capthcabreak.com & captchastop.com (67.212.69.230, AS10929 NETELLIGENT)

Whilst analyzing URL's in the malware DB, I noticed a URL with .sys, which are associated with Koobface. I decided to analyze the executable and noticed something interesting.The executable is UPX packed, and contains some interesting strings. Most notably, references to Facebook, captchastop.com and capthcabreak.com. The only things I could get from both of these domains, were a login page, so I