Blacklists | Joachim De Zutter
Some blacklists to keep spammers, malware, scammers, abusers, ... out of your system:

Blacklist (forum spam, abuse)
Blacklisted IPs - List 1 (forum spam, abuse)
Blacklisted IPs - List 2 (malware, botnet servers, zombie computers, proxies, abuse, ...)
Blacklisted IPs - List 3 (tor, zombie computers)
Blacklisted IPs - List 4 (33MB, zipped to 3MB)
Blacklisted IPs - Trojan horse
Blacklisted IPs - Phishing
DNSBL
Blacklisted IPs - TOR Exit Nodes (December 15th, 2010 19:37:03 UTC)

Click here to generate an up to date list of TOR exit nodes which might contact your server on port 80.

IPs within the following IP ranges have frequently been involved in abuse:
118.100.236.0/22
123.125.156.128/25
173.208.0.0/16
173.234.0.0/16
174.120.0.0/14
174.132.0.0/15
178.73.208.0/22
190.48.0.0/14
190.172.0.0/15
190.178.0.0/15
193.200.150.0/24
195.162.24.0/24
195.162.68.0/24
200.63.96.0/21 
213.5.64.0/21
66.90.64.0/18
67.159.0.0/18
70.85.0.0/14
74.115.0.0/21
85.17.0.0/16
89.248.160.0/20
91.212.226.0/24
91.214.44.0/22
93.174.88.0/21
93.182.128.0/18
95.168.160.0/19
95.211.0.0/16
These IP addresses were used for forum abuse:
193.200.150.152
67.159.44.138
95.211.30.36
From other IP addresses the following forms of abuse were witnessed:
See also Adam Back's HashCash paper for another countermeasure against spam and Denial of Service attacks in general. The technique is considered better than using a CAPTCHA.

These proxies and virtual private networks (VPN) were used by abusers:

http://www.anchorfree.com
http://www.anonymouse.org
http://www.hide-my-ip.com
http://www.hidemyass.com
https://www.ipredator.se
http://www.privax.us
...

Woodstock, Texas (US):
67.159.44.51, 67.159.44.138, 67.159.56.162, 67.159.56.163, 67.159.56.164, 67.159.56.165, 67.159.56.166, 74.63.86.218, 74.63.86.219, 74.63.86.220, 74.63.86.221, 74.63.86.222, 74.63.112.147, 74.63.112.148, 74.63.112.149, 74.63.112.150, 74.63.112.151, 74.63.112.152, 74.63.112.153, 74.63.112.154, 74.63.112.155, 74.63.112.156, 204.45.118.0/24, 204.45.119.0/24, 204.45.120.0/24, 204.45.121.0/24, ...
hidemyass.com, FDCservers.net

Houston, Texas (US):
174.132.133.61, hide-my-ip.com, 3d.85.84ae.static.theplanet.com
174.123.235.130, 82.eb.7bae.static.theplanet.com
70.85.92.98, 62.5c.5546.static.theplanet.com
70.87.66.66, 42.42.5746.static.theplanet.com

Sunnyvale (US):
74.115.6.59, anchorfree.com
74.115.6.57
...

Notice how the proxies mentioned above have websites with fancy pictures and names and even windows tools for 'hiding' you. Another VPN example is http://proxpn.com (173.0.0.0/20) (US)

Example SQL command for removing forum spammers from a MyBB forum:

DELETE FROM `mybb_users` WHERE regip LIKE "108.62.%" OR lastip LIKE "108.62.%" OR regip LIKE "109.230.213.%" OR lastip LIKE "109.230.213.%" OR regip LIKE "109.230.216.%" OR lastip LIKE "109.230.216.%" OR regip LIKE "109.230.217.%" OR lastip LIKE "109.230.217.%" OR regip LIKE "109.230.220.%" OR lastip LIKE "109.230.220.%" OR regip LIKE "109.230.221.%" OR lastip LIKE "109.230.221.%" OR regip LIKE "109.230.222.%" OR lastip LIKE "109.230.222.%" OR regip LIKE "109.230.223.%" OR lastip LIKE "109.230.223.%" OR regip LIKE "109.230.244.%" OR lastip LIKE "109.230.244.%" OR regip LIKE "109.230.245.%" OR lastip LIKE "109.230.245.%" OR regip LIKE "109.230.246.%" OR lastip LIKE "109.230.246.%" OR regip LIKE "109.230.251.%" OR lastip LIKE "109.230.251.%" OR regip LIKE "109.73.65.%" OR lastip LIKE "109.73.65.%" OR regip LIKE "109.73.66.%" OR lastip LIKE "109.73.66.%" OR regip LIKE "173.208.%" OR lastip LIKE "173.208.%" OR regip LIKE "173.234.%" OR lastip LIKE "173.234.%" OR regip LIKE "174.34.1%" OR lastip LIKE "174.34.1%"


Stop Forum Spam

According to our logs, forum spam software - unlike a human browsing a forum with common browser settings - tends to not automatically retrieve images hosted on external sites embedded with <img src="..."> ... </img> tags on the forum pages (f.e. the forum logo), which may be used as a simple detection method. November 20th, 2011 connections from 173.208.101.130, an IP address that was already blacklisted at stopforumspam.com were witnessed retrieving an image, which indicates the detection heuristic may produce false negatives. From an experiment we can conclude forum spam software tends to follow redirections to external sites given with a 301 HTTP status code. Sending the 403 HTTP status code to known forum spam source IP addresses appears to cause more forum spam source IP addresses with equal user agent strings to be logged during equal periods of time than in the case where an empty page is returned. According to our logs forum spam software tends to use the HTTP/1.0 protocol and not fill in the Accept-Language, Accept-Encoding and Accept-Charset HTTP header fields, while the HTTP Accepted header field was often set to "image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*".

Project Honey Pot

The Project Honey Pot system has detected behavior from the IP address 151.100.4.74 that is consistent with that of a Comment Spammer
The Project Honey Pot system has detected behavior from the IP address 200.76.250.44 that is consistent with that of a Comment Spammer
The Project Honey Pot system has detected behavior from the IP address 212.27.60.48 that is consistent with that of a Comment Spammer
The Project Honey Pot system has detected behavior from the IP address 213.224.83.20 that is consistent with that of a Comment Spammer
The Project Honey Pot system has detected behavior from the IP address 64.211.93.42 that is consistent with that of a Comment Spammer

The Project Honey Pot system has detected behavior from the IP address 24.71.223.152 that is consistent with that of a Spam Harvester

The Project Honey Pot system has detected behavior from the IP address 213.219.148.242 that is consistent with that of a Mail Server and Dictionary Attacker
The Project Honey Pot system has detected behavior from the IP address 58.71.32.132 that is consistent with that of a Mail Server and Dictionary Attacker
The Project Honey Pot system has detected behavior from the IP address 83.101.12.134 that is consistent with that of a Mail Server and Dictionary Attacker
...


Passive OS fingerprinting of forum spam sources with p0f v2.0.4 gave the following information:

109.230.128.179 - UNKNOWN [S4:47:1:60:M1460,S,T,N,W5:.:?:?] (up: 11 hrs)
109.230.216.233 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:121:1:48:M1460,N,N,S:.]
109.230.220.230 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:121:1:48:M1460,N,N,S:.]
109.230.220.236 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:121:1:48:M1460,N,N,S:.]
109.230.221.183 - UNKNOWN [8192:121:1:52:M1460,N,W8,N,N,S:.:?:?]
109.230.251.11 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:121:1:48:M1460,N,N,S:.]
109.69.0.17 - Linux 2.5/2.6 (sometimes 2.4) (2) (up: 57 hrs) [S4:48:1:60:M1440,S,T,N,W1:.]
114.207.245.105 - UNKNOWN [S4:39:1:60:M1460,S,T,N,W7:.:?:?] (up: 7163 hrs)
117.27.138.41 - Windows 2000 SP4, XP SP1 [65535:104:1:48:M1460,N,N,S:.]
117.27.138.52 - Windows 2000 SP4, XP SP1 [65535:105:1:48:M1460,N,N,S:.]
118.137.113.25 - UNKNOWN [8192:104:1:52:M1460,N,W2,N,N,S:.:?:?]
119.235.50.162 - UNKNOWN [S4:48:1:60:M1460,S,T,N,W4:.:?:?] (up: 109 hrs)
130.237.188.216 - UNKNOWN [65535:46:1:60:M1460,N,W9,S,T:.:?:?] (up: 9984 hrs)
142.59.198.28 - Windows 2000 SP4, XP SP1 [65535:113:1:48:M1460,N,N,S:.]
146.115.25.15 - Windows 2000 SP4, XP SP1 [65535:116:1:48:M1460,N,N,S:.]
166.161.125.56 - Windows XP SP1, 2000 SP3 (2) [64512:107:1:48:M1260,N,N,S:.]
173.208.101.130 - UNKNOWN [S4:56:1:60:M1460,S,T,N,W7:.:?:?] (up: 7348 hrs)
173.234.153.223 - UNKNOWN [S4:54:1:60:M1460,S,T,N,W7:.:?:?] (up: 5302 hrs)
173.245.71.105 - Windows 2000 SP4, XP SP1 [65535:121:1:48:M1360,N,N,S:.]
173.245.95.147 - Windows 2000 SP4, XP SP1 [65535:121:1:48:M1360,N,N,S:.]
173.29.131.128 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
174.55.41.234 - Windows 2000 SP4, XP SP1 [65535:118:1:48:M1460,N,N,S:.]
175.44.27.147 - UNKNOWN [65535:51:1:52:M1440,N,W0,N,N,S:.:?:?]
176.195.55.184 - UNKNOWN [65535:57:1:64:M1440,N,W2,N,N,T0,N,N,S:.:?:?]
176.213.27.123 - Windows XP/2000 (RFC1323 no tstamp) [GENERIC] [S10:118:1:52:M1452,N,W0,N,N,S:.:Windows:?]
176.8.91.104 - UNKNOWN [8192:115:1:52:M1460,N,W8,N,N,S:.:?:?]
178.137.164.49 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:115:1:48:M1460,N,N,S:.]
178.137.167.64 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:115:1:48:M1460,N,N,S:.]
178.162.157.234 - UNKNOWN [S4:55:1:60:M1460,S,T,N,W3:.:?:?] (up: 310 hrs)
178.209.84.157 - Windows 2000 SP4, XP SP1 [65535:117:1:48:M1360,N,N,S:.]
178.33.203.158 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
178.73.63.136 - UNKNOWN [8192:76:1:48:M1460,N,N,S:.:?:?] (ECN)
178.94.22.0 - Windows 2000 SP4, XP SP1 [65535:114:1:48:M1452,N,N,S:.]
18.125.1.205 - Windows 2000 SP4, XP SP1 [65535:118:1:48:M1460,N,N,S:.]
184.82.226.223 - UNKNOWN [65535:45:1:52:M1360,N,W2,N,N,S:.:?:?]
188.143.232.192 - Windows 2000 SP4, XP SP1 [65535:114:1:48:M1460,N,N,S:.]
188.163.69.81 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:112:1:48:M1360,N,N,S:.]
188.165.232.39 - UNKNOWN [8192:120:1:52:M1460,N,W8,N,N,S:.:?:?]
188.227.175.139 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:120:1:48:M1460,N,N,S:.]
188.231.170.137 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:118:1:48:M1460,N,N,S:.]
188.234.75.213 - UNKNOWN [8192:117:1:52:M1452,N,W8,N,N,S:.:?:?]
188.247.112.209 - UNKNOWN [8192:118:1:52:M1460,N,W2,N,N,S:.:?:?]
188.247.112.209 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:118:1:48:M1460,N,N,S:.]
188.32.194.161 - Windows 2000 SP4, XP SP1 [65535:116:1:48:M1460,N,N,S:.]
188.75.223.15 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:117:1:48:M1460,N,N,S:.]
188.92.75.252 - Windows 2000 SP4, XP SP1 [65535:113:1:48:M1460,N,N,S:.]
190.39.70.77 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:118:1:48:M1460,N,N,S:.]
190.79.79.129 - UNKNOWN [S4:54:1:60:M1460,S,T,N,W5:.:?:?] (up: 32 hrs)
195.190.13.50 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
207.254.137.26 - Windows 2000 SP4, XP SP1 [65535:104:1:48:M1452,N,N,S:.]
210.211.108.78 - Windows 2000 SP4, XP SP1 [65535:118:1:48:M1460,N,N,S:.]
210.72.192.62 - UNKNOWN [S4:46:1:60:M1460,S,T,N,W3:.:?:?] (up: 1803 hrs)
216.164.59.95 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:117:1:48:M1460,N,N,S:.]
218.104.55.28 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:103:1:48:M1460,N,N,S:.]
218.7.191.182 - Linux 2.4/2.6 (up: 41 hrs) [S4:48:1:60:M1460,S,T,N,W0:.]
220.161.150.70 - Windows 2000 SP4, XP SP1 [65535:103:1:48:M1460,N,N,S:.]
220.161.150.70 - UNKNOWN [65535:103:1:48:M1460,N,N,S:Z:?:?]
221.226.84.170 - Windows 2000 SP4, XP SP1 [65535:101:1:48:M1460,N,N,S:.]
221.4.205.132 - UNKNOWN [512:241:1:40:.:.:?:?]
222.216.108.50 - Linux 2.4/2.6 (up: 305 hrs) [S4:42:1:60:M1460,S,T,N,W0:.]
222.186.17.99 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:101:1:48:M1460,N,N,S:.]
24.11.197.191 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
24.113.201.130 - Windows 2000 SP4, XP SP1 [65535:108:1:48:M1460,N,N,S:.]
24.113.254.185 - Windows 2000 SP4, XP SP1 [65535:116:1:48:M1460,N,N,S:.]
24.144.225.148 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:114:1:48:M1460,N,N,S:.]
24.14.6.83 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
24.171.128.90 - Windows 2000 SP4, XP SP1 [65535:117:1:48:M1460,N,N,S:.]
24.191.53.168 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
24.192.79.51 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
24.210.132.176 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:111:1:48:M1460,N,N,S:.]
24.28.27.188 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:108:1:48:M1456,N,N,S:.]
24.3.51.27 - UNKNOWN [65535:46:1:52:M1460,N,W2,N,N,S:.:?:?]
24.45.72.80 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
24.47.204.47 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
24.7.130.30 - Windows 2000 SP4, XP SP1 [65535:109:1:48:M1460,N,N,S:.]
24.92.218.97 - Windows XP SP1, 2000 SP3 (2) [64512:107:1:48:M1460,N,N,S:.]
24.96.214.129 - UNKNOWN [65535:54:1:52:M1460,N,W2,N,N,S:.:?:?]
24.98.118.16 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:119:1:48:M1460,N,N,S:.]
24.98.223.41 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
27.159.207.72 - UNKNOWN [8192:41:1:60:M1440,N,W2,S,T:.:?:?] (up: 219 hrs)
31.192.105.2 - UNKNOWN [65535:49:1:52:M1460,N,W6,N,N,S:.:?:?]
31.214.145.121 - UNKNOWN [8192:121:1:52:M1460,N,W8,N,N,S:.:?:?]
31.3.229.123 - Linux 2.5 (sometimes 2.4) (4) (up: 1607 hrs) [S4:54:1:60:M1460,S,T,N,W2:.]
24.187.252.6 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:112:1:48:M1460,N,N,S:.]
46.150.8.125 - Windows 2000 SP4, XP SP1 [65535:116:1:48:M1460,N,N,S:.]
46.165.196.149 - UNKNOWN [8192:120:1:52:M1356,N,W2,N,N,S:.:?:?]
46.17.102.131 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:113:1:48:M1460,N,N,S:.]
46.17.97.117 - UNKNOWN [8192:113:1:52:M1460,N,W8,N,N,S:.:?:?]
46.17.97.30 - UNKNOWN [8192:113:1:52:M1460,N,W8,N,N,S:.:?:?]
46.17.98.217 - Windows 2000 SP4, XP SP1 [65535:113:1:48:M1460,N,N,S:.]
46.17.98.221 - Windows 2000 SP4, XP SP1 [65535:113:1:48:M1460,N,N,S:.]
46.19.143.67 - UNKNOWN [S4:56:1:60:M1460,S,T,N,W7:.:?:?] (up: 651 hrs)
46.21.144.176 - UNKNOWN [8192:121:1:52:M1460,N,W8,N,N,S:.:?:?]
46.251.237.180 - UNKNOWN [8192:56:1:48:M1460,N,N,S:.:?:?]
46.30.167.161 - Windows 2000 SP4, XP SP1 [65535:115:1:48:M1460,N,N,S:.]
58.22.154.202 - UNKNOWN [8192:50:1:52:M1460,N,W8,N,N,S:.:?:?]
59.57.14.123 - Windows 2000 SP4, XP SP1 [65535:104:1:48:M1460,N,N,S:.]
61.178.127.140 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:103:1:48:M1460,N,N,S:.]
61.191.191.142 - Windows 2000 SP4, XP SP1 [65535:104:1:48:M1460,N,N,S:.]
65.60.206.89 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:112:1:48:M1460,N,N,S:.]
66.189.235.255 - UNKNOWN [65535:44:1:52:M1460,N,W0,N,N,S:.:?:?]
66.197.164.238 - UNKNOWN [8192:113:1:52:M1460,N,W8,N,N,S:.:?:?]
66.30.120.241 - Windows 2000 SP4, XP SP1 [65535:119:1:48:M1460,N,N,S:.]
66.31.128.70 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:118:1:48:M1460,N,N,S:.]
66.31.83.96 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:117:1:48:M1460,N,N,S:.]
67.158.6.178 - UNKNOWN [65535:52:1:52:M1460,N,W2,N,N,S:.:?:?]
67.160.31.12 - Windows 2000 SP4, XP SP1 [65535:118:1:48:M1460,N,N,S:.]
67.173.242.137 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
67.185.224.60 - UNKNOWN [65535:52:1:64:M1460,N,W0,N,N,T0,N,N,S:.:?:?]
67.188.222.124 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
67.107.8.123 - Windows 2000 SP4, XP SP1 [65535:114:1:48:M1460,N,N,S:.]
67.81.91.194 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1260,N,N,S:.]
67.83.205.169 - UNKNOWN [65535:111:1:60:M1460,N,N,T0,N,N,S:.:?:?]
68.14.137.166 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) (firewall!) [8192:110:0:48:M1460,N,N,S:.]
68.168.223.208 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
68.185.234.149 - Windows 2000 SP4, XP SP1 [65535:106:1:48:M1460,N,N,S:.]
68.192.16.135 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
68.194.103.220 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:112:1:48:M1460,N,N,S:.]
68.194.100.9 - UNKNOWN [65535:112:1:52:M1460,N,W1,N,N,S:.:?:?]
68.37.103.64 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:110:1:48:M1460,N,N,S:.]
68.39.213.235 - UNKNOWN [65535:27:1:52:M1452,N,W4,N,N,S:.:?:?]
68.50.65.17 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
68.51.71.178 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
68.58.72.56 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
68.60.164.3 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
68.62.206.47 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
68.63.171.172 - UNKNOWN [8192:107:1:52:M1460,N,W2,N,N,S:.:?:?]
69.120.87.35 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1452,N,N,S:.]
69.121.185.23 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
69.175.64.189 - UNKNOWN [S4:54:1:60:M1460,S,T,N,W4:.:?:?] (up: 13 hrs)
69.245.194.17 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
69.47.240.40 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
69.66.244.16 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:114:1:48:M1460,N,N,S:.]
71.159.248.178 - Windows 2000 SP4, XP SP1 [65535:108:1:48:M1452,N,N,S:.]
71.163.166.250 - UNKNOWN [8192:111:1:52:M1460,N,W2,N,N,S:.:?:?]
71.197.66.187 - UNKNOWN [8192:118:1:52:M1460,N,W2,N,N,S:.:?:?]
71.198.93.166 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:109:1:48:M1460,N,N,S:.]
71.233.55.74 - Windows 2000 SP4, XP SP1 [65535:115:1:48:M1460,N,N,S:.]
71.62.54.24 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
71.80.113.44 - Windows 2000 SP4, XP SP1 [65535:112:1:48:M1460,N,N,S:.]
71.82.91.109 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
72.175.128.75 - UNKNOWN [8192:42:1:48:M1460,N,N,S:.:?:?]
74.70.79.67 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
75.137.99.218 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:107:1:48:M1460,N,N,S:.]
75.147.211.85 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:108:1:48:M1460,N,N,S:.]
74.34.87.11 - Windows 2000 SP4, XP SP1 [65535:118:1:48:M1452,N,N,S:.]
74.65.248.23 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
76.103.45.82 - Windows 2000 SP4, XP SP1 [65535:109:1:48:M1460,N,N,S:.]
76.107.5.45 - UNKNOWN [8192:114:1:52:M1460,N,W2,N,N,S:.:?:?]
76.110.163.114 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:116:1:48:M1456,N,N,S:.]
76.115.70.74 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:118:1:48:M1460,N,N,S:.]
76.184.147.197 - Windows 2000 SP4, XP SP1 [65535:108:1:48:M1460,N,N,S:.]
76.214.111.57 - Windows XP SP1, 2000 SP3 (2) [64512:112:1:48:M1452,N,N,S:.]
76.21.91.179 - UNKNOWN [65535:108:1:52:M1452,N,W4,N,N,S:.:?:?]
76.27.112.249 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
77.93.2.81 - UNKNOWN [8192:113:1:52:M1460,N,W2,N,N,S:.:?:?]
78.41.200.20 - UNKNOWN [8192:116:1:52:M1460,N,W8,N,N,S:.:?:?]
78.83.72.47 - Linux 2.5/2.6 (sometimes 2.4) (2) (up: 22 hrs) [S4:44:1:60:M1460,S,T,N,W1:.]
79.142.73.169 - Windows 2000 SP4, XP SP1 [65535:117:1:48:M1460,N,N,S:.]
80.167.238.77 - UNKNOWN [S4:55:1:60:M1460,S,T,N,W6:.:?:?] (up: 47 hrs)
80.243.191.178 - UNKNOWN [65535:118:1:52:M1460,N,W6,N,N,S:.:?:?]
81.19.35.170 - UNKNOWN [S4:48:1:60:M1460,S,T,N,W7:.:?:?] (up: 1707 hrs)
81.99.236.221 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [16384:110:1:48:M1460,N,N,S:.]
82.225.164.168 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1460,N,N,S:.]
84.52.17.175 - UNKNOWN [8192:115:1:52:M1452,N,W2,N,N,S:.:?:?]
84.54.189.200 - UNKNOWN [S4:45:1:60:M1440,S,T,N,W5:.:?:?] (up: 558 hrs)
85.222.41.144 - UNKNOWN [8192:77:1:52:M1460,N,W8,N,N,S:.:?:?]
85.234.20.118 - UNKNOWN [8192:118:1:52:M1452,N,W8,N,N,S:.:?:?]
85.234.20.154 - Windows XP/2000 (RFC1323 no tstamp) [GENERIC] [S10:118:1:52:M1360,N,W0,N,N,S:.:Windows:?]
86.104.56.35 - UNKNOWN [65535:116:1:52:M1440,N,W2,N,N,S:.:?:?]
87.117.198.197 - Linux 2.5 (sometimes 2.4) (4) (up: 1333 hrs) [S4:57:1:60:M1460,S,T,N,W2:.]
87.117.198.197 - Linux 2.5 (sometimes 2.4) (4) (up: 1334 hrs) [S4:57:1:60:M1460,S,T,N,W2:.]
88.190.216.19 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:117:1:48:M1460,N,N,S:.]
88.190.31.81 - UNKNOWN [8192:117:1:52:M1460,N,W8,N,N,S:.:?:?]
88.198.159.106 - Linux 2.4/2.6 (up: 431 hrs) [S4:51:1:60:M1460,S,T,N,W0:.]
88.198.96.252 - Windows 2000 SP4, XP SP1 [65535:115:1:48:M1460,N,N,S:.]
89.105.248.141 - UNKNOWN [8192:119:1:52:M1440,N,W8,N,N,S:.:?:?]
91.121.236.122 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:119:1:48:M1460,N,N,S:.]
91.208.144.179 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
91.212.226.199 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:119:1:48:M1460,N,N,S:.]
91.224.161.127 - Windows 2000 SP4, XP SP1 [65535:121:1:48:M1460,N,N,S:.]
91.224.246.87 - Windows 2000 SP4, XP SP1 [65535:117:1:48:M1460,N,N,S:.]
91.90.120.40 - UNKNOWN [S4:56:1:60:M1460,S,T,N,W6:.:?:?] (up: 36 hrs)
92.115.162.234 - UNKNOWN [8192:111:1:52:M1400,N,W8,N,N,S:.:?:?]
92.247.242.231 - Windows 2000 SP4, XP SP1 [65535:107:1:48:M1452,N,N,S:.]
92.255.251.240 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:119:1:48:M1452,N,N,S:.]
92.37.243.229 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1440,N,N,S:.]
92.50.149.126 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:112:1:48:M1460,N,N,S:.]
93.182.190.20 - UNKNOWN [8192:112:1:52:M1360,N,W8,N,N,S:.:?:?]
94.112.242.59 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:117:1:48:M1460,N,N,S:.]
94.142.134.155 - Windows 2000 SP4, XP SP1 [65535:117:1:48:M1460,N,N,S:.]
94.23.158.134 - Windows 2000 SP4, XP SP1 [65535:120:1:48:M1460,N,N,S:.]
94.23.249.215 - UNKNOWN [8192:121:1:52:M1460,N,W8,N,N,S:.:?:?]
94.60.171.5 - UNKNOWN [S4:55:1:60:M1460,S,T,N,W7:.:?:?] (up: 2134 hrs)
94.60.175.218 - UNKNOWN [S4:55:1:60:M1460,S,T,N,W7:.:?:?] (up: 2192 hrs)
95.142.161.163 - UNKNOWN [S4:51:1:60:M1460,S,T,N,W7:.:?:?] (up: 70 hrs)
95.65.75.160 - UNKNOWN [8192:116:1:52:M1460,N,W2,N,N,S:.:?:?]
95.79.180.67 - UNKNOWN [8192:117:1:52:M1452,N,W8,N,N,S:.:?:?]
95.79.5.59 - Windows XP/2000 (RFC1323 no tstamp) [GENERIC] [S10:117:1:52:M1452,N,W0,N,N,S:.:Windows:?]
96.227.243.124 - UNKNOWN [65535:110:1:52:M1452,N,W4,N,N,S:.:?:?]
96.228.198.35 - UNKNOWN [65535:45:1:64:M1460,N,W4,N,N,T0,N,N,S:.:?:?]
96.37.138.5 - Windows 2000 SP4, XP SP1 [65535:106:1:48:M1460,N,N,S:.]
96.39.237.97 - Windows 2000 SP4, XP SP1 [65535:108:1:48:M1460,N,N,S:.]
96.8.234.48 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:109:1:48:M1460,N,N,S:.]
98.148.167.33 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:117:1:48:M1460,N,N,S:.]
98.201.30.185 - UNKNOWN [8192:52:1:52:M1452,N,W2,N,N,S:.:?:?]
98.213.201.10 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
98.227.237.137 - Windows 2000 SP4, XP SP1 [65535:111:1:48:M1452,N,N,S:.]
98.229.140.98 - Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) [8192:118:1:48:M1460,N,N,S:.]
98.253.146.219 - Windows 2000 SP4, XP SP1 [65535:110:1:48:M1460,N,N,S:.]
...

The passwords chosen by forum spammers we've witnessed were often the same, f.e.:
Mega$ecre7
abcd1234
passw0rdS
Abcd1234
azerty31
Senti123
ABcd1234
Invincible00
eeRVsssss
12345678hH
ZXds8897
za4j5vJs4H
ZX34Ibac
Sle25lf8tJ
tax55555
w2kHhv91oT
XphCsqQV
...
Checksums of uploaded avatar images by forum spammers:
Timestamp: 12-21-10  10:28AM
Filename: avatar_2300.jpeg
Filesize: 1345 
MD5: 97955545c81c22ead5a5213f57e11607
SHA1: eb3fcc186d9cfb6d382947efa265398357d43f3c
SHA256: a9f3f9852ef79d89d34b0fb61e129b8fd991f606e342fab247044705710bcd45

Timestamp: 08-05-11  12:28PM
Filename: avatar_3099.gif
Filesize: 3444
MD5: c818bcff46fc7f274656fd0a9f87b38e
SHA1: 24bd1c5cf77045291de033ef3a070fb96260ecd5
SHA256: 0edeb0e1595a8b4a5aa289153feb5b7973d2b447828c21cf57878c0294cdf3b2

Timestamp: 08-20-11  11:54AM
Filename: avatar_3324.gif
Filesize: 3516
MD5: 075fd0c1f3ee0da13ac6aa0a70e37e0f
SHA1: 3369c5f8a36965ac96fa470158c80b91b5f23f9f
SHA256: 903c9cd64b3f50451d96206e847815d9baed44e151006c5d9c1cc581b5ed5221

Timestamp: 08-22-11  03:38PM
Filename: avatar_3359.gif
Filesize: 3265
MD5: 22ad18db59ccaa72b036b5ef718fa501
SHA1: 29f33010eb59a3156385506b238a5f6ce3e35c8f
SHA256: fa8147c480e7675b3c753af9bdf1ed753c65d6d5ab87a145cdccaa72256db78b

Timestamp: 12-07-11  01:33AM
Filename: avatar_3632.gif
Filesize: 3150
MD5: e9d76c02e505a75bc5f2c9e7f2ad975a
SHA1: 75136171b96fa11e4d13d33d0312e94171c6aeda
SHA256: 43676bb5575bb9862c43794ffd1cd702da61303b18faa3f161f59139f9ef1b5d

Timestamp: 01-03-12  11:17PM
Filename: avatar_3679.gif
Filesize: 3661
MD5: d4d33b5a2b7fe092778a5f15c71fd185
SHA1: 9d7590edf03af2ceb7a9b0097f2d01843821e986
SHA256: 76e2c8d0954b2a2be76310ce511076d9e658c49167298027c6d76999c4a03135
...

spamblock.php

Integration of spamblock.php in MyBB:

1. copy spamblock.php in inc/ folder
2. at the beginning of inc/functions_user.php add:
require_once MYBB_ROOT."inc/spamblock.php";
the beginning of validate_password_from_uid should look like:
function validate_password_from_uid($uid, $password, $user = array())
{
	global $db, $mybb;

	if (userIsSpammer($_SERVER['REMOTE_ADDR'])) {
		return false;
	}
...

3. At the beginning of member.php, index.php, forumdisplay.php, showthread.php under the line require_once "./global.php"; add:
require_once MYBB_ROOT."inc/spamblock.php";
if (userIsSpammer($_SERVER['REMOTE_ADDR'])) {
	header($_SERVER['SERVER_PROTOCOL'] . " 403 Forbidden");
	exit();
}

XRumer Immortalis, Final Private Version, by VeRuM

Filename: Xrumer_7.09_Elite_Private_NULLED.rar
Filesize: 41647992
MD5: f5421738c235de600c1fe1886a9ee95e
SHA1: b2161c0cb940ca61d3d362d61a45ef250d8bca60
SHA256: b60c6d6c5656bcc594b84878b9dce8a2a497fad5c3c8f9616c466a8733d998f2

Filename: start.exe
Modification Time: 2011-12-03 21:22:26
Filesize: 3905536
MD5: ad718225d0803ebd31c5839d69afba9e
SHA1: 1715e9c94ddb2c2852aca2038d19d602b5a0981e
SHA256: cd0cff95581d180447f63d59bb7caa60a68c40afed7d7373f28192fa22aee753
Filename: LogicFiles/x_user_agent.txt
Filesize: 6509
Modification Time: 2011-07-20 01:17
MD5: c400e1ba5eabba8de59a63e6aca5b6c0
SHA1: 522456e1ae254429a552fcf6a317cf8390485f83
SHA256: 1bd27bd240a00920a17ddf0dd4b601207d6544300c3517345bb0f6ebc44f86a4
File Contents:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0 ; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0
Mozilla/6.0 (compatible; MSIE 7.0a1; Windows NT 5.2; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; TheFreeDictionary.com; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; x64; SV1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90; Creative)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; APC; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50215; InfoPath.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Deepnet Explorer 1.5.0; .NET CLR 1.0.3705)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC
Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; (R1 1.5))
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)
Mozilla/4.0 (compatible; MSIE 6.0; Update a; AOL 6.0; Windows 98)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; YPC 3.0.2; .NET CLR 1.1.4322; yplus 4.4.02b)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.40607)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer  8.0:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT) ::ELNSB50::000061100320025802a00111000000000507000900000000
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; BCD2000)
Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)
Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320)
Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)
Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) NS8/0.9.6
Mozilla/4.79 [en] (Windows NT 5.0; U)
Mozilla/4.76 [en] (Windows NT 5.0; U)
Mozilla/0.91 Beta (Windows)
Mozilla/0.6 Beta (Windows)
Mozilla/4.7 (compatible; OffByOne; Windows 2000) Webster Pro V3.4
Opera/9.00 (Windows NT 4.0; U; en)
Opera/9.00 (Windows NT 5.1; U; en)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0
Opera/8.01 (Windows NT 5.1)
Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.00
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00
Opera/8.00 (Windows NT 5.1; U; en)
Opera/7.60 (Windows NT 5.2; U)  [en] (IBM EVV/3.0/EAK01AG9/LE)
Opera/7.54 (Windows NT 5.1; U)  [pl]
Opera/7.11 (Windows NT 5.1; U) [en]
Mozilla/4.0 (compatible; MSIE 6.0; Windows ME) Opera 7.11  [en]
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]
Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en]
Mozilla/4.0 (compatible; MSIE 5.0; Windows 95) Opera 6.01  [en]
Mozilla/4.0 (compatible; Powermarks/3.5; Windows 95/98/2000/NT)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.50
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.3 (build 01218); .NET CLR 1.1.4322)
Opera/9.01 (Windows NT 5.1; U; en)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [en]
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; MRA 4.6 (build 01425); .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.6 (build 01425); MRSPUTNIK 1, 5, 0, 19 SW)
Opera/9.80 (Windows NT 6.0; U; en) Presto/2.7.62 Version/11.00

Filename: Links/LinksList id400.txt
Filesize: 1012429
Modification Time: 2011-07-25 22:44:30
MD5: b5e08e3f5c0c54ace0da14c56c70b935
SHA1: 2d5b5895bb3ec5c8d8ce57e7e33720a6792dac69
SHA256: ad2b69c8d76511e9df4ed32ab58bba219228859ae69c9278903793c850f66854
Contains the summumplus forum URL
BitThief revealed torrent seeder IPs:

109.62.144.178 (13/02/2012)
46.148.99.131 (15/02/2012)
78.159.55.222 (15/02/2012 - 18/02/2012)
93.78.206.125 (15/02/2012)
72.252.31.248 (15/02/2012 - 16/02/2012)
193.106.126.12 (15/02/2012 - 17/02/2012)
95.157.158.20 (16/02/2012)
72.252.31.21 (16/02/2012)
183.83.230.249 (16/02/2012)
86.97.197.78 (16/02/2012)
46.233.196.111 (17/02/2012)
114.79.137.131 (17/02/2012)
114.79.137.54 (18/02/2012)
94.176.214.66 (18/02/2012)
114.79.137.33 (18/02/2012)
114.79.137.67 (19/02/2012)
119.249.30.223 (19/02/2012)
114.79.137.87 (19/02/2012)
24.8.143.73 (19/02/2012)
114.79.136.89 (19/02/2012)
94.137.10.105 (20/02/2012)
74.58.62.103 (20/02/2012)
92.41.204.28 (21/02/2012)
94.137.13.38 (21/02/2012)
114.79.137.96 (21/02/2012)
114.79.136.48 (22/02/2012)
58.97.152.200 (23/02/2012)
78.250.250.199 (23/02/2012)
114.79.137.95 (23/02/2012)
114.79.137.109 (23/02/2012)
78.250.234.31 (23/02/2012)
114.79.136.21 (23/02/2012)
114.79.137.69 (24/02/2012)
178.74.78.208 (24/02/2012)
46.233.220.202 (27/02/2012)
92.40.5.111 (27/02/2012)
92.40.95.27 (27/02/2012)
46.233.200.224 (1/03/2012)
78.250.230.10 (1/03/2012)
78.250.238.69 (2/03/2012)
46.233.242.142 (3/03/2012)
58.97.145.82 (3/03/2012)
58.97.229.164 (3/03/2012)
77.86.96.73 (3/03/2012)
58.97.166.126 (4/03/2012)
123.115.9.116 (5/03/2012)
58.97.245.102 (5/03/2012)
46.233.226.136 (5/03/2012)
46.233.192.213 (7/03/2012)
78.250.227.77 (7/03/2012)
58.97.212.148 (7/03/2012)
83.228.35.24 (12/03/2012)
58.97.192.191 (12/03/2012)
92.41.53.21 (12/03/2012)
95.104.44.10 (12/03/2012)
58.97.220.112 (12/03/2012)
31.43.104.178 (6/05/2012)
...

http://www.utrace.de/?query=109.62.144.178
Provider: OJSC Rostelecom, Organisation: JSC Central Telecommunication Company, Belgorod br, Region: Staryy Oskol (Russia)

http://www.utrace.de/?query=46.148.99.131
Provider: LINK, Region: Dmitrov (Russia)

http://www.utrace.de/?query=78.159.55.222
Provider: Freenet Ltd., Organisation: Fiber Optic IP Network iHome, Region: Kiev (Ukraine)

http://www.utrace.de/?query=93.78.206.125
Provider: Kyivski Telekomunikatsiyni Merezhi LLC, Organisation: Volia Poltava, Region: Poltava (Ukraine)

http://www.utrace.de/?query=72.252.31.248
http://www.utrace.de/?query=72.252.31.21
Provider: Columbus Networks USA, Organisation: Columbus Communication Jamaica Limited, Region: Kingston (Jamaica)

http://www.utrace.de/?query=193.106.126.12
Provider: SC BOSNET INTER SRL, Region: Nedelea (Romania)

http://www.utrace.de/?query=95.157.158.20
Provider: ARMOR CONNECTIC SAS, Organisation: INFRA, Region: Cren (France)

http://www.utrace.de/?query=183.83.230.249
Provider: Beam Telecom Pvt Ltd, Region: Hyderabad (India)

http://www.utrace.de/?query=86.97.197.78
Provider: Emirates Telecommunications Corporation,Region: Sharjah (Arab Emirates)

http://www.utrace.de/?query=46.233.196.111
http://www.utrace.de/?query=178.74.78.208
http://www.utrace.de/?query=46.233.220.202
http://www.utrace.de/?query=46.233.200.224
http://www.utrace.de/?query=46.233.242.142
http://www.utrace.de/?query=46.233.226.136
http://www.utrace.de/?query=46.233.192.213
Provider: Omskie kabelnye seti Ltd., Region: Omsk (Russia)

http://www.utrace.de/?query=114.79.137.131
http://www.utrace.de/?query=114.79.137.54
http://www.utrace.de/?query=114.79.137.33
http://www.utrace.de/?query=114.79.137.67
http://www.utrace.de/?query=114.79.137.87
http://www.utrace.de/?query=114.79.136.89
http://www.utrace.de/?query=114.79.137.96
http://www.utrace.de/?query=114.79.136.48
http://www.utrace.de/?query=114.79.137.95
http://www.utrace.de/?query=114.79.137.109
http://www.utrace.de/?query=114.79.136.21
http://www.utrace.de/?query=114.79.137.69
Provider: D-VoiS Broadband Private Limited, Region: Mumbai (India)

http://www.utrace.de/?query=94.176.214.66
Provider: S.C. Interlink Banat S.R.L., Region: Jimbolia (Romania)

http://www.utrace.de/?query=119.249.30.223
Provider: China Unicom Heibei Province Network, Region: Jiazhuang (China)

http://www.utrace.de/?query=24.8.143.73
Provider: Comcast Cable, Region: Brighton (United States)

http://www.utrace.de/?query=94.137.10.105
http://www.utrace.de/?query=94.137.13.38
Provider: Omskie kabelnye seti Ltd., Region: Omsk (Russia)

http://www.utrace.de/?query=74.58.62.103
Provider: Videotron Ltee, Region: Victoriaville (Canada)

http://www.utrace.de/?query=92.41.204.28
http://www.utrace.de/?query=92.40.5.111
http://www.utrace.de/?query=92.40.95.27
Provider: Three, Region: Manchester (GB)

http://www.utrace.de/?query=58.97.152.200
http://www.utrace.de/?query=58.97.145.82
http://www.utrace.de/?query=58.97.229.164
http://www.utrace.de/?query=58.97.166.126
http://www.utrace.de/?query=58.97.245.102
http://www.utrace.de/?query=58.97.212.148
Provider: Banglalion WiMAX, Region: Dhaka (Bangladesh)

http://www.utrace.de/?query=78.250.250.199
http://www.utrace.de/?query=78.250.234.31
http://www.utrace.de/?query=78.250.230.10
http://www.utrace.de/?query=78.250.238.69
http://www.utrace.de/?query=78.250.227.77
Provider: Free SAS, Region: Paris (France)

http://www.utrace.de/?query=77.86.96.73
Provider: Kcom, Region: Kingston Upon Hull (United Kingdom)

http://www.utrace.de/?query=123.115.9.116
Provider: China Unicom Beijing Province Network, Region: Beijing (China)

http://www.utrace.de/?query=31.43.104.178
Provider: LocalNet, Region: Kiev (Ukraine)


XRumer 4.0 by Alexander Ryabchenko, botmaster@bk.ru, botmaster@ymail.com, ICQ 111892, Skype ID: botmaster.net

SEnuke X by Areeb Bajwa, areebb@gmail.com

On the image that was hosted at http://www.botmasterru.com/images/Hrefer.png Hrefer 3.1, ICQ 876975, 178730725 was readable.

botmasterlabs.net resolved to 178.162.152.121 and 77.79.7.5 (January 2012)

http://www.utrace.de/?query=178.162.152.121
NetDirect (Germany)

http://www.utrace.de/?query=77.79.7.5
SPLIUS, UAB, Krakes (Lithuania)

xrres2.com resolved to 194.126.172.37 (January 2012)

http://www.utrace.de/?query=194.126.172.37
Eureka Solutions Sp z o.o. (The Netherlands)

botmasterru.com resolved to 95.211.62.27 (January 2012)

http://www.utrace.de/?query=95.211.62.27
LeaseWeb B.V., Amsterdam (The Netherlands)