Adserver:
ad.ir.ru
Full Version: Bad Websites
Added, Thanks 
Adserver:
ad1.emule-project.org
ad1.emule-project.org
QUOTE (Kimberly @ May 14 2005, 01:24 PM)
A few IP's like that and the HOSTS file will be far too big imo.
With my DNS Client/cache turned off in Windows, I havent hit or seen any "barrier" or limit to the HOSTS file. Though, "loading" the HOSTS file into the B.I.S.S. HOSTS Manager takes a while since it reports 225979 hostnames blocked
lol
Hi r00ted,
225979 hostnames,
never thought that the Hosts Manager could hold that many. I never tried such a hight count, good to know that the program can hold that many hostnames, I was kinda afraid to encounter a 134 000 limit somewhere. Thanks for letting me know 
Kim
225979 hostnames,
never thought that the Hosts Manager could hold that many. I never tried such a hight count, good to know that the program can hold that many hostnames, I was kinda afraid to encounter a 134 000 limit somewhere. Thanks for letting me know Kim
Yea, I havent found any issues 
The only "slow" part is loading up. In that time though I can throw in a load of laundry or what not 
Too bad UltraEdit isn't open-sourced
That editor is blazing fast. 
The only "slow" part is loading up. In that time though I can throw in a load of laundry or what not Too bad UltraEdit isn't open-sourced
That editor is blazing fast.
Thanks MaKaVeLi,
ad1.emule-project.org
www.ad1.emule-project.org
both added
Kim
ad1.emule-project.org
www.ad1.emule-project.org
both added
Kim
Adserver:
ads.khokolate.com
ads.khokolate.com
Thanks MaKaVeLi, added.
Kim
Kim
I was unexpectedly redirected to this ad page when visiting lyrics site tonsoflyrics.com:
s3.filehandler.biz
s3.filehandler.biz
Thanks Samurai V, added
Kim
Kim
Adservers:
web3.cigaraficionado.com
ads.iwangmedia.com
seattle.eham.net
Rogue spyware apps:
www.adwarepatrol.com
adwarepatrol.com
www.xspyware.net
xspyware.net
web3.cigaraficionado.com
ads.iwangmedia.com
seattle.eham.net
Rogue spyware apps:
www.adwarepatrol.com
adwarepatrol.com
www.xspyware.net
xspyware.net
Added, thanks MaKaVeLi.
Kim
Kim
Reported on isc.sans.org as a greeting card scam:
www.bluemountain.com
bluemountain.com
This one wasn't reported as a greeting card scam but I don't think it would hurt to block it:
games.bluemountain.com
This one should be blocked to as they host the images for bluemountain.com and if you go to their site it's just useless text:
www.imgag.com
imgag.com
This is another link from bluemountain.com I got from using the View Page Info in Mozilla Firefox. It just leads to a blank page. Don't think it would hurt to block it:
agbmcom.112.2o7.net
I got this one the same way as the above one but it leads me to a 403 Forbidden page:
ag.eprize.net
www.bluemountain.com
bluemountain.com
This one wasn't reported as a greeting card scam but I don't think it would hurt to block it:
games.bluemountain.com
This one should be blocked to as they host the images for bluemountain.com and if you go to their site it's just useless text:
www.imgag.com
imgag.com
This is another link from bluemountain.com I got from using the View Page Info in Mozilla Firefox. It just leads to a blank page. Don't think it would hurt to block it:
agbmcom.112.2o7.net
I got this one the same way as the above one but it leads me to a 403 Forbidden page:
ag.eprize.net
These sites either redirect you to already blocked sites or the search results lead to already blocked sites:
www.googl.com
googl.com
www.bgoogle.com
bgoogle.com
www.hgoogle.com
hgoogle.com
Looks like a Google scam site:
www.ggoogle.com
ggoogle.com
www.googl.com
googl.com
www.bgoogle.com
bgoogle.com
www.hgoogle.com
hgoogle.com
Looks like a Google scam site:
www.ggoogle.com
ggoogle.com
Thanks MaKaVeLi, added.
Kim
Kim
Rogue spyware apps:
www.prospywareremover.com
prospywareremover.com
www.noadware.com--e.com
noadware.com--e.com
www.wwwadawear.com
wwwadawear.com
www.free-spyware-scan.org
free-spyware-scan.org
www.spybotfinder.com
spybotfinder.com
www.the-spyware-zone.com
the-spyware-zone.com
www.digitalreservoir.com
digitalreservoir.com
www.free-spyware.net
free-spyware.net
www.spyware-control.com
spyware-control.com
www.computerspywarecheck.com
computerspywarecheck.com
www.compare-spyware.com
compare-spyware.com
www.spywareremoval.ws
spywareremoval.ws
www.ridadware.org
ridadware.org
www.elimiware.com
elimiware.com
www.nomorespyware.net
nomorespyware.net
www.123-spyware-remover.com
123-spyware-remover.com
www.spyware-adware-removal.net
spyware-adware-removal.net
www.spytoaster.com
spytoaster.com
www.spywareno.com
spywareno.com
www.3bsoftware.com
3bsoftware.com
www.softwaredoctor.com
softwaredoctor.com
Clickbank websites:
ridadware.noadware.hop.clickbank.net
goose1888.noadware.hop.clickbank.net
goose1888.errornuker.hop.clickbank.net
goose1888.microa2.hop.clickbank.net
goose1888.trekblue8.hop.clickbank.net
goose1888.bugdoctor.hop.clickbank.net
host4net.bugdoctor.hop.clickbank.net
ejseinc.trekblue8.hop.clickbank.net
ejseinc.noadware.hop.clickbank.net
ejseinc.xoftspy.hop.clickbank.net
ejseinc.microa2.hop.clickbank.net
ejseinc.spywarerem.hop.clickbank.net
ejseinc.microa.hop.clickbank.net
ejseinc.adalert.hop.clickbank.net
ejseinc.apatrol.hop.clickbank.net
ejseinc.sdestroy.hop.clickbank.net
ejseinc.arsenal99.hop.clickbank.net
ejseinc.spyferret.hop.clickbank.net
ejseinc.sremoval.hop.clickbank.net
ejseinc.aremover.hop.clickbank.net
ejseinc.axxel.hop.clickbank.net
ejseinc.spyhound.hop.clickbank.net
cb571.noadware.hop.clickbank.net
A link I found related to all the sites above:
abc.cb.kount.com
www.prospywareremover.com
prospywareremover.com
www.noadware.com--e.com
noadware.com--e.com
www.wwwadawear.com
wwwadawear.com
www.free-spyware-scan.org
free-spyware-scan.org
www.spybotfinder.com
spybotfinder.com
www.the-spyware-zone.com
the-spyware-zone.com
www.digitalreservoir.com
digitalreservoir.com
www.free-spyware.net
free-spyware.net
www.spyware-control.com
spyware-control.com
www.computerspywarecheck.com
computerspywarecheck.com
www.compare-spyware.com
compare-spyware.com
www.spywareremoval.ws
spywareremoval.ws
www.ridadware.org
ridadware.org
www.elimiware.com
elimiware.com
www.nomorespyware.net
nomorespyware.net
www.123-spyware-remover.com
123-spyware-remover.com
www.spyware-adware-removal.net
spyware-adware-removal.net
www.spytoaster.com
spytoaster.com
www.spywareno.com
spywareno.com
www.3bsoftware.com
3bsoftware.com
www.softwaredoctor.com
softwaredoctor.com
Clickbank websites:
ridadware.noadware.hop.clickbank.net
goose1888.noadware.hop.clickbank.net
goose1888.errornuker.hop.clickbank.net
goose1888.microa2.hop.clickbank.net
goose1888.trekblue8.hop.clickbank.net
goose1888.bugdoctor.hop.clickbank.net
host4net.bugdoctor.hop.clickbank.net
ejseinc.trekblue8.hop.clickbank.net
ejseinc.noadware.hop.clickbank.net
ejseinc.xoftspy.hop.clickbank.net
ejseinc.microa2.hop.clickbank.net
ejseinc.spywarerem.hop.clickbank.net
ejseinc.microa.hop.clickbank.net
ejseinc.adalert.hop.clickbank.net
ejseinc.apatrol.hop.clickbank.net
ejseinc.sdestroy.hop.clickbank.net
ejseinc.arsenal99.hop.clickbank.net
ejseinc.spyferret.hop.clickbank.net
ejseinc.sremoval.hop.clickbank.net
ejseinc.aremover.hop.clickbank.net
ejseinc.axxel.hop.clickbank.net
ejseinc.spyhound.hop.clickbank.net
cb571.noadware.hop.clickbank.net
A link I found related to all the sites above:
abc.cb.kount.com
Thanks MaKaVeLi, added
Kim
Kim
Adservers:
banners.sexsearch.com
images.mrskincash.com
banners.sexsearch.com
images.mrskincash.com
Added
Kim
Kim
http://www.benedelman.org/spyware/investors/
spectrumequity.com
www.spectrumequity.com
usvp.com
www.usvp.com
greylock.com
www.greylock.com
crosslinkcapital.com
www.crosslinkcapital.com
garage.com
www.garage.com
gbn.com
www.gbn.com
investorab.com
www.investorab.com
tcv.com
www.tcv.com
insightpartners.com
www.insightpartners.com
ticc.com
www.ticc.com
spectrumequity.com
www.spectrumequity.com
usvp.com
www.usvp.com
greylock.com
www.greylock.com
crosslinkcapital.com
www.crosslinkcapital.com
garage.com
www.garage.com
gbn.com
www.gbn.com
investorab.com
www.investorab.com
tcv.com
www.tcv.com
insightpartners.com
www.insightpartners.com
ticc.com
www.ticc.com
Explicit Material---
User be warned-------
dizgi.vps.gen.tr
mevzu.com
shady sites using mpeg.exe extention...i didn't personally DL the file(s), but im guessing they are viruses......trying to fool novice users.
User be warned-------
dizgi.vps.gen.tr
mevzu.com
shady sites using mpeg.exe extention...i didn't personally DL the file(s), but im guessing they are viruses......trying to fool novice users.
Thanks r00ted, added
Kim
Kim
Also any CP or nasty sites might want to be reported to www.iwf.org.uk
combat18.org #British neo-Nazi organization
Here is a list you might like to look at as well.
http://xthost.info/lemonhead/blacklist.txt
combat18.org #British neo-Nazi organization
Here is a list you might like to look at as well
.http://xthost.info/lemonhead/blacklist.txt
Thanks waterboy990,
I'll have a look at them. If you want to use http://xthost.info/lemonhead/blacklist.txt in a hosts file, be aware as it contains a lot of incorrect formats like:
I'll have a look at them. If you want to use http://xthost.info/lemonhead/blacklist.txt in a hosts file, be aware as it contains a lot of incorrect formats like:
| QUOTE |
| .gb.com 216.130.167.230 batukaru\.[a-z]{2,} de\.sr |
etc....
Kim
Rogue spyware apps:
www.endadware.com
endadware.com
www.free-spyware-shield.com
free-spyware-shield.com
www.xoftspyremover.com
xoftspyremover.com
www.spyzooka.com
spyzooka.com
www.remove-spyware.shop-for.us
remove-spyware.shop-for.us
www.xoftspy.co.uk
xoftspy.co.uk
www2.palsol.com
Clickbank websites:
john24.microa2.hop.clickbank.net
www.cbmall.com
cbmall.com
www.cbmallclickbankmarketplace.com
cbmallclickbankmarketplace.com
www.cbmall.co.uk
cbmall.co.uk
These sites either redirect you to already blocked sites or the search results lead to already blocked sites:
www.googgle.com
googgle.com
www.googole.com
googole.com
www.goglee.com
goglee.com
www.gggoogle.com
gggoogle.com
I got a spyware/tracking cookie from them even though they say they're closed:
www.revenuepartners.com
revenuepartners.com
www.endadware.com
endadware.com
www.free-spyware-shield.com
free-spyware-shield.com
www.xoftspyremover.com
xoftspyremover.com
www.spyzooka.com
spyzooka.com
www.remove-spyware.shop-for.us
remove-spyware.shop-for.us
www.xoftspy.co.uk
xoftspy.co.uk
www2.palsol.com
Clickbank websites:
john24.microa2.hop.clickbank.net
www.cbmall.com
cbmall.com
www.cbmallclickbankmarketplace.com
cbmallclickbankmarketplace.com
www.cbmall.co.uk
cbmall.co.uk
These sites either redirect you to already blocked sites or the search results lead to already blocked sites:
www.googgle.com
googgle.com
www.googole.com
googole.com
www.goglee.com
goglee.com
www.gggoogle.com
gggoogle.com
I got a spyware/tracking cookie from them even though they say they're closed:
www.revenuepartners.com
revenuepartners.com
Thanks MaKaVeLi, added
Kim
Kim
Banner ad and tracking cookie:
www.affiliatecash.de
www.affiliatecash.de
Thanks Samurai V, added
Kim
Kim
This site appears only to serve ads for about.com:
z.about.com
z.about.com
Thanks Samurai V, added.
Kim
Kim
Rogue spyware apps:
www.no-adware.info
no-adware.info
www.spywarecleanerdownload2.com
spywarecleanerdownload2.com
www.spyware-blaster-software.com
spyware-blaster-software.com
www.nukerdownloads.com
nukerdownloads.com
www.spy-bot.biz
spy-bot.biz
www.spyware-killer.com
spyware-killer.com
www.spyware.pcwash.com
spyware.pcwash.com
Links point to already blocked sites:
www.pandasoftware.pillowpc.com
pandasoftware.pillowpc.com
www.270k.com
270k.com
www.top5offers.com
top5offers.com
www.dbxml.org
dbxml.org
www.no-adware.info
no-adware.info
www.spywarecleanerdownload2.com
spywarecleanerdownload2.com
www.spyware-blaster-software.com
spyware-blaster-software.com
www.nukerdownloads.com
nukerdownloads.com
www.spy-bot.biz
spy-bot.biz
www.spyware-killer.com
spyware-killer.com
www.spyware.pcwash.com
spyware.pcwash.com
Links point to already blocked sites:
www.pandasoftware.pillowpc.com
pandasoftware.pillowpc.com
www.270k.com
270k.com
www.top5offers.com
top5offers.com
www.dbxml.org
dbxml.org
Thanks MaKaVeLi, added.
Kim
Kim
127.0.0.1 amateur.qn.com
looks to be some sort of search site.
looks to be some sort of search site.
asdasd.qn.com is apparently the same site (same IP)
cluster1.hitfarm.com - same IP
Link to static.hitfarm.com in source code - all over the place
64.40.102.44
Reverse IP: Web server hosts 841334 websites
Reverse DNS: cluster1.hitfarm.com
Thx r00ted
Kim
cluster1.hitfarm.com - same IP
Link to static.hitfarm.com in source code - all over the place
64.40.102.44
Reverse IP: Web server hosts 841334 websites
Reverse DNS: cluster1.hitfarm.com
Thx r00ted
Kim
Banner ads:
assets.bravenet.com
assets.bravenet.com
Thanks Samurai V, added.
Kim
Kim
fasterxp.com
fasterhomepage.com
Both of the above are affiliated with Aurora spyware according to the most recent entry at vitalsecurity.org
fasterhomepage.com
Both of the above are affiliated with Aurora spyware according to the most recent entry at vitalsecurity.org
Thanks Samurai V, added.
Kim
Kim
some random sites to look into:
127.0.0.1 images.de.vu
127.0.0.1 log3.stats24.net
127.0.0.1 cydots.com
127.0.0.1 www.cydots.com
127.0.0.1 www.nostop.cn.ms # _looks_ good, but too good to be true, the downloads are exes (probably viruses)
127.0.0.1 sexyteens.such.info
127.0.0.1 www.keywordexchange.com # - ads at domain-for-sale page
127.0.0.1 stats24.net
127.0.0.1 impch.tradedoubler.com
127.0.0.1 clk.tradedoubler.com
127.0.0.1 www.ilove.ch
127.0.0.1 hstde.tradedoubler.com
127.0.0.1 www.AccessProtect.com
127.0.0.1 www.actionbook.de
127.0.0.1 www.aliasdomains.com
127.0.0.1 www.Alpennic.com
127.0.0.1 www.nic.at.vu
127.0.0.1 www.chatbook.de
127.0.0.1 www.nic.ch.vu
127.0.0.1 www.cydots.com
127.0.0.1 www.nic.de.vu
127.0.0.1 www.duonic.com
127.0.0.1 www.eguestbook.de
127.0.0.1 www.ePreisvergleich.com
127.0.0.1 www.europnic.com
127.0.0.1 www.ezbook.de
127.0.0.1 www.firevista.com
127.0.0.1 www.freenic.at
127.0.0.1 www.HomeNIC.com
127.0.0.1 www.iboox.com
127.0.0.1 www.joynic.com
127.0.0.1 www.lavanic.com
127.0.0.1 www.mediadots.com
127.0.0.1 www.minibook.de
127.0.0.1 www.multiguestbook.com
127.0.0.1 www.MyShoutbox.com
127.0.0.1 www.netguestbook.com
127.0.0.1 www.nic.de.be
127.0.0.1 www.onlineguestbook.de
127.0.0.1 www.openyoo.com
127.0.0.1 preisvergleich.openyoo.com
127.0.0.1 auktionen.openyoo.com
127.0.0.1 verzeichnis.openyoo.com
127.0.0.1 www.popnic.com
127.0.0.1 www.popunder.de
127.0.0.1 www.Safeurl.de
127.0.0.1 www.shoutbox.at
127.0.0.1 www.shoutbox.de
127.0.0.1 www.shoutbox.us
127.0.0.1 www.shoutboxes.com
127.0.0.1 www.smartdots.com
127.0.0.1 www.statistiq.com
127.0.0.1 www.swissnic.com
127.0.0.1 www.tipdots.com
127.0.0.1 www.kurzurl.de
127.0.0.1 www.unonic.com
127.0.0.1 www.VornamenArchiv.de
127.0.0.1 www.safeurl.de
127.0.0.1 www.dereferrer.com
127.0.0.1 clk.tradedoubler.com
127.0.0.1 hstde.tradedoubler.com
127.0.0.1 impch.tradedoubler.com
127.0.0.1 www.toolbar.de
127.0.0.1 www.nic.ch.vu
127.0.0.1 www.teens.com.au.ms # links to fake "movies"/mpeg/mpg that are actually exe (probably virus/trojans
127.0.0.1 www.everytimes.ch.vu
hxxp://66.98.154.168/movie/index.php
hxxp://80.190.246.106/de - could probably be added to the ads-trackers list, it's used in 1 of these webpage pop ups, and no hostname to block
hxxp://209.152.167.106/movie3/download.php?file=21 - is actually an exe, again, would need to be added to the ads-trackers-bad-porn since the link isn't using a host/dns name
hxxp://www.everytimes.ch.vu/sky_ch.html - going here only gives a pop up
with comments (ofc they are ignored).
All of these sites were closely related. Like, I went to one site, got a pop up that linked to another, and such.
127.0.0.1 images.de.vu
127.0.0.1 log3.stats24.net
127.0.0.1 cydots.com
127.0.0.1 www.cydots.com
127.0.0.1 www.nostop.cn.ms # _looks_ good, but too good to be true, the downloads are exes (probably viruses)
127.0.0.1 sexyteens.such.info
127.0.0.1 www.keywordexchange.com # - ads at domain-for-sale page
127.0.0.1 stats24.net
127.0.0.1 impch.tradedoubler.com
127.0.0.1 clk.tradedoubler.com
127.0.0.1 www.ilove.ch
127.0.0.1 hstde.tradedoubler.com
127.0.0.1 www.AccessProtect.com
127.0.0.1 www.actionbook.de
127.0.0.1 www.aliasdomains.com
127.0.0.1 www.Alpennic.com
127.0.0.1 www.nic.at.vu
127.0.0.1 www.chatbook.de
127.0.0.1 www.nic.ch.vu
127.0.0.1 www.cydots.com
127.0.0.1 www.nic.de.vu
127.0.0.1 www.duonic.com
127.0.0.1 www.eguestbook.de
127.0.0.1 www.ePreisvergleich.com
127.0.0.1 www.europnic.com
127.0.0.1 www.ezbook.de
127.0.0.1 www.firevista.com
127.0.0.1 www.freenic.at
127.0.0.1 www.HomeNIC.com
127.0.0.1 www.iboox.com
127.0.0.1 www.joynic.com
127.0.0.1 www.lavanic.com
127.0.0.1 www.mediadots.com
127.0.0.1 www.minibook.de
127.0.0.1 www.multiguestbook.com
127.0.0.1 www.MyShoutbox.com
127.0.0.1 www.netguestbook.com
127.0.0.1 www.nic.de.be
127.0.0.1 www.onlineguestbook.de
127.0.0.1 www.openyoo.com
127.0.0.1 preisvergleich.openyoo.com
127.0.0.1 auktionen.openyoo.com
127.0.0.1 verzeichnis.openyoo.com
127.0.0.1 www.popnic.com
127.0.0.1 www.popunder.de
127.0.0.1 www.Safeurl.de
127.0.0.1 www.shoutbox.at
127.0.0.1 www.shoutbox.de
127.0.0.1 www.shoutbox.us
127.0.0.1 www.shoutboxes.com
127.0.0.1 www.smartdots.com
127.0.0.1 www.statistiq.com
127.0.0.1 www.swissnic.com
127.0.0.1 www.tipdots.com
127.0.0.1 www.kurzurl.de
127.0.0.1 www.unonic.com
127.0.0.1 www.VornamenArchiv.de
127.0.0.1 www.safeurl.de
127.0.0.1 www.dereferrer.com
127.0.0.1 clk.tradedoubler.com
127.0.0.1 hstde.tradedoubler.com
127.0.0.1 impch.tradedoubler.com
127.0.0.1 www.toolbar.de
127.0.0.1 www.nic.ch.vu
127.0.0.1 www.teens.com.au.ms # links to fake "movies"/mpeg/mpg that are actually exe (probably virus/trojans
127.0.0.1 www.everytimes.ch.vu
hxxp://66.98.154.168/movie/index.php
hxxp://80.190.246.106/de - could probably be added to the ads-trackers list, it's used in 1 of these webpage pop ups, and no hostname to block
hxxp://209.152.167.106/movie3/download.php?file=21 - is actually an exe, again, would need to be added to the ads-trackers-bad-porn since the link isn't using a host/dns name
hxxp://www.everytimes.ch.vu/sky_ch.html - going here only gives a pop up
with comments (ofc they are ignored).
All of these sites were closely related. Like, I went to one site, got a pop up that linked to another, and such.
Thx r00ted.
I will look them up and sort them out.
Kim
I will look them up and sort them out.
Kim
Rogue spyware app:
www.rebrandsoftware.com
rebrandsoftware.com
Redirects you to already blocked sites:
www.adaware.ca
adaware.ca
www.spysweeper.ca
spysweeper.ca
www.hijackthis.ca
hijackthis.ca
www.spybot.ca
spybot.ca
Exploits the name hijackthis:
www.hijackthis.com
hijackthis.com
Banner ad:
links.raptalk.net
www.rebrandsoftware.com
rebrandsoftware.com
Redirects you to already blocked sites:
www.adaware.ca
adaware.ca
www.spysweeper.ca
spysweeper.ca
www.hijackthis.ca
hijackthis.ca
www.spybot.ca
spybot.ca
Exploits the name hijackthis:
www.hijackthis.com
hijackthis.com
Banner ad:
links.raptalk.net
Thanks MaKaVeLi, added
Kim
Kim
Redirects you to already blocked sites:
www.adewarepro6.com
adewarepro6.com
www.spycatcher.com
spycatcher.com
Rogue spyware apps:
filescan.searchtracks.com
www.fix-your-own-pc.com
fix-your-own-pc.com
www.adewarepro6.com
adewarepro6.com
www.spycatcher.com
spycatcher.com
Rogue spyware apps:
filescan.searchtracks.com
www.fix-your-own-pc.com
fix-your-own-pc.com
Thanks MaKaVeLi, added.
Kim
Kim
nat3.bitcomet.org
BitComet likes hitting this domain (as reported by Outpost).
Nslookup points to 222.89.109.212
Could probably be blocked. I was receiving no blocks in BitComet, 3 seconds after upload the torrent, I got these connections blocked....
reason to suspect BitComet calls home about torrent usage? hmmmm.
BitComet likes hitting this domain (as reported by Outpost).
Nslookup points to 222.89.109.212
QUOTE
Blacklist Status: Clear
Cached Whois: Cached today
Whois History: 6 records stored
Record Type: IP Address
IP Location: China - Chinanet Henan Province Network
Reverse IP: No websites hosted using this IP address
Reverse DNS: not set
--------------------------------------------------------------------------------
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 222.88.0.0 - 222.89.255.255
netname: CHINATELECOM-HA
descr: CHINANET henan province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: HZ149-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINATELECOM-HA
mnt-routes: MAINT-CHINATELECOM-HA
changed: 20040113
status: ALLOCATED PORTABLE
source: APNIC
person: Chinanet Hostmaster
address: No.31 ,jingrong street,beijing
address: 100032
country: CN
phone: +86-10-66027112
fax-no: +86-10-58501144
e-mail:
e-mail:
nic-hdl: CH93-AP
mnt-by: MAINT-CHINANET
changed: 20021016
remarks: hostmaster is not for spam complaint,please send spam complaint to
source: APNIC
person: Hongbiao Zhang
nic-hdl: HZ149-AP
e-mail:
address: 97# Zhongyuan Street, Zhengzhou,Chinese
phone: +86-371-5310007
fax-no: +86-371-5310044
country: CN
changed: 20030813
mnt-by: MAINT-CHINATELECOM-HA
source: APNIC
Cached Whois: Cached today
Whois History: 6 records stored
Record Type: IP Address
IP Location: China - Chinanet Henan Province Network
Reverse IP: No websites hosted using this IP address
Reverse DNS: not set
--------------------------------------------------------------------------------
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 222.88.0.0 - 222.89.255.255
netname: CHINATELECOM-HA
descr: CHINANET henan province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: HZ149-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINATELECOM-HA
mnt-routes: MAINT-CHINATELECOM-HA
changed: 20040113
status: ALLOCATED PORTABLE
source: APNIC
person: Chinanet Hostmaster
address: No.31 ,jingrong street,beijing
address: 100032
country: CN
phone: +86-10-66027112
fax-no: +86-10-58501144
e-mail:
e-mail:
nic-hdl: CH93-AP
mnt-by: MAINT-CHINANET
changed: 20021016
remarks: hostmaster is not for spam complaint,please send spam complaint to
source: APNIC
person: Hongbiao Zhang
nic-hdl: HZ149-AP
e-mail:
address: 97# Zhongyuan Street, Zhengzhou,Chinese
phone: +86-371-5310007
fax-no: +86-371-5310044
country: CN
changed: 20030813
mnt-by: MAINT-CHINATELECOM-HA
source: APNIC
Could probably be blocked. I was receiving no blocks in BitComet, 3 seconds after upload the torrent, I got these connections blocked....
reason to suspect BitComet calls home about torrent usage? hmmmm.
Thanks r00ted, I'll add it and I think it should block the connection.
Kim
Kim
sans.org reported the following site as a malware downloader:
abcnews-go.com
abcnews-go.com
Banner ads:
images.bfast.com
images.bfast.com
Thanks Samurai V.
abcnews-go.com is a newsite.
abcnews-go.com is a newsite.
| QUOTE |
| ABC News: Online news, breaking news, feature stories and more. Contains American and world news headlines, articles, chatrooms, message boards, news alerts, video and audio webcasts, shopping, and wireless news service. |
They probably got hacked. I'll put them in for a while until things are fixed, although the IP is blocked by protowall as 'searchproject.net[Trojan.Phel.A]' which could give them a much longer membership ...
Will add nugget-sales.com, since it is used by the trojan to update itself.
Kim
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.