Help - Search - Members - Calendar
Full Version: Atrivotech CWS Hijack Sites IP Ranges
B.I.S.S. Forums > Malware Research Forum > Malware IP Research Section
Moore
Mar 24 2005, 03:40 AM
Thanks to the webhelper:

CWS sites in the Atrivo IP block 69.50.160.0 - 69.50.191.255

Complete Details with the owners of each domain and IP is listed at my site at:

http://www.webhelper4u.com/CWS/cwsal_atrivo_ips.html

March 22, 2005
**************************

69.50.161.4 Burningsearch.com
69.50.161.4 clearsurfing.net
69.50.161.4 findyourgirl.net
69.50.161.4 girlswithphoto.com
69.50.161.4 searchphotots.com
69.50.161.4 snugweb.com
69.50.161.4 targetclicks.net
69.50.161.4 targetclicks.org
69.50.161.6 winmsn.com
69.50.161.10 Allspyware.net
69.50.161.10 allspyware.org
69.50.161.10 bestdrugsdeal.com
69.50.161.10 gogirlfriends.com
69.50.161.10 makeeasylive.com
69.50.161.10 specialdrugs.com
69.50.161.10 spykknd.com
69.50.161.10 spyopposition.com
69.50.161.10 spyopposition.org
69.50.161.11 Runs Exploits
69.50.161.82 calls chm exploit
69.50.163.253 123-find4u.com
69.50.163.253 123-search4u.com
69.50.163.253 123-searchengine.com
69.50.163.253 123find4u.com
69.50.163.253 123search4u.com
69.50.163.253 a-find4u.com
69.50.163.253 a-search4u.com
69.50.163.253 abc-find.com
69.50.163.253 abc-find4u.com
69.50.163.253 abc-search4u.com
69.50.163.253 abc-searchengine.com
69.50.163.253 abcfind4u.com
69.50.163.253 abcsearch4u.com
69.50.163.253 best-find4u.com
69.50.163.253 bestfind4u.com
69.50.163.253 bizonio.com
69.50.163.253 dorkodrom.com
69.50.163.253 dr-find4u.com
69.50.163.253 dr-search4u.com
69.50.163.253 dr-searchengine.com
69.50.163.253 drfind4u.com
69.50.163.253 drsearch4u.com
69.50.163.253 dubolom.com
69.50.163.253 find4u.net.
69.50.163.253 good-find4u.com
69.50.163.253 goodfind4u.com
69.50.163.253 goodsearch4u.com
69.50.163.253 goodsearchengine.com
69.50.163.253 hot-find.com
69.50.163.253 hot-find4u.com
69.50.163.253 hotfind4u.com
69.50.163.253 hotsearch4u.com
69.50.163.253 i-find4u.com
69.50.163.253 i-search4u.com
69.50.163.253 ie-find.com
69.50.163.253 ie-find4u.com
69.50.163.253 ie-search4u.com
69.50.163.253 ie-searchengine.com
69.50.163.253 iefind4u.com
69.50.163.253 iesearch4u.com
69.50.163.253 iesearchengine.com
69.50.163.253 kloun.com
69.50.163.253 klounada.com
69.50.163.253 last-find.com
69.50.163.253 last-find4u.com
69.50.163.253 lastfind4u.com
69.50.163.253 lastsearch4u.com
69.50.163.253 lastsearchengine.com
69.50.163.253 ms-find.com
69.50.163.253 ms-find4u.com
69.50.163.253 Ms-search-engine.com
69.50.163.253 ms-search4u.com
69.50.163.253 ms-searchengine.com
69.50.163.253 msfind4u.com
69.50.163.253 mssearch4u.com
69.50.163.253 my-find.com
69.50.163.253 my-find4u.com
69.50.163.253 my-search4u.com
69.50.163.253 my-searcher.com
69.50.163.253 myfind4u.com
69.50.163.253 mypoisk.com
69.50.163.253 mypoiskovik.com
69.50.163.253 mysearch4u.com
69.50.163.253 partokrat.com
69.50.163.253 quick-searcher.com
69.50.163.253 top-find4u.com
69.50.163.253 topfind4u.com
69.50.163.253 topotun.com
69.50.163.253 topsearch4u.com
69.50.163.253 tropotun.com
69.50.163.253 w-find.com
69.50.163.253 w-find4u.com
69.50.163.253 w-search4u.com
69.50.163.253 w-searchengine.com
69.50.163.253 wfind4u.com
69.50.163.253 win-find4u.com
69.50.163.253 win-search4u.com
69.50.163.253 win-searchengine.com
69.50.163.253 wind-find.com
69.50.163.253 wind-find4u.com
69.50.163.253 wind-search.com
69.50.163.253 wind-search4u.com
69.50.163.253 wind-searchengine.com
69.50.163.253 windfind4u.com
69.50.163.253 window-find.com
69.50.163.253 window-find4u.com
69.50.163.253 window-search.com
69.50.163.253 window-search4u.com
69.50.163.253 window-searchengine.com
69.50.163.253 windowfind.com
69.50.163.253 windowfind4u.com
69.50.163.253 windows-find.com
69.50.163.253 windows-find4u.com
69.50.163.253 windows-search4u.com
69.50.163.253 windows-searchengine.com
69.50.163.253 windowsearch4u.com
69.50.163.253 windowsearchengine.com
69.50.163.253 windowsfind4u.com
69.50.163.253 windowssearch4u.com
69.50.163.253 windowssearchengine.com
69.50.163.253 Windsearch4u.com
69.50.163.253 windsearchengine.com
69.50.163.253 winfind4u.com
69.50.163.253 winsearch4u.com
69.50.163.253 winsearchengine.com
69.50.163.253 wsearch4u.com
69.50.163.253 wsearchengine.com
69.50.163.253 your-find.com
69.50.163.253 your-searcher.com
69.50.163.253 youriskalka.com
69.50.163.253 yourpoiskovik.com
69.50.163.253 yoursearcher.com
69.50.164.123 ns2.play-with-girls.com
69.50.164.123 fastsearchweb.com
69.50.164.123 FINDSPYWARE.NET
69.50.164.123 MSNAGENT.COM
69.50.164.123 SEARCH-SOFT.NET
69.50.164.123 V5MSN.COM
69.50.164.124 historyoff.com
69.50.164.124 popclose.com
69.50.164.124 wareout.com
69.50.164.125 adultgambling.net
69.50.164.125 adultxxxgames.net
69.50.164.125 easywebdating.net
69.50.164.125 girlsforgambling.com
69.50.164.125 girlsforgambling.net
69.50.164.125 girlsforgames.com
69.50.164.125 hostanddomain.net
69.50.164.125 insurancedeal.net
69.50.164.125 livepokeroom.com
69.50.164.125 livepokeroom.net
69.50.164.125 money-athome.net
69.50.164.125 personal-photo.net
69.50.164.125 playwithchicks.com
69.50.164.125 playwithchicks.net
69.50.164.125 play-with-girls.com
69.50.164.125 pokerwithgirls.net
69.50.164.125 sexandpoker.com
69.50.164.125 sexandpoker.net
69.50.164.125 trustedpharmacy.net
69.50.164.125 vipgambling.net
69.50.164.251 py0.net
69.50.166.10 find-itnow.com
69.50.166.194 smart-security.info
69.50.168.146 newiframe.biz
69.50.168.146 4download.biz
69.50.168.146 traffi4sale.biz
69.50.168.148 admin2cash.biz
69.50.168.148 cash4me.biz
69.50.168.148 sp2admin.biz
69.50.168.148 traffic2cash.biz
69.50.168.148 web-result.biz
69.50.168.149 antiblock.biz
69.50.168.149 private-iframe.biz
69.50.168.149 oranger.biz
69.50.170.18 easy-search.biz
69.50.170.37 searchdom.net
69.50.170.125 deaFR176.exe
69.50.170.212 69.50.170.212/connect.cgi
69.50.173.3 ALLABOUTVIRGINS.COM
69.50.173.3 ALLXXXTEEN.COM.
69.50.173.3 ENLARGEYOURPOCKETS.COM.
69.50.173.3 FREEANDEXCLUSIVE.COM.
69.50.173.3 FULLHQGALLERIES.COM.
69.50.173.3 HOTOFFERS.INFO.
69.50.173.3 LUST-MATURE.COM.
69.50.173.3 TEENS-DREAMS.NET.
69.50.173.3 WEAREHOSTERS.COM
69.50.177.100 Chm exploit and rdgUS780.exe dialer
69.50.179.154 0websearch.com
69.50.179.154 all-websearch.com
69.50.179.154 CONYC.COM
69.50.179.154 HOT-DAILY-PICS.COM.
69.50.179.154 NUDE-TEENS-BODIES.COM
69.50.179.154 ONLYGOODSEARCH.COM
69.50.179.154 SEARCHPORTAL.INFO
69.50.179.217 esthost.com
69.50.182.140 unbella.com
69.50.182.140 softmob
69.50.182.141 seprivate.com
69.50.182.141 wagemax.com
69.50.182.142 freerapesites.com
69.50.182.142 incest2.com
69.50.182.142 notrape.com
69.50.182.142 rapenew.com
69.50.182.142 wrape.com
69.50.182.142 rapes.biz
69.50.183.217 gosurfy.com
69.50.184.228 600pics.com
69.50.187.105 sagacloud.net
69.50.187.110 rootsearch.biz
69.50.187.194 find-online.net
69.50.187.218 coolsearch.biz
69.50.187.219 vse-moe.biz
69.50.187.221 bettersearch.biz
69.50.187.221 myiframe.biz
69.50.187.221 sexyphotos.biz
69.50.187.222 pizdato.biz
69.50.187.222 private-dialer.biz
69.50.187.222 private-toolbar.biz
69.50.188.54 vv3.s1.topx.cc
127.0.0.1 s1.topx.cc
69.50.188.82 buldog-search.com
69.50.188.82 BULDOG-STATS.COM
69.50.188.82 CREAMEDPUSSY.NET
69.50.189.114 jetsearch.org
69.50.191.51 autosearch.cc
69.50.191.52 BestSearch.cc
69.50.191.66 xpehbam.biz
69.50.191.67 afris.biz
69.50.191.68 24-7-search.com
69.50.191.133 estdomains.com
None sp2fucked.biz
None moreporn.biz
Webhelper
Apr 21 2005, 09:33 PM
Update April 21 2005

**************************
New addition: 69.50.177.98 iqsearch.cc working with the henrybison find4u.com exploits

**

69.50.161.4 Burningsearch.com
69.50.161.4 clearsurfing.net
69.50.161.4 findyourgirl.net
69.50.161.4 girlswithphoto.com
69.50.161.4 searchphotots.com
69.50.161.4 snugweb.com
69.50.161.4 targetclicks.net
69.50.161.4 targetclicks.org
69.50.161.6 winmsn.com
69.50.161.10 Allspyware.net
69.50.161.10 allspyware.org
69.50.161.10 bestdrugsdeal.com
69.50.161.10 gogirlfriends.com
69.50.161.10 makeeasylive.com
69.50.161.10 specialdrugs.com
69.50.161.10 spykknd.com
69.50.161.10 spyopposition.com
69.50.161.10 spyopposition.org
69.50.161.11 Runs Exploits
69.50.161.82 calls chm exploit
69.50.164.123 ns2.play-with-girls.com
69.50.164.123 fastsearchweb.com
69.50.164.123 FINDSPYWARE.NET
69.50.164.123 MSNAGENT.COM
69.50.164.123 SEARCH-SOFT.NET
69.50.164.123 V5MSN.COM
69.50.164.124 historyoff.com
69.50.164.124 popclose.com
69.50.164.124 wareout.com
69.50.164.125 adultgambling.net
69.50.164.125 adultxxxgames.net
69.50.164.125 easywebdating.net
69.50.164.125 girlsforgambling.com
69.50.164.125 girlsforgambling.net
69.50.164.125 girlsforgames.com
69.50.164.125 hostanddomain.net
69.50.164.125 insurancedeal.net
69.50.164.125 livepokeroom.com
69.50.164.125 livepokeroom.net
69.50.164.125 money-athome.net
69.50.164.125 personal-photo.net
69.50.164.125 playwithchicks.com
69.50.164.125 playwithchicks.net
69.50.164.125 play-with-girls.com
69.50.164.125 pokerwithgirls.net
69.50.164.125 sexandpoker.com
69.50.164.125 sexandpoker.net
69.50.164.125 trustedpharmacy.net
69.50.164.125 vipgambling.net
69.50.164.251 py0.net
69.50.165.226 jxzz.info
69.50.165.228 best-voyeur.info
69.50.165.229 avbj.info - comes with 600pics
69.50.166.10 find-itnow.com
69.50.166.10 consoleads.com
69.50.166.10 AZENETWORK.COM.
69.50.166.10 AZESEARCH.COM.
69.50.166.10 CONSOLEADS.COM.
69.50.166.10 CWBSEARCH.COM.
69.50.166.10 GETDAFUCK.COM.
69.50.166.10 SEEK-ASK.COM
69.50.166.194 smart-security.info
69.50.168.146 newiframe.biz
69.50.168.146 4download.biz
69.50.168.146 traffi4sale.biz
69.50.168.148 admin2cash.biz
69.50.168.148 cash4me.biz
69.50.168.148 sp2admin.biz
69.50.168.148 traffic2cash.biz
69.50.168.148 web-result.biz
69.50.168.149 antiblock.biz
69.50.168.149 private-iframe.biz
69.50.168.149 oranger.biz
69.50.170.18 easy-search.biz
69.50.170.18 WORLDTRACKER.BIZ
69.50.170.18 TOPRESULTS.BIZ.
69.50.170.18 THUMBSDOT.COM.
69.50.170.18 SMUTOCEAN.COM
69.50.170.18 SECURITYUPDATER.COM.
69.50.170.18 w12.biz called in Notepad.exe
69.50.170.37 searchdom.net
69.50.170.125 deaFR176.exe
69.50.170.210 Agedwhores.com
69.50.170.210 censoredrape.com
69.50.170.210 cumongranny.com
69.50.170.210 femdomportal.com
69.50.170.210 huy-search.info
69.50.170.210 sexxxymature.com
69.50.170.210 thebestse.com
69.50.170.210 x-matures.net
69.50.170.211 Dotfreeporn.com
69.50.170.211 foreverfreeporn.com
69.50.170.211 freepornhome.com
69.50.170.211 freepornjobs.com
69.50.170.211 homefreeporn.com
69.50.170.211 pornfreemail.com
69.50.170.211 pornfreemedia.com
69.50.170.211 pornfreestore.com
69.50.170.211 pornsetfree.com
69.50.170.211 tradepornfree.com
69.50.170.212 69.50.170.212/connect.cgi
69.50.171.122 jupitersatellites.biz
69.50.171.122 Nicosiamurssnuset.biz
69.50.171.122 Realpan.com
69.50.171.122 Reddest.org
69.50.172.99 mssearch4u.com
69.50.173.2 Loosingvirginity.com
69.50.173.2 Lostvirginitypics.com
69.50.173.2 Neverseenvirgins.com
69.50.173.2 Rarevirginspics.com
69.50.173.3 Allaboutvirgins.com
69.50.173.3 allxxxteen.com
69.50.173.3 enlargeyourpockets.com
69.50.173.3 freeandexclusive.com
69.50.173.3 fullhqgalleries.com
69.50.173.3 hotoffers.info
69.50.173.3 lust-mature.com
69.50.173.3 teens-dreams.net
69.50.173.3 wearehosters.com
69.50.173.4 pshik.com
69.50.173.5 globolook.com
69.50.176.156 called by ipdnssec6.exe
69.50.177.100 Chm exploit and rdgUS780.exe dialer
69.50.179.154 0websearch.com
69.50.179.154 all-websearch.com
69.50.179.154 CONYC.COM
69.50.179.154 HOT-DAILY-PICS.COM.
69.50.179.154 NUDE-TEENS-BODIES.COM
69.50.179.154 ONLYGOODSEARCH.COM
69.50.179.154 SEARCHPORTAL.INFO
69.50.179.217 esthost.com
69.50.182.140 unbella.com
69.50.182.140 softmob
69.50.182.141 seprivate.com
69.50.182.141 wagemax.com
69.50.182.142 freerapesites.com
69.50.182.142 incest2.com
69.50.182.142 notrape.com
69.50.182.142 rapenew.com
69.50.182.142 wrape.com
69.50.182.142 rapes.biz
69.50.172.99 123-find4u.com
69.50.172.99 123-search4u.com
69.50.172.99 123-searchengine.com
69.50.172.99 123find4u.com
69.50.172.99 123search4u.com
69.50.172.99 a-find4u.com
69.50.172.99 a-search4u.com
69.50.172.99 abc-find.com
69.50.172.99 abc-find4u.com
69.50.172.99 abc-search4u.com
69.50.172.99 abc-searchengine.com
69.50.172.99 abcfind4u.com
69.50.172.99 abcsearch4u.com
69.50.172.99 best-find4u.com
69.50.172.99 bestfind4u.com
69.50.172.99 bizonio.com
69.50.172.99 dorkodrom.com
69.50.172.99 dr-find4u.com
69.50.172.99 dr-search4u.com
69.50.172.99 dr-searchengine.com
69.50.172.99 drfind4u.com
69.50.172.99 drsearch4u.com
69.50.172.99 dubolom.com
69.50.172.99 find4u.net.
69.50.172.99 good-find4u.com
69.50.172.99 goodfind4u.com
69.50.172.99 goodsearch4u.com
69.50.172.99 goodsearchengine.com
69.50.172.99 hot-find.com
69.50.172.99 hot-find4u.com
69.50.172.99 hotfind4u.com
69.50.172.99 hotsearch4u.com
69.50.172.99 i-find4u.com
69.50.172.99 i-search4u.com
69.50.172.99 ie-find.com
69.50.172.99 ie-find4u.com
69.50.172.99 ie-search4u.com
69.50.172.99 ie-searchengine.com
69.50.172.99 iefind4u.com
69.50.172.99 iesearch4u.com
69.50.172.99 iesearchengine.com
69.50.172.99 kloun.com
69.50.172.99 klounada.com
69.50.172.99 last-find.com
69.50.172.99 last-find4u.com
69.50.172.99 lastfind4u.com
69.50.172.99 lastsearch4u.com
69.50.172.99 lastsearchengine.com
69.50.172.99 ms-find.com
69.50.172.99 ms-find4u.com
69.50.172.99 Ms-search-engine.com
69.50.172.99 ms-search4u.com
69.50.172.99 ms-searchengine.com
69.50.172.99 msfind4u.com
69.50.172.99 mssearch4u.com
69.50.172.99 my-find.com
69.50.172.99 my-find4u.com
69.50.172.99 my-search4u.com
69.50.172.99 my-searcher.com
69.50.172.99 myfind4u.com
69.50.172.99 mypoisk.com
69.50.172.99 mypoiskovik.com
69.50.172.99 mysearch4u.com
69.50.172.99 partokrat.com
69.50.172.99 quick-searcher.com
69.50.172.99 top-find4u.com
69.50.172.99 topfind4u.com
69.50.172.99 topotun.com
69.50.172.99 topsearch4u.com
69.50.172.99 tropotun.com
69.50.172.99 w-find.com
69.50.172.99 w-find4u.com
69.50.172.99 w-search4u.com
69.50.172.99 w-searchengine.com
69.50.172.99 wfind4u.com
69.50.172.99 win-find4u.com
69.50.172.99 win-search4u.com
69.50.172.99 win-searchengine.com
69.50.172.99 wind-find.com
69.50.172.99 wind-find4u.com
69.50.172.99 wind-search.com
69.50.172.99 wind-search4u.com
69.50.172.99 wind-searchengine.com
69.50.172.99 windfind4u.com
69.50.172.99 window-find.com
69.50.172.99 window-find4u.com
69.50.172.99 window-search.com
69.50.172.99 window-search4u.com
69.50.172.99 window-searchengine.com
69.50.172.99 windowfind.com
69.50.172.99 windowfind4u.com
69.50.172.99 windows-find.com
69.50.172.99 windows-find4u.com
69.50.172.99 windows-search4u.com
69.50.172.99 windows-searchengine.com
69.50.172.99 windowsearch4u.com
69.50.172.99 windowsearchengine.com
69.50.172.99 windowsfind4u.com
69.50.172.99 windowssearch4u.com
69.50.172.99 windowssearchengine.com
69.50.172.99 Windsearch4u.com
69.50.172.99 windsearchengine.com
69.50.172.99 winfind4u.com
69.50.172.99 winsearch4u.com
69.50.172.99 winsearchengine.com
69.50.172.99 wsearch4u.com
69.50.172.99 wsearchengine.com
69.50.172.99 your-find.com
69.50.172.99 your-searcher.com
69.50.172.99 youriskalka.com
69.50.172.99 yourpoiskovik.com
69.50.172.99 yoursearcher.com
69.50.177.98 iqsearch.cc
69.50.183.217 gosurfy.com
69.50.184.90 teens-revolution.biz
69.50.184.228 600pics.com
69.50.187.105 sagacloud.net
69.50.187.110 rootsearch.biz
69.50.187.194 find-online.net
69.50.187.218 coolsearch.biz
69.50.187.219 vse-moe.biz
69.50.187.221 bettersearch.biz
69.50.187.221 myiframe.biz
69.50.187.221 sexyphotos.biz
69.50.187.222 pizdato.biz
69.50.187.222 private-dialer.biz
69.50.187.222 private-toolbar.biz
69.50.188.51 d8t.info
69.50.188.54 vv3.s1.topx.cc
69.50.188.54 count.cc
69.50.188.132 best-find.org
69.50.188.132 my-google.biz
69.50.188.132 AIRTEENS.COM.
69.50.188.132 ANTIZEND.COM.
69.50.188.132 ARETECH.ORG.
69.50.188.132 FHG2.COM.
69.50.188.132 GAY-PLANET.BIZ.
69.50.188.132 GOLDENSEARCH.BIZ.
69.50.188.132 INTERWAY-SOLUTIONS.COM.
69.50.188.132 KRISTALLSOFT.COM.
69.50.188.132 MOMSPORNMOVIES.COM.
69.50.188.132 MOMSPORNPICS.COM.
69.50.188.132 PILLSGALAXY.COM.
69.50.188.132 SDTTEENS.COM.
69.50.188.132 SEXICAT.COM.
69.50.188.132 SEXTI.NET.
69.50.188.132 SHEMALESFUN.COM.
69.50.188.132 TITFUNS.COM.
69.50.188.132 TRI-Z.COM.
69.50.188.132 USAPORN.ORG.
127.0.0.1 s1.topx.cc
69.50.188.82 buldog-search.com
69.50.188.82 BULDOG-STATS.COM
69.50.188.82 CREAMEDPUSSY.NET
69.50.189.114 jetsearch.org
69.50.191.51 autosearch.cc
69.50.191.52 BestSearch.cc
69.50.191.66 xpehbam.biz
69.50.191.68 Runs exploits
69.50.191.133 estdomains.com
69.50.191.148 s13.dupx.cc
69.50.191.148 t.swapx.cc
None sp2fucked.biz

moreporn.biz
Moved to 67.15.35.183 John Miller Liber Inc Cyprus CY

If they just moved moreporn.biz, I am waiting to see if they get a new IP for the sp2fucked.biz.
Webhelper
May 5 2005, 02:30 PM
I have just finished updating the Atrivo block and have more sites listed. This time I also have the whois owners listed.

I am now working with security experts at castlecops in going thru the Atrivo sites and documenting all the run exploits.

http://www.webhelper4u.com/CWS/cwsal_atrivo_ips.html

There will also be a new format with my CWS listings where I will be including as much info as possible for each domain I list. I also found that I need to watch how I update as a University in England emailed me the other day and stated they use my lists for their black hole DNS smile.gif
Moore
Jun 7 2005, 02:29 PM
Yeah I think a lot of people would want to use your research for DNS blackhole / IP blocking purposes , I know I do.. biggrin.gif Its simply the best protection you can get from these scumbags...


This looks like a new one , thanks to Kim for picking it up.

69.50.166.109
www.interestsdirs.com
www.Goforsearch.com
69.50.160.0 - 69.50.191.255
Atrivo

http://www.geekstogo.com/forum/popuperexe-t30663.html
Moore
Jul 28 2006, 01:32 AM
Noticed this file from our friends at the Atrivotech malware network today , from a Norman sandbox report..

Active file :
hxxp://download.secureyournet.biz/*/ppiigg.exe.

In the header of the file is this expired domain and file :
hxxp://nicosiamurssnuset.biz/b23/cfg.dat
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.