PDA

View Full Version : Microsoft Spy Ring "ROUTE Table" Spybot / Anti-Beacon & ALL anti-malware missed these


udaugadid
2018-03-07, 04:30
I found these in my TCPIP spy stack... at least that it appears to have been for these guys. Before locating these I had found other hacking software, a windows port of redis in particular on my computer. I've attached a the entire TCPIP registry here. https://ufile.io/ywxh5

This looks like a Microsoft spy apparatus; a mixed bag of others. Found Embedded in persistent routes. Found this on two computers so far. This is typically reserved for the router / gateway; "Legit" entries by the system appear as "0.0.0.0,0.0.0.0,192.168.0.1,-1" (IP/Subnet/Gateway) For example; This appears to be a form of reverse routing; I am curious if this could have been a MITM going on between my PC and these IP's; akin to VPN. I've asked Microsoft tech support (https://social.technet.microsoft.com/Forums/en-US/7a67c636-0ed7-4c30-896e-1123b7e7ac84/persistent-routes-329-suspicious-entries-in-tcpip-parameters-persistentroutes?forum=w7itprosecurity), wilder security, and linuxquestions and nobody has explained to me what is going on much at all. I'm curious whether the persistent routes bypasses the 'hosts' file. Prior to stumbling upon these, I had already blocked many f Microsoft servers via the hosts file; uninstalled all telemetry updates, ran your software; and dozens of others both online and offline; nothing found very much. Another PC on our network also had a tonne of these in the registry. Any clue where they come from?

I recommend adding to your program an option to delete "persistent routes" if it detects non traditional IP's saved there. Everything but default gateway routes;

ex

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Here is what I found; lots of big multinational corporations; ad servers; akami cloud servers; Google, Facebook, but mostly Microsoft servers; Some may have connections to homeland insecurity (TM). Only noticed it thanks to Combofix backing up TCPIP settings, I looked inside the backup and saw them there.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes]

"104.107.13.214,255.255.255.255,0.0.0.0,1"=""
"104.210.4.77,255.255.255.255,0.0.0.0,1"=""
"104.210.40.87,255.255.255.255,0.0.0.0,1"=""
"104.214.35.244,255.255.255.255,0.0.0.0,1"=""
"104.41.207.73,255.255.255.255,0.0.0.0,1"=""
"104.43.140.223,255.255.255.255,0.0.0.0,1"=""
"104.45.11.195,255.255.255.255,0.0.0.0,1"=""
"104.45.136.42,255.255.255.255,0.0.0.0,1"=""
"104.45.214.112,255.255.255.255,0.0.0.0,1"=""
"104.46.1.211,255.255.255.255,0.0.0.0,1"=""
"104.46.50.125,255.255.255.255,0.0.0.0,1"=""
"104.69.113.196,255.255.255.255,0.0.0.0,1"=""
"104.69.140.179,255.255.255.255,0.0.0.0,1"=""
"104.69.140.181,255.255.255.255,0.0.0.0,1"=""
"104.70.210.203,255.255.255.255,0.0.0.0,1"=""
"104.73.211.105,255.255.255.255,0.0.0.0,1"=""
"104.73.211.159,255.255.255.255,0.0.0.0,1"=""
"104.73.215.154,255.255.255.255,0.0.0.0,1"=""
"104.73.217.91,255.255.255.255,0.0.0.0,1"=""
"104.73.220.170,255.255.255.255,0.0.0.0,1"=""
"107.20.234.199,255.255.255.255,0.0.0.0,1"=""
"107.21.246.114,255.255.255.255,0.0.0.0,1"=""
"111.221.29.177,255.255.255.255,0.0.0.0,1"=""
"111.221.29.254,255.255.255.255,0.0.0.0,1"=""
"13.107.3.128,255.255.255.255,0.0.0.0,1"=""
"13.107.4.50,255.255.255.255,0.0.0.0,1"=""
"13.107.5.88,255.255.255.255,0.0.0.0,1"=""
"13.76.219.191,255.255.255.255,0.0.0.0,1"=""
"13.76.219.210,255.255.255.255,0.0.0.0,1"=""
"131.107.113.238,255.255.255.255,0.0.0.0,1"=""
"131.253.14.121,255.255.255.255,0.0.0.0,1"=""
"131.253.14.153,255.255.255.255,0.0.0.0,1"=""
"131.253.14.194,255.255.255.255,0.0.0.0,1"=""
"131.253.14.76,255.255.255.255,0.0.0.0,1"=""
"131.253.34.230,255.255.255.255,0.0.0.0,1"=""
"131.253.40.109,255.255.255.255,0.0.0.0,1"=""
"131.253.40.37,255.255.255.255,0.0.0.0,1"=""
"131.253.40.47,255.255.255.255,0.0.0.0,1"=""
"131.253.40.53,255.255.255.255,0.0.0.0,1"=""
"131.253.40.64,255.255.255.255,0.0.0.0,1"=""
"134.170.106.152,255.255.255.255,0.0.0.0,1"=""
"134.170.106.176,255.255.255.255,0.0.0.0,1"=""
"134.170.106.200,255.255.255.255,0.0.0.0,1"=""
"134.170.107.176,255.255.255.255,0.0.0.0,1"=""
"134.170.109.200,255.255.255.255,0.0.0.0,1"=""
"134.170.119.140,255.255.255.255,0.0.0.0,1"=""
"134.170.178.97,255.255.255.255,0.0.0.0,1"=""
"134.170.179.87,255.255.255.255,0.0.0.0,1"=""
"134.170.184.133,255.255.255.255,0.0.0.0,1"=""
"134.170.185.125,255.255.255.255,0.0.0.0,1"=""
"134.170.185.70,255.255.255.255,0.0.0.0,1"=""
"134.170.188.139,255.255.255.255,0.0.0.0,1"=""
"134.170.235.16,255.255.255.255,0.0.0.0,1"=""
"134.170.30.203,255.255.255.255,0.0.0.0,1"=""
"134.170.30.204,255.255.255.255,0.0.0.0,1"=""
"134.170.51.246,255.255.255.255,0.0.0.0,1"=""
"134.170.51.247,255.255.255.255,0.0.0.0,1"=""
"134.170.53.30,255.255.255.255,0.0.0.0,1"=""
"134.170.58.121,255.255.255.255,0.0.0.0,1"=""
"134.170.58.123,255.255.255.255,0.0.0.0,1"=""
"134.170.58.125,255.255.255.255,0.0.0.0,1"=""
"134.170.58.189,255.255.255.255,0.0.0.0,1"=""
"137.116.139.114,255.255.255.255,0.0.0.0,1"=""
"137.116.81.24,255.255.255.255,0.0.0.0,1"=""
"137.117.100.176,255.255.255.255,0.0.0.0,1"=""
"157.56.100.83,255.255.255.255,0.0.0.0,1"=""
"157.56.106.184,255.255.255.255,0.0.0.0,1"=""
"157.56.106.185,255.255.255.255,0.0.0.0,1"=""
"157.56.113.217,255.255.255.255,0.0.0.0,1"=""
"157.56.121.89,255.255.255.255,0.0.0.0,1"=""
"157.56.124.87,255.255.255.255,0.0.0.0,1"=""
"157.56.149.250,255.255.255.255,0.0.0.0,1"=""
"157.56.194.72,255.255.255.255,0.0.0.0,1"=""
"157.56.194.73,255.255.255.255,0.0.0.0,1"=""
"157.56.194.74,255.255.255.255,0.0.0.0,1"=""
"157.56.23.91,255.255.255.255,0.0.0.0,1"=""
"157.56.57.5,255.255.255.255,0.0.0.0,1"=""
"157.56.74.250,255.255.255.255,0.0.0.0,1"=""
"157.56.77.139,255.255.255.255,0.0.0.0,1"=""
"157.56.91.77,255.255.255.255,0.0.0.0,1"=""
"157.56.96.208,255.255.255.255,0.0.0.0,1"=""
"157.56.96.54,255.255.255.255,0.0.0.0,1"=""
"157.56.96.80,255.255.255.255,0.0.0.0,1"=""
"165.254.114.10,255.255.255.255,0.0.0.0,1"=""
"165.254.114.34,255.255.255.255,0.0.0.0,1"=""
"168.61.146.25,255.255.255.255,0.0.0.0,1"=""
"168.61.149.17,255.255.255.255,0.0.0.0,1"=""
"168.61.172.71,255.255.255.255,0.0.0.0,1"=""
"168.62.11.145,255.255.255.255,0.0.0.0,1"=""
"168.62.187.13,255.255.255.255,0.0.0.0,1"=""
"168.62.21.207,255.255.255.255,0.0.0.0,1"=""
"168.63.100.61,255.255.255.255,0.0.0.0,1"=""
"168.63.108.233,255.255.255.255,0.0.0.0,1"=""
"174.129.244.227,255.255.255.255,0.0.0.0,1"=""
"184.28.167.143,255.255.255.255,0.0.0.0,1"=""
"184.29.134.49,255.255.255.255,0.0.0.0,1"=""
"184.29.137.155,255.255.255.255,0.0.0.0,1"=""
"184.30.37.150,255.255.255.255,0.0.0.0,1"=""
"184.31.242.141,255.255.255.255,0.0.0.0,1"=""
"191.232.139.182,255.255.255.255,0.0.0.0,1"=""
"191.232.139.210,255.255.255.255,0.0.0.0,1"=""
"191.232.140.76,255.255.255.255,0.0.0.0,1"=""
"191.236.155.80,255.255.255.255,0.0.0.0,1"=""
"191.236.16.12,255.255.255.255,0.0.0.0,1"=""
"191.238.241.80,255.255.255.255,0.0.0.0,1"=""
"191.239.50.18,255.255.255.255,0.0.0.0,1"=""
"191.239.50.77,255.255.255.255,0.0.0.0,1"=""
"191.239.52.100,255.255.255.255,0.0.0.0,1"=""
"192.229.163.249,255.255.255.255,0.0.0.0,1"=""
"192.243.250.72,255.255.255.255,0.0.0.0,1"=""
"192.243.250.88,255.255.255.255,0.0.0.0,1"=""
"198.78.206.253,255.255.255.255,0.0.0.0,1"=""
"2.21.16.151,255.255.255.255,0.0.0.0,1"=""
"2.21.236.193,255.255.255.255,0.0.0.0,1"=""
"2.22.245.247,255.255.255.255,0.0.0.0,1"=""
"2.22.70.61,255.255.255.255,0.0.0.0,1"=""
"2.22.71.158,255.255.255.255,0.0.0.0,1"=""
"2.22.75.120,255.255.255.255,0.0.0.0,1"=""
"2.22.77.127,255.255.255.255,0.0.0.0,1"=""
"2.22.87.71,255.255.255.255,0.0.0.0,1"=""
"207.46.101.29,255.255.255.255,0.0.0.0,1"=""
"207.46.153.155,255.255.255.255,0.0.0.0,1"=""
"207.46.202.114,255.255.255.255,0.0.0.0,1"=""
"207.46.223.94,255.255.255.255,0.0.0.0,1"=""
"216.38.170.128,255.255.255.255,0.0.0.0,1"=""
"23.102.155.140,255.255.255.255,0.0.0.0,1"=""
"23.102.21.4,255.255.255.255,0.0.0.0,1"=""
"23.102.4.253,255.255.255.255,0.0.0.0,1"=""
"23.103.182.126,255.255.255.255,0.0.0.0,1"=""
"23.2.16.10,255.255.255.255,0.0.0.0,1"=""
"23.2.16.8,255.255.255.255,0.0.0.0,1"=""
"23.202.16.64,255.255.255.255,0.0.0.0,1"=""
"23.202.21.236,255.255.255.255,0.0.0.0,1"=""
"23.202.58.89,255.255.255.255,0.0.0.0,1"=""
"23.202.61.139,255.255.255.255,0.0.0.0,1"=""
"23.3.59.213,255.255.255.255,0.0.0.0,1"=""
"23.3.59.68,255.255.255.255,0.0.0.0,1"=""
"23.33.106.110,255.255.255.255,0.0.0.0,1"=""
"23.33.25.34,255.255.255.255,0.0.0.0,1"=""
"23.33.31.59,255.255.255.255,0.0.0.0,1"=""
"23.46.18.40,255.255.255.255,0.0.0.0,1"=""
"23.46.19.158,255.255.255.255,0.0.0.0,1"=""
"23.73.138.65,255.255.255.255,0.0.0.0,1"=""
"23.96.212.225,255.255.255.255,0.0.0.0,1"=""
"23.97.178.173,255.255.255.255,0.0.0.0,1"=""
"23.97.209.97,255.255.255.255,0.0.0.0,1"=""
"23.99.10.11,255.255.255.255,0.0.0.0,1"=""
"23.99.109.44,255.255.255.255,0.0.0.0,1"=""
"23.99.109.64,255.255.255.255,0.0.0.0,1"=""
"23.99.116.116,255.255.255.255,0.0.0.0,1"=""
"23.99.49.121,255.255.255.255,0.0.0.0,1"=""
"31.13.65.2,255.255.255.255,0.0.0.0,1"=""
"31.13.69.193,255.255.255.255,0.0.0.0,1"=""
"4.27.253.126,255.255.255.255,0.0.0.0,1"=""
"4.27.253.253,255.255.255.255,0.0.0.0,1"=""
"4.27.254.254,255.255.255.255,0.0.0.0,1"=""
"40.113.14.159,255.255.255.255,0.0.0.0,1"=""
"40.113.22.47,255.255.255.255,0.0.0.0,1"=""
"40.113.8.255,255.255.255.255,0.0.0.0,1"=""
"40.114.149.220,255.255.255.255,0.0.0.0,1"=""
"40.114.241.141,255.255.255.255,0.0.0.0,1"=""
"40.114.54.223,255.255.255.255,0.0.0.0,1"=""
"40.117.151.29,255.255.255.255,0.0.0.0,1"=""
"40.117.88.112,255.255.255.255,0.0.0.0,1"=""
"40.118.103.7,255.255.255.255,0.0.0.0,1"=""
"40.121.144.182,255.255.255.255,0.0.0.0,1"=""
"40.69.40.157,255.255.255.255,0.0.0.0,1"=""
"40.76.12.162,255.255.255.255,0.0.0.0,1"=""
"40.76.12.4,255.255.255.255,0.0.0.0,1"=""
"40.77.226.250,255.255.255.255,0.0.0.0,1"=""
"40.83.189.49,255.255.255.255,0.0.0.0,1"=""
"46.33.76.33,255.255.255.255,0.0.0.0,1"=""
"46.33.76.57,255.255.255.255,0.0.0.0,1"=""
"52.164.241.205,255.255.255.255,0.0.0.0,1"=""
"54.243.135.126,255.255.255.255,0.0.0.0,1"=""
"63.148.207.151,255.255.255.255,0.0.0.0,1"=""
"63.148.207.70,255.255.255.255,0.0.0.0,1"=""
"63.148.207.80,255.255.255.255,0.0.0.0,1"=""
"63.148.207.88,255.255.255.255,0.0.0.0,1"=""
"63.148.207.95,255.255.255.255,0.0.0.0,1"=""
"63.148.207.97,255.255.255.255,0.0.0.0,1"=""
"63.241.108.111,255.255.255.255,0.0.0.0,1"=""
"63.241.108.124,255.255.255.255,0.0.0.0,1"=""
"63.243.243.34,255.255.255.255,0.0.0.0,1"=""
"63.243.243.35,255.255.255.255,0.0.0.0,1"=""
"63.243.243.48,255.255.255.255,0.0.0.0,1"=""
"63.243.243.49,255.255.255.255,0.0.0.0,1"=""
"63.243.243.58,255.255.255.255,0.0.0.0,1"=""
"63.243.243.67,255.255.255.255,0.0.0.0,1"=""
"64.233.185.148,255.255.255.255,0.0.0.0,1"=""
"64.233.185.149,255.255.255.255,0.0.0.0,1"=""
"64.4.27.50,255.255.255.255,0.0.0.0,1"=""
"64.4.54.153,255.255.255.255,0.0.0.0,1"=""
"64.4.54.165,255.255.255.255,0.0.0.0,1"=""
"64.4.54.18,255.255.255.255,0.0.0.0,1"=""
"64.4.54.22,255.255.255.255,0.0.0.0,1"=""
"64.4.54.254,255.255.255.255,0.0.0.0,1"=""
"64.4.54.98,255.255.255.255,0.0.0.0,1"=""
"65.39.117.230,255.255.255.255,0.0.0.0,1"=""
"65.52.100.93,255.255.255.255,0.0.0.0,1"=""
"65.52.108.11,255.255.255.255,0.0.0.0,1"=""
"65.52.108.153,255.255.255.255,0.0.0.0,1"=""
"65.52.108.154,255.255.255.255,0.0.0.0,1"=""
"65.52.108.163,255.255.255.255,0.0.0.0,1"=""
"65.52.108.2,255.255.255.255,0.0.0.0,1"=""
"65.52.108.251,255.255.255.255,0.0.0.0,1"=""
"65.52.108.254,255.255.255.255,0.0.0.0,1"=""
"65.52.108.27,255.255.255.255,0.0.0.0,1"=""
"65.52.108.33,255.255.255.255,0.0.0.0,1"=""
"65.52.108.52,255.255.255.255,0.0.0.0,1"=""
"65.52.108.56,255.255.255.255,0.0.0.0,1"=""
"65.52.108.59,255.255.255.255,0.0.0.0,1"=""
"65.52.108.90,255.255.255.255,0.0.0.0,1"=""
"65.52.108.92,255.255.255.255,0.0.0.0,1"=""
"65.54.192.248,255.255.255.255,0.0.0.0,1"=""
"65.54.225.167,255.255.255.255,0.0.0.0,1"=""
"65.54.226.187,255.255.255.255,0.0.0.0,1"=""
"65.55.128.80,255.255.255.255,0.0.0.0,1"=""
"65.55.128.81,255.255.255.255,0.0.0.0,1"=""
"65.55.130.50,255.255.255.255,0.0.0.0,1"=""
"65.55.138.110,255.255.255.255,0.0.0.0,1"=""
"65.55.138.111,255.255.255.255,0.0.0.0,1"=""
"65.55.149.120,255.255.255.255,0.0.0.0,1"=""
"65.55.176.90,255.255.255.255,0.0.0.0,1"=""
"65.55.2.2,255.255.255.255,0.0.0.0,1"=""
"65.55.227.188,255.255.255.255,0.0.0.0,1"=""
"65.55.252.92,255.255.255.255,0.0.0.0,1"=""
"65.55.44.51,255.255.255.255,0.0.0.0,1"=""
"65.55.44.82,255.255.255.255,0.0.0.0,1"=""
"65.55.44.85,255.255.255.255,0.0.0.0,1"=""
"65.55.52.23,255.255.255.255,0.0.0.0,1"=""
"65.55.83.120,255.255.255.255,0.0.0.0,1"=""
"66.119.152.205,255.255.255.255,0.0.0.0,1"=""
"66.235.138.193,255.255.255.255,0.0.0.0,1"=""
"66.235.138.194,255.255.255.255,0.0.0.0,1"=""
"66.235.138.195,255.255.255.255,0.0.0.0,1"=""
"66.235.139.17,255.255.255.255,0.0.0.0,1"=""
"66.235.139.18,255.255.255.255,0.0.0.0,1"=""
"66.235.139.19,255.255.255.255,0.0.0.0,1"=""
"66.235.139.205,255.255.255.255,0.0.0.0,1"=""
"66.235.139.206,255.255.255.255,0.0.0.0,1"=""
"66.235.139.207,255.255.255.255,0.0.0.0,1"=""
"68.67.152.103,255.255.255.255,0.0.0.0,1"=""
"68.67.152.109,255.255.255.255,0.0.0.0,1"=""
"68.67.152.110,255.255.255.255,0.0.0.0,1"=""
"68.67.152.111,255.255.255.255,0.0.0.0,1"=""
"68.67.152.112,255.255.255.255,0.0.0.0,1"=""
"68.67.152.113,255.255.255.255,0.0.0.0,1"=""
"68.67.152.120,255.255.255.255,0.0.0.0,1"=""
"68.67.152.129,255.255.255.255,0.0.0.0,1"=""
"68.67.152.131,255.255.255.255,0.0.0.0,1"=""
"68.67.152.132,255.255.255.255,0.0.0.0,1"=""
"68.67.152.172,255.255.255.255,0.0.0.0,1"=""
"68.67.152.173,255.255.255.255,0.0.0.0,1"=""
"68.67.152.174,255.255.255.255,0.0.0.0,1"=""
"68.67.152.215,255.255.255.255,0.0.0.0,1"=""
"68.67.152.218,255.255.255.255,0.0.0.0,1"=""
"68.67.152.235,255.255.255.255,0.0.0.0,1"=""
"68.67.152.236,255.255.255.255,0.0.0.0,1"=""
"68.67.152.254,255.255.255.255,0.0.0.0,1"=""
"68.67.152.56,255.255.255.255,0.0.0.0,1"=""
"68.67.152.58,255.255.255.255,0.0.0.0,1"=""
"68.67.152.61,255.255.255.255,0.0.0.0,1"=""
"68.67.152.92,255.255.255.255,0.0.0.0,1"=""
"68.67.152.94,255.255.255.255,0.0.0.0,1"=""
"68.67.152.97,255.255.255.255,0.0.0.0,1"=""
"68.67.153.148,255.255.255.255,0.0.0.0,1"=""
"68.67.153.173,255.255.255.255,0.0.0.0,1"=""
"68.67.153.180,255.255.255.255,0.0.0.0,1"=""
"68.67.153.183,255.255.255.255,0.0.0.0,1"=""
"68.67.153.188,255.255.255.255,0.0.0.0,1"=""
"68.67.153.208,255.255.255.255,0.0.0.0,1"=""
"68.67.153.209,255.255.255.255,0.0.0.0,1"=""
"68.67.153.244,255.255.255.255,0.0.0.0,1"=""
"68.67.153.248,255.255.255.255,0.0.0.0,1"=""
"68.67.153.251,255.255.255.255,0.0.0.0,1"=""
"68.67.153.253,255.255.255.255,0.0.0.0,1"=""
"68.67.153.37,255.255.255.255,0.0.0.0,1"=""
"68.67.153.39,255.255.255.255,0.0.0.0,1"=""
"68.67.153.40,255.255.255.255,0.0.0.0,1"=""
"68.67.153.41,255.255.255.255,0.0.0.0,1"=""
"68.67.153.44,255.255.255.255,0.0.0.0,1"=""
"68.67.153.56,255.255.255.255,0.0.0.0,1"=""
"68.67.153.87,255.255.255.255,0.0.0.0,1"=""
"68.67.153.89,255.255.255.255,0.0.0.0,1"=""
"68.67.176.126,255.255.255.255,0.0.0.0,1"=""
"68.67.176.129,255.255.255.255,0.0.0.0,1"=""
"68.67.176.132,255.255.255.255,0.0.0.0,1"=""
"68.67.176.145,255.255.255.255,0.0.0.0,1"=""
"68.67.176.152,255.255.255.255,0.0.0.0,1"=""
"68.67.176.16,255.255.255.255,0.0.0.0,1"=""
"68.67.176.47,255.255.255.255,0.0.0.0,1"=""
"68.67.176.50,255.255.255.255,0.0.0.0,1"=""
"68.67.176.51,255.255.255.255,0.0.0.0,1"=""
"68.67.176.63,255.255.255.255,0.0.0.0,1"=""
"68.67.176.68,255.255.255.255,0.0.0.0,1"=""
"72.246.43.10,255.255.255.255,0.0.0.0,1"=""
"72.246.43.128,255.255.255.255,0.0.0.0,1"=""
"72.246.43.16,255.255.255.255,0.0.0.0,1"=""
"72.246.43.25,255.255.255.255,0.0.0.0,1"=""
"72.246.43.26,255.255.255.255,0.0.0.0,1"=""
"72.246.43.33,255.255.255.255,0.0.0.0,1"=""
"72.246.43.34,255.255.255.255,0.0.0.0,1"=""
"72.246.43.40,255.255.255.255,0.0.0.0,1"=""
"72.246.43.48,255.255.255.255,0.0.0.0,1"=""
"72.246.43.56,255.255.255.255,0.0.0.0,1"=""
"72.246.43.9,255.255.255.255,0.0.0.0,1"=""
"74.125.21.148,255.255.255.255,0.0.0.0,1"=""
"74.125.21.149,255.255.255.255,0.0.0.0,1"=""
"77.67.29.176,255.255.255.255,0.0.0.0,1"=""
"8.12.223.125,255.255.255.255,0.0.0.0,1"=""
"8.12.223.254,255.255.255.255,0.0.0.0,1"=""
"8.254.233.126,255.255.255.255,0.0.0.0,1"=""
"8.254.240.126,255.255.255.255,0.0.0.0,1"=""
"8.254.248.254,255.255.255.255,0.0.0.0,1"=""
"8.254.56.254,255.255.255.255,0.0.0.0,1"=""
"8.26.206.252,255.255.255.255,0.0.0.0,1"=""
"8.26.207.126,255.255.255.255,0.0.0.0,1"=""
"8.26.209.126,255.255.255.255,0.0.0.0,1"=""
"8.26.210.126,255.255.255.255,0.0.0.0,1"=""
"93.184.215.200,255.255.255.255,0.0.0.0,1"=""
"94.245.121.176,255.255.255.255,0.0.0.0,1"=""
"94.245.121.177,255.255.255.255,0.0.0.0,1"=""
"94.245.121.178,255.255.255.255,0.0.0.0,1"=""
"94.245.121.179,255.255.255.255,0.0.0.0,1"=""
"95.101.128.137,255.255.255.255,0.0.0.0,1"=""
"95.101.128.195,255.255.255.255,0.0.0.0,1"=""
"96.17.204.167,255.255.255.255,0.0.0.0,1"=""
"96.17.204.25,255.255.255.255,0.0.0.0,1"=""





104.107.13.214 a104-107-13-214.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
104.210.4.77 United States flag United States VA Boydton Microsoft Corporation AS8075
104.210.40.87 United States flag United States CA San Jose Microsoft Corporation AS8075
104.214.35.244 United States flag United States TX San Antonio Microsoft Corporation AS8075
104.41.207.73 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
104.43.140.223 United States flag United States IA Des Moines Microsoft Corporation AS8075
104.45.11.195 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
104.45.136.42 United States flag United States VA Washington Microsoft Corporation AS8075
104.45.214.112 United States flag United States CA San Jose Microsoft Corporation AS8075
104.46.1.211 United States flag United States VA Boydton Microsoft Corporation AS8075
104.46.50.125 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
104.69.113.196 a104-69-113-196.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.69.140.179 a104-69-140-179.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.69.140.181 a104-69-140-181.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.70.210.203 a104-70-210-203.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Time Warner Cable Internet LLC AS7843
104.73.211.105 a104-73-211-105.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.211.159 a104-73-211-159.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.215.154 a104-73-215-154.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.217.91 a104-73-217-91.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.220.170 a104-73-220-170.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
107.20.234.199 ec2-107-20-234-199.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
107.21.246.114 ec2-107-21-246-114.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
111.221.29.177 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
111.221.29.254 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
13.107.3.128 United States flag United States WA Redmond Microsoft Corporation AS8068
13.107.4.50 United States flag United States WA Redmond Microsoft Corporation AS8068
13.107.5.88 United States flag United States WA Redmond Microsoft Corporation AS8068
13.76.219.191 Singapore flag Singapore 00 Singapore Microsoft Corporation AS8075
13.76.219.210 Singapore flag Singapore 00 Singapore Microsoft Corporation AS8075
131.107.113.238 United States flag United States WA Redmond Microsoft Corporation AS3598
131.253.14.121 United States flag United States WA Microsoft Corporation AS8075
131.253.14.153 United States flag United States WA Microsoft Corporation AS8075
131.253.14.194 United States flag United States WA Microsoft Corporation AS8075
131.253.14.76 ch1ldc1.ac3.msn.com United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.34.230 bn2wns1.wns.windows.com United States flag United States VA Boydton Microsoft Corporation AS8075
131.253.40.109 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.37 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.47 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.53 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.64 United States flag United States IL Chicago Microsoft Corporation AS8075
134.170.106.152 United States flag United States Microsoft Corporation AS8075
134.170.106.176 United States flag United States Microsoft Corporation AS8075
134.170.106.200 United States flag United States Microsoft Corporation AS8075
134.170.107.176 bl3302-c.1drv.com United States flag United States Microsoft Corporation AS8075
134.170.109.200 United States flag United States Microsoft Corporation AS8075
134.170.119.140 United States flag United States VA Boydton Microsoft Corporation AS8075
134.170.178.97 United States flag United States Microsoft Corporation AS8075
134.170.179.87 United States flag United States Microsoft Corporation AS8075
134.170.184.133 United States flag United States WA Microsoft Corporation AS8075
134.170.185.125 United States flag United States WA Microsoft Corporation AS8075
134.170.185.70 United States flag United States WA Microsoft Corporation AS8075
134.170.188.139 United States flag United States CA San Jose Microsoft Corporation AS8075
134.170.235.16 United States flag United States Microsoft Corporation AS8075
134.170.30.203 United States flag United States VA Boydton Microsoft Corporation AS8075
134.170.30.204 United States flag United States VA Boydton Microsoft Corporation AS8075
134.170.51.246 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.51.247 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.53.30 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.121 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.123 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.125 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.189 United States flag United States IA Des Moines Microsoft Corporation AS8075
137.116.139.114 Singapore flag Singapore 00 Singapore Microsoft Corporation AS8075
137.116.81.24 United States flag United States VA Boydton Microsoft Corporation AS8075
137.117.100.176 United States flag United States VA Washington Microsoft Corporation AS8075
157.56.100.83 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.106.184 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.106.185 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.113.217 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.121.89 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.124.87 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.149.250 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.194.72 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.194.73 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.194.74 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.23.91 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.57.5 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.74.250 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.77.139 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.91.77 United States flag United States IL Chicago Microsoft Corporation AS8075
157.56.96.208 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.96.54 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.96.80 United States flag United States VA Boydton Microsoft Corporation AS8075
165.254.114.10 jtc1.org United States flag United States CO Englewood NTT America, Inc. AS2914
165.254.114.34 United States flag United States CO Englewood NTT America, Inc. AS2914
168.61.146.25 United States flag United States IA Des Moines Microsoft Corporation AS8075
168.61.149.17 United States flag United States IA Des Moines Microsoft Corporation AS8075
168.61.172.71 United States flag United States IA Des Moines Microsoft Corporation AS8075
168.62.11.145 United States flag United States CA San Jose Microsoft Corporation AS8075
168.62.187.13 United States flag United States VA Washington Microsoft Corporation AS8075
168.62.21.207 United States flag United States CA San Jose Microsoft Corporation AS8075
168.63.100.61 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
168.63.108.233 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
174.129.244.227 ec2-174-129-244-227.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
184.28.167.143 a184-28-167-143.deploy.static.akamaitechnologies.com United States flag United States FL Akamai Technologies, Inc. AS35994
184.29.134.49 a184-29-134-49.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Bandcon AS26769
184.29.137.155 a184-29-137-155.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Bandcon AS26769
184.30.37.150 a184-30-37-150.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Bandcon AS26769
184.31.242.141 a184-31-242-141.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
191.232.139.182 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
191.232.139.210 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
191.232.140.76 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
191.236.155.80 United States flag United States IL Chicago Microsoft Corporation AS8075
191.236.16.12 waws-prod-blu-015.cloudapp.net United States flag United States VA Washington Microsoft Corporation AS8075
191.238.241.80 United States flag United States TX San Antonio Microsoft Corporation AS8075
191.239.50.18 United States flag United States CA San Jose Microsoft Corporation AS8075
191.239.50.77 United States flag United States CA San Jose Microsoft Corporation AS8075
191.239.52.100 United States flag United States CA San Jose Microsoft Corporation AS8075
192.229.163.249 United States flag United States MCI Communications Services, Inc. d/b/a Verizon Business AS15133
192.243.250.72 United States flag United States UT Lehi Adobe Systems Inc. AS15224
192.243.250.88 United States flag United States UT Lehi Adobe Systems Inc. AS15224
198.78.206.253 United States flag United States Level 3 Communications, Inc. AS3356
2.21.16.151 Germany flag Germany NTT America, Inc. AS2914
2.21.236.193 Europe GTT Communications Inc. AS3257
2.22.245.247 Europe GTT Communications Inc. AS3257
2.22.70.61 Europe GTT Communications Inc. AS3257
2.22.71.158 Europe GTT Communications Inc. AS3257
2.22.75.120 Europe GTT Communications Inc. AS3257
2.22.77.127 Europe GTT Communications Inc. AS3257
2.22.87.71 Europe Akamai International B.V. AS20940
207.46.101.29 United States flag United States CA San Jose Microsoft Corporation AS8075
207.46.153.155 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
207.46.202.114 bcp.adcenterhelp.microsoft.com United States flag United States IL Chicago Microsoft Corporation AS8075
207.46.223.94 tk2.plt.msn.com United States flag United States WA Redmond Microsoft Corporation AS8075
216.38.170.128 United States flag United States MA Tewksbury
23.102.155.140 United States flag United States TX San Antonio Microsoft Corporation AS8075
23.102.21.4 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
23.102.4.253 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
23.103.182.126 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
23.2.16.10 a23-2-16-10.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.2.16.8 a23-2-16-8.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.202.16.64 a23-202-16-64.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.202.21.236 a23-202-21-236.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.202.58.89 a23-202-58-89.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
23.202.61.139 a23-202-61-139.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
23.3.59.213 a23-3-59-213.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.3.59.68 a23-3-59-68.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.33.106.110 a23-33-106-110.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.33.25.34 a23-33-25-34.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge MCI Communications Services, Inc. d/b/a Verizon Business AS2828
23.33.31.59 a23-33-31-59.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge MCI Communications Services, Inc. d/b/a Verizon Business AS2828
23.46.18.40 a23-46-18-40.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.46.19.158 a23-46-19-158.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.73.138.65 a23-73-138-65.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
23.96.212.225 United States flag United States IL Chicago Microsoft Corporation AS8075
23.97.178.173 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
23.97.209.97 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
23.99.10.11 United States flag United States CA San Jose Microsoft Corporation AS8075
23.99.109.44 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
23.99.109.64 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
23.99.116.116 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
23.99.49.121 United States flag United States CA San Jose Microsoft Corporation AS8075
31.13.65.2 edge-atlas-shv-01-atl3.facebook.com Ireland flag Ireland Facebook, Inc. AS32934
31.13.69.193 edge-atlas-shv-01-iad3.facebook.com United States flag United States VA Facebook, Inc. AS32934
4.27.253.126 United States flag United States Level 3 Communications, Inc. AS3356
4.27.253.253 United States flag United States Level 3 Communications, Inc. AS3356
4.27.254.254 United States flag United States Level 3 Communications, Inc. AS3356
40.113.14.159 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.113.22.47 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.113.8.255 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.114.149.220 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
40.114.241.141 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
40.114.54.223 United States flag United States VA Washington Microsoft Corporation AS8075
40.117.151.29 United States flag United States VA Washington Microsoft Corporation AS8075
40.117.88.112 United States flag United States VA Washington Microsoft Corporation AS8075
40.118.103.7 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
40.121.144.182 United States flag United States VA Boydton Microsoft Corporation AS8075
40.69.40.157 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.76.12.162 United States flag United States VA Boydton Microsoft Corporation AS8075
40.76.12.4 United States flag United States VA Boydton Microsoft Corporation AS8075
40.77.226.250 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.83.189.49 United States flag United States CA San Jose Microsoft Corporation AS8075
46.33.76.33 Germany flag Germany GTT Communications Inc. AS3257
46.33.76.57 Germany flag Germany GTT Communications Inc. AS3257
52.164.241.205 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
54.243.135.126 ec2-54-243-135-126.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
63.148.207.151 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.70 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.80 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.88 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.95 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.97 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.241.108.111 United States flag United States NJ California Education and Research Federation Network AS4269
63.241.108.124 bs.serving-sys.com United States flag United States NJ California Education and Research Federation Network AS4269
63.243.243.34 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.35 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.48 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.49 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.58 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.67 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
64.233.185.148 yb-in-f148.1e100.net United States flag United States CA Google LLC AS15169
64.233.185.149 yb-in-f149.1e100.net United States flag United States CA Google LLC AS15169
64.4.27.50 United States flag United States CA San Jose Microsoft Corporation AS8075
64.4.54.153 msnbot-64-4-54-153.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.165 msnbot-64-4-54-165.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.18 msnbot-64-4-54-18.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.22 msnbot-64-4-54-22.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.254 United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.98 United States flag United States WY Cheyenne Microsoft Corporation AS8075
65.39.117.230 United States flag United States NE Cambridge Pinpoint Communications, Inc. AS27005
65.52.100.93 wes.df.telemetry.microsoft.com United States flag United States WA Redmond Microsoft Corporation AS8075
65.52.108.11 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.153 msnbot-65-52-108-153.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.154 msnbot-65-52-108-154.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.163 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.2 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.251 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.254 bn2wns1b.wns.windows.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.27 msnbot-65-52-108-27.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.33 msnbot-65-52-108-33.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.52 msnbot-65-52-108-52.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.56 msnbot-65-52-108-56.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.59 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.90 msnbot-65-52-108-90.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.92 msnbot-65-52-108-92.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075

65.54.192.248 United States flag United States WA Redmond Microsoft Corporation AS8075
65.54.225.167 United States flag United States CA San Jose Microsoft Corporation AS8075
65.54.226.187 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.128.80 United States flag United States IL Chicago Microsoft Corporation AS8075
65.55.128.81 United States flag United States IL Chicago Microsoft Corporation AS8075
65.55.130.50 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.138.110 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.138.111 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.149.120 digg.analytics.live.com United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.176.90 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.2.2 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.227.188 United States flag United States VA Washington Microsoft Corporation AS8075
65.55.252.92 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.44.51 United States flag United States VA Boydton Microsoft Corporation AS8075
65.55.44.82 United States flag United States VA Boydton Microsoft Corporation AS8075
65.55.44.85 United States flag United States VA Boydton Microsoft Corporation AS8075
65.55.52.23 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.83.120 United States flag United States TX Microsoft Corporation AS8075
66.119.152.205 United States flag United States IL Chicago Microsoft Corporation AS8075
66.235.138.193 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.138.194 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.138.195 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.17 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.18 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.19 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.205 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.206 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.207 United States flag United States UT Lehi Adobe Systems Inc. AS15224
68.67.152.103 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.109 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.110 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.111 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.112 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.113 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.120 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.129 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.131 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.132 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.172 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.173 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.174 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.215 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.218 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.235 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.236 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.254 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.56 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.58 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.61 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.92 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.94 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.97 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.148 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.173 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.180 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.183 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.188 lbip767182.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.208 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.209 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.244 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.248 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.251 vlan101.1.slb8b.nym2.appnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.253 vlan101.1.slb7a.nym2.appnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.37 http-fileserver.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.39 cq-auditor.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.40 thorondor-hbapi.prod.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.41 lbip767035.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.44 ast-samples.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.56 securemodernimpact.pxlsrv.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.87 lbip767081.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.89 lbip767083.nym2.appnexus.com United States flag United States NY New York AppNexus, Inc AS29990
68.67.176.126 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.129 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.132 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.145 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.152 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.16 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.47 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.50 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.51 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.63 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.68 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
72.246.43.10 a72-246-43-10.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.128 a72-246-43-128.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.16 a72-246-43-16.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.25 a72-246-43-25.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.26 a72-246-43-26.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.33 a72-246-43-33.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.34 a72-246-43-34.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.40 a72-246-43-40.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.48 a72-246-43-48.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.56 a72-246-43-56.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.9 a72-246-43-9.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
74.125.21.148 yv-in-f148.1e100.net United States flag United States CA Mountain View Google LLC AS15169
74.125.21.149 yv-in-f149.1e100.net United States flag United States CA Mountain View Google LLC AS15169
77.67.29.176 United States flag United States GTT Communications Inc. AS3257
8.12.223.125 United States flag United States Level 3 Communications, Inc. AS3356
8.12.223.254 United States flag United States Level 3 Communications, Inc. AS3356
8.254.233.126 United States flag United States Level 3 Communications, Inc. AS3356
8.254.240.126 United States flag United States Level 3 Communications, Inc. AS3356
8.254.248.254 United States flag United States Level 3 Communications, Inc. AS3356
8.254.56.254 United States flag United States Level 3 Communications, Inc. AS3356
8.26.206.252 United States flag United States Level 3 Communications, Inc. AS3356
8.26.207.126 United States flag United States Level 3 Communications, Inc. AS3356
8.26.209.126 United States flag United States Level 3 Communications, Inc. AS3356
8.26.210.126 United States flag United States Level 3 Communications, Inc. AS3356
93.184.215.200 Europe MCI Communications Services, Inc. d/b/a Verizon Business AS15133
94.245.121.176 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
94.245.121.177 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
94.245.121.178 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
94.245.121.179 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
95.101.128.137 a95-101-128-137.deploy.akamaitechnologies.com Europe Akamai International B.V. AS20940
95.101.128.195 a95-101-128-195.deploy.akamaitechnologies.com Europe Akamai International B.V. AS20940
96.17.204.167 a96-17-204-167.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
96.17.204.25 a96-17-204-25.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994

93.184.215.200 Europe MCI Communications Services, Inc. d/b/a Verizon Business AS15133

MCI Communications Services, Inc. dba Verizon Business Services
(formerly Cybertrust)

(info directly related to this IP address and Corporation:

Verizon fully participates in the GSA Schedules (also referred to as Multiple Award Schedules (MAS) and Federal Supply Schedules) program. Under this contract, Verizon offers security, identity management and HSPD-12 services to federal and state and local government clients and their authorized contractors. Offerings covered under Verizon’s GSA IT Schedule 70 contract include:

Special Item Number 132-51 Information Technology (IT) Professional Services
Special Item Number 132-52 Managed Security Services - Federal Edition
Special Item Number 132-61 Public Key Infrastructure (PKI) Shared Service Providers (PKI SSP) Program
Special Item Number 132-62 Homeland Security Presidential Directive 12 (HSPD-12) Product and Service Components

Great old homeland insecurity. HSPD-12 was signed into law by G-dubyah.

I recommend adding these to your block list and also deleting all persistent routes by default or by extension with your app; Nothing found them, of dozens of anti-spy software I have used, no anti-spyware app; nada. So this is important stuff; I have found them thus far on two computers. Not sure if this bypasses hosts file, but I suspect it might.

according to the Microsoft technet lady she says the following:

The PersistentRoutes subkey contains entries representing routes that permanently stored in the IP routing table. Unlike active routes, which are deleted when you shut down or restart Windows, permanent routes are stored in the registry and remain in the IP routing table until you remove them.

Because Windows does not create persistent routes, the PersistentRoutes subkey is empty by default. (actually she is partially wrong, possibly due to my setup, it happens with typically only one key and that is: "0.0.0.0,0.0.0.0,192.168.0.1,-1" (IP/Subnet/Gateway) ) -cont: You must add persistent routes manually by using the -p switch with the Route add command at the command line. The Windows Route program, Route.exe, writes the route to the routing table and to the PersistentRoutes subkey. To remove a persistent route from the routing table and from the registry, use the Route delete command.
Each entry in the PersistentRoutes subkey represents one route entry in the routing table.

We add static routes, which will not change if the network is changed or reconfigured.
Static routing can be used to define an exit point from a router when no other routes are available or necessary. This is called a default route.
Static routing can be used for small networks that require only one or two routes. This is often more efficient since a link is not being wasted by exchanging dynamic routing information.

Static routing is often used as a complement to dynamic routing to provide a failsafe backup in the event that a dynamic route is unavailable.
Static routing is often used to help transfer routing information from one routing protocol to another (routing redistribution).
As I know, "1" means metric and you can type the command route printe to have a view

So far I have not gotten any clear and distinct answers on my questions; they are posted on the link above and if you know, please let me know Thanks!

Have a lovely dovely day!

here is a blocklist

#Massive Spies / Hacks List

0.0.0.0 104.107.13.214
0.0.0.0 104.210.4.77
0.0.0.0 104.210.40.87
0.0.0.0 104.214.35.244
0.0.0.0 104.41.207.73
0.0.0.0 104.43.140.223
0.0.0.0 104.45.11.195
0.0.0.0 104.45.136.42
0.0.0.0 104.45.214.112
0.0.0.0 104.46.1.211
0.0.0.0 104.46.50.125
0.0.0.0 104.69.113.196
0.0.0.0 104.69.140.179
0.0.0.0 104.69.140.181
0.0.0.0 104.70.210.203
0.0.0.0 104.73.211.105
0.0.0.0 104.73.211.159
0.0.0.0 104.73.215.154
0.0.0.0 104.73.217.91
0.0.0.0 104.73.220.170
0.0.0.0 107.20.234.199
0.0.0.0 107.21.246.114
0.0.0.0 111.221.29.177
0.0.0.0 111.221.29.254
0.0.0.0 13.107.3.128
0.0.0.0 13.107.4.50
0.0.0.0 13.107.5.88
0.0.0.0 13.76.219.191
0.0.0.0 13.76.219.210
0.0.0.0 131.107.113.238
0.0.0.0 131.253.14.121
0.0.0.0 131.253.14.153
0.0.0.0 131.253.14.194
0.0.0.0 131.253.14.76
0.0.0.0 131.253.34.230
0.0.0.0 131.253.40.109
0.0.0.0 131.253.40.37
0.0.0.0 131.253.40.47
0.0.0.0 131.253.40.53
0.0.0.0 131.253.40.64
0.0.0.0 134.170.106.152
0.0.0.0 134.170.106.176
0.0.0.0 134.170.106.200
0.0.0.0 134.170.107.176
0.0.0.0 134.170.109.200
0.0.0.0 134.170.119.140
0.0.0.0 134.170.178.97
0.0.0.0 134.170.179.87
0.0.0.0 134.170.184.133
0.0.0.0 134.170.185.125
0.0.0.0 134.170.185.70
0.0.0.0 134.170.188.139
0.0.0.0 134.170.235.16
0.0.0.0 134.170.30.203
0.0.0.0 134.170.30.204
0.0.0.0 134.170.51.246
0.0.0.0 134.170.51.247
0.0.0.0 134.170.53.30
0.0.0.0 134.170.58.121
0.0.0.0 134.170.58.123
0.0.0.0 134.170.58.125
0.0.0.0 134.170.58.189
0.0.0.0 137.116.139.114
0.0.0.0 137.116.81.24
0.0.0.0 137.117.100.176
0.0.0.0 157.56.100.83
0.0.0.0 157.56.106.184
0.0.0.0 157.56.106.185
0.0.0.0 157.56.113.217
0.0.0.0 157.56.121.89
0.0.0.0 157.56.124.87
0.0.0.0 157.56.149.250
0.0.0.0 157.56.194.72
0.0.0.0 157.56.194.73
0.0.0.0 157.56.194.74
0.0.0.0 157.56.23.91
0.0.0.0 157.56.57.5
0.0.0.0 157.56.74.250
0.0.0.0 157.56.77.139
0.0.0.0 157.56.91.77
0.0.0.0 157.56.96.208
0.0.0.0 157.56.96.54
0.0.0.0 157.56.96.80
0.0.0.0 165.254.114.10
0.0.0.0 165.254.114.34
0.0.0.0 168.61.146.25
0.0.0.0 168.61.149.17
0.0.0.0 168.61.172.71
0.0.0.0 168.62.11.145
0.0.0.0 168.62.187.13
0.0.0.0 168.62.21.207
0.0.0.0 168.63.100.61
0.0.0.0 168.63.108.233
0.0.0.0 174.129.244.227
0.0.0.0 184.28.167.143
0.0.0.0 184.29.134.49
0.0.0.0 184.29.137.155
0.0.0.0 184.30.37.150
0.0.0.0 184.31.242.141
0.0.0.0 191.232.139.182
0.0.0.0 191.232.139.210
0.0.0.0 191.232.140.76
0.0.0.0 191.236.155.80
0.0.0.0 191.236.16.12
0.0.0.0 191.238.241.80
0.0.0.0 191.239.50.18
0.0.0.0 191.239.50.77
0.0.0.0 191.239.52.100
0.0.0.0 192.229.163.249
0.0.0.0 192.243.250.72
0.0.0.0 192.243.250.88
0.0.0.0 198.78.206.253
0.0.0.0 2.21.16.151
0.0.0.0 2.21.236.193
0.0.0.0 2.22.245.247
0.0.0.0 2.22.70.61
0.0.0.0 2.22.71.158
0.0.0.0 2.22.75.120
0.0.0.0 2.22.77.127
0.0.0.0 2.22.87.71
0.0.0.0 207.46.101.29
0.0.0.0 207.46.153.155
0.0.0.0 207.46.202.114
0.0.0.0 207.46.223.94
0.0.0.0 216.38.170.128
0.0.0.0 23.102.155.140
0.0.0.0 23.102.21.4
0.0.0.0 23.102.4.253
0.0.0.0 23.103.182.126
0.0.0.0 23.2.16.10
0.0.0.0 23.2.16.8
0.0.0.0 23.202.16.64
0.0.0.0 23.202.21.236
0.0.0.0 23.202.58.89
0.0.0.0 23.202.61.139
0.0.0.0 23.3.59.213
0.0.0.0 23.3.59.68
0.0.0.0 23.33.106.110
0.0.0.0 23.33.25.34
0.0.0.0 23.33.31.59
0.0.0.0 23.46.18.40
0.0.0.0 23.46.19.158
0.0.0.0 23.73.138.65
0.0.0.0 23.96.212.225
0.0.0.0 23.97.178.173
0.0.0.0 23.97.209.97
0.0.0.0 23.99.10.11
0.0.0.0 23.99.109.44
0.0.0.0 23.99.109.64
0.0.0.0 23.99.116.116
0.0.0.0 23.99.49.121
0.0.0.0 31.13.65.2
0.0.0.0 31.13.69.193
0.0.0.0 4.27.253.126
0.0.0.0 4.27.253.253
0.0.0.0 4.27.254.254
0.0.0.0 40.113.14.159
0.0.0.0 40.113.22.47
0.0.0.0 40.113.8.255
0.0.0.0 40.114.149.220
0.0.0.0 40.114.241.141
0.0.0.0 40.114.54.223
0.0.0.0 40.117.151.29
0.0.0.0 40.117.88.112
0.0.0.0 40.118.103.7
0.0.0.0 40.121.144.182
0.0.0.0 40.69.40.157
0.0.0.0 40.76.12.162
0.0.0.0 40.76.12.4
0.0.0.0 40.77.226.250
0.0.0.0 40.83.189.49
0.0.0.0 46.33.76.33
0.0.0.0 46.33.76.57
0.0.0.0 52.164.241.205
0.0.0.0 54.243.135.126
0.0.0.0 63.148.207.151
0.0.0.0 63.148.207.70
0.0.0.0 63.148.207.80
0.0.0.0 63.148.207.88
0.0.0.0 63.148.207.95
0.0.0.0 63.148.207.97
0.0.0.0 63.241.108.111
0.0.0.0 63.241.108.124
0.0.0.0 63.243.243.34
0.0.0.0 63.243.243.35
0.0.0.0 63.243.243.48
0.0.0.0 63.243.243.49
0.0.0.0 63.243.243.58
0.0.0.0 63.243.243.67
0.0.0.0 64.233.185.148
0.0.0.0 64.233.185.149
0.0.0.0 64.4.27.50
0.0.0.0 64.4.54.153
0.0.0.0 64.4.54.165
0.0.0.0 64.4.54.18
0.0.0.0 64.4.54.22
0.0.0.0 64.4.54.254
0.0.0.0 64.4.54.98
0.0.0.0 65.39.117.230
0.0.0.0 65.52.100.93
0.0.0.0 65.52.108.11
0.0.0.0 65.52.108.153
0.0.0.0 65.52.108.154
0.0.0.0 65.52.108.163
0.0.0.0 65.52.108.2
0.0.0.0 65.52.108.251
0.0.0.0 65.52.108.254
0.0.0.0 65.52.108.27
0.0.0.0 65.52.108.33
0.0.0.0 65.52.108.52
0.0.0.0 65.52.108.56
0.0.0.0 65.52.108.59
0.0.0.0 65.52.108.90
0.0.0.0 65.52.108.92
0.0.0.0 65.54.192.248
0.0.0.0 65.54.225.167
0.0.0.0 65.54.226.187
0.0.0.0 65.55.128.80
0.0.0.0 65.55.128.81
0.0.0.0 65.55.130.50
0.0.0.0 65.55.138.110
0.0.0.0 65.55.138.111
0.0.0.0 65.55.149.120
0.0.0.0 65.55.176.90
0.0.0.0 65.55.2.2
0.0.0.0 65.55.227.188
0.0.0.0 65.55.252.92
0.0.0.0 65.55.44.51
0.0.0.0 65.55.44.82
0.0.0.0 65.55.44.85
0.0.0.0 65.55.52.23
0.0.0.0 65.55.83.120
0.0.0.0 66.119.152.205
0.0.0.0 66.235.138.193
0.0.0.0 66.235.138.194
0.0.0.0 66.235.138.195
0.0.0.0 66.235.139.17
0.0.0.0 66.235.139.18
0.0.0.0 66.235.139.19
0.0.0.0 66.235.139.205
0.0.0.0 66.235.139.206
0.0.0.0 66.235.139.207
0.0.0.0 68.67.152.103
0.0.0.0 68.67.152.109
0.0.0.0 68.67.152.110
0.0.0.0 68.67.152.111
0.0.0.0 68.67.152.112
0.0.0.0 68.67.152.113
0.0.0.0 68.67.152.120
0.0.0.0 68.67.152.129
0.0.0.0 68.67.152.131
0.0.0.0 68.67.152.132
0.0.0.0 68.67.152.172
0.0.0.0 68.67.152.173
0.0.0.0 68.67.152.174
0.0.0.0 68.67.152.215
0.0.0.0 68.67.152.218
0.0.0.0 68.67.152.235
0.0.0.0 68.67.152.236
0.0.0.0 68.67.152.254
0.0.0.0 68.67.152.56
0.0.0.0 68.67.152.58
0.0.0.0 68.67.152.61
0.0.0.0 68.67.152.92
0.0.0.0 68.67.152.94
0.0.0.0 68.67.152.97
0.0.0.0 68.67.153.148
0.0.0.0 68.67.153.173
0.0.0.0 68.67.153.180
0.0.0.0 68.67.153.183
0.0.0.0 68.67.153.188
0.0.0.0 68.67.153.208
0.0.0.0 68.67.153.209
0.0.0.0 68.67.153.244
0.0.0.0 68.67.153.248
0.0.0.0 68.67.153.251
0.0.0.0 68.67.153.253
0.0.0.0 68.67.153.37
0.0.0.0 68.67.153.39
0.0.0.0 68.67.153.40
0.0.0.0 68.67.153.41
0.0.0.0 68.67.153.44
0.0.0.0 68.67.153.56
0.0.0.0 68.67.153.87
0.0.0.0 68.67.153.89
0.0.0.0 68.67.176.126
0.0.0.0 68.67.176.129
0.0.0.0 68.67.176.132
0.0.0.0 68.67.176.145
0.0.0.0 68.67.176.152
0.0.0.0 68.67.176.16
0.0.0.0 68.67.176.47
0.0.0.0 68.67.176.50
0.0.0.0 68.67.176.51
0.0.0.0 68.67.176.63
0.0.0.0 68.67.176.68
0.0.0.0 72.246.43.10
0.0.0.0 72.246.43.128
0.0.0.0 72.246.43.16
0.0.0.0 72.246.43.25
0.0.0.0 72.246.43.26
0.0.0.0 72.246.43.33
0.0.0.0 72.246.43.34
0.0.0.0 72.246.43.40
0.0.0.0 72.246.43.48
0.0.0.0 72.246.43.56
0.0.0.0 72.246.43.9
0.0.0.0 74.125.21.148
0.0.0.0 74.125.21.149
0.0.0.0 77.67.29.176
0.0.0.0 8.12.223.125
0.0.0.0 8.12.223.254
0.0.0.0 8.254.233.126
0.0.0.0 8.254.240.126
0.0.0.0 8.254.248.254
0.0.0.0 8.254.56.254
0.0.0.0 8.26.206.252
0.0.0.0 8.26.207.126
0.0.0.0 8.26.209.126
0.0.0.0 8.26.210.126
0.0.0.0 93.184.215.200
0.0.0.0 94.245.121.176
0.0.0.0 94.245.121.177
0.0.0.0 94.245.121.178
0.0.0.0 94.245.121.179
0.0.0.0 95.101.128.137
0.0.0.0 95.101.128.195
0.0.0.0 96.17.204.167
0.0.0.0 96.17.204.25

I hope you found this useful.!
udaugadid
2018-03-07, 04:52
Combofix never removed them either; only backed them up!
udaugadid
2018-03-07, 05:00
So far confirmed in a Windows 7 64 SP1 Machine and a Windows 10 machine; both on the same network. The 10 machine had 0&0 shutup-10 and blackbird protection. http://www.getblackbird.net/
udaugadid
2018-03-08, 04:19
"=" the character doesn't mean something. Since there is no value data under the entries, it displays as

"<routes>" ="null"

I have found no information regarding malware and Persistent routes anywhere.
I just want to reiterate, these unwanted injected entries are laid out in reverse compared to system entries.

"0.0.0.0,0.0.0.0,192.168.0.1,-1" (IP/Subnet/Gateway). vs "96.17.204.25,255.255.255.255,0.0.0.0,1"=""

What does this suggest? Seem like it suggests MY Ip and subnet mask is set as their address, that these routes are laid for me to connect to the internet through their addresses; or they are through mine, possibly through a form of device redirection; or reverse or perhaps bi-directional VPN

Suggestions welcome :) Thank you so much!
tashi
2018-03-08, 06:08
Hello udaugadid,

I read your thread (https://social.technet.microsoft.com/Forums/en-US/7a67c636-0ed7-4c30-896e-1123b7e7ac84/persistent-routes-329-suspicious-entries-in-tcpip-parameters-persistentroutes?forum=w7itprosecurity)at Microsoft TechNet and it appears a member of staff, (MSFT CSG) is testing and providing the results of her research?

Best regards.
udaugadid
2018-03-08, 12:30
Hello udaugadid,

I read your thread (https://social.technet.microsoft.com/Forums/en-US/7a67c636-0ed7-4c30-896e-1123b7e7ac84/persistent-routes-329-suspicious-entries-in-tcpip-parameters-persistentroutes?forum=w7itprosecurity)at Microsoft TechNet and it appears a member of staff, (MSFT CSG) is testing and providing the results of her research?

Best regards.

Shes probably a volunteer; hasn't alluded to or suggested anything to do with spying or malware like activity; though its pretty obvious to me its a massive route-redirection taking place by mostly Microsoft owned domains. Notice the key below DisableIPSourceRouting"=dword:00000002
was deactivated with a "\" injection.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters]
"ICSDomain"="mshome.net"
"SyncDomainWithMembership"=dword:00000001
"NV Hostname"="device"
"DataBasePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,72,69,76,65,72,73,5c,65,74,63,00
"ForwardBroadcasts"=dword:00000000
"Domain"=""
"Hostname"="device"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000000
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableIPAutoConfigurationLimits"=dword:00000001
"ArpCacheLife"=dword:00000708
"ArpCacheMinReferencedLife"=dword:00000e10
"ArpCacheSize"=dword:000000c8
"SynAttackProtect"=dword:00000001
"enableconnectionratelimiting"=dword:00000000
"MaxConnectionsPerServer"=dword:00000000
"NameSrvQueryTimeout"=dword:00000bb8
"Tcp1323Opts"=dword:00000001
"SackOpts"=dword:00000001
"TcpMaxDupAcks"=dword:00000002
"EnablePMTUDiscovery"=dword:00000001
"EnablePMTUBHDetect"=dword:00000001
"DisableTaskOffload"=dword:00000000
"IPEnableRouter"=dword:00000000
"EnableICMPRedirect"=dword:00000001
"EnableWsd"=dword:00000000
"QualifyingDestinationThreshold"=dword:00000003
"DefaultTTL"=dword:00000040
"IGMPLevel"=dword:00000000
"IPAutoconfigurationSubnet"=""
"IPAutoconfigurationMask"="????"
"ReservedPorts"=hex(7):31,34,33,33,2d,31,34,33,34,00,00
"\\DisableIPSourceRouting"=dword:00000002
"DhcpDomain"="hitronhub.home"
"DhcpNameServer"="192.168.0.1"
udaugadid
2018-03-08, 13:04
I believe to have found the source of the problem. Seems these may have been added by the application ancile, which I did run on my pc; the same list was found here:
and they suggest adding those IPS to the routing table.

https://wiki.installgentoo.com/index.php/Windows_10

Ancile is used to disable and block windows telemetry, though in the process may be doing something far more insidious.
udaugadid
2018-03-08, 13:25
Ok ancile is what is doing this; it blocks the same addresses in windows firewall, and the hosts file, then it adds them to the routing table in reverse; perhaps it is acting similar to a "hosts" file ; or making the pc directly accessible to microsoft and other corporations; I'm not sure. https://voat.co/v/Ancile/1677949

https://bitbucket.org/ancile_development/ancileplugin_networking/downloads/modify_Hosts.data.zip
https://bitbucket.org/ancile_development/ancileplugin_networking/downloads/modify_Routing.data.zip
https://bitbucket.org/ancile_develo...working/downloads/modify_WINFirewall.data.zip
udaugadid
2018-03-08, 14:16
Ok ancile is what is doing this; it blocks the same addresses in windows firewall, and the hosts file, then it adds them to the routing table in reverse; perhaps it is acting similar to a "hosts" file ; or making the pc directly accessible to microsoft and other corporations; I'm not sure. https://voat.co/v/Ancile/1677949

https://bitbucket.org/ancile_development/ancileplugin_networking/downloads/modify_Hosts.data.zip
https://bitbucket.org/ancile_development/ancileplugin_networking/downloads/modify_Routing.data.zip
https://bitbucket.org/ancile_develo...working/downloads/modify_WINFirewall.data.zip

Seems unlikely seeing that this blocks the addresses via firewall and hosts; the only way some form of reverse routing could take place is if persistent routes could bypass the firewall and hosts file; something I find highly unlikely.
udaugadid
2018-03-08, 15:08
Seems unlikely seeing that this blocks the addresses via firewall and hosts; the only way some form of reverse routing could take place is if persistent routes could bypass the firewall and hosts file; something I find highly unlikely.

Sources I see online suggest you can block Ip's using the routing table by pointing it to a bogus address; or a null route; 0.0.0.0 is a "non-routable" address.
for example:

in linux: route add 65.21.34.4 gw 127.0.0.1 lo
in windows: Route -p add 100.100.100.100 mask 255.255.255.255 192.168.100.51

This creates an entry in the registry

"100.100.100.100,255.255.255.255,192.168.100.51,1"

Different than the routes ancile uses; Can I get a confirmation from someone the entries listed by ancile do in fact block IP's and does not create a route between the given address and the host?

Sources:

https://www.techrepublic.com/article/tech-tip-block-access-to-web-sites
https://www.cyberciti.biz/tips/how-do-i-drop-or-block-attackers-ip-with-null-routes.html-with-the-route-command/
https://www.informit.com/articles/article.aspx?p=24375&seqNum=4
tashi
2018-03-08, 18:29
Hello udaugadid,


Shes probably a volunteer

"Microsoft CSG, MSFT CSG This affiliation is given to Vendors and/or Agency Temporary's who are contracted or assigned to Microsoft for specific services, deliverables or positions."

From your active topic (https://social.technet.microsoft.com/Forums/en-US/7a67c636-0ed7-4c30-896e-1123b7e7ac84/persistent-routes-329-suspicious-entries-in-tcpip-parameters-persistentroutes?forum=w7itprosecurity) at TechNet:


I suspect they are malicious. I'm not nor have I ever been part of some Microsoft network, so these entries should not be there.

My router is compromised. My families computers and devices can connect to the router but cannot get on the internet. My ISP has no idea what is wrong. Never had this issue in 10 years. Computer settings have not changed. I am only able to access the internet via VPN. I'm curious if these persistentroute injections are part of this hacking I've been experiencing for the last few months.

Please list:


The operating system
Other security programs installed
All issues with the computer's performance, not the TCPIP registry entries.




Combofix never removed them either; only backed them up!

Please see this sticky topic:
https://forums.spybot.info/showthread.php?16806-Please-do-not-run-ComboFix-without-being-asked

Also, is this a personal computer?

Best regards.

Edit
From your TechNet topic (https://social.technet.microsoft.com/Forums/en-US/7a67c636-0ed7-4c30-896e-1123b7e7ac84/persistent-routes-329-suspicious-entries-in-tcpip-parameters-persistentroutes?forum=w7itprosecurity).

I believe to have found the source of the problem. Seems these may have been added by the application ancile, which I did run on my pc; the same list was found here:
and they suggest adding those IPS to the routing table.

TechNet Responder:

Ok ancile is what is doing this; it blocks the same addresses in windows firewall, and the hosts file, then it adds them to the routing table in reverse; perhaps it is acting similar to a "hosts" file protecting the computer; or making the pc directly accessible to microsoft and other corporations (highly unlikely) https://voat.co/v/Ancile/1677949

Seeing that it blocks the ips via firewall & hosts, the routing table would have to be capable of bypassing these as well

Finally find the root cause, since the third-party software is out of our support scope, I really know less about Ancile.

It is really appreciated that you can mark the helpful suggestions and solutions as an answer, to help us close the thread.