SBL Live and Historic for Atrivo/Intercage
Date Record IP Involved Host Reason
2008-08-25 23:49:36 SBL67373 69.50.181.122/32 atrivo.com Spam/cybercrime support: ANTI-CAPTCHA.COM/SUPERGENA.COM
2008-08-05 17:13:57 SBL66649 85.255.118.42/32 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2008-07-30 07:47:24 SBL66515 85.255.113.226/32 atrivo.com Malware dropper cybercrime gang
2008-07-30 08:35:02 SBL66408 85.255.117.163/32 atrivo.com Virus writers, malware spreaders, C&C servers
2008-08-08 21:27:23 SBL66405 85.255.117.205/32 atrivo.com Virus writers, malware spreaders, C&C servers
2008-08-08 21:07:21 SBL66404 85.255.117.202/32 atrivo.com Virus writers, malware spreaders, C&C servers
2008-08-08 21:27:24 SBL66401 85.255.118.171/32 atrivo.com Virus writers, malware spreaders, C&C servers
2008-07-26 21:10:23 SBL66400 85.255.120.0/24 atrivo.com Virus writers, malware spreaders, C&C servers
2008-07-02 16:20:35 SBL65349 85.255.120.234/32 atrivo.com Myspace spambot malware
2008-07-05 19:06:08 SBL65305 69.50.160.212/32 atrivo.com Malware installer - "video codec"
2008-06-03 22:21:02 SBL65091 69.50.173.43/32 atrivo.com Russian Cybercrime: rootdns.ru / swerjr.ws
2008-05-20 22:53:05 SBL64850 85.255.118.180/32 atrivo.com "video codec" malware installer
2008-06-25 20:15:19 SBL64779 85.255.113.219/32 atrivo.com Malware installer - "video codec" (atrivo.com)
2008-05-11 08:48:49 SBL64676 216.255.190.26/32 atrivo.com Storm worm installer host
2008-05-11 08:47:30 SBL64675 216.255.189.210/32 atrivo.com Storm worm installer host
2008-05-11 08:42:02 SBL64672 69.50.166.234/32 atrivo.com Storm worm installer host
2008-05-09 00:24:14 SBL64654 85.255.120.202/32 atrivo.com "video codec" malware installer
2008-05-02 20:44:30 SBL64584 85.255.118.181/32 atrivo.com "video codec" malware installer
2008-04-29 20:06:12 SBL64548 85.255.118.179/32 atrivo.com "video codec" malware installer
2008-04-23 07:34:43 SBL64293 85.255.120.203/32 atrivo.com spam and malware hosting
2008-04-23 07:27:37 SBL64291 85.255.122.4/32 atrivo.com spam and malware hosting
2008-05-09 00:13:01 SBL62525 85.255.121.146/32 atrivo.com Malware installer - "video codec"
2008-05-09 00:08:39 SBL62158 85.255.119.93/32 atrivo.com shockbabetv.com (Storm botnet) (video codec)
2008-05-09 00:28:41 SBL61875 64.28.191.254/32 atrivo.com malware installer
2008-05-11 22:48:34 SBL61608 69.50.188.4/32 atrivo.com arbaa.abdullahost.com Ukrainian cybercrime hosts
2008-05-11 08:31:06 SBL61202 69.50.188.3/32 atrivo.com protectwin.com
2007-11-10 09:34:46 SBL60470 69.50.182.21/32 atrivo.com footbox-game.org malware loader
2007-11-02 06:07:45 SBL59854 85.255.112.0/20 atrivo.com zombies. in RIPE as inhoster.com, then nothing, then UkrTeleGroup
2007-10-22 21:35:14 SBL59758 69.50.182.21/32 atrivo.com megapornoportal.cc / wwwhttpcom.be
2008-05-11 07:53:49 SBL59642 69.50.182.0/23 atrivo.com Russian Cybercrime: rootdns.ru / swerjr.ws
2008-05-12 06:27:08 SBL59523 64.28.186.75/32 atrivo.com Hosting over 3000 domains (more cernel.net stuff)
2007-10-04 08:10:18 SBL59306 64.28.181.224/27 atrivo.com ZCODEC.COM / Zlob (archive)
2007-09-03 09:20:08 SBL58380 69.50.182.21/32 atrivo.com illegal pharma site - www.providingrx.com
2008-05-07 22:17:12 SBL58361 64.28.180.236/32 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2008-05-07 22:17:11 SBL58359 64.28.184.174/32 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2007-08-31 21:55:40 SBL58307 216.255.187.152/29 atrivo.com Spammed porn/childporn
2008-05-09 00:04:27 SBL58135 116.50.11.0/32 atrivo.com intercage routing hostfresh
2007-07-31 20:50:43 SBL57088 69.50.182.21/32 atrivo.com spam sites; malware
2007-08-03 07:18:50 SBL56513 69.50.168.101/32 atrivo.com Hosting malware droppers
2008-05-07 22:17:33 SBL56510 64.28.184.187/32 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2008-05-11 07:51:15 SBL56509 216.255.181.154/31 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2008-05-11 07:49:17 SBL56508 85.255.118.155/32 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2008-05-11 07:48:26 SBL56507 64.28.181.245/32 atrivo.com More hijack malware on Cernel/inhoster/Intercage
2008-07-30 22:26:35 SBL56218 85.255.119.66/31 atrivo.com Russian Business Network. antivermins.net etc on inhoster
2007-07-10 23:18:08 SBL56212 69.50.182.19/32 atrivo.com send-mail.biz
2008-05-11 07:45:25 SBL55025 85.255.113.218/32 atrivo.com activexslot.com Trojan.Downloader
2007-06-06 15:31:33 SBL55024 85.255.113.221/32 atrivo.com amultimediasource.com fake codec malware
2007-06-06 15:28:24 SBL55023 85.255.113.222/32 atrivo.com amultimediasource.com fake codec malware
2007-04-14 02:12:16 SBL53527 69.50.160.21/32 atrivo.com a311.com, a311.org - malware
2008-01-21 19:22:49 SBL53323 69.50.176.106/31 atrivo.com Hosting: inhoster.com spammer/cybercrime hosting front
2008-01-21 19:23:05 SBL53322 69.50.176.226/31 atrivo.com Hosting: inhoster.com spammer/cybercrime hosting front
2008-05-11 07:44:18 SBL53307 216.255.182.173/32 atrivo.com MovieCommander DNS hijacking malware rootkit
2008-05-07 22:17:53 SBL53306 216.255.182.172/32 atrivo.com MovieCommander DNS hijacking malware rootkit
2008-05-11 07:36:42 SBL53305 216.255.182.171/32 atrivo.com MovieCommander DNS hijacking malware rootkit
2007-06-07 13:35:35 SBL53073 69.50.191.232/29 atrivo.com Cernel, Inc. malware hosting - installare.net
2007-03-13 00:30:56 SBL52292 216.255.182.0/24 atrivo.com hostfresh.com - mass spammer hosting
2007-04-02 11:33:24 SBL52216 69.50.177.0/24 atrivo.com bratanas.info @69.50.177.253
2007-02-14 13:20:53 SBL51307 69.50.164.162/32 atrivo.com Leo Kuvayev / BadCow. Malware hosting - easedtionkdetunhasde.com
2007-02-12 07:38:24 SBL51153 69.50.178.0/24 atrivo.com gretabc.com - russian trojan coders/droppers
2007-01-28 11:51:11 SBL50406 69.50.183.50/32 atrivo.com Malware dropper site: esunhuitionkdefunhsadwa.com
2006-11-28 01:15:39 SBL48572 69.50.170.122/32 atrivo.com Malware hosting: rxff.net / oldartero.com
2006-11-28 01:09:35 SBL48571 216.255.180.2/32 atrivo.com Malware hosting: rxff.net / oldartero.com
2006-11-27 20:46:52 SBL48522 69.50.182.18/32 atrivo.com goldcodec malware installer
2006-11-26 16:35:14 SBL48451 85.255.120.27/32 atrivo.com aflashcounter.com - malware installer
2006-10-20 08:59:03 SBL47580 216.255.187.10/32 atrivo.com DNS server for "SpamThru Trojan" gang
2006-10-23 07:47:01 SBL47579 216.255.186.226/32 atrivo.com DNS server for "SpamThru Trojan" gang
2006-10-23 07:47:00 SBL47578 216.255.182.202/32 atrivo.com Command and Control server for "SpamThru Trojan"
2006-10-20 08:32:03 SBL47577 216.255.178.170/32 atrivo.com Command and Control server for "SpamThru Trojan"
2006-11-23 18:49:15 SBL47570 216.255.182.0/24 atrivo.com i-ru.net
2006-10-17 20:58:43 SBL47521 85.255.114.148/32 atrivo.com Yambo Financials. hijack C&C
2006-10-17 20:09:18 SBL47516 85.255.116.246/32 atrivo.com Web attack site: colombos1.info
2006-10-18 08:52:38 SBL47499 69.50.182.18/32 atrivo.com www.spam-haus.com (DNS @ESTBOXES.COM)
2006-10-02 14:11:03 SBL47106 69.50.170.0/24 atrivo.com Source of proxy spamming [William Lu **AGAIN***]
2006-10-01 22:19:50 SBL47104 85.255.116.10/32 atrivo.com setslice attack vector
2006-10-08 07:26:53 SBL47098 85.255.114.228/32 atrivo.com 4udating.net - "setslice" attack
2007-12-25 07:08:17 SBL46492 85.255.118.11/32 atrivo.com zcodec.com / pcodec.com trojan malware gang
2007-12-25 07:08:12 SBL46370 69.50.175.0/24 atrivo.com zcodec.com / pcodec.com trojan malware gang
2007-12-25 07:08:11 SBL46368 216.255.186.0/24 atrivo.com zcodec.com trojan malware
2006-07-31 18:58:44 SBL44831 216.255.177.130/32 atrivo.com Proxy abuse
2006-07-06 16:03:24 SBL44065 216.255.178.242/32 atrivo.com C&C server
2006-07-06 16:04:15 SBL44064 216.255.179.50/32 atrivo.com C&C server
2006-07-06 16:04:43 SBL44063 216.255.187.10/32 atrivo.com C&C server
2006-07-06 16:03:49 SBL44058 216.255.176.250/32 atrivo.com C&C server
2006-06-12 07:54:22 SBL43149 216.255.176.59/32 atrivo.com i47324876348731647835473645237463254734823746823467.biz
2006-04-30 03:16:51 SBL41137 69.50.161.82/31 atrivo.com ns1.us22.ru / ns2.us22.ru et al
2006-04-28 00:21:05 SBL40974 216.255.187.66/32 atrivo.com buhartes.info - dedicated spambot C&C
2006-05-08 09:17:21 SBL40386 216.255.179.102/32 atrivo.com ccprobill.com
2006-04-15 02:32:43 SBL40380 69.50.177.122/32 atrivo.com Spam C&C server
2006-04-18 00:09:46 SBL40170 216.255.179.0/24 atrivo.com Abwiz C & C servers
2006-04-05 12:39:29 SBL39898 85.255.117.214/32 atrivo.com cyber-search.biz - wmf exploits
2006-04-05 01:09:32 SBL39880 69.50.183.210/32 atrivo.com malware on ns3.esthost.com
2006-04-05 01:03:13 SBL39879 69.50.190.164/32 atrivo.com http://69.50.190.164/traff/
2006-04-05 08:55:11 SBL39690 216.255.179.102/32 atrivo.com ccprobill.com (probably pavka/artofit)
2006-03-23 17:50:24 SBL39384 69.50.163.198/32 atrivo.com newgalaxy.ws
2006-03-19 04:40:30 SBL38892 69.50.182.18/32 atrivo.com geocities -> TEZIS.RU -> Esthost (cypher)
2006-03-22 23:47:50 SBL38710 69.50.190.162/32 atrivo.com jupitersatellites.biz proxy spam botnet
2006-03-05 08:26:07 SBL38657 85.255.116.243/32 atrivo.com prodownloader.com
2006-03-05 01:15:23 SBL38651 69.50.190.164/32 atrivo.com hosting malware (related to jupitersatellites.biz)
2006-02-23 00:45:14 SBL38153 216.255.179.210/32 atrivo.com kannylizaciya.info - dedicated spam botnet
2006-02-20 00:19:03 SBL38104 69.50.167.229/32 atrivo.com botbbs.com
2006-02-22 23:41:25 SBL37865 69.50.171.194/32 atrivo.com Phishing (Landing page): Barclays Bank UK: marionhost.com
2007-08-31 21:54:53 SBL37490 69.50.182.18/32 atrivo.com spermagain.com
2006-02-19 19:36:45 SBL36915 69.50.190.182/32 atrivo.com perfect-replica.com
2006-01-07 02:46:57 SBL36617 69.50.184.194/32 atrivo.com proxy hijacker
2006-01-03 13:18:54 SBL36479 216.255.181.42/32 atrivo.com Pavka / Artofit. psbill.biz: "Pimpbeez"
2006-01-02 10:52:19 SBL36472 69.50.191.66/31 atrivo.com WMF exploiters
2006-09-06 00:12:03 SBL36471 85.255.114.0/24 atrivo.com WMF loaders
2006-11-07 05:48:20 SBL36454 69.50.176.224/28 atrivo.com cernel.net a/k/a esthost.com
2006-11-02 15:27:59 SBL34825 69.50.160.0/19 atrivo.com Persistent spammer hosting and registration by ESTHOST
2005-11-12 11:37:54 SBL33700 69.50.183.26/32 atrivo.com managedns2.estboxes.com
2005-11-12 11:38:32 SBL33699 69.50.182.18/32 atrivo.com managedns1.estboxes.com
2005-11-07 22:09:29 SBL33579 69.31.76.134/32 atrivo.com Criminal Proxy spammers - hijacking virus infected PCs
2005-10-16 00:18:48 SBL33578 69.50.160.176/29 atrivo.com Criminal Proxy spammers - hijacking virus infected PCs
2007-12-28 14:24:47 SBL32833 69.50.190.160/28 atrivo.com socks4all.biz
2005-10-02 16:20:36 SBL32753 69.50.189.146/32 atrivo.com spambot C&C
2005-10-02 16:26:30 SBL32752 69.50.189.104/29 atrivo.com Proxy hijacking source
2005-10-01 02:18:54 SBL32725 69.50.180.130/32 atrivo.com Source of proxy spamming via infected PC botnets (phishing)
2005-10-12 22:28:15 SBL32720 69.50.164.77/32 atrivo.com Leo Kuvayev / BadCow. wm.conyc.com / cool-sitesonline.info / esthost.com
2005-10-13 20:09:18 SBL32606 69.50.167.98/32 atrivo.com Proxy hijacking source - phishing: bancoopopular.com
2005-10-02 16:31:53 SBL32567 69.50.165.229/32 atrivo.com spambot C&C
2005-10-02 16:33:56 SBL32565 69.50.179.115/32 atrivo.com Proxy hijacking source
2005-09-27 21:15:37 SBL32322 69.50.191.114/32 atrivo.com Proxy hijacking source - ecards-it.com
2005-09-28 14:54:09 SBL32260 69.50.188.108/32 atrivo.com dnyx.net (69-50-188-108.esthost.com)
2005-10-05 11:57:33 SBL32200 69.50.165.82/32 atrivo.com Proxy hijacking source
2005-10-05 11:58:34 SBL32138 69.50.166.64/29 atrivo.com Coteco, LLC.
2005-10-01 04:49:37 SBL31964 69.50.177.32/29 atrivo.com Pavka / Artofit. psbill.biz aka "pimpbeez" @69.50.177.38
2005-10-17 18:33:49 SBL31948 69.50.179.208/28 atrivo.com Coteco, LLC
2005-09-27 21:05:22 SBL31507 69.50.179.114/32 atrivo.com Proxy hijacking source -Malinari Group International
2005-09-01 15:06:40 SBL31260 69.50.170.242/32 atrivo.com universalsec.com - 419 scammers on Atrivo
2005-09-27 21:03:01 SBL30892 69.50.168.50/32 atrivo.com Proxy hijacking source - http://www.geocities.com/vvidfgh
2005-10-02 18:06:25 SBL30578 69.50.166.184/29 atrivo.com freesexplace.info / mega-erotica.info
2005-10-02 18:02:07 SBL30576 69.50.167.104/29 atrivo.com itisjoy.net (removed) and dot-galleries.info/.biz
2005-09-27 20:58:15 SBL30514 69.50.171.170/32 atrivo.com Proxy hijacking source - porn
2005-10-02 18:09:00 SBL30413 69.50.167.224/29 atrivo.com whores-zone.com / skybabes.net and others
2005-09-09 21:35:45 SBL30176 69.50.180.130/32 atrivo.com Peter Severa / Peter Levashov. rain-mailer.com (@r9-h4.esthost.com)
2005-09-09 21:02:58 SBL30175 69.50.184.194/32 atrivo.com rain-mailer.com (Peter Severa)
2005-07-14 07:02:14 SBL28880 69.50.177.0/24 atrivo.com Criminal Proxy spammers - hijacking proxy ports - expanded
2005-07-14 20:46:37 SBL28727 69.50.166.187/32 atrivo.com free-xporn.com
2007-06-07 13:39:27 SBL28560 85.255.113.0/29 atrivo.com iframedollars.biz trojan master
2005-10-12 11:43:27 SBL27700 195.95.218.168/29 atrivo.com iframedollars.biz trojan master
2005-06-02 10:03:31 SBL27505 69.50.171.0/24 atrivo.com Leo Kuvayev / BadCow. Spammer hosting
2005-08-26 00:43:14 SBL27292 69.50.167.162/32 atrivo.com razespyware.net
2005-08-25 11:09:03 SBL26666 69.31.78.0/24 atrivo.com Criminal Proxy spammers - hijacking open proxy ports
2005-03-24 11:43:54 SBL25223 69.50.166.164/32 atrivo.com pills24h.com ; drugs-buy-online.com
2005-03-21 10:20:54 SBL24672 69.50.173.128/27 atrivo.com Proxy spammers - hijacking open proxy ports.
2005-03-08 21:36:38 SBL24569 69.50.166.116/32 atrivo.com interracial-sex.ws
2005-02-24 02:53:48 SBL24231 69.50.166.218/32 atrivo.com Karam Jabri / Rapid Advertising. xteens.net / rapidadvertising.com (@UNIXBSD.INFO)
2005-02-16 06:48:55 SBL23935 69.50.183.114/32 atrivo.com Karam Jabri / Rapid Advertising. toronto-post-cards.com
2005-02-15 05:01:04 SBL23914 69.50.188.146/32 atrivo.com Karam Jabri / Rapid Advertising. rapidadvertising.ca ; farage.com
2005-02-08 09:39:12 SBL23648 69.50.163.36/32 atrivo.com "Poker site spammer" 1-POKER-GAMES.INFO @r5-h132.esthost.com
2004-12-01 22:34:08 SBL21374 69.50.163.0/24 atrivo.com dailyproxy.com spamware vendor
2004-12-02 23:32:01 SBL21189 69.50.187.218/31 atrivo.com trojan installer - coolsearch.biz
2004-12-02 23:26:17 SBL21186 69.50.168.146/31 atrivo.com trojan installer sp2fucked.biz
2005-07-14 07:01:51 SBL20712 69.50.177.210/32 atrivo.com Criminal Proxy spammers - hijacking open proxy ports
2005-08-31 11:14:07 SBL20170 69.50.191.0/24 atrivo.com estdomains.com ; esthost.com
2004-10-03 01:09:39 SBL19877 69.50.187.114/32 atrivo.com Briceco, Inc. / Dubeau / Brice. Pump & Dump spamming: ma04.otcjournal.net ; E-Direct
2005-03-11 16:59:04 SBL19361 69.50.179.128/25 atrivo.com estdomains.com ; esthost.com
2004-07-13 23:30:23 SBL17943 69.22.163.142/32 atrivo.com www.bovanno.org -> IDEALOGOS.COM
2004-07-12 23:06:13 SBL17866 69.50.187.114/32 atrivo.com Briceco, Inc. / Dubeau / Brice. ueorg.org
2004-07-03 20:12:13 SBL16970 69.50.182.178/32 atrivo.com Webfinity/Dynamic Pipe. zoqg.petebrowner.com ; yuwj.cabinvibe.com ; adultxspace.com
2004-11-11 08:05:35 SBL16579 69.50.168.0/24 atrivo.com "William Lu" / pro-vcd.com, etc.
2004-06-12 01:18:54 SBL14468 69.50.183.32/29 atrivo.com windearthsea.com
2004-06-10 08:02:47 SBL13690 69.31.76.176/28 atrivo.com sp66.net, 97.to, 89.to - Asian warez spammers
2008-05-31 00:09:28 SBL13689 69.50.173.192/28 atrivo.com uwill.to and other Asian warez spammers
2004-06-20 10:16:02 SBL12979 69.50.167.203/32 atrivo.com ''HiGhTiMeZ'' = my.mortgage-program.is-a.pimp.bz
2004-03-09 19:38:46 SBL12526 69.50.180.0/24 atrivo.com Paris Hilton Porn Video spam - direct from Atrivo

SBL Live and Historic listings involving Atrivo/Intercage and partners
Date Record IP Involved Host Reason
2008-08-25 08:30:24 SBL67355 216.151.179.185/32 bandcon.com Pointer Record: Intercage/Atrivo (AS26769 >>> AS27595)
2008-08-19 20:36:07 SBL67196 67.17.105.2/32 gblx.net Pointer Record: InterCage (AS3549 >>> AS27595)
2008-08-11 20:31:52 SBL66023 213.200.66.26/32 tiscali.net Pointer Record: Cernel/inhoster (AS3257 >>> AS36445)
2008-08-27 21:25:38 SBL66022 64.129.26.198/32 twtelecom.net Pointer Record: Cernel/inhoster (AS4323 >>> AS36445)
2008-06-26 01:39:18 SBL65513 69.31.64.0/20 nlayer.net InterCage, Inc. vis LiteUp, Inc.
2008-07-09 08:19:25 SBL65419 58.65.238.34/32 hostfresh.com Malware installer - "video codec"
2008-07-05 19:31:19 SBL65251 77.92.88.0/23 uk2net.com Malware installer - "video codec"
2008-08-15 20:57:25 SBL65250 89.149.226.0/24 netdirekt.de Malware installer - "video codec" @89.149.226.22
2008-05-31 21:20:31 SBL65109 72.21.53.218/32 layeredtech.com how to find zlob video codec malware with google
2008-05-13 20:08:45 SBL64750 203.117.175.116/32 starhub.net.sg malware installer
2008-05-13 20:03:43 SBL64744 124.217.252.78/32 piradius.net malware installer
2008-05-12 19:36:18 SBL64713 72.21.53.218/32 layeredtech.com Malware installer - "video codec" SEX18TUBE2008.COM
2008-05-11 20:00:55 SBL64712 195.93.218.47/32 airhouse.su Malware installer - "video codec"
2008-05-28 01:29:52 SBL64709 58.22.101.96/27 cncgroup-fj malware installer & spam hosting
2008-05-10 22:00:30 SBL64703 77.91.228.156/32 webalta.ru malware installer
2008-05-10 00:03:42 SBL64689 77.91.229.106/32 webalta.ru malware installer
2008-06-21 20:18:39 SBL64688 89.149.227.195/32 netdirekt.de Malware installer - "video codec"
2008-03-20 20:49:33 SBL63889 216.195.63.76/32 apxtelecom.com Russian Business Network. malware installer
2008-03-19 20:05:50 SBL63882 72.233.80.154/32 layeredtech.com Russian Business Network. malware installer
2008-02-29 04:46:02 SBL63540 85.255.115.126/32 inhoster.com drugstore-onweb.com
2008-02-05 23:48:33 SBL62593 64.28.181.194/32 cernel.net http://hardpornvideoonline.com/sites/reufhksjhrenfs.htm
2008-02-19 00:56:17 SBL62484 69.31.64.0/20 nlayer.net Hosting: inhoster.com spammer/cybercrime hosting front
2007-12-19 21:45:52 SBL61840 216.152.255.176/30 xeex.com Pointer Record: Intercage/Atrivo (AS27524 >>> AS27595)
2008-01-13 21:37:28 SBL61328 85.255.121.146/32 wvfiber.net Malware dropper site (@85.255.121.146)
2008-07-26 23:30:56 SBL60872 58.65.238.42/31 hostfresh.com Diamond Replicas
2007-11-02 06:07:45 SBL59854 85.255.112.0/20 atrivo.com zombies. in RIPE as inhoster.com, then nothing, then UkrTeleGroup
2007-10-23 12:22:14 SBL59839 58.65.238.18/32 hostfresh.com Paper Trailing (see internal records)
2008-03-22 22:50:09 SBL59825 69.22.128.0/32 nlayer.net Pointer Record: routing Hostfresh 58.65.238.0/23
2008-01-13 15:41:02 SBL59045 81.29.249.0/24 global-hosting.ru Hosting malware droppers
2008-08-12 21:17:44 SBL58520 67.210.0.0/20 ARIN New Cernel block under Intercage
2008-01-13 15:43:44 SBL58402 81.95.144.182/32 rbnnetwork.com Russian Business Network. malware droppers: malwarealarm.com
2007-09-25 01:21:56 SBL58401 81.29.249.38/32 global-hosting.ru malware droppers
2007-09-24 03:30:48 SBL58360 69.31.80.0/23 pilosoft.com estdomains.com / esthost.com - dirty hosts/registrars
2007-09-21 06:38:41 SBL58310 211.100.17.0/24 ctidnet The world's most spammer friendly domain registrar
2007-09-20 11:13:52 SBL58309 122.70.138.0/24 crc.net.cn The world's most spammer friendly domain registrar
2007-09-21 06:36:41 SBL58308 124.42.122.0/32 sinnet.com.cn The world's most spammer friendly domain registrar
2008-05-09 00:04:27 SBL58135 116.50.11.0/32 atrivo.com intercage routing hostfresh
2007-07-30 00:48:36 SBL57112 81.95.153.243/32 rbnnetwork.com Russian Business Network. iframedollars.biz
2008-07-26 20:12:37 SBL56569 85.255.113.91/32 inhoster.com estdomains.com / esthost.com - dirty hosts/registrars
2007-09-26 03:42:13 SBL56568 69.31.52.0/27 pilosoft.com estdomains.com / esthost.com - dirty hosts/registrars
2007-09-04 02:30:56 SBL56512 206.161.201.208/28 pccwglobal.com Hosting malware droppers
2007-07-12 02:21:50 SBL56506 217.159.201.128/26 estpak.ee estdomains.com / esthost.com - dirty hosts/registrars
2007-09-26 23:51:02 SBL56505 69.31.80.64/29 pilosoft.com estdomains.com / esthost.com - dirty hosts/registrars
2008-08-25 08:11:05 SBL56467 69.26.162.237/32 xeex.com Pointer Record: Intercage/Atrivo (AS27524 >>> AS27595)
2007-07-30 00:44:05 SBL56166 208.66.195.86/32 mccolo.com Russian Business Network. IFRAMEDOLLARS.BIZ exploit gang
2008-08-25 08:11:09 SBL55860 66.186.197.106/32 wvfiber.net Pointer Record: Atrivo/Intercage (AS19151 >>> AS27595)
2007-07-03 00:47:42 SBL55359 81.95.153.92/32 rbnnetwork.com Russian Business Network. IFRAMEDOLLARS.BIZ exploit gang
2007-11-05 20:25:00 SBL54256 216.246.103.2/32 servercentral.net Pointer Record: hostfresh.com (AS23352 >>> AS27595)
2008-08-24 23:44:19 SBL54255 69.22.143.6/32 nlayer.net Pointer Record: hostfresh.com (AS4436 >>> AS27595)
2007-05-24 01:12:04 SBL54008 81.177.14.248/29 in-telecom.ru Rustelecom, coolive.net - spammer morphing IPs
2008-01-21 19:14:52 SBL53805 69.22.186.0/24 nlayer.net Hosting: inhoster.com spammer/cybercrime hosting front
2008-01-21 19:15:11 SBL53804 69.22.184.0/24 nlayer.net Hosting: inhoster.com spammer/cybercrime hosting front
2008-07-19 00:05:42 SBL53803 69.22.168.0/21 nlayer.net Hosting: inhoster.com spammer/cybercrime hosting front
2008-01-21 19:22:26 SBL53802 69.22.162.0/23 nlayer.net Hosting: inhoster.com spammer/cybercrime hosting front
2007-04-09 23:06:15 SBL53361 213.140.37.237/32 telefonica.es inhoster.com spammer/cybercrime hosting front
2007-05-25 20:03:13 SBL53321 69.31.80.64/28 pilosoft.com Hosting: inhoster.com spammer/cybercrime hosting front
2008-08-25 08:12:29 SBL53320 69.50.160.0/19 ARIN Hosting: inhoster.com spammer/cybercrime hosting front
2007-05-01 09:30:25 SBL53319 216.255.176.0/20 ARIN Hosting: inhoster.com spammer/cybercrime hosting front
2007-04-10 02:03:16 SBL53316 66.250.55.49/32 cogentco.com inhoster.com spammer/cybercrime hosting front
2008-07-19 00:02:18 SBL53315 216.12.164.65/32 invisiblehand.net inhoster.com spammer/cybercrime hosting front
2007-04-10 02:51:18 SBL53314 204.70.193.29/32 savvis.net inhoster.com spammer/cybercrime hosting front
2008-07-19 00:02:08 SBL53313 85.255.112.1/32 pilosoft.com inhoster.com spammer/cybercrime hosting front
2007-04-09 22:32:48 SBL53312 64.243.225.30/32 wbsconnect.com inhoster.com spammer/cybercrime hosting front
2007-05-14 02:05:45 SBL53311 66.225.245.26/32 servercentral.net MovieCommander DNS hijacking malware rootkit
2007-04-08 12:23:33 SBL53310 69.22.143.14/32 nlayer.net MovieCommander DNS hijacking malware rootkit
2008-01-13 11:05:38 SBL53308 64.28.183.0/24 cernel.net MovieCommander DNS hijacking malware rootkit
2008-07-26 20:12:43 SBL53304 85.255.115.46/32 inhoster.com MovieCommander DNS hijacking malware rootkit
2008-07-30 05:05:23 SBL53303 66.186.192.250/32 wvfiber.net inhoster.com spammer/cybercrime hosting front
2007-04-09 21:50:32 SBL50299 85.255.115.252/32 inhoster.com 5starvideos.net / Zlob
2007-04-09 21:49:24 SBL49285 85.255.117.194/32 inhoster.com Zlob malware installer
2007-04-09 21:47:20 SBL49279 85.255.118.195/32 inhoster.com www.multimediaobject.com - Zlob infector at Inhoster
2007-01-01 08:26:18 SBL49234 69.50.160.0/19 nlayer.net Atrivo/Intercage
2007-02-03 21:56:06 SBL48521 209.200.18.168/29 webair.com "Zlob" goldcodec malware installer - videosgalleries.com
2006-09-09 07:51:22 SBL46493 80.77.88.98/32 ipipe.net zcodec.com trojan malware gang: stockpharmacy.com
2006-11-25 06:38:09 SBL46361 85.255.112.132/32 inhoster.com DNSChanger Trojan home
2008-08-20 06:44:00 SBL43467 69.22.128.250/32 nlayer.net Pointer Record: Intercage/Atrivo (AS4436 >>> AS27595)
2008-08-05 23:33:36 SBL36702 85.255.112.0/20 RIPE inhoster.com / "Fast web hosting" / esthost.com / ukrtelegr
2008-03-31 20:38:02 SBL36453 64.28.176.0/20 ARIN cernel.net a/k/a esthost.com
2005-10-09 17:45:03 SBL33230 64.71.177.63/32 he.net dot-galleries.biz (and probably more)
2005-10-17 18:33:49 SBL31948 69.50.179.208/28 atrivo.com Coteco, LLC
2006-08-10 06:10:47 SBL30896 64.74.164.100/32 internap.com silvercash.com
2005-09-09 11:11:42 SBL30182 69.31.128.106/32 pilosoft.com rain.webplace.ru : Criminal proxy spamware sales
2005-02-21 20:05:26 SBL24159 66.98.145.18/32 ev1.net dailyproxy.com spamware vendor
2005-06-05 09:33:06 SBL17027 69.22.143.10/32 nlayer.net Pointer record for: Atrivo: Emil "Igor" Kacperski via AS4436
2004-09-29 23:28:06 SBL17026 216.140.2.13/32 broadwing.com Pointer record for: Atrivo: Emil "Igor" Kacperski via AS6395
2005-06-03 12:14:56 SBL17025 69.50.160.0/19 ARIN Atrivo - escalation
2004-12-18 19:50:27 SBL14467 65.240.228.97/32 mci.com HELO windearthsea.com
2006-08-26 07:03:04 SBL13688 132.186.46.32/32 pyramid.com.au 132.186.46.32 - no RDNS
2008-01-12 20:36:59 SBL9176 132.232.0.0/16 ARIN zombies. BIS Mackintosh Limited / KTHX.ORG / REVERSED.NET
2004-01-18 00:16:55 SBL9060 170.208.15.1/32 gblx.net zombies. pointer to SBL8632 - ISD / atrivo
2004-01-18 00:16:15 SBL9059 146.100.32.1/32 gblx.net zombies. pointer to SBL6858 Zust-Ambrosetti / nlayer.net / atrivo.com
2003-10-22 00:00:00 SBL8647 170.208.0.4/32 wworks.net zombies. pointer record - parts of 170.208.0.0/16 (SBL8632) routed via AS26346
2003-10-29 05:43:48 SBL8633 170.208.0.1/32 he.net zombies. pointer record for feed to SBL8632
2003-10-30 02:37:13 SBL8632 170.208.0.0/16 ARIN zombies. ISD / atrivo

SBL Live and Historic listings for Atrivo cybercrime hosting partner hostfresh.com
Date Record IP Involved Host Reason
2008-08-25 00:21:06 SBL67341 58.65.238.106/31 hostfresh.com simplefreedns.com cybercrime malware DNS
2008-08-06 21:49:17 SBL66763 58.65.235.41/32 hostfresh.com Malware hosting
2008-08-03 18:48:44 SBL66687 58.65.238.171/32 hostfresh.com infectionscanner.com/virus-scanonline.com malware dropper
2008-07-17 00:33:56 SBL65974 58.65.234.81/32 hostfresh.com Spammer & cybercrime DNS hosting
2008-07-29 20:43:10 SBL65954 58.65.234.0/24 hostfresh.com virtual-oem.com (escalation - Toronto Pharmacy)
2008-07-10 23:08:38 SBL65830 58.65.234.73/32 hostfresh.com Toronto Pharmacy
2008-07-30 05:46:38 SBL65797 58.65.238.106/32 hostfresh.com online-xpcleaner.com malware dropper
2008-07-09 08:19:25 SBL65419 58.65.238.34/32 hostfresh.com Malware installer - "video codec"
2008-06-03 01:36:06 SBL65165 58.65.238.100/32 hostfresh.com NS1.HOSTFRESH.COM / NS2.BETSPROFIT.COM
2008-07-08 20:51:54 SBL65154 58.65.239.107/32 hostfresh.com Botnet pharma spammers
2008-05-30 07:54:46 SBL65078 58.65.232.17/32 hostfresh.com Cybercrime DNS server & web hosting
2008-02-09 17:57:49 SBL63104 58.65.239.10/31 hostfresh.com cybns.info / wodamer.info
2008-01-18 19:15:17 SBL62635 58.65.239.156/32 hostfresh.com nameserver for fast-flux spam domains
2008-01-18 19:14:48 SBL62634 58.65.239.155/32 hostfresh.com nameserver for fast-flux spam domains
2008-01-11 22:17:22 SBL62505 58.65.239.66/31 hostfresh.com fast-flux NS
2007-12-23 07:23:54 SBL61923 58.65.239.162/32 hostfresh.com spam source
2007-12-23 07:26:23 SBL61922 58.65.239.162/32 hostfresh.com spam source
2008-01-13 11:04:48 SBL61867 58.65.239.162/32 hostfresh.com Botnet spammer hosting
2007-12-20 07:31:41 SBL61693 58.65.239.122/32 hostfresh.com HerbalKing. Spam Haven/DNS (abokor.com et al/ns2.adns2008.com)
2008-01-13 14:50:43 SBL61230 58.65.238.59/32 hostfresh.com Russian Business Network. active pinch server @xp.attrezzi.biz
2008-07-26 23:31:15 SBL61170 58.65.235.201/32 hostfresh.com www-t4.ru
2008-01-13 15:05:02 SBL61037 58.65.239.30/32 hostfresh.com Malware dropper site DNS: NS1.QWHOST.CN / NS2.NOCDNS.NET
2008-01-13 15:05:03 SBL61035 58.65.239.28/32 hostfresh.com Malware dropper site
2008-07-26 23:30:56 SBL60872 58.65.238.42/31 hostfresh.com Diamond Replicas
2007-11-27 00:11:06 SBL60395 58.65.234.18/32 hostfresh.com Russian Business Network. iframedollars.com
2007-11-27 00:10:15 SBL60394 58.65.234.17/32 hostfresh.com Russian Business Network. iframedollars.com
2008-07-26 23:30:20 SBL60148 58.65.239.92/32 hostfresh.com mountcourse.com
2008-06-26 01:51:43 SBL60022 58.65.238.43/32 hostfresh.com Spammer & cybercrime hosting
2008-07-26 23:29:41 SBL59877 58.65.238.38/32 hostfresh.com "JSB register" form @ 58.65.238.38
2007-10-23 12:22:14 SBL59839 58.65.238.18/32 hostfresh.com Paper Trailing
2007-10-28 23:24:36 SBL59735 58.65.238.50/32 hostfresh.com Spam webhosting - ghocapo.cn, mycompl.com
2007-12-01 19:49:29 SBL59620 58.65.238.18/32 hostfresh.com Porn spam redirector hosting
2008-01-13 11:05:30 SBL59531 58.65.239.66/32 hostfresh.com Pill spammers - pillstrade.info, rxrxrxrx.com etc.
2007-11-06 00:38:14 SBL59528 58.65.237.74/32 hostfresh.com Pill spammers - pillstrade.info, rxrxrxrx.com etc.
2008-01-13 15:40:53 SBL59524 58.65.237.137/32 hostfresh.com forgirlsmany.biz malware dropper and pill spammers
2008-06-02 08:04:14 SBL59230 58.65.239.154/31 hostfresh.com Criminal porn spammers
2007-11-06 17:44:12 SBL58966 58.65.236.26/32 hostfresh.com byron-consulting.net - money mule scam
2008-07-26 23:32:41 SBL58882 58.65.239.248/32 hostfresh.com www.kittynow.cn etc.
2008-05-12 06:44:03 SBL58798 58.65.238.42/32 hostfresh.com ancerudp.com, etc, botnet spammed/hosted domains
2008-01-13 12:23:10 SBL58288 58.65.239.66/31 hostfresh.com Russian Business Network. Standard iFrame gang injection URL / ns21-valuehost.com
2007-11-06 17:54:34 SBL58101 58.65.237.72/29 hostfresh.com chukigekdns.com / speeduserhost.com
2007-08-19 12:39:12 SBL57853 58.65.233.90/32 hostfresh.com Spammer's dropbox (zakmed@mailrus.ru)
2007-08-14 10:08:56 SBL57577 58.65.239.29/32 hostfresh.com Russian Business Network. qwertyhost.org Russian cybercrime hosting @Hostfresh
2008-06-02 08:04:18 SBL57576 58.65.239.27/32 hostfresh.com Russian Business Network. NS1.NOCDNS.NET (qwertyhost.org Russian cybercrime hosting)
2007-11-26 23:46:01 SBL56742 58.65.237.26/32 hostfresh.com airbiz.ws malware dropper and other crime hosting
2007-06-26 20:51:15 SBL55616 58.65.237.33/32 hostfresh.com JHJNJO.INFO etc.
2007-08-08 10:33:31 SBL55425 58.65.233.89/32 hostfresh.com mx.laposte.ru - scam dropbox
2007-11-06 18:11:52 SBL54324 58.65.233.178/32 hostfresh.com malware
2007-05-05 22:38:17 SBL54259 58.65.236.153/32 hostfresh.com mastercarder.org etc.
2007-05-05 22:39:13 SBL54258 58.65.237.113/32 hostfresh.com CARDER-SHOP.COM etc.
2008-01-13 11:05:37 SBL54249 58.65.238.0/23 hostfresh.com Dirty block (escalation)
2008-07-26 23:32:20 SBL54224 58.65.238.0/24 hostfresh.com spam sources
2007-05-03 23:12:19 SBL54202 58.65.239.10/32 hostfresh.com abdulla.cc
2007-05-01 22:31:13 SBL54092 58.65.239.90/32 hostfresh.com Eastern Euro malware droppers, again on Hostfresh
2007-04-24 23:48:20 SBL53667 58.65.232.68/32 hostfresh.com Proxy, exploit & cybercrime gang: xn0de.org; lol-portal.info
2007-04-25 01:57:32 SBL53134 58.65.236.0/24 hostfresh.com Russian cybercrime
2007-04-02 22:03:48 SBL53117 58.65.236.130/32 hostfresh.com Spammer DNS - ns2.saudia-dns.org
2007-04-02 22:03:49 SBL53116 58.65.236.129/32 hostfresh.com Spammer DNS - ns1.saudia-dns.org
2007-04-03 00:23:50 SBL53011 58.65.239.75/32 hostfresh.com ANI exploit malware drop site
2007-04-02 22:14:59 SBL52960 58.65.234.17/32 hostfresh.com blog/form spam source
2007-03-27 04:13:21 SBL52780 58.65.239.12/32 hostfresh.com bank phish site
2007-03-23 01:46:17 SBL52632 58.65.237.33/32 hostfresh.com SDASDASWDDDDF.INFO etc
2007-03-20 21:18:46 SBL52507 58.65.239.34/32 hostfresh.com Malware hosting
2007-03-20 06:15:51 SBL52498 58.65.236.128/30 hostfresh.com Mule scam drop box
2007-03-02 22:37:30 SBL51778 58.65.236.0/24 hostfresh.com John Vogel. momoyamoto.com et al.
2007-03-06 21:50:06 SBL51358 58.65.236.232/29 hostfresh.com John Vogel. momoyamoto.com
2007-03-06 21:40:41 SBL51357 58.65.236.16/30 hostfresh.com John Vogel. momoyamoto.com
2006-12-01 20:29:08 SBL48665 58.65.236.128/30 hostfresh.com Spam webhosting - idpslcspay.com
2006-12-01 00:06:59 SBL48480 58.65.234.1/32 hostfresh.com Source of proxy/botnet hijack spamming ("MAN-XL")
2006-12-01 00:07:19 SBL48479 58.65.233.97/32 hostfresh.com Source of proxy/botnet hijack spamming

SBL Live and Historic listings for inhoster.com (an Atrivo cybercrime hosting partner)
Date Record IP Involved Host Reason
2008-02-29 04:46:02 SBL63540 85.255.115.126/32 inhoster.com drugstore-onweb.com
2008-08-25 08:14:56 SBL61205 85.255.121.147/32 inhoster.com codecvids.com malware dropper
2008-01-13 15:40:50 SBL60127 85.255.121.37/32 inhoster.com Malware C&C
2007-12-21 15:31:01 SBL59845 85.255.113.235/32 inhoster.com malware downloader
2007-11-05 20:24:54 SBL59637 85.255.115.181/32 inhoster.com Malware hosting
2008-07-26 20:12:37 SBL56569 85.255.113.91/32 inhoster.com estdomains.com / esthost.com - dirty hosts/registrars
2008-08-15 21:55:06 SBL56504 85.255.117.242/31 inhoster.com axvideosetup.com, etc, trojan droppers
2008-03-24 06:07:36 SBL53431 85.255.118.186/32 inhoster.com menshealth-store.com
2008-07-26 20:12:43 SBL53304 85.255.115.46/32 inhoster.com MovieCommander DNS hijacking malware rootkit
2007-04-24 10:06:44 SBL50733 85.255.119.122/32 inhoster.com tokiodrift.biz / virusburst.com malware site
2007-04-09 21:50:32 SBL50299 85.255.115.252/32 inhoster.com 5starvideos.net / Zlob
2007-04-09 21:49:52 SBL49300 85.255.116.252/32 inhoster.com Zlob malware installer
2007-04-09 21:49:24 SBL49285 85.255.117.194/32 inhoster.com Zlob malware installer
2007-04-09 21:47:20 SBL49279 85.255.118.195/32 inhoster.com www.multimediaobject.com - Zlob infector at Inhoster
2007-04-09 20:54:18 SBL48509 85.255.118.198/32 inhoster.com Malware hosting
2006-11-25 06:38:09 SBL46361 85.255.112.132/32 inhoster.com DNSChanger Trojan home
2007-04-10 02:17:35 SBL36703 195.95.218.0/23 inhoster.com DNSChanger Trojan home

SBL Live and Historic listings for cernel.net (an Atrivo cybercrime hosting partner)
Date Record IP Involved Host Reason
2008-08-17 22:36:37 SBL67087 67.210.12.56/32 cernel.net Canadian Pharmacy. canadian-pharmacy-drugs.info
2008-07-10 21:31:36 SBL65730 64.28.191.14/32 cernel.net gooqle-analytics.com malware dropper
2008-02-13 14:25:57 SBL63191 67.210.14.10/32 cernel.net ovbrokerage.net (mule job)
2008-02-05 23:48:33 SBL62593 64.28.181.194/32 cernel.net http://hardpornvideoonline.com/sites/reufhksjhrenfs.htm
2007-04-12 11:28:00 SBL53474 64.28.178.16/32 cernel.net Leo Kuvayev / BadCow. fast flux hosts
2008-01-13 11:05:38 SBL53308 64.28.183.0/24 cernel.net MovieCommander DNS hijacking malware rootkit
2007-12-19 22:07:39 SBL50731 64.28.179.50/32 cernel.net tokiodrift.biz / virusburst.com malware site