letmespy blog post
parent
1dab8c8d0b
commit
1e2b2648c9
|
@ -0,0 +1,107 @@
|
|||
---
|
||||
title: "#FuckStalkerware pt. 1 - the LetMeSpy hack"
|
||||
date: 2023-06-26
|
||||
description: "let the games begin"
|
||||
feature_image: /img/posts/fuckstalkerware-1/cover.jpg
|
||||
feature_alt: "a glitchy edited screenshot of the landing page for LetMeSpy"
|
||||
tags:
|
||||
- "#FuckStalkerware"
|
||||
- stalkerware
|
||||
- analysis
|
||||
- leak
|
||||
content_warnings:
|
||||
- mentions of abuse/controlling behaviour
|
||||
---
|
||||
|
||||
> the intro to this series can be found [here](/fuckstalkerware-0/)
|
||||
|
||||
a few days ago, while i was starting work on this very series, polish stalkerware company LetMeSpy (LMS) got completely pwned and had their databases dumped. the link to the file (`jaki_kraj_taki_finfisher.tar`) was sent my way, and i decided that this would be a fun thing to start this series off with, especially since so far this breach has been barely, if at all, reported on outside polish media.
|
||||
|
||||
## so what's in the dump?
|
||||
|
||||
the dump contains the following folder structure:
|
||||
|
||||
```bash
|
||||
drwxr-xr-x 0 root root 0 Jun 21 01:10 letmespy/
|
||||
-rw-r--r-- 0 root root 66347465 Jun 21 00:08 letmespy/lidwin_lms.sql.zst
|
||||
-rw-r--r-- 0 root root 191375 Jun 21 00:57 letmespy/decrypted_calls.csv.zst
|
||||
-rw-r--r-- 0 root root 648027 Jun 21 01:00 letmespy/decrypted_msg.csv.zst
|
||||
-rw-r--r-- 0 user users 772213 Jun 21 01:10 letmespy/users.csv.zst
|
||||
```
|
||||
|
||||
all the files are compressed using [zstandard](http://facebook.github.io/zstd/), and there is a full phpMyAdmin db dump (`lidwin_lms.sql.zst`), and csv files of decrypted call (`decrypted_calls.csv.zst`) and message (`decrypted_msg.csv.zst`) logs, as well as a convenient csv of user (operator) ids, emails and password hashes (`users.csv.zst`).
|
||||
|
||||
## oh, a users table 👀, who used this shit?
|
||||
|
||||
after a cursory glance over [all the domains used for user email addresses](/files/posts/fuckstalkerware-1/email-domains.txt), i've come to the following main conclusions:
|
||||
|
||||
- 3 government workers have signed up (two from malaysia, one from jordan)
|
||||
- D. Morrison from [broussard police](https://broussardpolice.com) has signed up
|
||||
- at least one person from a competing stalkerware product (which we will get to in due time in this series), has signed up, definitely no "advanced inspiration" happening here
|
||||
|
||||
after a cursory glance at the dumped database and call/message logs it however doesn't appear like any of the above users have actually really used the product in any capacity. another concering thing i noticed however in the list of email addresses/domains is just how many US college students appear to be using stalkerware such as this, though i guess it does fit the US college culture to be spying on partners in such a manner.
|
||||
|
||||
## what other stuff is there
|
||||
|
||||
alright, so obviously there is the message and call logs, revealing with whom and what all the spied on people have communicated, which so far i have not yet had the time to do a deep dive into, though i might wait with that in general until i have more datasets from various of these apps, but some interesting stuff in there:
|
||||
|
||||
- there is obviously logs of various drug trades happening
|
||||
- god so many people get trump campaign text messages
|
||||
- there is at least two instances (i only searched in english) of the stalkers admitting to their tracking and calling the person they're spying on out since they think they've just caught them cheating, eg:
|
||||
```csv
|
||||
id_msg,id_user,id_phone,type,ip_add,message,number,time_add,timestamp,doublecheck
|
||||
63644797,xxxxxx,xxxxxx,0,72.x.x.x,"You cheat, ",+1xxxxxxxxxx,2023-03-20 19:39:00,1679335679,xxxxxxxx
|
||||
63644798,xxxxxx,xxxxxx,0,72.x.x.x,"Your being Tracked I was told your you went to eat, and you r by sams ",+1xxxxxxxxxx,2023-03-20 19:39:00,1679335858,xxxxx
|
||||
```
|
||||
<small>*(redacted by me)*</small>
|
||||
- i never even really thought about how easy account takeover is with stalkerware installed on your victims phone, you can just request 2fa codes and use them, huh (this seems obvious now)
|
||||
|
||||
additionally available in the database are: geolocation logs, ip addresses for each log entry, ip addresses for the operators, phone model, android version, operator payment logs. this data also shows us that there is around 10000 phones registered to be surveilled via this software, though a large part of them seem to have never sent any activity updates.
|
||||
|
||||
what i also found in the database is global configuration for the site, which reveals that letmespy is run by [Rafał Lidwin](https://pl.linkedin.com/in/lidwin) ([lidwin@lidwin.pl](mailto:lidwin@lidwin.pl)), which tracks since (according to his linkedin) he's the CTO of [RADEAL](https://www.radeal.pl/), the company that according to the footer runs LMS, he's the first user to have signed up and lidwin appears all over the place.
|
||||
|
||||
```sql
|
||||
--
|
||||
-- Dumping data for table `glob__settings`
|
||||
--
|
||||
|
||||
INSERT INTO `glob__settings` (`id_setting`, `name`, `value`, `description`, `code`, `time_updated`, `time_add`) VALUES
|
||||
(1, 'default_name', 'Let Me Spy', NULL, 1, '2013-02-06 17:28:00', '0000-00-00 00:00:00'),
|
||||
(2, 'default_www', 'letmespy.com', NULL, 1, '2013-02-06 17:28:00', '0000-00-00 00:00:00'),
|
||||
(3, 'default_mail', 'support@letmespy.com', NULL, 1, '2013-02-06 17:28:00', '0000-00-00 00:00:00'),
|
||||
(9, 'mail_title', 'Let Me Spy', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(10, 'mail_default', 'support@letmespy.com', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(11, 'mail_reply', 'support@letmespy.com', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(12, 'mail_mailer', 'smtp', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(13, 'mail_host', 'lidwin.pl', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(14, 'mail_port', '25', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(15, 'mail_helo', 'lidwin.pl', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(16, 'mail_smtpauth', 'true', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(17, 'mail_username', 'support@letmespy.com', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(18, 'mail_password', 'xxxxxxxxxx', NULL, 2, '2013-01-11 13:52:00', '0000-00-00 00:00:00'),
|
||||
(53, 'company_name', 'Rafał Lidwin LIDWIN.PL', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(54, 'company_nip', '675-117-35-37', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(55, 'company_adress', 'ul. Reduta 11A/55', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(56, 'company_zip', '31-421', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(57, 'company_city', 'Kraków', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(58, 'company_bank_name', 'BreBank mBank', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(59, 'company_bank_account', '52 1140 2004 0000 3102 3016 6119', NULL, 3, '2013-08-29 09:36:00', '2013-05-24 14:17:00'),
|
||||
(60, 'KURS_DATA', '2023-06-19', NULL, 4, '2023-06-20 10:20:00', '2015-01-14 23:29:00'),
|
||||
(61, 'KURS_USD', '4,0680', NULL, 4, '2023-06-20 10:20:00', '2015-01-14 23:50:00'),
|
||||
(62, 'KURS_EUR', '4,4457', NULL, 4, '2023-06-20 10:20:00', '2015-01-14 23:50:00');
|
||||
|
||||
-- --------------------------------------------------------
|
||||
```
|
||||
<small>*(email password redacted by me)*</small>
|
||||
|
||||
## what are the ethics of stalkerware leaks like this
|
||||
|
||||
it is of course not nice that data collected by spyware without the victims consent is just publicized like this, there is still some nuance to this. there is barely any chance targets of stalkerware will ever be informed of breaches unless data about them leaks and third parties are able to do so. in this specific case it's not even *possible* for LMS to inform targets, since the app has no functionality to talk to targets/notify them as well as no self update mechanism. at best the company can inform operators of this breach and even that is doubtful. what's going to be interesting in this specific case is where the gdpr liability lies, is it on LMS or on the operators to inform victims, if we're lucky this could already be enough to bring them down.
|
||||
|
||||
furthermore as with any datasets of highly personal data, they're highly valuable to various investigative journalism. yes, this is data that ideally would not exist, but it existing means it can be analyzed in interesting ways. datasets of lots of received text messages and calls could reveal political influence campaigns and politicians attempts of buying votes, if high level persons have been spied on it could even reveal corruption, etc. i am of the opinion that most datasets can be used for good in the right hands even if they shouldn't exist at all. also the main thing these datasets will always also contain is information on the operators, on the people who use software such as this for spying on their partners, kids, employees, etc.
|
||||
|
||||
this obviously does not mean that there isn't also a massive potential for abuse of data such as this, which is why i will not be linking to any source of it. it's a hard topic to cover and i hope i can do it justice enough in this series, and hopefully dive more in depth on how these companies operate and not just in the data they collect, or this is gonna end up being very monotone.
|
||||
|
||||
## final notes
|
||||
|
||||
i have reached out to letmespy and rafał lidwin for comment for this post, but have not heard back so far, this story will be updated if i get a statement. furthermore i am still open for tips and leads regarding other stalkerware/watchware software vulnerabilities and leaks or insider infos, as well as requests for comments from journalists, [feel free to contact me](/contact/).
|
|
@ -0,0 +1,572 @@
|
|||
1234gmail.com
|
||||
123material.com
|
||||
126.com
|
||||
163.com
|
||||
24rumen.com
|
||||
824gmail.com
|
||||
abtec-egypt.com
|
||||
abv.bg
|
||||
actrix.co.nz
|
||||
adres.pl
|
||||
agrolivana.com
|
||||
aim.com
|
||||
airsoftcqb.com
|
||||
aisure.co.za
|
||||
akoption.com
|
||||
aksitservices.co.in
|
||||
alcorn.edu
|
||||
alice.de
|
||||
aljene.dk
|
||||
allbladez.com
|
||||
allhoursplumbingslc.com
|
||||
alsystem.pl
|
||||
amorki.pl
|
||||
anlubi.com
|
||||
aol.cim
|
||||
aol.com
|
||||
aosod.com
|
||||
apps.homewood.k12.al.us
|
||||
apps.Lcdoe.org
|
||||
appxapi.com
|
||||
aramex.com
|
||||
architectdeboeck.be
|
||||
aregods.com
|
||||
armstrong-tech.com
|
||||
armyspy.com
|
||||
arxxwalls.com
|
||||
asdooeemail.com
|
||||
asmgroup.pl
|
||||
asoflex.com
|
||||
atlas.sk
|
||||
att.net
|
||||
autograf.pl
|
||||
avc.edu
|
||||
azet.sk
|
||||
azrailangel.com
|
||||
barid.com
|
||||
bbox.fr
|
||||
bigpond.com
|
||||
bisongl.com
|
||||
bk.ru
|
||||
bogracz.pl
|
||||
bol.com.br
|
||||
botsoko.com
|
||||
bresnan.net
|
||||
brooklynprephs.org
|
||||
broussardpolice.com
|
||||
btinternet.com
|
||||
buziaczek.pl
|
||||
byom.de
|
||||
camvers.pl
|
||||
capitalcow.in
|
||||
carezam.org
|
||||
cdnqa.com
|
||||
cebaike.com
|
||||
cellc.blackberry.com
|
||||
centrum.cz
|
||||
centrum.sk
|
||||
centurylink.net
|
||||
centurytel.net
|
||||
ceoshub.com
|
||||
chotunai.com
|
||||
christopherdock.org
|
||||
chsvb.org
|
||||
cincinnatips.org
|
||||
citromail.hu
|
||||
clarke.k12.va.us
|
||||
cloud-mail.top
|
||||
cmail.com
|
||||
cmeinbox.com
|
||||
cnxcoin.com
|
||||
collinsongroup.com
|
||||
comcast.net
|
||||
consultant.com
|
||||
cosaxu.com
|
||||
cougarmail.collin.edu
|
||||
cox.net
|
||||
cream.pink
|
||||
crtsec.com
|
||||
cs.com
|
||||
CURRITUCK.K12.NC.US
|
||||
cytryna.pl
|
||||
dada.org
|
||||
deloitte.com
|
||||
dewareff.com
|
||||
digdig.org
|
||||
diratu.com
|
||||
dishcatfish.com
|
||||
divismail.ru
|
||||
dr.com
|
||||
dropjar.com
|
||||
duck.com
|
||||
dyzmond.com.pl
|
||||
E-mail.com
|
||||
earthlink.net
|
||||
ebs-paris.com
|
||||
ecu.edu
|
||||
ed.amdsb.ca
|
||||
edinel.com
|
||||
edlundco.com
|
||||
eheec.ac.ma
|
||||
Email.com
|
||||
email.cpcc.edu
|
||||
email.cz
|
||||
email.davenport.edu
|
||||
email.phoenix.edu
|
||||
emailkom.live
|
||||
embarqmail.com
|
||||
emiovdp.be
|
||||
emlhub.com
|
||||
entheos15.33mail.com
|
||||
episcopalacademy.org
|
||||
erc.gov.jo
|
||||
esprit.tn
|
||||
euro-print.hr
|
||||
eurokool.com
|
||||
excite.com
|
||||
facebook.com
|
||||
fandua.com
|
||||
free.fr
|
||||
frre.com
|
||||
fsouda.com
|
||||
fuwa.li
|
||||
fuwari.be
|
||||
g.horrycountyschools.net
|
||||
g.pl
|
||||
gail.co.in
|
||||
gaim.com
|
||||
gamail.com
|
||||
gamil.com
|
||||
gapps.sanford.org
|
||||
gazeta.pl
|
||||
gemail.com
|
||||
getnada.com
|
||||
gettempmail.com
|
||||
gimal.com
|
||||
gitmail.ovh
|
||||
gmai.com
|
||||
gmail.cm
|
||||
gmail.com
|
||||
gmail.com.com
|
||||
gmail.comdma
|
||||
gmail.con
|
||||
gmail.fr
|
||||
gmail.om
|
||||
gmailgmail.com
|
||||
gmaill.com
|
||||
gmal.com
|
||||
GMAOL.COM
|
||||
gmeil.com
|
||||
gmial.com
|
||||
gmil.com
|
||||
gmqil.com
|
||||
gmwil.com
|
||||
gmx.at
|
||||
gmx.com
|
||||
gmx.de
|
||||
gmx.fr
|
||||
gmx.us
|
||||
gnail.com
|
||||
go2.pl
|
||||
godmail.dk
|
||||
googlemail.com
|
||||
gou99.modernsailorclothes.com
|
||||
greenvilleschools.us
|
||||
grenvik.com
|
||||
grr.la
|
||||
gufum.com
|
||||
haizail.com
|
||||
hamline.edu
|
||||
haqed.com
|
||||
harbtrading.ro
|
||||
hawaii.edu
|
||||
hct.ac.ae
|
||||
hct.ae.ac
|
||||
hellospy.com
|
||||
hhcpa.com
|
||||
hi2.in
|
||||
hiwpt.edu.sa
|
||||
hot.pl
|
||||
hotma.com
|
||||
hotmai.fr
|
||||
hotmail.be
|
||||
hotmail.ca
|
||||
hotmail.ch
|
||||
hotmail.cim
|
||||
hotmail.co.il
|
||||
hotmail.co.nz
|
||||
hotmail.co.uk
|
||||
hotmail.co.za
|
||||
hotmail.com
|
||||
hotmail.de
|
||||
hotmail.es
|
||||
hotmail.fr
|
||||
hotmail.it
|
||||
hotmail.nl
|
||||
hotmil.com
|
||||
hpc.co.za
|
||||
hss.edu
|
||||
http200.net
|
||||
humboldtunified.com
|
||||
hutchdocs.com
|
||||
huvacliq.com
|
||||
icloud.com
|
||||
iclud.com
|
||||
icoud.com
|
||||
idea.adityabirla.com
|
||||
ig.com.br
|
||||
igmail.com
|
||||
iiserb.ac.in
|
||||
immi-visa.com
|
||||
inbox.lv
|
||||
inbox.ru
|
||||
indoxex.com
|
||||
inoksan.com.tr
|
||||
integratedliving.org.au
|
||||
interia.eu
|
||||
interia.pl
|
||||
interstone.pl
|
||||
ippals.com
|
||||
isd482.org
|
||||
isiam.ma
|
||||
isu.edu
|
||||
itsaustintaylor.com
|
||||
iucake.com
|
||||
iunicus.com
|
||||
jacobscalling.com
|
||||
jmail.com
|
||||
jmcz.net
|
||||
job-giant.com
|
||||
jobsfeel.com
|
||||
johor.gov.my
|
||||
joyandsanenterprises.co.ke
|
||||
jpms.pl
|
||||
juno.com
|
||||
kaimdr.com
|
||||
kent.edu
|
||||
keravision.co.za
|
||||
keyido.com
|
||||
kimo.com
|
||||
kittymail.com
|
||||
kkmail.be
|
||||
laestrella.cc
|
||||
laluxy.com
|
||||
lance7.com
|
||||
landworks.com
|
||||
lankew.com
|
||||
laposte.net
|
||||
laste.ml
|
||||
lausd.net
|
||||
learn.cssd.ab.ca
|
||||
leeching.net
|
||||
letmespy.com
|
||||
libero.it
|
||||
libertyhotelslara.com
|
||||
lidely.com
|
||||
lidwin.pl
|
||||
lilium-ds.com
|
||||
list.ru
|
||||
live.ca
|
||||
live.co.uk
|
||||
live.com
|
||||
live.com.au
|
||||
live.de
|
||||
live.dk
|
||||
live.fr
|
||||
live.in
|
||||
live.it
|
||||
live.nl
|
||||
live.no
|
||||
livingoal.net
|
||||
livjenkins.co.uk
|
||||
localmatterz.com
|
||||
logo-studio.pl
|
||||
logodez.com
|
||||
ltm.ma
|
||||
lubawa.com
|
||||
luxeic.com
|
||||
lyft.live
|
||||
maazios.com
|
||||
macr2.com
|
||||
mail.bg
|
||||
mail.com
|
||||
mail.ru
|
||||
mail.usf.edu
|
||||
mailinator.com
|
||||
mailna.biz
|
||||
mailnesia.com
|
||||
maricopa.edu
|
||||
mc-students.org
|
||||
me.com
|
||||
mein.gmx
|
||||
mel-min.k12.wi.us
|
||||
midlothianhealthcare.com
|
||||
migonom.com
|
||||
mirai.re
|
||||
moakt.com
|
||||
mobileemail.vodafonesa.co.za
|
||||
moemer.com
|
||||
mohmal.com
|
||||
mohmal.in
|
||||
mohmal.tech
|
||||
moimoi.re
|
||||
mot.gov.my
|
||||
mozmail.com
|
||||
msd1.org
|
||||
msn.com
|
||||
mtec.ac.in
|
||||
mtn.blackberry.com
|
||||
my.com
|
||||
my.lowercolumbia.edu
|
||||
my.stlcc.edu
|
||||
my.tccd.edu
|
||||
my10minutemail.com
|
||||
mydit.ie
|
||||
mylife.unisa.ac.za
|
||||
myself.com
|
||||
myway.com
|
||||
myyahoo.com
|
||||
naver.com
|
||||
netmadeira.com
|
||||
netronic.co.uk
|
||||
netscape.net
|
||||
netzero.com
|
||||
netzero.net
|
||||
nibbanksc.com
|
||||
nightorb.com
|
||||
nlcg.com
|
||||
nokiamail.com
|
||||
nomadaquatic.com
|
||||
ntlworld.com
|
||||
null.net
|
||||
o2.pl
|
||||
oddluzamy.nieruchomosci.pl
|
||||
ohdmenh.com
|
||||
ok.de
|
||||
onet.eu
|
||||
onet.pl
|
||||
op.pl
|
||||
opoczta.pl
|
||||
optonline.net
|
||||
orange.fr
|
||||
orange.pl
|
||||
orgria.com
|
||||
otodir.com
|
||||
outlock.com
|
||||
outlook.be
|
||||
outlook.co.nz
|
||||
outlook.com
|
||||
outlook.com.au
|
||||
outlook.de
|
||||
outlook.es
|
||||
outlook.fr
|
||||
outlook.it
|
||||
outlook.sa
|
||||
outlookl.com
|
||||
outlouk.com
|
||||
partyka.nazwa.pl
|
||||
passwordsmeasurement3.com
|
||||
pavilionx2.com
|
||||
peoplepc.com
|
||||
petalmail.com
|
||||
pimmel.top
|
||||
pitt.edu
|
||||
pm.me
|
||||
pma.ph
|
||||
poczta.fm
|
||||
poczta.onet.pl
|
||||
poczta.pl
|
||||
post.cz
|
||||
probdd.com
|
||||
proexbol.com
|
||||
programmer.net
|
||||
proton.me
|
||||
protonmail.ch
|
||||
protonmail.com
|
||||
psdr3.k12.co.us
|
||||
psu.edu
|
||||
pubpng.com
|
||||
q.com
|
||||
qip.ru
|
||||
qmail.com
|
||||
qq.com
|
||||
qqhow.com
|
||||
quickdealherbal.com
|
||||
qwert.com
|
||||
radeal.pl
|
||||
rambler.ru
|
||||
randrai.com
|
||||
ratedane.com
|
||||
rdcrs.ca
|
||||
reborn.com
|
||||
rediffmail.com
|
||||
redingtongulf.com
|
||||
rentokil-initial.com
|
||||
restoration1.com
|
||||
richland2.org
|
||||
riseup.net
|
||||
rocketmail.com
|
||||
rocketship.com
|
||||
rogucki.pl
|
||||
roweandclark.org
|
||||
RTN.ORG
|
||||
rtotlmail.com
|
||||
rtotlmail.net
|
||||
rury.katowice.pl
|
||||
rzbmroz.pl
|
||||
s2services.com
|
||||
safe-mail.net
|
||||
sapo.pt
|
||||
sappbros.net
|
||||
sayson.us
|
||||
sbcglobal.net
|
||||
scdsb.on.ca
|
||||
sd1525.org
|
||||
sendnow.win
|
||||
service-it.dz
|
||||
seznam.cz
|
||||
sfr.fr
|
||||
sgischool.in
|
||||
shardamotor.com
|
||||
sharklasers.com
|
||||
sina.com
|
||||
singledigit.net
|
||||
sky.com
|
||||
smartpoland.pl
|
||||
snhu.edu
|
||||
sofiafontaine.com
|
||||
somana.ma
|
||||
sop2.com
|
||||
sopulit.com
|
||||
spam4.me
|
||||
spoko.pl
|
||||
spy.com
|
||||
starmelb.catholic.edu.au
|
||||
stewartlawfirm.com
|
||||
stlpcs.org
|
||||
stu.boone.kyschools.us
|
||||
student.ccs.k12.nc.us
|
||||
student.escc.edu
|
||||
student.kws.nsw.edu.au
|
||||
student.oregoncs.org
|
||||
student.purdueglobal.edu
|
||||
student.skiatookschools.org
|
||||
students.alvinisd.net
|
||||
students.clark.edu
|
||||
students.dacc.edu
|
||||
students.ecps.us
|
||||
students.ecsu.edu
|
||||
students.ku.ac.ke
|
||||
suffolk.edu
|
||||
sunpass.fr
|
||||
superblohey.com
|
||||
svce.edu.in
|
||||
swissmail.com
|
||||
t-online.de
|
||||
t-online.hu
|
||||
t.pl
|
||||
tadipexs.com
|
||||
tajwork.com
|
||||
talktalk.net
|
||||
tanieocac.pl
|
||||
tanmeyah.com
|
||||
taylormidwest.com
|
||||
teamworktr.com
|
||||
tedace.com
|
||||
teknowa.com
|
||||
tele2.nl
|
||||
telegmail.com
|
||||
teleworm.us
|
||||
thrma.com
|
||||
tiffin.edu
|
||||
tiscali.it
|
||||
tlen.pl
|
||||
tmmbt.net
|
||||
tmomail.com
|
||||
toerkmail.com
|
||||
tqosi.com
|
||||
trbvm.com
|
||||
trbvn.com
|
||||
tuks.co.za
|
||||
turuma.com
|
||||
tuta.io
|
||||
tutanota.com
|
||||
twain239.org
|
||||
ualr.edu
|
||||
uascs.org
|
||||
uk.pl
|
||||
unicsite.com
|
||||
unitechta.edu
|
||||
upng.ac.pg
|
||||
usa.com
|
||||
usharer.com
|
||||
usmba.ac.ma
|
||||
utectulancingo.edu.mx
|
||||
vaband.com
|
||||
villaexperience.com
|
||||
vip.onet.pl
|
||||
vip.qq.com
|
||||
virginmedia.com
|
||||
vivaldi.net
|
||||
voila.fr
|
||||
volny.cz
|
||||
vp.pl
|
||||
vu.edu.pk
|
||||
vusra.com
|
||||
vzwpix.com
|
||||
w.cn
|
||||
walla.co.il
|
||||
walla.com
|
||||
wayne.edu
|
||||
Wcontractors.com
|
||||
web.de
|
||||
wentstravel.com
|
||||
wigstonstudents.org
|
||||
willwesleynfl.com
|
||||
windermere.com
|
||||
windowslive.com
|
||||
wir.pl
|
||||
wiroute.com
|
||||
wp.eu
|
||||
wp.pl
|
||||
wp.pl-locked
|
||||
wwgoc.com
|
||||
xcoxc.com
|
||||
xegge.com
|
||||
xs4all.nl
|
||||
yahoo.ca
|
||||
yahoo.cm
|
||||
yahoo.co.id
|
||||
yahoo.co.in
|
||||
yahoo.co.nz
|
||||
yahoo.co.uk
|
||||
yahoo.com
|
||||
yahoo.com.ar
|
||||
yahoo.com.au
|
||||
yahoo.com.br
|
||||
yahoo.com.my
|
||||
yahoo.com.ph
|
||||
yahoo.com.uk
|
||||
yahoo.con
|
||||
yahoo.coom
|
||||
yahoo.de
|
||||
yahoo.es
|
||||
yahoo.fr
|
||||
yahoo.ie
|
||||
yahoo.in
|
||||
yahoo.it
|
||||
yahoo.pl
|
||||
yahoo.se
|
||||
yandex.com
|
||||
yandex.ru
|
||||
yastle.com
|
||||
yen.com.gh
|
||||
ymail.com
|
||||
yopmail.com
|
||||
yopmail.org
|
||||
zm.jsi.com
|
||||
znajomi.pl
|
||||
zoho.com
|
||||
zohomail.com
|
||||
zoznam.sk
|
||||
zsp2zyrardow.pl
|
Binary file not shown.
After Width: | Height: | Size: 286 KiB |
Loading…
Reference in New Issue