http://www.castlecops.com/t192663-http_69_61_99_66_3_php.html
http://www.robtex.com/cnet/208.72.168.html
http://www.secureworks.com/research/threats/ozdok/?threat=ozdok
aaauaa.info - same netblock
faq.890m.com
208.72.168.140 8181
http://threatexpert.com/reports.aspx?find=208.72.168.40
208.72.168.40 on port 533
http://threatexpert.com/reports.aspx?find=208.72.168
208.72.168.40/404.txt
208.72.168.40/cr.dat
Result: 22/28 (78.58%) Trojan.Proxy.Saturn.F
File size: 36864 bytes
MD5: 49e23bdba56e0a52578341181b4faf7b
SHA1: 50fb2726dec1efb15723d93db8dce1a60df676a5
208.72.169.54
208.72.169.55
208.72.169.15
208.72.168.52
208.72.168.97
208.72.169.15
208.72.168.164
208.72.168.76
centerkras-tv.tv
iloveeverybody.kz
iloveeverybody.tj
lansetcommunication.info
lansetcommunication.biz
lanset2007.com
centerkras-tv.name
centerkras-tv.info
centerkras-tv.biz
vaznyjdomen.info
http://vaznyjdomen.info/affcgi/online.fcgi?20199:0
http://vaznyjdomen.info/gallery20199/xpsystem/rxs.ini.php
http://lyalyabum.info/affcgi/online.fcgi?20199:0
http://lyalyabum.info/gallery20199/xpsystem/rxs.ini.php
http://lohotronschik.info/affcgi/online.fcgi?20199:0
http://lohotronschik.info/gallery20199/xpsystem/rxs.ini.php
http://lyalyabum.info/affcgi/try.fcgi?20199
http://vaznyjdomen.info/affiliate/interface3.php?userid=20199
http://vaznyjdomen.info/affiliate/interface3.php?userid=20199
http://vaznyjdomen.info/affcgi/online.fcgi?20199:1
http://vaznyjdomen.info/xxmm.exe
http://lyalyabum.info/affcgi/online.fcgi?20199:1
http://lyalyabum.info/xxmm.exe
http://lohotronschik.info/affcgi/online.fcgi?20199:1
http://lohotronschik.info/xxmm.exe
Dear blog readers I wanted to take the time and effort and summarize all the currently related news media articles referencing me and my research throughout the period - 2008-2013 and wanted to express my gratitude to everyone who approached me seeking my assistance in an upcoming news article including those who participated in the search for me circa 2010 and I wanted to let everyone know that users interested in approaching me regarding potential news stories including conference presentations and possible threat intell requests can approach me at disruptive.individuals@gmail.com
Stay tuned!
Research and News Articles covering my research and referencing me throughout - 2008:
- Russian hacker 'militia' mobilizes to attack Georgia
- Fraudsters Target Facebook With Phishing Scam
- Fake Microsoft e-mail contains Trojan virus
- Hackers expand massive IFRAME attack to prime sites
- Hackers infiltrate Google searches
- Hackers expand massive IFrame attack to prime sites
- Hackers knocked Comcast.net offline
- Adobe investigates Flash Player attacks
- High-tech bank robbers phone it in
- Attackers booby-trap searches at top Web sites
- Carpet bombing networks in cyberspace
- Storm worm e-mail says U.S. attacked Iran
- India's underground CAPTCHA-breaking economy
- Domain Name Record Altered to Hack Comcast.net
- Google searchers could end up with a new type of bug
- Ongoing IFrame attack proving difficult to kill
- Hackers expand massive IFRAME attack to prime sites
- Danchev: The small pack Web malware exploitation kit
- Danchev: Massive SQL injection the Chinese way
- CAPTCHAs are dead - new research from Dancho Danchev confirms it
- Hackers infiltrate Google searches
- Massive faux-CNN spam blitz uses legit sites to deliver fake Flash
- Faked CNN spam blitz pushes fake Flash
- Danchev: Anti-fraud site DDOS attack
- Sony PlayStation site victim of SQL-injection attack
- Fake CNN Alert Still Spreading Malware
- Look Ma, I'm on CIA.gov
- Green Dam exploit in the wild
- “In gaz we trust”: a fake Russian energy company facilitating cybercrime
- Don’t pay your ransom via SMS
- NYT scareware scam linked to click fraud botnet
- Danchev: A crimeware developer's to-do list
- Danchev rained on my scareware campaign
- Is “aggregate-and-forget” the future of cyber-extortion?
- NYT scareware scam linked to click fraud botnet
- Microsoft declares war on 'scareware'
- Don’t pay your ransom via SMS
- Twitter warms up malware filter
- What's really the safest Web Browser?
- With Unrest in Iran, Cyber-attacks Begin
- Zeus bot found using Amazon's EC2 as C&C server
- Firefox add-on encrypts sessions with Facebook, Twitter
- Watch out for malware with those pretty Mac screensavers
- Months-old Skype vulnerability exploited in the wild
- Danchev: Money mule recruiters
- Cybercrime's bulletproof hosting exposed
- Malware Threatens to Sue BitTorrent Downloaders
- Firefox add-on encrypts sessions with Facebook, Twitter
- Chuck Norris Botnet Karate-chops Routers Hard
Research and News Articles covering my research and referencing me throughout - 2011:
- Kaspersky disputes McAfee's Shady Rat report
- Has EV-SSL Growth Been Slow?
- Report: Vishing Attack Targets Skype Users
Research and News Articles covering my research and referencing me throughout - 2012:
- Fake UPS notices deliver malware
- ZeuS/Zbot Trojan Spread Through Rogue US Airways Email
- New Skype malware threat reported: Poison Ivy
- Five Koobface botnet suspects named by New York Times
- Virtual jihad: How real is the threat?
- Is the death knell sounding for traditional antivirus?
- Can the Nuclear exploit kit dethrone Blackhole?
- Experts split over regulation for bounty-hunting bug sniffers
- Spammers Using Fake YouTube Notifications to Peddle Drugs
- Adele Bests Adderall As Affiliate Spammers Offer Music Downloads
- Bulgarian sleuth unveils botnet operators
- Fake PayPal Emails Distributing Malware
- Web Gang Operating in the Open
- ZeuS/Zbot Trojan Spread Through Rogue US Airways Email
- Buy 500 hacked Twitter accounts for less than a pint
- NBC.com Hacked, Infected With Citadel Trojan
Research and News Articles covering my research and referencing me throughout - 2013:
- How Much Does A Botnet Cost?
- Automated YouTube account generator offered to cyber crooks
- Upgraded Modular Malware Platform Released in Black Market
- Deconstructing the Al-Qassam Cyber Fighters Assault on US Banks
- NBC hack infects visitors in 'drive by' cyberattack
- Bitcoins are being traded for hack tools
- New DIY Google Dorks Based Hacking Tool Released
- Hacking The TDoS Attack
- Mass website hacking tool alerts to dangers of Google dorks
- Cybercrime service automates creation of fake scanned IDs
- Spammers unleash DIY phone number slurping web tool
- Spam email contains malware, not Apple gift card
- APT1, that scary cyber-Cold War gang: Not even China's best
- Mass website hacking tool alerts to dangers of Google dorks
- C&C PHP script for staging DDoS attacks sold on underground forums
- Russian Malware-as-a-Service Offers Up Server Rentals for $240 a Pop
- Java exploit kit sells for $40 per day
- Buggy DIY botnet tool leaks in black market
- New DIY Google Dorks Based Hacking Tool Released
- Botnets for rent, criminal services sold in the underground market
- Spam email contains malware, not Apple gift card
Historical OSINT - Profiling a Currently Circulating Malicious and Fraudulent Spam Campaign
- September 20, 2019abrie.in
agros.in
alldh.in
alodh.in
anrio.in
antsd.in
aoxtv.in
appsd.in
aquui.in
arrie.in
arsdh.in
balsd.in
barui.in
bikey.in
bkpuo.in
bleui.in
brayx.in
broyx.in
brusd.in
bryhw.in
butui.in
butuo.in
butyx.in
cated.in
cedhw.in
chrie.in
chrio.in
cirui.in
clrio.in
cogoo.in
conuo.in
conyx.in
corie.in
curie.in
cusnv.in
czkey.in
degoo.in
dennv.in
dugoo.in
eagoo.in
eboyx.in
ecrio.in
ectuo.in
edbal.in
edban.in
ederc.in
ederm.in
edger.in
edimp.in
edois.in
elrio.in
enguo.in
eprio.in
eqrio.in
esrie.in
fakey.in
fegoo.in
fibnv.in
foryx.in
franv.in
fraos.in
garie.in
glouo.in
guinv.in
habsd.in
hecuo.in
hekey.in
humos.in
hygos.in
hyrie.in
imbos.in
intsd.in
ionnv.in
jamsd.in
jobos.in
kykey.in
latuo.in
leunv.in
linuo.in
liuyx.in
makey.in
moosd.in
naios.in
nvenc.in
oscog.in
osenc.in
oserr.in
osmac.in
osmot.in
ospor.in
ossce.in
ossio.in
ostab.in
ostac.in
ostio.in
ostom.in
ouned.in
purnv.in
pxdmx.in
ragew.in
rekey.in
relsd.in
retnv.in
saled.in
sated.in
scoos.in
sdali.in
sdall.in
sdayb.in
sdaye.in
sdayo.in
sdene.in
sdich.in
sdome.in
seedw.in
shkey.in
smoed.in
soted.in
spios.in
spkey.in
stteop.in
sunyx.in
sydos.in
teaed.in
thynv.in
ugiyx.in
uinei.in
uinge.in
uiren.in
uirin.in
uisap.in
uisee.in
uisma.in
uitem.in
uithi.in
uityp.in
uityr.in
varyx.in
veged.in
wakey.in
whasd.in
wimed.in
woonv.in
yokey.in
yxiac.in
yxial.in
yxiam.in
anrio.in
antsd.in
appsd.in
arsdh.in
barui.in
bkpuo.in
bleui.in
brayx.in
broyx.in
brusd.in
bryhw.in
butui.in
butuo.in
butyx.in
cirui.in
cogoo.in
conuo.in
conyx.in
cusnv.in
czkey.in
degoo.in
dugoo.in
ecrio.in
ectuo.in
ederm.in
edger.in
edimp.in
edois.in
elrio.in
enguo.in
eqrio.in
fibnv.in
glouo.in
habsd.in
hecuo.in
hekey.in
hygos.in
imbos.in
intsd.in
ionnv.in
jamsd.in
latuo.in
linuo.in
makey.in
oscog.in
oserr.in
osmac.in
osmot.in
ospor.in
ossce.in
ossio.in
ostab.in
ostac.in
ostio.in
ouned.in
purnv.in
pxdmx.in
rekey.in
relsd.in
retnv.in
scoos.in
sdali.in
sdome.in
shkey.in
spkey.in
sydos.in
thynv.in
ugiyx.in
uirin.in
uisap.in
uitem.in
uithi.in
uithi.in
uityp.in
uityr.in
varyx.in
wakey.in
yokey.in
yxiac.in
yxial.in
anrio.in
brayx.in
broyx.in
brusd.in
butuo.in
butyx.in
cogoo.in
conyx.in
eboyx.in
ederm.in
edois.in
foryx.in
liuyx.in
moosd.in
oserr.in
ossce.in
ostom.in
purnv.in
ragew.in
relsd.in
retnv.in
sdali.in
seedw.in
shkey.in
spkey.in
thynv.in
uitem.in
wakey.in
yxial.in
Massive Portfolio of APT (Advanced Persistent Threat) and RAT (Remote Access Tools) Domains Spotted in the Wild - An Analysis
- September 20, 2019
In this post I'll provide actionable intelligence on some of the most popular RAT (Remote Access Tools) currently utilized for APT (Advanced Persistent Threat) type of nation-state sponsored and tolerated cyber espionage themed campaigns including an in-depth discussion on a massive domain portfolio of currently active C&C server IPs known to have participated in a variety of APT (Advanced Persistent Threat) type of cyber espionage campaigns throughout 2015-2019.
Among the most popular APT (Advanced Persistent Threat) and Remote Access Tools (RATs) releases based on my public and proprietary sensor network remain the following currently obtainable commercial and publicly obtainable tools:
- Casa RAT
- Bandook RAT
- Dark Comet Rat
- Cerberus
- Cybergate
- Blackshades
- Poison Ivy
- Schwarze Sonne RAT
- Syndrome RAT
- Team Viewer
- Y3k RAT
- Snoopy
- 5p00f3r.N$ RAT
- SpyNet
- P. Storrie RAT
- Turkojan Gold
- Bifrost
- Beast
- Shark
- Pain RAT
- xHacker Pro RAT
- Seed RAT
- Optix Pro RAT
- Dark Moon
- NetDevil
- Deeper RAT
- MiniMo RAT
- Alusinus RAT v0.8
- Babylon 1.6.0.0
- Bozok 1.4.3
- BX RAT v1.0
- Cloud Net RAT
- Comet RAT v0.1.4
- Coringa-RAT v0.1
- Crimson 3.0.0
- Crimson RAT 2.2.6
- ctOs 1.3.0.0
- CyberGate v1.01.12
- Dark Comet 5.3
- DarkComet Legacy
- DH Rat 0.3
- D-RAT
- Frutas RAT v0.9
- Greame RAT v1.9
- HAKOPS RAT v2
- Imminent Monitor 3.9.0.0
- Imperium RAT Cracked
- jRat
- jSpy
- jSpy RAT v0.09
- KilerRat V 10.0.0
- L6-RAT Beta
- Maus 2.0b
- Mega RAT 1.5 Beta
- MLRAT
- MQ5 RAT
- NanoCore 1.2.2.0
- NingaliNET v1.1.0.0
- NjRAT 0.7
- njRAT v0.8d By Nasser2012
- njworm
- NovaLite v3.0
- Nuclear RAT 2.1.0
- Orion RAT 0.9 Free
- Pandora RAT V1.1
- Paradox RAT
- Proton 1.1.0.6
- pupy-master
- Poison Ivy
- Quasar 1.1 + Source
- QuasarRAT v1.3.0.0
- Rabbit-Hole Autoit RAT v1.0 Beta 2
- Revenge RAT v0.1
- SkyWyder 2.2
- Spycronic 1.02.1
- Spygate 2.6
- SpyGate-RAT 3.3
- SpyNet 0.7 Public
- Spy-Net v2.6
- Turkojan 4.0 Gold
- ucuL v1.1
- Vantom RAT
- Virus Rat v8.0 Beta
- Xena Rat 2.0
- xRAT 2.0
hxxp://009boot.ddns.net/
hxxp://104.144.198.115/
hxxp://105.105.104.198/
hxxp://105.105.173.58/
hxxp://105.105.185.105/
hxxp://109.201.189.13/
hxxp://111.221.29.254/
hxxp://115.126.219.31/
hxxp://118.26.141.209/
hxxp://118.26.141.210/
hxxp://122.46.15.164/
hxxp://123unk123.ddns.net/
hxxp://13.124.168.74/
hxxp://130.25.242.66/
hxxp://133katelinn.hopto.org/
hxxp://138.130.206.150/
hxxp://139.162.175.167/
hxxp://141.255.159.3/
hxxp://149.129.133.195/
hxxp://149.3.143.104/
hxxp://151.101.2.110/
hxxp://160.202.163.243/
hxxp://167.108.52.154/
hxxp://167.116.22.242/
hxxp://167.116.32.152/
hxxp://167.116.48.151/
hxxp://167.99.251.51/
hxxp://177.130.49.118/
hxxp://178.54.139.105/
hxxp://179.125.62.162/
hxxp://179.221.42.45/
hxxp://18.218.228.132/
hxxp://180.68.114.205/
hxxp://181.214.55.23/
hxxp://181.46.172.191/
hxxp://181.52.105.187/
hxxp://185.125.205.81/
hxxp://185.125.205.91/
hxxp://185.148.241.58/
hxxp://185.208.211.235/
hxxp://185.209.85.74/
hxxp://185.254.183.115/
hxxp://185.31.161.186/
hxxp://185.56.90.77/
hxxp://185.81.157.24/
hxxp://185.82.216.57/
hxxp://185.84.181.89/
hxxp://186.118.110.209/
hxxp://186.118.111.142/
hxxp://188.165.224.26/
hxxp://188.2.137.168/
hxxp://188.54.182.240/
hxxp://188.54.184.36/
hxxp://188.66.7.124/
hxxp://188.72.104.64/
hxxp://188.83.129.33/
hxxp://189.47.113.180/
hxxp://189.47.114.215/
hxxp://191.101.22.196/
hxxp://192.169.69.25/
hxxp://194.182.73.173/
hxxp://194.5.98.56/
hxxp://197.207.219.206/
hxxp://2.20.242.8/
hxxp://2.21.242.237/
hxxp://201.208.105.81/
hxxp://202.195.210.218/
hxxp://204.44.78.113/
hxxp://211.108.133.241/
hxxp://211.44.166.16/
hxxp://212.129.42.206/
hxxp://212.133.210.232/
hxxp://212.47.247.76/
hxxp://212.7.208.105/
hxxp://212.83.170.126/
hxxp://213.183.58.39/
hxxp://213.208.129.200/
hxxp://217.103.124.136/
hxxp://218.204.141.228/
hxxp://220.124.23.84/
hxxp://23.105.131.162/
hxxp://25.66.198.77/
hxxp://34.211.181.161/
hxxp://35.176.10.40/
hxxp://37.104.186.158/
hxxp://37.115.47.107/
hxxp://41.101.5.34/
hxxp://41.102.235.191/
hxxp://41.58.69.217/
hxxp://41.58.96.58/
hxxp://43.254.134.157/
hxxp://45.76.87.6/
hxxp://46.164.167.42/
hxxp://46.246.5.130/
hxxp://46.246.85.131/
hxxp://5.101.170.159/
hxxp://5.187.49.231/
hxxp://5.188.231.235/
hxxp://5.34.183.64/
hxxp://52.138.216.83/
hxxp://52.87.114.116/
hxxp://56d8a1a6.hopto.org/
hxxp://60.10.0.13/
hxxp://62.235.139.42/
hxxp://63.237.57.222/
hxxp://65.184.25.147/
hxxp://66fmicro.duckdns.org/
hxxp://68.53.163.100/
hxxp://6alexander9.ddns.net/
hxxp://76.73.114.50/
hxxp://77.139.164.191/
hxxp://77.48.28.227/
hxxp://78.12.174.157/
hxxp://78.12.177.32/
hxxp://78.130.176.162/
hxxp://79.134.225.116/
hxxp://81.231.10.43/
hxxp://81.61.79.44/
hxxp://84.151.157.38/
hxxp://85.110.45.5/
hxxp://87.11.97.192/
hxxp://89.134.165.187/
hxxp://90.96.103.203/
hxxp://92.122.53.40/
hxxp://92.222.112.70/
hxxp://94.183.210.219/
hxxp://94.237.28.110/
hxxp://95.100.252.51/
hxxp://95.154.199.21/
hxxp://a5la8y1201.ddns.net/
hxxp://aa123.zapto.org/
hxxp://aaaa5.hopto.org/
hxxp://abdodz.ddns.net/
hxxp://abdou1234.hopto.org/
hxxp://abdulla244.myftp.biz/
hxxp://abidas2018.ddns.net/
hxxp://abo6na.no-ip.org/
hxxp://abrilparadon.duckdns.org/
hxxp://adidas2018.ddns.net/
hxxp://aditrix.ddns.net/
hxxp://adminirq.no-ip.biz/
hxxp://adsfca.duckdns.org/
hxxp://agbero.duckdns.org/
hxxp://ahlanc500.zapto.org/
hxxp://ahmad025.ddns.net/
hxxp://ahmed461.ddns.net/
hxxp://ahmedhero2020.zapto.org/
hxxp://ahmedmhmed4711.ddns.net/
hxxp://ahmedstar123.ddns.net/
hxxp://ahmetabis.duckdns.org/
hxxp://akramhbcl.ddns.net/
hxxp://alaa170.hopto.org/
hxxp://aldiwani.no-ip.biz/
hxxp://alemania.duckdns.org/
hxxp://alger07.ddns.net/
hxxp://ali11.sytes.net/
hxxp://ali123.ddns.net/
hxxp://alicemedrado.no-ip.org/
hxxp://alihacker2018.no-ip.biz/
hxxp://alihazm2017.no-ip.biz/
hxxp://aliking123.ddns.net/
hxxp://alisami.hopto.org/
hxxp://alkal.publicvm.com/
hxxp://almlk.ddns.net/
hxxp://alone.sytes.net/
hxxp://alsha2e.zapto.org/
hxxp://am22am.ddns.net/
hxxp://amana1.duckdns.org/
hxxp://ambush.ddns.net/
hxxp://amerkad19.ddns.net/
hxxp://aminesaflo.hopto.org/
hxxp://amjad.no-ip.org/
hxxp://amma.myftp.biz/
hxxp://ammar906klashnkof.myq-see.com/
hxxp://anahowa.duckdns.org/
hxxp://anamzh.ddns.net/
hxxp://android68.ddns.net/
hxxp://andynox2018.myddns.me/
hxxp://annonymous1921.ddns.net/
hxxp://anonyklax.duckdns.org/
hxxp://anonymato.duckdns.org/
hxxp://anonymous1999.hopto.org/
hxxp://anonymoushora032.ddns.net/
hxxp://aoa.myq-see.com/
hxxp://apatednsnet.duckdns.org/
hxxp://arabyouman.sytes.net/
hxxp://arielpica.ddns.net/
hxxp://asd10.ddns.net/
hxxp://asdaasda.ddns.net/
hxxp://assurancework.ddns.net/
hxxp://avast666.duckdns.org/
hxxp://azeezdeaf1122.ddns.net/
hxxp://azeezdeaf1996.hopto.org/
hxxp://azzaenstp.no-ip.biz/
hxxp://b3d3h3ckd.ddns.net/
hxxp://bachir12345.hopto.org/
hxxp://badnulls.hopto.org/
hxxp://barakat.servegame.com/
hxxp://basyouni4.ddns.net/
hxxp://bbus19.ddns.net/
hxxp://becharakam.ddns.net/
hxxp://bedwipro987.ddns.net/
hxxp://bellevie.duckdns.org/
hxxp://benjamin1996.ddns.net/
hxxp://benjamin1996121.ddns.net/
hxxp://betterlifecommerce.ddns.net/
hxxp://bibich.myftp.biz/
hxxp://bkjy1122334455.ddns.net/
hxxp://blakbass.linkpc.net/
hxxp://bob2030.ddns.net/
hxxp://bobyhack.duckdns.org/
hxxp://brothersjoy.nl/
hxxp://bug000.hopto.org/
hxxp://by-sabotage123.duckdns.org/
hxxp://by900.zapto.org/
hxxp://c.top4top.net/
hxxp://cabbac.ddns.net/
hxxp://caoi111.ddns.net/
hxxp://carding.hopto.org/
hxxp://carrochevere.no-ip.biz/
hxxp://casinonono.ddns.net/
hxxp://cerbere9889.ddns.net/
hxxp://cg.ddns.net/
hxxp://chazun.ddns.net/
hxxp://cheatkogama.ddns.net/
hxxp://chinzo.myftp.biz/
hxxp://chrom.webhop.info/
hxxp://chrome1.hopto.org/
hxxp://chrome2018.zapto.org/
hxxp://civita2.no-ip.biz/
hxxp://claxysme.ddns.net/
hxxp://clay157.no-ip.org/
hxxp://clivoucanada.no-ip.org/
hxxp://clmodding.ddns.net/
hxxp://cobaiadanet.duckdns.org/
hxxp://connectionsdfghhh.myftp.biz/
hxxp://connectionsxxx.ddns.net/
hxxp://cownzhackr.ddns.net/
hxxp://crazy-evil.no-ip.biz/
hxxp://creazionisa.com/
hxxp://cule.ddns.net/
hxxp://dabii.ddns.net/
hxxp://daisy101.ddns.net/
hxxp://darkfag1337.hopto.org/
hxxp://darkmonster255.ddns.net/
hxxp://darkvador.duckdns.org/
hxxp://dataday.no-ip.org/
hxxp://dd00ddee.ddns.net/
hxxp://ddlink2.ddns.net/
hxxp://ddns.catamosky.biz/
hxxp://ddnsrat.ddns.net/
hxxp://deity.ddns.net/
hxxp://delightc.myftp.biz/
hxxp://devsex.ddns.net/
hxxp://dhayan.ddns.net/
hxxp://dinamarca.duckdns.org/
hxxp://dixenweb.ddns.net/
hxxp://dl.dropbox.com/
hxxp://doc.internetdocss.com/
hxxp://doctordido.no-ip.org/
hxxp://dontexe.duckdns.org/
hxxp://dooooox.ddns.net/
hxxp://doublekits.duckdns.org/
hxxp://dr-prohak.myddns.me/
hxxp://duckdns.org/
hxxp://duconunun.ddns.net/
hxxp://dzad.ddns.net/
hxxp://ecksdi.ddns.net/
hxxp://ejiroprecious.ddns.net/
hxxp://elmagic2.ddns.net/
hxxp://emad1300.ddns.net/
hxxp://emad1987.myq-see.com/
hxxp://emilylattaa4111.serveftp.com/
hxxp://empezarll.mywire.org/
hxxp://ena.sytes.net/
hxxp://enero.duckdns.org/
hxxp://enghackernoip.ddns.net/
hxxp://essam554.hopto.org/
hxxp://essssssam.ddns.net/
hxxp://ethicalhacking.myftp.biz/
hxxp://evilgseguiyerrt.ddns.net/
hxxp://eyocbp.duckdns.org/
hxxp://ezelogs.ddns.net/
hxxp://fadiana1995.ddns.net/
hxxp://fanddes.ddns.net/
hxxp://fbscam.myftp.biz/
hxxp://fd8a8df5.ddns.net/
hxxp://felestine.hopto.org/
hxxp://fidrali.no-ip.biz/
hxxp://fileserv004.ddns.net/
hxxp://fitnesswebsite.duckdns.org/
hxxp://fo2sha1.myq-see.com/
hxxp://focariongorda.duckdns.org/
hxxp://fortoriko.ddns.net/
hxxp://freelancertupidor.myftp.org/
hxxp://freetools.hldns.ru/
hxxp://frsyescd.ddns.net/
hxxp://fsoc.ddns.net/
hxxp://fudman.duckdns.org/
hxxp://fw2.sshreach.me/
hxxp://gamezerer.ddns.net/
hxxp://gangshitxd.bounceme.net/
hxxp://ggwp123.ddns.net/
hxxp://ghanaandco.sytes.net/
hxxp://giannigianni.ddns.net/
hxxp://giustini.ddns.net/
hxxp://glendyling.ddns.net/
hxxp://gobali.hopto.org/
hxxp://gogotest-46542.portmap.io/
hxxp://goodattack.ddns.net/
hxxp://googlechromehost.ddns.net/
hxxp://googlehotspotxxxx.no-ip.biz/
hxxp://gorel1004.ze.am/
hxxp://gr44.ddns.net/
hxxp://grrrfggfgfg.ddns.net/
hxxp://gujulio.duckdns.org/
hxxp://gustavomaxwell.ddns.net/
hxxp://gvgvgv.ddns.net/
hxxp://hack2rio.hopto.org/
hxxp://hacker-soft.ddns.net/
hxxp://hackingloading157.ddns.net/
hxxp://hackrooo.ddns.net/
hxxp://hahwa0404.ddns.net/
hxxp://haider2002.ddns.net/
hxxp://haider2121.hopto.org/
hxxp://hakanonymos4.ddns.net/
hxxp://hakerbatna.ddns.net/
hxxp://hakerz123.ddns.net/
hxxp://hakoukh40.ddns.net/
hxxp://hakrbatna.hopto.org/
hxxp://hakrdz111.serveftp.com/
hxxp://haniameer.hopto.org/
hxxp://haram222.ddns.net/
hxxp://hassan360.ddns.net/
hxxp://haxorspamer.hopto.org/
hxxp://hellohello.ddns.net/
hxxp://hexycz.ddns.net/
hxxp://heyklog.duckdns.org/
hxxp://hh11hh11.ddns.net/
hxxp://hhhh1122.no-ip.biz/
hxxp://hicham9risa.duckdns.org/
hxxp://hinou.ddns.net/
hxxp://hoang2667.zapto.org/
hxxp://horizontg.ddns.net/
hxxp://host355.casacam.net/
hxxp://host775544.ddns.net/
hxxp://housam.linkpc.net/
hxxp://htlrnjrat.ddns.net/
hxxp://hxxp/
hxxp://hycotanas.ddns.net/
hxxp://hykedscams.ddns.net/
hxxp://hyoof10.ddns.net/
hxxp://iamn1.ddns.net/
hxxp://ichbinw1337.ddns.net/
hxxp://id7oomz.ddns.net/
hxxp://idontratpeople.ddns.net/
hxxp://igi789.ddns.net/
hxxp://iheuche009.hopto.org/
hxxp://infectiousvision1.ddns.net/
hxxp://inohackyouxd.hopto.org/
hxxp://ionutsef2.ddns.net/
hxxp://ippoofer.ddns.net/
hxxp://iraq112.ddns.net/
hxxp://iska123.ddns.net/
hxxp://issa19900.ddns.net/
hxxp://izan.hopto.org/
hxxp://iziiiiii.hopto.org/
hxxp://j0e3gipuv.hopto.org/
hxxp://j0s3d4rk.ddns.net/
hxxp://j1us3tan5stu8pid.ddns.net/
hxxp://jaaav.ddns.net/
hxxp://jakzaz555.ddns.net/
hxxp://jal.ze.am/
hxxp://japontarzi.duckdns.org/
hxxp://jaxboss.publicvm.com/
hxxp://jerry331990.jerrydns.pw/
hxxp://joker1.linkpc.net/
hxxp://jpaul.duckdns.org/
hxxp://junpio70.hopto.org/
hxxp://jutt9244.myftp.biz/
hxxp://k10e.ddns.net/
hxxp://kaboos99hacker.linkpc.net/
hxxp://kaka200222.ddns.net/
hxxp://kamalyousry1213.ddns.net/
hxxp://kaneki1997.ddns.net/
hxxp://karambaker.zapato.org/
hxxp://karamgamal878.ddns.net/
hxxp://karwan.ddns.net/
hxxp://kawaja.hopto.org/
hxxp://keypay033.dynu.net/
hxxp://khan2012.no-ip.biz/
hxxp://killcon.sytes.net/
hxxp://killuakiller.ddns.net/
hxxp://kingdomro.viewdns.net/
hxxp://kinglord22.ddns.net/
hxxp://kitinho.ddns.net/
hxxp://klabster82nulll.ddns.net/
hxxp://kofia1230.ddns.net/
hxxp://kok22.ddns.net/
hxxp://koko12.myftp.biz/
hxxp://kolabola.linkpc.net/
hxxp://kor1.zapto.org/
hxxp://koutafa.ddns.net/
hxxp://ksa3651.ddns.net/
hxxp://ksk7.gotdns.ch/
hxxp://ksks.gotdns.ch/
hxxp://lasourcetest.ddns.net/
hxxp://layane.ddns.net/
hxxp://ldouab.ddns.net/
hxxp://leehenry1973.ddns.net/
hxxp://lezharlezhar.no-ip.info/
hxxp://libraries.ddns.net/
hxxp://lig1.serveblog.net/
hxxp://likenetstatlol.ddns.net/
hxxp://lillliiil.ddns.net/
hxxp://lilop.ddns.net/
hxxp://logarsogar.hopto.org/
hxxp://loginsecure.mywire.org/
hxxp://lolo.no-ip.info/
hxxp://lotsh.ddns.net/
hxxp://loveayada.zapto.org/
hxxp://lovejoks.no-ip.biz/
hxxp://m4grinexploit.ddns.net/
hxxp://maharek123456.ddns.net/
hxxp://mahone11.ddns.net/
hxxp://mainjhin.duckdns.org/
hxxp://mal3on.ddns.net/
hxxp://malak9797.ddns.net/
hxxp://malakigoy.ddns.net/
hxxp://mamoon.ddns.net/
hxxp://manou.hopto.org/
hxxp://maravilhahoteis.ddns.net/
hxxp://maroxvi.ddns.net/
hxxp://maxime10.ddns.net/
hxxp://maxpayne9.ddns.net/
hxxp://mdformo.ddns.net/
hxxp://medomshakel.ddns.net/
hxxp://meemo1233m.ddns.net/
hxxp://mekawy.hopto.org/
hxxp://mercymorrgan.wm01.to/
hxxp://meso.myftp.biz/
hxxp://mgnoongmz.ddns.net/
hxxp://mhmod.ddns.net/
hxxp://micr0s0ft.duckdns.org/
hxxp://microsoft-ipv6.duckdns.org/
hxxp://microsoft171.duckdns.org/
hxxp://microsoft24515062.serveftp.com/
hxxp://microsoftddns.ddns.net/
hxxp://microsoftserver.serveftp.com/
hxxp://microsoftsession.linkpc.net/
hxxp://microsoftupdates.pw/
hxxp://midoalhashmi.ddns.net/
hxxp://midoumed.ddns.net/
hxxp://mikas.ddns.net/
hxxp://minergate.sytes.net/
hxxp://mixterix.duckdns.org/
hxxp://mjlosker.hopto.org/
hxxp://mogofockerdu94.chickenkiller.com/
hxxp://mohamed1234.no-ip.biz/
hxxp://mohamedahmed123.ddns.net/
hxxp://mohammad2010.no-ip.biz/
hxxp://mohand8080.ddns.net/
hxxp://mongtrelgo.hopto.org/
hxxp://moonwork93.hopto.org/
hxxp://moskando.ddns.net/
hxxp://mouqgsud.duckdns.org/
hxxp://mrfmr123.ddns.net/
hxxp://mtateste.duckdns.org/
hxxp://mujo.ddns.net/
hxxp://mum14.hopto.org/
hxxp://myhostoftuptup.servebeer.com/
hxxp://mylifegod.ddns.net/
hxxp://myloves.publicvm.com/
hxxp://mynamechucknorris.ddns.net/
hxxp://myno.hopto.org/
hxxp://na20022a.ddns.net/
hxxp://naralam.ddns.net/
hxxp://nass12.ddns.net/
hxxp://nestonesto.duckdns.org/
hxxp://nettcpportsharing.serveftp.com/
hxxp://newanonjoe.ddns.net/
hxxp://nfadil.myq-see.com/
hxxp://ngrok.xiaotk.tk/
hxxp://night.dynu.net/
hxxp://nippon.hopto.org/
hxxp://nixonhabbo.duckdns.org/
hxxp://njgypto.linkpc.net/
hxxp://njhost.hopto.org/
hxxp://njrat05.ddns.net/
hxxp://njratftw123.hopto.org/
hxxp://nkgclaudinei.ddns.net/
hxxp://nkgclaudinei.duckdns.org/
hxxp://nkilishinkili.hopto.org/
hxxp://nmr-syria.ddns.net/
hxxp://nonnikcmg.duckdns.org/
hxxp://notelog11.ddns.net/
hxxp://notimposible.hopto.org/
hxxp://nu.mmafan.biz/
hxxp://nuevochance1.duckdns.org/
hxxp://nuttentool.ddns.net/
hxxp://nyjora.myq-see.com/
hxxp://olfi.zapto.org/
hxxp://omotogbo.ddns.net/
hxxp://onixoino.ddns.net/
hxxp://openthetcheka.ddns.net/
hxxp://opitalia.ddns.net/
hxxp://optimus1.ddns.net/
hxxp://oriod445se.hopto.org/
hxxp://oryano.ddns.net/
hxxp://osiman.cf/
hxxp://osmanlimparatorlugu.duckdns.org/
hxxp://othmane5.ddns.net/
hxxp://ozill619.ddns.net/
hxxp://ozone.myftp.org/
hxxp://pablitoescobar.duckdns.org/
hxxp://paladins005.ddns.net/
hxxp://palestine2014.zapto.org/
hxxp://paoduenti.duckdns.org/
hxxp://patakos0010.ddns.net/
hxxp://pazparatodos.duckdns.org/
hxxp://pcctks.ddns.net/
hxxp://pikhateamspeak.duckdns.org/
hxxp://pistola404.duckdns.org/
hxxp://plo.ddns.info/
hxxp://pm2bitcoin.com/
hxxp://poderxtremo.duckdns.org/
hxxp://port5.ddns.net/
hxxp://portnj.ddns.net/
hxxp://ppooiimmnnbb00.ddns.net/
hxxp://predatorshot.ddns.net/
hxxp://prime2018.duckdns.org/
hxxp://probityjrat5.duckdns.org/
hxxp://proemepror.ze.am/
hxxp://proemperor.ze.am/
hxxp://projecttestingforedu.chickenkiller.com/
hxxp://prorms.ddns.net/
hxxp://provafood.ddns.net/
hxxp://prrrbrrrfrrr.myftp.biz/
hxxp://pwnedbydefalt.ddns.net/
hxxp://q3alkhater123.ddns.net/
hxxp://qqwweerr.ddns.net/
hxxp://queimaaivagaba.ddns.net/
hxxp://quickmessage.io/
hxxp://qwert.ddns.net/
hxxp://qwertardormad1223.ddns.net/
hxxp://qwetyu.hopto.org/
hxxp://rachid061574.hopto.org/
hxxp://racikelo.ddns.net/
hxxp://rainbow6.ddns.net/
hxxp://ramadan.mywire.org/
hxxp://ramzimbacscay.hopto.org/
hxxp://raramimi123.ddns.net/
hxxp://rat24695.ddns.net/
hxxp://rattatata.ddns.net/
hxxp://rattinguy.ddns.net/
hxxp://realhacking2018.3utilities.com/
hxxp://redereynol.ddns.net/
hxxp://redwatchlive001.ddns.net/
hxxp://renanzinho2411.ddns.net/
hxxp://resser2020.hopto.org/
hxxp://rezallta.ddns.net/
hxxp://riad123.ddns.net/
hxxp://riazi312015.ddns.net/
hxxp://rida9949.ddns.net/
hxxp://ririroro123.ddns.net/
hxxp://romania23.zapto.org/
hxxp://romany14.ddns.net/
hxxp://ruleshack.ddns.net/
hxxp://rumpa70.ddns.net/
hxxp://rzkfofo.no-ip.org/
hxxp://sa123re.no-ip.org/
hxxp://sa7er-hacker.ddns.net/
hxxp://sa7er-hackre.ddns.net/
hxxp://sadosaykodz1.ddns.net/
hxxp://sadsadsad.ddns.net/
hxxp://saidafrentesatanas.ddns.net/
hxxp://saif321.ddns.net/
hxxp://saifer2121.myftp.biz/
hxxp://sakagiller.com/
hxxp://salahjra.ddns.net/
hxxp://salehroot.linkpc.net/
hxxp://salma.ddns.net/
hxxp://samfam.pdns.cz/
hxxp://samops.ddns.net/
hxxp://sapiklar.duckdns.org/
hxxp://sare.myq-see.com/
hxxp://saso0.myftp.org/
hxxp://savaki.duckdns.org/
hxxp://sayedkastilo11.hopto.org/
hxxp://scviroos.bounceme.net/
hxxp://sdafff.no-ip.biz/
hxxp://secureutility.redirectme.net/
hxxp://securit.linkpc.net/
hxxp://secutit.linkpc.net/
hxxp://sefrou20.ddns.net/
hxxp://seifrastabia.no-ip.biz/
hxxp://semonsemon.zapto.org/
hxxp://serverclean.hopto.org/
hxxp://serveursam.hopto.org/
hxxp://serviceonline.duckdns.org/
hxxp://servicepcinfo.myddns.rocks/
hxxp://sexyas.ddns.net/
hxxp://shadowhakar41.ddns.net/
hxxp://shangri027.ddns.net/
hxxp://shemzh.ddns.net/
hxxp://shigra.sytes.net/
hxxp://shodann.ddns.net/
hxxp://shore.kozow.com/
hxxp://shytangz1.ddns.net/
hxxp://sidosido-crb.hopto.org/
hxxp://sikomoto.onthewifi.com/
hxxp://silent-kira.no-ip.info/
hxxp://sjad1995.myftp.biz/
hxxp://skullman.duckdns.org/
hxxp://slar.duckdns.org/
hxxp://smffuked.ddns.net/
hxxp://smox1111.ddns.net/
hxxp://smyle42.ddns.net/
hxxp://snipere3131.ddns.net/
hxxp://soso7.myq-see.com/
hxxp://splashnet.ddns.net/
hxxp://ssed.ddns.net/
hxxp://sskizz.ddns.net/
hxxp://ssl-virustotal.com/
hxxp://ssss22.ddns.net/
hxxp://stanley10.linkpc.net/
hxxp://stub.ignorelist.com/
hxxp://sub2.qaysarpizzajo.xyz/
hxxp://suchfamily.eu/
hxxp://sucka.duckdns.org/
hxxp://sugesu.ddns.net/
hxxp://svchost101.ddns.net/
hxxp://svhosted.zapto.org/
hxxp://sys11.ddns.net/
hxxp://systemm.ddns.net/
hxxp://systemx.hopto.org/
hxxp://takethatshit.ddns.net/
hxxp://tala1234.zapto.org/
hxxp://target81.ddns.net/
hxxp://tata508.ddns.net/
hxxp://tbmh.ddns.net/
hxxp://teleporthack.ddns.net/
hxxp://test1fg.ddns.net/
hxxp://the-don187.publicvm.com/
hxxp://thefuturisus.ddns.net/
hxxp://thiagohora.hopto.org/
hxxp://tomhilker024.ddns.net/
hxxp://top2.alqaysarpizza.xyz/
hxxp://topwiko.ddns.net/
hxxp://tossonat.ddns.net/
hxxp://total-virus.myq-see.com/
hxxp://trabalhoaaa.ddns.net/
hxxp://trasatlis.sytes.net/
hxxp://tsdn.linkpc.net/
hxxp://ttmglaz.ddns.net/
hxxp://ture-free.ddns.net/
hxxp://turlututu.zapto.org/
hxxp://tutobaixei.ddns.net/
hxxp://unificaequatorial.ddns.net/
hxxp://unknown277.ddns.net/
hxxp://updatefacebook.serveblog.net/
hxxp://vam22.ddns.net/
hxxp://vantomrat1133.ddns.net/
hxxp://vendeto.hopto.org/
hxxp://vice.hopto.org/
hxxp://videntets3.ddns.net/
hxxp://viewi.publicvm.com/
hxxp://vikvik.duckdns.org/
hxxp://warda73.no-ip.biz/
hxxp://wazy1010.ddns.net/
hxxp://webconn.ddns.net/
hxxp://wecollect.duckdns.org/
hxxp://wertyuio.ddns.net/
hxxp://westshark.ddns.net/
hxxp://wiindows.myvnc.com/
hxxp://windown7service.ddns.net/
hxxp://windowslogon.ddns.net/
hxxp://windowsuport.duckdns.org/
hxxp://winkwink.duckdns.org/
hxxp://winserver.zapto.org/
hxxp://woocum.blogsyte.com/
hxxp://wsoo.ddns.net/
hxxp://wtfwindows.myftp.biz/
hxxp://wymeserver777.ddns.net/
hxxp://xaker555.no-ip.org/
hxxp://xfxf.ddns.net/
hxxp://xnxx44.ddns.net/
hxxp://xpznrt2.ddns.net/
hxxp://xsara12.dnnq.net/
hxxp://xtrmmarzonuevo.duckdns.org/
hxxp://xtyoservices.ddns.net/
hxxp://y9.ddns.net/
hxxp://yasircf.hopto.org/
hxxp://yazhagal4246.ddns.net/
hxxp://yojen0120.myddns.me/
hxxp://youfuckednow.ddns.net/
hxxp://younessp.ddns.net/
hxxp://youssefelmi.ddns.net/
hxxp://youtubersxd.ddns.net/
hxxp://yurmaufat.ddns.net/
hxxp://z8gamescf.ddns.net/
hxxp://zayd506.ddns.net/
hxxp://zebircp.duckdns.org/
hxxp://zef.bounceme.net/
hxxp://zekorap623.ddns.net/
hxxp://zerokart.kro.kr/
hxxp://zikokoko.ddns.net/
hxxp://zkthabani.hopto.org/
hxxp://zohirsenia.ddns.net/
hxxp://zueirasemlimites.duckdns.org/
hxxp://zzxxcc2018.hopto.org/
hxxp://103.21.117.143/
hxxp://103.38.252.63/
hxxp://103.40.163.55/
hxxp://103.44.145.245/
hxxp://104.238.176.9/
hxxp://105.101.151.77/
hxxp://105.108.35.56/
hxxp://105.199.18.240/
hxxp://106.51.163.232/
hxxp://108.61.211.219/
hxxp://109.225.178.41/
hxxp://109.236.94.121/
hxxp://109.73.68.114/
hxxp://111.72.167.127/
hxxp://115.159.125.47/
hxxp://115.28.173.37/
hxxp://117.32.216.117/
hxxp://120.25.150.91/
hxxp://121.147.18.158/
hxxp://123.207.232.79/
hxxp://123456789123456789.myftp.biz/
hxxp://13.65.194.5/
hxxp://1337ace.ddns.net/
hxxp://1349874791.gnway.cc/
hxxp://137.0.0.1/
hxxp://138.122.118.154/
hxxp://139.199.187.28/
hxxp://14.222.182.50/
hxxp://141.255.144.72/
hxxp://141.255.148.161/
hxxp://141.255.150.159/
hxxp://141.255.159.49/
hxxp://144.48.242.221/
hxxp://1488.sytes.net/
hxxp://151.246.230.21/
hxxp://151.247.143.125/
hxxp://151.248.126.183/
hxxp://151.72.17.61/
hxxp://156.206.211.12/
hxxp://159asd.duckdns.org/
hxxp://176.42.111.248/
hxxp://177mu.cn/
hxxp://178.74.111.106/
hxxp://181.143.118.164/
hxxp://183.82.99.133/
hxxp://185.32.221.23/
hxxp://185.82.220.152/
hxxp://186.84.216.126/
hxxp://187.180.186.181/
hxxp://188.166.76.144/
hxxp://188.215.131.47/
hxxp://188.24.119.27/
hxxp://188.3.13.98/
hxxp://189.174.125.60/
hxxp://190.240.24.2/
hxxp://192.137.0.15/
hxxp://192.248.32.193/
hxxp://192.92.42.25/
hxxp://197.2.81.35/
hxxp://197.35.134.69/
hxxp://197.48.183.72/
hxxp://198.144.106.135/
hxxp://1987omid.ddns.net/
hxxp://1fon1.ddns.net/
hxxp://1m4962f897.iok.la/
hxxp://2.191.186.145/
hxxp://2.236.40.82/
hxxp://2.25.171.244/
hxxp://201.156.140.218/
hxxp://201.157.144.53/
hxxp://203.189.232.237/
hxxp://211.162.52.205/
hxxp://213.136.83.173/
hxxp://213.183.58.40/
hxxp://213.244.123.94/
hxxp://219.235.0.93/
hxxp://22134520.ddns.net/
hxxp://222.168.1.2/
hxxp://222.79.227.93/
hxxp://27.198.135.116/
hxxp://2715729.vicp.net/
hxxp://31.146.202.169/
hxxp://31.210.117.132/
hxxp://34.208.211.52/
hxxp://35.161.238.10/
hxxp://37.114.212.119/
hxxp://37.115.170.240/
hxxp://37.152.166.4/
hxxp://37.16.139.86/
hxxp://37.239.8.89/
hxxp://37.254.193.172/
hxxp://39.43.231.228/
hxxp://41.226.168.63/
hxxp://41.38.56.81/
hxxp://45.126.124.155/
hxxp://46.150.252.235/
hxxp://46.166.134.149/
hxxp://46.4.255.98/
hxxp://5.135.127.183/
hxxp://5.189.137.186/
hxxp://5.222.66.57/
hxxp://5.222.70.95/
hxxp://5.234.240.27/
hxxp://5.237.98.77/
hxxp://5107b712.all123.net/
hxxp://52.193.97.24/
hxxp://5701c196.123nat.com/
hxxp://58.213.154.197/
hxxp://61.153.104.113/
hxxp://66.70.198.243/
hxxp://6gh.noip.me/
hxxp://726627.duckdns.org/
hxxp://77.171.37.46/
hxxp://77.81.197.144/
hxxp://79.137.223.139/
hxxp://79.153.52.235/
hxxp://79649759.ddns.net/
hxxp://7daysky.in.3322.org/
hxxp://80.136.103.51/
hxxp://80.59.208.237/
hxxp://80.82.65.85/
hxxp://84.241.6.106/
hxxp://85.107.115.16/
hxxp://88.150.149.91/
hxxp://88.228.83.160/
hxxp://90.16.206.207/
hxxp://91.109.22.5/
hxxp://93.104.213.217/
hxxp://93.169.247.218/
hxxp://94.212.118.115/
hxxp://95.173.240.117/
hxxp://96750513.ddns.net/
hxxp://9949291099.hopto.org/
hxxp://a.tomx.xyz/
hxxp://a1b2c3.hopto.org/
hxxp://aagaro.ddns.net/
hxxp://aasxzxdsc12324.no-ip.biz/
hxxp://abarouter.ddns.net/
hxxp://abbaass313.hopto.org/
hxxp://abbaass3132.hopto.org/
hxxp://abcccabccab.ddns.net/
hxxp://abderrahmane16.hopto.org/
hxxp://abdo099.ddns.net/
hxxp://abdobacha05.ddns.net/
hxxp://abdou16.hopto.org/
hxxp://abdouoahmed.ddns.net/
hxxp://abduls0821.myddns.me/
hxxp://abinova.ddns.net/
hxxp://abosaoys881.duia.us/
hxxp://abs3nt.ddns.net/
hxxp://achrafzouina.zapto.org/
hxxp://ad15.hopto.org/
hxxp://adelxxbx.no-ip.biz/
hxxp://adesja1337.no-ip.biz/
hxxp://adlin.duckdns.org/
hxxp://adobflash.hopto.org/
hxxp://aerror.no-ip.biz/
hxxp://ahag3ld1.ddns.net/
hxxp://ahmdiand-wj3.ddns.net/
hxxp://ahmed12345.hoptp.org/
hxxp://ahmed2012.dynu.com/
hxxp://ahmed90011912.ddns.net/
hxxp://ahmedmidoegypt.hopto.org/
hxxp://ahomdalhomd42.hopto.org/
hxxp://ala6a.no-ip.biz/
hxxp://alaajb.zapto.org/
hxxp://alaauy.ddns.net/
hxxp://alabama192837.no-ip.org/
hxxp://alanbkey.no-ip.org/
hxxp://alarr2012ab.myftp.biz/
hxxp://albash2222.ddns.net/
hxxp://ali2627.ddns.net/
hxxp://ali7070.ddns.net/
hxxp://aliboxboxbox.hopto.org/
hxxp://alkingahmed555.ddns.net/
hxxp://alldebrid.duckdns.org/
hxxp://allforfree.game-host.org/
hxxp://alpheron.duckdns.org/
hxxp://alzintani.ddns.net/
hxxp://amarok58.no-ip.biz/
hxxp://amelwafaw.ddns.net/
hxxp://aminamadani16.hopto.org/
hxxp://aminbatna31.ddns.net/
hxxp://aminecity.ddns.net/
hxxp://aminrahimzadeh.no-ip.org/
hxxp://amiraliam.ddns.net/
hxxp://amirhosein0074.ddns.net/
hxxp://ammaar938.ddns.net/
hxxp://ampala.ddns.net/
hxxp://amran-pc.no-ip.biz/
hxxp://amrozamrozamroz.hopto.org/
hxxp://amrsamy222.ddns.net/
hxxp://amsdj.hopto.org/
hxxp://an.droidsuper.su/
hxxp://anawebs.ddns.net/
hxxp://andr01d.zapto.org/
hxxp://andrew999.ipnodns.ru/
hxxp://andriod91.ddns.net/
hxxp://andro0161.no-ip.info/
hxxp://andro123.duckdns.org/
hxxp://androduck.duckdns.org/
hxxp://android.no-ip.org/
hxxp://android1385.ddns.net/
hxxp://androidalbums.ddns.net/
hxxp://androidan.ddns.net/
hxxp://androidbra.duckdns.org/
hxxp://androidfdl.ddns.net/
hxxp://androidrat21.ddns.net/
hxxp://androidsafe.ddns.net/
hxxp://androidtest0.ddns.net/
hxxp://androidtool.ddns.net/
hxxp://androidupdate.ddns.net/
hxxp://androjak.myftp.org/
hxxp://androrat1226.ddns.net/
hxxp://androrat22.ddns.net/
hxxp://androratbtas.no-ip.info/
hxxp://androratvirgin.duckdns.org/
hxxp://andver18.no-ip.biz/
hxxp://anishmishra66.ddns.net/
hxxp://anito.ddns.net/
hxxp://anon008.ddns.net/
hxxp://anondz97.ddns.net/
hxxp://anonimousdre180.ddns.net/
hxxp://anonvirus.ddns.net/
hxxp://anonymo9s.ddns.net/
hxxp://apkhamza.ddns.net/
hxxp://applecenikosmos.hldns.ru/
hxxp://appsystem.ddns.net/
hxxp://aqwkdo1.no-ip.biz/
hxxp://ariaaalikazm.ddns.net/
hxxp://arondograu.ddns.net/
hxxp://asasasas22.ddns.net/
hxxp://asdbh11.ddns.net/
hxxp://askinder.hopto.org/
hxxp://astro3.hopto.org/
hxxp://atsizinoglu.duckdns.org/
hxxp://auc.dlinkddns.com/
hxxp://awir-fb.sytes.net/
hxxp://axxz2017.ddns.net/
hxxp://ayadd99.ddns.net/
hxxp://ayham11.hopto.org/
hxxp://azerboys.hopto.org/
hxxp://azert123.ddns.net/
hxxp://azerty.hopto.org/
hxxp://aziza.sytes.net/
hxxp://baby.webhop.me/
hxxp://badguy.myq-see.com/
hxxp://bahar2017.no-ip.org/
hxxp://bahoom.no-ip.biz/
hxxp://banis.hopto.org/
hxxp://bannding.ddns.net/
hxxp://bapforall.ddns.net/
hxxp://barbari.ddns.net/
hxxp://batterysaver.3utilities.com/
hxxp://behnamhack.ddns.net/
hxxp://beijg.3322.org/
hxxp://bensphonetracker.ddns.net/
hxxp://bitoandroid.no-ip.info/
hxxp://bl4ckh0t.ddns.net/
hxxp://bl4ckhatjoker.ddns.net/
hxxp://black1990.ddns.net/
hxxp://blackghostdc.duckdns.org/
hxxp://blackghostorg.ddns.net/
hxxp://blind1234.ddns.net/
hxxp://boinserver12.no-ip.info/
hxxp://bopress.ddns.net/
hxxp://boubou271.ddns.net/
hxxp://brasilteamop.ddns.net/
hxxp://brousse16.ddns.net/
hxxp://bwaleez.hopto.org/
hxxp://camper92.ddns.net/
hxxp://carapuce-2015.no-ip.biz/
hxxp://cccamd.myftp.biz/
hxxp://cerdofile.ddns.net/
hxxp://chabar.ddns.net/
hxxp://chacal00.hopto.org/
hxxp://changyu231.ddns.net/
hxxp://chrisfo.no-ip.org/
hxxp://city55.hopto.org/
hxxp://cjbks0u0.no-ip.org/
hxxp://clashdroid.no-ip.biz/
hxxp://clayhost.hopto.org/
hxxp://comet.myftp.org/
hxxp://comsurogate.noip.me/
hxxp://coxiamigo.myq-see.com/
hxxp://createmeon.zapto.org/
hxxp://cricbot.no-ip.info/
hxxp://crisprueba.ddns.net/
hxxp://cyberandro.duckdns.org/
hxxp://cyberbit.ddns.net/
hxxp://cybercrysis.ddns.net/
hxxp://dalibob12.ddns.net/
hxxp://damndamn.ddns.net/
hxxp://dangerlove.no-ip.biz/
hxxp://danialdelta.ddns.net/
hxxp://danialmostafaei.no-ip.biz/
hxxp://daniele3814.ddns.net/
hxxp://danielrats.ddns.net/
hxxp://dantehack.zapto.org/
hxxp://daroedkak.no-ip.biz/
hxxp://darweshfis.no-ip.org/
hxxp://datadownloader.ddns.net/
hxxp://dddeee.ddns.net/
hxxp://ddns.net/
hxxp://deep1234.ddns.net/
hxxp://dellearm.ddns.net/
hxxp://dendroid.hopto.org/
hxxp://denishul.hldns.ru/
hxxp://detlef-gmbh.tk/
hxxp://dexonic.duckdns.org/
hxxp://diceedicee.ddns.net/
hxxp://didi03.duckdns.org/
hxxp://dionis.ddns.net/
hxxp://djack1.zapto.org/
hxxp://dkms.ddns.net/
hxxp://dltelegram.ddns.net/
hxxp://dodotototata.publicvm.com/
hxxp://dogecoinspeed.zapto.org/
hxxp://domeer-android.ddns.net/
hxxp://domira.ddns.net/
hxxp://draagon.ddns.net/
hxxp://dragonhkr1.myftp.biz/
hxxp://drhack.hopto.org/
hxxp://driodrac.ddns.net/
hxxp://droid.fagdns.com/
hxxp://droid.freedynamicdns.org/
hxxp://droidcraftismelmao.ddns.net/
hxxp://droidge.ddns.net/
hxxp://droidhost.zapto.org/
hxxp://droidjaack.zapto.org/
hxxp://droidjack.hopto.org/
hxxp://droidjack1.sytes.net/
hxxp://droidjack121.ddns.net/
hxxp://droidjack2137.hopto.org/
hxxp://droidjack228.ddns.net/
hxxp://droidjack2333.ddns.net/
hxxp://droidjack258.bounceme.net/
hxxp://droidjackdns.duckdns.org/
hxxp://droidjackiam.ddnsking.com/
hxxp://droidjackisgodly.ddns.net/
hxxp://droidjackkk.sytes.net/
hxxp://droidjackv5.ddns.net/
hxxp://droidjock.myftp.biz/
hxxp://droidmosa.ddns.net/
hxxp://droidnigga.zapto.org/
hxxp://droidspy.zapto.org/
hxxp://droidss.noip.me/
hxxp://droy.zapto.org/
hxxp://drrazikhan.no-ip.info/
hxxp://duckem.duckdns.org/
hxxp://ducmanhhoangtran.ddns.net/
hxxp://duke5010.duckdns.org/
hxxp://duyguseliberkay.no-ip.biz/
hxxp://dzhacker16.ddns.net/
hxxp://e777kx47.ddns.net/
hxxp://egytiger.myftp.org/
hxxp://ehsanmaali.ddns.net/
hxxp://ehsanmaali3.ddns.net/
hxxp://eldiablo.no-ip.biz/
hxxp://elisou19.ddns.net/
hxxp://emme.no-ip.biz/
hxxp://engnngns.duckdns.org/
hxxp://engrid.no-ip.biz/
hxxp://equisde.ddns.net/
hxxp://erikatersptra.ddns.net/
hxxp://esharj.ddns.net/
hxxp://eslam87.hopto.org/
hxxp://essalhi2047.hopto.org/
hxxp://euquerotchu.ddns.net/
hxxp://explosif.zapto.org/
hxxp://extgta.tk/
hxxp://facebook2ww290.ddns.net/
hxxp://facrbook.redirectme.net/
hxxp://fadisesubaih.ddns.net/
hxxp://farzan.ddns.net/
hxxp://fateh2017.ddns.net/
hxxp://fati43030.no-ip.biz/
hxxp://fatiha29.ddns.net/
hxxp://fenon158.ddns.net/
hxxp://ferzo1881.duckdns.org/
hxxp://fifi147fifi.no-ip.biz/
hxxp://firenzonne.com/
hxxp://firsthost.ddns.net/
hxxp://flashplayerxx.no-ip.org/
hxxp://florian-pc.ksueyuj0mtxpt6gn.myfritz.net/
hxxp://free1.neiwangtong.com/
hxxp://freepalestine.ddns.net/
hxxp://fsocfsoc.ddns.net/
hxxp://fukeyou12.myftp.biz/
hxxp://gaabar.hopto.org/
hxxp://galau.ddns.net/
hxxp://gemini85.hopto.org/
hxxp://gentel901.no-ip.org/
hxxp://geocheats2.eu/
hxxp://gert44.duckdns.org/
hxxp://ggwasgeht.ddns.net/
hxxp://ghanim2017.ddns.net/
hxxp://ghanou1603.no-ip.info/
hxxp://gmailss11.hopto.org/
hxxp://goggle.sytes.net/
hxxp://gold5000.ddns.net/
hxxp://gooboom.no-ip.biz/
hxxp://good.myddns.me/
hxxp://goog2.no-ip.biz/
hxxp://googlead.publicvm.com/
hxxp://googles.servemp3.com/
hxxp://googleweb.ddns.net/
hxxp://gooogleplay.ddns.net/
hxxp://gorr.hopto.org/
hxxp://goshasb.ddns.net/
hxxp://grandeamore.ddns.net/
hxxp://great-support.com/
hxxp://greatkeyboard.hopto.org/
hxxp://gruposoluciomatica.com.br/
hxxp://gta5hacking12.duckdns.org/
hxxp://gusui1.ddns.net/
hxxp://haa7aah.no-ip.biz/
hxxp://habbo.no-ip.org/
hxxp://habib1376.ddns.net/
hxxp://habib556.ddns.net/
hxxp://hac123k.hopto.org/
hxxp://hachim07reg.no-ip.info/
hxxp://hack1111.noip.me/
hxxp://hack155.vicp.net/
hxxp://hacked2001.hopto.org/
hxxp://hacker-81.no-ip.biz/
hxxp://hacker2.hopto.org/
hxxp://hacker421.hopto.org/
hxxp://hackermoqtada.no-ip.biz/
hxxp://hackertn123.no-ip.biz/
hxxp://hackhack2016.no-ip.info/
hxxp://hackhamer.zapto.org/
hxxp://hackinroll.ddns.net/
hxxp://hackme.no-ip.org/
hxxp://hacksd20.ddns.net/
hxxp://hacksyria2.myftp.biz/
hxxp://hadsurvey.ddns.net/
hxxp://hahalol.ddns.net/
hxxp://hahalol.no-ip.biz/
hxxp://haiderhacer12.no-ip.biz/
hxxp://hajeeeee.hopto.org/
hxxp://hakedpc0000.myftp.biz/
hxxp://hakeerali2.ddns.net/
hxxp://haker-2119.ddns.net/
hxxp://haker10.ddns.net/
hxxp://hakosiken.duckdns.org/
hxxp://hakunamatata007.ddns.net/
hxxp://hala222.hopto.org/
hxxp://halo12.duckdns.org/
hxxp://hamidos1342.ddns.net/
hxxp://hamker.ddns.net/
hxxp://hamo55.hopto.org/
hxxp://hamza19991.hopto.org/
hxxp://hamzaelcb.ddns.net/
hxxp://hananox.ddns.net/
hxxp://hardstyleraver.no-ip.org/
hxxp://haroune12.myddns.me/
hxxp://hasha.hopto.org/
hxxp://hasn9999.ddns.net/
hxxp://hassan100.ddns.net/
hxxp://hassanabd1233.ddns.net/
hxxp://hatam.no-ip.org/
hxxp://havij.ddns.net/
hxxp://haxor.hopto.org/
hxxp://haxorjib.no-ip.org/
hxxp://hazem123.no-ip.biz/
hxxp://hazhar77.no-ip.biz/
hxxp://hedr78.ddns.net/
hxxp://heemoana.hopto.org/
hxxp://hegazy5753.ddns.net/
hxxp://hehe.duckdns.org/
hxxp://heikechenmo.3322.org/
hxxp://heilbronn.duckdns.org/
hxxp://hell2066.zapto.org/
hxxp://helloandroid.no-ip.org/
hxxp://hero400.ddns.net/
hxxp://hhhhhfhf.ddns.net/
hxxp://hmt1985.ddns.net/
hxxp://hobi.3utilities.com/
hxxp://hoho121292.ddns.net/
hxxp://hoho39.ddnc.net/
hxxp://hohoangpmy.ddns.net/
hxxp://hooman8219.servecounterstrike.com/
hxxp://hopto.org/
hxxp://hoseenoori2277kh.ddns.net/
hxxp://hossam3030.ddns.net/
hxxp://hossar.ddns.net/
hxxp://hosteng123.hopto.org/
hxxp://hosthack25.ddns.net/
hxxp://houaribey4.ddns.net/
hxxp://houaribey4.no-ip.org/
hxxp://houssmes.zapto.org/
hxxp://hqn.ddns.net/
hxxp://htmp.sytes.net/
hxxp://huhuhuya.ddns.net/
hxxp://hussein1889.no-ip.biz/
hxxp://husshacka.hopto.org/
hxxp://i1993.ddns.net/
hxxp://imad2001bo.hopto.org/
hxxp://indusv00.duckdns.org/
hxxp://info.bounceme.net/
hxxp://injectman.ddns.net/
hxxp://insegnando.net/
hxxp://inteljet.ddns.net/
hxxp://intelresol.ddns.net/
hxxp://ipv445.hopto.org/
hxxp://iqram85spy.ddns.net/
hxxp://iran0513.ddns.net/
hxxp://ircvenezia.it/
hxxp://isamdonita.no-ip.org/
hxxp://islam2020libya.no-ip.biz/
hxxp://izmirsatranckursu.net/
hxxp://jackdroid.systes.net/
hxxp://jackdroid1337.ddns.net/
hxxp://jafarman.ddns.net/
hxxp://jalal123.hopto.org/
hxxp://jas7ser.hopto.org/
hxxp://jassair.hopto.org/
hxxp://jbrianwashman.com/
hxxp://jirawat01.ddns.net/
hxxp://jkgytgasjg12.serveftp.com/
hxxp://jnkey.ddns.net/
hxxp://jockerhackerxnxx.ddns.net/
hxxp://johnharim004.ddns.net/
hxxp://jojomo.ddns.net/
hxxp://jomo.zapto.org/
hxxp://josewaldo.ddns.net/
hxxp://juanblackhak.ddns.net/
hxxp://juliocoelhodesa.hopto.org/
hxxp://jun.dynu.com/
hxxp://justarat.noip.me/
hxxp://k0k0wawa.hopto.org/
hxxp://kaedalsh.ddns.net/
hxxp://kaizen00.ddns.net/
hxxp://kakashi.ddns.net/
hxxp://kaliheh.no-ip.biz/
hxxp://kalinus.ddns.net/
hxxp://kalljo.dvrdns.org/
hxxp://kararkarar0780.ddns.net/
hxxp://karenchik19.hopto.org/
hxxp://karrarhuseein82.ddns.net/
hxxp://kaskw.myftp.biz/
hxxp://kaskw.zapto.org/
hxxp://kasofe123123aa.no-ip.biz/
hxxp://kasper.ddns.net/
hxxp://keskes02122002.ddns.net/
hxxp://kevte26.zapto.org/
hxxp://khaleel0.zapto.org/
hxxp://khalid-2016.noip.me/
hxxp://khantac.ddns.net/
hxxp://kheridla.hopto.org/
hxxp://kingdom.no-ip.biz/
hxxp://kinggg.ddns.net/
hxxp://kjgjgkhffh.sytes.net/
hxxp://kka163.ddns.net/
hxxp://kkarox90.no-ip.org/
hxxp://kmessi.myddns.me/
hxxp://korelev.no-ip.org/
hxxp://krem111.ddns.net/
hxxp://krlol.ddns.net/
hxxp://ksbozo.ddns.net/
hxxp://kskdt.ddns.net/
hxxp://kuraist.zapto.org/
hxxp://kusleratnt.duckdns.org/
hxxp://lahyarhmo.hopto.org/
hxxp://lamorash.ddns.net/
hxxp://laze22.hopto.org/
hxxp://learnxea.duckdns.org/
hxxp://led5526.ddns.net/
hxxp://likerrdd.myftp.biz/
hxxp://linonymousami.no-ip.org/
hxxp://lizdlezozifpo.ddns.net/
hxxp://local1232.ddns.net/
hxxp://locolocoloco.ddns.net/
hxxp://lolman.ddns.net/
hxxp://lordxxx.myq-see.com/
hxxp://love2014.ddns.net/
hxxp://loveubaby.3utilities.com/
hxxp://lputyr.myq-see.com/
hxxp://luxuriaecu.ddns.net/
hxxp://madblack0.sytes.net/
hxxp://madov-matrix25.no-ip.org/
hxxp://magemankoktelam.ddns.net/
hxxp://mahdi1379.ddns.net/
hxxp://mahdi3141.ddns.net/
hxxp://mahdibaba123.ddns.net/
hxxp://majed111111.myq-see.com/
hxxp://majod98m.ddns.net/
hxxp://makarand.no-ip.org/
hxxp://malakatef09.ddns.net/
hxxp://mamal9921.ddns.net/
hxxp://mami5255.duckdns.org/
hxxp://mar020one.hopto.org/
hxxp://marcsil.ddns.net/
hxxp://marknetz.hopto.org/
hxxp://marocmaroc.hopto.org/
hxxp://martin123456.no-ip.org/
hxxp://masafat.ddns.net/
hxxp://maskaralama.ddns.net/
hxxp://masterat.myftp.org/
hxxp://matgio.duckdns.org/
hxxp://matrix-teste.ddns.net/
hxxp://mayyaha.no-ip.info/
hxxp://mazenttr2.hopto.org/
hxxp://me512.zapto.org/
hxxp://medoahmed3.ddns.net/
hxxp://medx321.ddns.net/
hxxp://mee2008.zapto.org/
hxxp://mehost.ddns.net/
hxxp://mehtab123.ddns.net/
hxxp://memeaimen10.hopto.org/
hxxp://memexmama.ddns.net/
hxxp://mhoammedtty.hopto.org/
hxxp://mht3.ddns.net/
hxxp://microsoft-office.ddns.net/
hxxp://mido28.hopto.org/
hxxp://migo2018.zapto.org/
hxxp://mikaniki.ddns.net/
hxxp://mikestar.no-ip.biz/
hxxp://miltin2.no-ip.org/
hxxp://minou555.hopto.org/
hxxp://misterx94.ddns.net/
hxxp://misty255.no-ip.org/
hxxp://mixtape2016.ddns.net/
hxxp://mmdjj212.myftp.biz/
hxxp://mobdro.hopto.org/
hxxp://mobiles0ft.no-ip.org/
hxxp://mogahed.ddns.net/
hxxp://mohamed11.ddns.net/
hxxp://mohamed4dz.ddns.net/
hxxp://mohamedamine.ddns.net/
hxxp://mohamedhg.no-ip.org/
hxxp://mohamednjrat111.no-ip.biz/
hxxp://mohammad2002.no-ip.biz/
hxxp://mohammadhk.ddns.net/
hxxp://mohammed22468.no-ip.biz/
hxxp://mohammed93mahdi.ddns.net/
hxxp://mohfort.ddns.net/
hxxp://mohmad.myftp.biz/
hxxp://mohmdnor.ddns.net/
hxxp://mohsanali79355.ddns.net/
hxxp://mohsenfaz.ddns.net/
hxxp://moji1936.ddns.net/
hxxp://mokhter222029.ddns.net/
hxxp://moktarpicaasrinabil.zapto.org/
hxxp://momen-swesi.no-ip.biz/
hxxp://momo2015.duckdns.org/
hxxp://monitoring007.zapto.org/
hxxp://moonmar10.no-ip.biz/
hxxp://moosio.no-ip.biz/
hxxp://moseybook.com/
hxxp://moslim.ddns.net/
hxxp://mostafaafroto0.ddns.net/
hxxp://motoshi.zapto.org/
hxxp://mphp.hopto.org/
hxxp://mrblacklife.ddns.net/
hxxp://mrclone97.ddns.net/
hxxp://mrgnet.ddns.net/
hxxp://mrkriper3331.zapto.org/
hxxp://mrm2.ddns.net/
hxxp://mrreda98.ddns.net/
hxxp://msficecream.ddns.net/
hxxp://msn-web.ddnsking.com/
hxxp://msn79.ddns.net/
hxxp://mstar.ddns.net/
hxxp://mstfa10.ddns.net/
hxxp://murryapplicazione.no-ip.org/
hxxp://muxamilu.hopto.org/
hxxp://mwanika.no-ip.biz/
hxxp://myaw.no-ip.biz/
hxxp://myfreerat.ddns.net/
hxxp://myfrenid2x.zapto.org/
hxxp://myhost123.myftp.biz/
hxxp://myillusion02.hopto.org/
hxxp://myonline.no-ip.biz/
hxxp://mypy23.ddns.net/
hxxp://nadineemma.servegame.com/
hxxp://namandroidk63.zapto.org/
hxxp://napaixonado.ddns.net/
hxxp://nassahsliman.ddns.net/
hxxp://nemesis2017.zapto.org/
hxxp://netflix-ip.hopto.org/
hxxp://new777.ddns.net/
hxxp://newword.serveblog.net/
hxxp://newxor2.no-ip.org/
hxxp://ninjabird29.myvnc.com/
hxxp://nirajpawar1997.ddns.net/
hxxp://njesra.ddns.net/
hxxp://nododg.ddns.net/
hxxp://nohacker.ddns.net/
hxxp://noiphackk.ddns.net/
hxxp://noipjajaja.ddns.net/
hxxp://nowgirlas.ddns.net/
hxxp://noxrr.ddns.net/
hxxp://nulldoesnotexist.duckdns.org/
hxxp://oday1995.zapto.org/
hxxp://oko.gotdns.ch/
hxxp://omar.no-ip.biz/
hxxp://oneriakosa.ddns.net/
hxxp://opt91.ddns.net/
hxxp://orihacker.ddns.net/
hxxp://osamarizk.ddns.net/
hxxp://osmsalem.ddns.net/
hxxp://ospr.publicvm.com/
hxxp://oussama1997.ddns.net/
hxxp://oussamadj1997.ddns.net/
hxxp://ovirus.ddns.net/
hxxp://owsen.ddns.net/
hxxp://paaradowx.hopto.org/
hxxp://parrot01.hopto.org/
hxxp://pars.ddns.net/
hxxp://persir.no-ip.biz/
hxxp://phantom94.ddns.net/
hxxp://photofix.hopto.org/
hxxp://pianotiles2.ddns.net/
hxxp://pimpdaddy.myq-see.com/
hxxp://pippo86.no-ip.biz/
hxxp://portmeim.ddns.net/
hxxp://pplweb.pplmotorhomes.com/
hxxp://premium007.zapto.org/
hxxp://priyakumari.ddns.net/
hxxp://profmilf.zapto.org/
hxxp://prohacker.freedynamicdns.org/
hxxp://projectp.ddns.net/
hxxp://pruebasernesto.ddns.net/
hxxp://qwerty1212.ddns.net/
hxxp://r00t.myftp.biz/
hxxp://r3cxw.ddns.net/
hxxp://r90.no-ip.biz/
hxxp://radouan123.hopto.org/
hxxp://rahimtrx.hopto.org/
hxxp://raliphesus.ddns.net/
hxxp://rameezmaster.ddns.net/
hxxp://randsnaira.dnsdynamic.com/
hxxp://rarwindow.no-ip.biz/
hxxp://ratforandroid.ddns.net/
hxxp://rds11.ddns.net/
hxxp://redcode.ddns.net/
hxxp://reddemon.ddns.net/
hxxp://refsa.duckdns.org/
hxxp://reich666.ddns.net/
hxxp://reich777.ddns.net/
hxxp://remoteip999.ddns.net/
hxxp://rinalditeam.ddns.net/
hxxp://rmk133.hopto.org/
hxxp://rmx2121.ddns.net/
hxxp://rockrock.ddns.net/
hxxp://rok13198666.no-ip.biz/
hxxp://ron1372.ddns.net/
hxxp://royalhacker.zapto.org/
hxxp://rpshowpick.ddns.net/
hxxp://rpswlrkgkarp.p-e.kr/
hxxp://rzra51126.ddns.net/
hxxp://s.leas.im/
hxxp://s3b4s.noip.me/
hxxp://sabbah.duckdns.org/
hxxp://sadaq.ddns.net/
hxxp://saiber-far68.ddns.net/
hxxp://saighinissou.ddns.net/
hxxp://sajadianh.ddns.net/
hxxp://sajjadnassar3.no-ip.biz/
hxxp://salah067.hopto.org/
hxxp://salarkalat.ddns.net/
hxxp://salemaziz.hopto.org/
hxxp://samira.no-ip.biz/
hxxp://samoomalik.no-ip.biz/
hxxp://samuseucu.ddns.net/
hxxp://santamariagorettimestre.it/
hxxp://sara19918.ddns.net/
hxxp://sarahwygan.no-ip.biz/
hxxp://saraia.ddns.net/
hxxp://sarasisi.no-ip.org/
hxxp://sasi546454.hopto.org/
hxxp://sazan765.ddns.net/
hxxp://secureline2244.ddns.net/
hxxp://securepurpose.no-ip.info/
hxxp://securitytests.ddns.net/
hxxp://securitytestt.ddns.net/
hxxp://sedalbi.com/
hxxp://server4update.serveftp.com/
hxxp://servidor23.ddns.net/
hxxp://servr.hopto.org/
hxxp://sesizkal32.no-ip.biz/
hxxp://seven1.ddns.net/
hxxp://seyf2017.linkpc.net/
hxxp://shahabhacker.ddns.net/
hxxp://shahidsajan.no-ip.biz/
hxxp://sharawy74.hopto.org/
hxxp://sharmayash.no-ip.biz/
hxxp://sherlockholmes.duckdns.org/
hxxp://shgt.tk/
hxxp://shoo2018.no-ip.org/
hxxp://shosh.ddns.net/
hxxp://showj.f3322.net/
hxxp://skinchanger.hopto.org/
hxxp://skylex123.hopto.org/
hxxp://slavikkalinovskiy.ddns.net/
hxxp://slayslay.duckdns.org/
hxxp://smiix2012.ddns.net/
hxxp://smk22.jkt.net/
hxxp://snaider.hopto.org/
hxxp://sniperviruse3.hopto.org/
hxxp://sniperyakub.ddns.net/
hxxp://socialplus.ddns.net/
hxxp://somenormalguy.duckdns.org/
hxxp://sondres1.ddns.net/
hxxp://sonkar412.duckdns.org/
hxxp://sorry.duckdns.org/
hxxp://soso.noip.us/
hxxp://specre.com/
hxxp://spicymemes.duckdns.org/
hxxp://spiel007.ddns.org/
hxxp://spofy.ddns.net/
hxxp://spynote-web.dynu.com/
hxxp://sramic.ddns.net/
hxxp://ssjf.myftp.biz/
hxxp://standby1537.duckdns.org/
hxxp://storing.hopto.org/
hxxp://strateg.ddns.net/
hxxp://superlegitratvirus.ddns.net/
hxxp://svn-01.ddns.net/
hxxp://sweetman2020.no-ip.biz/
hxxp://system32.com/
hxxp://taha100iq.hopto.org/
hxxp://taherhacker.hopto.org/
hxxp://tak.no-ip.info/
hxxp://takpar67.no-ip.biz/
hxxp://taras1928.ddns.net/
hxxp://targi01.hopto.org/
hxxp://tatacall.servebeer.com/
hxxp://tataline.hopto.org/
hxxp://tedy1993.ddns.net/
hxxp://test.pagez.kr/
hxxp://test145.ddns.net/
hxxp://test29.ddns.net/
hxxp://testan.ddns.net/
hxxp://testandro.ddns.net/
hxxp://testapkk.hopto.org/
hxxp://testkps.ddns.net/
hxxp://testsr.ddns.net/
hxxp://testsss.ddns.net/
hxxp://testxy.ddns.net/
hxxp://theblack16.ddns.net/
hxxp://thedroidjack.ddns.net/
hxxp://thegangsterrap.noip.me/
hxxp://thegod2.ddns.net/
hxxp://thekillers.ddns.net/
hxxp://themayhen23.no-ip.org/
hxxp://tnaxin.msns.cn/
hxxp://tomyyk.ddns.net/
hxxp://tonyjony.ddns.net/
hxxp://topmax.myq-see.com/
hxxp://toyman6699.no-ip.info/
hxxp://trythelast.no-ip.org/
hxxp://tunisvista.3utilities.com/
hxxp://udown.ddns.net/
hxxp://ufologlyly.ddns.net/
hxxp://umar14344.ddns.net/
hxxp://unknownuser.no-ip.biz/
hxxp://updater.myftp.org/
hxxp://updatesystem.dynu.com/
hxxp://updatexxx.hopto.org/
hxxp://usa.myftp.biz/
hxxp://usa2222.ddns.net/
hxxp://userframer.sytes.net/
hxxp://usernamegopro1.ddns.net/
hxxp://usmh.myq-see.com/
hxxp://uzzal619.viewdns.net/
hxxp://vajausing.dynu.com/
hxxp://vego.ddns.net/
hxxp://vetalamator1.ddns.net/
hxxp://viagra.jumpingcrab.com/
hxxp://victim.no-ip.org/
hxxp://vigo.hopto.org/
hxxp://vikas.no-ip.biz/
hxxp://villevalo.chickenkiller.com/
hxxp://vipcoon.com/
hxxp://vipmustafa.no-ip.info/
hxxp://vpn0.ddns.net/
hxxp://vwelxv.ddns.net/
hxxp://w0rm32.ddns.net/
hxxp://warl10ck.ddns.net/
hxxp://warrirrs.no-ip.org/
hxxp://wasawalid.hopto.org/
hxxp://wassam100.ddns.net/
hxxp://wasxmrtdub.ddns.net/
hxxp://wcvwcv.picp.net/
hxxp://webhack2017.ddns.net/
hxxp://webi7.ddns.info/
hxxp://weedforlifehacker.ddns.net/
hxxp://welcomeheretomept.ddns.net/
hxxp://williettinger.cc/
hxxp://win32.ddns.net/
hxxp://windows12345.ddns.net/
hxxp://windows7trojan.ddns.net/
hxxp://winserver.dlinkddns.com/
hxxp://woaisue.3322.org/
hxxp://wogusnb.no-ip.info/
hxxp://wombocombo.mooo.com/
hxxp://wtfwtf.duckdns.org/
hxxp://xa1newold.hopto.org/
hxxp://xilto.duckdns.org/
hxxp://xingyuekeji.f3322.net/
hxxp://xmppegy.com/
hxxp://xnxx123.publicvm.com/
hxxp://xos1982.ddns.net/
hxxp://xtiger007.ddns.net/
hxxp://xzoro2016.no-ip.info/
hxxp://yangweb.f3322.net/
hxxp://yassinescaleo.ddns.net/
hxxp://younix.ddns.net/
hxxp://yousefehab11.ddns.net/
hxxp://youseffathii.ddns.net/
hxxp://youssef-1234.hopto.org/
hxxp://yuosaf1993.ddns.net/
hxxp://yurimacedo1.ddns.net/
hxxp://za3blawy.ddns.net/
hxxp://zaboza2020.ddns.net/
hxxp://zaheerkhan786.ddns.net/
hxxp://zakifr.no-ip.biz/
hxxp://zal75zk.ddns.net/
hxxp://zaliminxx.duckdns.org/
hxxp://zaqatala.dynu.com/
hxxp://zennone.ddns.net/
hxxp://zero228.ddns.net/
hxxp://zoheirdroidjack.zapto.org/
hxxp://zokor-zokor.ddns.net/
hxxp://zongkahani.no-ip.biz/
hxxp://zouhr9.hopto.org/
hxxp://zxczxczxc.ddns.net/
Dear blog readers - it's been a while since I've last posted a quality update following my disappearance and possible kidnapping attempt circa 2010 but as many of you have noticed I've recently published a variety of research and CYBERINT type of articles in a variety of areas which means that I'll be shortly returning to the usual blogging rhythm successfully publishing a quality set of research articles anytime soon. I've also wanted to let you know that I've recently launched an extremely popular News Portal called Unit-123 offering practical advice to the U.S Intelligence Community including Cyber Warriors and Cyber Warfare experts including a Cyber Security and Hacking Community called Offensive Warfare including a Bitcoin soliciting bid on the Dark Web for the upcoming launch of a proprietary custom-based Virtual Reality Social Network for Hackers and Security Experts called Cybertronics (dzxvmqrl3rjxbzuer6vv5ejahniz2nefqxfmwspfmvzjo4xxzm7n4xad.onion) including the usual interview spree in an attempt to land a permanent job position as I've been working on a variety of personal and proprietary Security and OSINT projects.- Are you interested in having me speak at your event? Are you interested in inviting me to join a classified and potentially sensitive event or research group? Are you interested in becoming a writer at this blog? Are you interested in advertising at this blog? Feel free to approach me - disruptive.individuals@gmail.com
- Exposing Iran's Most Wanted Cybercriminals - FBI Most Wanted Checklist - OSINT Analysis
- Exposing Yet Another Currently Active Fraudulent and Malicious Pro-Hamas Online Infastructure
- Flashpoint Intel Official Web Site Serving Malware - An Analysis
- Historical OSINT - "I Know Who DDoS-ed Georgia and Bobbear.co.uk Last Summer"
- Historical OSINT - A Peek Inside The Georgia Government's Web Site Compromise Malware Serving Campaign - 2010
- Historical OSINT - Profiling a Rogue and Malicious Domain Portfolio of OEM-Pirated Software
- Historical OSINT - Able Express Courier Service Re-Shipping Mule Recruitment Scam Spotted in the Wild
- Historical OSINT - Global Postal Express Re-Shipping Mule Recruitment Scam Spotted in the Wild
- Historical OSINT - Re-Shipping Money Mule Recruitment "Your Shipping Panel LLC" Scam Domain Portfolio Spotted in the Wild
- The Threat Intelligence Market Segment - A Complete Mockery and IP Theft Compromise - An Open Letter to the U.S Intelligence Community
- Historical OSINT - A Portfolio of Fake Tech Support Scam Domains - An Analysis
- Historical OSINT - Georgian Justice Department and Georgia Ministry of Defense Compromised Serving Malware Courtesy of the Kneber Botnet
- Historical OSINT - The Russian Business Network Says "Hi"
- Profiling "Innovative Marketing" - The Flagship Malvertising andf Scareware Distributor - Circa 2008 - An OSINT Analysis
- Exposing Evgeniy Mikhaylovich Bogachev and the "Jabber ZeuS" Gang - An OSINT Analysis
- Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts
In this post I'll walk you though the story of my disappearance including a brief introduction and explanation of my "hacker enthusiast" years circa the 90's where I've been busy doing "lawful surveillance" and "lawful interception" throughout my teenage years while I was not busy working full-time with several H/C/P/A (Hacking/Cracking/Phreaking/Anarchy) groups as a full-time member practically setting up the foundations of the Threat Intelligence market segment a few years later including the basics of Technical Collection type of position including Independent Contractor working under NDA in a post 9/11 World including a personal greeting to everyone who's been approaching me and reaching out offering support and technical and operational "know-how" including general "say hi" advice.
I want to express a personal gratitude to a good old research friend - Internet Anthropologist - who actually initiated a track-down action and managed to indirectly find me circa 2010 with the help of international and Bulgarian law-enforcement including fellow colleagues and friends from the Security Industry and U.S Intelligence Community circa 2008-2013 who attempted to track me down and find out more about my disappearance.
In this post I'll discuss my visit to the GCHQ circa 2008 with the Honeynet Project including an in-depth discussion on my "lawful interception" and "lawful surveillance" experience circa the 90's throughout my teenage hacker years including an in-depth discussion on the hacking Scene that I was proud to be a member of throughout the 90's having successfully participated in a variety of community and commercial projects including a personal thanks to the following friends and colleagues for offering support and keeping track of my research:
- Jamie Riden for making a personal contribution to my PayPal account for research purposes
- Steve Santorelli from Team Cymru for expressing interest in a proprietary Threats Database
- Michal Salat for participating in a brief trial of my Threat Data service
- Ian Cook for making a personal introduction to my current part-time employer KCS Group Europe
- Jeffrey Bardin from Treadstone71 who reached out and offered employment opportunity
- Harrison Cook who's been persistently donating and reaching out to support the Offensive Warfare 2.0 community
- John Young from Cryptome.org who helped spread the word about the Offensive Warfare 2.0 Community
- Liran Sorani from Webhose for the opportunity to participate in a part-time project
An In-depth Analysis of the Hacking Scene circa the 90's through the prism of Dancho Danchev also known as tHe mAnIaC:
In a World where we've successfully set the foundation of offensive clandestine and psychological operations including the foundations of Technical Collection and the foundations of the Threat Intelligence market segment including the persistent emphasis on cyber threats facing U.S Government and U.S National Infrastructure in the context of enriching and disseminating actionable Threat Intelligence on a variety of U.S Intelligence Community including academic partners throughout the past decade successfully leading me to participate in a Top Secret GCHQ Surveillance and Monitoring Program basically keeping track of hackers and security researchers on Twitter for proactive Cyber Defense and OSINT purposes called "Lovely Horse" including a possible "4th Party Collection" trend-setting initiative circa 2008-2013 labeling some of my research as a possible "4th Party Collection" partner of U.S Intelligence Community including the tracking and take down of the Koobface botnet including my experience as a Managing Director of "The Underground" also known as Astalavista Security Group's Astalavista.com (Security Interviews - Part 01; Security Interviews - Part 02; Security Interviews - Part 03) throughout 2003-2006 with my ex-girlfriend now partner in life - Yordanka Ilieva - when we used to rock the boat - and are prone to do so. Takes you back doesn't it? Keep reading.
Personal Photo of bedroom hacker - today's leading expert in the field of cybercrime research security blogging and threat intelligence gathering - Dancho Danchev also known as the tHe mAnIaC circa the 90's with his hacker girlfriend - Yordanka Ilieva - including various personal projects circa the 90's
- I happen to have directly established a connection with one of the primary Sub7 Trojan Horse authors HeLLfiReZ which makes me pretty close to Steve Gibson in one way or another - throughout the 90's where we exchanged Trojan Horse samples while I was busy working for Trojan Defense Suite and the infamous Lockdown2000 anti-trojan software suite where I was busy working on signatures and help-guides compilation while I was also busy being a member of several hacking groups primarily found on the Cyberarmy.com Top 50 Hacking List including Progenic.com Top 100 hacking sites list.
- Mail-bombing was a trend - in particular my personal experience of making jokes with friends who were unable to take care of 100+ email messages in their Inbox
- Mass-Mailing List subscription - in particular the fact that my friends were not capable of finding a productive way to get rid of the messages and unsubscribe themselves
- Telephony Denial of Service attack circa the 90's exploiting a popular for Eastern Europe Mail2SMS mobile provider feature - in particular the fact that it's not necessarily a pleasant experience to get rid of 100+ SMS messages received in a short-period of time
- "Lawful Interception" of friends - something else that I'm not particularly proud of is my "lawful surveillance" and "lawful interception" experience and capabilities of people that I knew and that I used to know largely driven by the need to explore and learn more
- Corporate Experience in the field of anti-trojan detection technologies and categorization - in particular my experience in creating trojan horse signatures and writing actual technical descriptions for the purpose of improving my employer's overall detection rate for a variety of trojan horse vendors circa the 90's.
Do you remember my work from the 90's? Are you familiar with the Scene circa the 90's? Feel free to approach me - disruptive.individuals@gmail.com or make a PayPal donation using my PayPal ID: dancho.danchev@hush.com for the purpose of fueling growth into my research.
Historical OSINT - Georgian Justice Department and Georgia Ministry of Defense Compromised Serving Malware Courtesy of the Kneber Botnet
- September 11, 2019
Related malicious URLs known to have participated in the campaign:
hxxp://officialweightlosshelp.org/wp-admin/report.zip
Spread URL found within the config:
hxxp://www.adventure-center.net/upload/x.txt - 195.70.48.67
Related compromised malicious URLs known to have participated in the campaign:
hxxp://new.justice.gov.ge/files/Headers/in.txt
hxxp://new.justice.gov.ge/files/Headers/fresh.txt
hxxp://new.justice.gov.ge/files/Headers/rollers1.php
Related MD5s known to have participated in the campaign:
MD5: d0c0a2e6b30f451f69df9e2514ba36f2
MD5: 974a4a516260a4fafb36234897469013
MD5: ecb7304f838efb8e30a21189458b8544
MD5: 81b3bff487fc9a02e10288114fc2b5be
MD5: 234523904033f8dc692c743cbcf5cf2b
MD5: e2fffaffc1064d24e7ea6bab90fd86fc
MD5: 5941c9b5bd567c5baaecc415e453b5c8
MD5: 0ff325365f1d8395322d1ef0525f3b1f
MD5: 4437617b7095ed412f3c663d4b878c30
MD5: eb66a3e11690069b28c38cea926b61d2
MD5: 2b7e4b7c5faf45ebe48df580b63c376b
Known to have participated in the campaign are also the following two domains part of the Hilary Kneber botnet:
hxxp://dnicenter.com - Email: abuseemaildhcp@gmail.com
hxxp://dhsorg.org - Email: hilarykneber@yahoo.com
Related malicious download location URLs known to have participated in the campaign:
hxxp://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
hxxp://rapidshare.com/files/318309046/CYBERCAFE.zip.html
hxxp://www.sendspace.com/file/fmbt01
hxxp://hkcaregroup.com/modlogan/MILSOFT.zip
hxxp://rapidshare.com/files/320369638/MILSOFT.zip.html
hxxp://fcpra.org/downloads/MILSOFT.zip
hxxp://fcpra.org/downloads/winupdate.zip
hxxp://www.sendspace.com/file/tj373l
hxxp://mv.net.md/update/update.zip - 195.22.225.5
hxxp://www.sendspace.com/file/7jmxtq
hxxp://mv.net.md/dsb/DSB.zip
hxxp://www.sendspace.com/file/rdxgzd
hxxp://timingsolution.com/Doc/BULLETIN.zip
hxxp://www.sendspace.com/file/goz3yd
hxxp://dnicenter.com/docs/report.zip
hxxp://dhsorg.org/docs/instructions.zip - 222.122.60.186; 222.122.60.1
hxxp://www.sendspace.com/file/h96uh1
hxxp://depositfiles.com/files/xj1wvamc4
hxxp://tiesiog.puikiai.lt/report.zip
hxxp://somashop.lv/report.zip
hxxp://www.christianrantsen.dk/report.zip
hxxp://enigmazones.eu/report.zip
hxxp://www.christianrantsen.dk/report.zip
hxxp://enigmazones.eu/report.zip
hxxp://gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN.zip
hxxp://quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN.zip - 66.147.242.169
Related malicious and fraudulent domains known to have participated in the campaign:
hxxp://dhsinfo.info - 218.240.28.34
hxxp://greylogic.info - 218.240.28.34; 218.240.28.4
hxxp://intelfusion.info - 218.240.28.34
hxxp://greylogic.org - 222.122.60.1
Related malicious MD5s known to have participated in the campaign:
MD5: 8b3a3c4386e4d59c6665762f53e6ec8e
MD5: 5fb94eef8bd57fe8e20ccc56e33570c5
MD5: 28c4648f05f46a3ec37d664cee0d84a8
Once executed a sample malware phones back to the following C&C server IPs:
hxxp://from-us-with-love.info - 91.216.141.171
hxxp://from-us-with-love.info/imglov/zmpt4d/n16v18.bin
hxxp://vittles.mobi - 174.132.255.10
hxxp://nicupdate.com - 85.31.97.194
Related malicious and fraudulent IPs known to have participated in the Hilary Kneber botnet campaign:
hxxp://58.218.199.239
hxxp://59.53.91.102
hxxp://60.12.117.147
hxxp://61.235.117.71
hxxp://61.235.117.86
hxxp://61.4.82.216
hxxp://193.104.110.88
hxxp://95.169.186.103
hxxp://222.122.60.186
hxxp://217.23.10.19
hxxp://85.17.144.78
hxxp://200.106.149.171
hxxp://200.63.44.192
hxxp://200.63.46.134
hxxp://91.206.231.189
hxxp://124.109.3.135
hxxp://61.61.20.134
hxxp://91.206.201.14
hxxp://91.206.201.222
hxxp://91.206.201.8
hxxp://216.104.40.218
hxxp://69.197.128.203
Related malicious and fraudulent domains known to have participated in the Hilary Kneber botnet campaign:
hxxp://123.30d5546ce2d9ab37.d99q.cn
hxxp://d99q.cn
hxxp://524ay.cn
hxxp://adcounters.net
hxxp://adobe-config-s3.net
hxxp://mywarworld.cn
hxxp://aqaqaqaq.com
hxxp://avchecker123.com
hxxp://bizelitt.com
hxxp://biznessnews.cn
hxxp://bizuklux.cn
hxxp://fcrazy.com
hxxp://fcrazy.eu
hxxp://boolred.in
hxxp://brans.pl
hxxp://britishsupport.net
hxxp://bulkbin.cn
hxxp://chaujoi.cn
hxxp://checkvirus.net
hxxp://chinaoilfactory.cn
hxxp://chris25project.cn
hxxp://client158.faster-hosting.com
hxxp://cwbnewsonline.cn
hxxp://cxzczxccc.com.cn
hxxp://dasfkjsdsfg.biz
hxxp://dia2.cn
hxxp://digitalinspiration.e37z.cn
hxxp://dolbanov.net
hxxp://dolcegabbana.djbormand.cn
hxxp://djbormand.cn
hxxp://download.sttcounter.cn - 61.61.20.134; 211.95.78.98
hxxp://sttcounter.cn
hxxp://dred3.cn
hxxp://dsfad.in
hxxp://e37z.cn
hxxp://e58z.cn
hxxp://electrofunny.cn
hxxp://electromusicnow.cn
hxxp://elsemon.cn
hxxp://fcrazy.info
hxxp://filemarket.net
hxxp://flo5.cn
hxxp://footballcappers.biz
hxxp://fobsl.cn
hxxp://forum.d99q.cn
hxxp://gamno6.cn
hxxp://gidrasil.cn
hxxp://gifts2010.net
hxxp://ginmap.cn
hxxp://giopnon.cn
hxxp://gksdh.cn
hxxp://glousc.com
hxxp://gnfdt.cn
hxxp://gold-smerch.cn
hxxp://goldenmac.cn
hxxp://google.maniyakat.cn
hxxp://maniyakat.cn
hxxp://greenpl.com
hxxp://grizzli-counter.com
hxxp://grobin1.cn
hxxp://inpanel.cn
hxxp://itmasterz.org
hxxp://iuylqb.cn
hxxp://kaizerr.org
hxxp://keepmeupdated.cn
hxxp://khalej.cn
hxxp://kimosimotuma.cn
hxxp://klaikius.com
hxxp://klitar.cn
hxxp://kolordat482.com
hxxp://kotopes.cn
hxxp://liagand.cn
hxxp://love2coffee.cn
hxxp://majorsoftwareupdate.info
hxxp://marcusmed.com
hxxp://mcount.net
hxxp://mega-counter.com
hxxp://monstersoftware.info
hxxp://morsayniketamere.cn
hxxp://mydailymail.cn
hxxp://mynewworldorder.cn
hxxp://newsdownloads.cn
hxxp://nit99.biz
hxxp://nm.fcrazy.com
hxxp://nmalodbp.com
hxxp://not99.biz
hxxp://online-counter.cn
hxxp://pedersii.net
hxxp://piramidsoftware.info
hxxp://popupserf.cn
hxxp://qaqaqaqa.com
hxxp://qaqaqaqa.net
hxxp://qbxq16.com
hxxp://redlinecompany.ravelotti.cn
hxxp://ravelotti.cn
hxxp://relevant-information.cn
Related Hilary Kneber botnet posts:
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Dissecting the Exploits/Scareware Serving Twitter Spam Campaign
Koobface Botnet Starts Serving Client-Side Exploits
Known to have participated in the campaign are also the following two domains part of the Hilary Kneber botnet:
hxxp://dnicenter.com - Email: abuseemaildhcp@gmail.com
hxxp://dhsorg.org - Email: hilarykneber@yahoo.com
Related malicious download location URLs known to have participated in the campaign:
hxxp://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
hxxp://rapidshare.com/files/318309046/CYBERCAFE.zip.html
hxxp://www.sendspace.com/file/fmbt01
hxxp://hkcaregroup.com/modlogan/MILSOFT.zip
hxxp://rapidshare.com/files/320369638/MILSOFT.zip.html
hxxp://fcpra.org/downloads/MILSOFT.zip
hxxp://fcpra.org/downloads/winupdate.zip
hxxp://www.sendspace.com/file/tj373l
hxxp://mv.net.md/update/update.zip - 195.22.225.5
hxxp://www.sendspace.com/file/7jmxtq
hxxp://mv.net.md/dsb/DSB.zip
hxxp://www.sendspace.com/file/rdxgzd
hxxp://timingsolution.com/Doc/BULLETIN.zip
hxxp://www.sendspace.com/file/goz3yd
hxxp://dnicenter.com/docs/report.zip
hxxp://dhsorg.org/docs/instructions.zip - 222.122.60.186; 222.122.60.1
hxxp://www.sendspace.com/file/h96uh1
hxxp://depositfiles.com/files/xj1wvamc4
hxxp://tiesiog.puikiai.lt/report.zip
hxxp://somashop.lv/report.zip
hxxp://www.christianrantsen.dk/report.zip
hxxp://enigmazones.eu/report.zip
hxxp://www.christianrantsen.dk/report.zip
hxxp://enigmazones.eu/report.zip
hxxp://gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN.zip
hxxp://quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN.zip - 66.147.242.169
Related malicious and fraudulent domains known to have participated in the campaign:
hxxp://dhsinfo.info - 218.240.28.34
hxxp://greylogic.info - 218.240.28.34; 218.240.28.4
hxxp://intelfusion.info - 218.240.28.34
hxxp://greylogic.org - 222.122.60.1
Related malicious MD5s known to have participated in the campaign:
MD5: 8b3a3c4386e4d59c6665762f53e6ec8e
MD5: 5fb94eef8bd57fe8e20ccc56e33570c5
MD5: 28c4648f05f46a3ec37d664cee0d84a8
Once executed a sample malware phones back to the following C&C server IPs:
hxxp://from-us-with-love.info - 91.216.141.171
hxxp://from-us-with-love.info/imglov/zmpt4d/n16v18.bin
hxxp://vittles.mobi - 174.132.255.10
hxxp://nicupdate.com - 85.31.97.194
Related malicious and fraudulent IPs known to have participated in the Hilary Kneber botnet campaign:
hxxp://58.218.199.239
hxxp://59.53.91.102
hxxp://60.12.117.147
hxxp://61.235.117.71
hxxp://61.235.117.86
hxxp://61.4.82.216
hxxp://193.104.110.88
hxxp://95.169.186.103
hxxp://222.122.60.186
hxxp://217.23.10.19
hxxp://85.17.144.78
hxxp://200.106.149.171
hxxp://200.63.44.192
hxxp://200.63.46.134
hxxp://91.206.231.189
hxxp://124.109.3.135
hxxp://61.61.20.134
hxxp://91.206.201.14
hxxp://91.206.201.222
hxxp://91.206.201.8
hxxp://216.104.40.218
hxxp://69.197.128.203
Related malicious and fraudulent domains known to have participated in the Hilary Kneber botnet campaign:
hxxp://123.30d5546ce2d9ab37.d99q.cn
hxxp://d99q.cn
hxxp://524ay.cn
hxxp://adcounters.net
hxxp://adobe-config-s3.net
hxxp://mywarworld.cn
hxxp://aqaqaqaq.com
hxxp://avchecker123.com
hxxp://bizelitt.com
hxxp://biznessnews.cn
hxxp://bizuklux.cn
hxxp://fcrazy.com
hxxp://fcrazy.eu
hxxp://boolred.in
hxxp://brans.pl
hxxp://britishsupport.net
hxxp://bulkbin.cn
hxxp://chaujoi.cn
hxxp://checkvirus.net
hxxp://chinaoilfactory.cn
hxxp://chris25project.cn
hxxp://client158.faster-hosting.com
hxxp://cwbnewsonline.cn
hxxp://cxzczxccc.com.cn
hxxp://dasfkjsdsfg.biz
hxxp://dia2.cn
hxxp://digitalinspiration.e37z.cn
hxxp://dolbanov.net
hxxp://dolcegabbana.djbormand.cn
hxxp://djbormand.cn
hxxp://download.sttcounter.cn - 61.61.20.134; 211.95.78.98
hxxp://sttcounter.cn
hxxp://dred3.cn
hxxp://dsfad.in
hxxp://e37z.cn
hxxp://e58z.cn
hxxp://electrofunny.cn
hxxp://electromusicnow.cn
hxxp://elsemon.cn
hxxp://fcrazy.info
hxxp://filemarket.net
hxxp://flo5.cn
hxxp://footballcappers.biz
hxxp://fobsl.cn
hxxp://forum.d99q.cn
hxxp://gamno6.cn
hxxp://gidrasil.cn
hxxp://gifts2010.net
hxxp://ginmap.cn
hxxp://giopnon.cn
hxxp://gksdh.cn
hxxp://glousc.com
hxxp://gnfdt.cn
hxxp://gold-smerch.cn
hxxp://goldenmac.cn
hxxp://google.maniyakat.cn
hxxp://maniyakat.cn
hxxp://greenpl.com
hxxp://grizzli-counter.com
hxxp://grobin1.cn
hxxp://inpanel.cn
hxxp://itmasterz.org
hxxp://iuylqb.cn
hxxp://kaizerr.org
hxxp://keepmeupdated.cn
hxxp://khalej.cn
hxxp://kimosimotuma.cn
hxxp://klaikius.com
hxxp://klitar.cn
hxxp://kolordat482.com
hxxp://kotopes.cn
hxxp://liagand.cn
hxxp://love2coffee.cn
hxxp://majorsoftwareupdate.info
hxxp://marcusmed.com
hxxp://mcount.net
hxxp://mega-counter.com
hxxp://monstersoftware.info
hxxp://morsayniketamere.cn
hxxp://mydailymail.cn
hxxp://mynewworldorder.cn
hxxp://newsdownloads.cn
hxxp://nit99.biz
hxxp://nm.fcrazy.com
hxxp://nmalodbp.com
hxxp://not99.biz
hxxp://online-counter.cn
hxxp://pedersii.net
hxxp://piramidsoftware.info
hxxp://popupserf.cn
hxxp://qaqaqaqa.com
hxxp://qaqaqaqa.net
hxxp://qbxq16.com
hxxp://redlinecompany.ravelotti.cn
hxxp://ravelotti.cn
hxxp://relevant-information.cn
Related Hilary Kneber botnet posts:
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Dissecting the Exploits/Scareware Serving Twitter Spam Campaign
Koobface Botnet Starts Serving Client-Side Exploits
;;
Subscribe to:
Posts (Atom)
