Feel free to circulate this list, use it to block unwanted or malicious activity, and/or incorporate it into anti-spyware software. However, please do not delete any rules from it. If you think something should be added or deleted, please email me at yosponge@yahoo.com. You can, of course, quote part of it relevent to a specific spyware. My official site is www.geocities.com/yosponge and you can obtain updates there. Thank you.! NOTE: Entries for spyware which are new or changed will say so. Risk key: C = Common S=Severe O = Occasional M=Moderate R = Rare L=Low As of 7/9/08 Added Nebuad (CS) Added more Overture to Advertising sites Added Adlegend to Advertising sites Added SNAP to Advertising sites. This is another "contextual" ad service, similar to VibrantMedia/Intellitxt and Kontera which uses deceptive links and pop-up windows. As of 3/21/07 Added new Smitfraud DNS hijack IPs (CS) Added new Smitfraud DNS and DHCP hijack IPs. This new version hijacks DHCP settings as well as DNS. (CS) Added new Lop.com (CS) Added Baidu (RL) Added more Doubleclick Added new eAcceleration (CM) and DELETED some old IP address blocks. Added Evidence-Eliminator (CL) Added Name Administration Inc. to Other Sites Added more RealNetworks (CM) Added more Redsheriff/IMRWorldWide (CM) Added Multiple/various dropper (CS), the netblock 66.48.78.0/24. This corresponds to a service called clicksor which is associated with many kinds of malware. Added new Vundo (CS) trojan - Vundo hijacks DNS settings can be considered an extraordinarily serious threat. If infected, all passwords, userIDs, bank accounts, credit card numbers, etc. should be changed immediately. Added thecoolpics trojan (CM) Added Outerinfo (OL) Added 2nd-thought.com backdoor trojan (CS) Added seek.yisou.com (RL) Added more Ask.com spyware (CM) Added 007 (CS) 70.85.217.103 check rest of netblock Vibrant media check 216.31.241.112-216.31.241.127 Add Oversee.net:64.235.246.0 - 64.235.246.255 Oversee.net:67.112.184.192 - 67.112.184.199 Oversee.net:68.125.88.248 - 68.125.88.255 Oversee.net:71.139.219.96 - 71.139.219.103 Oversee.net:204.13.160.0 - 204.13.163.255 Added Net Access Corp to Other Sites Added more Need2find a.k.a. AskJeeves (CM) WARNING: The Ask spyware is being distributed with versions of Nero, the DVD-burning software, as of version 7.7.5.1. DO NOT INSTALL THIS AND FUTURE VERSIONS UNTIL IT IS REMOVED! Added Revenueloop (CM) Added Flipviewer (RL) Added Troj/Lineage-AP (CS) (svhost32.exe variant a.k.a. Infostealer variant) Added more Smitfraud (specifically, Virusburst/mmcodec) (CS) (activex.matcash.com) Added more 180solutions 213.189.5.0/24 Added more ShopatHome (OS) Added William Lu network (RM) Added more Smitfraud (CS) One of the netblocks, 216.187.103.128/25, is also home to fake sites (e.g. factcheck.com, which has nothing to do with the legitimate site factcheck.org). Added more RightMedia a.k.a. Intermix Media to Advertising Sites. This is behind a lot of those deceptive ads that look like a Windows dialog box saying, "Message Waiting" or falsely advertising Windows errors. Added AlliedPlanet to Advertising Sites Added LiquidMedia to Advertising Sites Added TradeNews Corp. to Advertising Sites 64.125.98.0/23 Added isgreat.org to Advertising Sites Add 70.85.216.240/28 to trafficadmin Add 195.131.4.128/26 to Sintez Added 194.67.35.0/24 as Spylog to Advertising Sites. Very important to block! Added Questionmarket to Advertising Sites Added InsightExpress to Advertising Sites insightexpressai Added Interserver to Other Sites. Added Nameview cybersquatting sites to Other Sites Added Iland Internet Solutions to Other Sites Added Seeq to Other Sites list Added Sedo to Other Sites Added iland to Other Sites Added Direct Information to Other Sites Note: Should identify 85.255.112.0/21 on port 53 as a DNS hijacker for IDS/IPS rulesets Note: Previously-identified Smitfraud trojans exist under a variety of names although all use the same netblock, 85.255.112.0/21. Not all are fixed by Smitfraudfix. Any contact showing in firewall or IDS logs with this netblock should be considered a positive sign of infection, especially if DNS lookups are seen to 85.255.114/24. Due to the extraordinarily dangerous nature of these hijackers - they are DNS hijackers as well as, in some cases, backdoors, it is especially imperative to change all passwords and relocate sensitive data. As of 10/17/06 Changd smitfraud (CS) to 85.255.112.0/21 to accomodate new versions. Any connection to this network can be considered a sign of infection, possibly by a zero-day variant. See Smitfraudfix at http://siri.urz.free.fr/Fix/SmitfraudFix_En.php or afterdawn.com. Be advised that there are fake versions of this removal tool going around as well. As of 10/16/06 Added Toolbar888 (CS) Added Shopnav.drsnsrch (CS) Added more Azebar (CS) Added W32.Trymedia worm (CM) Added MywebSearch (CL) Added AdExtension/unlimiteddownloadcenter/trackingbot (CS) 209.85.51.0 Added W32/HLLP.Philis.I, accesses www.hyap98.com (RS) Added Ask.com (CS). According to spyware researcher Ben Edelman, Ask.com has become a major purveyor of spyware and adware. Since these appear to be sourced from ask.com servers, it is recommended that all of ask.com be filtered. See http://www.benedelman.org/spyware/ask-toolbars/ This service gets it's ads from targetnet/Mamma.com Add Googkle.com to IDS rules, which downloads code from www.ntsearch.com and toolbarpartner.com (outdated but still a threat) (RS) - Note this probably uses the misspellings of other popular websites as well Added two unknown (CS) malware that appear to read the Outlook address book Removed Neucom filter 66.230.192.0/19, at least temporarily. This was causing problems with some popular sites including Wikipedia. Removed Sstemuptodate.net, see Smitfraud below. Removed Updatesearches - it is now part of Smitfraud (CS) Changed some Smitfraud filters to accomodate new versions of this trojan, such as isafetypage.com (CS) Now, any connection to 85.255.116.0/22 can be considered a definite site of infection. Changed base mask for Transponder/Direct Revenue 204.16.120.0/22 Changed AS16238 to Comload (CS) Changed 2020search (CL) They moved. Changed Searchfeed to note that it is a Comet Cursor product, now called Comet Cursor.searchfeed (OL) As of 8/22/06 Added new eGroup dialer (CS) Added Mrfindalot (OL) Added more New dot net (CL) Added unknown 66.244.254.0/24 to spyware Added more Rightmedia/yieldmanager to Advertising Sites As of 7/24/06 Added Proffy209.com/Smitfraud (WMF spyware hijack) (CS) Added new eGroup dialer homesite e.g. akamai.downloadv3.com Added new Pilosoft/CWS/Spywarequake site Added Trj.Riler.F (RS) LSP hijacker Added Trj.Bifrose.E (RS) aka Backdoor.Bifrose.E Added Smitfraud (CS) - This primarily impersonates "security alerts" and such to sell junk "security" software. The home site, thesecuritypage.com and www.topsecuritysite.net impersonates Microsoft's site. Added Party Gaming (CH) - hope of Party Poker, tons of pop-ups, and questionable software 64.69.40.42 (revres.exe) nerdytechs.com and proxify.be 205.177.122.100 (randomEXE) ad.tuzikmedia.biz 81.95.145.173 (xfid.exe) zfwrzemtha.biz zgeghrlgro.biz Added mywebsearch (OL) Added Accoona (OL) Added new Look2me detection (CS) Added new Transponder (CS) 204.16.120.0/19. Added 217.73.64.0/20 (CS) This is reportedly one of the worst and longest-running malware homesites. See http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites for one such explanation. This should be filtered by everyone, regardless of what kind of software or OS you run. Added Trj_Conhook (CS) (Note: Many phony websites or websites that use similar domains to popular sites are also located on some of these netblocks.) Added Systemuptodate.net spyware (CS) Added united-newsserver (RL) Added more SpecificMedia. Note that this service runs regular web ads in addition to malware. Added 2020search (also upspiral and freakyseek. Note that freakyseek has no dns). Added Ittoolbox Added DVLABs (Klipmart advertising service, mostly does Flash ads.) (gfx.klipmart.com, kt3. and kt4.kliptracker.com, kt4a.kliptracker.com through kt4d) Added new Omniture 128.241.21.0/24. Added Namegiant 64.14.244.0/24 Added Intermix Media to Advertising Sites www.partner2profit.com, imp. 63.81.207.197 is unknown ad site Added Adwatcher to Advertising Sites Added Source Investments to Other Sites Added DirectResponse to Advertising Sites Added Meta4 to Advertising Sites Changed a notation for Comet Cursor (198.65.220.0/24) and added that a Comet Cursor product is being called Starware.com/Miva. Added Tacoda. This is another "contextual" advertising service, much like Vibrantmedia's Intellitxt, which can insert deceptive links into webpages. Note on usage: This IP blocklist is intended to be used to block known spyware sites and large ad services known or believed to be associated with spyware, data mining and data warehousing companies. It is strongly recommended that you download and install a firewall capable of blocking (filtering) IP addresses, like Kerio Personal Firewall, available at www.kerio.com. Some firewalls (like the super-popular, free version of Zone Alarm) do not have the ability to block IPs. KPF works well with other firewalls, including ZA free.) The following instructions explain step-by-step how to add the filters to KPF. Consult your documentation for other firewalls. Once you have done this once or twice you will be able to do it in your sleep. You may need to modify the instructions to suit other firewalls. Alexa will be used for the example below. Step 1: Start KPF. Step 2: On the tray at the bottom right of your screen, right-click KPF's blue shield icon. Step 3: Select Firewall Administration. Step 4: Click Advanced. Step 5: Highlight whatever rule is at the very top of the list by clicking it. If there is none, don't worry. Step 6: Click the Insert button at the bottom. Step 7: Give the new item a name. Use the name of the spyware, if you wish. Step 8: The protocol box should say Any. If it doesn't, click it and select Any. Step 9: The direction box should say Both. Click it and select Both. (If you are on a very slow computer, you can just select "Outgoing", which will speed things up ever so slightly, but it will reduce your protection.) Step 10: On the Remote Endpoint box, click and select Network/Mask. Step 11: In the Network Address box, enter from this list below the number from the left side of the list. In the case of Alexa, enter 209.247.41.0. Step 12: In the Network Mask box, enter the number from the middle column, which in this case is 255.255.255.0 . Step 13: The Rule Valid box should have Always checked. If not, select Always. Step 14: The Action button should be set to Deny. Step 15: You can check or uncheck the Log and Display alert box rules according to your wishes. Step 16: Click Ok when done. Congratulations! If you think this is time consuming, it's not. You'll nail this in about an hour. And you'll be well-protected! Add the next item in the list, starting from step 6, above. Note: If you upgraded from Tiny Personal Firewall to the newer Kerio, you should be able to import your blocklist. However, due to a bug in Kerio, you must add a rule to allow all traffic to and from 255.255.255.255. If you don't know how to do this, add all the entries in the list below and you'll figure it out. This must always be the very first rule on your list. It is also recommended that you block Windows Media Player from accessing the Internet under any circumstances. If anybody has any updates, new IP addresses thought to be used by spyware, etc. please post them in alt.privacy.spyware or email yosponge@yahoo.com. Network Mask Spyware/Adware name 64.94.137.0 255.255.255.0 180solutions (NEW) 205.205.86.0 255.255.255.0 180solutions (NEW) 206.169.156.0 255.255.255.0 180solutions (NEW) 69.90.184.0 255.255.255.0 180solutions (NEW) 213.189.5.0 255.255.255.0 180solutions (NEW) * 208.237.254.0 255.255.255.0 7faSSt/Emergency24 64.74.193.0 255.255.255.0 Accipiter 64.74.131.0 255.255.255.0 Accipiter/Engage 64.152.66.0 255.255.255.0 Address.com/GTMI 64.159.90.0 255.255.255.0 AdultLinks/Candidhosting*** 209.247.255.0 255.255.255.0 Alexa 209.237.237.0 255.255.255.0 Alexa 209.237.238.0 255.255.255.0 Alexa 209.247.41.0 255.255.255.0 Alexa 209.247.42.0 255.255.255.0 Alexa 216.200.3.0 255.255.255.0 APS Communication (CWS, etc.) 128.121.26.0 255.255.255.0 AWS 80.77.80.0 255.255.255.0 Azebar (NEW) 216.52.17.0 255.255.255.0 BargainBuddy 66.225.192.0 255.255.255.0 Bookedspace 206.142.53.0 255.255.255.0 BrilliantDigital 64.156.213.0 255.255.255.0 CashSurfers/CrackedEarth (name change) 198.65.220.0 255.255.255.0 Comet Cursor/Starware.com 64.94.162.0 255.255.255.0 Comet Cursor 209.83.171.0 255.255.255.0 Comet Cursor 63.251.26.0 255.255.255.0 Comet Cursor.Searchfeed (NEW) 66.220.17.0 255.255.255.0 C2 Media 206.251.184.0 255.255.255.0 C2 Media, also FavoriteMan 64.40.102.0 255.255.255.0 C2 Media 63.243.188.0 255.255.255.0 C2 Media (NEW) 63.219.177.0 255.255.255.0 C2 Media (NEW) 194.131.254.0 255.255.255.0 Creative Labs 203.126.77.0 255.255.255.0 Creative Labs 65.112.114.0 255.255.255.0 Creative Labs & C2Media 216.3.226.0 255.255.255.0 CuteFTP 209.66.122.0 255.255.255.0 CWS.MSinfo (CWS variant, others) 80.77.84.0 255.255.255.0 CWS.MSinfo 207.99.34.0 255.255.255.0 CWS.MSoffice (CWS variant, others) 209.73.225.0 255.255.255.0 Cydoor 209.11.66.0 255.255.255.0 Cydoor 209.153.205.0 255.255.255.0 Cytron 209.153.206.0 255.255.255.0 Cytron 216.231.108.0 255.255.255.0 eAcceleration (DELETE) 216.231.119.0 255.255.255.0 eAcceleration (DELETE) 205.234.72.0 255.255.255.0 eAcceleration (NEW) 216.145.9.0 255.255.255.0 eAcceleration (NEW) 65.174.224.0 255.255.255.0 eAcceleration (NEW) 212.150.236.0 255.255.255.0 Effectivebrands 62.90.166.0 255.255.255.0 Effectivebrands 62.39.85.0 255.255.255.0 eGroup (Strip-Player, egwn, ACX_Install, etc.) 195.10.6.0 255.255.255.0 eGroup (NEW) 63.72.76.0 255.255.255.0 eMachines 64.157.1.0 255.255.255.0 ezCyberSearch 64.95.66.0 255.255.255.0 Enliven (may be obsolete) 64.18.195.0 255.255.255.0 Enliven 12.129.204.0 255.255.255.0 eUniverse/KeenValue 212.117.137.0 255.255.255.0 EverAd 64.20.172.0 255.255.255.0 Flycast 64.20.161.0 255.255.255.0 Flycast 216.127.44.0 255.255.255.0 FlyingCroc 64.255.166.0 255.255.255.0 FriendGreeting/AdultFriendFinder (NEW) 209.185.12.0 255.255.255.0 FriendGreeting/AdultFriendFinder (NEW) 64.56.205.0 255.255.255.0 FrientGreeting/AdultFriendFinder (NEW) 216.127.33.0 255.255.255.0 Gamma 64.94.89.0 255.255.255.0 Gator 64.162.206.0 255.255.255.0 Gator 63.197.87.0 255.255.255.0 Gator 216.30.17.0 255.255.255.0 Gator 66.35.247.0 255.255.255.0 Gator 64.152.73.0 255.255.255.0 Gator 64.157.165.0 255.255.255.0 Gator 66.35.229.0 255.255.255.0 Gator 64.243.64.0 255.255.255.0 Globalscape (CuteFTP, etc.) 209.85.51.0 255.255.255.0 Googkle (NEW) 64.61.30.0 255.255.255.0 Hotbar 63.167.250.0 255.255.255.0 Hotbar 212.117.152.0 255.255.255.0 Hotbar (may be obsolete) 65.121.237.0 255.255.255.0 Hotbar 165.254.12.0 255.255.255.0 Hotbar 38.117.132.0 255.255.255.0 Hotbar 216.65.29.0 255.255.255.0 IE Plugin 66.40.37.0 255.255.255.0 IE Plugin 64.156.188.0 255.255.255.0 Internetwasher 209.132.242.0 255.255.255.0 Internetfuel 207.211.65.0 255.255.255.0 Intellitxt (NEW) 205.147.84.0 255.255.255.0 Intellitxt (NEW) 209.132.218.0 255.255.255.0 Fordale/MediaCharger/Downloadware (renamed) 209.132.205.0 255.255.255.0 Internetfuel/StreamMagic/Fordale/MediaCharger 192.217.197.0 255.255.255.0 Interactual 64.95.228.0 255.255.255.0 IPInsight 65.169.109.0 255.255.255.0 Kanoodle (NEW) 192.146.101.0 255.255.255.0 Lexmark 216.127.62.0 255.255.255.0 MoneyTree/FlyingCroc 63.236.66.0 255.255.255.0 Mywebsearch (NEW) 207.159.120.0 255.255.255.0 Mywebsearch (NEW) 64.237.101.0 255.255.255.0 Nebuad (NEW) 66.151.151.0 255.255.255.0 Nebuad (NEW) 208.45.133.0 255.255.255.0 Need2find (NEW) 207.159.120.0 255.255.255.0 Need2find (NEW) 63.251.211.0 255.255.255.0 NewdotNet 64.94.29.0 255.255.255.0 NewdotNet 72.5.175.0 255.255.255.0 NewdotNet 216.64.206.0 255.255.255.0 NewtonKnows (Changed, moved up here) 216.207.32.0 255.255.255.0 Onflow 81.222.131.0 255.255.255.0 Paradize (many CWS variants) 209.50.251.0 255.255.255.0 PassThisOn 66.212.229.0 255.255.255.0 Party Gaming (NEW) 66.48.78.0 255.255.255.0 Paypopup (CHANGED) 207.69.235.0 255.255.255.0 PeoplePC (Earthlink) 66.250.107.0 255.255.255.0 Pilosoft (many CWS variants 66.250.57.0 255.255.255.0 Pilosoft/various 216.130.218.0 255.255.255.0 Pugi 208.184.172.0 255.255.255.0 Radiate/Aureate 216.37.13.0 255.255.255.0 Radiate/Aureate 204.71.154.0 255.255.255.0 RealNetworks 209.225.53.0 255.255.255.0 RealNetworks 66.35.210.0 255.255.255.0 RealNetworks 63.111.71.0 255.255.255.0 RealNetworks 203.89.243.0 255.255.255.0 RedSheriff 203.166.18.0 255.255.255.0 RedSheriff 208.184.36.0 255.255.255.0 RedSheriff (NEW) 69.80.200.0 255.255.255.0 RedSheriff (NEW) 212.187.205.0 255.255.255.0 RedSheriff (NEW) 195.165.248.0 255.255.255.0 RedSheriff (NEW) 64.15.205.0 255.255.255.0 Roar 216.46.104.0 255.255.255.0 SBWatchDog 82.137.161.0 255.255.255.0 Searchbar (NEW) 209.50.151.0 255.255.255.0 SearchTraffic 209.66.124.0 255.255.255.0 SearchV (assorted) 209.8.25.0 255.255.255.0 Search* (Various)(NEW) 63.66.136.0 255.255.255.0 SecondPower 198.80.11.0 255.255.255.0 ShopatHome 204.151.43.0 255.255.255.0 ShopatHome 199.221.131.0 255.255.255.0 Shopathome (NEW) 64.211.248.0 255.255.255.0 SideStep 81.211.105.0 255.255.255.0 Smart-Finder (NKVD) 66.244.254.0 255.255.255.0 Smitfraud (NEW) 207.36.209.0 255.255.255.0 Smitfraud (NEW) 216.187.113.0 255.255.255.0 Smitfraud (NEW) 216.187.118.0 255.255.255.0 Smitfraud (NEW) 64.79.161.0 255.255.255.0 SpecificMedia (NEW) 63.117.23.0 255.255.255.0 SpecificMedia (NEW) 212.143.22.0 255.255.255.0 Speedbit (Remove any other Speedbit entries) 66.28.153.0 255.255.255.0 StartSurfing 64.150.160.0 255.255.255.0 thecoolpics (ipowerweb)(NEW) 72.22.71.0 255.255.255.0 thecoolpics (ipowerweb)(NEW) 207.246.124.0 255.255.255.0 Transponder (VX2) 202.67.220.0 255.255.255.0 Trj.Conhook (NEW) 64.124.210.0 255.255.255.0 UmaxSearch, CoolWebSearch 63.72.206.0 255.255.255.0 Unicast 217.73.150.0 255.255.255.0 united-newsserver x (NEW) 170.224.10.0 255.255.255.0 Viewpoint 216.152.240.0 255.255.255.0 W32.sdbot-ADD (NEW) 63.236.119.0 255.255.255.0 Web3000 (may be obsolete) 209.66.123.0 255.255.255.0 Winshow 66.250.74.0 255.255.255.0 Xrenoder/CoolWebSearch 64.157.3.0 255.255.255.0 Xupiter 64.235.246.0 255.255.255.0 Multiple parasites (NEW) 66.48.78.0 255.255.255.0 Multiple/various dropper (NEW) 64.74.223.0 255.255.255.0 Various/multiple/cybersquat (NEW) 64.74.223.0 255.255.255.0 Various (NEW) 69.50.168.0 255.255.255.0 Various/Intercage (NEW) 216.104.64.0 255.255.255.0 Vundo (NEW) 216.104.72.0 255.255.255.0 Vundo (NEW) 64.5.217.0 255.255.255.0 W32.Trymedia (NEW) 69.50.170.0 255.255.255.0 William Lu (NEW) 66.244.254.0 255.255.255.0 Unknown (NEW) ###NOTE: Pay attention here. The Networks and Masks will be different from here on out.### 216.74.57.192 255.255.255.192 180solutions 216.34.94.80 255.255.255.240 180solutions 66.152.64.0 255.255.224.0 180solutions/Gamma (NEW) 70.97.62.0 255.255.255.224 180solutions (NEW) 198.104.159.152 255.255.255.252 2020search (NEW) 198.65.114.248 255.255.255.254 2020search (NEW) 63.197.20.136 255.255.255.248 Address.com 72.3.170.80 255.255.255.252 AdExtension/trackingbot (NEW) 199.232.145.0 255.255.255.224 AdTools, Inc. 209.225.4.64 255.255.255.224 Advertbar 204.74.64.0 255.255.192.0 Advertbar 208.45.133.128 255.255.255.128 Aornum 65.214.36.0 255.255.252.0 Ask.com (NEW) 63.236.25.64 255.255.255.224 Ask.com-targetnet (NEW) 66.77.72.0 255.255.255.224 Ask.com-targetnet (NEW) 66.77.183.128 255.255.255.128 Ask.com-targetnet (NEW) 65.220.232.0 255.255.252.0 Ask.com-targetnet (NEW) 63.175.146.0 255.255.255.224 AWS 204.214.6.88 255.255.255.248 AWS 63.164.220.128 255.255.255.128 AWS 66.240.1.128 255.255.255.224 AWS 66.197.235.32 255.255.255.224 Azebar (NEW) 216.65.221.128 255.255.255.224 Backweb Lite (Western Digital)(CHANGED) 64.28.64.208 255.255.255.240 BargainBuddy (Net2phone) 64.14.95.0 255.255.255.128 BargainBuddy (Net2phone) 63.142.201.112 255.255.255.240 BargainBuddy (Net2phone) 205.158.62.128 255.255.255.224 BargainBuddy 69.20.69.168 255.255.255.248 BargainBuddy 63.68.54.0 255.255.254.0 BonziBuddy 64.70.38.160 255.255.255.224 BrilliantDigital 64.60.8.160 255.255.255.224 BrilliantDigital 38.118.139.16 255.255.255.240 BrilliantDigital 66.186.13.128 255.255.255.128 BrilliantDigital 66.230.151.96 255.255.255.224 BroadcastPC (Use ISPRIME rule instead) 64.90.160.152 255.255.255.248 BroadcastPC 216.22.46.192 255.255.255.254 ClientMan 217.73.64.0 255.255.255.224 Comload/AS16238/Various (NEW) 213.86.53.224 255.255.255.224 CommonName 212.23.24.56 255.255.255.248 CommonName 38.117.144.0 255.255.252.0 Coolwebsearch 205.177.0.0 255.255.0.0 Coolwebsearch 69.31.52.0 255.255.254.0 Coolwebsearch 69.31.80.0 255.255.248.0 Coolwebsearch (Pilosoft) 69.31.90.0 255.255.254.0 Coolwebsearch 69.31.92.0 255.255.254.0 Coolwebsearch 69.31.114.0 255.255.254.0 Coolwebsearch 69.31.116.0 255.255.252.0 Coolwebsearch 69.31.126.0 255.255.254.0 Coolwebsearch 69.31.128.0 255.255.252.0 Coolwebsearch 69.31.132.0 255.255.254.0 Coolwebsearch 216.61.164.0 255.255.224.0 Creative Labs 198.95.32.0 255.255.224.0 Creative Labs 203.127.170.0 255.255.224.0 Creative Labs 65.56.1.192 255.255.255.192 CWS.LoadBat/IE-Search 63.251.92.192 255.255.255.192 CWS.MSSPI 216.52.184.192 255.255.255.192 CWS.MSSPI 64.74.96.192 255.255.255.192 CWS.MSSPI 212.118.243.96 255.255.255.224 CWS.MSSPI 69.25.142.0 255.255.255.128 CWS.MSSPI 64.237.56.0 255.255.254.0 CWS.Tapicfg 209.66.114.0 255.255.254.0 CWS.Vrape (CWS variant, others) 69.56.234.168 255.255.255.248 CWS.PnP/CWS.DNSrelay 209.10.17.128 255.255.255.128 Cydoor 63.237.152.0 255.255.254.0 C2 Media* 65.89.40.0 255.255.252.0 C2 Media* (formerly Pulse Web Ventures) 66.115.177.32 255.255.255.240 C2 Media 63.236.173.0 255.255.255.248 C2 Media 63.239.124.16 255.255.255.240 C2 Media 63.145.92.0 255.255.255.128 C2 Media 63.146.90.128 255.255.255.128 C2 Media 63.239.126.64 255.255.255.192 C2 Media 63.239.126.128 255.255.255.192 C2 Media 63.145.90.128 255.255.255.128 C2 Media 66.116.109.0 255.255.255.0 C2 Media+Ultsearch (CHANGED) 208.254.3.128 255.255.255.128 C2 Media (Also Seeq) 66.111.40.138 255.255.255.254 C2 Media (NEW) 63.203.128.160 255.255.255.248 Daliworld 203.185.208.0 255.255.255.252 DarkBlueSea (Roar, Downloadware) 208.215.64.0 255.255.64.0 DSSAgent (Broderbund/Mattel) 216.187.107.0 255.255.255.192 DyFuCa 66.28.248.160 255.255.255.224 eAcceleration 216.231.104.0 255.255.255.128 eAcceleration (DELETE) 66.40.9.128 255.255.255.128 eGroup 164.109.144.192 255.255.255.224 eMachines 216.216.46.128 255.255.255.128 Enliven 64.18.202.128 255.255.255.192 Enliven 66.70.67.12 255.255.255.252 Eprompter 62.189.91.0 255.255.255.224 Evidence-Eliminator (NEW) 64.159.92.0 255.255.252.0 EZCyberSearch/Neucom * & *** 208.185.211.64 255.255.255.224 Ezula (changed mask) 63.200.130.232 255.255.255.248 Ezula 64.164.192.72 255.255.255.248 Ezula 64.237.53.2 255.255.255.254 Fastwebfinder 64.201.96.0 255.255.224.0 Favoriteman 66.159.219.192 255.255.255.192 Flashlightsearch 64.95.64.0 255.255.254.0 Flycast 216.32.96.0 255.255.248.0 Flycast 207.251.152.224 255.255.255.224 Flycast 66.186.17.192 255.255.255.192 Fordale Ltd./Downloadware 216.176.200.16 255.255.255.240 FreeTree Media/eScorcher 216.176.203.0 255.255.255.224 FreeTree Media/eScorcher 216.34.38.64 255.255.255.192 FriendGreeting/FriendGreet worm 216.34.32.0 255.255.224.0 FriendGreeting Worm/AdultFriendFinder (NEW) 207.38.8.0 255.255.224.0 GameSpy (NEW) 216.141.76.128 255.255.255.248 Gator 66.35.248.0 255.255.254.0 Gator 209.132.220.0 255.255.255.128 GoHip 209.132.223.0 255.255.255.128 GoHip 206.152.188.64 255.255.255.192 Gratisware 206.152.189.0 255.255.255.128 Gratisware x 64.21.61.192 255.255.255.192 Guidescope 209.249.105.16 255.255.255.252 Guidescope 66.28.234.64 255.255.255.240 Hotbar 206.252.137.64 255.255.255.192 Hyperlinker (NEW) 64.156.188.0 255.255.255.128 Internetwasher 198.77.37.32 255.255.255.248 IEPlugin (CHANGED) 216.130.188.0 255.255.252.0 IEPlugin 216.133.246.128 255.255.255.128 IEPlugin 216.177.73.128 255.255.255.192 IGetNet 209.132.205.64 255.255.255.192 Internetfuel 63.99.209.56 255.255.255.248 IPInsight 66.230.128.0 255.255.224.0 ISPRIME 69.28.208.64 255.255.255.240 ISTBar 66.179.234.0 255.255.255.224 ITToolbox (NEW) 64.95.112.64 255.255.255.240 Kettera (Address.com) 204.177.92.0 255.255.254.0 LexiTrans 207.17.52.0 255.255.254.0 LexiTrans 66.119.41.0 255.255.255.128 MarketScore 63.82.105.200 255.255.255.248 MarketScore 63.108.139.112 255.255.255.240 MarketScore 63.122.185.48 255.255.255.240 MarketScore 12.105.21.160 255.255.255.224 MarketScore 64.208.99.128 255.255.255.224 MarketScore 216.148.244.32 255.255.255.224 MarketScore 216.148.244.64 255.255.255.224 MarketScore 216.148.246.128 255.255.255.224 MarketScore 216.148.246.64 255.255.255.224 MarketScore 66.159.219.192 255.255.255.192 MemoryMeter 207.246.134.0 255.255.254.0 MoneyTree/FCI Inc. 207.246.136.0 255.255.254.0 MoneyTree/FCI Inc. 216.127.40.0 255.255.252.0 MoneyTree/FCI Inc. (NEW) 212.100.230.160 255.255.255.248 Naviscope 64.128.107.128 255.255.255.128 Net-Nucleus 64.192.112.0 255.255.254.0 Net-Nucleus 195.13.105.128 255.255.255.192 Netdialers/ComLoad Spyware (aka dave-ltd.co.uk) 213.253.128.200 255.255.255.252 Netdialers/ComLoad Spyware 207.182.241.224 255.255.255.224 Netpal/FavoriteMan 12.102.45.2 255.255.255.254 Netropa 209.164.21.64 255.255.255.240 Netropa 67.123.49.24 255.255.255.248 Netropa 216.130.214.64 255.255.255.224 NetworkEssentials 209.27.250.0 255.255.254.0 NewdotNet & RedSwoosh 65.164.176.192 255.255.255.192 NewtonKnows 216.212.54.240 255.255.255.248 NewtonKnows 216.21.208.0 255.255.240.0 NewtonKnows 64.14.238.0 255.255.255.240 NewtonKnows 63.254.68.0 255.255.252.0 NewtonKnows 69.28.146.0 255.255.255.128 OfferOptimizer 208.67.64.0 255.255.224.0 Outerinfo/Rightmedia (NEW) 198.31.211.64 255.255.255.128 PassThisOn 198.31.211.128 255.255.255.128 PassThisOn 134.122.0.0 255.255.0.0 Phoenixnet 65.200.210.32 255.255.255.240 Phoenixnet 216.148.218.128 255.255.255.240 Phoenix 66.250.130.0 255.255.254.0 Pilosoft (many CWS variants) 66.250.170.0 255.255.254.0 Pilosoft 66.250.54.0 255.255.254.0 Pilosoft 69.31.40.0 255.255.224.0 Pilosoft 66.28.32.0 255.255.254.0 PornDirect 81.177.26.0 255.255.254.0 Proffy209 (NEW) 216.255.185.0 255.255.255.224 Proffy209 (NEW) 63.246.32.0 255.255.240.0 Propamedia/Various 217.116.231.0 255.255.255.128 RapidBlaster 209.47.15.72 255.255.255.248 RapidBlaster 207.188.0.0 255.255.224.0 RealNetworks 208.147.88.0 255.255.248.0 RealNetworks (CHANGED MASK) 205.219.198.0 255.255.254.0 RealNetworks 12.129.72.128 255.255.255.128 RealNetworks 80.15.249.0 255.255.255.128 RealNetworks 66.203.112.0 255.255.240.0 RealNetworks (NEW) 210.81.223.192 255.255.255.224 RedSheriff 212.187.205.0 255.255.255.240 RedSheriff (DELETE) 195.165.248.144 255.255.255.240 RedSheriff 206.112.99.96 255.255.255.224 RedSheriff 80.80.13.192 255.255.255.192 RedSheriff (NEW) 61.213.156.128 255.255.255.224 RedSheriff (NEW) 203.21.27.0 255.255.255.224 RedSheriff (NEW) 212.239.41.96 255.255.255.224 RedSheriff (NEW) 203.166.110.160 255.255.255.224 RedSheriff (NEW) 62.189.244.32 255.255.255.224 RedSheriff (NEW) 216.168.60.96 255.255.255.224 RedV 64.14.40.0 255.255.255.0 Searchalot (CHANGED) 66.218.79.160 255.255.255.224 SearchClimbers 66.250.172.0 255.255.252.0 SearchIt 64.125.98.0 255.255.255.192 Search-Itnow 66.111.55.108 255.255.255.254 SearchSpace/Umaxsearch 209.66.122.0 255.255.254.0 SearchV 217.157.14.0 255.255.255.224 Search-Explorer 199.221.128.0 255.255.248.0 ShopatHome (NEW) 204.181.152.0 255.255.248.0 ShopatHome (NEW) 205.240.0.0 255.255.240.0 ShopatHome (NEW) 67.18.124.128 255.255.255.128 Shopnav.Drsnsrch (NEW) 216.74.153.0 255.255.255.224 ShopNAV x 62.219.250.64 255.255.255.192 SmartBrowser 64.49.245.112 255.255.255.240 SmartBrowser/Tibsystems.com 85.255.112.0 255.255.248.0 Smitfraud (NEW) 67.15.35.0 255.255.255.0 Smitfraud/winerrorfixer (NEW) 194.90.224.80 255.255.255.240 Smitfraud (NEW) 66.199.187.128 255.255.255.192 Smitfraud (NEW) 216.187.103.128 255.255.255.128 Smitfraud, various (NEW) 88.86.101.0 255.255.255.128 Smitfraud (NEW) @64.192.135.128 255.255.255.224 Smitfraud (Peel.com)(NEW) 64.79.171.0 255.255.255.240 SpecificMedia x (NEW) 212.143.22.0 255.255.255.0 Speedbit 66.28.14.16 255.255.255.240 SpeedDelivery 208.184.39.128 255.255.255.128 Speedera 66.28.47.160 255.255.255.224 Speedera 216.74.133.192 255.255.255.192 Speedera 206.61.136.0 255.255.254.0 Speedera 213.235.53.96 255.255.255.224 Speed-Trap 195.225.176.0 255.255.254.0 SpywareQuake (CWS)(NEW) 66.28.46.0 255.255.255.128 StreamingCash 209.132.192.0 255.255.192.0 StreamMagic/Fordale/MediaCharger* 216.130.214.64 255.255.255.240 StreamMagic/Fordale/MediaCharger* 209.189.48.0 255.255.255.224 SuperBari/GigaTech 66.28.46.0 255.255.255.128 SystemSoap 198.12.16.0 255.255.252.0 Verizon 213.239.182.128 255.255.255.224 Tibssystems.com 65.61.150.0 255.255.255.224 Tibssystems.com 210.80.149.224 255.255.255.224 Tibssystems.com 216.127.92.176 255.255.255.252 Tinybar 208.185.54.0 255.255.255.192 TopMoxie/EBates 65.205.246.160 255.255.255.224 TopMoxie/EBates 63.236.57.64 255.255.255.192 TopMoxie/EBates 63.236.56.128 255.255.255.224 TopMoxie/EBates 146.82.109.0 255.255.255.192 TrafficSyndicate (Huntbar) 65.192.28.0 255.255.255.224 Transponder 65.192.29.0 255.255.255.240 Transponder 66.110.176.0 255.255.240.0 Transponder/various (NEW) 204.16.120.0 255.255.252.0 Transponder (NEW) 216.240.159.144 255.255.255.240 TrekBlue (also use with WhenU/SaveNow)(CHANGED) 66.45.224.0 255.255.252.0 Trj.Conhook (NEW) 64.20.32.0 255.255.254.0 Trj.Conhook (NEW) 207.44.198.24 255.255.255.248 TwistedHumor 212.150.35.104 255.255.255.248 UCmore 170.224.16.32 255.255.255.240 Unicast 64.28.66.0 255.255.255.240 VFlash 64.70.52.0 255.255.255.224 Viewpoint 66.36.0.0 255.255.252.0 VR World Technologies** and * 66.36.4.0 255.255.255.0 VR World Technologies** and * 202.27.156.0 255.255.252.0 Vundo (NEW) 209.71.218.64 255.255.255.224 WebHancer 216.221.200.192 255.255.255.224 WebHancer 216.216.94.32 255.255.255.224 Web3000/RedV 66.28.237.0 255.255.255.224 WhenU/SaveNow & other spyware 63.218.7.128 255.255.255.128 WhenU/SaveNow 209.11.45.128 255.255.255.224 WhenU/SaveNow 130.94.201.128 255.255.255.128 WhenU 209.73.202.0 255.255.255.224 WhenU 209.73.203.96 255.255.255.224 WhenU (NEW) 210.11.38.192 255.255.255.192 Wotch (aka DigitalDM) 216.194.89.112 255.255.255.240 WRN 63.236.32.32 255.255.255.224 Xupiter 63.218.11.128 255.255.255.248 204.13.160.0 255.255.252.0 CWS/Various/Oversee (NEW) 69.46.23.170 255.255.255.254 X10/ClearStream 63.251.92.192 255.255.255.252 Zeropopup/Jetseeker/Tinybar (NEW) 64.74.96.242 255.255.255.254 Zeropopup/Jetseeker/Tinybar (NEW) 69.25.142.0 255.255.255.252 Zeropopup/Jetseeker/Tinybar (NEW) 38.113.244.64 255.255.255.240 Zeropopup/Jetseeker/Tinybar (NEW) *Partially duplicated on "Other Sites list" below. **dlder trojan/2001-007.com, various gambling-related sites. This is used by both spyware/trojans, and web-based ads. ***This will block all of Candidhosting.com, which will, in turn, block several kinds of spyware and numerous spam sites. x Not really necessary to block; mainly listed for completeness. ###NOTE: below are single IP addresses. Instead of selecting Network/Mask (as you would have in step 10, above) select Single IP.### Single IPs Spyware/Adware name 216.73.132.172 n-Case/180solutions/Epipo * 70.85.217.103 007 (NE) 66.152.93.119 180solutions/ISTBar 63.251.163.122 2nd-thought.com (NEW) 207.44.232.61 2ndthought.com (NEW) 198.65.105.202 2020Search (NEW) 216.237.10.184 Aadcom * 63.215.86.196 Accipiter (NEW) 63.210.193.4 Accipiter (NEW) 65.17.251.200 Accoona (NEW) 66.132.132.243 Actualnames 64.246.22.66 Adbreak** 166.88.8.48 Address.com * 83.216.217.166 AdExtension/trackingbot (NEW) 72.32.58.201 AdExtension/trackingbot (NEW) 199.232.158.58 AdTools, Inc. * 64.106.230.30 Atoque * 66.70.44.60 Autosearch * 209.50.251.242 Autosearch * 129.253.170.220 Backweb Lite 202.108.22.46 Baidu (NEW) 207.97.199.152 BargainBuddy 38.113.198.132 Best Search 209.178.57.143 BrilliantDigital 217.116.227.250 BrilliantDigital 63.196.54.245 BrilliantDigital 66.28.223.168 BrilliantDigital 139.142.246.76 BrowserToolBar * 64.141.2.76 BrowserToolBar * 64.40.102.44 C2Media (NEW) * 66.161.28.166 Clearsearch **** 64.124.210.41 Coolwebsearch (NEW) 216.61.164.87 CreativeLabs (See Note) 216.200.3.32 CWS.Alfa-search 66.40.16.131 CWS.Tooncomics 38.117.144.27 CWS.Tapicfg * 213.159.117.233 CWS.Verisign * 65.77.83.222 CWS.Vrape * 66.250.57.226 CWS.Lookfor * 81.211.105.26 CWS.Lookfor 38.117.144.28 CWS.MSInfo 69.31.86.131 CWS.FreshVideoGals 64.124.210.131 CWS.GrabItFast 212.29.215.3 Cydoor * 209.11.42.240 Cydoor * 66.77.127.90 Divx 63.71.110.0 DSSAgent * (Broderbund/Mattel) 199.171.54.0 DSSAgent * (Broderbund/Mattel) 216.231.104.29 eAcceleration ***** 209.10.225.93 EBates/TopMoxie 63.219.179.134 EBates/TopMoxie 63.236.57.90 EBates/TopMoxie 66.98.244.74 eGroup (NEW) 164.109.144.179 eMachines * 164.109.144.181 eMachines * 207.174.207.177 Expedioware 64.225.154.175 Ezula * 64.159.65.212 Fastfind (NEW) 217.144.235.224 Fastsearch * 64.201.101.4 FavoriteMan (DELETE) 64.5.48.121 FavoriteMan 64.201.100.229 FavoriteMan 66.117.28.130 FavoriteMan/SpyAssault 64.90.160.154 FlashTrack * 209.25.165.14 Flipviewer (NEW) 205.252.89.14 Freescratchandwin.com 216.65.63.139 Friendgreetings.com worm * (W32.Friendgreet.worm) 207.21.232.104 Friendgreetings.com worm * (W32.Friendgreet.worm) 70.85.115.134 GAMsys 204.11.49.146 Googkle (NEW) 209.61.228.23 Huntbar 209.61.228.36 Huntbar 146.82.109.220 Huntbar 65.39.254.75 Hyperlinker (NEW) 205.188.250.25 ICQ/Mirabilis (ads.icq.com must be blocked with DNSKong or HOSTS) 69.56.223.196 IDGsearch 206.161.127.66 CWS.Loadbat/CWS.MSConfd/IE-Search 63.245.50.35 Internet Optimizer 64.156.188.61 Internet Washer 216.110.36.129 IPInsight 65.163.26.130 IPInsight (NEW) 64.40.36.12 ISTBar 69.56.130.21 JetSeeker (CWS.Bootconf variant)(NEW) 207.68.176.189 related.msn.com *** 64.237.61.3 LinkReplacer 69.20.20.161 Look2Me 193.138.228.110 Look2Me (NEW) 69.93.33.145 Maximumsearch 64.40.32.201 Media-Update 66.70.68.147 Mojo 206.252.137.82 Mrfindalot (NEW) 66.40.21.68 MyPageFinder 128.121.212.181 Navexcel 212.100.224.102 Naviscope * 216.157.91.36 Naviscope * 207.182.237.210 Netpal/FavoriteMan 207.182.241.228 Netpal/FavoriteMan 64.201.101.4 Netpal/FavoriteMan 64.12.151.216 Netscape 207.200.82.138 Netscape 62.39.85.25 Netdialers/ComLoad 192.151.53.114 Netropa/(Hewlett-Packard site) * 12.99.231.36 Netropa * 12.98.204.163 Netropa * 209.164.21.84 Netropa * 65.242.156.90 NowBox * 208.186.78.81 1110100011o1window.info/Bulla 63.219.181.10 Online-dialer.com 147.208.175.70 Onflow * 66.212.235.221 Outerinfo (NEW) 66.150.193.104 Outerinfo (NEW) 63.251.135.18 Outerinfo (NEW) 216.52.167.84 Overpro (NEW) 205.236.189.50 PassThisOn * 200.75.201.35 PerMedia 200.75.201.36 PerMedia 68.166.185.186 Phoenix (DNS server, make sure to block port 53 too) 64.94.110.11 PornDirect/various 209.139.209.232 PowerStrip * 81.177.26.25 Proffy209 (NEW) 217.157.14.29 Pugi 208.62.163.145 Pugi/Masterbar 216.187.103.168 Quicknavigate 62.189.244.254 RedSheriff (DELETE) 64.41.169.141 RedSwoosh 65.17.226.156 Remote Approach (NEW) 64.7.93.29 RevenueLoop (NEW) 66.98.178.19 Rfwnad 65.115.110.251 SCbar 216.130.177.139 Search-Explorer 81.211.105.43 SearchCentral 207.44.196.98 Searchsprint * 217.106.229.248 SearchV/Truerecords 216.194.70.15 SearchWWW * 199.221.131.110 ShopatHomeSelect 66.197.138.235 ShopNAV * 216.52.184.237 Side-Search 63.251.83.57 Side-Search 12.158.80.10 SiteFinder 198.64.129.88 SmartBrowser 198.64.149.78 SmartBrowser 81.211.105.26 Smartsearch.ws 195.225.176.76 Smitfraud (NEW) 142.177.129.11 Smitfraud (NEW) 142.177.1.2 Smitfraud (NEW) 196.3.81.5 Smitfraud DNS (NEW) 196.3.81.132 Smitfraud DNS (NEW) 200.44.32.12 Smitfraud DNS & DHCP (NEW) 200.11.248.12 Smitfraud DNS & DHCP (NEW) 64.158.222.3 SupaSeek 66.250.32.148 SuperBari/Gigatech 63.246.130.201 SurferBar 65.254.250.107 Troj/Lineage-AP (NEW) 64.156.188.102 SystemSoap 12.129.72.201 SystemSoap 64.49.255.31 Tibssystems.com 217.145.64.150 Tibssystems.com 66.216.127.40 Tibssystems.com 63.215.149.58 Tinybar * 85.12.45.15 Toolbar888 (NEW) 66.111.63.148 ToolbarCC 69.28.195.198 TopSites * 208.229.231.83 Transponder 63.99.224.57 Transponder (NEW) 66.98.229.16 Transponder/VX2 (NEW) 66.45.225.11 Trj.Conhook (NEW) 202.67.220.235 Trj.Conhook (NEW) 207.203.156.103 Trj.Riler.F (NEW) 202.172.237.137 Trj.Bifrose.E (NEW) 207.44.180.96 TwistedHumor.com * 194.245.101.90 UMaxSearch 64.28.34.138 VFlash * (NEW) 209.51.152.62 VirtualBouncer * 64.49.219.20 VirtualBouncer * 61.151.239.94 W32.HLLP.Philis.I (NEW) * 66.111.59.70 Whazit 63.251.83.40 WhenU/SaveNow * 64.106.167.23 WhenU/SaveNow * 64.106.167.122 WhenU/SaveNow * 64.106.167.223 WhenU/SaveNow * 64.124.186.233 WildTangent * 64.124.186.247 WildTangent * 205.188.246.218 Winamp * 209.66.114.129 Winshow 66.98.154.2 Winupie * 66.109.33.5 Wurldmedia * 65.216.116.114 Wurldmedia * 202.165.102.113 seek.yisou.com * 209.249.147.70 ZeroPopUp * 63.167.94.102 * 82.165.243.146 82.165.252.233 ***NOTICE*** ***NOTICE*** ***NOTICE*** *Items followed by a single asterisk (*) do not have to be filtered by a firewall, since they are either relatively low-risk threats or are very rare. For the most part, these are simple Interner Explorer homepage hijackers; if you don't use IE for normal browsing and run Ad-Aware & SpyBot occasionally, they are of little risk. **May not be complete info Note: For those who MUST access Creative Labs, use the single address here instead of the previous listings. ***If you are not an MSN user, or do not wish to have access to MSN webpages and services, then rather than use the single IP for related.msn.com above, add the following two rules: 207.68.128.0 255.255.192.0 MSN 207.68.192.0 255.255.240.0 MSN *###NOTE: In order to fully block Alexa, create a rule different than those above and in the example. Set Protocol to TCP and UDP, direction to Outbound, and use a Remote Endpoint of 224.0.0.0. For Mask, use 224.0.0.0, and set this to Deny. This will filter Alexa while retaining your ability to use multicast systems, like online radio.### Microsoft Network Mask Name 207.46.0.0 255.255.0.0 Microsoft/Conxion* 207.68.128.0 255.255.128.0 Microsoft/Conxion* 206.204.0.0 255.255.0.0 Microsoft/Conxion* 65.52.0.0 255.252.0.0 Microsoft* 81.52.248.0 255.255.254.0 Microsoft/Akamai 81.52.250.0 255.255.255.128 Microsoft/Akamai 213.35.101.0 255.255.255.0 ConXion/AWS Below are some advertising services affiliated with spyware. The often provide the advertising the spyware uses, and possibly the data collection. Most of these can be effectively blocked with DNSKong without blocking them with your firewall. However, but for those of you who like extra protection, here they are. AOL users particularly need the Akamai filters, though everyone can benefit from using them. Network Mask Advertising service name 63.80.0.0 255.255.255.0 24/7 Media 213.164.31.0 255.255.255.0 ActiveAgent*** 205.234.230.0 255.255.255.0 Adbrite (NEW) 206.169.136.0 255.255.255.0 Adbrite (NEW) 63.208.235.0 255.255.255.0 AdDynamix (possibly Xupiter) 70.42.32.0 255.255.255.0 Adlegend (NEW) 63.251.183.0 255.255.255.0 Adlegend (NEW) 216.52.221.0 255.255.255.0 Adlegend (NEW) 69.25.86.0 255.255.255.0 Adlegend (NEW) 64.14.45.0 255.255.255.0 AdSonar (NEW) 12.159.168.0 255.255.255.0 Advertising.com * 209.125.66.0 255.255.255.0 Advertising.com * 209.225.0.0 255.255.255.0 Advertising.com (Changed mask/moved from below) 207.58.142.0 255.255.255.0 Adwatcher (NEW) 209.50.238.0 255.255.255.0 Adwatcher (NEW) 204.248.36.0 255.255.255.0 Akamai*** 216.200.14.0 255.255.255.0 Akamai*** 209.185.188.0 255.255.255.0 Akamai*** 64.124.157.0 255.255.255.0 Akamai*** 192.232.16.0 255.255.255.0 Akamai*** 4.17.143.0 255.255.255.0 Akamai*** 12.47.217.0 255.255.255.0 Akamai*** 216.32.65.0 255.255.255.0 Akamai*** 64.12.145.0 255.255.255.0 Akamai 205.188.221.0 255.255.255.0 Akamai **** 209.249.123.0 255.255.255.0 Akamai **** 63.111.71.0 255.255.255.0 Akamai **** (NEW) 72.20.104.0 255.255.255.0 AlliedPlanet (NEW) 205.188.165.0 255.255.255.0 AOL Advertising (DELETE) 152.163.208.0 255.255.255.0 AOL Advertising (DELETE) 12.130.60.0 255.255.255.0 Atlas (ATDMT)(NEW) 64.14.42.0 255.255.255.0 AvenueA 216.34.88.0 255.255.255.0 ATLAS (CHANGED NAME) 204.71.191.0 255.255.255.0 bCentral (Microsoft) 208.28.220.0 255.255.255.0 bFast/Befree 216.200.199.0 255.255.255.0 bPath 204.71.61.0 255.255.255.0 Bluestreak*** (CHANGED) 12.130.12.0 255.255.255.0 Bluestreak 70.86.209.0 255.255.255.0 Casalemedia (NEW) 67.15.56.0 255.255.255.0 Casalemedia (NEW) 64.14.68.0 255.255.255.0 Casalemedia (NEW) 67.139.254.0 255.255.255.0 Clickbank (NEW) 64.128.87.0 255.255.255.0 Clickbank (NEW) 63.117.23.0 255.255.255.0 Direct Response (NEW) 208.184.29.0 255.255.255.0 DoubleClick 208.211.225.0 255.255.255.0 DoubleClick 205.138.3.0 255.255.255.0 DoubleClick 204.176.177.0 255.255.255.0 DoubleClick 206.65.183.0 255.255.255.0 DoubleClick 209.67.38.0 255.255.255.0 DoubleClick 199.95.210.0 255.255.255.0 DoubleClick 208.32.211.0 255.255.255.0 DoubleClick 208.10.202.0 255.255.255.0 DoubleClick 63.160.54.0 255.255.255.0 DoubleClick 63.166.98.0 255.255.255.0 DoubleClick 63.168.198.0 255.255.255.0 DoubleClick 63.85.84.0 255.255.255.0 DoubleClick 65.192.164.0 255.255.255.0 DoubleClick 208.203.243.0 255.255.255.0 DoubleClick 64.213.215.0 255.255.255.0 DoubleClick 208.228.86.0 255.255.255.0 DoubleClick 205.150.6.0 255.255.255.0 DoubleClick 209.167.19.0 255.255.255.0 DoubleClick 209.167.79.0 255.255.255.0 DoubleClick 209.167.4.0 255.255.255.0 DoubleClick 64.240.160.0 255.255.255.0 DoubleClick 128.11.92.0 255.255.255.0 DoubleClick 65.205.8.0 255.255.255.0 Doubleclick 216.254.155.0 255.255.255.0 Doubleclick 65.216.78.0 255.255.255.0 Doubleclick 209.247.153.0 255.255.255.0 Doubleclick 69.22.144.0 255.255.255.0 DVLABS 205.177.123.0 255.255.255.0 DVLABS * 205.180.85.0 255.255.255.0 Fastclick 63.251.26.0 255.255.255.0 Findwhat.com (NEW) 64.41.153.0 255.255.255.0 ImagineMedia 63.251.23.0 255.255.255.0 InsightExpress (NEW) 209.244.156.0 255.255.255.0 InsightExpress (NEW) 76.9.1.0 255.255.255.0 InsightExpress (NEW) 209.190.85.0 255.255.255.0 Isgreat (NEW) 63.215.73.0 255.255.255.0 Rightmedia/Intermix Media (NEW) 64.154.128.0 255.255.255.0 Rightmedia/Intermix Media (NEW) 216.35.71.0 255.255.255.0 LinkSynergy 63.123.248.0 255.255.255.0 LinkShare/LinkSynergy 66.232.98.0 255.255.255.0 LiquidMedia (NEW) 82.165.179.0 255.255.255.0 LiquidMedia (NEW) 64.70.10.0 255.255.255.0 Mediaplex (NEW) 64.158.223.0 255.255.255.0 Mediaplex (NEW) 63.215.202.0 255.255.255.0 Mediaplex (NEW) 208.152.90.0 255.255.255.0 Mediaplex 64.70.54.0 255.255.255.0 Mediaplex (was Webtrends) 202.67.197.0 255.255.255.0 Meta4 (NEW) 66.151.244.0 255.255.255.0 Omniture (NEW) 216.52.17.0 255.255.255.0 Omniture (NEW) 209.213.215.0 255.255.255.0 Omniture (NEW) 216.194.125.0 255.255.255.0 Omniture (NEW) 66.150.208.0 255.255.255.0 Omniture (NEW) 66.151.152.0 255.255.255.0 Omniture (NEW) 128.241.21.0 255.255.255.0 Omniture (NEW) 63.163.102.0 255.255.255.0 Overture (NEW) 64.209.232.0 255.255.255.0 Overture (NEW) 217.146.185.0 255.255.255.0 Overture (NEW) 216.39.104.0 255.255.255.0 Overture (NEW) 72.30.190.0 255.255.255.0 Overture (NEW) 66.216.104.0 255.255.255.0 Pointroll 66.250.128.0 255.255.255.0 PremiereInnovations 4.71.104.0 255.255.255.0 Questionmarket (NEW) 12.130.81.0 255.255.255.0 Questionmarket (NEW) 204.2.184.0 255.255.255.0 SNAP (NEW) 194.67.35.0 255.255.255.0 Spylog (NEW) 65.216.119.0 255.255.255.0 TrafficMP (NEW) 65.216.123.0 255.255.255.0 TrafficMP (NEW) 4.78.48.0 255.255.255.0 TrafficMP (NEW) 63.211.210.0 255.255.255.0 VibrantMedia (was X10) 81.19.48.0 255.255.255.0 VibrantMedia (NEW) 205.246.203.0 255.255.255.0 WebPower (NEW) 63.236.111.0 255.255.255.0 Webtrends (NEW) 65.219.170.0 255.255.255.0 Webtrends (NEW)* 208.223.102.0 255.255.255.0 Webtrends (NEW)* 65.222.200.0 255.255.255.0 Webtrends (NEW)* 65.200.104.0 255.255.255.0 Webtrends (NEW)* 63.169.148.0 255.255.255.0 Webtrends (NEW)* 65.201.90.0 255.255.255.0 Webtrends (NEW)* ! Indicates that blocking this network of extra special importance; the blocking of other Doublelicks can be adequately handled by DNSKong. *Only included for completeness; presents no threat. ###NOTE: pay attention here. The Networks and Masks will be different from here on out### 209.225.14.0 255.255.255.128 24/7 Media/BargainBuddy 64.58.80.0 255.255.254.0 24/7 Media (NEW) 64.191.218.0 255.255.254.0 24/7 Media (NEW) 63.97.88.0 255.255.255.224 24/7 Media (?) 209.225.3.0 255.255.255.192 24/7 Media 209.225.31.192 255.255.255.192 24/7 Media 209.225.32.0 255.255.255.192 24/7 Media 208.45.17.168 255.255.255.248 24/7 Media (NEW) *** 63.89.155.128 255.255.255.248 24/7 Media (NEW) *** 63.104.55.80 255.255.255.240 24/7 Media (NEW) *** 208.45.17.88 255.255.255.248 24/7 Media (NEW) *** 216.151.127.128 255.255.255.128 Ad-Flow 66.35.208.0 255.255.255.224 Adrevolver (NEW) 209.225.4.64 255.255.255.224 Advertising.com * 209.225.6.64 255.255.255.224 Advertising.com * 209.225.6.160 255.255.255.224 Advertising.com * 209.225.11.224 255.255.255.224 Advertising.com * 209.225.34.96 255.255.255.224 Advertising.com * 216.216.185.64 255.255.255.192 Advertising.com * 209.19.58.128 255.255.255.192 Advertising.com * 216.216.185.176 255.255.255.248 Advertising.com * 216.217.205.128 255.255.255.192 Advertising.com * 209.125.46.184 255.255.255.248 Advertising.com * 216.216.1.32 255.255.255.224 Advertising.com * 12.46.228.104 255.255.255.248 Advertising.com * 12.46.228.224 255.255.255.248 Advertising.com * 12.159.166.224 255.255.255.224 Advertising.com * 209.218.102.0 255.255.255.128 Advertising.com * 12.47.49.96 255.255.255.192 Advertising.com * 12.25.215.184 255.255.255.248 Advertising.com * 12.149.141.96 255.255.255.240 Advertising.com * 216.217.99.192 255.255.255.192 Advertising.com * 12.107.180.0 255.255.252.0 Adwatcher (NEW) 204.178.107.224 255.255.255.224 Akamai*** 204.176.192.0 255.255.192.0 Akamai*** 213.161.66.128 255.255.255.128 Akamai*** 216.32.60.128 255.255.255.128 Akamai*** 216.32.170.192 255.255.255.192 Akamai*** 216.37.32.32 255.255.255.224 Akamai*** 204.178.123.32 255.255.255.224 Akamai*** (CHANGED mask) 204.178.110.0 255.255.255.128 Akamai*** 24.200.251.0 255.255.255.128 Akamai*** 204.178.123.128 255.255.255.192 Akamai*** 63.241.29.128 255.255.255.128 Akamai*** & ** 65.163.234.0 255.255.254.0 Akamai*** & ** 63.240.144.0 255.255.255.128 Akamai*** & ** 64.12.174.57 255.255.255.63 AOL Advertising ***** 205.188.165.57 255.255.255.63 AOL Advertising ***** 152.163.208.57 255.255.255.63 AOL Advertising ***** 216.39.69.64 255.255.255.192 Atlas (ATDMT) 216.74.132.0 255.255.255.224 Atlas (ATDMT) 64.157.224.0 255.255.252.0 Avantgo 216.39.68.32 255.255.255.224 AvenueA 66.207.130.0 255.255.254.0 bFast (CHANGED mask) 70.87.0.0 255.255.255.128 Casalemedia (NEW) 67.19.0.192 255.255.255.192 Casalemedia (NEW) 70.86.0.112 255.255.255.240 Casalemedia (NEW) 168.75.65.72 255.255.255.240 Contextweb (NEW) 207.246.105.0 255.255.255.224 Disk11/Transponder/VX2 216.73.80.0 255.255.224.0 Doubleclick (NEW) 63.84.167.64 255.255.255.192 DoubleClick 204.253.104.0 255.255.254.0 DoubleClick 204.176.152.248 255.255.255.248 DoubleClick x 204.178.112.160 255.255.255.240 DoubleClick x 206.65.181.96 255.255.255.240 DoubleClick x (changed mask) 206.65.181.104 255.255.255.248 DoubleClick x 65.167.64.0 255.255.252.0 DoubleClick 128.11.60.64 255.255.255.192 DoubleClick 146.82.220.0 255.255.254.0 DoubleClick 198.31.62.0 255.255.254.0 DoubleClick 216.230.65.64 255.255.255.240 DoubleClick x 64.170.65.168 255.255.255.248 DoubleClick x 66.120.65.224 255.255.255.240 DoubleClick x 209.47.139.128 255.255.255.192 DoubleClick x 209.167.192.160 255.255.255.240 DoubleClick x 216.94.125.64 255.255.255.240 DoubleClick x 209.167.94.224 255.255.255.224 DoubleClick 205.150.79.64 255.255.255.192 DoubleClick 205.150.79.128 255.255.255.192 DoubleClick 209.167.133.224 255.255.255.248 DoubleClick x 64.240.193.64 255.255.255.192 DoubleClick 199.95.206.0 255.255.254.0 DoubleClick 199.95.208.0 255.255.254.0 DoubleClick 64.124.17.160 255.255.255.224 Doubleclick x 209.62.176.0 255.255.240.0 Doubleclick (CHANGED MASK) 216.73.80.0 255.255.224.0 Doubleclick 208.187.80.0 255.255.254.0 Doubleclick (NEW) 69.31.4.0 255.255.252.0 DVLABS (NEW) 209.67.27.0 255.255.255.224 Dynamic Logic (NEW) :209.67.16.0 255.255.255.192 Dynamic Logic (NEW) 209.75.20.0 255.255.252.0 Hitbox (NEW) 64.154.80.0 255.255.252.0 Hitbox (CHANGED) 216.241.32.0 255.255.224.0 Hypermall 206.57.18.0 255.255.254.0 ImagineMedia (NEW) 63.215.72.0 255.255.252.0 Intermix Media (NEW) 208.185.211.64 255.255.255.224 Kontera (NEW) 64.124.204.224 255.255.255.224 Kontera (NEW) 206.65.169.151 (single IP) LiveAdvert 216.35.71.64 255.255.255.192 LinkSynergy (various spyware) *** 216.216.237.192 255.255.255.192 LinkSynergy 63.87.230.72 255.255.255.248 LinkShare/LinkSynergy 216.34.209.0 255.255.255.224 Mediaplex 64.210.7.168 255.255.255.248 Mediaplex 66.151.146.192 255.255.255.224 Omniture (NEW) 66.250.168.0 255.255.254.0 OnAdSolutions (Transponder/VX2) 216.34.77.0 255.255.255.128 Overture (NEW) 61.213.167.128 255.255.255.128 Overture (NEW) 202.43.202.0 255.255.255.128 Overture (NEW) 65.216.116.114 (single IP) Pointroll Advertising 208.67.64.0 255.255.248.0 Rightmedia (NEW) 204.102.114.0 255.255.255.128 Rightmedia (NEW) 66.28.237.160 255.255.255.248 Santa Monica Networks 216.130.214.64 255.255.255.224 Smartpops 80.67.72.192 255.255.255.192 Tacoda (DELETE) 69.7.234.192 255.255.255.224 Tacoda (NEW) 66.201.203.128 255.255.255.128 Targetnet (NEW) 66.77.183.128 255.255.255.128 Targetnet (NEW) 209.132.97.160 255.255.255.248 Track-Star x 209.132.99.128 255.255.255.192 Track-Star x 64.125.98.0 255.255.254.0 TradeNews (NEW) x 204.11.108.0 255.255.252.0 Tribalfusion (NEW) 206.230.232.32 255.255.255.224 Utopiad/Mesia (CHANGED) 63.251.83.40 (single IP) Utopiad/Iemerge 205.147.80.0 255.255.240.0 VibrantMedia (NEW) 63.88.212.0 255.255.254.0 WebTrends *Especially strongly advised for Opera users **May cause problems for AOL users. Delete this rule if you experience problems. ***Best blocked using DNSKong. ****This range contains many common web content services, both used by spyware and for legitimate purposes. Remove if you wish. *****Use this only if you access AOL via a web browser; it will not work if you use AOL's own software to access your account. ###NOTE: below are single IP addresses. Instead of selecting Network/Mask (as you would have in step 10, above) select Single IP.### 64.246.10.188 AdRoar 216.12.215.30 AdRoar 216.40.201.16 AdRoar 216.40.213.21 AdRoar 216.200.199.0 bfast/hyperbanner A few others recommended that you block - these are really not that significant: 224.0.0.0 to 255.255.255.254 (you may need to use your firewalls' Network/Range function if it has one. Do not get too worked up if you can't figure out how to use this one.) 10.0.0.0 Use a Mask of 255.0.0.0 172.16.0.0 Use a Mask of 255.240.0.0 192.0.0.0 Use a Mask of 255.255.0.0 169.254.0.0 Use a Mask of 255.255.0.0 *Do not use if you are on MSN. If you need to access Microsoft's website (which should be avoided if possible), temporarily deactivate the filters by going into the firewall and unchecking these rules on the list. Don't forget to re-check them once you are done. IT IS STRONGLY RECOMMENDED THAT YOU BLOCK ALL FOUR MICROSOFT BLOCKS. All versions of Windows phone home, and blocking this may be the most important safety/privacy precaution you can take. Other Sites Other services you may want to consider blocking with your firewall (mainly for corporate users and users with children; blocks inappropriate sites, sites often hosted by spam, etc.): 64.157.0.0 255.255.252.0 Neucom, Inc. 64.159.64.0 255.255.224.0 Neucom, Inc. 64.159.92.0 255.255.252.0 Neucom, Inc. Duplicate of EZCyberSearch/Neucom rule above 66.230.192.0 255.255.192.0 Neucom, Inc. 64.157.8.0 255.255.240.0 Neucom, Inc. 64.158.28.0 255.255.252.0 Neucom, Inc. 67.29.164.0 255.255.255.0 Neucom, Inc. 64.158.164.0 255.255.252.0 Neucom, Inc. 64.158.76.0 255.255.252.0 Neucom, Inc. 66.230.192.0 255.255.248.0 Neucom, Inc. 66.230.224.0 255.255.255.240 Neucom, Inc. This is where ezCyberSearch runs off as well as parts of Xupiter. It is a haven of spam, spyware, adult, gambling, viagra and get-rich-quick sites as well as redirectors to them, perhaps the largest on the Internet. If you want to disable access to these sites as well, do not use the ezCyberSearch.com filter above, use all the filters listed above. Runs off of Level3. (Note last 6 addresses courtesy of Spamhaus' SBL. To learn more about Level3 and its extreme contribution to the spam problem, visit http://www.spamhaus.org/sbl/listings.lasso?isp=level3.net&-nothing=Search). Note: There is also a netblock of 66.230.192.0 netblock should use a mask of 19. However, it has been reported that this also blocks a number of popular websites, including Wikipedia.org, which runs on 66.230.200.0/24. Because this filter list is used to automatically update network firewalls, proxies, and IDS', it has become necessary to partially remove this filter, pending further review. 64.38.192.0 255.255.192.0 CaveCreek 128.242.201.16 255.255.255.248 CaveCreek Numerous adult websites advertised by spam. Credit card billing service, ccbill.com, very popular with spammers, whether they are hosted by CaveCreek or with outside services. It is also recommended, if you are an ISP, that you filter all traffic to and from this service. Runs off of Level3. 209.132.192.0 255.255.248.0 Whitehorn Ventures/Nettaxi 209.132.236.0 255.255.255.192 Spice TV 209.132.254.0 255.255.254.0 Vivid Video 209.132.225.0 255.255.254.0 Nettaxi Numerous adult websites, also numerous spyware-related services, namely Internetfuel/Netbroadcaster/Fordale Ltd./StreamMagic. If you are willing to tolerate the blocking of a few "innocent" sites, then you can just block 209.132.192.0 and use a mask of 255.255.192.0. You might be able to delete rules in the previous lists which block traffic to and from 209.132.x.x. 209.50.251.0 255.255.255.0 PassThisOn/SmartBotPro 198.31.211.64 255.255.255.128 PassThisOn/SmartBotPro 209.223.213.128 255.255.255.192 SmartBotPro 216.218.1.32 255.255.255.240 SmartBotPro 205.236.189.50 (single IP, block TCP traffic only) 209.50.251.164 (single IP, block TCP traffic only) (NEW) Service owned by Sanford Wallace, the "King of Spam". Numerous, perhaps hundreds, of mail servers traced to this service. Almost all mail servers appear to be SMTP or sending servers (mail1.smartbotpro.net, mail2.smartbot.net...mail46.smartbot.net, etc.) ISPs and corporations are advised to monitor their spam origins, if they can be traced. 216.231.108.0 255.255.255.0 TTSG 216.231.104.0 255.255.255.0 TTSG While investigating the eAnthology/eAcceleration spyware, I found some interesting info. The first block is already covered by eAcceleration filter on the lists above. This netblock also appears to contain a lot of adult sites. The second listing here blocks more than the other eAcceleration filters in the general spyware lists above. This is preferable to the general spyware filter above, so use this. Upper few addresses are sites of schools, which is why I simply did not block the whole thing, which is 216.231.96.0/19. 216.65.29.0 255.255.255.0 InfoAge Marketing, Intl. 66.40.37.0 255.255.255.0 InfoAge Marketing, Intl./JupiterTech Runs a large number of PNS sites. 64.14.44.0 255.255.255.0 Soboito Investments, Ltd. Runs a large number of PNS sites. 209.185.12.32 255.255.255.224 Conru Interactive Runs a "personal" service called FriendFinder and AdultFriend Finder. They have been known to advertise through spam and, by some reports, by spyware. This is already on the spyware list. 198.65.163.0 255.255.255.0 SplitFinity 168.143.112.0 255.255.248.0 SplitFinity 130.94.132.0 255.255.192.0 SplitFinity Major PNS hosting service. 216.15.128.0 255.255.128.0 CyberCon Major PNS hosting service running off of Level3. 216.131.64.0 255.255.192.0 California/OakWeb Major PNS hosting service. Apparently a few "innocent" sites hosted here too. 216.32.208.0 255.255.255.0 Cities Another PNS hosting service. 209.40.96.0 255.255.224.0 CoveSoft Long-time PNS. 216.219.40.0 255.255.252.0 Ayayai 200.24.128.0 255.255.255.0 Ayayai Major email spam service based in Panama. 205.246.203.0 255.255.255.0 WebPower (myIfriends.com) PNS service. 66.154.0.0 255.255.192.0 CP Cyber Wurx 66.154.64.0 255.255.240.0 CP Cyber Wurx Gigantic adult service. Unfortunately, there appear to be a few "innocent" sites in here. All inappropriate sites reside from 66.154.0.0 to 66.154.79.255; that is, 66.154.80.0 to 66.154.95.255 appear to be "clean". 65.168.50.0 255.255.255.0 Impulse Marketing Group Spams mainly Viagra. 66.115.128.0 255.255.224.0 National-Net 66.115.160.0 255.255.252.0 National-Net 66.115.165.0 255.255.255.0 National-Net Major PNS service. This company also hosts Lop.com/C2Media, VFlash/Nowbox, and Invisible spyware. If you feel comfortable blocking what possibly may be some legitimate sites, use 66.115.128.0 with a mask of 255.255.192.0 instead to block the entire ISP. You can remove the last C2Media/Lop.com rule from the spyware list above as well as some of the VFlash/Nowbox rules. 204.177.92.0 255.255.254.0 LexiTrans 207.17.52.0 255.255.254.0 LexiTrans PNS. 216.100.184.0 255.255.248.0 TriTech 63.207.45.0 255.255.255.224 TriTech Huge PNS and spam-gateway service. Blocking this will block a LOT of unauthorized activity! 200.61.10.0 255.255.255.0 ePromoAds, Inc. Argentinian spam hosting service, possibly also a sender. 63.211.23.0 255.255.255.0 Alan Ralsky Major PNS service 212.72.55.224 255.255.255.224 Webfinity/DynamicPipe 63.211.121.128 255.255.255.224 Webfinity/DynamicPipe 212.187.235.0 255.255.255.128 Webfinity/DynamicPipe 216.130.192.0 255.255.224.0 DynamicPipe 64.106.128.0 255.255.128.0 DynamicPipe Giant adult/gambling/other PNS service. Parts courtesy of Spamhaus' SBL. The last rule covers the Atoque hijacker as well. 66.230.128.0 255.255.224.0 ISPRIME Already in the spyware lists above, as this is a host for many kind of spyware. This is a major PNS service, home to many kinds of spyware and dialers. 146.82.132.0 255.255.252.0 Archer Communications/GlobalCrossing 66.235.128.0 255.255.240.0 Archer Communications PNS service. 66.33.0.0 255.255.128.0 DialtoneInternet 69.0.128.0 255.255.128.0 DialtoneInternet Giant PNS. Their spammers use heavily-tiered ads redirecting through a number of links to reach the spam site. 205.134.160.0 255.255.224.0 American Information Network (AInet) Major PNS. 216.158.128.0 255.255.224.0 Primenetwork 69.42.128.0 255.255.240.0 Primenetwork Major PNS. They appear to be taking spam issues more seriously, but still hosts lots of sites innapropriate to business/family environments. 204.251.10.0 255.255.252.0 Intercosmos Media Group 204.251.2.0 255.255.254.0 Intercosmos Media Group 204.251.14.0 255.255.254.0 Intercosmos Media Group PNS. 64.237.32.0 255.255.224.0 NetTransactions 207.99.82.0 255.255.255.0 Choopa 216.32.200.0 255.255.224.0 Net Transactions Not a high-priority threat. Blocking this is useful to prevent users from using eCommerce sites on company time. 66.40.0.0 255.255.224.0 Maxim Mostly adult, some legitimate stuff. Partially covered by eGroups, IE-Plugin, and CWS filters above. 208.236.105.0 255.255.255.0 Epoch Systems Operates the wnu.com service, a haven for spammers which also appears to be linked to C2Media. 207.44.128.0 255.255.128.0 Everyone's Internet (EV1) A number of spyware and adware sites run off this service, and it provided service to the "home site" of the many trojans. It is sort of the "garbage dump" of the internet, with countless dodgy sites as well as spyware homesites. The one good thing that can be said about EV1 is that they have a fairly responsive abuse department, which is rare these days, and there are a few legitimate sites on here. Still, if you had a firewall that could only filter 10 undesirable networks, this would definitely be one of them. 216.200.2.0 255.255.254.0 Talkway Porn. 65.203.151.0 255.255.255.0 SUN Network A major PNS operating off of MCI/UUnet. The vast majority of spam-porn sites operate as downstreams of either MCI or Level3. 66.228.208.0 255.255.240.0 SWIFT Ventures PNS. 65.208.127.0 255.255.255.0 Ozana Online An MCI PNS. 66.70.0.0 255.255.128.0 Datapipe Gigantic porn/spam/spyware-hosting service. 69.41.224.0 255.255.254.0 ThePlanet 69.56.128.0 255.255.128.0 ThePlanet PNS. An increasing number of parasites use this service, and it is home to a lot of spamvertised sites. There may be some legitimate sites on here. 216.195.32.0 255.255.240.0 APS Telecom A haven for spyware and porn home sites. 216.130.160.0 255.255.224.0 Webair Internet Development Inc. Ditto 205.177.72.0 255.255.252.0 CAIS/Various BitTorrent Filters various bogus BitTorrent search engines that either implant malware, use exploits (incl. Firefox), as well as some search engines that either produce phony results or are disguised to look like legitimate Torrent suppliers. 209.47.169.0 255.255.255.0 Colosseum Online PNS 209.249.27.0 255.255.255.0 Interphase Communications (NEW) 66.199.187.170 255.255.255.254 15X (NEW) Grand Cayman-based ISP that is home to quicknavigate.com and possibly other trojans. This is for DNS only; any DNS requests to these IPs could be indicative of some sort of trouble. Finally, consider using your firewall(s) to block all traffic to and from ports 1214, 6346, and 6699. Using the example above, select TCP and UDP in Step 8. You will get a box asking for ports. Select List of Ports, and add 1214, 6346, and 6699. Now skip to Step 14. Click OK when done. These are used by popular file-sharing programs (1214 is used by KaZaa and Morpheus, 6346 is used by Limewire, and 6699 is used by WinMx.) That will render the programs useless. The newer versions can use non-standard ports to evade firewalls, but most users don't know that and, if that's a problem, consider using IDS and/or policy enforcement software. 67.15.35.0 255.255.255.0 Optical Jungle (NEW) Porn service, and also a haven of cyber-squatting. 72.51.27.0 255.255.255.0 Mediatech Internet (NEW) Cybersquatting service, much like Oingo. 209.59.145.0 255.255.255.0 Site5 (NEW) Cybersquatting service, much like Oingo. 64.14.244.0 255.255.255.0 Namegiant (NEW) Cybersquatting service, much like Oingo. 66.240.173.0 255.255.255.0 Reflex Publishing (NEW) Cybersquatting service. 66.118.136.0 255.255.255.0 Sago Networks (NEW) Cybersquatters/site impersonators. 66.198.36.0 255.255.254.0 Source Investments (NEW) Porn/spam service. 209.67.69.0 255.255.255.192 Dotster/iHoldings (NEW) 64.20.33.0 255.255.255.240 Dotster/iHoldings (NEW) 64.20.32.0 255.255.192.0 Dotster/iHoldings (NEW) Cybersquatting service. The latter address range is a much broader range that covers Interserve, the host service for iHoldings. Many cybersquatting spaces exist on Interserve; I have not observed anything else on this netblock BUT cybersquatters and fake sites. This may well be one of the most important netblocks to filter. 85.255.112.0 255.255.224.0 Inhoster (NEW) Cybersquatting/fake domain names. 64.20.43.0 255.255.255.224 Interserver (NEW) Cybersquatting/site impersonation. 72.51.27.0 255.255.255.0 Nameview Cybersquatting. 66.246.221.160 255.255.255.224 Net Access Corp (NEW) Cybersquatting, search engine poisoning, fake websites. Use domain keywords e.g. a search for Sylvania (the electronics company) will produce websites such as sylvania.77games.com which is a generic garbage-dump portal with ads promoting Sylvania products. 66.199.187.128 255.255.255.128 Name Administration Inc. (NEW) Cybersquatting/portal dumps. STRONGLY RECOMMENDED TO BLOCK! 208.254.3.0 255.255.255.0 Seeq (NEW) Cybersquatting/uses domain name misspellings. 212.227.34.0 255.255.255.0 Sedo (NEW) Cybersquatting/uses domain name misspellings. 63.214.247.0 255.255.255.0 Iland Internet (NEW) Cybersquatting. 209.85.51.0 255.255.255.0 Direct Information (NEW) Note for Address.com users: If Address.com is your ISP, you probably consented to allow them to monitor your surfing activity, so you must abide by your Terms-of-Service. If Address.com was installed for you, or without your consent but you must use it, you may continue to use it as long as you provide a rule in your firewall permitting your computer to talk to 64.152.66.74 and 63.197.20.138. To do this, follow Steps 1-16 in the example, except in Step 10 select "Single IP" and in Step 14, select Permit. It is important that this rule be placed ABOVE the other rules for Address.com. Disclaimer: All the sites, IP ranges, associations, etc. are provided to the best of my knowledge and are based on various traces and linkings by registration information, company affiliations, media reports, and other public resources. No guarantee as to the accuracy of this information is assumed nor is any harm intended toward any corporation(s) or individual(s) on, affected by (directly or indirecly) by the use or misuse of this list. By reading or using this information you agree to release the provider, poster, sender, or author or contributors to this list harmless, as well as any service provider used in the transmision of this list. This information is not intended to be used to violate the Terms of Service or End User Licensing Agreement between you and any vendor, website, or spyware, adware, or advertising manufacturer or their affiliates. Please post corrections, updates, or commentary to comp.security.firewalls or alt.privacy.spyware. Risk assessment is based upon the opinion of the author. Spyware is defined as any program, applet, ActiveX control, Browser Helper Object, or website which transmits data from a client's computer, or a service which meets one or more of the following criteria: 1. Is installed without a user's explicit knowledge or explicit consent. 2. Uploads information without a user's explicit knowledge or explicit consent. 3. Uploads, associates, or appears to or is readily capable of associating uploaded information with personally-identifiable information, such as registration information or data collected from third-party sources, without the user's explicit knowledge or explicit consent. Any software vendor or website on this list may feel free to contact the author at yosponge@yahoo.com