Sucuri Security

Malicious redirections to exploit kits

2012-06-06 by Daniel B. Cid

We talk a lot about sites that get hacked to redirect their users to malicious exploit kits (blackhole, etc). Very often we see encoded javascript and our users ask what they do... Those are some of the URLs we saw just this last week being used by the attackers.

aaasssasssssssasa.myfw.us/?go=2
abcplyjxj.ibiz.cc/?go=2
abdrfdvfgdrvser.lowestprices.at/?go=2
aeryaay2nyusmui7.lowestprices.at/?go=2
afrgbajp.ibiz.cc/d/404.php?go=1
akyjdcfovc.ibiz.cc/d/404.php?go=1
alph3464.no-ip.org/?go=2
amhdhsnjmx.usa.cc/d/404.php?go=1
amsmkxh.ibiz.cc/d/404.php?go=1
aoytzrk.igg.biz/d/404.php?go=1
apdqbnl.igg.biz/d/404.php?go=1
apkdng.xxxy.info/d/404.php?go=1
apmhyocvl.igg.biz/d/404.php?go=1
aprcredits.kwik.to/d/404.php?go=1
areabreytnt.lowestprices.at/?go=2
areahedun.findhere.org/?go=2
arhecug.tld.cc/d/404.php?go=1
arna5237.hopto.org/?go=2
artva3hsyjtis8ss.lowestprices.at/?go=2
aucvpqnebv.tld.cc/d/404.php?go=1
aukqjxs.usa.cc/d/404.php?go=1
avrrrqvrtyunbtgjtrty.lowestprices.at/?go=2
ayuqymox.ibiz.cc/d/404.php?go=1
badfgrcaxww.rr.nu/?go=2
baryaccvbrtvnj.byinter.net/?go=2
bastryavervct.byinter.net/?go=2
bety6uye4v5r6y.lowestprices.at/?go=2
bfbgfdfdfffghgvvbjj.rr.nu/?go=2
bfguzmf.ibiz.cc/d/404.php?go=1
bftvdcrdfgdrvfvcd.kwik.to/?go=2
bgkdgdkww.1dumb.com/d/404.php?go=1
bgqbioyqky.igg.biz/d/404.php?go=1
biseiuhfggf.rr.nu/?go=2
bkzkeypfxy.changeip.name/?go=1
bmfxsfgpbj.ddns.info/?go=2
bnugujngjuhgygjgh.kwik.to/?go=2
brtftghynuiuynbrtvrvfdgg.rr.nu/?go=2
bssjxted.usa.cc/d/404.php?go=1
btrvecydcvb.byinter.net/?go=2
btyinonds.rr.nu/?go=2
buihbqidt.ibiz.cc/d/404.php?go=1
bwtrvwtrvsrvdfb.byinter.net/?go=2
bxwtlawdpz.proxydns.com/d/404.php?go=1
bxwvnyofk.usa.cc/d/404.php?go=1
byeytnsbvhrtbt.byinter.net/?go=2
bytvedcffn.byinter.net/?go=2
bzmechl.igg.biz/?go=2
cdsrcvvy.myredirect.us/?go=2
cdxvuoyo.igg.biz/d/404.php?go=1
cgmzhjthg.igg.biz/d/404.php?go=1
cgyucykhuil.myfw.us/?go=2
chfkidjtybs.findhere.org/?go=2
ckdgmmeo.igg.biz/?go=2
cmlvugtb.ibiz.cc/d/404.php?go=1
cmrumpglb.myfw.us/?go=2
cngyyyucdmtynrt7t.rr.nu/?go=2
cntwshy.bigmoney.biz/?go=2
cpngdayqt.igg.biz/d/404.php?go=1
ctculsq.ibiz.cc/d/404.php?go=1
ctjcykgmmy.byinter.net/?go=2
ctrcvtfgdfc.rr.nu/?go=2
cuybcxizxdied.myredirect.us/?go=2
cxxxcvxccxvcxcxvxcc.findhere.org/?go=2
dddssddddsdsddddd.myfw.us/?go=2
dfgitffjr.igg.biz/?go=2
dfhgodjfg.rr.nu/?go=2
dfmnbvuieiorf.rr.nu/?go=2
dfnmmcvguierfd.rr.nu/?go=2
dgdbqpdvh.igg.biz/d/404.php?go=1
dghmkufdnr.findhere.org/?go=2
dmujkkz.igg.biz/d/404.php?go=1
dnbtvra56byyunyn7.lowestprices.at/?go=2
dpiwixdu.igg.biz/d/404.php?go=1
drihifpug.ibiz.cc/d/404.php?go=1
drjdrdjgyiuu.myfw.us/?go=2
dsyoylhbg.usa.cc/d/404.php?go=1
dtyisysrsrst.lookin.at/?go=2
dtynuyiuoiuyrewq3crth.lowestprices.at/?go=2
dvafaiw.igg.biz/?go=2
dwewphuamf.igg.biz/?go=2
dwpgdtk.igg.biz/d/404.php?go=1
dwrmdybckw.lookin.at/?go=2
ebbye5nez3z2zn5.findhere.org/?go=2
edknvzrqb.ibiz.cc/d/404.php?go=1
eeqmhjjhs.igg.biz/d/404.php?go=1
efehxuwclcj.rr.nu/?go=2
efylnux.usa.cc/?go=2
eksamekxo.myfw.us/?go=2
emjqjkxdur.ddns.ms/d/404.php?go=1
enrymrynzrbytr.myfw.us/?go=2
erateraervacer.myredirect.us/?go=2
erbzydbftfnt.lowestprices.at/?go=2
ertguinodkf.rr.nu/?go=2
eurbynydtybtvy.myfw.us/?go=2
euwqhtspec.dns1.us/d/404.php?go=1
evrtnnruxrnrt.myfw.us/?go=2
ewcjvkiufgv.lowestprices.at/?go=2
eweweeeeweweee.myfw.us/?go=2
eyglwirdba.mynetav.org/d/404.php?go=1
eyksvvuez.ibiz.cc/d/404.php?go=1
f%67j.U%67ly%41s.c%6Fm/b.js?google=4x243
faydplspl.findhere.org/?go=2
fbybldtb.igg.biz/d/404.php?go=1
fdesjhkjjl.lowestprices.at/?go=2
fdgffjhg.myfw.us/?go=2
fdgfjhgyyt.myfw.us/?go=2
fdghdjnbvcr.byinter.net/?go=2
fdgzdfghbs.findhere.org/?go=2
fdsdcjytygui.myfw.us/?go=2
ffymxtbfrb.byinter.net/?go=2
fghmxmzbsxtr.findhere.org/?go=2
fgj.UglyAs.com/b.js?google=4x243
fgxbyninbyacw5v9bg.lowestprices.at/?go=2
fiudertjkfjgf.rr.nu/?go=2
fjljzl.xxuz.com/d/404.php?go=1
fmhjxgxn.ibiz.cc/d/404.php?go=1
fmhotwneiv.ibiz.cc/d/404.php?go=1
fncnkvqiuo.ikwb.com/d/404.php?go=1
fnwcmrnh.usa.cc/?go=2
fqmhypjfv.ibiz.cc/?go=2
fsbbihiwm.igg.biz/?go=2
ftbhstrrrrrrvtjyun4kk.lowestprices.at/?go=2
ftyktrtukghui.myfw.us/?go=2
fugqhewma.igg.biz/d/404.php?go=1
fxqkcicgp.kwik.to/?go=2
fyuidnysutms.kwik.to/?go=2
fyvmnfvb.ibiz.cc/?go=2
fzdzyrhysr.byinter.net/?go=2
gcyyaniw.tld.cc/d/404.php?go=1
gfdjhljkjb.myfw.us/?go=2
gfdxtcfvb.myredirect.us/?go=2
gfhmgvjhb.myfw.us/?go=2
ghceswze.dns05.com/d/404.php?go=1
ghdmghjdnx.findhere.org/?go=2
gjboeqpgly.usa.cc/d/404.php?go=1
gjxmrxfm.ibiz.cc/d/404.php?go=1
gnxnyubrzytuy.lowestprices.at/?go=2
grcdyctkfb.myfw.us/?go=2
grcvjuykini.byinter.net/?go=2
grllqdvv.igg.biz/d/404.php?go=1
gwvrteyrvf.byinter.net/?go=2
gxdtrdcv.myfw.us/?go=2
gxsiwmxki.usa.cc/d/404.php?go=1
gxswmxew.ibiz.cc/d/404.php?go=1
gyxrbktsj.igg.biz/d/404.php?go=1
hbdfvtfhhgjwrrtvytsw.kwik.to/?go=2
hemfnlqvit.igg.biz/d/404.php?go=1
hfcuytfkuby.myfw.us/?go=2
hfgcfweryer.findhere.org/?go=2
hgcnhfghj.lowestprices.at/?go=2
hgfdxhfcf.myredirect.us/?go=2
hhcenlq.igg.biz/d/404.php?go=1
higmkxgail.myfw.us/?go=2
hiolafr.usa.cc/d/404.php?go=1
hjgjxgfkjl.myfw.us/?go=2
hjkllllhhggggfffvvbbbn.findhere.org/?go=2
hqwkmqcw.igg.biz/d/404.php?go=1
hsbfvtrcdf.byinter.net/?go=2
hsdiljzff.igg.biz/?go=2
htdxtsth.myfw.us/?go=2
htrxcytvfmhg.lowestprices.at/?go=2
htupjnh.usa.cc/d/404.php?go=1
hvajsve.usa.cc/d/404.php?go=1
hxzwrfupqejv.ontheweb.nu/?go=2
hygviybg.myredirect.us/?go=2
ibeshqlc.usa.cc/d/404.php?go=1
ifagxfzl.ibiz.cc/?go=2
ifpbvcjfg.toythieves.com/d/404.php?go=1
igyryiplgve.findhere.org/?go=2
ihhqeabdsp.igg.biz/d/404.php?go=1
ijbctmcec.tld.cc/d/404.php?go=1
ilnliuikouiknjihk.kwik.to/?go=2
impiofkl.usa.cc/d/404.php?go=1
inthlbkehg.tld.cc/d/404.php?go=1
ionswxedsw.igg.biz/d/404.php?go=1
ipdgzjho.igg.biz/d/404.php?go=1
isphrnj.ibiz.cc/?go=2
isytayms.dyndnst.info/?go=2
itimihqrqa.ns01.biz/d/404.php?go=1
itunesg.ibiz.cc/?go=2
iweayvuav.igg.biz/?go=2
ixfnzhz.tld.cc/d/404.php?go=1
izcqqhfrgu.tld.cc/d/404.php?go=1
jcyatwzs.igg.biz/d/404.php?go=1
jdeqeyay.igg.biz/d/404.php?go=1
jent2207.myvnc.com/?go=2
jfgwryykjgf.findhere.org/?go=2
jfhtsfvvfghr.findhere.org/?go=2
jjjllaf.igg.biz/?go=2
jkhgcxdjl.myfw.us/?go=2
jmcbhjuv.usa.cc/d/404.php?go=1
jocxqfdgl.moneyhome.biz/d/404.php?go=1
jqtgdbdd.igg.biz/d/404.php?go=1
jrqnlzqy.usa.cc/?go=2
jsulftmiuw.igg.biz/d/404.php?go=1
jurtdfghtew.findhere.org/?go=2
jvqoovjxxq.igg.biz/d/404.php?go=1
jwtaqhw.ibiz.cc/d/404.php?go=1
jxdfggbfrhf.findhere.org/?go=2
jxsgnvxfg.findhere.org/?go=2
jygvfjhgjhjk.byinter.net/?go=2
jyhtgxycg.myfw.us/?go=2
jysresgfcb.byinter.net/?go=2
kchojcd.ibiz.cc/d/404.php?go=1
kgpoqamori.igg.biz/d/404.php?go=1
kgscnhzeb.igg.biz/d/404.php?go=1
khapgtil.ibiz.cc/d/404.php?go=1
kksnisqtj.tld.cc/d/404.php?go=1
klvrxsys.1dumb.com/d/404.php?go=1
kmurquryp.igg.biz/?go=2
knvflrl.ibiz.cc/?go=2
kpkdkuhrvd.usa.cc/d/404.php?go=1
ksfiolq.ibiz.cc/?go=2
ktntwxcy.usa.cc/?go=2
kubgfghzy.igg.biz/?go=2
kukchvgjh.myfw.us/?go=2
kuyicutdtvrfh.byinter.net/?go=2
kuyyctrdtfybgh.myfw.us/?go=2
kyubdyyyb.lookin.at/?go=2
kznfykfj.1dumb.com/d/404.php?go=1
lahkfbswvx.igg.biz/d/404.php?go=1
lbxdmes.usa.cc/?go=2
lczkbeujxf.kwik.to/?go=2
ldsysgcaix.igg.biz/d/404.php?go=1
ldwosuep.ibiz.cc/d/404.php?go=1
lioerpcbi.myfw.us/?go=2
lnfkwqcdj.findhere.org/?go=2
lnnpcsttih.findhere.org/?go=2
lnxnib.zyns.com/?go=2
lturvqaq.ibiz.cc/d/404.php?go=1
managemented123.usa.cc/d/404.php?go=1
maxqvjifc.usa.cc/d/404.php?go=1
mcpivmu.igg.biz/d/404.php?go=1
mcrbhdlfwb.usa.cc/d/404.php?go=1
mcxfvqntr.igg.biz/d/404.php?go=1
mdin7tuity.kwik.to/?go=2
meyevbbsa.usa.cc/d/404.php?go=1
mfundghbhhxfbty3nxd.rr.nu/?go=2
mhoqccnlag.ibiz.cc/?go=2
mjqrpybpkn.ontheweb.nu/?go=2
mkulorefj.igg.biz/d/404.php?go=1
mmnvvipxm.igg.biz/d/404.php?go=1
mnhgfcyvtvb.myredirect.us/?go=2
molycribf.usa.cc/d/404.php?go=1
mouzyyza.myftp.name/d/404.php?go=1
movnxnwh.igg.biz/d/404.php?go=1
mpnnythpdxt.kwik.to/?go=2
mqvtrt.got-game.org/?go=2
mqyenu.dns05.com/d/404.php?go=1
mr8o067nrtrvr.myfw.us/?go=2
mremfzlt.igg.biz/d/404.php?go=1
msr5bumdtbcg5nebr.findhere.org/?go=2
mtyndtyudnzst6ymu87u.rr.nu/?go=2
mxngnfbfgg.kwik.to/?go=2
mxnjnwvbad.lookin.at/?go=2
mytindbfxxt.lowestprices.at/?go=2
nbnvnvvbvbvvvbnvvbnvnb.findhere.org/?go=2
nbtdyurnbtdy.lowestprices.at/?go=2
ndbussg.rr.nu/?go=2
ndqrpmr.igg.biz/?go=2
ndrttev4btrytn.ontheweb.nu/?go=2
ndttbyy5ntyn87n.lowestprices.at/?go=2
ndtwr567nkyur7y.lowestprices.at/?go=2
ndytnibterbtyqvj654.lowestprices.at/?go=2
ne56b7n8nuybytb.lowestprices.at/?go=2
nelzhbv.qhigh.com/d/404.php?go=1
netyjw55q6u.myfw.us/?go=2
nfeqrhe.usa.cc/?go=2
ngbfbgnbjkcjhnbty5.rr.nu/?go=2
ngfytrtu.myfw.us/?go=2
nhthzkwhu.ibiz.cc/?go=2
nird56tybun.lowestprices.at/?go=2
niyaimuns.igg.biz/d/404.php?go=1
niyqbxwenz.ibiz.cc/d/404.php?go=1
njphwkb.ibiz.cc/d/404.php?go=1
njuyiulbtobt.rr.nu/?go=2
nklxaeum.usa.cc/?go=2
nmmnvqtyp.ibiz.cc/d/404.php?go=1
nmwakcu.itsaol.com/d/404.php?go=1
nmxbrjst.freetcp.com/d/404.php?go=1
nnpfucpvtf.tld.cc/d/404.php?go=1
nstrbusrvae.lookin.at/?go=2
ntdyubxrtuutt.myfw.us/?go=2
ntdyuemn565ntyne.lowestprices.at/?go=2
ntgdtwpq.ns1.name/d/404.php?go=1
ntxtnrnnnntbevdr5y.findhere.org/?go=2
ntydstrnbstbbr.lookin.at/?go=2
nuprhvper.tld.cc/d/404.php?go=1
nvxcvjwzk.ibiz.cc/d/404.php?go=1
nwfufzawwsn.findhere.org/?go=2
nxfbfxgyxjnft.byinter.net/?go=2
nymfiultrnb65ert.lowestprices.at/?go=2
nysbrtyjdjntytdrj7yn.rr.nu/?go=2
nytndbssyrtkjuykiryu7.rr.nu/?go=2
nytubdtynsb.lookin.at/?go=2
nzerynzbrnnt666.myfw.us/?go=2
nzvnrovc.igg.biz/d/404.php?go=1
oaijvhw.igg.biz/?go=2
ocafqqsgcz.usa.cc/d/404.php?go=1
ocapyaj.ibiz.cc/?go=2
odzyzjyyi.rr.nu/?go=2
oemiflwymu.igg.biz/d/404.php?go=1
ofhnhiunuby.findhere.org/?go=2
ofjqucwku.ibiz.cc/d/404.php?go=1
ogfazhv.2waky.com/d/404.php?go=1
oibmugez.igg.biz/d/404.php?go=1
ok56gpnu99o.ce.ms/i.php?go=1
olnlueg.igg.biz/d/404.php?go=1
onfszvzfgnh.findhere.org/?go=2
oooppoooopopoo.myfw.us/?go=2
orla8631.myvnc.com/?go=2
orpdvovqpya.kwik.to/?go=2
otsiwakbbic.lookin.at/?go=2
ovczsiob.ibiz.cc/d/404.php?go=1
pamajmc.ibiz.cc/d/404.php?go=1
pduullvgyq.usa.cc/d/404.php?go=1
petyxbyeff.findhere.org/?go=2
pfugkrt.sixth.biz/d/404.php?go=1
pggjwuefsz.tld.cc/d/404.php?go=1
phairthcph.igg.biz/d/404.php?go=1
pirdppqqgh.youdontcare.com/?go=1
piuyvdredh.myfw.us/?go=2
popohgjgfdsre.lowestprices.at/?go=2
pufvepwsih.mynumber.org/d/404.php?go=1
pvpafdf.wikaba.com/?go=1
pwfoqrywto.dns1.us/i/i.php?go=1
pzpmsuov.tld.cc/d/404.php?go=1
pzyvxip.organiccrap.com/?go=2
qanystvhc.ibiz.cc/d/404.php?go=1
qerhkbdimoitvd5t.lowestprices.at/?go=2
qhpqtctciu.serveuser.com/d/404.php?go=1
qivtnqqxjnp.myfw.us/?go=2
qjfngeyij.youdontcare.com/d/404.php?go=1
qjjcafhy.tld.cc/d/404.php?go=1
qmptsbnjd.ibiz.cc/d/404.php?go=1
qnanrttdbj.lookin.at/?go=2
qnpixhly.igg.biz/d/404.php?go=1
qqfwyig.tld.cc/d/404.php?go=1
qqhtedw.ddns.info/i/i.php?go=1
qvawkcfcf.ibiz.cc/d/404.php?go=1
qwerppitrty.findhere.org/?go=2
qyjkiuopo.myfw.us/?go=2
qyqjnvmau.dyndnst.info/?go=2
r6vgetyfvf.byinter.net/?go=2
rbiunhdfklgfkl.rr.nu/?go=2
rbytjetbyvert.myfw.us/?go=2
reererrerereeeeeeeeetttg.findhere.org/?go=2
rhtbjgw.ibiz.cc/?go=2
rhtxfccdij.usa.cc/?go=2
rjnotxs.igg.biz/d/404.php?go=1
rjytkixbfjxkk.myfw.us/?go=2
rkoidbyobh.ibiz.cc/d/404.php?go=1
rmszsbqanuitrnt5.findhere.org/?go=2
rntbrtbxfggby.lowestprices.at/?go=2
rozadyqa.ibiz.cc/?go=2
rpwrxclxj.ibiz.cc/d/404.php?go=1
rqerjgezr.igg.biz/?go=2
rsbtyhrstyybrrtb2.lowestprices.at/?go=2
rsetvonmph.ibiz.cc/d/404.php?go=1
rtiuofgjdjfhkfgg.myredirect.us/?go=2
rtnssb5av3ybz.findhere.org/?go=2
rtyyujymdsrr.findhere.org/?go=2
runiytdtb.findhere.org/?go=2
rxtnusrbsvaerby.lowestprices.at/?go=2
ryeyymburbyr.myredirect.us/?go=2
sadjgkhiudfhg.byinter.net/?go=2
sakuhnsdcfjh.byinter.net/?go=2
sawrtdlsf.ibiz.cc/d/404.php?go=1
sbrtyvabyrr.lookin.at/?go=2
sbrvtctaxert.byinter.net/?go=2
scecsdfxersrecsfd.kwik.to/?go=2
sdbwrrrim.etowns.org/?go=2
sdfghbhevbsc.byinter.net/?go=2
sdidiobnjfhfk.myredirect.us/?go=2
sduhfwbeh.byinter.net/?go=2
sdvarfvgd.findhere.org/?go=2
seoyaaoad.igg.biz/d/404.php?go=1
siyaxrba.igg.biz/d/404.php?go=1
skpyirkxx.dynamic-dns.net/d/404.php?go=1
snavraetyrstvervg.lowestprices.at/?go=2
soisuthjkxjcbn.myredirect.us/?go=2
srtbhvsrbshfxb.byinter.net/?go=2
svaverbxrrtyvt.rr.nu/?go=2
sxbnckviofg.rr.nu/?go=2
sycrfuynhijj.myfw.us/?go=2
szdzaidns.toh.info/?go=2
tbuyegf.igg.biz/d/404.php?go=1
tdyudtbdy.lowestprices.at/?go=2
tevjyfbtfyh.byinter.net/?go=2
tgrukjhggfdwe.lowestprices.at/?go=2
thodwcxg.ibiz.cc/d/404.php?go=1
tlegjzpo.usa.cc/d/404.php?go=1
trev8246.myftp.org/?go=2
trhhiuyu.myfw.us/?go=2
trhpxtwr.ibiz.cc/?go=2
trpvptu.xxuz.com/d/404.php?go=1
truygdfijhgjkd.myredirect.us/?go=2
trwrdaypds.igg.biz/?go=2
tuntrsbrtbtung.lowestprices.at/?go=2
twenbrmndfui.myredirect.us/?go=2
txmovebnx.tld.cc/d/404.php?go=1
tyapxh.ddns.us/d/404.php?go=1
tyehybtgdhgef.myfw.us/?go=2
tyuntuytmii.myfw.us/?go=2
ucvndsb.proxydns.com/d/404.php?go=1
udkuiurooa.igg.biz/d/404.php?go=1
ueixlydyprxg.byinter.net/?go=2
uhfcmgtlnbkm.byinter.net/?go=2
uhjqzvcjfmb.ontheweb.nu/?go=2
uimflmxbtr.lookin.at/?go=2
uirkxfpa.igg.biz/d/404.php?go=1
ulfbtsrbx.lookin.at/?go=2
uljyynp.igg.biz/d/404.php?go=1
uonjjmcw.ibiz.cc/d/404.php?go=1
upcihiteyf.usa.cc/?go=2
upsgollo.ibiz.cc/d/404.php?go=1
uqhnrrqrql.findhere.org/?go=2
usrvbzrbyeab.lowestprices.at/?go=2
utopgjmrao.kwik.to/?go=2
uuuiuiiuuiuuiiuuuu.myfw.us/?go=2
uuuyuyyyyuuyuu.myfw.us/?go=2
uwhnuls.sexxxy.biz/d/404.php?go=1
uxkrlnxrhn.ibiz.cc/d/404.php?go=1
uyguyfdyjcf.lowestprices.at/?go=2
uzzlkmftmi.igg.biz/d/404.php?go=1
varbasrtbat.lookin.at/?go=2
vdtgbrgdgxtrstgvffvf.kwik.to/?go=2
vgjyttswcvj.lowestprices.at/?go=2
vhanclmstq.ibiz.cc/d/404.php?go=1
vjdiorpyfkjgfd.rr.nu/?go=2
vjlnwoof.dhcp.biz/d/404.php?go=1
vkhtdup.usa.cc/d/404.php?go=1
vkmdkimrpfsq.lookin.at/?go=2
vkwliwg.ibiz.cc/d/404.php?go=1
vmpjbiek.igg.biz/?go=2
vnpddighhfhb.rr.nu/?go=2
vooshvwxov.usa.cc/?go=2
vplzqlevmo.igg.biz/?go=2
vpwmdyaayb.igg.biz/d/404.php?go=1
vrtvkrhlg.igg.biz/?go=2
vrzbfnbf.ibiz.cc/?go=2
vymsygn.ibiz.cc/d/404.php?go=1
vzdqgxkj.ftpserver.biz/d/404.php?go=1
weihofdjkndurr.myredirect.us/?go=2
weiulfe.3d-game.com/?go=2
weswznfdlw.2waky.com/d/404.php?go=1
wfyczxb.usa.cc/d/404.php?go=1
wgeraervar.myfw.us/?go=2
wgykabjnh.usa.cc/d/404.php?go=1
whhmmoj.tld.cc/d/404.php?go=1
wiscfggtu.findhere.org/?go=2
wkicfzk.ddns.name/d/404.php?go=1
wmqjrtzhvw.igg.biz/d/404.php?go=1
wmqspbvifaw.byinter.net/?go=2
wrcpvznhjw.igg.biz/?go=2
wrgvetyfcdvf.byinter.net/?go=2
wsesprk.igg.biz/d/404.php?go=1
wupmexgddr.ibiz.cc/d/404.php?go=1
wwwrhyrty3tg.myfw.us/?go=2
wyphlwynl.myfw.us/?go=2
xaetthkkm.rr.nu/?go=2
xakibl.dynamicdns.org.uk/d/404.php?go=1
xaweazv.dns04.com/?go=1
xbcqifsyyx.igg.biz/d/404.php?go=1
xbfgzhvdfggggfff.rr.nu/?go=2
xbyrtyjffn.byinter.net/?go=2
xdrbtxeryey.myfw.us/?go=2
xeyuzgha.igg.biz/d/404.php?go=1
xghvbmnbse.lowestprices.at/?go=2
xghxccvfghtygw82.kwik.to/?go=2
xgmdntbxntr.myfw.us/?go=2
xgnghacwvh.dns1.us/d/404.php?go=1
xnwdxqo.igg.biz/?go=2
xprbatoar.myfw.us/?go=2
xqzhtkda.ibiz.cc/d/404.php?go=1
xrtiddm.bigmoney.biz/?go=2
xvpocbfc.igg.biz/?go=2
xycujqm.ns02.biz/d/404.php?go=1
xytuxmftzbdrv.lookin.at/?go=2
ybdtyndbjtvftb.myfw.us/?go=2
ydfpcjcc.usa.cc/d/404.php?go=1
yenxcsdulxap.myfw.us/?go=2
ygpisqql.igg.biz/d/404.php?go=1
yiiyfdhouk.usa.cc/?go=2
ymenowmg.ibiz.cc/?go=2
ymtdimnbsa.rr.nu/?go=2
ynkahqdxu.kwik.to/?go=2
yrdvjt.fartit.com/d/404.php?go=1
ytimndkybbtt.lookin.at/?go=2
ytryrytrfghfhghthfgfg.findhere.org/?go=2
ytuyiyvtv.byinter.net/?go=2
ytvxszoxsh.mynumber.org/d/404.php?go=1
yunssbzdrvy.lowestprices.at/?go=2
yunyiryunrbe.myfw.us/?go=2
yvlegmruw.ibiz.cc/d/404.php?go=1
yvymolzcbi.lookin.at/?go=2
yxxpjvlq.igg.biz/d/404.php?go=1
yyntnjnxrt.igg.biz/d/404.php?go=1
zavydwnsi.igg.biz/d/404.php?go=1
zbanrdrhh.ibiz.cc/d/404.php?go=1
zdrynztums.findhere.org/?go=2
zdymydindbyu.byinter.net/?go=2
zdyskrsmo.faqserv.com/d/404.php?go=1
ze4tvzbterbny.myfw.us/?go=2
zerymrbrtyrjydn.myfw.us/?go=2
zfhbsvcererr.myredirect.us/?go=2
zfwfkxidn.ibiz.cc/?go=2
zgglfahozq.ibiz.cc/d/404.php?go=1
zguzmbzde.tld.cc/d/404.php?go=1
zhipmylfi.ibiz.cc/?go=2
zjcfzje.usa.cc/?go=2
zjdjtygx.usa.cc/d/404.php?go=1
zjogtwkkslo.myfw.us/?go=2
zknvjmzerm.igg.biz/?go=2
zlsngkwojh.ibiz.cc/d/404.php?go=1
zmarlpglt.ibiz.cc/?go=2
zrymznxbf.lookin.at/?go=2
zrywfrpeo.bounceme.net/i/i.php?go=1
zuxalwcg.tld.cc/d/404.php?go=1
zvcweflptt.ibiz.cc/d/404.php?go=1
zwebterbze.myfw.us/?go=2
zwmxyfnyvm.jetos.com/d/404.php?go=1
zxcjoitre43wi.lowestprices.at/?go=2
zytmnnfcfb.lookin.at/?go=2
zyuyknxu.ibiz.cc/d/404.php?go=1