------------------------------------------------------
spyware[ATBP]:63.251.163.115-63.251.163.115
www.0--games.net
www.0--search.net
www.0-0-0.net
313006 more domains found...
http://www.domainland.com/aboutus.html
63.251.163.96 - 63.251.163.127
CIDR: 63.251.163.96/27
NetName: PNAP-SEF-ENOM-RM-03
name-services.com = [ 63.251.163.115 ]
Registration Service Provided By:
Contact:
Visit:
Domain name: name-services.com
Registrant Contact:
Whois Privacy Protection Service Inc.
Whois Agent ktlvtjkr@whoisprivacyprotect.com
----------------------------------------------------------------------------------------
i think this needs to be checked for any good sites before its added :
VIRTUAL HOSTING GROUP SERVERS MAX-CUSTNET-1752H (NET-209-25-147-0-1)
209.25.147.0 - 209.25.147.255
CWS TROJAN Affiliate :
209.25.147.9
hxxp://www.e-finder.cc/search/
VIRTUAL HOSTING GROUP SERVERS
OrgID: VHGS
Address: 6757 Edgewater Commerce
City: Orlando
StateProv: FL
PostalCode: 32810
Country: US
NetRange: 209.25.147.0 - 209.25.147.255
CIDR: 209.25.147.0/24
NetName: MAX-CUSTNET-1752H
NetHandle: NET-209-25-147-0-1
Parent: NET-209-25-128-0-1
NetType: Reassigned
NameServer: NS1.HOSTCENTRIC.NET
NameServer: NS2.HOSTCENTRIC.NET
---------------------------------------------------------------------------------------
also see these posts for more info :
http://www.bluetack.co.uk/forums/index.php?showtopic=2438
http://www.wilderssecurity.com/showthread.php?t=28658
===================================================
added:
Internext Media Inc.QWEST-JSV-INTNEXT1[ATBP]:63.146.114.32-63.146.114.47
Internext Media Inc.QWEST-JSV-INTERNEXT1[ATBP]:63.236.32.0-63.236.32.63
ATRIVOTECHNOLOGIES[CWStrojans-ATBP]:69.50.160.0-69.50.191.255
RU-LINKEY-20021010[spyware-trojans-ATBP]:213.159.96.0-213.159.127.255
Gamma Networking Inc GAMMAE-0001[spyware-ATBP]:216.127.33.0-216.127.33.255
Trojan[ATBP]:64.21.95.7-64.21.95.7
Spyware[ATBP]:69.20.62.53-69.20.62.53
theplanet.com-backdoor-trojan[ATBP]:69.56.176.78-69.56.176.78
www.zestyfind.com[ATBP]:69.20.20.164-69.20.20.164
Spyware[ATBP]:63.251.163.115-63.251.163.115
Paradize RU[CWS TROJANS-ATBP]:81.222.131.0-81.222.131.255
www.payfortraffic.net[ATBP]:69.30.192.53-69.30.192.53
APS Telecom-[CWS TROJANS-ATBP]:209.66.122.0-209.66.122.255
----------------------------------------------------------------------------------
covered by full range instead , ^
lookingfor.cc[CSW TROJAN-ATBP]:81.222.131.48-81.222.131.48
===================================================
CWS TROJANS :
209.66.114.0-209.66.115.255
81.211.105.0-81.211.105.25
81.211.105.*
main.tibssystems.com = 81.211.105.70
nkvd.us = 81.211.105.25
81.211.105.0 - 81.211.105.255
netname: SOVINTEL-ICSTM2
descr: ICS TM, JSC
descr: 70 Bolshoy pr. V.O.
descr: 199002 St.-Petersburg
country: RU
main.tibssystems.com = [ 81.211.105.70 ]
web1.nictechnetworks.com.
web1.nictechnetworks.com
Rackspace.com
Address: 112 E. Pecan St.
Address: Suite 600
City: San Antonio
StateProv: TX
69.20.0.0 - 69.20.127.255
CIDR: 69.20.0.0/17
NetName: RSPC-NET-4
NetHandle: NET-69-20-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
----------------------------------------
but wtf is this report: ????
QUOTE
http://www.whois.sc/81.211.105.70
TIBSSYSTEMS.COM
Website Title: Index of /
Server Type:
Website Status: Active
Reverse IP: Web server hosts 3313 websites
IP Address: 127.0.0.1
IP Location: -
Name Server: DNS1.NAME-SERVICES.COM DNS2.NAME-SERVICES.COM
ICANN Registrar: ENOM, INC.
Created: 23-feb-2004
Expires: 23-feb-2005
Status: REGISTRAR-LOCK
TIBSSYSTEMS.COM
Website Title: Index of /
Server Type:
Website Status: Active
Reverse IP: Web server hosts 3313 websites
IP Address: 127.0.0.1
IP Location: -
Name Server: DNS1.NAME-SERVICES.COM DNS2.NAME-SERVICES.COM
ICANN Registrar: ENOM, INC.
Created: 23-feb-2004
Expires: 23-feb-2005
Status: REGISTRAR-LOCK
-----------------------------------------------------------------------------------------
Spyware :
ZESTYFIND.COM
Website Title: Welcome to ZestyFind.com
Server Type: Apache/1.3.27 (Unix) (Red-Hat/Linux) FrontPage/5.0.2.2623 mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26
IP Address: 69.20.20.164
IP Location: United States - Rackspace.com
Name Server: NS2.RACKSPACE.COM NS.RACKSPACE.COM
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 23-jun-2003
Expires: 23-jun-2004
Status: ACTIVE
Registrant:
NicTech Networks, Inc.
11633 Wild Horse Trail
St paul, Minnesota 55124
United States
Registered through: GoDaddy.com
Domain Name: ZESTYFIND.COM
Created on: 23-Jun-03
Expires on: 23-Jun-04
Last Updated on: 18-Nov-03
Administrative Contact:
Patterson, Bill [AD]
NicTech Networks, Inc.
11633 Wild Horse Trail
St paul, Minnesota 55124
United States
9529976168 Fax --
Technical Contact:
Patterson, Bill [AD]
NicTech Networks, Inc.
11633 Wild Horse Trail
St paul, Minnesota 55124
United States
9529976168 Fax --
Domain servers in listed order:
NS.RACKSPACE.COM
NS2.RACKSPACE.COM
----------------------------------------------------------------------
spyware[ATBP]:63.251.163.115-63.251.163.115
www.0--games.net
www.0--search.net
www.0-0-0.net
313006 more domains found...
http://www.domainland.com/aboutus.html
63.251.163.96 - 63.251.163.127
CIDR: 63.251.163.96/27
NetName: PNAP-SEF-ENOM-RM-03
name-services.com = [ 63.251.163.115 ]
Registration Service Provided By:
Contact:
Visit:
Domain name: name-services.com
Registrant Contact:
Whois Privacy Protection Service Inc.
Whois Agent ktlvtjkr@whoisprivacyprotect.com
----------------------------------------------------------------------------------------
i think this needs to be checked for any good sites before its added :
VIRTUAL HOSTING GROUP SERVERS MAX-CUSTNET-1752H (NET-209-25-147-0-1)
209.25.147.0 - 209.25.147.255
CWS TROJAN Affiliate :
209.25.147.9
hxxp://www.e-finder.cc/search/
VIRTUAL HOSTING GROUP SERVERS
OrgID: VHGS
Address: 6757 Edgewater Commerce
City: Orlando
StateProv: FL
PostalCode: 32810
Country: US
NetRange: 209.25.147.0 - 209.25.147.255
CIDR: 209.25.147.0/24
NetName: MAX-CUSTNET-1752H
NetHandle: NET-209-25-147-0-1
Parent: NET-209-25-128-0-1
NetType: Reassigned
NameServer: NS1.HOSTCENTRIC.NET
NameServer: NS2.HOSTCENTRIC.NET
---------------------------------------------------------------------------------------
nice. i'm gonna motivate to pick up where i left off
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.