#
# $Id: hostiles.txt 17378 2010-03-10 09:18:37Z rmanfredi $
#
# Hostile IP addresses, completely banned from the Gnutella network.
#
# We don't accept connections from those hosts, never connect to them,
# and drop their query hits on the floor without relaying them.
#
# The following list is a default, based on a list provided by BearShare.
# If you want to customize this list, put it into your ~/.gtk-gnutella
# directory and edit it.
#
# This file may be changed whilst gtk-gnutella is running: it will notice
# the update and reload the file.
#

38.144.0.0/16
64.14.0.0/16
65.118.41.192/26
65.247.105.240/28
66.117.0.0/19
66.250.24.0/22
66.250.52.0/24
66.28.0.0/16
192.217.228.0/24
198.63.0.0/16
198.64.0.0/15
198.66.0.0/16
209.122.130.0/24
209.204.128.0/18
216.122.0.0/16
216.144.233.0/24

# Exodus Communications
64.37.192.0/18
64.209.128.0/20
64.210.192.0/19
167.216.232.0/21
209.67.0.0/16
209.143.224.0/20
209.202.128.0/18
216.109.64.0/19
216.104.224.0/19
216.177.64.0/19
216.182.192.0/19
216.219.96.0/20
216.32.0.0/14
216.74.128.0/18

###
### The following gathered by the gtk-gnutella team
###

# gtk-gnutella up to 0.94 handles CIDR notation WRONG!
# 66.186.39.0/26 -> 66.186.39.0/26

32.105.110.0/24

# Performance Systems International (PSI) is an extremely hostile range
# Macrovision has SmokeBlowers there; they poll GWebCaches etc. pp.
# There are certainly non-hostile hosts but it's not worth or possible to
# differ.
38.96.0.0/11
# MediaDefender
#38.107.160.0/21
 
64.15.0.0/16
66.186.39.0/26

# hosted by WV FIBER LLC
66.186.194.0/24

# MediaSentry
66.250.46.0/24
66.250.47.0/25
209.133.121.0/24
209.133.122.0/24
# MediaSentry at Abovenet Communications, Inc
# Same as JunGroup? Trailer and pr0n spam (AVI/MOV/MPG); LimeWire
#209.249.47.209
#209.249.47.196
209.249.0.0/16
# Spamming ranges from Abovenet; they host MediaSentry and possibly others
# most of them use giFT; they upload huge rar or zip files which contain
# nothing but lame insults.
64.124.0.0/16

# ServerBeach (Peer 1 network)
64.34.160.0/19
66.135.32.0/19

# Sound Control Media Protection, Ltd.
# Professional bots: "LimeWire/4.9.11 1.4 GiB 462 files"; purpose unknown
# The same ranges seem to contain bots which emit buzzword spam for
# audio files which are not downloadable but also executables.
# Most of these ranges belong to Hurricane Electric.
64.71.160.0/27
64.71.162.64/27
64.71.164.128/27
64.71.178.160/27
65.19.128.0/18
66.160.128.0/18
66.160.192.0/20
66.220.2.128/25
66.220.3.192/27
66.220.6.64/27
66.220.11.64/27
66.220.12.0/24
66.220.26.128/25

209.51.160.0/19
216.66.0.0/18
216.218.128.0/17


# Surreal Host / Surreal Services
# obviously the same as Sound Control Media Protection
64.71.191.160/27

# Range at Peer1; seemingly also used by SCMP
69.90.119.128/27

# Range at FDC Servers.net, LLC, also used by SCMP
66.90.119.128/27

# Minnesota valley television
65.160.241.0/25

# DONet, Inc.
65.171.151.0/24

# Share dozens or hundreds of completely corrupted WMVs
67.18.128.0/24
67.18.129.0/24
67.18.213.0/24
67.19.6.0/24
67.19.8.0/24
205.177.73.0/24

# sBoOb.net, pr0n spammer
194.146.227.8

# cumfiesta, pr0n spammer
207.150.179.0/24

# goudkov.com, spammer
66.98.252.210
207.44.144.3
207.44.144.148

# Another DRM pr0n spammer
66.63.162.128/25

# Generic DRM pr0n spammer (mostly ASX files)
66.90.103.0/24
67.19.77.0/24
67.19.221.0/24
#67.159.5.0/24
#208.53.138.0/24
#208.53.158.0/25
#208.53.159.0/24
208.98.11.0/28
208.98.23.192/26
208.98.49.128/25
208.98.56.192/26


# DRM WMV pr0n spammer "Hollywood Interactive, Inc." using Mutella
# DRM header links to smutlounge dot com
64.27.0.0/19
216.240.128.48/28
216.240.128.64/30
216.240.134.0/24
217.115.128.48/29

# isaveclub.com AKA esaveclub.com AKA edirectclub.com
69.44.155.0/24
69.44.156.0/24
69.44.157.0/24
69.44.158.0/24

# hosted by voxel.net, massive spamming, uploaded file contains also GWebCache
# URLs and possibly a trojan, SHA1 match fails continously
# Used by PeerSentry which is also the source of *freeclub spam
69.9.186.0/23
69.9.188.0/23
69.9.190.0/24
208.122.0.0/18
# Applied Innovations
66.252.232.0/21

# hosted by net-sentry.net, suspicious GWebCache polling
69.26.174.0/24
69.26.191.0/24

# suspicious GWebCache polling
63.218.20.0/24
64.70.4.0/24
72.35.224.0/24
207.226.112.0/24
# The ranges below also upload corrupt/fake MP3s
216.152.250.192/26
72.35.231.64/26

# weasel.net, diverse GWebCache spamming/trashing
66.68.124.56

# Generic spammer, results don't even match query; Gnoozle
70.85.111.0/24
70.86.48.0/24
70.86.75.0/24
70.86.31.152/29
70.86.86.152/29

# DRM WMV spammer; giFT-based
70.84.168.80/28
70.85.234.0/28
69.93.107.0/24

# Generic pr0n spammer, adds search term to filenames (mostly WMVs)
63.243.162.0/27
63.243.181.0/27

# ZIP files containing setup.exe and small DRMed WMA files.  Uses Shareaza;
# some peers identify as "Jironimo" Can be found at ranges of surfplanet.de,
# VersaTel and HanseNet; always German ISPs; results copy the query string
# adding diverse prefixes and suffixes. "ysbweb dot com" (Integrated Search
# Technologies) is the origin of this spam.
# Jironimo is presumedly Manuel Prueter (Rostock, DE) the owner of
# free-drm-encoder dot com. Or maybe he is just one of their slaves.
66.152.93.0/25
# root servers or vservers so the addresses should be stable
80.237.174.147
#81.20.128.103:6346
81.20.128.96/28
81.209.165.73
85.88.2.192/26 
85.88.9.0/26
#85.88.20.75
85.88.20.64/28
78.111.66.0/26
78.111.70.0/26
# absolut-models dot com; screamsavers dot org; free-drm-encoder dot com;
# pimp-my-penis dot com
87.106.28.91
# leaseweb/ocom
85.17.155.0/24
85.17.167.0/24
# Jironimo at Versatel; dynamic range
83.135.71.235
83.135.89.16
89.246.28.253
89.246.50.198
# same at Deutsche Telekom AG
91.34.200.133

# Spammer hosted by pie.us
# (Sansui Ltd. has 206.223.156.0/24)
206.223.156.128/26

# WMA-DRM spam; affiliated with artistdirect.com et al.
# hosted by Fastserve
66.172.60.0/24

# WMA-DRM spam; files are 99% compressible (zero-filled); filenames
# imitate scene releases; WMA header contains URL pointing to
# artistdirect.com. In other words, this is MediaDefender.
# Assigned to Cyberverse Online.
66.180.192.0/20

# DRM spam
63.246.153.64/28
64.40.98.106
# drmspace.com, 66103.vidlock.com
#216.55.178.0/24
# vidlock.com
216.255.180.114
217.116.225.250
64.72.124.0/22

# getlaidquickly dot com; spam results for files which do not even exist;
# seemingly just an attempt to make the website well-known
#38.99.20.0/23
# WMA spam
#38.99.253.0/24
#38.99.0.0/16

# WMA-DRM spam; DRM URL links to intentmediaworks; giFT-based
#38.101.225.0/24
63.216.80.0/24
74.205.125.0/24
205.177.5.0/24
205.252.3.0/24
206.161.30.0/24
207.176.42.0/24
207.226.148.0/24
209.8.0.0/24
209.9.79.0/24

# WMV spammer with over-sensitive buzzword sensor; fake LimeWire; giFT-based
#38.96.5.128/26

# Gnucleus-based DRM WMV spammer hosted by GoDaddy
#68.178.200.89

# Spams DRM WMV files with license URL pointing to 68.178.225.162; filenames
# are bogus but are neither random nor matching the query. Examples are
# "basketball*wmv", "flytrain*wmv", "landing*wmv" etc. with variations in the
# trailing part like "_full-l", "part-l", "part-s" etc.); usually Gnucleus
# usually port 40464
64.182.136.130
# Same as above; DRM header links to 216.93.188.81; WhenU/SaveNow spam
206.51.230.0/24
206.51.239.0/24
66.232.104.0/24
66.232.111.0/24
66.232.112.0/24
66.232.114.0/24
66.232.118.0/24
66.240.192.0/18
72.21.50.90/31
61.128.0.0/15
#61.129.51.0/24
#61.129.70.59
#61.129.251.204
#61.129.70.21
#61.152.171.139
#61.152.175.63
#61.152.116.39
#61.152.116.53
61.152.0.0/16
# Mercury Interactive Ltd.; Shanghai
61.151.241.96/27
#61.151.241.115
60.12.182.0/28
60.12.102.9
60.28.222.171
69.64.47.131
# Chinese DRM-WMA spammer; Gnucleus
60.190.222.219
60.190.223.126
#219.235.1.104:40464
219.235.0.0/20
210.51.51.132
# DRM license server
#68.178.225.162
# ETE LLC (hosted by ServerPath, LLC); Shanghai
# DRM License server used by DRM WMV spam
216.93.188.80/30
64.151.98.32/29

# Gnucleus-based DRM WMV spammer hosted by HopOne
209.160.32.221
209.160.35.84
209.160.35.8
209.160.40.147

# Gnucleus-based DRM WMV spammer hosted by DMG Networks
209.165.244.242

# Columbus Network Access Point, Inc.
209.190.0.0/17
# Gnucleus-based DRM WMV spammer hosted by CNAP; it's no typo, the IP
# address are really very similar
#209.190.22.86
#209.190.122.186
222.73.219.128
222.73.218.0/24
222.73.204.159

# DRM WMV spammer; license URL links to 209.190.122.186
#68.178.144.112

# Gnucleus-based DRM WMV spammer hosted by ServerBeach/Peer-1
72.51.22.0/24
72.51.33.0/24
72.51.34.0/24
72.51.37.0/24
72.51.42.0/24

# Shareaza-based DRM WMV spammer hosted by Peer 1 (PEER1-CALYEUNG-*)
# The ranges are assigned to "Calvin Yeung". Servers host thousands of
# DRMed ASX and WMV files; all about 100KB large; files point to
# p2ptips dot com which is owned by the same person/organization.
64.34.248.160/27
65.39.185.240/28
65.39.195.64/27
66.199.142.0/26
66.199.142.224/28
69.28.230.192/27
69.90.74.0/23
69.90.216.64/26
69.90.242.64/26
# PEER1-NYCAT1AVLAN1-03; seemingly not part of PEER1-CALYEUNG-*
# but the servers are.
66.199.177.64/27

# Gnoozle; "sponsored results" exploiting a brain-dead LimeWire feature
# The SHA-1s are obviously faked and the files are not downloadable.
# Seems to be same as getlaidquickly spammers.
68.178.128.0/17
#68.178.144.2
#68.178.160.177
#68.178.194.60
#68.178.198.68
#68.178.206.62
#68.178.242.167
#68.178.250.209
#72.167.34.231
#72.167.34.232
#208.109.0.0/16
216.69.164.211

# lowth.com; www.lowth.com is a CNAME for lowth.no-ip.com
# Emits spam for .url files pointing to lowth.com which use frames
# to load an URL at Amazon.co.uk.
# requests to the root are double-redirected to Amazon.com
86.18.3.218

# A colo of lowth as it seems (port 6340). This idiot seriously needs to
# to fix his download.pl though.
86.7.128.215
87.74.1.198

# Same as above but the primary source is a seemingly random address
# at port 80; these emit also unrequested results.
204.11.216.0/23
204.11.218.0/23
204.11.222.0/23

# Aggressivly connecting; getting disconnected due to security violations
# Yes, this was Cisco Systems. Now officially Skyrider:
# Ed Kozel, CEO of SkyRider, had worked for Cisco Systems and Yahoo!
# James Kelly, Chief Financial Officer, worked in Cisco's Finance group.
128.108.0.0/16
# Emits "WEIRD" results; not downloadable; bogus alt-locs; urn:none:; primary
# address is always at port 80 at its own /24.
#128.108.111.0/24

# Range belong to Level 3; seems to be related to the peers by Cisco Systems
65.57.247.0/24
65.59.209.0/24
65.59.210.0/24

# Another range of Level 3; many fake clients emitting arbitrary spam files;
# MP3s contain only noise or beeps
8.9.192.0/20

# DRM WMV pr0n spammer; filenames are all caps; license server is 74.52.9.122
88.85.65.130
88.85.65.175
88.85.66.128/25

# MOV pr0n spammer; giFT-based; results do not match queries at all;
# links to adultpeak dot com.
#66.154.112.240/28
#66.154.124.2/31
66.63.161.0/24
66.63.163.0/24
66.63.164.0/24
66.63.167.0/24
66.63.168.0/23
66.63.170.0/24
66.63.172.0/24
66.63.174.0/24
72.11.143.0/26
72.11.158.0/29
72.11.158.128/27
76.76.8.0/23
216.144.227.64/26
216.144.235.64/26

# MOV pr0n spammer; giFT-based; links to i2cams dot com.
204.69.64.0/18
65.240.96.251
69.45.227.0/28
69.45.229.0/26
65.37.226.0/27

# DRM WMV pr0n spammer; files link to videoaccesspoint dot com; giFT-based
64.45.229.50
65.221.229.56
69.45.233.2

# The one below identifies as "LemonWire"; spams for videoaccesspoint too
65.37.238.145

# DRM WMA spam without SHA-1s; the uploaded chunks are JPEGs;
# sends very weird HTTP responses:
# HTTP 200 OK
# Server: Gnucleus 1.8.4.0
# Content-type:application/binary
# Accept-Ranges: bytes
# Content-Range: bytes=125197-649484/125197
# Content-Length: 524288
# X-Gnutella-Content-URN: urn:sha1:K4JPX22BKXHMEQOJR3FNCUF2DSSK2SHQ
#
#67.159.21.0/27
#67.159.52.0/24

# .exe spam from fake LimeWire; does not match query at all; giFT-based;
# spam is ubiquitous and shows up in *every single* search;
# "Free Game", "Hot Babes Screensavers", "Cute Puppies Screensavers" which
# is AdWare and/or a trojan horse. It is directly related to the
# "getlaidquickly" spam. Apparently Relevance Marketing LTD is the culprit.
#67.55.65.20
#67.55.65.92/30
#67.55.74.180
69.42.74.68
69.42.87.192/26
216.255.178.18
#216.130.182.228
#216.130.188.210/31
# Above mentioned adware downloads executables from the following web servers
# puzzledesktop dot com
64.40.106.131
# relevancemarketingltd dot com
64.40.106.132
# a dot downloadmediacentral dot com
64.40.106.133
# sense-super dot com
64.40.106.135
# These belong to Relevance Marketing as well 
64.72.123.0/24


# Shares over 10000 pictures with all names matching "<celebrity>_pic_1.jpg";
# The JPEGs show nothing but an URL at celebs dot deltaporn dot com on a white
# background; Shareaza; standard port
216.144.224.89

# DRM license server; PetaAd dot com
207.36.209.113

# Eros Digital Technologies and 3Xmarketing; WMV DRM spam; giFT-based
65.240.97.0/24
67.128.53.72/29
67.128.62.168/29

# Little czech DRM WMV spammer with fake(?) Morpheus; results identify
# as LimeWire; uses port 80 and others; results have no SHA-1; filenames
# end with .wm instead of .wma or .wmv.
82.208.41.192/29
83.148.8.19
#87.236.194.72/29
212.47.3.250

# pr0n MOV spammer with fake LimeWire; giFT-based
66.11.122.0/23
66.11.124.0/23

# fake movie spam; oversensitive to buzzwords; Gnucleus based; results are LIME
213.52.227.128/26

# MP3 spam (white noise); switches User-Agent on the fly during downloads
70.19.110.145

# MP3 spam; fake LimeWire; switches User-Agent on the fly during downloads
72.89.107.244

# pr0n spammer with ancient LimeWire 2.3.3 Pro; results have no SHA-1
# oversensitive buzzword sensor; standard port
63.246.140.0/24
66.232.96.0/23
66.232.99.0/24

# MOV spammer; adds dozens hundreds of fake alt-locs; links to p2pblast com
# LimeWire-based
# Some of these point to dfw4.preemo.org; preemo.org is registered to
# Daniel Kerr
63.246.133.22
69.41.171.128/26
69.41.173.31
69.41.173.32/30
72.36.200.120/29
72.36.210.200/29
72.36.216.48/29
72.36.217.176/29
#75.126.77.28/30
#75.126.78.240/30
194.126.193.8/30
207.150.184.52/31
207.150.184.36/31
208.101.51.32/28
208.101.46.160/28
# preemo.org
#207.150.179.72/31

# Mutella-0.4.5 on port 6351 and others;
# Zipped DRM WMV spam and dialer
83.149.98.14
83.149.119.16/31
85.17.36.36
85.118.37.47
85.118.37.51
# giFT; belongs to the above Mutella peers
213.251.174.143
# BearShare; belongs to the above Mutella peers
213.251.185.126/31

# PDF spammer; uses gtk-gnutella; PDFs link to cyber-spy dot com
# whois points to tcst dot net which matches 72.38.54.0/24.
70.52.236.2
72.38.54.146
72.38.54.147
72.38.54.156
72.38.54.162
72.38.54.183

# returns results for pr0n MPEGs not matching the query; gtk-gnutella
64.20.48.66

# nocusnetworks AKA discoverynetworks; giFT-based; multiple almost identical
# MOV files linking to nocusnetworks
209.50.48.0/22
69.16.142.200
216.75.107.32/27

# www.aup.lockeddns.com; used by DynDNS.org to hijack hosts of past users.
82.94.222.186

# PDF and QuickTime spam; FrostWire
216.17.108.12

# kwjmehkq dot com; DRM license server used in QuickTime spam a la p2pblast
# The whois data is clearly bogus.
66.111.54.160/28

# reserved range
79.79.55.0/24

114.46.32.0/24
116.108.101.0/24
165.193.220.0/24
167.216.144.0/24
206.251.8.0/25
207.234.131.147
207.234.131.148

# Macrovision Corporation, Inc. - Smokeblower Networks
# Extremely oversensitive buzzword spammers returning bogus results
64.92.224.0/19
192.156.198.0/24
209.10.214.0/24
209.11.121.0/24
209.11.134.0/24
209.11.141.64/26
209.11.141.128/26
209.11.142.0/23
209.193.136.96/27
209.195.16.0/24
209.195.58.192/26

# Strange client pool of Windoze(?) machines; they connect in hordes; most
# of them identify as LimeWire/4.0.5; Macrovision and Xeex are behind this.
63.219.21.0/24
63.220.57.0/24
63.216.76.0/24
69.72.168.0/24
154.37.66.0/24
204.193.134.0/24
204.193.136.0/24
205.134.238.0/23
207.171.61.0/25
208.49.28.0/24
208.116.62.0/24
209.10.143.0/24
212.71.252.0/24
216.151.128.0/19

# This is supposedly on a dynamic range but it's a very interesting caught.
# It's listening on the standard port. It's a fake LimeWire that responds with
# a Gnutella handshake no matter what was sent. It passes completely bogus
# addresses. Its job is either wasting resources or sniffing. It is also
# actively connecting to other nodes.
# "The Hinshelwood Building, Edmund Halley Road, Oxford Science Park"
85.210.156.0/24
81.157.11.254
81.179.85.0/24
86.137.187.50
# The one below was first caught but might be outdated by now.
81.179.74.0/24
# This one seems to belong to these; it emits results for fake audio and
# video files; switches GUID
64.248.219.98
64.248.219.196
66.134.169.213

# These are probably completely bogus but block them anyway as these are
# returned by those GUID switchers
67.11.22.33
99.11.22.33

# Time Warner Telecom
64.128.109.144/28
66.162.178.96/28
168.215.129.64/27
168.215.140.0/23
206.169.0.0/16
207.170.229.96/28
209.163.179.112/29
209.203.64.0/18
216.110.48.48/29

# fsh1.xcite.net and fsh2.xcite.net, reply to queries with $search + .exe
216.169.118.81
216.169.118.82

# GWebCache polling, dubious horde behaviour
204.9.117.0/24
204.9.118.0/24

# Overpeer, Inc
64.89.41.0/24
66.128.64.0/21
66.128.227.0/24
206.132.32.0/24
216.144.64.0/24
216.177.144.0/20

# Tacskill Hill
64.27.173.0/24
66.37.204.0/24
216.64.199.64/27
216.227.226.0/24

# Mindofteren
64.28.69.0/24
64.58.71.192/27
64.58.75.160/27
64.58.84.0/24
64.70.43.0/24
209.225.45.0/24

# Jomcaerten Co.
64.28.67.0/24
64.28.80.32/27
66.37.194.128/27
66.37.195.32/27
66.37.196.0/24
66.37.210.192/27
66.119.47.0/24
216.19.129.0/24
216.64.204.160/27

# Whailtracts
64.28.85.0/24
209.225.43.224/27
216.64.217.224/27
216.69.229.0/24

# Adult Xspace
69.50.160.0/19

# Spamming subnets from Cogent Communications
216.28.31.0/24

###
### The following come from an htaccess denying RIAA/MPAA access
###

12.150.191.0/24
63.199.57.0/24
64.166.187.0/24
64.241.31.0/24
65.244.101.0/24

# Interland
64.224.0.0/14

# Hostway Corporation
66.113.128.0/17

# WareNet
66.252.128.0/20

67.112.252.0/24
67.125.49.0/24
81.4.78.0/24
146.82.174.0/24

# Motion Picture Association (fr)
194.183.226.144/29
194.183.226.192/27

195.20.32.99
198.70.114.0/24

# Motion Picture and Television Fund
204.154.8.0/21

208.192.0.0/16
208.207.98.25
208.209.2.0/24
208.225.90.0/24
208.229.253.0/24
208.49.164.0/24
208.50.66.0/24
212.241.48.0/24

# Quibus International AB -- subnet used by rogue agents (e.g. advertise
# as LimeWire in hits, and when connected, they send User-Agent: Gnucleus).
# They seem to be using giFT now. Their spam includes URLs files but MP3s
# also DRMed WMA and even OGGs that have been messed with (constantly fade
# in/out). These peers seem to maintain a massive amount of connections. The
# URL files link to serv01.quibus.se.
212.209.1.0/24
212.209.34.128/26

# Elemental Codeworks Inc; LimeWire; nodes share thousands of aliases of a
# couple of almost identical MOV files (adult.mov) which is about 8 MB large;
# these files link to these domains:
# bang-sluts dot com
# 21-plus dot com
# p2pads dot com
# ptopads dot com
64.59.64.0/18
64.72.117.0/24
64.72.118.0/24
64.72.120.0/24
64.111.196.0/24
64.111.198.0/24
64.111.220.0/24
64.111.221.0/28
65.38.163.0/24
65.38.171.0/24
67.15.66.64/28
208.122.192.0/24
208.122.194.0/23
208.122.196.0/23
208.122.209.0/24
208.122.213.0/24
208.122.215.0/24
208.122.216.0/23
216.7.183.192/26
216.17.100.0/24

# The following is possibly a fake range and not the spam origin.
# It is used by the above spammers; the results are marked as firewalled
# and only work through pushes causing some of the above to connect.
# Some of these results use out-of-band v3 though.
216.139.239.240/28

# Fakes User-Agent randomly for each connection; uploads noisy
# MP3 files using an extremely aggressive buzzword filter.
216.58.72.33

# These participate in the sharewarning dot com spam; the site uses a
# chain of redirects:
# -> my-freemusic dot info
# -> myaffiliateads dot com
# -> allcoolmusic dot com
69.89.16.0/22
209.172.32.0/19
216.251.32.0/20

# GeekHosters; sub-range of Reflected Networks; security violations
64.210.144.128/25

# HTML/RAR/ZIP ebook link spam; 10045
124.197.24.92

# Phex; port 10897/45206; shares thousands of ZIP files (about 30 kB) infected
# with Trojan.Downloader.Small.Ehb which downloads
# media.teddycash.com/te-110-12-000073.exe
64.246.52.90
216.127.90.31
216.139.219.194
194.90.224.81

# "Accelerator" spam; ZIP files; hosted at Bezeq International
62.219.0.0/19
# Babylon.7.0.0.17.Pro.Multilingual.Incl.Crack.-   $QUERY.rar
# Slysoft AnyDVD HD v6.5.2.8 FiNAL Incl $QUERY + Keygen.rar
# Babylon Free translation tool - instant translation from any language $QUERY.rar
# $QUERY.Download.With.GetRight.Pro.v6.3e.Incl-Crack.rar
# $QUERY incl Babylon 7 PRO + Crack.rar
# $QUERY_+_Babylon_Translator+SERIAL.zip
#62.219.247.15 - 62.219.247.22
62.219.224.0/19
192.115.190.0/24
212.25.103.0/24
212.179.18.0/24
212.179.64.0/24
212.179.133.0/24
# FrostWire
# "View $keyword with the ultimate player.zip"
# "Download $keyword with the fastest BitTorrent downloader.zip"
79.182.142.95
80.48.113.243
82.80.4.0/24
#82.80.233.0/24
# Israel Israel Ashdod Bezeqint-hosting
# *Tools.exe
82.80.224.0/20
# texas holdem/poker ZIP spam; LimeWire
212.199.153.0/27
84.108.229.222

# *_ShareAccelerator.zip; 
# urn:sha1:ORKMW4AIZ6ERTDIZERO263GYCCTHRWX2;
# urn:sha1:4FVEOYAEYEAJJEH4KDKGFORCUE6FUAIW;
# *_Web_Hottest_Videos_Player.zip;
# urn:sha1:JJXUWD5P3VGGDFEMMDT52WYN3LWJ7LBC
# HobbyTentToolbar.zip;
# urn:sha1:JQOOOH5FRXFVR7DOLHFP7PPMAASMFDY6
#
# hosted at FDC Servers.net; LimeWire
#67.159.44.0/24
66.90.101.0/24

# "Darkstar Management"; fake wma/mp3/m4a; switches qhit address
#78.129.136.192/26
# same as above; probably belong together
64.62.210.0/24
64.62.214.0/24
# LimeWire; security violations; hosted at RapidSwitch and United Layer
#78.129.137.0/24
#78.129.148.0/23
#78.129.150.0/23
78.129.128.0/17
83.142.224.128/25
87.117.192.0/18
# hellum pohellum
207.7.135.0/24

# MOV pr0n spam; viralnetworkads dot com
64.56.67.0/26
67.18.30.0/23
67.18.41.0/25
67.18.149.154
67.18.218.42
67.19.156.128/25
67.19.151.0/28

# MOV pr0n spam; giFt-based; fake LimeWire; xxx-marks dot com
# Also mediaprovider.info; "Top of Charts" DRM WMA spam
#69.64.69.0/24
64.40.113.0/24
208.71.114.0/28

# Rogers Cable Inc. KTGC KTGC-HSI; semi-dynamic; probably stable for long
# durations; LimeWire; MOV spam;
# like p2pblast but for 5000passwords dot com; possibly a free-rider
# urn:sha1:QYIOU2FA3DCVHZH6KSCTX6GM623MFJBR
74.122.64.105

# MOV pr0n spam; sometimes disguised as JPG, GIF, MPEG
# hosted by Alpha Red and Reflected Networks
# LimeWire
69.80.226.130
# URLs point to this server:
# nats dot girl2schoolgirl dot com
# nats dot asianpervert dot com
# nats dot ticklehorror dot com
# nats dot solidvpn dot com
66.254.116.176
# Black Oak Computers
216.131.127.58
216.131.77.81
# leaseweb/ocom
85.17.162.7

# Gnucleus 1.8.4.0; seems spam with adware or trojans
209.85.52.192/26

# MOV pr0n spam; 21-plus dot com; range owned by ClickMAN LLC
64.89.16.0/20

# Respond with non-existing files; server listen but send no reply;
# standard port
64.93.88.64/26
64.93.89.192/26

# 62.90.175.146; hosted by Barak I.T.C;
# LimeWire; emits LIME/12v2 with zero count; trying to stop the query?
# shares diverse infectived files and spam
62.90.175.0/24

# LimeWire/4.9.11 and LimeWire/4.10.9; GUID switchers; further these seem to
# abuse searches for discovery
83.142.225.0/24
#87.117.250.0/23
66.90.78.0/24
69.72.161.0/24
208.98.50.0/24
195.242.153.0/24

# LimeWire/4.13.4; GUID switchers
68.239.124.60
124.186.130.190
75.34.28.32

# Shareaza 2.2.5.0; GUID switchers; potentially just buggy
81.179.65.141
84.60.17.116
82.239.141.113
151.68.163.253

# gtk-gnutella; MOV spam;
# p2pads dot com; ptopads dot com; redlightcenter dot com
85.92.157.148

# BearShare; hosted by HopOne; registered for "Arkadiusz_Senko"
# shares thousands of malware ZIPs
66.36.243.127

# WMV spam; giFT-based
85.233.199.128/25

# ASX spam; giFT-based
#204.13.55.176/28

# Accelerator and enhancer spam; zip; rar; exe; port 41000; LimeWire
85.92.153.192/26
121.119.182.32/27

# Shares thousands of duplicates as root*.exe, _musicfile*.mp3
# dynamically renamed; LimeWire/4.8.1 (Pro)
85.92.158.0/27

# MOV pr0n spam; video-elf dot com
8.3.218.0/24
84.40.30.64/27
204.13.55.0/24
#67.55.89.0/24
#67.55.93.0/24

# webair.com hosts a lot of DRM and pr0n spammers
67.55.64.0/18
216.130.160.0/19

# GUID switcher; AUDJ; LimeWire/4.9.11
193.164.133.74

# SOULI?; sub-range of Global Crossing (GBLX); fake video files; high vendor
# diversity (faked)
64.208.52.0/22

# sub-range of Global Crossing (GBLX); fake mp3s
64.213.84.0/22

# "Fun Workplace Time Waster", "(US Special Release)" etc. EXE, ZIP, RAR malware/adware
216.139.213.16/28

# Fake LimeWire; ZIP spam; "BitTorrent downloader" etc.
83.133.126.189
83.133.127.117

# HTM files; LimeWire; links to amateur dot himegimi dot jp
125.0.151.116

# shares thousands of ZIPs with UPX'd sharK trojan inside.
208.116.32.210/31

# ZIP spam
64.40.117.192/26

# These are either DDoS victims or arbitrary padding addresses, they are
# most-likely not source of the spam
122.154.192.11
123.154.192.11

# GnuShare (GSHR); peers send immediate 503 HTTP response before request
# hosted by Southern Light, LLC
69.85.192.0/18

# line-age dot net; HTML redirect spam
64.182.56.121

# Thousands of infected ZIP/RAR/EXE; also bigger files; LimeWire, Phex, Shareaza
# Michael Buck; Toronto, Ontario, M6L1B7, CA
66.79.171.0/27
# Michael Fedorov, Montreal, Ontario, L9J4N4, CA
66.79.163.60
# Organization: Viva; Contact: tibetemperor at gmail dot com
66.109.21.128/28
66.109.23.16/28
66.109.24.0/28
# Jonas Goldman, viljoen_johan06@yahoo.com
206.71.56.32/27

# MoveClicks/PULLTHEPLUG TECHNOLOGIES/Revelation Networks;
# MOV/JPG/WMA spam; Gnucleus and LimeWire
205.139.208.0/22
205.139.213.0/24
208.54.240.0/20
216.14.80.0/20
# Revelation Networks, Inc.
# mislabeled pr0n; MOV
207.246.192.0/20
# Subrange of Yellow Fiber Networks
# Danube Internaional SA, Miami, USA (moveclicks dot com)
# 67.23.123.0/26
67.23.112.0/20

# Query-Cache-0.1; fake Ultrapeer; sniffing?
# ZIP/MPG spammer; uses different source address
#208.53.147.0/24

# Horny/Sexy/hentai/(uncensored)/new + $query + .zip; LimeWire; Adware
69.42.82.116
209.200.6.116

# Phex; shares thousands of infected RAR/ZIP/EXE keygens and warez
64.34.69.2

# p2pads dot com; MOV; pr0n spam; hosted by Easy Online Solutions
8.17.0.0/23
# Wired 2000 Corporation, Inc., hosted by Easy Online Solutions
99.192.137.128/28
99.192.138.128/28
99.192.139.16/28
99.192.140.0/28
99.192.141.16/28
99.192.142.48/28
74.206.160.0/19

# MOV pr0n spam; torrentvideos dot com; Yourbrain Media Inc.
216.169.106.242
216.169.106.250
# MOV pr0n spam; LimeWire; generated names; Yourbrain Media Inc.
209.9.11.0/26

# Tiversa; 144 Emeryville Dr, Cranberry, PA, 16066, US, tiversa@nauticom.net
# uses earShare; aggressively searching for leaked corporate data and
# terrorists (yrly)
72.22.25.0/27
72.22.23.0/24

# JunGroup; TV ads; avi/mov/mpg
74.208.26.207
# Gnoozle
74.208.44.183
74.208.96.120
#72.167.38.22
#72.167.42.22
#72.167.45.155
#72.167.45.163
# Fake Shareaza/2.2.5 with TLS; probably LimeWire
# ranges belongs to ThePlanet.com; assigned to Jun Group
#75.125.180.176/28
#75.125.129.128/29
#75.125.129.152/29
#75.125.63.144/28
#174.133.206.152/29
#174.133.206.170
#174.133.211.10
#174.133.218.218
#174.133.128.0/17
#174.133.41.64/29

# LimeWire; QuickTime AVI files; peertracking dot com
193.53.4.0/24

# Dubious range of peers using diverse LimeWire versions
# "Smart Start" (MediaDefender?)
72.172.88.0/22

# MPG pr0n spam; hotyounglatinas dot com and others
64.56.66.160/29
64.56.66.176/29
64.56.66.192/29
204.8.34.176/29
209.97.223.0/24
74.222.0.0/24
74.222.8.0/24
74.222.12.0/23

# (Probably fake) LimeWire/4.10.9; sends no QRP; insanely high file count
# Likely a sniffer
66.246.248.226

# proMedia GmbH
85.182.253.168/29

# MOV; pr0n spam
72.22.198.0/27

# demonspeed.no-ip.info; LimeWire;
# spreads Trojan.Win32.VB.bdb as 94kB ZIP files
76.105.110.27

# fake LimeWire/4.10.9; probably sniffing; no QRP
# static range of Time Warner Telecom
66.194.155.0/24
66.193.224.0/24

# LimeWire/4.0.5 (probably fake); security violations
# likely sniffing ultrapeer; no QRP
129.47.0.0/16

# LimeWire/4.12.5; security violations
71.6.153.192/26

# MOV spam servers; LimeWire; s dot clubillusions dot com
# Southwestern Bell Internet; static range;
66.137.190.0/26

# ideaFoundry at theplanet dot com range; MOV pr0n spam; BearShare;
# viralnetworkads
70.85.203.0/28
70.85.229.96/28

# MOV; pr0n spam; LimeWire
63.217.112.0/24

# LimeWire (probably fake); security violations
209.237.241.0/27
216.240.133.192/26
69.59.21.0/24

# JPEG pr0n spam;
# waaw dot de
# sexy-diva dot de
# affaire dot us dot tt
# woow dot de dot tt
# boo dot tp dot de
# yuka dot de dot tt
# akyuk dot de dot vu
# xdate dot de dot tt
# megagays dot de dot tp
#Name:         Yueksel Akdag
#Address:      Hattinger Str. 905
#Pcode:        44879
#City:         Bochum
#Country:      DE
82.165.80.37
#88.77.244.51

# MOV/MPG/WMV pr0n spam
64.46.44.180/31

# MOV/PDF pron spam
216.150.78.0/24

# security violations; LimeWire/4.12.8; Hurricane Electric
65.49.32.0/19

# MOV pr0n spam; adultfriendfinder dot com; URLs point to 72.22.198.0/27
# LimeWire
66.216.7.0/24

# Security violations; LimeWire; spoofing source address in query hits
# ASF spam points to fastmp3player dot com
#65.98.59.242
#65.98.61.242

# Media Force
4.43.96.0/24

# Microsoft; banned just because(?)
131.107.20.0/22

# BT69; "Booth / 1.0"; MOV pr0n spam
# Hosted at Intranet Services CALPOP-INTRA1
216.240.128.212/30

# NationalNat; DRM hoster; see natnetdrm dot com
# Hosts peertracking dot com and others
66.115.128.0/18
69.50.128.0/20

# NationalNet, Inc.; pr0n spam; MOV/AVI; LimeWire; ports 44999, 14999
#216.201.80.0/24
#216.201.82.0/24

# distributednetworkads dot com; Distributed Network Content LLC
70.84.109.80/28

# giFT; dmsws dot com; CodeZone inc.; Jean Lajoie (probably fake);
# generated PDFs containing a pseudo chat log with URLs that link
# to Azoogle spam ads
#75.126.23.184/29

# LimeWire; zipped ASF; points to seonomad dot com which is registered
# to Daniel Boyd; http://www.linkedin.com/in/dboyd
#75.125.12.112/28
#74.55.29.150
# Thousands of RARs containing Adware/Trojans; filenames have hyphen instead
# of spaces or underscores; files point to seonomad
# FrostWire
66.187.104.6
# Same as above but self-compiled LimeWire
#69.64.92.76
#69.64.92.105
#69.64.92.106/31
#216.55.136.45
#216.55.155.39
#216.55.154.169
# Momentum Solutions THTI-MOMENTUM (NET-69-77-188-0-1)
69.77.186.0/24
#69.77.188.198
69.77.188.0/24


# FDCservers.net range assigned to:
# Guru Bilisim Hizmetleri
# 154 Sokak No
# 35000 Izmir
# Turkey
# Spam files have these names:
# * using the Best Ultimate Player.zip
# * Share Accelerator.zip
# * using emule multimedia toolbar.zip
# * Faster with BitTorrent downloader.zip
# * web hottest videos personal.exe
#67.159.26.48

# texas holdem/poker ZIP/RAR spam; BearShare
#208.109.20.31
#208.109.222.169
#72.167.115.73
#72.167.140.136
#72.167.146.47
#72.167.30.175
#72.167.62.174
#72.167.62.177
#72.167.62.202
#72.167.62.94

# RAR/ZIP keygen/crack spam; BearShare
# Assigned to: David Posada, Toronto, Ontario, M6LMB7, CA
#205.209.161.210


# MLdonkey/2.7.4; generates hundreds fake hits; only shows as alt-loc
# "Babylon.*Crack.zip"
# "Share * and any other file from your computer with your friends without downloading it -- using SeeToo.zip"

# LimeWire (Cabos); (avi|mp3|mpg|rar|zip).exe; 13-60 MB
211.3.131.216
219.98.196.89

# Shareaza; RAR malware spam; 1.2 MB
#208.53.183.171

# LimeWire/4.10.9 (maybe fake or reverse proxy); port 6669
# These respond to any HEAD request with arbitrary URNs
# but otherwise just time out
# *.BestQualiti.htm
# * KeyGen All Version.zip
78.140.133.0/24
# hosted by ECATEL
#93.174.93.148/31
#93.174.93.81
93.174.93.0/24
# Blueconnex Networks Ltd
# LimeWire/4.10.9; port 6669; *CD quality.mp3; ASF with URL redirect
94.76.192.0/18
#94.76.208.146
#94.76.208.148
89.248.172.98
213.174.141.173
78.108.178.57
# v3Servers.net
# Sogreev Anton, 12 Knez Mihailova, apt. 18, Belgrade, 11000, Serbia
#94.76.192.206/31
#94.76.192.0/24

# WakeNet; 3wplayer dot com
67.15.107.160/27

# Onkea Interactive Ltd; pr0n spam
# ranges hosted by vanoppen.biz LLC
#74.85.92.0/25
74.85.64.0/19
#216.243.1.5
#216.243.1.6
#216.243.3.124
208.76.153.128/27
208.76.184.0/22
# hosted by hostnoc.net
64.191.56.32/28
# FSH Network Services INC
70.42.162.0/23
72.5.222.0/24

# LimeWire/4.12.8; security violations
67.221.175.0/24
89.238.150.0/23

# LimeWire/4.16.6; security violations
64.32.4.192/26

# LimeWire/4.16.6 (potentially fake); port 20001; all kinds of massive spam
66.45.226.48/28

# gtk-gnutella; 33_gui_*; EXE/RAR/ZIP
#Ubiquity Server Solutions Los Angeles
69.147.235.0/24
#69.147.235.218
#Josh Sardella c/o Network Operations Center, Inc.; Scranton; PA; US
66.96.251.0/24
#66.96.251.31
#66.96.251.32

# coolpixhost redirect spam; HTML, DRM-ASF
# multiple peers at ports above 41000
# pretends to be just routing but is actual source
# Both ranges are assigned to:
# Street-Address: Krasnogvardejskaja st. 38-35
# City: Zaporozhye
# Postal-Code: 69002
# Country-Code: UA
#76.164.220.0/24
#76.164.196.0/24
#76.164.220.26
#76.164.200.74
#76.164.196.82
#208.64.27.160/29
#208.66.72.204/30
# same as above but subrange of webair
#74.206.224.0/28
74.206.224.0/19
# see above; multiple ranges hosted by R & D Technologies, LLC
72.46.128.0/19
76.164.192.0/19
76.164.224.0/20
208.64.24.0/21
208.66.72.0/21
# see above; STOP LLC
#216.25.249.0/24
# Trans World Internet eXchange, LLC
216.25.240.0/20
89.18.160.0/24
65.182.105.0/24
# WMA/ASF spam; pretends to be LimeWire; probably PeerMatrix
65.182.96.0/24

# Barton Media network
# Stabu iela 59/16, Riga, Latvia
# LimeWire; port 20002
# emits damaged(?) results with filename "wsvsmkepa" (1.8 GB)
# * bittorrent download.zip
# * [wyzo].zip
69.10.33.232/29
# RADFACTORY.CO.UK (wzyo)
#65.254.32.242:20402
65.254.32.240/29

# FDCservers.net; LimeWire currently bans their whole range; this is overkill
# but if they are too stupid to use rwhois.fdcservers.net:4321, there is no
# point in not banning this range as well.
67.159.0.0/18
208.53.128.0/18
# ThePlanet.com Internet Services, Inc.; same as above applies
74.52.0.0/14
75.125.0.0/16
174.132.0.0/15
# Suavemente, INC.
# Fake mp3 results; not connectible
174.136.192.0/18
# Peer 1 Network Inc.; same as above applies
76.74.128.0/17
# SoftLayer Technologies Inc.; see above
75.126.0.0/16
174.36.0.0/15
67.228.0.0/16
208.43.0.0/16
# GoDaddy.com, Inc.; see above
72.167.0.0/17
# Managed Solutions Group, Inc.; see above
205.209.128.0/18
# Abacus America Inc.; see above
69.64.64.0/19
216.55.128.0/18
# FortressITX; see above
65.98.0.0/17
# Trident Mediguard; see above
# dozens of LimeWire peers sharing fake files like MP3s with proper tags
# but only white noise
91.189.104.0/21
82.138.70.128/26
82.138.81.0/24
82.138.88.0/22
130.117.41.0/24
130.117.115.128/25
# ASSERTIVENET; see above
66.154.96.0/19

# $query + MTV.mp3; ASF URL redirect spam
91.210.56.0/22
#91.210.58.250/31
# Netherlands Tilburg Infinite Technologies
# $query + HD.avi; pr0n spam; ASF URL redirect
94.102.48.0/24

# Pacific Rack
# bestbartersoftware dot com
# wonderfultracks dot com
66.212.18.0/24
# Hosting Services, Inc., Chicago
# $query + .mpeg; ASF; peertracking dot com
#67.213.213.240/28
#67.213.214.0/28
67.213.208.0/20
# PACIFIC-RACK
#67.215.247.0/24
# Secured Private Network; PACIFIC RACK
#67.215.250.138:32548
#67.215.250.139:43904
#67.215.250.141:17541
#67.215.250.142:21308
# La Salle Appraisal Group Inc (PACIFIC-RACK)
#67.215.234.216/29
67.215.224.0/19
#216.45.58.106:25121; bcfeeedbcbddbadaabbcecbddaeabdab
#216.45.58.0/24
#216.45.49.0/24
216.45.48.0/20
# peertracking dot com; fake AVI pr0n; ASF with URL redirect
#67.228.193.80/29
# Hosting Services, Inc. 
# 69.4.233.237:13783; dfbfcdaefdacefeddeaefadabdccebda
69.4.224.0/20
#208.43.146.93
#208.43.68.149
# SoftLayer Technologies Inc.
#174.36.1.70
# Webair Internet Development company, Inc, Recurring International
77.245.48.0/21
77.245.56.0/21
# Rogers Cable Communications Inc. (Direct Allocation)
# AVI/EXE/ZIP/RAR; pr0n etc.
99.236.97.40

# pr0n spam; MPG/MOV/RM
# SWIFT VENTURES Inc
#204.13.167.254
204.13.164.0/22
#204.15.228.194
#204.15.230.194
204.15.224.0/21
# vanoppen.biz LLC
#76.191.65.66
76.191.64.0/18
216.243.0.0/19
# NationalNet, Inc.
#216.201.83.15
216.201.80.0/20
# ALLHOSTSHOP
#216.18.239.74
216.18.224.0/20

# consumer IP ranges but static and high profile
# LimeWire/@version@;
#"* - REAL"; "* - Full"; "* - New"; "* - Working"
#69.118.203.246:6346; 487bdc043b05564f50a59fe0f6bab400
69.118.203.246
#75.81.125.12:6346; 73ee02f716f87d8a59fca035c6110100
75.81.125.12
#78.150.78.91:6346; e868a21f3ccfd30e27a12ce235643900
78.150.78.91
#207.62.142.181:6346; 4f96142555debdc231af0d26d7671400
207.62.142.181
#MP3 spam
#24.72.15.153:5612; 29b8a66512df34716bc170d57e778000
24.72.15.153


# ZIP; malware disguised as crack/keygen etc.
# LimeWire/@version@
#74.213.164.36:40224; f5cde7aca53961b3014abf017df84500
# Momentum Solutions Inc; Ontario; Canada
74.213.164.0/23
#91.121.119.17:37538; d127e1ae7fe198d2b75b68c88b4c7c00
#91.121.183.121:2497; 13c8b6ca1d8fabe36cc47c945ae62700
# French DRM WMV pr0n spammer; touslesfilmsx dot com; Shareaza
#91.121.67.16
# security violations
#91.121.18.30
#91.121.72.228
#91.121.86.39
#91.121.102.178
#91.121.184.145
# OVH SAS; France; Paris
# complete range blocked by LimeWire
#91.121.0.0/19
91.121.0.0/17
91.121.160.0/19
# netdirekt e. K.; Germany
# 212.95.57.122:47098; a017b67c7b43e91d0160e3f100158800
212.95.32.0/19
# AKANOC Solutions Inc.
# Assigned to: David Posada; Toronto; Ontario; M6LMB7; CA
#208.77.45.150:40976; 510d817dbb3c6f64c3e0d4fb39b0bf00
#208.77.45.154:8218; ae735f5d7b15303f460a4e004249cb00
#208.77.45.158:3275; 7516076d338af1f92d47c8b714a3b100
208.77.40.0/21


# Dedibox SAS; Paris, France
# complete range blocked by LimeWire
88.191.0.0/16
# security violations
#88.191.11.7
#88.191.75.207
#88.191.75.3
#88.191.88.225
#88.191.99.6


# Smart Broadband Incorporated; Makati City, Philippines
# complete range blocked by LimeWire
121.1.52.0/22
# security violations
#121.1.53.14
#121.1.53.24
#121.1.53.31
#121.1.53.36
#121.1.53.57
#121.1.53.7
#121.1.53.8
#121.1.53.9
#121.1.55.55
#121.1.57.234
#121.1.61.197
# complete range blocked by LimeWire
121.54.0.0/22
# security violations
#121.54.1.16
#121.54.1.20
#121.54.1.3
#121.54.1.6
#121.54.1.9
# complete range blocked by LimeWire
121.54.64.0/22
# security violations
#121.54.64.35
# complete range blocked by LimeWire
125.60.128.0/17
# security violations
#125.60.173.70
#125.60.209.67
#125.60.209.68
#125.60.235.212
#125.60.235.231
#125.60.240.217
#125.60.241.134
#125.60.241.144
#125.60.241.162
#125.60.241.201
#125.60.241.224
#125.60.241.45
#125.60.243.66
#125.60.248.153
# complete range blocked by LimeWire
203.84.170.0/24
# security violations
#203.84.170.194
# complete range blocked by LimeWire
203.87.176.0/20
203.87.192.0/20
# security violations
#203.87.176.214
#203.87.179.146
#203.87.187.230
#203.87.196.234
#203.87.197.118
#203.87.198.122
#203.87.203.214


# OVH SAS; Paris, France
# complete range blocked by LimeWire
94.23.0.0/18
# security violations
#94.23.22.131


# FAWRI; Algeria
# complete range blocked by LimeWire
41.221.16.0/20 
#41.221.17.89
#41.221.18.147


# Coolhousing, s.r.o.; Czech republic, Praha
# embedded URL links to thebestofnet dot com
# video shows freesexyworld dot com
# both domains are registered to Radek Cisar and point to the same range
# ASF videos disguised as *.snd and *.mpg
# 87.236.194.79:45299; Shareaza/2.1.0.0
# complete range blocked by LimeWire
87.236.192.0/21

# iWeb Technologies Inc. (range 174.142.0.0/16)
# iWeb Technologies Inc. (range 67.205.64.0/18)
# Spamming LimeWire and gtk-gnutella seen on these subnets
#174.142.32.0/24
#174.142.36.0/24
#174.142.104.245
174.142.0.0/16
67.205.64.0/18

# iWeb Technologies Inc.; Montreal; Canada
# iWeb Dedicated CL2 IWEB-CL-T082-02SH (NET-67-205-103-128-1)
# unrequested OOB results; EXE/ZIP; MLdonkey (fakes LIME)
# $query + Web hottest videos personal player.exe
# Download $query Faster with BitTorrent downloader.zip
# Download $query securely with new Secured Browser.zip
# range included above
#67.205.103.128/27

# iWeb Technologies Inc.
#70.38.11.249
70.38.0.0/17

# iWeb Dedicated CL IWEB-CL-T036-01SH
72.55.168.32/27
#72.55.168.48:6346

# FortressITX (range 69.72.128.0/17)
# Sending back "sponsored results"
# Spamming gtk-gnutella seen on these subnets
69.72.128.0/24

# Nobis Technology Group, L.L.C. / Ubiquity Server Solutions Chicago
# Jun Group; spam advertisement campaigns for Unilever et al.
# Spamming gtk-gnutella (fake LimeWire) seen on these subnets
# ".* for $QUERY fans.(avi|mpg|mov)$"
216.6.234.0/24
216.6.238.0/24
174.34.184.0/23
174.34.189.0/24
#64.120.0.2:25934
64.120.0.0/17
67.201.40.0/24
#69.31.104.0/23
#69.31.106.0/24
69.31.0.0/17
69.112.229.54
69.147.60.0/24
69.147.240.0/24
70.32.35.0/24
70.32.36.0/24
72.37.145.0/24
72.37.242.0/23
# WireSix, Inc
#98.142.216.0/24
#98.142.218.0/24
#98.142.220.0/23
98.142.208.0/20
# Total Server Solutions L.L.C. 
#206.220.174.0/24
206.220.172.0/22
# SouthWeb Ventures
207.150.196.146
# eNET Inc.
# Gnucleus-based DRM WMV spammer hosted by eNET
#206.222.26.34
#206.222.26.38
206.222.0.0/19
207.182.128.0/19
209.51.192.0/19
173.45.64.0/18
# gwcalpha.servebeer.com; dubious GWC/UHC
#173.45.75.146

# Fake LimeWire (probably GnucDNA); port 10453
63.151.177.206
# Fake LimeWire (probably GnucDNA); port 20991
206.255.215.130

# Y-Net IP Network; UK
# LimeWire; EXE spam;
# $query.exe; urn:sha1:OY2A2ZEOJB2IWA647M7D7TFDBCAJCZ4H
#217.114.215.239:11678; 5e243cf42a02a93b8d9981d7b1007500
217.114.215.192/26

# pr0n mpg spam; domains hosted at 146.82.200.176
# collegemegaparties dot com
# herprivatecam dot com
# SingleHop, Inc.
216.104.32.0/20
# Sub-range of SingleHop, Inc.
# 647927 BC LTD, Vancouver, Canada
#65.60.49.210
65.60.49.208/29
#65.60.58.130
65.60.58.128/29
# VPLS Inc. d/b/a Krypt Technologies 
98.126.209.0/24
98.126.9.0/24
# OC3 Networks & Web Solutions, LLC
98.143.147.0/28
174.139.0.0/24
# Sago Networks
66.118.144.0/21
64.16.214.0/24

# Deutsche Telekom/T-Online/T-Com
# DNS manipulation target ranges
62.157.140.0/23
80.156.84.0/22

# OpenDNS, LLC
# DNS manipulation target ranges
67.215.64.0/19
208.69.32.0/21

# Repetritive queries, fishing for leaked documents
222.149.72.78
118.236.138.45
