netsecurity database

./checkfatheranyru.sh
#!/bin/sh
cat $0
# chech for poisened servers from discussion.fatherany.ru domain
#discussion.fatherany.ru
date;nslookup discussion.fatherany.ru | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
#official.fatherany.ru
nslookup official.fatherany.ru | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
# strongly.fatherany.ru
nslookup strongly.fatherany.ru | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
#and.fatherany.ru

./checksuperviagraonlinecom.sh
Mi 14. Jul 00:01:02 CEST 2010
#!/bin/sh
Many spams point to redirector websites that lead to superviagraonline.com:

# check for superviagraonline.com
date;cat checksuperviagraonlinecom.sh;nslookup superviagraonline.com | grep -v '213.';nslookup superviagraonline.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Non-authoritative answer:
Name: superviagraonline.com
Address: 88.191.47.83
Name: superviagraonline.com
Address: 193.146.58.131
Name: superviagraonline.com
Name: superviagraonline.com

sent out spam links with redirector URLs that forwards to

world-drugshop.com

./checkworlddrugshopcom.sh
Mo 28. Jun 10:06:11 CEST 2010
#!/bin/sh
# check for poisened from world-drugshop.com
date;cat checkworlddrugshopcom.sh;nslookup world-drugshop.com | grep -v '213.';nslookup world-drugshop.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Non-authoritative answer:
Name: world-drugshop.com
Address: 88.191.47.83
Name: world-drugshop.com
Address: 94.23.229.190
Name: world-drugshop.com
Address: 193.146.58.131

sent out spam links to host with javascript that redirects to

viagra-international.com

#!/bin/sh
# check for poisened servers from viagra-international.com
echo 'viagra-international.com'

date;nslookup viagra-international.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
nslookup viagra-international.com | grep -v 'Name' | grep -v 'Non' | cut -d ' ' -f 2

viagra-international.com

Mo 14. Jun 23:25:37 CEST 2010
> 131.58.146.193.in-addr.arpa name = aiken.cc.uah.es.
131.58.146.193.in-addr.arpa name = titan.cc.uah.es.

Mi 20. Jan 02:37:47 CET 2010
> > 43.166.55.110.in-addr.arpa name = 110.55.166.43.BTI.NET.PH.
> 141.48.55.110.in-addr.arpa name = 110.55.48.141.bti.net.ph.
> 189.218.142.114.in-addr.arpa name = 114-142-218-189.dsl.teleguam.net.
> 185.40.0.125.in-addr.arpa name = nttkyo377185.tkyo.nt.ftth.ppp.infoweb.ne.jp.
> 148.113.119.189.in-addr.arpa name = 148.113.119.189.isp.timbrasil.com.br.
> 117.230.120.189.in-addr.arpa name = bd78e675.virtua.com.br.
> 33.202.193.189.in-addr.arpa name = customer-PUE-202-33.megared.net.mx.

./checkwww53comkiocoxcompl.sh
Mi 20. Jan 01:32:28 CET 2010
> 189.218.142.114.in-addr.arpa name = 114-142-218-189.dsl.teleguam.net.
> > 248.91.231.118.in-addr.arpa name = 118-231-91-248.adsl.fetnet.net.
> 185.40.0.125.in-addr.arpa name = nttkyo377185.tkyo.nt.ftth.ppp.infoweb.ne.jp.
> > 228.179.56.187.in-addr.arpa name = 187-56-179-228.dsl.telesp.net.br.
> 117.230.120.189.in-addr.arpa name = bd78e675.virtua.com.br.
> 72.131.18.189.in-addr.arpa name = 189-18-131-72.dsl.telesp.net.br.
> 98.238.192.189.in-addr.arpa name = customer-GDL-238-98.megared.net.mx.
> 33.202.193.189.in-addr.arpa name = customer-PUE-202-33.megared.net.mx.
> 203.213.194.189.in-addr.arpa name = customer-QRO-213-203.megared.net.mx.
> 67.242.46.189.in-addr.arpa name = 189-46-242-67.dsl.telesp.net.br.
> > > 167.246.57.69.in-addr.arpa name = 69-57-246-167.candw.ag.
Mi 20. Jan 01:32:31 CET 2010

114.142.218.189 GU GTA 114.142.192.0 - 114.142.223.255 114.142.192.0/19 TeleGuam Holdings, LLC

118.231.91.248 TW FETNET-NET FETNET-NET 118.231.64.0 - 118.231.127.255 118.231.64.0/18 Far EasTone Telecommunication

125.0.40.185 JP INFOWEB 125.0.0.0 - 125.0.127.255 125.0.0.0/17 FUJITSU LIMITED

186.14.151.251 VE VE-ICPC1-LACNIC 186.14.0.0/16 186.14.0.0 - 186.14.255.255 186.14.0.0/16 VE-ICPC1-LACNIC

187.56.179.228 BR TELECOMUNICACOES DE SAO PAULO S.A. - TELESP 187.56.0.0/15 187.56.0.0 - 187.57.255.255 187.56.0.0/15 002.558.157/0001-62

189.120.230.117 BR NET Servi�os de Comunica��o S.A. 189.120.0.0/14 189.120.0.0 - 189.120.255.255 189.120.0.0/16 000.065.376/0002-65

189.18.131.72 BR TELECOMUNICACOES DE SAO PAULO S.A. - TELESP 189.18.0.0/15 189.18.0.0 - 189.18.255.255 189.18.0.0/16 002.558.157/0001-62

189.192.238.98 MX MX-MSCV17-LACNIC 189.192/12 189.192.0.0 - 189.199.255.255 189.192.0.0/13 MX-MSCV17-LACNIC

189.193.202.33 MX MX-MSCV17-LACNIC 189.192/12 189.193.0.0 - 189.193.255.255 189.193.0.0/16 MX-MSCV17-LACNIC

189.194.213.203 MX MX-MSCV17-LACNIC 189.192/12 189.194.0.0 - 189.194.255.255 189.194.0.0/16 MX-MSCV17-LACNIC

189.46.242.67 BR TELECOMUNICACOES DE SAO PAULO S.A. - TELESP 189.46.0.0/15 189.46.0.0 - 189.46.255.255 189.46.0.0/16 002.558.157/0001-62

190.254.131.148 CO CO-CTSE-LACNIC LACNIC 190.252.0.0 - 190.255.255.255 190.252.0.0/14 CO-CTSE-LACNIC

190.53.118.136 SV SV-ACES-LACNIC 190.53.0/17 190.53.112.0 - 190.53.127.255 190.53.112.0/20 SV-ACES-LACNIC

69.57.246.167 AG CWAG-69-57-246-0 69.57.246.0 - 69.57.246.255 69.57.246.0/24 Cable & Wireless Antigua

#!/bin/sh
# check for poisened servers from www.53.com.kiocox.com.pl domain trojan
date;nslookup www.53.com.kiocox.com.pl | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

date;nslookup www.53.com.kiocox.com.pl | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u

./checkwww53comkiocoxcompl.sh
Di 19. Jan 23:42:10 CET 2010
> 42.57.55.110.in-addr.arpa name = 110.55.57.42.BTI.NET.PH.
> 189.218.142.114.in-addr.arpa name = 114-142-218-189.dsl.teleguam.net.
> 185.40.0.125.in-addr.arpa name = nttkyo377185.tkyo.nt.ftth.ppp.infoweb.ne.jp.
> 182.158.145.165.in-addr.arpa name = dsl-145-158-182.telkomadsl.co.za.
> > 33.202.193.189.in-addr.arpa name = customer-PUE-202-33.megared.net.mx.
> 203.213.194.189.in-addr.arpa name = customer-QRO-213-203.megared.net.mx.
> > 216.66.43.201.in-addr.arpa name = 201-43-66-216.dsl.telesp.net.br.
> 54.252.232.41.in-addr.arpa name = host-41.232.252.54.tedata.net.
> 167.246.57.69.in-addr.arpa name = 69-57-246-167.candw.ag.
> Di 19. Jan 23:42:11 CET 2010

110.55.57.42 PH SKYINET-PH 110.55.0.0 - 110.55.255.255 110.55.0.0/16

114.142.218.189 GU GTA 114.142.192.0 - 114.142.223.255 114.142.192.0/19 TeleGuam Holdings, LLC

125.0.40.185 JP INFOWEB 125.0.0.0 - 125.0.127.255 125.0.0.0/17 FUJITSU LIMITED

165.145.158.182 ZA IPNET-BROADBAND EU-ZZ-165 165.145.0.0 - 165.145.255.255 165.145.0.0/16

186.14.151.251 VE VE-ICPC1-LACNIC 186.14.0.0/16 186.14.0.0 - 186.14.255.255 186.14.0.0/16 VE-ICPC1-LACNIC

189.193.202.33 MX MX-MSCV17-LACNIC 189.192/12 189.193.0.0 - 189.193.255.255 189.193.0.0/16 MX-MSCV17-LACNIC

189.194.213.203 MX MX-MSCV17-LACNIC 189.192/12 189.194.0.0 - 189.194.255.255 189.194.0.0/16 MX-MSCV17-LACNIC

189.195.5.236 MX MX-MSCV17-LACNIC 189.192/12 189.192.0.0 - 189.199.255.255 189.192.0.0/13 MX-MSCV17-LACNIC

201.43.66.216 BR TELECOMUNICACOES DE SAO PAULO S.A. - TELESP 201.42.0.0/15 201.43.0.0 - 201.43.255.255 201.43.0.0/16 002.558.157/0001-62

41.232.252.54 EG Ramsis-Zone-DSL 41.232.0.0 - 41.232.255.255 41.232.0.0/16 ORG-TD2-AFRINIC

69.57.246.167 AG CWAG-69-57-246-0 69.57.246.0 - 69.57.246.255 69.57.246.0/24 Cable & Wireless Antigua

./checkwww53comkiocoxcompl.sh
Di 19. Jan 22:58:41 CET 2010
> 189.218.142.114.in-addr.arpa name = 114-142-218-189.dsl.teleguam.net.
> 185.40.0.125.in-addr.arpa name = nttkyo377185.tkyo.nt.ftth.ppp.infoweb.ne.jp.
> 117.230.120.189.in-addr.arpa name = bd78e675.virtua.com.br.
> 33.202.193.189.in-addr.arpa name = customer-PUE-202-33.megared.net.mx.
> > 212.197.42.201.in-addr.arpa name = 201-42-197-212.dsl.telesp.net.br.
> 216.66.43.201.in-addr.arpa name = 201-43-66-216.dsl.telesp.net.br.
> 54.252.232.41.in-addr.arpa name = host-41.232.252.54.tedata.net.
> 167.246.57.69.in-addr.arpa name = 69-57-246-167.candw.ag.
> > Di 19. Jan 22:58:41 CET 2010
> 189.218.142.114.in-addr.arpa name = 114-142-218-189.dsl.teleguam.net.
> 185.40.0.125.in-addr.arpa name = nttkyo377185.tkyo.nt.ftth.ppp.infoweb.ne.jp.
> 117.230.120.189.in-addr.arpa name = bd78e675.virtua.com.br.
> 33.202.193.189.in-addr.arpa name = customer-PUE-202-33.megared.net.mx.
> > 212.197.42.201.in-addr.arpa name = 201-42-197-212.dsl.telesp.net.br.
> 216.66.43.201.in-addr.arpa name = 201-43-66-216.dsl.telesp.net.br.
> 54.252.232.41.in-addr.arpa name = host-41.232.252.54.tedata.net.
> 167.246.57.69.in-addr.arpa name = 69-57-246-167.candw.ag.

Dear Fifth Third Direct user,
To help protect our customers we are implementing new security features which wi
ll change how you currently log into online banking. Please login to your online
banking account using this temporary link and follow the instructions given.
Fifth Third Bank

//www .53. com.kiocox.com.pl/wpserver/cmportal/cblogin.php?session=

whois kiocox.com.pl:

DOMAIN: kiocox.com.pl is releasing after termination

created: 2010.01.19 11:20:23
last modified: 2010.01.19 20:30:12
expiration date: 2010.01.24 20:30:12
no option

REGISTRAR:
Domainpeople Inc.

550 Burrard St.
Vancouver, BC

./checktollfinance.sh
www.tollfinance.com
#!/bin/sh
# check for poisened from www.tollfinance.com domain trojan
echo 'www.tollfinance.com'
cat checktollfinance.sh
date;nslookup www.tollfinance.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
nslookup www.tollfinance.com | grep 'Address' | grep -v '#'
Mo 3. Aug 02:49:20 CEST 2009
> 227.8.202.189.in-addr.arpa name = 189.202.8.227.cable.dyn.cableonline.com.mx.
> 141.155.212.66.in-addr.arpa name = 66.212.155.141.nauticom.net.

./checktollfinance.sh
www.tollfinance.com
#!/bin/sh
# check for poisened from www.tollfinance.com domain trojan
echo 'www.tollfinance.com'
cat checktollfinance.sh
date;nslookup www.tollfinance.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
nslookup www.tollfinance.com | grep 'Address' | grep -v '#'
Mo 3. Aug 01:10:52 CEST 2009
> > 216.203.233.201.in-addr.arpa name = cable201-233-203-216.epm.net.co.
> 141.155.212.66.in-addr.arpa name = 66.212.155.141.nauticom.net.

./checktollfinance.sh
www.tollfinance.com
#!/bin/sh
# check for poisened from www.tollfinance.com domain trojan
echo 'www.tollfinance.com'
cat checktollfinance.sh
date;nslookup www.tollfinance.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
nslookup www.tollfinance.com | grep 'Address' | grep -v '#'
Mo 3. Aug 00:38:42 CEST 2009
> > 147.15.233.201.in-addr.arpa name = cable201-233-15-147.epm.net.co.
> 216.203.233.201.in-addr.arpa name = cable201-233-203-216.epm.net.co.
> 141.155.212.66.in-addr.arpa name = 66.212.155.141.nauticom.net.

./checktollfinance.sh
www.tollfinance.com
#!/bin/sh
# check for poisened from www.tollfinance.com domain trojan
echo 'www.tollfinance.com'
cat checktollfinance.sh
date;nslookup www.tollfinance.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
nslookup www.tollfinance.com | grep 'Address' | grep -v '#'
So 2. Aug 23:49:22 CEST 2009
> > 216.203.233.201.in-addr.arpa name = cable201-233-203-216.epm.net.co.
> 141.155.212.66.in-addr.arpa name = 66.212.155.141.nauticom.net.

./checktollfinance.sh
www.tollfinance.com
#!/bin/sh
# check for poisened from www.tollfinance.com domain trojan
echo 'www.tollfinance.com'
cat checktollfinance.sh
date;nslookup www.tollfinance.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='
nslookup www.tollfinance.com | grep 'Address' | grep -v '#'
So 2. Aug 15:34:47 CEST 2009
> > > 170.140.132.24.in-addr.arpa name = j140170.upc-j.chello.nl.
> 141.155.212.66.in-addr.arpa name = 66.212.155.141.nauticom.net.
> 66.12.198.71.in-addr.arpa name = c-71-198-12-66.hsd1.ca.comcast.net.

www.tollfinance.com
So 2. Aug 11:34:31 CEST 2009
> > > 141.155.212.66.in-addr.arpa name = 66.212.155.141.nauticom.net.
> 66.12.198.71.in-addr.arpa name = c-71-198-12-66.hsd1.ca.comcast.net.
> 181.129.182.82.in-addr.arpa name = 1-1-4-44a.has.sth.bostream.se.
> 44.49.202.85.in-addr.arpa name = cb44.osiedle.net.pl.
Address: 114.123.78.191
Address: 66.212.155.141
Address: 71.198.12.66
Address: 82.182.129.181
Address: 85.202.49.44

./checktollfinance.sh
www.tollfinance.com
#!/bin/sh
# check for poisened from www.tollfinance.com domain trojan

#!/bin/sh
# check for servers from myacaiburn2.com domain
date;nslookup myacaiburn2.com | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

./checkmyacaiburn2.sh
Do 12. Mär 11:23:44 CET 2009
> > > > > > 46.209.210.74.in-addr.arpa name = 74-210-209-46.hy.cgocable.ca.
> 182.143.56.81.in-addr.arpa name = lns-bzn-51f-81-56-143-182.adsl.proxad.net.
> 171.2.217.83.in-addr.arpa name = gubern.ulntc.ru.
> 183.166.201.85.in-addr.arpa name = user-85-201-166-183.tvcablenet.be.

85.168.63.141 FR FR-CYBERCABLE-20041221 RIPE-CIDR-BLOCK 85.168.0.0 - 85.171.255.255 85.168.0.0/14 2004-12-21 LYONNAISE COMMUNICATIONS

started sending in - others followed:

04/03/2009 13:13:49: [qSheff] SPAM, queue=q1236168825-528461-8305, recvfrom=85.168.63.141,
from=`automatischer@volksbank.de', to=`', subj=`Volksbanken
Raiffeisenbanken: Wichtige Anweisungen ', size=3471,
spam=`Subject: Volksbanken Raiffeisenbanken: Wichtige Anweisungen ', size=6946, spam=`Subject: SPAMMSG bankpost ',

04/03/2009 14:42:40: [qSheff] QUEUE, queue=q1236174145-310926-18963, recvfrom=81.69.142.36, from=`kundensupport@sparkasse.de', to=`', subj=`Sparkasse: wichtige information', size=3099,

04/03/2009 15:29:05: [qSheff] QUEUE, queue=q1236176931-948489-9489, recvfrom=81.69.142.36, from=`automatischer@sparkasse.de', to=`', subj=`wichtige information', size=3096,,

04/03/2009 15:42:02: [qSheff] QUEUE, queue=q1236177709-599190-14576, recvfrom=213.46.93.245, from=`automatischer@volksbank.de', to=`', subj=`Wichtige Information ', size=3397,,

04/03/2009 16:06:37: [qSheff] SPAM, queue=q1236179191-571948-17554,
recvfrom=217.175.33.184, from=`postversand@sparkasse.de', to=`',subj=`SPAMMSG Sparkasse: Bankpost (Nachricht ID: 5463192043)', size=6518, spam=`Subject:
SPAMMSG Sparkasse: Bankpost (Nachricht ID: 5463192043)',

04/03/2009 17:19:05: [qSheff] QUEUE, queue=q1236183533-21519-8387, recvfrom=94.110.234.225, from=`postversand@sparkasse.de', to=`', subj=`Sparkasse: automatische nachricht [nachricht id: 7887527578]', size=3021,,

04/03/2009 18:28:02: [qSheff] SPAM, queue=q1236187677-938784-18124, recvfrom=82.113.57.21, from=`kundensupport@sparkasse.de', to=`', subj=`SPAMMSG Dringende Nachricht (Nachricht ID: 4768532370)', size=6391, spam=`Subject: SPAMMSG Dringende Nachricht (Nachricht ID: 4768532370)',

04/03/2009 17:51:56: [qSheff] SPAM, queue=q1236185509-541615-29930,
recvfrom=212.133.156.213, from=`kunden-support@sparkasse.de', to=`',
subj=`SPAMMSG Sparkasse: offizielle information', size=6948, spam=`Subject: SPAMMSG
Sparkasse: offizielle information',

04/03/2009 18:28:02: [qSheff] SPAM, queue=q1236187677-938784-18124, recvfrom=82.113.57.21,
from=`kundensupport@sparkasse.de', to=`', subj=`SPAMMSG Dringende Nachricht (Nachricht ID: 4768532370)', size=6391, spam=`Subject: SPAMMSG Dringende
Nachricht (Nachricht ID: 4768532370)',

...

"http://www.spar=
kasse.de.strd-id08.eu/subdir/kundenform.aspx?ms=3D14769729216842323263337=
9196569907710" http://www.sparkasse.de/subdir/kundenform.aspx?ms=3D147697=
292168423232633379196569907710

Non-authoritative answer:
Name: http://www.sparkasse.de.strd-id08.eu
Address: 79.165.31.72
Name: http://www.sparkasse.de.strd-id08.eu
Address: 82.23.178.12
Name: http://www.sparkasse.de.strd-id08.eu
Address: 84.121.120.171
Name: http://www.sparkasse.de.strd-id08.eu
Address: 85.136.129.220
Name: http://www.sparkasse.de.strd-id08.eu
Address: 88.156.177.237
Name: http://www.sparkasse.de.strd-id08.eu
Address: 200.86.139.84
Name: http://www.sparkasse.de.strd-id08.eu
Address: 201.160.98.63
Name: http://www.sparkasse.de.strd-id08.eu
Address: 201.233.59.66
Name: http://www.sparkasse.de.strd-id08.eu
Address: 211.51.77.218
Name: http://www.sparkasse.de.strd-id08.eu
Address: 221.126.239.131
Name: http://www.sparkasse.de.strd-id08.eu
Address: 221.163.78.230
Name: http://www.sparkasse.de.strd-id08.eu
Address: 68.220.49.151
Name: http://www.sparkasse.de.strd-id08.eu
Address: 74.78.88.209
Name: http://www.sparkasse.de.strd-id08.eu
Address: 75.0.155.84
Name: http://www.sparkasse.de.strd-id08.eu
Address: 79.121.46.55

./checksparkassenfake.sh:
#!/bin/sh
# check destinations for http://www.sparkasse.de.strd-id08.eu
date;nslookup www.sparkasse.de.strd-id08.eu | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Mi 4. Mär 17:56:18 CET 2009
> 84.139.86.200.in-addr.arpa name = pc-84-139-86-200.cm.vtr.net.
> > 63.98.160.201.in-addr.arpa name = 201.160.98.63.cable.dyn.cableonline.com.mx.
> 66.59.233.201.in-addr.arpa name = cable201-233-59-66.epm.net.co.
> > > > 151.49.220.68.in-addr.arpa name = adsl-220-49-151.sav.bellsouth.net.
> 209.88.78.74.in-addr.arpa name = cpe-74-78-88-209.buffalo.res.rr.com.
> 84.155.0.75.in-addr.arpa name = adsl-75-0-155-84.dsl.chcgil.sbcglobal.net.
> 55.46.121.79.in-addr.arpa name = host-79-121-46-55.kabelnet.hu.
> 72.31.165.79.in-addr.arpa name = host-79-165-31-72.qwerty.ru.
> 12.178.23.82.in-addr.arpa name = cpc1-darl2-0-0-cust523.midd.cable.ntl.com.
> 171.120.121.84.in-addr.arpa name = 84.121.120.171.dyn.user.ono.com.
> 220.129.136.85.in-addr.arpa name = 85.136.129.220.dyn.user.ono.com.
> 237.177.156.88.in-addr.arpa name = 237.177.stk.vectranet.pl.

./checksparkassenfake.sh
Mi 4. Mär 18:29:48 CET 2009
> 84.139.86.200.in-addr.arpa name = pc-84-139-86-200.cm.vtr.net.
> 63.98.160.201.in-addr.arpa name = 201.160.98.63.cable.dyn.cableonline.com.mx.
> 196.141.225.212.in-addr.arpa name = 196.red.141.225.212.user.ptvtelecom.com.
> > > 151.49.220.68.in-addr.arpa name = adsl-220-49-151.sav.bellsouth.net.
> 197.196.210.71.in-addr.arpa name = 71-210-196-197.albq.qwest.net.
> 84.155.0.75.in-addr.arpa name = adsl-75-0-155-84.dsl.chcgil.sbcglobal.net.
> 208.100.94.78.in-addr.arpa name = ip-78-94-100-208.unitymediagroup.de.
> 72.31.165.79.in-addr.arpa name = host-79-165-31-72.qwerty.ru.
> 171.120.121.84.in-addr.arpa name = 84.121.120.171.dyn.user.ono.com.
> 220.129.136.85.in-addr.arpa name = 85.136.129.220.dyn.user.ono.com.
> 237.177.156.88.in-addr.arpa name = 237.177.stk.vectranet.pl.
> 216.25.237.92.in-addr.arpa name = 92-237-25-216.cable.ubr12.enfi.blueyonder.co.uk.
> 187.135.32.96.in-addr.arpa name = 96-32-135-187.ga.charter.com.

Check Output section for current lists.

Update 2009/04/24: Autotagging job runs for nums<10
Update 2009/04/23: Currently tagging acc. nets in Db.
Update 2009/04/22: Resuls gave 1.048 unique IPs that appeared more than 2times.
Update 2009/04/22: Finished checking 2.961.343 domains from database - let's see...
Update 2009/04/01: Conficker.C may list round about 1.34 Mio domains
Update 2009/03/31: aaaaaaaaaaaaaaaaarrrrrrgghhssss - April List contains round about 1.4 Mio domains to check and map .. this will take a while

Update 2009/03/31: Read HoneyNet Org- Know Your Enemy: Containing Conficker and Uni Bonn - Containing Conficker

Update 2009/03/02: Read MSRC Blog. Affects variant A and B.

Update 2009/02/25: read article on Malware Threat Center for their analysis on conflicker variant A and B.

Article from microsoft website:

-- snip --
Along with Microsoft, organizations involved in this collaborative effort include ICANN, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.
-- snip --

look at the other ones ...

unique IPs/netranges from destination domains:

124.172.156.32 CN XYDnet APNIC-124 124.172.156.0 - 124.172.156.255 124.172.156.0/24
netname: NGNNET
descr: World Crossing Telecom(GuangZhou) Ltd.
descr: 17/FL,International Bank Center,
descr: 191# DongFengXi Rd. Guangzhou, Guangdong

143.215.143.11 US GATECH NET-143-0-0-0-0 143.215.0.0 - 143.215.255.255 143.215.0.0/16 1990-06-30 GIT
OrgName: Georgia Institute of Technology
OrgID: GIT
Address: 258 Fourth St NW
Address: Rich Building
City: Atlanta

146.57.249.100 US UMN-MRS-NET NET-146-0-0-0-0 146.57.0.0 - 146.57.255.255 146.57.0.0/16 1991-01-21 UNIVER-233
OrgName: University of Minnesota
OrgID: UNIVER-233
Address: 2218 Univ Ave SE
City: Minneapolis

147.83.152.184 ES UPCNET EU-ZZ-147 147.83.0.0 - 147.83.255.255 147.83.0.0/16 1993-09-27 Universitat Politecnica de Cat
netname: UPCNET
descr: Universitat Politecnica de Catalunya
descr: Barcelona
country: ES

149.20.54.193 US ISC-NET3 NET-149-0-0-0-0 149.20.0.0 - 149.20.255.255 149.20.0.0/16 1992-01-28 ISC-94-Z
OrgName: Internet Systems Consortium, Inc.
OrgID: ISC-94-Z
Address: 950 Charter Street
City: Redwood City

149.20.56.32 US ISC-NET3 NET-149-0-0-0-0 149.20.0.0 - 149.20.255.255 149.20.0.0/16 1992-01-28 ISC-94-Z
OrgName: Internet Systems Consortium, Inc.
OrgID: ISC-94-Z
Address: 950 Charter Street
City: Redwood City
StateProv: CA

159.226.7.162 CN CSTNET 159.226.0.0 - 159.226.255.255 159.226.0.0/16 2008-06-24 CHINA SCIENCE AND TECHNOLOGY N
netname: CSTNET
descr: CHINA SCIENCE AND TECHNOLOGY NETWORK
descr: No.4, Zhongguancun 4th South Street,
descr: Haidian District, Beijing
country: CN

173.45.234.232 US SLICE-STL-SH NET-173-0-0-0-0 173.45.224.0 - 173.45.255.255 173.45.224.0/19 2008-10-13 SLICE
OrgName: Slicehost LLC
OrgID: SLICE
Address: 4579 Laclede Avenue #258
City: St. Louis

173.45.240.5 US SLICE-STL-SH NET-173-0-0-0-0 173.45.224.0 - 173.45.255.255 173.45.224.0/19 2008-10-13 SLICE
OrgName: Slicehost LLC
OrgID: SLICE
Address: 4579 Laclede Avenue #258
City: St. Louis

174.132.148.66 US NETBLK-THEPLANET-BLK-15 NET-174-0-0-0-0 174.132.0.0 - 174.133.255.255 174.132.0.0/15 2008-06-17 TPCM
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston

199.2.137.252 US FON-3338832128690 NET-199-0-0-0-1 199.2.137.0 - 199.2.137.255 199.2.137.0/24 2001-02-14 MSFT
OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Drive
City: Reston
StateProv: VA

203.171.227.10 CN GIANT 203.171.224.0 - 203.171.239.255 203.171.224.0/20 2006-04-20 ZhengZhou GIANT Computer Netwo
netname: GIANT
descr: ZhengZhou GIANT Computer Network Technology Co., Ltd
descr: Room 701 Information Building NO.144 Garden Road, Zhenzhou
descr: Henan, P.R.China

204.94.86.74 US MARKETLIVE-1 NET-204-94-80-0-1 204.94.86.64 - 204.94.86.79 204.94.86.64/28 2008-08-05 RAGING-3
OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Drive
City: Reston

205.178.145.65 US NSLLC01 NET-205-178-128-0-1 205.178.145.0 - 205.178.145.255 205.178.145.0/24 2006-05-19 NSL-37
OrgName: InQuent Technologies Inc.
OrgID: INQT
Address: 150 York St, Suite 1900
City: Toronto

205.188.161.4 US AOL-DTC NET-205-0-0-0-0 205.188.0.0 - 205.188.255.255 205.188.0.0/16 1998-04-18 AMERIC-59
OrgName: America Online, Inc
OrgID: AMERIC-59
Address: 22080 Pacific Blvd
City: Sterling

209.62.20.226 US NETBLK-THEPLANET-BLK-EV1-16 NET-209-0-0-0-0 209.62.0.0 - 209.62.127.255 209.62.0.0/17 2007-03-19 TPCM
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston

211.9.58.163 JP G-SERVE 211.9.58.160 - 211.9.58.167 211.9.58.160/29 2003-08-14 G-SERVE

212.158.162.5 RU RU-CARAVAN-990714 212.158.160.0 - 212.158.175.255 212.158.160.0/20 1999-07-14 ISP "CARAVAN"

212.227.10.28 DE SCHLUND-CUSTOMERS 212.227.0.0 - 212.227.13.255 212.227.0.0/20 2004-06-11 Schlund + Partner AG

212.67.202.8 GB UK-PIPEX-HOSTED-SERVERS-12 UK-GLOBAL-990512 212.67.202.0 - 212.67.202.255 212.67.202.0/24 2005-03-08 PIPEX Hosting Leeds colo
netname: UK-PIPEX-HOSTED-SERVERS-12
descr: PIPEX Hosting Leeds colo
descr: Leeds
country: GB

212.97.133.21 DK SURFTOWNDK 212.97.132.0 - 212.97.135.255 212.97.132.0/22 2007-10-28 Surftown A/S

213.159.193.55 RU RU-ACSIT-20080318 213.159.192.0 - 213.159.223.255 213.159.192.0/19 2008-03-18 ACSIT-NET

213.171.218.120 GB FASTHOSTS-UK-NETWORK 213.171.218.0 - 213.171.219.255 213.171.218.0/23 2003-08-05 UK's largest web hosting compa

213.188.129.183 NO COM-ACTIVEISP 213.188.128.0 - 213.188.134.255 213.188.128.0/21 2000-01-26 Active 24 ASA. Region Norway
213.188.129.184 NO COM-ACTIVEISP 213.188.128.0 - 213.188.134.255 213.188.128.0/21 2000-01-26 Active 24 ASA. Region Norway

216.104.161.117 US TIERRANET-2BLK NET-216-0-0-0-0 216.104.160.0 - 216.104.191.255 216.104.160.0/19 2000-07-17 TIER
216.104.161.217 US TIERRANET-2BLK NET-216-0-0-0-0 216.104.160.0 - 216.104.191.255 216.104.160.0/19 2000-07-17 TIER
OrgName: TierraNet Inc.
OrgID: TIER
Address: PO BOX 502010
City: San Diego

216.21.239.197 US RCOM-1BLK NET-216-0-0-0-0 216.21.224.0 - 216.21.239.255 216.21.224.0/20 2000-06-28 REG
OrgName: Register.com, Inc
OrgID: REG
Address: 575 8th Avenue
City: New York

216.8.179.26 CA MNSI-NEXTD-BLK1 NET-216-8-128-0-1 216.8.176.0 - 216.8.179.255 216.8.176.0/22 2005-09-26 NEXTD
OrgName: Managed Network Systems Inc.
OrgID: MNSI
Address: 300 Tecumseh Rd. East
Address: Unit 344
City: Windsor

217.113.244.80 ES itnet 217.113.244.64 - 217.113.244.95 217.113.244.64/27 2004-03-09 co-location network

218.145.71.194 KR KORNET-INFRA000001 218.145.71.128-218.145.71.255 218.145.71.128/25 0000-00-00 KORNET

218.244.147.129 CN HICHINA 218.244.144.0 - 218.244.151.255 218.244.144.0/21 2007-04-11 hichina-telecom-net

218.61.204.215 CN CNCGROUP-LN APNIC-AP 218.60.0.0 - 218.61.255.255 218.60.0.0/15 2004-04-05 CNCGROUP Liaoning province net

219.94.129.211 JP SAKURA-NET 219.94.129.0 - 219.94.129.255 219.94.129.0/24 2006-03-31 SAKURA Internet Inc.

221.130.201.9 CN CMNET-shanghai CMNET 221.130.176.0 - 221.130.207.255 221.130.128.0/17 2005-05-12 China Mobile Communications Co

24.170.188.201 US ERLK-TW-CENTRALFL26 NET-24-170-128-0-1 24.170.160.0 - 24.170.191.255 24.170.160.0/19 2006-01-18 ERTS

24.219.190.251 US YGNIT-5 NET-24-0-0-0-0 24.219.0.0 - 24.219.255.255 24.219.0.0/16 2000-11-07 YGNIT

24.240.195.100 US AMPT-24-240-192-0 NET-24-240-192-0-1 24.240.192.0 - 24.240.195.255 24.240.192.0/22 2008-12-19 CC04

38.113.1.116 US COGENT-NB-0002 NET-38-0-0-0-1 38.112.0.0 - 38.119.255.255 38.112.0.0/13 2003-08-20 PSI

58.222.17.23 CN CHINANET-JS APNIC-58 58.208.0.0 - 58.223.255.255 58.208.0.0/12 2005-06-24 CHINANET jiangsu province netw

61.145.126.204 CN CHINANET-GD 61.145.0.0 - 61.145.255.255 61.145.0.0/16 2007-07-11 CHINANET Guangdong Province Ne

61.238.149.50 HK CTIHK APNIC3 61.238.0.0 - 61.239.255.255 61.238.0.0/15 2003-11-10 City Telecom (H.K.) Ltd.
62.213.110.9 RU RU-CARAVAN-20011109 62.213.64.0 - 62.213.127.255 62.213.64.0/18 2001-11-09 PROVIDER
62.213.110.9 RU RU-CARAVAN-20011109 EU-ZZ-62 62.213.64.0 - 62.213.127.255 62.213.64.0/18 2001-11-09 PROVIDER
netname: KASPERSKY-CARAVAN-NET-1
descr: Kaspersky Lab
descr: Moscow, Russia
country: RU

64.235.44.215 US APH-LAS-NV1 NET-64-0-0-0-0 64.235.32.0 - 64.235.63.255 64.235.32.0/19 2002-09-11 AHOSTI

64.70.19.33 US SAVV-S235073-7 NET-64-70-0-0-1 64.70.19.0 - 64.70.19.255 64.70.19.0/24 2008-01-16 WORLD-119

64.95.48.5 US INAP-ACS-BASIN-23578 NET-64-94-0-0-1 64.95.48.0 - 64.95.48.63 64.95.48.0/26 2008-07-11 PNAP

64.95.58.5 US INAP-ACS003-BASIN-19060 NET-64-94-0-0-1 64.95.58.0 - 64.95.58.63 64.95.58.0/26 2008-01-23 PNAP

65.102.56.213 US USW-JIMFISHERVO NET-65-100-0-0-1 65.102.56.208 - 65.102.56.215 65.102.56.208/29 2002-06-05 JFV

66.142.232.173 US SBC066142232000021202 NET-66-136-0-0-1 66.142.232.0 - 66.142.233.255 66.142.232.0/23 2002-12-02 SIS-80

66.150.161.44 US INAP-SEF-DOTSTER-7068 NET-66-150-0-0-1 66.150.161.32 - 66.150.161.63 66.150.161.32/27 2006-04-17 DOTST-1

68.142.212.71 US INKTOMI-BLK-4 NET-68-0-0-0-0 68.142.192.0 - 68.142.255.255 68.142.192.0/18 2004-03-24 INKT

68.178.232.100 US GO-DADDY-SOFTWARE-INC NET-68-0-0-0-0 68.178.128.0 - 68.178.255.255 68.178.128.0/17 2005-04-12 GODAD

69.10.155.222 CA RACKFORCE-1 NET-69-0-0-0-0 69.10.128.0 - 69.10.159.255 69.10.128.0/19 2002-12-12 RACKF

69.16.116.94 US UMASSP2 NET-69-0-0-0-0 69.16.0.0 - 69.16.127.255 69.16.0.0/17 2002-12-19 UMAP

69.25.47.166 US INAP-WDC002-DOTSTER-7073 NET-69-25-0-0-1 69.25.47.160 - 69.25.47.191 69.25.47.160/27 2006-04-17 DOTST-1

69.46.228.32 US PARKED1 NET-69-46-224-0-1 69.46.226.0 - 69.46.228.255 69.46.226.0/23, 69.46.228.0/24 2007-10-23 PARKE-19

69.64.147.16 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.18 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.19 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.20 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.207 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.21 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.147.210 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.119 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.120 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.121 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.123 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.124 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.125 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.126 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM
69.64.155.127 US ENOM-BLOCK NET-69-0-0-0-0 69.64.144.0 - 69.64.159.255 69.64.144.0/20 2007-07-25 ENOM

69.66.237.74 US IOWA-TELECOM NET-69-0-0-0-0 69.66.0.0 - 69.66.255.255 69.66.0.0/16 2003-07-31 IOWATE

69.89.17.9 US BLUEHOST-NETWORK-1 NET-69-0-0-0-0 69.89.16.0 - 69.89.31.255 69.89.16.0/20 2006-10-02 BLUEH-2

70.154.82.100 US BELLSNET-BLK15 NET-70-0-0-0-0 70.144.0.0 - 70.159.255.255 70.144.0.0/12 2004-07-28 BELL

70.249.147.164 US SBC07024914600023050118175915 NET-70-240-0-0-1 70.249.146.0 - 70.249.147.255 70.249.146.0/23 2005-01-18 SIS-80

70.85.228.70 US NETBLK-THEPLANET-BLK-13 NET-70-0-0-0-0 70.84.0.0 - 70.87.255.255 70.84.0.0/14 2004-07-29 TPCM

72.167.232.152 US GO-DADDY-SOFTWARE-INC NET-72-0-0-0-0 72.167.0.0 - 72.167.255.255 72.167.0.0/16 2007-07-05 GODAD
72.167.51.186 US GO-DADDY-SOFTWARE-INC NET-72-0-0-0-0 72.167.0.0 - 72.167.255.255 72.167.0.0/16 2007-07-05 GODAD

72.34.4.115 US M72-34-4-0-DUNLAPRB-POOL1 NET-72-34-0-0-1 72.34.4.0 - 72.34.4.255 72.34.4.0/24 2006-06-08 MTCC

72.52.202.225 US LIQUIDWEB-6 NET-72-0-0-0-0 72.52.128.0 - 72.52.255.255 72.52.128.0/17 2006-08-03 LQWB

74.208.164.166 US 1AN1-NETWORK NET-74-0-0-0-0 74.208.0.0 - 74.208.191.255 74.208.0.0/17, 74.208.128.0/18 2006-11-22 11INT

74.208.26.102 US CUSTOMERS-1 1AN1-NETWORK 74.208.0.0 - 74.208.63.255 74.208.0.0/18 2007-01-16 1 and 1 Internet Inc.
74.208.64.145 US CUSTOMERS-2 1AN1-NETWORK 74.208.64.0 - 74.208.79.255 74.208.64.0/20 2007-01-16 1 and 1 Internet Inc.
74.208.64.191 US CUSTOMERS-2 1AN1-NETWORK 74.208.64.0 - 74.208.79.255 74.208.64.0/20 2007-01-16 1 and 1 Internet Inc.

74.55.100.7 US TPCM-4639844 NET-74-52-0-0-1 74.55.100.0 - 74.55.100.255 74.55.100.0/24 2008-03-12 SEDOC

75.12.45.206 US SBCIS-SBIS-6BLK NET-75-0-0-0-0 75.0.0.0 - 75.63.255.255 75.0.0.0/10 2006-02-28 SIS-80

75.126.137.166 US SOFTLAYER-4-3 NET-75-0-0-0-0 75.126.0.0 - 75.126.255.255 75.126.0.0/16 2006-05-12 SOFTL
75.126.238.193 US SOFTLAYER-4-3 NET-75-0-0-0-0 75.126.0.0 - 75.126.255.255 75.126.0.0/16 2006-05-12 SOFTL

75.4.143.59 US SBC-75-4-128-0-20-0804030132 NET-75-0-0-0-1 75.4.128.0 - 75.4.143.255 75.4.128.0/20 2008-04-03 SIS-80

76.229.106.39 US SBC-76-229-104-0-22-0705140611 NET-76-192-0-0-1 76.229.104.0 - 76.229.107.255 76.229.104.0/22 2007-05-14 SIS-80

76.240.151.177 US SBC-76-240-151-176-29-0707111905 NET-76-192-0-0-1 76.240.151.176 - 76.240.151.183 76.240.151.176/29 2007-07-12 SIS-80

78.46.64.140 DE DE-HETZNER-20070416 RIPE-CIDR-BLOCK 78.46.0.0 - 78.47.255.255 78.46.0.0/15 2007-04-16 Hetzner Online AG

80.203.39.96 NO NEXTGENTEL-NO 80.203.16.0 - 80.203.47.255 80.203.0.0/18 2002-11-14 XDSL access and service provid

82.3.103.106 GB NTL 82.3.96.0 - 82.3.111.255 82.3.96.0/20 2004-01-06 NTL Infrastructure - Renfrew

82.42.189.145 GB BROADBANDAUDIT UK-CABLEINET-20030131 82.42.189.0 - 82.42.189.255 82.42.189.0/24 2007-10-23 BROADBAND KNOW UBR07LIVE

82.98.86.176 DE SEDO-1-NET 82.98.86.0 - 82.98.86.255 82.98.86.0/24 2007-06-15 Sedo Domain Parking

83.68.16.6 NL XS4ALL 83.68.16.0 - 83.68.16.255 83.68.16.0/24 2006-02-01 XS4ALL Internet BV

85.13.136.31 DE DE-ALL-INKL-20050405 RIPE-CIDR-BLOCK 85.13.128.0 - 85.13.191.255 85.13.128.0/18 2005-04-05 Neue Medien Muennich

87.106.142.154 DE SCHLUND-CUSTOMERS DE-SCHLUND-20050810 87.106.128.0 - 87.106.143.255 87.106.128.0/20 2007-01-29 Schlund + Partner AG
87.106.34.1 DE SCHLUND-CUSTOMERS 87.106.32.0 - 87.106.47.255 87.106.32.0/20 2005-01-19 Schlund + Partner AG
87.106.86.28 DE SCHLUND-CUSTOMERS DE-SCHLUND-20050810 87.106.80.0 - 87.106.95.255 87.106.80.0/20 2006-11-29 Schlund + Partner AG

97.74.119.216 US GO-DADDY-SOFTWARE-INC NET-97-0-0-0-0 97.74.0.0 - 97.74.255.255 97.74.0.0/162008-08-14 GODAD
98.136.50.188 US A-YAHOO-US9 NET-98-0-0-0-0 98.136.0.0 - 98.136.127.255 98.136.0.0/17 2007-12-07 YHOO

99.148.169.172 US SBC-99-148-168-0-22-0801152612 NET-99-128-0-0-1 99.148.168.0 - 99.148.171.255 99.148.168.0/22 2008-01-15 SIS-80

abuse reports to american providers were sent out with cc to soc@us-cert.gov at time of first detection. Still seems to resolve:

Mo 12. Jan 16:39:14 CET 2009
#!/bin/sh
# check for poisened from kundenform.volksbank.de.mode-it000001773.com.au
date;cat checkvolksbank.sh;nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep -v '213.';nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Non-authoritative answer:
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 71.91.92.73
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 75.45.207.66
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 75.136.139.112
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 76.11.157.39
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 76.212.233.52
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 84.121.121.131
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 91.123.159.112
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.141.74.204
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.198.29.114
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.242.146.109
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 99.141.100.99
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 210.249.74.115
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 12.208.172.216
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 24.148.132.49
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 70.239.9.183

216.172.208.12.in-addr.arpa name = 12-208-172-216.client.mchsi.com.
115.74.249.210.in-addr.arpa canonical name = 115.112h.74.249.210.in-addr.arpa.
115.112h.74.249.210.in-addr.arpa name = ws2.funcy.com.
49.132.148.24.in-addr.arpa name = user-0c9911h.cable.mindspring.com.
183.9.239.70.in-addr.arpa name = adsl-70-239-9-183.dsl.bcvloh.sbcglobal.net.
73.92.91.71.in-addr.arpa name = static.unknown.charter.com.
112.139.136.75.in-addr.arpa name = 75-136-139-112.dhcp.gnvl.sc.charter.com.
66.207.45.75.in-addr.arpa name = adsl-75-45-207-66.dsl.sfldmi.sbcglobal.net.
39.157.11.76.in-addr.arpa name = host-76-11-157-39.newwavecomm.net.
52.233.212.76.in-addr.arpa name = adsl-76-212-233-52.dsl.yntwoh.sbcglobal.net.
131.121.121.84.in-addr.arpa name = 84.121.121.131.dyn.user.ono.com.
112.159.123.91.in-addr.arpa name = 91.123.159.112.nash.net.ua.
204.74.141.98.in-addr.arpa name = dynamic-98-141-74-204.dsl.cavtel.net.
114.29.198.98.in-addr.arpa name = c-98-198-29-114.hsd1.tx.comcast.net.
109.146.242.98.in-addr.arpa name = c-98-242-146-109.hsd1.fl.comcast.net.
99.100.141.99.in-addr.arpa name = adsl-99-141-100-99.dsl.chcgil.sbcglobal.net.

So 11. Jan 02:33:14 CET 2009
#!/bin/sh
# check for poisened from kundenform.volksbank.de.mode-it000001773.com.au
date;cat checkvolksbank.sh;nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep -v '213.';nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Non-authoritative answer:
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 210.249.74.115
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 12.202.1.12
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 24.148.132.49
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 62.31.243.71
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 64.149.234.105
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 67.172.60.164
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 68.72.112.255
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 70.244.248.132
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 75.74.26.103
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 76.226.54.97
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 92.233.26.189
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.217.125.105
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.222.245.254
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 114.182.46.230
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 201.233.114.143

230.46.182.114.in-addr.arpa name = i114-182-46-230.s05.a014.ap.plala.or.jp.
12.1.202.12.in-addr.arpa name = 12-202-1-12.client.mchsi.com.
143.114.233.201.in-addr.arpa name = cable201-233-114-143.epm.net.co.
115.74.249.210.in-addr.arpa canonical name = 115.112h.74.249.210.in-addr.arpa.
115.112h.74.249.210.in-addr.arpa name = ws2.funcy.com.
49.132.148.24.in-addr.arpa name = user-0c9911h.cable.mindspring.com.
71.243.31.62.in-addr.arpa name = 62-31-243-71.cable.ubr08.gill.blueyonder.co.uk.
164.60.172.67.in-addr.arpa name = c-67-172-60-164.hsd1.pa.comcast.net.
255.112.72.68.in-addr.arpa name = adsl-68-72-112-255.dsl.chcgil.ameritech.net.
132.248.244.70.in-addr.arpa name = ppp-70-244-248-132.dsl.snantx.swbell.net.
103.26.74.75.in-addr.arpa name = c-75-74-26-103.hsd1.fl.comcast.net.
97.54.226.76.in-addr.arpa name = adsl-76-226-54-97.dsl.sfldmi.sbcglobal.net.
189.26.233.92.in-addr.arpa name = 92-233-26-189.cable.ubr10.stav.blueyonder.co.uk.
105.125.217.98.in-addr.arpa name = c-98-217-125-105.hsd1.ma.comcast.net.
254.245.222.98.in-addr.arpa name = c-98-222-245-254.hsd1.il.comcast.net.

Sa 10. Jan 19:38:54 CET 2009
#!/bin/sh
# check for poisened from kundenform.volksbank.de.mode-it000001773.com.au
date;cat checkvolksbank.sh;nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep -v '213.';nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Non-authoritative answer:
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 210.249.74.115
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 12.202.1.12
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 24.136.176.91
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 24.148.132.49
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 62.31.243.71
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 67.172.60.164
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 70.141.208.101
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 76.205.75.179
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 76.226.51.53
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 82.40.149.96
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 89.223.26.229
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 91.123.159.112
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.217.125.105
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 99.141.100.99
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 193.39.73.14

12.1.202.12.in-addr.arpa name = 12-202-1-12.client.mchsi.com.
115.74.249.210.in-addr.arpa canonical name = 115.112h.74.249.210.in-addr.arpa.
115.112h.74.249.210.in-addr.arpa name = ws2.funcy.com.
91.176.136.24.in-addr.arpa name = user-0c8hc2r.cable.mindspring.com.
49.132.148.24.in-addr.arpa name = user-0c9911h.cable.mindspring.com.
71.243.31.62.in-addr.arpa name = 62-31-243-71.cable.ubr08.gill.blueyonder.co.uk.
164.60.172.67.in-addr.arpa name = c-67-172-60-164.hsd1.pa.comcast.net.
101.208.141.70.in-addr.arpa name = adsl-70-141-208-101.dsl.irvnca.sbcglobal.net.
179.75.205.76.in-addr.arpa name = adsl-76-205-75-179.dsl.bcvloh.sbcglobal.net.
53.51.226.76.in-addr.arpa name = adsl-76-226-51-53.dsl.sfldmi.sbcglobal.net.
96.149.40.82.in-addr.arpa name = 82-40-149-96.cable.ubr11.uddi.blueyonder.co.uk.
229.26.223.89.in-addr.arpa name = 229.as-26.nienschanz.ru.
112.159.123.91.in-addr.arpa name = 91.123.159.112.nash.net.ua.
105.125.217.98.in-addr.arpa name = c-98-217-125-105.hsd1.ma.comcast.net.
99.100.141.99.in-addr.arpa name = adsl-99-141-100-99.dsl.chcgil.sbcglobal.net

Sa 10. Jan 14:56:51 CET 2009
#!/bin/sh
# check for poisened from kundenform.volksbank.de.mode-it000001773.com.au
date;cat checkvolksbank.sh;nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep -v '213.';nslookup kundenform.volksbank.de.mode-it000001773.com.au | grep 'Address:' | grep -v '#'| cut -d ' ' -f 2 | sort -u | nslookup | grep 'name ='

Non-authoritative answer:
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 24.136.176.91
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 67.172.60.164
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 69.155.118.212
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 76.205.75.179
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 82.13.84.146
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 82.40.149.96
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 82.42.162.244
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 89.223.26.229
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 91.123.159.112
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 92.233.26.189
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 98.217.125.105
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 113.131.215.201
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 114.182.47.12
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 193.39.73.14
Name: kundenform.volksbank.de.mode-it000001773.com.au
Address: 210.249.74.115

12.47.182.114.in-addr.arpa name = i114-182-47-12.s05.a014.ap.plala.or.jp.
115.74.249.210.in-addr.arpa canonical name = 115.112h.74.249.210.in-addr.arpa.
115.112h.74.249.210.in-addr.arpa name = ws2.funcy.com.
91.176.136.24.in-addr.arpa name = user-0c8hc2r.cable.mindspring.com.
164.60.172.67.in-addr.arpa name = c-67-172-60-164.hsd1.pa.comcast.net.
212.118.155.69.in-addr.arpa name = adsl-69-155-118-212.dsl.snantx.swbell.net.
179.75.205.76.in-addr.arpa name = adsl-76-205-75-179.dsl.bcvloh.sbcglobal.net.
146.84.13.82.in-addr.arpa name = cpc2-whit2-0-0-cust145.cdif.cable.ntl.com.
96.149.40.82.in-addr.arpa name = 82-40-149-96.cable.ubr11.uddi.blueyonder.co.uk.
244.162.42.82.in-addr.arpa name = 82-42-162-244.cable.ubr11.live.blueyonder.co.uk.
229.26.223.89.in-addr.arpa name = 229.as-26.nienschanz.ru.
112.159.123.91.in-addr.arpa name = 91.123.159.112.nash.net.ua.
189.26.233.92.in-addr.arpa name = 92-233-26-189.cable.ubr10.stav.blueyonder.co.uk.
105.125.217.98.in-addr.arpa name = c-98-217-125-105.hsd1.ma.comcast.net.