Questa è una lista di indirizzi Ip che i creatori del virus Gromozon e/o DialCall usano per diffondere la loro spazzatura.
[adesso in realta' contiene ip pericolosi di moltissimi altri tipi di malware e in particolare quelli relativi alla cybercriminalità russa (RBN) ]Utilizzate un firewall per bloccarli. Eviterete moltissime rotture di scatole (come ad esempio il furto di dati personali , l'installazione di dialer e che il vostro pc venga utilizzato come server spam o per un attacco DDos) con questo semplice accorgimento.Inutile dire che un antivirus è indispensabile lo stesso.
Ottimi sono
Kaspersky 7 o 8, Nod32 per la leggerezza (anche se non all'altezza del primo nella quantita' di virus che riesce ad individuare e ultimamente sta diventando sempre meno efficace) e
Prevx (anche nella versione CSI) che pero' è un tool antimalware.
Un altro prodotto eccellente è
AVIRA antivir 8 (anche nella versione free)
Ricordo che basta la navigazione su di un sito con determinati exploit con una versione di windows non aggiornata con tutte le patch, per infettarsi e purtroppo di pagine web civetta ce ne sono migliaia ed anche ben indicizzate da google, yahoo e live-msn.
E' necessario procedere all'aggiornamento anche dei programmi (acrobat reader, quicktime , winzip, flash, ecc.) perche' anche le vulnerabiltà di questi software possono essere sfruttate per colpire il nostro sistema.
Utilizzate
Secunia inspector per vedere se siete a rischio.
Il mio suggerimento è di utilizzare il browser
Firefox 3 con le estensioni
NoScript ,
Showip e/o Flagfox.
Anche
mcafee site advisor puo' essere utile anche se non sempre è affidabilissimo.
Ultimamente sto usando con soddisfazione
WOT (web of trust) , una applicazione simile al mcafee ma a mio avviso piu' accurata e precisa nel giudizio sulla pericolosita' dei siti .
Se poi metteste una sandbox sul browser (come ad esempio
sandboxie) ancora meglio.
Ovviamente se utilizzate win 2000/xp potreste evitare di utilizzare il pc con i diritti di amministratore.
N.B. La blacklist non contiene solo indirizzi IP malevoli riconducibili al team CWS/Gromozon (RBN) Russian Business NetworkCerchero' di aggiornare la lista appena saro' a conoscenza di nuove varianti del virus-rootkit o pagine civetta localizzati su altri server.
Per il momento:
LISTA AGGIORNATA AL 2/1/2009 ore 13:00195.225.176.0-195.225.179.255 NETCATHOST Ucraina
195.234.159.0 - 195.234.159.255 LINO-NET Israele
85.255.112.0-85.255.127.255 Inhoster hosting company Ucraina
69.50.160.0-69.50.191.255 InterCage, Inc. USA
81.29.240.0-81.29.242.63 GLOBALTRADE-NET-1 Russia
67.15.64.166-67.15.64.168 Exploit su questi 3 ip USA
69.31.0.0 - 69.31.143.255 Pilosoft, Inc USA
66.230.128.0 - 66.230.191.255 ISPrime, Inc USA
208.66.195.78 McColo Corporation USA (probabilmente
208.66.192.0 - 208.66.195.255 )
204.13.160.26 Oversee.net USA (probabilmente
204.13.160.0 - 204.13.163.255)
216.195.32.0 - 216.195.63.255 Dimago Overseas GmbH NET
216.255.176.0 - 216.255.191.255 InterCage USA
195.95.218.0 - 195.95.219.255 INHOSTER Ucraina
69.22.128.0 - 69.22.191.255 nLayer Communications - InterCage USA
64.28.176.0 - 64.28.191.255 Cernel, Inc - InterCage, Inc. USA
216.32.0.0 - 216.35.255.255 Savvis Layered Technologies, Inc. (famoso per il phishing di numerose banche e anche di posteitaliane )
208.101.0.0 - 208.101.63.255 SoftLayer Technologies Inc. USA
209.85.0.0 - 209.85.127.255 Everyones Internet USA
65.23.128.0 - 65.23.159.255 Datarealm Internet Services USA
64.111.192.0 - 64.111.223.255 ISPrime, Inc. USA
69.61.0.0 - 69.61.127.255 Global Compass, Inc. USA
213.186.116.0 - 213.186.116.255 Utel DataCenter networks. Colocation Ucraina
70.84.0.0 - 70.87.255.255 ThePlanet.com Internet Services, Inc. USA (
escludere dal blocco 70.86.248.122 , 70.85.249.221) *
qui ci sono anche siti legittimi216.240.128.0 - 216.240.159.255 ATMLINK, INC. USA
216.195.32.0 - 216.195.63.255 APS Telecom USA
209.66.64.0 - 209.66.127.255 Abovenet Communications, Inc Usa
195.242.98.0 - 195.242.99.255 INTERNETWORX Olanda
218.38.13.201 KRNIC-KR Korea
67.15.119.27 Infodialer.biz (vi ricordate il bastardo master69?)
66.98.234.86 traffic-advance.net
67.15.90.95 hostance.net
84.252.157.79 RUSONYX-NET Russia (quasi sicuramente
84.252.152.0 - 84.252.159.255)
89.253.244.177 Rusonyx, Ltd. Russia (quasi sicuramente
89.253.192.0 - 89.253.255.255)
72.232.0.0 - 72.232.255.255 Savvis-Layered Technologies, Inc. USA
194.178.112.149 Sito pornografico che sfrutta i dialer
194.178.112.150 Mega deposito di Dialer per Usa e vari paesi europei Italia compresa (non credo legati a gromozon team) Olanda
216.193.192.0 - 216.193.255.255 Mzima Networks, Inc. USA
72.36.128.0 - 72.36.255.255 Layered Technologies, Inc. USA (
escludere dal blocco 72.36.226.2 truecrypt) *
qui ci sono anche siti legittimi66.221.0.0 - 66.221.255.255 C I Host USA
67.18.0.0 - 67.19.255.255 ThePlanet.com Internet Services, Inc. USA (
escludere dal blocco 67.18.178.4 , i server PG2 , 67.19.167.98) *
qui ci sono anche siti legittimi216.246.16.234 HostForWeb Inc. (eventualmente
216.246.0.0 - 216.246.127.255) USA
205.234.235.92 HostForWeb Inc. (eventualmente
205.234.128.0 - 205.234.255.255) USA
66.36.224.0 - 66.36.255.255 HopOne Internet Corporation USA (
escludere 66.36.252.57) *
qui ci sono anche siti legittimi207.150.160.0 - 207.150.191.255 Sago Networks USA
75.126.0.0 - 75.126.255.255 SoftLayer Technologies Inc. USA
64.124.0.0 - 64.125.255.255 Abovenet Communications, Inc USA
85.249.128.0 - 85.249.143.255 DATAPOINT-NET1 Russia
69.25.0.0 - 69.25.255.255 Internap Network Services USA
209.85.51.152 Everyones Internet (eventualmente
209.85.0.0 - 209.85.127.255)United Arab Emirates (server USA)
206.161.0.0 - 206.161.255.255 Beyond The Network America, Inc USA
64.237.48.241 Choopa, LLC (eventualmente
64.237.32.0 - 64.237.63.255) USA
195.238.242.0 - 195.238.242.255 MEDIADAT-MOLDOVA
209.85.84.157 Everyones Internet (range completo gia' segnato come eventuale) USA
209.67.0.0 - 209.67.255.255 Savvis USA
64.72.112.0 - 64.72.127.255 Alpha Red, INC USA
209.160.0.0 - 209.160.79.255 HopOne Internet Corporation USA
88.214.192.0 - 88.214.255.255 UK-UAONLINE UK
80.77.80.0 - 80.77.95.255 UK-UAONLINE UK
72.29.64.0 - 72.29.95.255 HostDime.com, Inc USA
203.174.83.36 falso codec - Singapore
125.212.47.244 exploit (Errorsafe) SKYINET-PH Philippines
207.234.185.217 Errosafe Affinity Internet, Inc USA
81.9.5.0 - 81.9.5.255 ELTEL Russia
66.98.244.107 (exploit) Everyones Internet USA
82.208.60.0 - 82.208.63.255 UPL-TELECOM-CZ Czech Republic
212.175.219.0 - 212.175.219.255 DGNteknoloji Turkey
64.38.0.0 - 64.38.63.255 FastServers, Inc USA
70.47.93.204 Net Access Corporation USA
69.60.96.0 - 69.60.127.255 Infolink Information Services Inc. USA
217.11.233.0 - 217.11.233.255 UPL-TELECOM-CZ Czech Republic
68.178.232.57 alias virgilio.us, registrato tramite Go Daddy Software Usa
213.244.183.222 (eventualmente
213.244.183.192 - 213.244.183.223 ) EXTREME-NL Netherlands
65.77.0.0 - 65.77.255.255 Level 3 Communications, Inc. USA
205.252.0.0 - 205.252.255.255 Beyond The Network America, Inc. USA
63.208.0.0 - 63.215.255.255 Level 3 Communications, Inc. USA
209.200.0.0 - 209.200.63.255 Webair Internet Development Inc USA
69.42.64.0 - 69.42.95.255 Webair Internet Development Inc USA
216.130.160.0 - 216.130.191.255 Webair Internet Development Inc USA
69.57.136.90 specialstat.com, hiperstat.com, freestat.ws ecc. Everyones Internet USA
207.44.196.2 webmeter.ws, www.superstat.info ecc. Everyones Internet
USA66.98.220.67 megastat.net webmobile.ws ecc. Everyones Internet
USA67.15.221.147 histats.com Everyones Internet USA
67.15.58.196 0stat.com Everyones Internet USA
67.159.0.0 - 67.159.63.255 FDC Servers.net, LLC USA
69.64.32.0 - 69.64.63.255 Server4You Inc USA
87.118.96.117 Keyweb AG IP Network Germany
64.14.0.0 - 64.14.255.255 SAVVIS USA
67.24.0.0 - 67.31.255.255 Level 3 Communications, Inc USA
83.149.110.1 NFORCE Netherlands
66.118.128.0 - 66.118.191.255 SAGO USA
166.90.0.0 - 166.90.255.255 Level 3 Communications, Inc USA
209.0.0.0 - 209.0.255.255 Level 3 Communications, Inc USA
207.90.128.0 - 207.90.191.255 Level 3 Communications, Inc USA
206.15.0.0 - 206.15.31.255 Level 3 Communications, Inc USA
192.231.42.0 - 192.231.42.255 Level 3 Communications, Inc USA
64.152.0.0 - 64.159.255.255 Level 3 Communications, Inc USA
209.244.0.0 - 209.247.255.255 Level 3 Communications, Inc USA
69.57.150.226 Everyones Internet USA
209.185.0.0 - 209.185.255.255 Savvis USA
125.212.47.243 servercodecs.com Philippines
125.212.47.244 Philippines
125.212.47.5 Philippines
195.62.225.150 Teleasp ltd societa' britannica collegata ad eutelia s.p.a Italia !!!
64.237.45.146 www.studentessetroie.com/dialers/ Choopa, LLC USA
82.204.219.0 - 82.204.219.255 POCHTA_RU-NET Russia
69.46.16.231 HIVELOCITY VENTURES CORP USA
74.52.110.187 ThePlanet.com USA (eventualmente
74.52.0.0 - 74.53.255.255)
213.235.135.106,213.235.135.107 home.tiscali.cz:8080/mypge/node36.html
home.tiscali.cz:8080/mypge/node37.html
home.tiscali.cz:8080/mypge/node38.html
81.29.240.0 - 81.29.242.63 UPL TELECOM, s.r.o. Czech Republic
63.216.0.0 - 63.223.255.255 Beyond The Network America, Inc.
87.118.96.117 Keyweb AG IP Network Germany
84.19.178.108 Keyweb AG IP Network Germany
202.222.30.16 Japan Network Information Center Japan
66.90.105.50 - 66.90.105.59 (eventualmente
66.90.64.0 - 66.90.127.255) FDC Servers.net, LLC USA
82.196.5.220 - 82.196.5.221 INETWORK is IEUROP SAS NETWORK France
82.196.5.70 - 82.196.5.79 INETWORK is IEUROP SAS NETWORK France
203.174.83.109 - 203.174.83.110 Mizuwork, Singapore
209.190.85.230 Columbus Network Access Point, Inc. UK
216.66.21.151 Hurricane Electric USA
206.51.234.61 - 206.51.234.62 NOC4Hosts Inc.usa
66.232.119.3 NOC4Hosts Inc.
89.108.64.0 - 89.108.71.255 AGAVA-DATACENTER-NET Russia
81.177.16.0 - 81.177.17.255 NETHOUSE-MOSCOW Russia
38.113.169.25,38.113.169.100,38.113.169.200,38.113.169.150,38.113.169.250,38.113.169.3,38.113.169.70,38.113.169.50 Performance Systems International Inc. USA
222.73.247.123 CHINANET-SH China (virus associato ad un sito infetto di ASUS)
205.209.187.141 Managed Solutions Group, Inc. USA
209.85.51.180 Everyones Internet United Arab Emirates (server Usa)
81.95.148.0 - 81.95.151.255 Too Coin Software Limited Russia209.63.57.10 Electric Lightwave Inc USA
81.0.250.0 - 81.0.250.255 UPL TELECOM, s.r.o
209.190.85.245 Columbus Network Access Point, Inc. UK
208.70.75.153 AirlineReservations.Com, Inc. Usa
194.135.19.107 www.oemtop.com (probabilmente
194.135.19.0 - 194.135.19.255) RELCOM.BUSINESS NETWORK" Ltd. Russia
67.15.113.102 - 67.15.113.106 vari siti civetta Everyones Internet USA
58.65.239.180 HOSTFRESH Hong Kong
194.146.207.23 (eventualmente
194.146.204.0 - 194.146.207.255) Nevacon Ltd Russia
64.62.137.149 Hurricane Electric Usa
209.51.196.244 eNET Inc. Usa
204.16.204.56 Setupahost Canada
81.177.8.30 (eventualmente
81.177.8.0 - 81.177.9.255) Consult It Co. Ltd Russia
202.75.49.185 Telekom Malaysia Berhad Malaysia
85.249.135.11 vxcvz.com, burgundy.ru (
85.249.128.0 - 85.249.143.255) DATAPOINT-NET1 Russia
216.12.223.146 Specialstat.com , Hiperstat.com ecc.
216.12.207.67 - 216.12.207.77 superstat.info, webmeter.ws, www.statistiche.ws ecc.
66.98.226.25 easyaccesssite.com
207.218.211.2 extra.advertising.com.bestpage-com.biz , www.page-extras.biz
212.39.31.11 flat.instantdoor.com
64.56.68.12 freestats.ws
206.51.234.64 NOC4Hosts Inc USA
220.164.140.235 my-securedoc.com CHINANET-YN China
87.248.163.0 - 87.248.163.255 SC STARNET SRL Moldova
38.103.54.124 Performance Systems International Inc Usa
203.121.71.183 kleman.info Time Telecommunications Malaysia
217.116.228.35 DataWorld Network 1 Netherlands
217.20.163.25 W NET ISP ( eventualmente
217.20.160.0 - 217.20.163.255) Ucraina
64.202.120.142 Server Central Network Usa
84.252.148.80 (quasi sicuramente
84.252.148.0 - 84.252.149.255) MCHOST Russia
69.46.29.138 HIVELOCITY VENTURES CORP Usa
66.232.119.7 NOC4Hosts Inc. Usa
67.15.239.1 - 67.15.239.127 Everyones Internet Usa (assegnati Moldova)
88.198.120.210 - 88.198.120.222 Marcin Janicki Germany
208.70.78.139 - 208.70.78.142 AirlineReservations.Com, Inc. Usa
70.87.127.102 getactual.info ThePlanet com Internet Services, Inc Usa
212.176.41.8 GRL-EQUANT-NET russia
206.161.121.115 Beyond The Network America, Inc. Usa (server Russo)
209.8.0.0 - 209.9.255.255 Beyond The Network America, Inc. Usa
212.187.128.0 - 212.187.255.255 Level 3 Communications UK
204.16.207.50 www.drivecleaner.com
66.244.254.64, 66.244.254.63 (errorsafe,system doctor) Big Pipe Inc.Canada
207.58.145.114 www.sesso-perverso.ws ServInt Corp Usa
87.248.208.22 system doctor Limelight Networks Inc Netherlands
64.38.33.10 - 64.38.33.14 FastServers, Inc Usa
81.95.144.0 - 81.95.147.255 RBusiness Network (Russia)
58.65.239.0 - 58.65.239.255 Hostfresh Hong Kong
82.196.5.222 INETWORK-IEUROP France
203.121.71.165 - 203.121.71.166 hackhost.biz Malaysia
91.192.117.0 - 91.192.117.12 Todayhost Limited UK
207.226.0.0 - 207.226.255.255 Beyond The Network America, Inc. Usa
91.121.21.45 Ovh Sas France
193.200.255.17 X-HOST.UA Network UK (server Ucraino? anche siti legittimi)
82.196.5.73 INETWORK is IEUROP SAS NETWORK France
87.248.176.0 - 87.248.191.255 STARNET S.R.L Moldova
220.164.140.241 (varie truffe ad opera dei typosquatter italiani) CHINANET-YN China
66.235.160.0 - 66.235.191.255 (siti web e malware russi) HopOne Internet Corporation USA
209.123.181.150 (russi)Net Access Corporation USA
209.123.181.153 (russi) Net Access Corporation USA
202.75.33.238 (russi) TELEKOM MALAYSIA BERHAD
203.121.73.229 (russi)
TIME Telecommunications Sdn Bhd MALAYSIA
203.121.78.211 (russi)
TIME Telecommunications Sdn Bhd MALAYSIA
62.141.48.212 (russi)Keyweb AG IP Network Germany
38.101.217.58 (russi) chinesefreewebs.com - Performance Systems International Inc. USA
89.149.221.23 (russi) itpubblicazioni.net, itpubblicazioni.info - Netdirekt E.k Germany
64.247.0.0 - 64.247.63.255 (russi) Net Access Corporation USA
66.29.15.141-66.29.15.143 (falsi antispyware) Net Access Corporation USA
66.244.254.57 systemdoctor.com Big Pipe Inc. Canada
74.52.228.3 - 74.52.228.62 (siti tipo: 2G0S91.info,AJF39J.info, ecc.) ThePlanet.com USA
88.198.178.216 - 88.198.178.223 (siti tipo:bella-gnocca.pelid.cn,ecc. ) ANDREJ-DOMAGALA Germany
217.199.177.237 (italiani DIALER - deposito.hostance.net,deposito.instantdoor.com) server UK
203.223.159.210 - 203.223.159.211 (russi) crunet.info,ecc. AIMS-MY Malaysia
88.208.0.0 - 88.208.31.255 (ucraini - pericolosissimi)
HALDEX-NET Netherlands
85.12.60.0 - 85.12.60.255 falsi antivirus/antispyware (truffa Carta di credito) Euroaccess Belgium
67.15.16.26 Qarchive.org adware/spyware Everyones Internet Usa
89.149.226.62 (ucraini) valik.biz, uapharmacy.com, etc. Netdirekt E.k Germany
67.15.199.16 (russi) 250 siti civetta per italiani .info Everyones Internet USA
84.16.251.235 (russi) siti civetta itnewarea1.cn Netdirekt E.k Germany
66.232.117.81 (russi) siti civetta itnewarea2.cn (probabilmente
66.232.96.0 - 66.232.127.255) NOC4 Hosts Inc. Usa
81.177.38.0 - 81.177.39.255 (Spammer Russi) IN-Telecom Ltd Russia
88.85.77.128 - 88.85.77.255 (Russi ) KLIK-MEDIA Netherlands
85.17.15.16 (siti civetta .info pericolosi ) LEASEWEB.COM Netherlands
82.103.132.52 (russi di globoxhost.com, statslive.org/italy/counter..) Easyspeedy Denmark
194.110.160.249 (russi, script offuscato
,kvinesdal.biz) EXTHOST-NET USA (server in Finlandia)
67.15.90.90 - 67.15.90.96 (italiani) trafficadvance.net
212.39.31.0 - 212.39.31.255 (italiani) trafficadvance PRO-ADVERTISING srl
207.218.211.2 207.218.211.11(italiani) TRAFFICADVANCE
213.159.117.128 - 213.159.117.255 LINKEY-NOVOCHERKASKI Russia
64.237.34.98 (italiani) - Opendialers,deposito dialer , Choopa, LLC USA
207.44.152.63 traffbox.com Everyones Internet USA
67.15.47.4 (russi) web-namez.com veryones Internet USA
64.21.34.48 - 64.21.34.50 (russi - klikrevenue) Net Access Corporation USA
82.103.133.83 (russi - probabilmente
82.103.128.0 - 82.103.143.255) EASYSPEEDY-NETWORK Denmark
193.200.250.79 (russi - da verificare
193.200.250.0 - 193.200.250.255) Danskhosting-NET Denmark
58.65.237.106 (russi) HOSTFRESH Hong Kong
81.0.195.0 - 81.0.195.255 (russi) UPL TELECOM, s.r.o. Czech Republic
192.115.70.122 (russi) pericolosissimo - Internet Society of Israel
83.222.14.129-83.222.14.130 (russi) MASTERHOST NOC Russia
82.196.5.224 (russi - pagine civetta )INETWORK is IEUROP SAS NETWORK France
69.46.29.140 (russi - Ntlligent.info) HIVELOCITY VENTURES CORP Usa
82.103.133.221 (russi EASYSPEEDY-NETWORK Denmark)
82.103.133.225 (russi EASYSPEEDY-NETWORK Denmark)
72.55.165.87 ( italiani - statistiche gratis con dialer
megastat.net, puntostat.com
stat.superstat.info statistiche.ws superstat.infowebmeter.ws 1 webmobile.ws
webstat.ms wstat.webmobile.wwww1.webmeter.ws) Groupe iWeb Technologies inc. Canada
116.0.103.125 (russi, int-maxcounter.info) APNIC Malaysia
202.131.82.2 (truffe finanziarie, phishing ) CAMBOTECH.COM Cambodia
84.16.249.239 - 84.16.249.241 (pagine civetta) NETDIRECT-NET Germany
205.177.0.0 - 205.177.255.255 (russi) Beyond The Network America USA
87.117.252.0 - 87.117.252.255 (falsi programmi antivirus antispyware, truffa carta di credito) Eukhost_ltd UK
89.149.225.0 - 89.149.225.255 (exploit e dialer) Netdirect-net-exportal Poland
89.149.231.0 - 89.149.231.255 (exploit e dialer) Netdirect-net-exportal Poland
81.177.44.0 - 81.177.45.255 (Russi exploit e virus) NETHOUSE-MOSCOW Russia
66.232.100.181 (russi - falso tool antispyware, falso motore di ricerca) NOC4Hosts Inc. USA
81.95.152.0 - 81.95.153.255 (russi) AKIMON-NET RBN Russia
203.121.79.55 (russi , falsi antispyware, truffa carta di credito)
TIME Telecommunications Sdn Bhd MALAYSIA
69.72.144.122 (falsi programmi) FortressITX USA
67.15.107.166 (falsi programmi) Everyones Internet USA
190.15.73.254 (falsi programmi) Tegucigalpa Secure Hosting Ltd Honduras
85.17.4.0 - 85.17.4.255 (falsi programmi es. driverclener,
errorsafe.com,etc) Leaseweb Netherlands
194.54.89.202 (malware, farmaci pericolosi) Hosting.ua Datacentre Allocation Ucraina
85.17.15.0 - 85.17.15.255 (siti civetta, dialer) Leaseweb Netherlands
192.115.70.98 (malware by gromozon) Internet Society of Israel
58.65.232.0 - 58.65.239.255 Hostfresh Hong Kong
207.58.187.86 (italiani - dialer e pornografia) ServInt Corp. USA
91.193.40.116 (russi - x-globstat.cc)Quanta Ltd Russia server
ISL NETWORK China
89.149.241.109 (russi - forso.info) Netdirekt E.k Germany
195.131.174.92 (russi) Webplus Ltd Russia
209.85.84.199 Everyones Internet USA
77.91.229.104 (fake antimalware - malwarescan) Webalta Russia
89.28.0.0 - 89.28.127.255 STARNET SRL Moldova
125.65.77.25 (malware) HANGZHONGLIAN-LTD China
61.188.39.218 (malware) CHINANET China
88.255.90.0 - 88.255.90.255 (russi) AbdAllah Internet Hizmetleri turchia
91.193.56.0 - 91.193.59.255 (russi) Disk Limited taiwan
192.115.70.66 (russi - malware, exploit eventualmente (
192.114.0.0 - 192.118.255.255) Internet Society Of Israel
77.91.228.128 - 77.91.228.255 (russi - malware)
GLOBALTRADE-NET-1 / WEBALTA Russia
208.74.173.66 - 208.74.173.94 (russi - pornografia per virus zlob) Global Technology Solutions, Inc Usa
194.126.174.124 (russi - siti porno con malware) Eureka Solutions Poland
210.14.129.3 (probabili italiani, malware e farmaci pericolosi) Zbyd Technology Co. Ltd China
88.255.94.0 - 88.255.94.255 (russi) AbdAllah Internet Hizmetleri turchia
82.208.18.0 - 82.208.18.255 (russi) HOST-SYSTEM1 Czech Republic
77.91.224.0 - 77.91.231.255 (russi falsi antispyware, malware) Webalta Russia
62.213.95.132 (russi- siti porno .cn per zlob virus) Caravan Russia
207.58.187.86 New York Smv USA
66.154.37.229 Cyber Wurx LLC Usa
66.172.84.128 www.free-big-boobs-girls.com Sunwave Communications USA
203.117.111.102 (russi) malware STARHUBINTERNET-SG Singapore
194.110.162.192 - 194.110.162.239 (russi - malware pagina civetta) EXTHOST-NET Usa (server in Finlandia)
88.198.116.160 - 88.198.116.167 (siti civetta e dialer x utenti italiani) ANDREJ-DOMAGALA Germany
82.103.137.14 - 82.103.137.15 (russi - fake codec zlob virus) EASYSPEEDY-NETWORK Denmark
124.217.230.178 (russi nuovo ip x-globstat.cc) Piradius Net
Malaysia77.91.229.96 - 77.91.229.127 ( russi - fake antispyware ) Webalta Russia
77.91.228.180 - 77.91.228.189 (russi - malware) WEBALTA Russia
89.108.80.0 - 89.108.95.255 (russi - zlob virus) AGAVACOMPANY russia
84.243.253.220 (performanceoptimizer ed altri falsi programmi) GFX-CUST-WORLDSTREAM Netherlands
84.243.253.142 (sito pagamenti falsi programmi) GFX-CUST-WORLDSTREAM Netherlands
202.83.197.239 (russi - malware su yboeragu.com ) - Singtel Hong Kong Limited Hong Kong
209.160.73.98 (russi -malware fake codec video) Hopone Internet Corporation Canada (server usa)
195.131.174.92 (russi - malware) WEBPlus Ltd Russia
89.149.241.106 - 89.149.241.107 (russi - fake codec) Netdirekt E.k Germany
67.207.69.34 (russi - pagine civetta con exploit, falsi motori di ricerca) Global Technology Solutions USA
88.255.74.170 (russi - gfeptwe.com malware, probabilmente
88.255.74.0 - 88.255.74.255) SISTEMNET-TELECOM Turchia
192.115.70.10 (russi - udh2lijx.com malware) Israel Internet Society Of Israel
66.232.125.186 russi - pagine civetta exploit NOC4Hosts Inc. USA
66.232.127.127 -
66.232.131 russi - pagine civetta exploit NOC4Hosts Inc. USA
67.55.81.200 ( falsi antispyware) Webair Internet Development Inc USA61.155.8.157 (exploit) Jiangsu Province Network China
124.217.252.77 - 124.217.252.78 (russi - falsi antispyware ) Piradius Net Malaysia
77.245.61.100 - 77.245.61.109 (siti civetta, malware) Webair Internet Development Company Inc Netherlands
85.92.154.132 - 85.92.154.142 (siti civetta .cn ) Recurring International Inc Philippines
207.58.187.86 (italiani - dialer) ServInt Corp. Usa
77.221.133.216 (russi - exploit pericolosissimi) sicuramente anche
(77.221.128.0 - 77.221.143.255) DATAPOINT-NET2 Russia
77.91.229.48 - 77.91.229.63 (russi exploit pericolosissimi - malware) Netplace Russia
67.55.81.5 - 67.55.81.249 (falsi programmi)
Webair Internet Development Inc USA
91.186.30.0 - 91.186.30.255 ( falsi programmi) EUKHost-LTD UK
79.143.178.30 (russi - falsi codec) da verificare (79.143.178.0 - 79.143.178.255) Jamhid-Network Syria
88.255.74.197 (russi - falsi codec) probabilmente (
88.255.74.0 - 88.255.74.255)
SISTEMNET-TELECOM Turchia77.91.227.179 (russi - falsi codec) probabilmente (77.91.227.176 - 77.91.227.191) NETPLACE Russia
206.53.51.32 (russi - italiancollection.in vari malware pericolossimi) Rcp.net Canada
202.83.197.239 (malware) Singtel Hong Kong Limited
78.159.96.135 (russi - falso codec) netdirekt e.K Germany
202.83.212.246 (russi - falso codec malware) Singtel Hong Kong Limited
190.15.64.185 (falsi programmi) Secure Hosting Ltd Honduras
190.15.64.188 (banner infetti newbieadguide.com) Secure Hosting Ltd Honduras
190.15.64.191 -190.15.64.192 (falsi programmi) Secure Hosting Ltd Honduras
190.15.73.254 (falsi programmi banner infetti) Secure Hosting Ltd Honduras
194.110.67.21 -194.110.67.25 (banner infetti - traveltray.com e truffe) Netrouting Data Netherlands
72.55.153.117 (malware - dialer) Groupe Iweb Technologies Inc Canada
74.54.40.154 (russi - falso codec ) Theplanet.com Usa
124.217.231.97 - 124.217.231.98 (russi - siti civetta) Piradius Net Malaysia
88.85.93.0 - 88.85.93.255 (russi - malware, falsi programmi , falsi farmaci) Incomeproject B.v Netherlands
209.205.196.16 (dialer) Pacnet, S.A. de C.V. USA
78.108.177.0 - 78.108.177.255 (russi - falso porntube, zlob virus) UPL TELECOM Czech Republic
84.243.252.84 (banner infetti adtraff.com) GFX-CUST-WORLDSTREAM Netherlands
217.20.175.74 (ucraini, falso programma per mac, macsweeper) W Net Isp Ucraina
72.55.156.207 (ucraini, falso programma cleanator) web Technologies Inc Canada
195.93.218.15 (russi pericolosissimi, hightstats.net virus zelathin) quasi sicuramente (
195.93.218.0 - 195.93.219.255) BUILDHOUSE-NET Russia
89.18.181.100 e
89.18.181.50 (Falsi antispyware esempio toolsicuro ) Amsterdam Ion Netherlands
72.55.165.88 ( italiani - statistiche gratis con dialer www.freestat.ws ecc.) Groupe iWeb Technologies inc. Canada
78.108.180.0 - 78.108.183.255 (russi - malware , falsi antispyware ) UPL Telecom Czech Republic
78.31.211.57 (russi - falsi antispyware) (eventualmente
78.31.208.0 - 78.31.215.255) Ooo Project Russia
64.237.33.148 (italiani , falso macroAV) Choopa, LLC USA
124.217.224.0 - 124.217.255.255 (russi malware, virus, scam) PIRADIUS-NET Malaysia
67.55.81.223 (russi, falsi antispyware truffa carta di credito) Webair Internet Development Inc USA
67.55.81.81 russi, falsi antispyware truffa carta di credito) Webair Internet Development Inc USA
66.55.139.18 (italiani - Payperstats , statistiche con malware) Choopa, LLC Usa
72.233.40.58 (Falso antivirus - xpantivirus) Layered Technologies, Inc USA
71.6.151.188 (russi - cds5fir.com MBR rootkit) San Diego California Regional Intranet Inc
203.186.128.153 (russi - i-maxcounter.cc - exploit) City Telecom (H.K.) Ltd.
78.129.166.0 - 78.129.166.255 (russi - pericolosissimi traffurl.ru ) Italy Feelitaly Llc (server probabilmente in Olanda o UK)
66.197.212.197 (russi - associato a traffurl.ru) Scranton Network Operations Center Inc USA
77.91.229.32 - 77.91.229.47 (russi - exploit , virus) NETPLACE Russia
78.129.202.4 (russi - exploit quasi sicuramente
78.129.202.0 - 78.129.203.255) LIMT Group Ltd Russia server in UK
71.6.218.207 (russi - eaoafir.com
,hnoafir.com MBR rootkit-sinowal) San Diego California Regional Intranet Inc
66.240.209.93 (russi - nuovo server eaoafir.com
,hnoafir.com MBR rootkit-sinowal) San Diego California Regional Intranet Inc
195.2.252.139 (russi - domain11.net virus Zbot) (probabilmente
195.2.252.0 - 195.2.253.255) MADET-NET Russia
202.75.35.93 (russi - exploit pericolosissimi) TELEKOM MALAYSIA BERHAD Malesia
217.170.77.150 (russi- malware , exploit) (quasi sicuramente
217.170.77.0 - 217.170.77.255) TimeWeb Russia
78.129.158.0 - 78.129.158.255 (russi- malware , exploit) EUKHOST Ltd UK
74.50.117.49 (russi - server MBR rootkit-sinowal) Noc4hosts Inc
USA66.240.234.196 (russi - server MBR rootkit-sinowal) San Diego California Regional Intranet Inc
78.109.30.232 (russi/ucraini - exploit) Namibia Juden1 - Kazi Tofejul- server in Ucraina
82.146.53.112 (russi - in-in.in/in - exploit funziona solo alla prima visita) ISPSYSTEM USA
211.95.72.85 (russi - usersoftware.in, ddosmanager.org - exploit) UNICOM China
221.12.88.52 (cinesi, exploit virus - www.kisswow.com.cn
,www.ririwow.cn) CNCGROUP-ZJ China
60.191.239.229 (cinesi, exploit- winzipices.cn ) JINHUA-TELECOM-LTD China
72.233.76.11 (russi, robotraff) Layered Technologies, Inc. USA
89.149.226.20 - 89.149.226.26 (russi - zlob , falso antivirus) NETDIRECT-NET Germany
216.75.35.91 (russi - exploit baxet.com) San Diego California Regional Intranet Inc
72.21.53.218 (russi - falsi codec streamxxxvideo.com) LAYERED-TECH USA
62.176.16.161 (russi -nuovo server legato a zlob) Singer-computer Ltd Russia
64.27.28.155 (russi - nuovo server legato a zlob) Hollywood Interactive, Inc Usa
216.240.138.207 (russi - nuovo server legato a zlob) ATMLINK, INC. Usa
216.240.138.206 ( russi - sito di affiliazione x falsi programmi) ATMLINK, INC. Usa
216.240.139.169 (russi - falsi programmi) ATMLINK, INC Usa
87.118.116.10 - 87.118.116.11 (russi - malware,falsi codec, farmaci pericolosi, truffe) Keyweb Ag Ip Network Germany
77.91.231.128 - 77.91.231.255 (russi , falsi codec) Webalta Russia
217.199.217.9 (russi - xprmn4u.info) ( probabilmente
217.199.217.0 - 217.199.217.255) Mastak Russia
201.218.218.203 (russi - falsi codec - zlob , codecreviews21.com ecc.) Spirit Island Panama
84.244.189.137 (exploit legati ad attacchi con sql injection) I3D-DEDICATED Olanda
91.203.92.7 (exploit legati ad attacchi con sql injection) UATELECOM-NETWORK Ucraina
91.203.70.17 (russi - falso codec zlob - supersoftcodec.com ) SIA Nano IT Latvia
74.50.107.159 (russi - server collegato a zlob) NOC4Hosts In Usa
74.50.107.165 (russi - server collegato a zlob) NOC4Hosts In Usa
64.247.20.63 (russi - falso codec , zlob softportal2008-2008.com) Net Access Corporation USA
190.183.63.229 (russi- sinowal/MBR rootkit jwj2gfxes.com) Outservices Argentina
66.240.238.222 (russi- sinowal/MBR rootkit iugahevif.com) San Diego California Regional Intranet Inc
66.240.234.196 (russi- sinowal/MBR rootkit fbcmfir.com) San Diego California Regional Intranet Inc
71.6.152.22 (russi- sinowal/MBR rootkit acophevif.com) San Diego California Regional Intranet Inc
91.203.70.18 (russi - falso codec zlob - soft-freeware21.com ) eventualmente (
91.203.68.0 - 91.203.71.255) SIA Nano IT Latvia
89.149.197.240 (russi - falso codec zlob) Netdirekt E.k Germany
78.129.142.9 -
78.129.142.10 (truffa, programmi gratuiti pagati con 899) United Kingdom Rapidswitch Ltd
78.129.142.31 (truffa, programmi gratuiti pagati con 899) United Kingdom Rapidswitch Ltd
206.51.229.67 (russi - server collegato a zlob) NOC4Hosts In Usa
193.33.61.166 (russi - server collegato a zlob) NL-PANTHER-IT Netherlands
92.241.182.12 - 92.241.182.19 (russi - falsi antivirus , antispyware) (eventualmente
92.241.182.0 - 92.241.182.255) WAHOME-COLO Russia
87.118.116.11 ( russi -siti spazzatura redirect zlob , falsi medicinali) Keyweb Ag Ip Network Germany
208.167.238.146 (italiani - vari malware e dialer) Choopa, LLC Usa
208.167.238.200 (italiani - vari malware e dialer) Choopa, LLC Usa
208.167.238.203 (italiani - vari malware e dialer
earny-ltd.com, macearny.com sempre i soliti) Choopa, LLC Usa
64.247.39.247 (russi - server collegato a Zlob) Net Access Corporation USA
220.196.42.220- 220.196.42.221 (russi - server collegato a Zlob e falsi programmi) UNICOM China
78.159.122.13 - 78.159.122.33 (malware e falsi medicinali) eventualmente (
78.159.122.0 - 78.159.122.255) NETDIRECT-OMNI-TEK Montenegro (server in Germania?)
210.48.153.73 (russi - exploit, microsoft-direct.net ecc.) TM NET SDN BHD Malesia
89.149.202.115 (falsi antivirus) NETDIRECT-NET Germany
213.155.0.240 - 213.155.0.247 (russi - vari exploit del browser) C353351162 - Kazi Tofejul Ucraina
208.113.203.104 (russi - pagine civetta , exploit) New Dream Network USA
208.113.212.100 (russi - pagine civetta , exploit) New Dream Network USA
78.157.143.128 - 78.157.143.255 (russi - falsi antispyware) Vdhost Ltd Latvia
210.56.53.224 (truffe - phishing /furto di account msn) Sun Network (hong Kong) Limited
87.242.90.128 - 87.242.90.159 (russi - messengerskinner.com e immondizia 899) FAVORIT-MASTER Russia
80.91.76.128 - 80.91.76.191 (russi - official-emule.com ed altra immondizia) PA-OOOTEREM1-COGENT Spagna
75.127.109.21 (link dinamici malevoli inseriti su siti hackerati) Global Net Access, LLC USA
61.162.230.12 (exploit - malware) CNCGROUP Shandong province network China
91.203.68.6 (russi- exploit) quasi sicuramente (
91.203.68.0 - 91.203.71.255) SIA Nano IT Lettonia
91.203.92.0 - 91.203.95.255 (russi - zlob virus, falsi medicinali ecc.) UATELECOM Ucraina
78.109.30.1 - 78.109.30.7 (russi - exploit, malware) B353351162 - Kazi Tofejul Ucraina
85.142.1.66 (russi - falsi keygen e crack) WELL-COM-NET Saint-Petersburg, Russi
88.85.72.128 - 88.85.72.255 (russi - hosting criminale) NetcatHosting Inc. Panama
66.199.232.222 (russi - falso porntube, malware) EZZI.NET USA
77.244.220.134 (russi - falso antivirus) quasi sicuramente (
77.244.220.0 - 77.244.220.255) PRIMENET1 Russia
78.157.142.79 (russi - falsi antivirus) quasi sicuramente (
78.157.142.0 - 78.157.142.255) Vdhost Ltd Lettonia
92.241.163.30 - 92.241.163.34 (russi - falsi antivirus, falsi pagamenti) quasi sicuramente (
92.241.163.0 - 92.241.163.255)
WAHOME-DEDIC Russia
218.106.90.227 (exploit , falsi antivirus , falsi medicinali) sicuramente (
218.106.90.128 - 218.106.90.255) Hefei Hefei-qingyi-jiayuan-corp China
92.62.101.55 (falsi antivirus) quasi sicuramente (
92.62.101.0 - 92.62.101.255) STARLINE_EE Estonia
200.63.44.18 (truffa msn account, www.bloccatocentro.net ecc.) Panamaserver.com Panama
91.208.0.223 (falsi antivirus) quasi sicuramente (
91.208.0.0 - 91.208.0.255) STILLTRADE-NET Russia
91.203.93.1 - 91.203.93.128 (russi - zlob virus, flasi codec) ZHITOMIR-NET Ucraina
193.33.61.169 (russi - malware legato a zlob virus) NL-PANTHER-IT Olanda
193.142.244.39 (russi - malware) probabilmente (
193.142.244.0 - 193.142.244.255) Lithuania Klaipeda Uabsip-net
213.155.4.184 - 213.155.4.191 (russi - malware) A353351162 - Kazi Tofejul Ucraina
195.5.117.248 (russi - falsi antivirus) EE-COMPIC Estonia
216.122.218.11 (falsi antivirus, Registryupdate.org) Bellevue Hostpro Inc USA
66.98.218.187 (truffa carta di credito, secure.scanandrepair.net) ThePlanet USA
217.20.175.0 - 217.20.175.127 (russi - falsi antivirus, truffe carta di credito) WNET Ucraina
74.222.1.140 - 74.222.1.144 (russi - klik revenue gang , falsi motori di ricerca, truffe) Vrtservers, Inc
74.86.187.24 (russi , malware www.spcounter.info) Softlayer Technologies Inc Usa
66.232.111.112 (russi . mbr rootkit frz2cketn.com) NOC4Hosts Inc. USA
79.135.167.63 (russi, exploit, malware) Istanbul Telekom Turchia
62.16.112.143 (russi, exploit, malware) CROSSMEDIA-NET Russia
78.109.25.199 (russi, exploit, malware) quasi sicuramente (
78.109.25.192 - 78.109.25.199) hostlex - Vladimir Grebenjuk Ucraina
94.102.50.130 (russi , exploit mmcounter.com) quasi sicuramente (
94.102.50.128 - 94.102.50.191) NEWRACK-NL Olanda
91.205.233.34 (russi, exploit, iasacct.com) NL-TRANSQUALITY Olanda
74.50.117.68 (russi, falsi antivirus, malware) Network-Name:Olga Chiriaeva-74.50.117.68 NOC4Hosts Inc. USA
92.241.191.31 (russi, malware) quasi sicuramente (
92.241.191.0 - 92.241.191.255) WAHOME-DEDIC Russia
91.207.4.106 (russi, exploit e botnet) probabilemente (
91.207.4.0 - 91.207.9.255) SteepHost-DC-UA Ucraina
115.126.2.159 (russi, exploit malware) probabilmente (
115.126.2.0 - 115.126.2.255) First Network Communications Limited HONG KONG
Tutti gestiti da russi/ucraini (solo le pagine CWS/Gromozon/RBN)
67.15.0.0 - 67.15.255.255 Everyones Internet (sopra ho segnalato i 3 ip con l'exploit - In questo blocco ci sono anche altri siti civetta ma c'è anche il sito di Agnitum Outpost (67.15.231.71) e ad anche l'update (67.15.231.73) del famoso firewall per cui non è possibile bloccarlo tutto). Mi scuso per il grossolano errore.
67.15.231.71- 67.15.231.74 sono di Agnitum Outpost Firewall quindi OK
