HOT-SEARCHES.COM

Server Type: Apache
Website Status: Parked
Parked at: UltSearch
IP Address: 66.216.74.57
IP Location: United States - Rackspace.com

Name Server: NS1.ULTSEARCH.COM NS2.ULTSEARCH.COM
ICANN Registrar: MONIKER ONLINE SERVICES, INC.
Created: 09-may-2004
Expires: 09-may-2005
Status: REGISTRAR-LOCK


--------------------------------------------------------------------------------

Moniker.com Whois Server Version 2.0

Domain Name: HOT-SEARCHES.COM

Registrant:
Ultimate Search
GPO Box 7862
Central
Central
HK
0000

Administrative Contact:
Support, DNS (NIC-2415)
Ultimate Search
GPO Box 7862
Central
Central, HK
0000
Phone: 25379677

Billing Contact:
Support, DNS (NIC-2415)
Ultimate Search
GPO Box 7862
Central
Central, HK
0000
Phone: 25379677

Technical Contact:
Support, DNS (NIC-2415)
Ultimate Search
GPO Box 7862
Central
Central, HK
0000
Phone: 25379677

Domain servers in listed order:

NS1.ULTSEARCH.COM
NS2.ULTSEARCH.COM

Record created on 2004-05-09 00:00:00.0
Domain Expires on 2005-05-09 00:00:00.0

123MANIA.COM


123MANIA.COM:213.27.171.100-213.27.171.100

nombresdns.net:213.27.171.12-213.27.171.13


Website Status: Active
Reverse IP: Web server hosts 111 websites
IP Address: 213.27.171.100
IP Location: Spain - Colt

213.27.171.0 - 213.27.171.255
FUTURPAGO
Spain
COLT Madrid Service Delivery

ICANN Registrar: GANDI
Created: 10-apr-2003
Expires: 10-apr-2008
Status: ACTIVE

domain: 123MANIA.COM
owner-address: Matrix Technology Network SA
owner-address: Avda America 26 1D
owner-address: 28028
owner-address: Madrid
owner-address: Spain
admin-c: MTN3-GANDI
tech-c: JBD20-GANDI
bill-c: MTN3-GANDI
nserver: ns1.nombresdns.net 213.27.171.12
nserver: ns2.nombresdns.net 213.27.171.13
reg_created: 2003-04-10 04:41:21
expires: 2008-04-10 04:41:21
created: 2003-04-10 10:41:22
changed: 2003-11-18 19:16:05

person: Matrix Technology Network SA
nic-hdl: MTN3-GANDI
address: Matrix Technology Network SA
address: Avda America 26 1D
address: 28028
address: Madrid
address: Spain
phone: +34 913555908
e-mail:

person: Jose Barandiaran Diaz
nic-hdl: JBD20-GANDI
address: Desarrollos Huella Digital SL
address: avda america 24 1d
address: 28028
address: madrid
address: Spain
phone: +34.913561374
e-mail:
lastupdated: 2003-10-31 19:00:30

####################################

############################################3

NTSEARCH.COM

** NEW Nov 04 IP **

NTSEARCH.COM:67.15.52.40-67.15.52.40


Domain servers in listed order:
NS2.NTSEARCH.COM 64.246.33.205
NS1.NTSEARCH.COM 64.246.32.114


NTSEARCH.COM:64.246.32.114-64.246.32.114 - old ip

Website Title: NTsearch - New Technology search engine
Server Type: Apache/1.3.27 (Unix) (Red-Hat/Linux) PHP/4.3.3
Website Status: Active
Reverse IP: Web server hosts 30 websites
IP Address: 64.246.32.114
IP Location: United States - California - Bloomington - Everyones Internet Inc

Name Server: NS1.NTSEARCH.COM NS2.NTSEARCH.COM
ICANN Registrar: TUCOWS INC.
Created: 18-jul-2002
Expires: 18-jul-2004
Status: ACTIVE

Registrant:
ZAO Gator
p.o. box #84
St-Petersburg, Spb 193241
RU

Domain name: NTSEARCH.COM

Administrative Contact:
Gator, ZAO
p.o. box #84
St-Petersburg, Spb 193241
RU
+7-812-325-08-16
Technical Contact:
Gator, ZAO
p.o. box #84
St-Petersburg, Spb 193241
RU
+7-812-930-63-38 Fax: +7-812-930-63-38



Registrar of Record: TUCOWS, INC.
Record last updated on 09-May-2004.
Record expires on 18-Jul-2004.
Record created on 18-Jul-2002.

Domain servers in listed order:
NS2.NTSEARCH.COM 64.246.33.205
NS1.NTSEARCH.COM 64.246.32.114

#######################################################

67.15.0.0 - 67.15.175.255
Everyones Internet, Inc


NetRange: 64.246.0.0 - 64.246.63.255
CIDR: 64.246.0.0/18
NetName: EVRY-BLK-9
NetHandle: NET-64-246-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1.NET
NameServer: NS2.EV1.NET

EVRY
Address: 2600 Southwest Freeway
Address: Suite 500
City: Houston
StateProv: TX
PostalCode: 77098
Country: US

###############################################

Datasport.DS.AG.CH:195.141.101.101-195.141.101.101

I did not want to start another thread but block this biatch it has hijacked my browser at work and there are no more webpages located on this sever either.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DATASPORT.COM


Image updated 2004-05-25
Website Title: Herzlich Willkommen bei DATASPORT
Meta Description: DATASPORT, DATASPORT AG, Zeitmessung, Zeitnahme, Startnummern, Volkssport, Sportveranstaltung, Sportanlass
Meta Keywords: DATASPORT, DATASPORT AG, Zeitmessung, Zeitnahme, Startnummern, Startlisten, Startliste, Ranglisten, Rangliste, Ergebnisslisten, Ergebnisliste, Marathon, Triathlon, Duathlon, Langlauf, Volkslauf
Server Type: Microsoft-IIS/5.0
IP Address: 195.141.101.101 (ARIN & RIPE IP search)
IP Location: Switzerland - Geneve - Geneva - Datasport Ag
Cached Whois: 2000-11-07 (NSI is down right now)
Record Type: Domain Name
Monitor: Monitor or Backorder
Wildcard search: 'datasport' or 'data sport' in all domains.
Other TLDs: .com .net .org .info .biz .us
X X [4 available domains]

Name Server: NS1.DATASPORT.COM NS1.SUNRISE.CH
ICANN Registrar: NETWORK SOLUTIONS, INC.
Created: 1996-11-29
Expires: 2009-11-30
Status:


--------------------------------------------------------------------------------
Registrant:
Datasport DS AG
Industriestrasse 65
Zollikofen, 3052
CH

Domain Name: DATASPORT.COM

Administrative Contact:
Galasso, Bruno
Datasport DS AG
Industriestrasse 65
Zollikofen, CH-3052
CH
+41 31 911 5511 (FAX) +41 31 914 0014
Technical Contact:
Thoma, Stefan
sunrise (TDC Switzerland AG)
Hofwisenstrasse 50
Ruemlang
8153
CH
41 1 555 6647 41 1 555 6609

Record last updated on 07-Nov-2000
Record expires on 30-Nov-2009
Record created on 29-Nov-1996

Domain servers in listed order:

NS1.DATASPORT.COM 195.141.77.162
NS1.SUNRISE.CH 193.192.227.3

##############################################

abroadsoftware.com:209.120.205.206-209.120.205.206
ns1.superwebsearch.com:207.44.188.63-207.44.188.63
NS2.SUPERWEBSEARCH.COM:207.44.189.103-207.44.189.103
ns1.accesshosting.com:209.120.205.206-209.120.205.206
ns2.accesshosting.com:209.120.205.207-209.120.205.207
NS1.AMERICANWEBHOST.NET:66.17.131.9-66.17.131.9
NS2.AMERICANWEBHOST.NET:66.17.131.10-66.17.131.10
Colo4Dallas LP:209.120.205.0-209.120.205.255

www.superwebsearch.com

http://www.whois.sc/superwebsearch.com


SUPERWEBSEARCH.COM

Website Title: SuperWebSearch.com :: For Super Web Results
Server Type: Apache
Website Status: Active
Reverse IP: Web server hosts 4 websites
IP Address: 207.44.188.63
IP Location: United States - California - San Francisco - Everyones Internet Inc

Name Server: NS1.SUPERWEBSEARCH.COM
ICANN Registrar: ENOM, INC.
Created: 2002-12-03
Expires: 2004-12-03
Status: REGISTRAR-LOCK

Registration Service Provided By: INTERNET DOMREG SRL
Contact:
Visit: hxxp://www.domreg.ro/]hxxp://www.domreg.ro/

Domain name: superwebsearch.com

Registrant Contact:
Abroad Software SRL
Marius Iatan ()
+40.213039650
Fax: none
Str. Pajurei 16
Bucuresti, 7000
RO

Administrative Contact:
Abroad Software SRL
Marius Iatan ()
+40.213039650
Fax: none
Str. Pajurei 16
Bucuresti, 7000
RO

Technical Contact:
Abroad Software SRL
Marius Iatan ()
+40.213039650
Fax: none
Str. Pajurei 16
Bucuresti, 7000
RO

Billing Contact:
Abroad Software SRL
Marius Iatan ()
+40.213039650
Fax: none
Str. Pajurei 16
Bucuresti, 7000
RO

Status: Locked

Name Servers:
NS1.superwebsearch.com
NS2.superwebsearch.com

Creation date: 03 Dec 2002 16:39:03
Expiration date: 03 Dec 2004 16:39:03[/QUOTE]


i-lookup.com, iclicks.net, globalwebsearch.com, click2findnow.com, searchbus.com, superwebsearch.com, traffichog.com, globaltoolbar.com, affiliateinc.com, crazyprotocol.com, abroadsoftware.com


ILookup http://www.doxdesk.com/parasite/ILookup.html
http://www.mvps.org/inetexplorer/Darnit.htm#ineb
http://www.pestpatrol.com/PestInfo/i/i-lookup_windec32.asp
http://www.kephyr.com/spywarescanner/libra...kup/index.phtml
http://www.spywareguide.com/product_show.php?id=518



www.exits.ro = [ 207.44.188.63 ]
domain-name: exits.ro
description: Abroad Software SRL
description: Str. Pajurei nr. 16
description: Bloc A5 Sc. C ap. 51
description: Sector 1
description: Bucuresti
description: RO
description: Postal Code: 7000
description: Phone: 40-722-236659
description: Fax: 40-21-6674943
description: Email: marius@abroadsoftware.com
description: Registration/ID Number: J40/6246/2001
description: Fiscal Code: R14005423
admin-contact: MI40-ROTLD
technical-contact: MI40-ROTLD
zone-contact: MI40-ROTLD
billing-contact: MI40-ROTLD
nameserver: ns1.superwebsearch.com
nameserver: ns2.superwebsearch.com
info: Register your .ro domain names at http://www.rotld.ro/
notify: domain-admin@listserv.rnc.ro
object-maintained-by: ROTLD-MNT
mnt-lower: ROTLD-MNT
updated: domain-admin@listserv.rnc.ro 20020121
updated: flore@rnc.ro 20020121
updated: cmircea@rnc.ro 20021213
source: ROTLD
application-date: 20020115
domain-status: active
registration-date: 20020121
person: Marius Iatan
address: Abroad Software SRL
address: Str. Pajurei nr. 16
address: Bloc A5 Sc. C ap. 51
address: Sector 1
address: Bucuresti
address: RO
address: Postal Code: 7000
address: Registration/ID Number: J40/6246/2001
address: Fiscal Code: R14005423
phone: 40-722-236659
e-mail: marius@abroadsoftware.com
nic-hdl: MI40-ROTLD
info: object maintained by ro.rnc local registry
notify: domain-admin@listserv.rnc.ro
object-maintained-by: ROTLD-MNT
updated: domain-admin@listserv.rnc.ro 20010801
source: ROTLD

-------------------------
"Index.DAT File Viewer SOFTWARE LICENSE

By accepting this agreement, I certify the following:
2) I understand that by accepting these terms and conditions, this program will be installed on my computer and the browser search page will be changed in order to allow me access.
::
::
By clicking "I Agree" button you agree to the terms of the preceding agreement.
::
For general support please email support@superwebsearch.com. For comments or concerns about a website that is promoting this software please email support@superwebsearch.com with all pertinent information"".
-------------------------


Index.DAT File Viewer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Index.DAT
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_USERS\*\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Index.DAT File Viewer
HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Index.DAT File Viewer[/QUOTE]


ITBar Search page Hijacker :

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_USERS\*\Software\Microsoft\Internet Explorer\Toolbar\Explorer
HKEY_USERS\*\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_USERS\*\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_USERS\*\Software\Microsoft\Search Assistant\ACMru\5603


##########################################################################

Added all those ^ above to spyware / ad trackers list


#####################################################

full ip ranges :

MARTFINDER.COM-Paradize[HIJACKERS]:81.222.131.0-81.222.131.255
JSC "ELTEL" Network[HIJACKERS]:217.170.64.0-217.170.67.255
PEER1.NET/PEER1-OFFICEVLAN2-01[HIJACKERS]:64.69.87.224-64.69.87.255
Peer1 Internet Bandwidth/PEER1-SEAGVLAN-09[HIJACKERS]:66.199.187.160-66.199.187.191
ILXQ.NET/VALUEHOST.RU:62.118.251.202-62.118.251.202
Rich Media Solutions-CA[HIJACKERS]:209.25.213.0-209.25.213.63
ValueHost Moscow MTU/RU-VALUEHOST-MTU:[HIJACKERS]:62.118.251.0-62.118.251.255
Energis UK/E2-EWFD-WEB1-Watford Datacentre-GB[HIJACKER HOSTS]:62.25.96.0-62.25.111.255
WEB-STUDIO.NET-Hurricane Electric[HIJACKERS HOSTS]:65.19.128.0-65.19.191.255


single ips:

NS1.MARTFINDER.COM = [ 209.25.213.11
peer1.net:64.69.87.228-64.69.87.228
ELTEL.net:217.170.65.235-217.170.65.235
NS.ELTEL.NET:217.170.64.5-217.170.67.5
NS1.ELTEL.NET:217.170.67.5-217.170.67.5


#####################################################

MARTFINDER.COM

Image updated 2004-03-19
Website Title: Internet Explorer Search
Server Type: Apache/1.3.27 (Unix) PHP/4.3.4
IP Address: 81.222.131.40
IP Location: Russian Federation - Jsc Paradize
Whois History: 12 records stored

Name Server: NS1.MARTFINDER.COM NS2.MARTFINDER.COM
ICANN Registrar: DIRECT INFORMATION PVT. LTD., DBA DIRECTI.COM
Created: 20-jun-2000
Expires: 20-jun-2005
Status: ACTIVE

Registration Service Provided By: WEB-STUDIO.NET
Contact:
Website: http://web-studio.net

Domain Name: MARTFINDER.COM

Registrant:
Feel Media
Dow ()
St. Laurendes #8815
Quilborn
QC,V6G H7M
CA
Tel. +91.226370256

Creation Date: 20-Jun-2000
Expiration Date: 20-Jun-2005

Domain servers in listed order:
ns1.martfinder.com
ns2.martfinder.com


Administrative Contact:
Feel Media
Dow ()
St. Laurendes #8815
Quilborn
QC,V6G H7M
CA
Tel. +91.226370256

Technical Contact:
Feel Media
Dow ()
St. Laurendes #8815
Quilborn
QC,V6G H7M
CA
Tel. +91.226370256

Billing Contact:
Feel Media
Dow ()
St. Laurendes #8815
Quilborn
QC,V6G H7M
CA
Tel. +91.226370256

Status:ACTIVE

inetnum: 81.222.131.0 - 81.222.131.255
netname: Paradize
descr: JSC " Paradize"
country: RU
admin-c: EL428-RIPE
tech-c: EL428-RIPE
status: ASSIGNED PA
notify: noc@eltel.net
mnt-by: ELTEL-RIPE-MNT
changed: registry@eltel.net 20040210
source: RIPE

route: 81.222.128.0/20
descr: ELTEL.net
origin: AS20597
mnt-by: ELTEL-RIPE-MNT
changed: registry@eltel.net 20021204
source: RIPE

person: Eugeny Ladvez
address: 3 Liteiny,
address: Saint-Petersburg, Russia
phone: +7 812 438 1000
fax-no: +7 812 438 3000
e-mail: eladvez@assist.ru
nic-hdl: EL428-RIPE
changed: alexaz@bcltele.com 20021223
source: RIPE

NS1.MARTFINDER.COM = [ 209.25.213.11 ] Registration Service Provided By: WEB-STUDIO.NET
Contact: support@web-studio.net
Website: http://web-studio.net
Domain Name: MARTFINDER.COM
Registrant:
Feel Media
Dow webmaster@pimpout.com
St. Laurendes 8815
Quilborn
QC V6G H7M
CA
Tel. 91.226370256
Creation Date: 20-Jun-2000
Expiration Date: 20-Jun-2005
Domain servers in listed order:
ns1.martfinder.com
ns2.martfinder.com
Administrative Contact:
Feel Media
Dow webmaster@pimpout.com
St. Laurendes 8815
Quilborn
QC V6G H7M
CA
Tel. 91.226370256
Technical Contact:
Feel Media
Dow webmaster@pimpout.com
St. Laurendes 8815
Quilborn
QC V6G H7M
CA
Tel. 91.226370256
Billing Contact:
Feel Media
Dow webmaster@pimpout.com
St. Laurendes 8815
Quilborn
QC V6G H7M
CA
Tel. 91.226370256
Status: ACTIVE

###########################################


ELTEL.net = [ 217.170.65.235 ]

JSC "ELTEL" Network[HIJACKERS]:217.170.64.0-217.170.67.255

netname: ELTEL
descr: JSC "ELTEL" Network
country: RU

Registrant:
ELTEL ELTEL4-DOM
10N 65-67 Chaykovskogo str.
Saint-Petersburg LED 191123
RU
Domain Name: ELTEL.NET
Administrative Contact Technical Contact:
ELTEL sam@ELTEL.NET
10N 65-67 Chaykovskogo str.
Saint-Petersburg LED 191123
RU
7 812 4381100
Record expires on 26-Jan-2005.
Record created on 26-Jan-2000.
Database last updated on 15-Jun-2004 09: 31: 03 EDT.
Domain servers in listed order:
NS.ELTEL.NET 217.170.64.5
NS1.ELTEL.NET 217.170.67.5


################################################

pimpout.com = [ 66.199.187.174 ]

Peer1 Internet Bandwidth
Address: 1800-2001 6th AV
City: Seattle
StateProv: WA
PostalCode: 98121
Country: US
RegDate: 2003-12-05
Updated: 2003-12-05

NetRange: 66.199.187.160 - 66.199.187.191
CIDR: 66.199.187.160/27
NetName: PEER1-SEAGVLAN-09
NetHandle: NET-66-199-187-160-1
Parent: NET-66-199-128-0-1
NetType: Reassigned

###############################################

web-studio.net = [ 65.19.167.250 ] Registration Service Provided By: WEB-STUDIO.NET

Hurricane Electric
Address: 760 Mission Court
City: Fremont
StateProv: CA
65.19.128.0 - 65.19.191.255
CIDR: 65.19.128.0/18
NetName: HURRICANE-4

Contact: support@web-studio.net
Website: http://web-studio.net
Domain Name: WEB-STUDIO.NET
Registrant:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Creation Date: 23-Jan-2002
Expiration Date: 23-Jan-2006
Domain servers in listed order:
ns1.hostonfly.net
ns2.hostonfly.net
Administrative Contact:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Technical Contact:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Billing Contact:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Status: ACTIVE

########################################################


ilxq.net = [ 62.118.251.89 ] Registration Service Provided By: WEB-STUDIO.NET

ILXQ.NET/VALUEHOST.RU:62.118.251.202-62.118.251.202

Contact: support@web-studio.net
Website: http://web-studio.net
Domain Name: ILXQ.NET
Registrant:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Creation Date: 12-Dec-1999
Expiration Date: 12-Dec-2009
Domain servers in listed order:
ns1.valuehost.ru
ns2.valuehost.ru
Administrative Contact:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Technical Contact:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU
Tel. 792.72700555
Billing Contact:
Web-Studio.Net
Lynx Johnston ilxq@ilxq.net
pobox 3061
Ulyanovsk
null 432030
RU

##################################################

Rich Media Solutions
Address: 645-1755 Robson St.
City: Vancouver
StateProv: BC
PostalCode: V6G3B7
Country: CA
RegDate: 2001-12-20
Updated: 2001-12-20

NetRange: 209.25.213.0 - 209.25.213.63
CIDR: 209.25.213.0/26
NetName: MAX-CUSTNET-1473H


###################################################


valuehost.ru = [ 62.118.251.202 ]
domain: VALUEHOST.RU
type: CORPORATE
descr: Valuehost Russia Web Hosting N1 in Eastern Europe
descr: Please send all abuse reports to abuse@valuehost.ru
admin-o: VALUEHOST-ORG-RIPN
nserver: ns1.valuehost.ru 62.118.251.15
nserver: ns2.valuehost.ru 62.25.99.3
created: 2000.09.11
state: Delegated till 2004.09.12
changed: 2003.03.20
mnt-by: VALUEHOST-MNT-RIPN
source: RIPN
org: JSC Web Hosting
nic-hdl: VALUEHOST-ORG-RIPN
admin-c: SILVIA-RIPN
bill-c: SILVIA-RIPN
phone: 7 812 3208785
phone: 7 095 7370973
fax-no: 7 812 3208785
fax-no: 7 095 7370973
e-mail: noc@valuehost.ru
changed: 2004.01.29
mnt-by: VALUEHOST-MNT-RIPN
source: RIPN
person: SILVIA NOVAK
nic-hdl: SILVIA-RIPN
phone: 7 812 3208785
phone: 7 095 7370973
fax-no: 7 812 3208785
fax-no: 7 095 7370973
e-mail: noc@valuehost.ru
changed: 2002.09.06
mnt-by: VALUEHOST-MNT-RIPN
source: RIPN
Last updated on 2004.06.15 17: 35: 29 MSK/MSD

##############################################################

##########################################################

www.smart-security.info = [ 213.159.117.52 ]

Domain ID: D5928130-LRMS
Domain Name: SMART-SECURITY.INFO
Created On: 18-May-2004 10: 24: 19 UTC
Last Updated On: 15-Jun-2004 17: 50: 11 UTC
Expiration Date: 18-May-2006 10: 24: 19 UTC
Sponsoring Registrar: R159-LRMS
Status: ACTIVE
Status: OK
Registrant ID: C4844095-LRMS
Registrant Name: Aleksandr Romantsev
Registrant Organization: Smart Security GM
Registrant Street1: Lindaal 33
Registrant City: Overijse
Registrant Postal Code: 3090
Registrant Country: BE
Registrant Phone: 1.3022617417
Registrant FAX: 1.3022617417
Registrant Email: info@smart-security.info
Admin ID: C4844095-LRMS
Admin Name: Aleksandr Romantsev
Admin Organization: Smart Security GM
Admin Street1: Lindaal 33
Admin City: Overijse
Admin Postal Code: 3090
Admin Country: BE
Admin Phone: 1.3022617417
Admin Email: info@smart-security.info
Billing ID: C4844095-LRMS
Billing Name: Aleksandr Romantsev
Billing Organization: Smart Security GM
Billing Street1: Lindaal 33
Billing City: Overijse
Billing Postal Code: 3090
Billing Country: BE
Billing Phone: 1.3022617417
Billing Email: info@smart-security.info
Tech ID: C4844095-LRMS
Tech Name: Aleksandr Romantsev
Tech Organization: Smart Security GM
Tech Street1: Lindaal 33
Tech City: Overijse
Tech Postal Code: 3090
Tech Country: BE
Tech Phone: 1.3022617417
Tech Email: info@smart-security.info
Name Server: NS1.SMART-SECURITY.INFO
Name Server: NS2.SMART-SECURITY.INFO


############################################################


inetnum: 213.159.96.0 - 213.159.127.255
org: ORG-LL4-RIPE
admin-c: LNA1-RIPE
tech-c: LNA1-RIPE
netname: RU-LINKEY-20021010
descr: PROVIDER
descr: Linkey Ltd
country: RU
status: ALLOCATED PA
notify: noc@linkey.ru
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: LINKEY-MNT
mnt-routes: LINKEY-MNT
changed: hostmaster@ripe.net 20021010
changed: hostmaster@ripe.net 20040203 # ru.linkey.dmitryk via https://lirportal.ripe.net
changed: hostmaster@ripe.net 20040602 # ru.linkey.dmitryk via https://lirportal.ripe.net
source: RIPE

route: 213.159.96.0/19
descr: LINKEY I.T.S.P
origin: AS13302
notify: noc@linkey.ru
mnt-by: LINKEY-MNT
source: RIPE
changed: djk@linkey.ru 20021031

organisation: ORG-LL4-RIPE
org-name: Linkey Ltd
org-type: LIR
address: Linkey ITSP
address: Malaja Morskaja str 11, apt 216
address: Saint-Petersburg ,191186
address: Russia
phone: +7 812 3157505
fax-no: +7 812 3157343
e-mail: noc@linkey.ru


#########################################################

your-searcher.com[CWSTrojan]:69.50.184.50-69.50.184.50
esthost.com[CWSTrojans]:69.50.179.217-69.50.179.217
ns1.esthost.com:69.50.179.210-69.50.179.210
NS2.ESTHOST.COM:69.50.179.211-69.50.179.211
pics-top.com:69.50.179.219-69.50.179.219
NS1.PICS-TOP.COM:69.50.179.221-69.50.179.221
NS2.PICS-TOP.COM:69.50.179.222-69.50.179.222
nns1.hbison.com:69.50.184.50-69.50.184.50
nns2.hbison.com:69.50.184.51-69.50.184.51
NS1.XHPRO.COM:69.50.179.18-69.50.179.18
NS2.XHPRO.COM:69.50.179.19-69.50.179.19

psychz.net:69.93.73.221-69.93.73.221

NS2.PSYCHZ.NET:64.5.44.113-64.5.44.113
NS3.PSYCHZ.NET:69.50.172.112-69.50.172.112
NS5.PSYCHZ.NET:69.31.66.2-69.31.66.2
NS6.PSYCHZ.NET:69.50.168.2-69.50.168.2
NS7.PSYCHZ.NET:69.50.168.3-69.50.168.3
NS14.PSYCHZ.NET:209.152.167.59-209.152.167.59
NS15.PSYCHZ.NET:69.31.78.2-69.31.78.2

theplanet.com:216.185.111.40-216.185.111.40
NS1.THEPLANET.COM:216.234.234.30-216.234.234.30
NS2.THEPLANET.COM:12.96.160.115-12.96.160.115

ThePlanet.com Internet Services, Inc.
Address: 1333 North Stemmons Freeway
Address: Suite 110
City:Dallas
StateProv: TX
69.93.0.0 - 69.93.255.255
NetName: NETBLK-THEPLANET-BLK-9
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
admins@theplanet.com


PSYCHZ[ATRIVOTECH-CWSTrojans]:69.50.184.0-69.50.184.255

psychz.net:69.93.73.221
City: San Francisco
StateProv: CA
Country: US
RegDate: 2004-06-07
Updated: 2004-06-07
AdminEmail: greedo3443@psychz.net
CIDR: 69.50.184.0/24
NetName: PSYCHZ
NetHandle: NET-69-50-184-0-1
Parent: NET-69-50-160-0-1
NetType: Reassigned
NameServer:MAIL.ATRIVO.COM
NameServer:PAVEL.ATRIVO.COM
Name Server:NS2.PSYCHZ.NET
Name Server:NS13.PSYCHZ.NET


Atrivo
Address: 200 Paul Avenue
City: San Francisco
StateProv: CA
PostalCode: 94124
Country: US
NetRange: 69.50.160.0 - 69.50.191.255
CIDR: 69.50.160.0/19
NetName: ATRIVOTECHNOLOGIES
NetHandle: NET-69-50-160-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: MAIL.ATRIVO.COM
NameServer: PAVEL.ATRIVO.COM

===========================================


Your-searcher.com[ATRIVOTECH-CWS.Trojans]:69.50.184.58-69.50.184.58
PSYCHZ[ATRIVOTECH-CWS.Trojans] :69.50.184.0-69.50.184.255


69.50.184.0 - 69.50.184.255

Psychz
200 Paul Avenue
San Francisco
CA
94124
United States


Abuse:
Abuse Department
+1-925-550-3947
abuse@atrivo.com

MAIL.ATRIVO.COM
PAVEL.ATRIVO.COM

PSYCHZ
Created: 2004-06-08
Updated: 2004-06-08
Source: whois.arin.net


####################################

IGNTOOLBAR.COM

Image updated 2004-04-23
Website Title: iGetNet - Home (200)
Meta Description: iGetNet is home of IGN Keywords for Natural Language Navigation of the web right from your browser address bar
Meta Keywords: IGN Keywords, IGetNet, Natural Language Navigation
Website Status: Active
Reverse IP: Web server hosts 2 websites
Server Type: Microsoft-IIS/5.0
IP Address: 216.177.73.139
IP Location: - North Carolina - Cary - Cable & Wireless

Name Server: NS1.IGETNET.COM NS2.IGETNET.COM
ICANN Registrar: ENOM, INC. < - b@stArdz
Created: 06-nov-2002
Expires: 06-nov-2004
Status: ACTIVE


--------------------------------------------------------------------------------

Registration Service Provided By: DotYou.Com

Visit: hxxp://www.dotyou.com

Domain name: igntoolbar.com

Registrant Contact:
iGetNet.com
Katheryn Baker ([AD])
949 595-8416
Fax: 949 768-4612
6 Morgan St # 162
Irvine, CA 92618
US

Administrative Contact:
iGetNet.com
Katheryn Baker ([AD])
949 595-8416
Fax: 949 768-4612
6 Morgan St # 162
Irvine, CA 92618
US

Technical Contact:
i Get Net, LLC
Technical Support ([AD])
+1.9495958416
Fax: +1.9494586879
6 Morgan St # 162
Irvine, 92618
US

Billing Contact:
iGetNet.com
Katheryn Baker ([AD])
949 595-8416
Fax: 949 768-4612
6 Morgan St # 162
Irvine, CA 92618
US

Status: Active

Name Servers:
ns1.igetnet.com
ns2.igetnet.com

Creation date: 06 Nov 2002 00:00:00
Expiration date: 06 Nov 2004 00:00:00

########################################

DRSNSRCH.COM:67.18.124.140-67.18.124.140

140.67-18-124.reverse.theplanet.com

67.18.0.0 - 67.19.127.255

ThePlanet.com Internet Services, Inc.
1333 North Stemmons Freeway
Suite 110
Dallas
TX
75207
United States

Image updated 2004-06-29
Website Title: ShopNav - Search & Shop the Web
Response Code: 206
SSL Cert: No valid SSL on this Host
Server Type: Apache/2.0.49 (Unix) PHP/4.3.1
IP Address: 67.18.124.140
IP Location: - Texas - Dallas - Theplanet.com Internet Services Inc

Name Server: UDNS1.ULTRADNS.NET UDNS2.ULTRADNS.NET
ICANN Registrar: TUCOWS INC.
Created: 29-apr-2004
Expires: 29-apr-2005
Status: ACTIVE

Registrant:
John Thompson
250 Montgomery Street
San Francisco, CA 94104
US

Domain name: DRSNSRCH.COM

Administrative Contact:
Thompson, John
250 Montgomery Street
San Francisco, CA 94104
US
(415) 901-0413
Technical Contact:
Thompson, John
250 Montgomery Street
San Francisco, CA 94104
US
(415) 901-0413


Registration Service Provider:
InfoAge Marketing International,
+612 9630 5607
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.


Registrar of Record: TUCOWS, INC.
Record last updated on 21-Jul-2004.
Record expires on 29-Apr-2005.
Record created on 29-Apr-2004.

Domain servers in listed order:
UDNS1.ULTRADNS.NET 204.69.234.1
UDNS2.ULTRADNS.NET 204.74.101.1

######################################

AMAZINGAUTOSSEARCH.COM

amazingautosearch.com:66.220.17.201-66.220.17.201

C2 Media Ltd:66.220.17.0-66.220.17.255

Website Title: Search the Web!
Meta Description: Start searching now because your search ends here!
Meta Keywords: search, searches, search engine, directory, directories, category, categories, help, multi media, maps, business finder, yellow pages, white pages, people search, find people, searching, searchers, advanced search, search help, search guide, search tips

Response Code: 206
SSL Cert: No valid SSL on this Host
Server Type: Apache/1.3.27 (Unix)
IP Address: 66.220.17.201
IP Location: - Florida - Shalimar - C2 Media Ltd

Name Server: NS1.LOP.COM NS2.LOP.COM
ICANN Registrar: TUCOWS INC.
Created: 14-may-2003
Expires: 14-may-2005
Status: ACTIVE

Registrant:
Lop.com
Unit 12
571 Finchley Road
Hampstead
London, NW3 7BN
UK

Domain name: AMAZINGAUTOSSEARCH.COM

Administrative Contact:
Live, Media
Unit 12
571 Finchley Road
Hampstead
London, NW3 7BN
UK
+ 44 7817 130 743
Technical Contact:
Live, Media
Unit 12
571 Finchley Road
Hampstead
London, NW3 7BN
UK
+ 44 7817 130 743


Registrar of Record: TUCOWS, INC.
Record last updated on 10-Dec-2003.
Record expires on 14-May-2005.
Record created on 14-May-2003.

Domain servers in listed order:
NS1.LOP.COM 66.220.17.5
NS2.LOP.COM 66.220.17.6

#####################################

############################

WINDUPDATES.COM


windupdates.com:69.90.178.10-69.90.178.10

69.90.0.0 - 69.90.255.255

Peer 1 Network Inc.
2100 - 555 W. Hastings St.
Vancouver
BC
V6B-4N5
Canada

Response Code: 500
Website Status: Active
Reverse IP: Web server hosts 30 websites
IP Address: 69.90.178.10
IP Location: - Peer 1 Network Inc

Name Server: NS1.CDTNET.NET NS2.CDTNET.NET
ICANN Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Created: 31-may-2004
Expires: 31-may-2005
Status: ACTIVE

domain: windupdates.com
status: production
organization: CDT Inc.
owner: Domain Manager
email:
address: P.O. Box 181
address: TMR P.O.
city: Mont-Royal
state: Quebec
postal-code: H3P3B9
country: CA
admin-c: #0
tech-c: #0
billing-c: #0
nserver: ns1.cdtnet.net
nserver: ns2.cdtnet.net
nserver: ns3.cdtnet.net
registrar: JORE-1
created: 2004-05-31 19:01:37 UTC JORE-1
expires: 2005-05-31 15:01:23 UTC
source: joker.com


db-updated: 2004-07-24 08:22:16 UTC

#############################################

###############################

69.20.16.183
fedora.nictechnetworks.com

69.20.0.0 - 69.20.127.255

Rackspace.com
112 E. Pecan St.
Suite 600
San Antonio
TX
78205
United States

Abuse:
Abuse Desk
+1-210-892-4000
abuse@rackspace.com

NS.RACKSPACE.COM
NS2.RACKSPACE.COM

---------------------------------

207.36.117.38
nictechnetworks.com

207.36.0.0 - 207.36.255.255

CyberGate, Inc.
3250 W. Commercial Blvd. Suite 200
Ft. Lauderdale
FL
33309
United States

TOPFIVESEARCH.COM

TopFiveSearch.com:64.71.190.198-64.71.190.198

Hurricane Electric HURRICANE-264.71.128.0 - 64.71.191.255
Argon Blue HURRICANE-64.71.190.192 - 64.71.190.223

Website Title: TopFiveSearch.com - HOME

Response Code: 200
SSL Cert: No valid SSL on this Host
Website Status: Active
Reverse IP: Web server hosts 4 websites
Server Type: Microsoft-IIS/5.0
IP Address: 64.71.190.198
IP Location: - California - Carmichael - Argon Blue

Name Server: DNS9.REGISTER.COM DNS10.REGISTER.COM
ICANN Registrar: REGISTER.COM, INC.
Created: 10-sep-2003
Expires: 10-sep-2005
Status: ACTIVE

--------------------------------------------------------------------------------

Organization:
Sean Lentgis
Sean Lentgis
3919 Alpine Road
Portola Valley, CA 94028
US
Phone: 6505551212
Fax..: 6505551212
Email:

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com

Domain Name: TOPFIVESEARCH.COM

Created on..............: Wed, Sep 10, 2003
Expires on..............: Sat, Sep 10, 2005
Record last updated on..: Wed, Feb 18, 2004

Administrative Contact:
Sean Lentgis
Sean Lentgis
3919 Alpine Road
Portola Valley, CA 94028
US
Phone: 6505551212
Fax..: 6505551212
Email:

Technical Contact:
Sean Lentgis
Sean Lentgis
3919 Alpine Road
Portola Valley, CA 94028
US
Phone: 6505551212
Fax..: 6505551212
Email:

Zone Contact:
Sean Lentgis
Sean Lentgis
3919 Alpine Road
Portola Valley, CA 94028
US
Phone: 6505551212
Fax..: 6505551212
Email:

Domain servers in listed order:

DNS9.REGISTER.COM 216.21.234.75
DNS10.REGISTER.COM 216.21.226.75

####################################

##################################

Searchmeup.cc / CoolWebSearch

www.searchmeup.cc:195.190.118.157-195.190.118.157


coolwebsearch.cc:195.190.118.0-195.190.118.255
ns2.coolwebsearch.cc:195.190.118.158-195.190.118.158
ns.coolwebsearch.cc:69.31.87.223-69.31.87.223
PILOSOFT.COM:66.250.55.66-66.250.55.66
Pilosoft Inc:69.31.80.0-69.31.87.255
Pilosoft Inc:69.31.90.0-69.31.91.255
Pilosoft Inc:69.31.92.0-69.31.93.255
NS5.PILOSOFT.COM-Washington:66.250.55.67-66.250.55.67




NS3.PILOSOFT.COM:69.31.80.0-69.31.87.255
KERNELNETWORKLLC:69.31.92.0-69.31.92.255

-----------------------------------

www.searchmeup.cc:195.190.118.157-195.190.118.157

ICS TM, JSC
70 Bolshoy pr. V.O.
199002 St.-Petersburg
Russian Federation

Registrant:
Ivan Sidorov hali@volny.cz
Volutova 2520
Praha NONE 15800
CZ
420776667666
Domain Name: searchmeup.cc
Administrative Technical Billing Contact:
Ivan Sidorov hali@volny.cz
Volutova 2520
Praha NONE 15800
CZ
420776667666
Record created on May 31 2004.
Record expires on May 31 2005.
Domain servers:
ns.coolwebsearch.cc
ns2.coolwebsearch.cc

---

ns.coolwebsearch.cc:69.31.87.223-69.31.87.223

KERNELNETWORKLLC:69.31.87.0-69.31.87.255
KERNELNETWORKLLC:69.31.92.0-69.31.92.255

KERNELNETWORKLLC
5 Starboard Center Suite 20
Bethany Beach
DE
19930
United States

NS1.XTRAFF.COM:69.31.86.14


69.31.86.0 - 69.31.86.255

KERNELNETWORKLLC


----

PILOSOFT.COM:66.250.55.66-66.250.55.66


66.250.0.0 - 66.250.255.255

Cogent Communications
1015 31st Street, NW
Washington
DC


Pilosoft Inc:69.31.80.0-69.31.87.255

Pilosoft, Inc.
55 Broad St, 3rd Fl
New York
NY
10004
United States

NS5.PILOSOFT.COM
NS6.PILOSOFT.COM

----

NS5.PILOSOFT.COM:66.250.55.67-66.250.55.67

Cogent Communications:66.250.0.0-66.250.255.255

Cogent Communications
1015 31st Street, NW
Washington
DC




----

NS6.PILOSOFT.COM:69.31.90.1-69.31.90.1

Pilosoft Inc:69.31.90.0-69.31.91.255

Pilosoft, Inc.
55 Broad St, 3rd Fl
New York
NY

----


nLayer Communications Inc:69.31.0.0-69.31.143.255

nLayer Communications, Inc.
44050-195 Ashburn Plaza
#637
Ashburn
VA
20147
United States


####################################

-----------------------------------------------------------------

65.110.38.219 - unknown.sagonet.net

OrgName: Sago Networks
City: Tampa
StateProv: FL
Country: US
NetRange: 65.110.32.0 - 65.110.63.255
CIDR: 65.110.32.0/19
NameServer: NS1.SAGONET.COM
NameServer: NS2.SAGONET.COM


hxxp://65.110.38.219/us/exploit.htm
hxxp://65.110.38.219/us/archive.jar

TDS-3 Positive identification: Trojan.Win32.StartPage.mf
File: rundll32.exe

FILE: c:\windows\winmodem.exe
FILE: c:\windows\rundll32.exe


------------------------------------------------------------------------

- Online Dialer -

hxxp://63.217.29.115/connect.php?

63.216.0.0 - 63.223.255.255
CAIS Internet


-------------------------------------------------------------------------

-------------------------------------------------

websearch.drsnsrch.com = 67.18.124.139

hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=


===========================

hxxp://66.117.37.5:80/iex/ofile.exe

66.117.32.0 - 66.117.47.255
Carpathia Hosting

===========================

hxxp://195.225.177.13/20646/online.chm

ip177-13.netcathost.com

195.225.176.0 - 195.225.179.255
NetcatHosting
Ukraine

===========================

69.90.178.11 -

blazefind.com
flingstone.com
skoobidoo.com

69.90.0.0 - 69.90.255.255
Peer 1 Network Inc.

===========================

66.150.193.103
www.clickspring.net

66.150.193.96 - 66.150.193.127
Clickspring, LLC

===========================

66.150.193.112
mt-download.com

66.150.193.96 - 66.150.193.127
Clickspring, LLC

===========================

69.90.178.10
searchbarcash.com

69.90.0.0 - 69.90.255.255
Peer 1 Network Inc.

===========================

searchmiracle.com

64.237.53.10
64.237.53.10.gigabits.us

64.237.53.0 - 64.237.53.15
Feher Tamas c/o Choopa.Com

===========================

216.127.33.119

slotch.com
xxxtoolbar.com

216.127.33.0 - 216.127.33.255
Gamma Networking Inc.
3300 Cote Vertu, Suite406
Montreal
Quebec

============================

my-internet.info

http://sarc.com/avcenter/venc/data/pf/adware.cdt.html

File names: Mediatickets.exe

When Adware.CDT is executed, it performs the following actions:

Displays pop-up advertisements.

Adds the following domains into the Trusted Sites zone for Internet Explorer:

blazefind.com
clickspring.net
flingstone.com
mt-download.com
my-internet.info
searchbarcash.com
searchmeup.cc
searchmiracle.com
skoobidoo.com
slotch.com
xxxtoolbar.com

by adding the value:

"*" = "0x00000002"

to the registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com


Adds the IP address, 69.31.87.223, into the Trusted Sites zone for Internet Explorer, by adding the value


69.31.87.223
ns.coolwebsearch.cc

69.31.87.0 - 69.31.87.255

KERNELNETWORKLLC
5 Starboard Center Suite 20
Bethany Beach
DE
19930
United States

NS1.XTRAFF.COM
NS2.XTRAFF.COM

====================================

#######################################

Sites that Install Spyware, Hijackers or Dialers:

http://forums.spywareinfo.com/index.php?showtopic=1127

#######################################

accessplugin.com:64.159.76.246-64.159.76.246

accessplugin.com
AccessPlugin(Dialer)

www.Accessplugin.com
www.Entryplugin.com

IP Address: 64.159.76.246 (ARIN & RIPE IP search)
IP Location: - Florida - Tampa - Candidhosting Inc

Name Server:
NS1.CRONTEL.NET
NS2.CRONTEL.NET

Registrant:
Crontel LTD
Beaufort House
Road Town, Tortola,POBox,UK 438 POV228

Domain Name:entryplugin.com
Record last updated at 2003-12-14 10:06:45
Record created on 2001/12/19
Record expired on 2004/12/19

Domain servers in listed order:
ns3.crontel.net
ns1.crontel.net

---------------------------------------------------------


sex-true.com:69.50.173.244-69.50.173.244

hxxp://sex-true.com
CWS(Hijacker)

35 domains found on 69.50.173.244

www.All4pornlovers.com
www.Anechka.org
www.Bigsexymama.com
32 more domains found...

Domain Name: SEX-TRUE.COM

Registrant:
Alexey Dronin
Alexey Dronin ()
Laztochkina str 34-1-1
Moscow
null,111587
RU
Tel. +007.9161614512

Creation Date: 09-Jul-2003
Expiration Date: 09-Jul-2005

Domain servers in listed order:
ns5.esthost.com
ns6.esthost.com

----------------------------------------------------------

bomb-mp3.com:207.44.130.75-207.44.130.75
OOXNET.COM:207.44.131.250-207.44.131.250
1NS2.OOXNET.COM:207.44.131.25-207.44.131.25

bomb-mp3.com

TopRebates(Adware), ISTbar(Hijacker), DyFuCA.Internet Optimizer(BHO), VX2.ABetterInternet(BHO), Twain-Tech(BHO), Trojan.Win32.Revop.c(Trojan), IPInsight(BHO), IBIS Toolbar(Search Hijacker), BlazeFind(Hijacker), BargainBuddy(Adware), Ucmore(Toolbar), SpediaBar(Adware), MoneyTree.DyFuCA(Dialer), MoneyTree(Dialer), HuntBar(Hijacker), DyFuCA(BHO), BlazeFind.variant(Hijacker), Adware.Binet(Adware), ABetterInternet(Adware)

IP Address: 207.44.130.75
IP Location: Tennessee - Knoxville - Everyones Internet Inc

Domain Name: BOMB-MP3.COM

Administrative Contact
Johny Morgan
New York, NY 10000
Phone +18844888866
Record updated on-> 2004-08-20 23:36:28
Record created on-> 2001-05-20
Record expiring date-> 2007-05-20
Domain servers in listed order:

1NS1.OOXNET.COM 207.44.130.75
1NS2.OOXNET.COM 207.44.131.25

-----------------------------------------------------------

cometcursors.com:64.94.162.232-64.94.162.232

Comet Systems:64.94.162.0-64.94.162.255

http://www.whois.sc/cometcursors.com

IP Address: 64.94.162.232
IP Location: Comet Systems

cometcursors.com/download.asp

CometSystems(Adware), OrbitExplorer(Adware), Egroup(Adware), CometCursor(Adware), Xupiter.Orbitexplorer(Homepage Hijacker)

dailytoolbar.com
DailyToolbar(Toolbar)

Registrant:
Starware (COMETCURSORS-DOM)
143 Varick Street
New York, NY 10013
US

Domain Name: COMETCURSORS.COM
Administrative Contact, Technical Contact:
Comet Systems (AD3626-ORG)
143 VARICK ST
NEW YORK, NY 10013-1106
US
212-231-2000 fax: 123 123 1234

Record expires on 13-Jul-2005.
Record created on 13-Jul-2000.

Domain servers in listed order:
DNS01.COMETSYSTEMS.COM 198.65.220.201
DNS02.COMETSYSTEMS.COM 198.65.220.202


----------------------------------------------------

www.dotcomtoolbar.com:80.69.74.18-80.69.74.18

hxxp://www.dotcomtoolbar.com/default.htm

DotCom Toolbar(Homepage Hijacker), EasyWWW(Adware), ISTbar(Hijacker), HitHopper(Adware), CWS.GonnaSearch(Search Hijacker), 2020Search(BHO)

IP Address: 80.69.74.18
IP Location: Quick Klik Services

Registrant:
WorldToStart B.V. (KRLVMXZRMD)
Postbus 14
Diemen, - 1110 AA
NL

Domain Name: DOTCOMTOOLBAR.COM

Administrative Contact, Technical Contact:
Emonds, Peter (35763825P)
WorldToStart B.V.
Postbus 14
Diemen, - 1110 AA
NL
+31 20 5241313

Record expires on 12-Aug-2008.
Record created on 12-Aug-2003.

Domain servers in listed order:

NS1.MEDIAHIGHWAY.NET 212.72.51.188
NS2.MEDIAHIGHWAY.NET 80.69.74.11


-------------------------------------------------

downloads-mp3.net:64.237.56.248-64.237.56.248


Powerscan(Adware), ISTbar.XXXToolbar(Hijacker), ISTbar(Hijacker), DyFuCA.Internet Optimizer(BHO), VX2.ABetterInternet(BHO), SpediaBar(Adware), MoneyTree.DyFuCA(Dialer), MoneyTree(Dialer), HitHopper(Adware), DotCom Toolbar(Homepage Hijacker), CWS.GonnaSearch(Search Hijacker), Adware.Binet(Adware), ABetterInternet(Adware)


IP Address: 64.237.56.248
IP Location: New Jersey - Secaucus - Reliable Servers C/o Choopa.com

Registrant:
Alexander Ermolenko +7.86324567452
AWM ltd
Krasnodarskaya street 9, apt. 45
Rostov-on-Don,Rostov Region,RUSSIAN FEDERATION 344015

Domain Name:downloads-mp3.net
Record last updated at 2004-01-31 20:31:15
Record created on 2004/1/31
Record expired on 2005/1/31

Domain servers in listed order:
ns0.hqhost.net
ns1.hqhost.net

------------------------------------------------------


erosconnect.com:200.217.168.83-200.217.168.83

IP Address: 200.217.168.83
IP Location: - Lacnic

erosconnect.com
Egroup(Dialer)

Registrant:
DNR
1E Braemar Ave
Unit 19
Kingston 10, WI N/A
JM

Domain name: EROSCONNECT.COM

Administrative Contact:
Admin, Domain
1E Braemar Ave
Unit 19
Kingston 10, WI N/A
JM
876-357-8404 Fax: n/a

Registrar of Record: TUCOWS, INC.
Record last updated on 06-May-2004.
Record expires on 05-Jun-2005.
Record created on 05-Jun-2002.

Domain servers in listed order:
NS1.WEBFINITY.NET 216.130.202.11
NS2.WEBFINITY.NET 216.130.202.12

------------------------------------------------------

exactsearchbar.com:64.21.81.201-64.21.81.201

hxxp://exactsearchbar.com/download.htm?

ExactSearchBar(BHO)

IP Address: 64.21.81.201
IP Location: - Kansas - De Soto - Net Access Corporation

Registrant:
eXact Advertising
101 W. 23rd Street, PMB 2392
New York, New York 10011
United States

Registered through: GoDaddy.com
Domain Name: EXACTSEARCHBAR.COM
Created on: 16-Oct-02
Expires on: 16-Oct-04
Last Updated on: 29-Apr-04

Administrative Contact:
Adminstrator, Domain
eXact Advertising
101 W. 23rd Street, PMB 2392
New York, New York 10011
United States
6462231227

Domain servers in listed order:
NS.RACKSPACE.COM
NS2.RACKSPACE.COM


-------------------------------------------------------


ezula.com

hxxp://ezula.com/TopText/autoload.asp

Ezula TopText(Adware), WebHancer(Spyware)


--------------------------------------------------------

hxxp://freescratchandwin.com/download.html

FreeScratchAndWin(BHO), Scratch and Win(Adware), 2nd Thought(Adware)


================================

66.230.152.228
www.pictureheaven.com

66.230.152.0 - 66.230.152.255

oXeo Networks
90 admiralty loop
staten island
NY
10309
United States

NS.OXEO.COM
NS2.OXEO.COM

-------------------------------------------------


www.xupiter.com

www.sexdialer.com

www.lop.com

www.look2me.com

www.myfreecursors.com

www.search-to-find.com

www.uni-porn.com

yahoogamez.com

------------------------------

213.59.0.84 - catsss.da.ru

213.59.0.0 - 213.59.0.255
RTComm.RU network
8/1, Olsufievsky pereulok,
121021, Moscow Russia
Russian Federation

============================

===========================

hxxp://s-redirect.com

s-redirect.com 81.9.3.82


81.9.3.64 - 81.9.3.95

Aspard
Russian Federation

Alex Lexx
Bezimyannaya street, 1
Otradnoe, Russia
phone: +7 095 1111111
support@nordhost.com

Alex Lexx
Bezimyannaya street, 1
Otradnoe, Russia
phone: +7 095 1111111
support@nordhost.com

Aspard
Updated: 06-Sep-2002 by registry@eltel.net
Source: whois.ripe.net

===========================================

your-searcher.com 69.31.76.67

69.31.76.65 - 69.31.76.80

Kelsey Kennedy
P.O. Box 44074
Burnaby
BC
V5B-4Y2
Canada

Kacperski, Emil
+1-925-550-3947
abuse@atrivo.com

Abuse:
Abuse Department
+1-925-550-3947
abuse@atrivo.com


=========================================

www.begin2search.com 216.130.185.143

216.130.160.0 - 216.130.191.255
Webair Internet Development Inc

=========================================

---------------------------------------------------

www.realsearcher.com:81.222.131.45-81.222.131.45

http://www.whois.sc/realsearcher.com

2 domains found on 81.222.131.45

www.Pukkasearch.net
www.Realsearcher.com

IP Address: 81.222.131.45
IP Location: - Eltel.net

81.222.0.0 - 81.222.255.255
ELTEL.NET
PROVIDER
Russian Federation

Domain Name: REALSEARCHER.COM

Registrant:
Hikesi me
Abdula J ()
Tartu Peapostkontor, pk. 12
Tartu
null,50001
EE
Tel. +372.55647646
Creation Date: 18-May-2004
Expiration Date: 18-May-2005
Domain servers in listed order:

ns1.pukkasearch.net
ns2.pukkasearch.net

---------------------------------------------------

http://s-redirect.com/

http://www.whois.sc/s-redirect.com

IP Address: 81.9.3.82
IP Location: Eltel.net

www.Countere.com
www.S-redirect.com

Domain Name: S-REDIRECT.COM
Registrant:
Hikesi me
Abdula J ()
Tartu Peapostkontor, pk. 12
Tartu
null,50001
EE
Tel. +372.55647646
Creation Date: 18-May-2004
Expiration Date: 18-May-2005

Domain servers in listed order:
ns1.pukkasearch.net
ns2.pukkasearch.net


--------------------------------------------------


http://us8.hpwis.com/
http://srch-us8.hpwis.com/

http://www.whois.sc/srch-us8.hpwis.com

IP Address: 209.202.216.27
IP Location: - Massachusetts - Waltham - Lycos Inc

32 domains found on 209.202.216.27

www.Chatcentral.com
www.Companiesonline.com
www.Cyberrights.com

Registrant:
Hewlett-Packard Company (DOM-309202)
3000 Hanover St. Palo Alto CA 94304 US

Domain Name: hpwis.com

Administrative Contact:
Domain Registration Manager (NIC-1477322)
Hewlett-Packard Company
1000 Circle Blvd MS 413G Corvallis OR 97330 US
+1.5417152100 Fax- +1.5417156789
Technical Contact, Zone Contact:
HP Hostmaster (NIC-1457890) Hewlett-Packard Company
3404 East Harmony Rd. MS 20 Fort Collins CO 80528 US

Domain servers in listed order:
AM1.HP.COM 15.227.128.50
AM3.HP.COM 15.243.160.50



---------------------------------------------------

#######################################

SEARCHMIRACLE.COM


searchmiracle.com:64.237.53.13-64.237.53.13

www.Searchmiracle.com

64.237.53.13.gigabits.us
64.237.53.0 - 64.237.53.15
Feher Tamas c/o Choopa.Com
1 Bethany Road
Building 2, Suite 24
Hazlet
NJ

http://www.whois.sc/searchmiracle.com

www.C4tdownload.com
http://www.whois.sc/c4tdownload.com
http://www.whois.sc/reverse-ip/?lookup=64.237.53.13

Search Miracle - Finding your search results with a miracle!
Response Code: 200
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 2 websites
Server Type: Apache/1.3.31 (Unix) PHP/4.3.7
IP Address: 64.237.53.13
IP Location: - New Jersey - Hazlet - Feher Tamas C/o Choopa.com
Name Server: NS1.EMIDNS.COM NS2.EMIDNS.COM
ICANN Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Created: 02-apr-2004
Expires: 02-apr-2006
Status: ACTIVE

Registrant:
Networld One
6448 Lubao Ave
Woodland H, CA 91367
US
818-381-1355

Domain Name: SEARCHMIRACLE.COM

Administrative Contact:
Rohbani, Bobby
6448 Lubao Ave
Woodland H, CA 91367
US
818-381-1355

Technical Contact:
Rohbani, Bobby
6448 Lubao Ave
Woodland H, CA 91367
US
818-381-1355

Record last updated 10-02-2004 02:25:18 PM
Record expires on 04-02-2006
Record created on 04-02-2004

Domain servers in listed order:
NS1.EMIDNS.COM 64.0.144.84
NS2.EMIDNS.COM 64.0.144.83


#########################################

##############################################

PAYPOPUP.COM

http://www.whois.sc/paypopup.com
http://www.whois.sc/sponsorsnet.com

paypopup.com:66.98.208.60-66.98.208.60

Domain name: paypopup.com

Website Title: PopUp / Pop-Under Ads Targeted Internet Advertising




SSL Cert: localhost.localdomain expires in 42 days renew now
Website Status: Active
Reverse IP: Web server hosts 2 websites
Server Type: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_jk/1.2.0 mod_perl/1.26 PHP/4.3.3 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b

IP Address: 66.98.208.60
IP Location: - Texas - Houston - Everyones Internet Inc
NetRange: 66.98.128.0 - 66.98.255.255

Name Server: NS1.RACKSHACK.NET NS2.RACKSHACK.NET
ICANN Registrar: ENOM, INC.
Created: 16-apr-2002
Expires: 16-apr-2005
Status: REGISTRAR-LOCK

Registrant Contact/Billing Contact:

YesUp Ecommerce Solutions Inc.
YesUp Inc. ()
+1.9057639735
Fax: +1.9057639735
330 Highway 7 East, Suite 202
Richmond Hill, O L4B3P8
CA

Status: Locked
Name Servers:
ns1.rackshack.net
ns2.rackshack.net

#######################################

##################################

w.w.w.cdcover.nl/redirect.cgi?usr=widexs

212.204.219.116
www.cdcovers.nl

212.204.219.111 - 212.204.219.120

Kraan BV
Netherlands

Uses paypopup to install malware.

SPOTRESULTS.COM

spotresults.com:69.20.20.163-69.20.20.163
NS.SPOTRESULTS.COM:69.20.47.141-69.20.47.141
ns2.spotresults.com:69.20.77.93-69.20.77.93
NicTech Networks Spyware:69.20.20.161-69.20.20.161

http://www.whois.sc/spotresults.com

Website Title: Welcome to SpotResults.com
Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Server Type: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.7 mod_perl/1.26
IP Address: 69.20.20.163
IP Location: - Rackspace.com
OrgID: RSPC
StateProv: TX
Country: US
NetRange: 69.20.0.0 - 69.20.127.255
Name Servers:
NS.SPOTRESULTS.COM 69.20.47.141
ns2.spotresults.com 69.20.77.93 ]

ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 12-feb-2004
Expires: 12-feb-2005
Status: ACTIVE

Registrant:
NicTech Networks
3860 W 150TH ST
Rosemount, Minnesota 55068
United States

Registered through: GoDaddy.com
Domain Name: SPOTRESULTS.COM
Created on: 12-Feb-04
Expires on: 12-Feb-05
Last Updated on: 28-Jun-04

Administrative Contact:
Networks, NicTech
3860 W 150TH ST
Rosemount, Minnesota 55068
United States
8667052728 Fax

Domain servers in listed order:
NS.SPOTRESULTS.COM
NS2.SPOTRESULTS.COM


###################################

69.20.20.161 shows their other sites:

1 A-D-W-A-R-E.COM.
2 AD-W-A-R-E.COM.
3 DESKTOPVILLAGE.COM.
4 LOOK2ME.COM.
5 LOOK2ME1.COM.
6 LOOK2ME2.COM.
7 LOOK2ME4.COM.


#################################


Company Profile for NicTech Networks, Inc.

>> LINK ! <<

NicTech Networks, Inc. is a leading desktop media corporation based in Minneapolis, Minnesota with a software facility in the Netherlands and Sweden. NicTech Networks is a closely held, private corporation and does not currently trade on any open market. The corporation runs on a positive cash flow basis and is completely self funded.

NicTech Networks is the parent company of several unique and innovative downloadable technology products and services. NicTech solutions help business partners and consumers realize mutually beneficial relationships. NicTech Networks is a leading global supplier of online services providing engaging online applications and communities to consumers and reliable solutions to corporations. NicTech Networks operates websites and applications that reach out to millions of visitors from all around the World monthly.




############################################

#######################################

http://www.spywarewarrior.com/viewtopic.php?p=35920


hxxp://www.xsunderground.com/thechilde/

--------------

Installs :


c:\windows\better.exe....from abetterinternet.com
c:\windows\VT00.exe.....no info in properties
c:\windows\games.exe....copyright EDRS..no other info
c:\windows\180axhook.dll
c:\windows\180ax_kf.dat....(over 5 meg!)
c:\windows\PreInMPP.exe <..along with multimpp.dll

VX2 Version 126

O1 - hosts: 69.20.16.183 auto.search.msn.com
O1 - hosts: 69.20.16.183 search.netscape.com
O1 - hosts: 69.20.16.183 ieautosearch

new toolbar and bho...

bho is multimpp.dll {002eb272-2590-4693-b166-fbd5d9b6fea6}
toolbar is tbGame.dll {02ffc86e-283e-4faa-95d6-addca024f30a}

O4...c:\windows\180ax.exe
O4...c:\windows\updatetc.exe
O4....c:\windows\rej.exe
O4...c:\windows\system32\xbzqhn.exe
O4....[games toolbar] rundll32.exe "c:\progra~1\games\tbgame.dll" DllShow TB

O16's:

DPF: {683dff0f-331f-44d2-b69b-46d7b58f32} (VacPro.Canada_ver3) hxxp://ocx3.advnt01.com/dialer/canada_ver3.cab

DPF - {79849612-a98f-45bb8-95e9-4d13c7b6b35c} (Loader 2 Control) hxxp://static.topconverting.com/activex/loader2.ocx


#######################################'


fedora.nictechnetworks.com:69.20.16.183-69.20.16.183


www.popuptraffic.com


POPUPTRAFFIC.COM:66.70.21.80-66.70.21.80

[AD]
Image updated 2004-08-16
Website Title: popuptraffic.com
Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Server Type: Apache/1.3.20 (Unix) PHP/4.0.6
IP Address: 66.70.21.80
IP Location: - New Jersey - Hoboken - Philippe Maratuech

Name Servers:
NS1.DATAPIPE.NET
NS2.DATAPIPE.NET

ICANN Registrar: TUCOWS INC.
Created: 13-dec-1999
Expires: 13-dec-2008
Status: ACTIVE

Registrant:
Standard Internet
14000 Commerce Parkway
Suite G
Mt Laurel, NJ 08054
US

Domain name: POPUPTRAFFIC.COM

Administrative Contact:
Internet, Standard [AD]
14000 Commerce Parkway
Suite G
Mt Laurel, NJ 08054
US
+1.8566420130 Fax: +1.8566429735

Registrar of Record: TUCOWS, INC.
Record last updated on 13-Aug-2004.
Record expires on 13-Dec-2008.
Record created on 13-Dec-1999.

Domain servers in listed order:
NS1.DATAPIPE.NET 64.27.65.13
NS2.DATAPIPE.NET 64.27.64.76

######################################

TOPCONVERTING.COM

hxxp://static.topconverting.com/activex/loader2.ocx

topconverting.com:81.23.227.8-81.23.227.8
ns2.topconverting.com:81.23.227.26-81.23.227.26

Website Title: Topconverting - Online MoneyMachine
Website Status: Active
Reverse IP: Web server hosts 19 websites
Server Type: Apache
IP Address: 81.23.227.8
IP Location: - Xlned Hosting Facilities
81.23.227.0 - 81.23.227.255
netname: NL-XL-NED
descr: XLNed Hosting Facilities
country: NL

Name Servers:
NS1.TOPCONVERTING.COM 81.23.227.8
ns2.topconverting.com 81.23.227.26

ICANN Registrar: ENOM, INC.
Created: 22-apr-2004
Expires: 22-apr-2005
Status: REGISTRAR-LOCK

Domain name: topconverting.com

Registrant Contact:
CrazywinningsInc
Steve Brands info@topconverting.com

Administrative Contact:
CrazywinningsInc
Steve Brands
0059996865896
Fax: 0059996865897
E-commerceparkVredenburg
Curacao
Willemstad, NA NA1623
AN
Creation date: 22 Apr 2004 10:08:44
Expiration date: 22 Apr 2005 10:08:44


###################################

advnt01.com:66.194.37.253-66.194.37.253
ocx3.advnt01.com:66.194.38.24-66.194.38.24

http://ocx3.advnt01.com/dialer/canada_ver3.cab

66.194.38.24
ocx3.advnt01.com
66.194.36.0 - 66.194.39.255
Electronic Communications Unlimited, Inc.
P.O. Box 682096
Orlando
FL


###################################

=================================

POPUPPERS.COM


popuppers.com:66.98.252.43-66.98.252.43

Registrant:
chunkybreakfast
box 3904
fort smith, Arkansas 72913
United States
Registered through: GoDaddy.com
Domain Name: POPUPPERS.COM

Created on: 20-Jan-04
Expires on: 20-Jan-06
Last Updated on: 01-Sep-04

Administrative Contact:
davidson, robert rob@chunkybreakfast.com
chunkybreakfast
box 3904
fort smith, Arkansas 72913
United States
4794590796 Fax --
Technical Contact:
davidson, robert rob@chunkybreakfast.com
chunkybreakfast
box 3904
fort smith, Arkansas 72913
United States
4794590796 Fax --

Domain servers in listed order:
NS1.XNAME.ORG
NS0.XNAME.ORG

=============================

############################

LZIO.COM

newupdates.lzio.com:66.230.223.73-66.230.223.73
updates.lzio.com:66.194.163.84-66.194.163.84

http://www.whois.sc/newupdates.lzio.com
Website Title: lzio.com
Response Code: 200
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 35 websites
Server Type: Apache/1.3.31 (Unix) PHP/4.2.3

IP Address: 66.194.163.74
IP Location: - Texas - Austin - Omegabyte Computer Corporation

66.194.163.74
web1.freecommunity.com

66.194.160.0 - 66.194.163.255
Omegabyte Computer Corporation
205 West Ninth Street
Suite 201
Austin

Name Servers:
NS1.FREECOMMUNITY.COM
NS2.FREECOMMUNITY.COM

ICANN Registrar: TUCOWS INC.
Created: 08-may-2003
Expires: 08-may-2005
Status: REGISTRAR-LOCK

Registrant:
Lzio.com
P.O. Box 685195
Austin, Texas 78768
US

Domain name: LZIO.COM

Administrative Contact:
Cave, Mark
P.O. Box 685195
Austin, Texas 78768
US
555-555-5555

Registration Service Provider:
FreeCommunity.Com
512-386-7040
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC.
Record last updated on 08-Apr-2004.
Record expires on 08-May-2005.
Record created on 08-May-2003.

Domain servers in listed order:
NS1.FREECOMMUNITY.COM 66.194.163.66
NS2.FREECOMMUNITY.COM 66.194.163.67

##############################################

#########################################

LUCKYSEARCH.NET

luckysearch.net:38.117.144.27-38.117.144.27


http://www.whois.sc/luckysearch.net

Website Title: Lucky Search - Best Search Engine
Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Server Type: Apache/1.3.29 (Unix) mod_perl/1.28 PHP/4.3.4
IP Address: 38.117.144.27
IP Location: - Performance Systems International Inc

Name Server: A.NS.JOKER.COM B.NS.JOKER.COM
ICANN Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Created: 01-sep-2003
Expires: 01-sep-2005
Status: ACTIVE

domain: luckysearch.net
status: production
organization: Big Emu Farm Company Ltd.
owner: Wayne Paterson
title: Mr.
address: 765 Cressall Road, Perth Office
city: Bassendean
postal-code: WA6280
country: AU
nserver: a.ns.joker.com 194.176.0.2
nserver: b.ns.joker.com 194.245.101.19
nserver: c.ns.joker.com 194.245.50.1
registrar: JORE-1
created: 2003-09-01 15:20:52 UTC JORE-1
modified: 2004-08-31 22:10:06 UTC JORE-1
expires: 2005-09-01 11:20:36 UTC
source: joker.com
db-updated: 2004-10-18 12:01:39 UTC

#######################################

COUNT-ALL.COM

count-all.com:209.66.122.165-209.66.122.165

http://www.whois.sc/acc.count-all.com

Website Title: 403 Forbidden
Response Code: 403
SSL Cert: No valid SSL on this Host, Get Secure
Server Type: Apache/1.3.31 (Unix) mod_fastcgi/2.4.2 (Spry.com also uses Apache)
IP Address: 209.66.122.165
IP Location: - Poltavs'ka Oblast' - Poltava - Aps Communications

209.66.122.0 - 209.66.122.255
APS communications
2330 Kruse Dr
San Jose
CA

Name Server: A.NS.JOKER.COM B.NS.JOKER.COM
ICANN Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Created: 01-sep-2003
Expires: 01-sep-2005
Status: ACTIVE

domain: count-all.com
status: production
organization: Asia Pacific Imaging & Programming LTD.
owner: Bharat Bhagwan
title: Dr.
address: No.9284, Fountain Plaza, 81st Floor,
address: Road No. 86, Banjara Hills
city: Mumbai
postal-code: 600 008
country: IN
nserver: a.ns.joker.com 194.176.0.2
nserver: b.ns.joker.com 194.245.101.19
nserver: c.ns.joker.com 194.245.50.1
registrar: JORE-1
created: 2003-09-01 13:31:23 UTC JORE-1
modified: 2004-08-31 21:10:07 UTC JORE-1
expires: 2005-09-01 09:31:07 UTC
source: joker.com
db-updated: 2004-10-18 12:01:39 UTC

########################################

####################################

I--SEARCH.COM

www.i--search.com:66.79.191.231-66.79.191.231

hotsearchbox/hotpopup/searchxl/tinybar/jethomepage:66.79.191.231-66.79.191.231

http://www.whois.sc/www.i--search.com

Website Title: What are you looking for ?
Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 10 websites
Server Type: Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.8 mod_ssl/2.8.18 OpenSSL/0.9.7a
IP Address: 66.79.191.231
IP Location: - California - San Jose - H. Rutszys

H. Rutszys-Private Residence:66.79.191.224-66.79.191.255

H. Rutszys
Private Residence
Private Residence
San Jose
CA
95133
United States


#############################

OMEGASEARCH.COM/LOP.COM

http://www.whois.sc/omegasearch.com

Website Title: Search the Web!
Meta Description: Start searching now because your search ends here!
Meta Keywords: search, searches, search engine, directory, directories, category, categories, help, multi media, maps, business finder, yellow pages, white pages, people search, find people, searching, searchers, advanced search, search help, search guide, search tips

Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Server Type: Apache/1.3.27 (Unix)
IP Address: 66.220.17.214
IP Location: - Florida - Shalimar - C2 Media Ltd

Name Server: NS1.LOP.COM NS2.LOP.COM
ICANN Registrar: TUCOWS INC.
Created: 14-may-2003
Expires: 14-may-2006
Status: ACTIVE

Registrant:
website
Unit 12
571 Finchley Road
Hampstead, NW3 7BN
GB

Domain name: OMEGASEARCH.COM

Administrative Contact:
Live, Media
Unit 12
571 Finchley Road
Hampstead, NW3 7BN
GB
+ 44 7817 130 743

Registrar of Record: TUCOWS, INC.
Record last updated on 22-Sep-2004.
Record expires on 14-May-2006.
Record created on 14-May-2003.

Domain servers in listed order:
NS1.LOP.COM 66.220.17.5
NS2.LOP.COM 66.220.17.6

Domain status:
ACTIVE


66.220.17.214
Omegasearch.com

66.220.17.216
Prosearching.com

66.220.17.152
Search200.com

66.220.17.211
Mysearchnow.com

66.220.17.226
searchexe.com

66.220.17.203
contexualsearch.com

66.220.17.0 - 66.220.17.255
C2 Media Ltd / LOP.COM

#####################################

GREATSEARCH.BIZ/xwebsearch.biz

GreatSearch.biz:213.159.117.147
xwebsearch.biz:67.15.35.16-67.15.35.16

38.113.198.235
38.112.4.242

GREATSEARCH.BIZ

http://www.whois.sc/GreatSearch.biz

Website Title: ZY Web Search
Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 3 websites
Server Type: Apache
IP Address: 213.159.117.147
IP Location: - Linkey

Domain Name: GREATSEARCH.BIZ
Domain ID: D6549884-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Sponsoring Registrar IANA ID: 303
Domain Status: ok
Registrant ID: DI_343543
Registrant Name: Nick Fedorov
Registrant Organization: Online service
Registrant Address1: Belinskogo street 69-3
Registrant City: Nizhny Novgorod
Registrant State/Province: None USA resident
Registrant Postal Code: 603600
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.88312391465
Registrant Email:
Administrative Contact ID: DI_343543
Administrative Contact Name: Nick Fedorov
Administrative Contact Organization: Online service
Administrative Contact Address1: Belinskogo street 69-3
Administrative Contact City: Nizhny Novgorod
Administrative Contact State/Province: None USA resident
Administrative Contact Postal Code: 603600
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU

Name Server: NS1.ULTRALINKS.INFO
Name Server: NS2.ULTRALINKS.INFO
Created by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Last Updated by Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Domain Registration Date: Thu Mar 25 15:38:04 GMT 2004
Domain Expiration Date: Thu Mar 24 23:59:59 GMT 2005
Domain Last Updated Date: Tue Aug 17 11:13:40 GMT 2004

>>>> Whois database was last updated on: Sat Oct 23 15:03:39 GMT 2004 <<<<


#########################################

xwebsearch.biz:67.15.35.16-67.15.35.16

Website Status: not active

67.15.35.16
67.15.35.0 - 67.15.35.255
Optical Jungle
403 Grant Avenue
Hightstown
NJ

XWEBSEARCH.BIZ
Domain ID: D5321775-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Sponsoring Registrar IANA ID: 303
Domain Status: pendingDelete
Registrant ID: DI_143717
Registrant Name: Kait Symbol
Registrant Organization: ASACP non profit
Registrant Address1: Smilshu 26-32
Registrant City: Tallin
Registrant Postal Code: 15010
Registrant Country: Estonia
Registrant Country Code: EE

#####################################

AIDINTIME.COM

hxxp:// aidintime.com /mashka/index::index.htm


PopAware/aidintime.com:64.0.144.51-64.0.144.52


64.0.0.0 - 64.3.255.255
XO Communications
Corporate Headquarters

http://forums.spywareinfo.com/index.php?showtopic=30673

http://www.whois.sc/aidintime.com

Additional Information: Blocked
Robots.txt: www.aidintime.com/robots.txt
Website Status: Active
Reverse IP: Web server hosts 11 websites
Server Type: Apache/2.0.48 (Linux/SuSE)
IP Address: 64.0.144.51
IP Location: - California - Glendale - Xo Communications

Name Server: NS2.NSSYS.COM NS1.NSSYS.COM
ICANN Registrar: TUCOWS INC.
Created: 23-jul-2004
Expires: 23-jul-2005
Status: ACTIVE

Registrant:
PopAware
29101 Highland Blvd.
Moreno Valley, CA 92555
US

Domain name: AIDINTIME.COM

Administrative Contact:
A, G
PO Box 6091
Moreno Valley, CA 92554
US
9905440208
Technical Contact:
Afana, Gabriel
29101 Highland Blvd.
Moreno Valley, CA 92555
US
909-544-0208

Registrar of Record: TUCOWS, INC.
Record last updated on 19-Oct-2004.
Record expires on 23-Jul-2005.
Record created on 23-Jul-2004.

Domain servers in listed order:
NS1.NSSYS.COM 64.154.194.162
NS2.NSSYS.COM 66.113.65.20

Domain status:
ACTIVE


====================

Update FEB 2005:

-------------------------------
MOVED IP ADDRESS TO : 216.152.244.84

-------------------------------

www.Adtomi.com
www.Aidintime.com
www.Bascowater.com
www.Cafreedom.com
www.Camberageflex.com
www.Collarsaround.com
www.Emorningmoss.net
www.Etightstrings.net
www.Logiose.com
www.Moltenmagnet.net
www.Netremoteline.com
www.Treestompertime.net




#####################################

CAREFREEEMAIL.COM

http://www.whois.sc/carefreeemail.com

Additional Information: Blocked
Robots.txt: www.carefreeemail.com/robots.txt
Website Status: Active
Reverse IP: Web server hosts 5 websites
Server Type: Apache/2.0.48 (Linux/SuSE)
IP Address: 64.0.144.52
IP Location: - California - Glendale - Xo Communications

Name Server: NS1.CTHOUGHT.COM NS2.CTHOUGHT.COM
ICANN Registrar: TUCOWS INC.
Created: 16-dec-2003
Expires: 16-dec-2004
Status: ACTIVE

Registrant:
PopAware
29101 Highland Blvd.
Moreno Valley, CA 92555
US

Domain name: CAREFREEEMAIL.COM

Administrative Contact:
Afana, Gabriel
29101 Highland Blvd.
Moreno Valley, CA 92555
US
909-544-0208

Registrar of Record: TUCOWS, INC.
Record last updated on 19-Oct-2004.
Record expires on 16-Dec-2004.
Record created on 16-Dec-2003.

Domain servers in listed order:
NS1.CTHOUGHT.COM 64.154.194.162
NS2.CTHOUGHT.COM 66.113.65.20

Domain status:
ACTIVE

#################################

CTHOUGHT.COM

Website Title: Creative Thought :: Network Architects
Meta Description: Creative Thought provides network architecture, strategic planning and IT management based on business models, goals and requirements. Services include onsite and remote IT management and system administration, system security and durability audits
Meta Keywords: strategic planning, auditing, hosting, internet access, web development, e-commerce, ecommerce, security, intershop, interchange, security, stability, speed, performance, customer service, colo, colocation
Response Code: 200
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 8 websites
Server Type: Apache/1.3.29 (Unix) PHP/4.3.5RC3 mod_perl/1.29 mod_ssl/2.8.16 OpenSSL/0.9.7c (Spry.com also uses Apache)
IP Address: 64.154.194.162
IP Location: - California - Los Angeles - Vizional Technologies

64.154.194.162
CTHOUGHT.COM

64.154.194.0 - 64.154.194.255
Co-Location.com Inc.
333 S. Beverly Drive
Suite 207
Beverly Hills
CA
90212
United States

Name Server: NS1.CTHOUGHT.COM NS2.CTHOUGHT.COM
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 23-feb-2003
Expires: 23-feb-2005
Status: ACTIVE

Registrant:
Creative Thought, Inc.
214 Main Street, #374
El Segundo, California 90245
United States

Registered through: GoDaddy.com
Domain Name: CTHOUGHT.COM
Created on: 23-Feb-03
Expires on: 23-Feb-05
Last Updated on: 26-Feb-04

Administrative Contact:
Clark, James
Creative Thought, Inc.
214 Main Street, #374
El Segundo, California 90245
United States
(310) 943-1968 Fax -- (310) 943-1968

Domain servers in listed order:
NS1.CTHOUGHT.COM
NS2.CTHOUGHT.COM


########################################

########################################

HERE4SEARCH.COM

here4search.com/hp.htm?id=9

here4search.com:69.31.80.129-69.31.80.129
NS1.HARDCOREOVER.COM:66.250.130.200-66.250.130.200
NS2.HARDCOREOVER.COM:69.31.80.114-69.31.80.114

69.31.80.0 - 69.31.87.255
Pilosoft, Inc

http://www.whois.sc/here4search.com

Website Title: Search Engine!
Website Status: Active
Reverse IP: Web server hosts 2 websites
Server Type: Apache/1.3.28 (Unix) PHP/4.3.4RC1
IP Address: 69.31.80.129
IP Location: - New Jersey - Hamburg - Pilosoft Inc

Name Server: NS1.HARDCOREOVER.COM NS2.HARDCOREOVER.COM
ICANN Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Created: 12-oct-2003
Expires: 12-oct-2005
Status: ACTIVE

Registrant:
none
P.O. Box 612
Prague, Not Applicable 11121
CZ
+42.0723197819

Domain Name: HERE4SEARCH.COM

Administrative Contact:
Khudoleev, Denis
P.O. Box 612
Prague, Not Applicable 11121
CZ
+42.0723197819


Technical Contact:
Khudoleev, Denis
P.O. Box 612
Prague, Not Applicable 11121
CZ
+42.0723197819


Record expires on 10-12-2005
Record created on 10-12-2003

Domain servers in listed order:
NS1.HARDCOREOVER.COM 66.250.130.200
NS2.HARDCOREOVER.COM 69.31.80.114


NS1.HARDCOREOVER.COM:66.250.130.200-66.250.130.200

66.250.130.200
66.250.0.0 - 66.250.255.255
Cogent Communications
1015 31st Street, NW
Washington
DC
20007
United States

NS2.HARDCOREOVER.COM:69.31.80.114-69.31.80.114

69.31.80.114
colo-69-31-80-114.pilosoft.com
69.31.80.0 - 69.31.87.255
Pilosoft, Inc.
55 Broad St, 3rd Fl
New York
NY
10004
United States


HARDCOREOVER.COM


Image updated 2004-05-24
Response Code: 200
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 3 websites
Server Type: Apache/1.3.28 (Unix) PHP/4.3.4RC1
IP Address: 69.31.80.114
IP Location: - New Jersey - Hamburg - Pilosoft Inc

Name Server: NS1.HARDCOREOVER.COM NS2.HARDCOREOVER.COM
ICANN Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Created: 18-jan-2002
Expires: 18-jan-2005
Status: ACTIVE

Registrant:
Mazay Ltd
P.O. BOX 713
Prague, CZ 11121
CS
565656656


Domain Name: HARDCOREOVER.COM

Administrative Contact:
Mazay, Ded
P.O. BOX 713
Prague, CZ 11121
CS
565656656


Technical Contact:
Mazay, Ded
P.O. BOX 713
Prague, CZ 11121
CS
565656656


Record last updated 04-21-2003 02:00:25 PM
Record expires on 01-18-2005
Record created on 01-18-2002

Domain servers in listed order:
NS1.HARDCOREOVER.COM 66.250.130.200
NS2.HARDCOREOVER.COM 69.31.80.114



###########################################

ROINGS.COM


roings.com:67.15.14.35-67.15.14.35
cabs.roings.com:66.98.248.39-66.98.248.39

hxxp:// cabs.roings.com/cabs/ieplug.cab

http://www.whois.sc/roings.com

Image updated 2004-09-27
Website Title: 0005_red
Response Code: 206
SSL Cert: localhost.localdomain expires in 177 days
Website Status: Active
Reverse IP: Web server hosts 2 websites
Server Type: Apache/2.0.46 (Red Hat)

IP Address: 67.15.14.35
IP Location: - Texas - Houston - Everyones Internet Inc

67.15.0.0 - 67.15.175.255
Everyones Internet, Inc.
2600 Southwest Freeway
Suite 500
Houston
TX

66.98.128.0 - 66.98.255.255
Everyones Internet, Inc.
2600 Southwest Freeway
Suite 500
Houston
TX

Name Server: NS1.CHUNKYBREAKFAST.COM NS2.CHUNKYBREAKFAST.COM
ICANN Registrar: NETWORK SOLUTIONS, LLC.
Created: 09-dec-2003
Expires: 09-dec-2007
Status: REGISTRAR-LOCK

Registrant:
davidson, rob (BYMAXNOHVD)
chunkybreakfast
box 3904
fort smith, AR 72913
US

Domain Name: ROINGS.COM

Administrative Contact, Technical Contact:
davidson, rob (NJDKVVOWUI)
chunkybreakfast
box 3904
fort smith, AR 72913
US
4794590796 fax: 123 123 1234

Record expires on 09-Dec-2007.
Record created on 24-Jul-2004.

Domain servers in listed order:

NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM 64.202.164.161
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM 64.202.164.162
NS1.CHUNKYBREAKFAST.COM
NS2.CHUNKYBREAKFAST.COM


#################################

MEDIA-MOTOR.NET

http://www.whois.sc/media-motor.net

Image updated 2004-09-13
Website Title: 0005_red
Response Code: 206
SSL Cert: localhost.localdomain expires in 177 days
Website Status: Active
Reverse IP: Web server hosts 2 websites
Server Type: Apache/2.0.46 (Red Hat)
IP Address: 67.15.14.35
IP Location: - Texas - Houston - Everyones Internet Inc

Name Server: NS2.DNSPARK.NET NS1.DNSPARK.NET
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 04-jun-2004
Expires: 04-jun-2006
Status: ACTIVE

Registrant:
hillzone
po box 1480
helendale, California 92342
United States

Registered through: GoDaddy.com
Domain Name: MEDIA-MOTOR.NET
Created on: 04-Jun-04
Expires on: 04-Jun-06
Last Updated on: 04-Jun-04

Administrative Contact:
hill, garry
hillzone
po box 1480
helendle, California 92342
United States
(415) 238-7450 Fax --
Technical Contact:
hill, garry
hillzone
po box 1480
helendle, California 92342
United States
(415) 238-7450 Fax --

Domain servers in listed order:
NS1.DNSPARK.NET
NS2.DNSPARK.NET


###################################

####################################

Scumware-Remover.org


Scumware-Remover.org[Spy]:66.79.171.70-66.79.171.70
www.smartestsearch.com[Spy]:66.79.171.75-66.79.171.75

Scumware-Remover.org
66.79.171.70

www.smartestsearch.com
66.79.171.75

66.79.171.0 - 66.79.171.127
Liam Rhodes
Private Residence
Ripley
CA
95133
United States

MSG Arin Tech
+1-888-585-8889
tech@managedsg-inc.com


More info:
http://spywarewarrior.com/viewtopic.php?t=6987
http://www.webhelper4u.com/CWS/scumwareremover.html


3 files downloaded to C:Windows\system 32:

dps.exe
dps32.exe
mse.exe

Adds a entry to the registry :

O4 - HKLM\..\Run: [dps] c:\windows\system32\dps.exe

Hijacks the HOSTS file with the following entries:

O1 - Hosts: 66.79.171.75 www.google.com
O1 - Hosts: 66.79.171.75 www.yahoo.com
O1 - Hosts: 66.79.171.75 www.altavista.com
O1 - Hosts: 66.79.171.75 www.hotbot.com
O1 - Hosts: 66.79.171.75 www.lycos.com
O1 - Hosts: 66.79.171.75 www.mamma.com
O1 - Hosts: 66.79.171.75 www.askjeeves.com
O1 - Hosts: 66.79.171.75 www.ask.com
O1 - Hosts: 66.79.171.75 www.google.co.uk
O1 - Hosts: 66.79.171.75 www.yahoo.co.uk
O1 - Hosts: 66.79.171.75 www.altavista.co.uk
O1 - Hosts: 66.79.171.75 www.hotbot.co.uk
O1 - Hosts: 66.79.171.75 www.lycos.co.uk
O1 - Hosts: 66.79.171.75 www.mamma.co.uk
O1 - Hosts: 66.79.171.75 www.askjeeves.co.uk
O1 - Hosts: 66.79.171.75 www.ask.co.uk
O1 - Hosts: 66.79.171.75 www.msn.com
O1 - Hosts: 66.79.171.75 www.msn.co.uk
O1 - Hosts: 66.79.171.75 www.go.com
O1 - Hosts: 66.79.171.75 www.go.co.uk
O1 - Hosts: 66.79.171.75 www.no-ip.com
O1 - Hosts: 66.79.171.75 www.hotbar.com
O1 - Hosts: 66.79.171.75 www.mywebsearch.com
O1 - Hosts: 66.79.171.75 www.exactsearch.net
O1 - Hosts: 66.79.171.75 www.resultsmaster.com
O1 - Hosts: 66.79.171.75 www.kanoodle.com


SCUMWARE-REMOVER.ORG

http://www.whois.sc/scumware-remover.org

Website Title: Scumware-Remover.org
Response Code: 206
SSL Cert: No valid SSL on this Host, Get Secure
Website Status: Active
Reverse IP: Web server hosts 105 websites

www.1800comtacts.com
www.1800flowres.com
www.1800flpwers.com
102 more domains found...

Server Type: Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.3 FrontPage/5.0.2.2634a mod_ssl/2.8.18 OpenSSL/0.9.7a
IP Address: 66.79.171.70
IP Location: - California - Ripley - Liam Rhodes

Domain ID:D104980260-LROR
Domain Name:SCUMWARE-REMOVER.ORG
Created On:08-Oct-2004 23:52:48 UTC
Last Updated On:08-Oct-2004 23:53:17 UTC
Expiration Date:08-Oct-2005 23:52:48 UTC
Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
Status:TRANSFER PROHIBITED
Registrant ID:GODA-08414651
Registrant Name:Steven Burritt
Registrant Street1:239 millcreek lane
Registrant City:naperville
Registrant State/Province:Illinois
Registrant Postal Code:60540
Registrant Country:US
Registrant Phone:+1.6304043009
Name Server:NS1.H-C-T.COM
Name Server:NS2.H-C-T.COM



############################################

searchmeup.com/umaxsearch CWS trojan sites

hxxp://www.searchmeup.com/search.php

searchmeup.com:38.113.198.235-38.113.198.235
umaxsearch.com:64.124.210.98-64.124.210.98

domain: searchmeup.com
status: production
organization: UmaxSearch Ltd
email: pr@umaxsearch.com
address: Arch. Makarios III str./22
city: Nicosia
postal-code: 2406
country: CY
admin-c: pr@umaxsearch.com#0
tech-c: pr@umaxsearch.com#0
billing-c: pr@umaxsearch.com#0
nserver: a.ns.joker.com 194.176.0.2
nserver: b.ns.joker.com 194.245.101.19
nserver: c.ns.joker.com 194.245.50.1
registrar: JORE-1
created: 2003-11-12 15:02:12 UTC JORE-1
expires: 2004-11-12 10:01:56 UTC
source: joker.com

umaxsearch.com
IP Address: 64.124.210.98
Registrant:
Leos Rousek wello@mail.ru +4.20721121332
Leos Rousek
Na Prikope 858/20
Praha 1,Praha,CZ 113 80

Domain Name:umaxsearch.com
Record last updated at 2004-09-22 03:50:42
Record created on 2003/9/11
Record expired on 2005/9/11

Domain servers in listed order:
ns000.onlinenic.com ns4.onlinenic.com
Administrator:
Na Prikope 858/20
Praha 1
Praha,
CZ
113 80


###########################

homepage reset to http://213.159.117.134 / http:// 213.159.117.150 /connect.cgi

213.159.117.134/index.php[hijacker]:213.159.117.134-213.159.117.134
213.159.117.150/connect.cgi[Hijacker]:213.159.117.150-213.159.117.150

213.159.96.0 - 213.159.127.255
PROVIDER
Linkey Ltd
Russian Federation

www.awmcash.biz

www.awmcash.biz:205.252.249.210-205.252.249.210

205.252.0.0 - 205.252.255.255
Beyond The Network America, Inc.
Reston Executive Center

hxxp://www.awmcash.biz/adverts/02/1.htm





hxp://www.awmcash.biz/adverts/02/1.htm

link ^ gives me five or so virus alerts altogether for the Exploit and the Trojan:byteverify stuff and a SSM prompt for this program :



loadclean.exe has references inside it to sp2.f cked and a few other urls..


>> http://www.whois.sc/www.awmcash.biz

Says site is not active , but I have the virus alerts to say otherwise..

Domain Name: AWMCASH.BIZ
Domain ID: D8250943-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registrant ID: DI_947431
Registrant Name: John Miller
Registrant Organization: Liber Inc
Registrant Address1: 135/2 Washington str
Registrant Address2: Limasson,
Registrant Address3: Cyprus
Registrant City: Limasson,
Registrant State/Province: CY
Registrant Postal Code: 06432
Registrant Country: Cyprus
Registrant Country Code: CY

###############################

realsearch.cc

browser hijacker = http://www.spywarewarrior.com/viewtopic.php?t=8913

realsearch.cc:195.225.176.15-195.225.176.15

NetcatHosting:195.225.176.0-195.225.179.255



realsearch.cc - 195.225.176.15

4 domains found on 195.225.176.15

inetnum: 195.225.176.0 - 195.225.179.255
netname: NETCATHOST
descr: NetcatHosting
country: UA


www.69sexsearch.com
www.Aflashcounter.com
www.Ahomefinder.com
www.Bebcounters.com


Name Server: NS1.REALSEARCH.CC NS2.REALSEARCH.CC
ICANN Registrar: DIRECT INFORMATION PVT. LTD., DBA DIRECTI.COM
Created: 14-nov-2004
Expires: 14-nov-2005
Status: ACTIVE

---------------------------------------------------------

Domain Name: 69SEXSEARCH.COM

Registrant:
Danyelle Christian
Chocho Street 16
Highland Beach
null,96365
US
Tel. +09.6070231

Creation Date: 14-Nov-2004
Expiration Date: 14-Nov-2005

Domain servers in listed order:
ns1.realsearch.cc
ns2.realsearch.cc

Status:ACTIVE

------------------------------------------------------

AFLASHCOUNTER.COM

Website Title: The Best Searcher
Website Status: Active
Server Type: Apache/1.3.33 (Unix) PHP/4.3.9
IP Address: 195.225.176.15
IP Location: - New York - New York - Netcathosting

Name Server: NS1.REALSEARCH.CC NS2.REALSEARCH.CC
ICANN Registrar: DIRECT INFORMATION PVT. LTD., DBA DIRECTI.COM
Created: 10-nov-2004
Expires: 10-nov-2005
Status: ACTIVE

Domain Name: AFLASHCOUNTER.COM

Registrant:
Danyelle Christian
Chocho Street 16
Highland Beach
null,96365
US
Tel. +09.6070231

Creation Date: 10-Nov-2004
Expiration Date: 10-Nov-2005

Domain servers in listed order:
ns1.realsearch.cc
ns2.realsearch.cc

--------------------------------------------------------

Domain Name: AHOMEFINDER.COM

Registrant:
Danyelle Christian
Chocho Street 16
Highland Beach
null,96365
US
Tel. +09.6070231

Creation Date: 10-Nov-2004
Expiration Date: 10-Nov-2005

Domain servers in listed order:
ns1.realsearch.cc
ns2.realsearch.cc

-----------------------------------------------------

Domain Name: BEBCOUNTERS.COM

Registrant:
Danyelle Christian
Chocho Street 16
Highland Beach
null,96365
US
Tel. +09.6070231

Creation Date: 10-Nov-2004
Expiration Date: 10-Nov-2005

Domain servers in listed order:
ns1.realsearch.cc
ns2.realsearch.cc

------------------------------------------------------

Domain Name: AAAWEBSEARCH.COM
Registrant:
Danyelle Christian
Chocho Street 16
Highland Beach
null,96365
US
Tel. +09.6070231
Creation Date: 10-Nov-2004
Expiration Date: 10-Nov-2005

Domain servers in listed order:
ns1.suspended-domain.com
ns2.suspended-domain.com

--------------------------------------------------------

Whatsfind.com


Whatsfind.com:210.245.166.133-210.245.166.133

homepage hijacker..

ISEARCHTECH.COM

ISEARCHTECH.COM:216.127.33.119-216.127.33.119

Reverse IP: Web server hosts 12 websites
IP Address: 216.127.33.119
IP Location: - Washington - Silverdale - Gamma Networking Inc
Blacklist Status: Listed

www.Couldnotfind.com
www.Installcash.com
www.Integratedsearchtechnologies.com
www.Isearchtech.com
www.Power-scan.com
www.Sidefind.com
www.Slotch.com
www.Slotchbar.com
www.Toolbarcash.com
www.Xxxtoolbar.com
www.Yoursitebar.com
www.Ysbweb.com

216.127.33.0 - 216.127.33.255
Gamma Networking Inc

Name Server: NS1.GAMMAE.COM NS3.GAMMAE.COM
ICANN Registrar: TUCOWS INC.
Created: 29-jan-2003
Expires: 29-jan-2006
Status: REGISTRAR-LOCK

Registrant:
Integrated Search Technologies
3300 Cote-Vertu
Suite 406
Montreal, Quebec H4R 2B7
CA

Domain name: ISEARCHTECH.COM

Administrative Contact:
Search Technologies, Integrated
3300 Cote-Vertu
Suite 406
Montreal, Quebec H4R 2B7
CA
514-448-9727 Fax: 514-334-7088

Registrar of Record: TUCOWS, INC.
Record last updated on 31-Dec-2004.
Record expires on 29-Jan-2006.
Record created on 29-Jan-2003.

Domain servers in listed order:
NS1.GAMMAE.COM 216.127.33.4
NS3.GAMMAE.COM 216.127.33.6
NS4.GAMMAE.COM 216.127.33.7

######################################

ISEARCH.COM

iSearch Internet:216.130.187.150-216.130.187.150

http://www.whois.sc/isearch.com

Website Title: iSearch - Searching Made Simple
Meta Description: Pay Per Click Search Engine' /
Meta Keywords: isearch, search engine, ppc search engine' /

Reverse IP: Web server hosts 3 websites
Server Type: Apache
IP Address: 216.130.187.150
IP Location: - New York - Jericho - Webair Internet Development Inc

www.Isearch.com
www.Adservs.com
www.Findstuffsearch.com

NetRange: 216.130.160.0 - 216.130.191.255
CIDR: 216.130.160.0/19
NetName: WEBAIRINTERNET
Name Server: NS.WEBAIR.NET NS2.WEBAIR.NET
ICANN Registrar: ENOM, INC.
Created: 06-oct-1995
Expires: 05-oct-2006
Status: REGISTRAR-LOCK

Registration Service Provided By: eNom, Inc.

Domain name: isearch.com

Registrant Contact:
iSearch Internet
Domain Manager (NA)
+1.8668456873
Fax:
701 Brazos
Suite 500

#####################################
Austin, TX 78701
US

Flying Crocodile

Porn Spyware / Hijackers

FCI Inc.:216.127.32.0-216.127.32.31

216.127.32.0 - 216.127.32.31
FCI Inc.
417 Virginia St. Suite 200
Seattle
WA
98101
United States

Perkins, Ross
+1-206-374-0374
ross@flyingcroc.com

Accretive Technology Group, Inc.:216.127.32.0-216.127.63.255

216.127.32.0 - 216.127.63.255
Accretive Technology Group, Inc.
2001 6th Avenue
Suite 3302
Seattle
WA
98121
United States

TRAFFIC2CASH.BIZ

traffic2cash.biz:69.50.168.149-69.50.168.149

69.50.168.0 - 69.50.168.255
William Lu

69.50.160.0 - 69.50.191.255
Atrivo
200 Paul Avenue
San Francisco
CA
94124
United States

Reverse IP: Web server hosts 4 websites

TRAFFIC2CASH.BIZ
www.Antiblock.biz
www.Oranger.biz
www.Private-iframe.biz

Server Type: Apache/1.3.31 (Unix) PHP/4.3.8
IP Address: 69.50.168.149
IP Location: - California - Monte Rio - William Lu
Blacklist Status: Last blocked 2005-02-09

Domain Name: TRAFFIC2CASH.BIZ
Domain ID: D8372585-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Sponsoring Registrar IANA ID: 303
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: DI_1033072
Registrant Name: John Miller
Registrant Organization: Liber Inc

Administrative Contact ID: DI_1033072
Administrative Contact Name: John Miller
Administrative Contact Organization: Liber Inc
Administrative Contact Address1: 135/2 Washington str
Administrative Contact City: Limasson
Administrative Contact Postal Code: 06432
Administrative Contact Country: Cyprus
Administrative Contact Country Code:CY
Administrative Contact Phone Number:+944.8735673

Name Server:NS1.TRAFFIC2CASH.BIZ
Name Server:NS2.TRAFFIC2CASH.BIZ
Created by Registrar:DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Last Updated by Registrar:DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Domain Registration Date: Mon Dec 06 15:18:04 GMT 2004
Domain Expiration Date: Mon Dec 05 23:59:59 GMT 2005
Domain Last Updated Date: Tue Feb 15 12:06:33 GMT 2005

###################################

hypn0toad.com

IP Addresses: 67.15.70.15
IP Country: UNITED STATES
Reverse IP Lookup: IP hosts 3 domains

Hosting Company Name:
ICANN Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Creation Date: Jan 12 2005
Expiry Date: Jan 12 2010

Web Server: N/A
Website Status:

Domain Name.......... hypn0toad.com
Creation Date........ 2005-01-13
Registration Date.... 2005-01-13
Expiry Date.......... 2010-01-13
Organisation Name.... Carl Anderson
Organisation Address. 666 I Rule Street
Organisation Address.
Organisation Address. Awesomeville
Organisation Address. 52245
Organisation Address. IA
Organisation Address. UNITED STATES

Admin Name........... All Hail The Hypnotoad
Admin Address........ 666 I Rule Street
Admin Address........
Admin Address........ Awesomeville
Admin Address........ 52245
Admin Address........ IA
Admin Address........ UNITED STATES
Admin Email..........
Admin Phone.......... +1.6666666
Admin Fax............ +1.6666666

Tech Name............ Kwanun Hosting
Tech Address......... 666 Fuchs Street
Tech Address.........
Tech Address......... Awesomeville
Tech Address......... 52245
Tech Address......... IA
Tech Address......... UNITED STATES
Tech Email...........
Tech Phone........... +1.6666666
Tech Fax............. +1.6666666
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com

67.15.70.15 - IP hosts 3 Total Domains ...
Showing 1 - 3 out of 3

Domain Name
1 CHIPCENTRAL.INFO.
2 HYPN0TOAD.COM.
3 HYPN0TOAD.NET.

azesearch.com
IP Addresses: 194.204.33.20
IP Country: ESTONIA
Reverse IP Lookup: IP hosts 122 domains

Hosting Company Name:
ICANN Registrar: GO DADDY SOFTWARE, INC.
Creation Date: Jan 26 2005
Expiry Date: Jan 26 2006

Web Server: N/A
Website Status:

Registrant:
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com
Domain Name: AZESEARCH.COM
Created on: 26-Jan-05
Expires on: 26-Jan-06
Last Updated on: 18-Feb-05

Administrative Contact:
Private, Registration
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599
Technical Contact:
Private, Registration
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599

Domain servers in listed order:
NS1.AZENETWORK.COM
NS2.AZENETWORK.COM

194.204.33.20 - IP hosts 122 Total Domains ... (Posting the first 10 of the list)
Showing 1 - 10 out of 122

Domain Name
1 3DEXPORT.COM.
2 3DM-MC.COM.
3 3DM3.COM.
4 552964.INFO.
5 ALERIA.NET.
6 ALPHASKINS.COM.
7 AQUATIC-LIFE.NET.
8 ASHDODA.NET.
9 AV-GROUPS.COM.
10 AW-SOFTWARE.COM.

besstsearchs.com
IP Addresses: 200.16.144.182
IP Country: ARGENTINA
Reverse IP Lookup: IP hosts 5 domains

Hosting Company Name:
ICANN Registrar: DIRECT INFORMATION PVT. LTD., DBA DIRECTI.COM
Creation Date: Apr 28 2004
Expiry Date: Apr 28 2005

Web Server: N/A
Website Status: N/A

Registration Service Provided By: ESTDOMAINS
Contact:
Website: http://www.estdomains.com
Abuse Desk Email Address:

Domain Name: BESSTSEARCHS.COM

Registrant:
home biz.
Mike Algernon ()
310 South Williams Blvd 305
Tucson
null,85711
US
Tel. +10.93218434

Creation Date: 28-Apr-2004
Expiration Date: 28-Apr-2005

Domain servers in listed order:
ns1.mydomain.com
ns2.mydomain.com
ns3.mydomain.com
ns4.mydomain.com


Administrative Contact:
home biz.
Mike Algernon ()
310 South Williams Blvd 305
Tucson
null,85711
US
Tel. +10.93218434

Technical Contact:
home biz.
Mike Algernon ()
310 South Williams Blvd 305
Tucson
null,85711
US
Tel. +10.93218434

Billing Contact:
home biz.
Mike Algernon ()
310 South Williams Blvd 305
Tucson
null,85711
US
Tel. +10.93218434

Status:ACTIVE

200.16.144.182 - IP hosts 5 Total Domains ...
Showing 1 - 5 out of 5

Domain Name
1 BESSTSEARCHS.COM.
2 IKNOWTAYLER.BIZ.
3 SPAMKIT.COM.
4 SUCHIIOMUSIC.BIZ.
5 YULLOWDALEC.BIZ.

cash4me.biz
IP Addresses: 69.50.168.148
IP Country: UNITED STATES
Reverse IP Lookup: IP hosts 5 domains

Hosting Company Name:
ICANN Registrar: DIRECT INFORMATION PVT. LTD., DBA DIRECTI.COM
Creation Date: Oct 24 2004
Expiry Date: Oct 23 2005

Web Server: N/A
Website Status:

Domain Name: CASH4ME.BIZ
Domain ID: D8027263-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD.,
(D.B.A. DIRECTI.COM)
Sponsoring Registrar IANA ID: 303
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: DI_1033072
Registrant Name: John Miller
Registrant Organization: Liber Inc
Registrant Address1: 135/2 Washington str
Registrant City: Limasson
Registrant Postal Code: 06432
Registrant Country: Cyprus
Registrant Country Code: CY
Registrant Phone Number: +944.8735673
Registrant Email:
Administrative Contact ID: DI_1033072
Administrative Contact Name: John Miller
Administrative Contact Organization: Liber Inc
Administrative Contact Address1: 135/2 Washington str
Administrative Contact City: Limasson
Administrative Contact Postal Code: 06432
Administrative Contact Country: Cyprus
Administrative Contact Country Code: CY
Administrative Contact Phone Number: +944.8735673
Administrative Contact Email:
Billing Contact ID: DI_1033072
Billing Contact Name: John Miller
Billing Contact Organization: Liber Inc
Billing Contact Address1: 135/2 Washington str
Billing Contact City: Limasson
Billing Contact Postal Code: 06432
Billing Contact Country: Cyprus
Billing Contact Country Code: CY
Billing Contact Phone Number: +944.8735673
Billing Contact Email:
Technical Contact ID: DI_1033072
Technical Contact Name: John Miller
Technical Contact Organization: Liber Inc
Technical Contact Address1: 135/2 Washington str
Technical Contact City: Limasson
Technical Contact Postal Code: 06432
Technical Contact Country: Cyprus
Technical Contact Country Code: CY
Technical Contact Phone Number: +944.8735673
Technical Contact Email:
Name Server: NS1.CASH4ME.BIZ
Name Server: NS2.CASH4ME.BIZ
Created by Registrar: DIRECT INFORMATION PVT. LTD.,
(D.B.A. DIRECTI.COM)
Last Updated by Registrar: DIRECT INFORMATION PVT. LTD.,
(D.B.A. DIRECTI.COM)
Domain Registration Date: Sun Oct 24 18:24:03 GMT 2004
Domain Expiration Date: Sun Oct 23 23:59:59 GMT 2005
Domain Last Updated Date: Tue Feb 15 12:06:49 GMT 2005

69.50.168.148 - IP hosts 5 Total Domains ...
Showing 1 - 5 out of 5

Domain Name
1 ADMIN2CASH.BIZ.
2 CASH4ME.BIZ.
3 SP2ADMIN.BIZ.
4 TRAFFIC2CASH.BIZ.
5 WEB-RESULT.BIZ.

letgohome.com
IP Addresses: 69.31.85.146 <----------- Already blacklisted
IP Country: UNITED STATES
Reverse IP Lookup: IP hosts 5 domains

Hosting Company Name:
ICANN Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Creation Date: Jan 14 2005
Expiry Date: Jan 14 2006

Web Server: N/A
Website Status:

Registrant:
no
P5,
Barrandov,
Pod Gurkoi 26
Prague, CZ 15200
CZ
+420.728069564


Domain Name: LETGOHOME.COM

Administrative Contact:
Avdeiko, Stanislav
P5,
Barrandov,
Pod Gurkoi 26
Prague, CZ 15200
CZ
+420.728069564


Technical Contact:
Avdeiko, Stanislav
P5,
Barrandov,
Pod Gurkoi 26
Prague, CZ 15200
CZ
+420.728069564


Record last updated 01-14-2005 05:54:56 AM
Record expires on 01-14-2006
Record created on 01-14-2005

Domain servers in listed order:
NS1.HARDCOREOVER.COM 66.250.130.200
NS2.HARDCOREOVER.COM 69.31.80.114

69.31.85.146 - IP hosts 5 Total Domains ...
Showing 1 - 5 out of 5

Domain Name
1 GOTOSEX4ALL.COM.
2 LETGOHOME.COM.
3 MIG29HERE.COM.
4 WEBANALSEX.COM.
5 WIN-ETO.COM.

popupkiller2003.com
Reverse IP: Web server hosts 90979 websites !
Server Type: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a
IP Address: 67.19.98.98 (ARIN & RIPE IP search)
IP Location: - Theplanet.com Internet Services Inc

Name Server: NS1.RENTALQUEUE.COM NS2.RENTALQUEUE.COM
ICANN Registrar: COMPANA, LLC
Created: 23-jan-2005
Expires: 23-jan-2006
Status: ACTIVE


Domain popupkiller2003.com
Created 2005-02-07 19:39:14.525557
Nameservers:
ns1.rentalqueue.com
ns2.rentalqueue.com

Owner's Contact Information:
Manila Industries, Inc.
Attn: 7713 - 145
3522 2nd Floor Rm 2 AL 11 B
Lard Prao Road, Klongchan Bangkapi
Bangkok 10240
Phone: (66) 2-734-9741 xt 7713

Administrative and Technical Contact Information:
Manila Industries, Inc.
Attn: 7713 - 145
3522 2nd Floor Rm 2 AL 11 B
Lard Prao Road, Klongchan Bangkapi
Bangkok 10240
Phone: (66) 2-734-9741 xt 7713

67.19.98.98 - IP hosts 90979 Total Domains ... (Postinig 10 first domains from the list)
Showing 1 - 10 out of 90979

Domain Name
1 0-800HOROSCOPE.COM.
2 000000NWEBCAMNOW.COM.
3 007STILETTOSHOES.COM.
4 00FUNDAILYECARDS.COM.
5 011COMUNICATIONS.COM.
6 011MOBIL.COM.
7 02-SPORTS-INC.COM.
8 02CRUISES.COM.
9 04LYRICS.COM.
10 04RIVIVAL.COM.

thumbex.com
IP Addresses: 216.17.107.86
IP Country: UNITED STATES
Reverse IP Lookup: IP hosts 137 domains

Hosting Company Name:
ICANN Registrar: ATCOM TECHNOLOGY LLC
Creation Date: Jan 29 2004
Expiry Date: Jan 29 2006

Web Server: apache/1.3.27 (unix) mod_python/2.7.8 python/2.2.2 mod_layout/3.0.3 mod_perl/1.28 mod_throttle/3.1.2 frontpage/5.0.2.2510 mod_ssl/2.8.14 openssl/0.9.7c
Website Status: Active

Registration Service Provided By: Inexpensive Domains
Contact:
Visit: http://www.inexpensivedomainsregistration.com

Domain name: thumbex.com

Registrant Contact:
Varahalduse AS
Marianna Eestikind ()
+372.188123480008
Fax:
Narva mnt., 3-44
Tallin, 10151
EE

Administrative Contact:
Varahalduse AS
Marianna Eestikind ()
+372.188123480008
Fax:
Narva mnt., 3-44
Tallin, 10151
EE

Billing Contact:
samopal inc.
Vasya Pupkin ()
+1.188123480008
Fax:
Lenina st., 13-345
St.Petersburg, 195288
RU

Technical Contact:
Varahalduse AS
Marianna Eestikind ()
+372.188123480008
Fax:
Narva mnt., 3-44
Tallin, 10151
EE

Status: Locked

Name Servers:
ns1.blackseven.com
ns2.blackseven.com

Creation date: 29 Jan 2004 00:00:00
Expiration date: 29 Jan 2006 00:00:00

216.17.107.86 - IP hosts 137 Total Domains ...(Postinig 10 first domains from the list)
Showing 1 - 10 out of 137

Domain Name
1 1000-HITS.COM.
2 1123MANCHESTER.COM.
3 123NOUVELLE-CALEDONIE.COM.
4 1WORLDSEX.COM.
5 AAA-NC.NET.
6 ACTION-ENTREPRISES.COM.
7 ADULTMOVIEPORN.COM.
8 ALLOFBEST.COM.
9 ALLPHP.NET.
10 AMI-PIERROT.COM.

toolbarpartner.net
IP Addresses: 66.55.144.184
IP Country: UNITED STATES
Reverse IP Lookup: IP hosts 552 domains

Hosting Company Name:
ICANN Registrar: DIRECT INFORMATION PVT. LTD., DBA DIRECTI.COM
Creation Date: Oct 7 2004
Expiry Date: Oct 7 2005

Web Server: N/A
Website Status:

Registration Service Provided By: REAL INTERNATIONAL BUSINESS CORP.
Contact:
Abuse Desk Email Address:

Domain Name: TOOLBARPARTNER.NET

Registrant:
Oranger LLC
Oranger Savage ()
Nevsky pr. 1
St.Petersburg
null,190000
RU
Tel. +91.226370256

Creation Date: 07-Oct-2004
Expiration Date: 07-Oct-2005

Domain servers in listed order:
ns0.hqhost.net
ns1.hqhost.net


Administrative Contact:
Oranger LLC
Oranger Savage ()
Nevsky pr. 1
St.Petersburg
null,190000
RU
Tel. +91.226370256

Technical Contact:
Oranger LLC
Oranger Savage ()
Nevsky pr. 1
St.Petersburg
null,190000
RU
Tel. +91.226370256

Billing Contact:
Oranger LLC
Oranger Savage ()
Nevsky pr. 1
St.Petersburg
null,190000
RU
Tel. +91.226370256

----------Status:LOCKED------------
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel. This
feature is provided as a security measure against fraudulent domain name
hijacking.

66.55.144.184 - IP hosts 552 Total Domains ... (Postinig 10 first domains from the list)
Showing 1 - 10 out of 552

Domain Name
1 1-SEX-SITE.INFO.
2 1000FREELOVE.COM.
3 1001PORNGALLERIES.COM.
4 1001PORNPICS.COM.
5 100CD.BIZ.
6 10HARDGIRLS.COM.
7 12SEXYTEENS.COM.
8 1BIGNUMBER.COM.
9 1FREETEENSEX.COM.
10 1ST-MARRIAGE.COM.