Analysis Overview
SHA256
7cac55dcd6c4c1501b91d4e3571e8a376a111cefd1b5e9875a8799bece882d44
Threat Level: Known bad
The file 5c666aed70980ea1d08ad44459eaacaa.bin was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Glupteba
Glupteba payload
SmokeLoader
DcRat
Downloads MZ/PE file
Modifies Windows Firewall
Contacts a large (658) amount of remote hosts
Reads data files stored by FTP clients
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
UPX packed file
Deletes itself
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Checks processor information in registry
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 01:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 01:28
Reported
2024-02-29 01:31
Platform
win7-20240221-en
Max time kernel
136s
Max time network
149s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\65C5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\65C5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7E37.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\65C5.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\65C5.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2616 set thread context of 2980 | N/A | C:\Users\Admin\AppData\Local\Temp\65C5.exe | C:\Users\Admin\AppData\Local\Temp\65C5.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7E37.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe
"C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe"
C:\Users\Admin\AppData\Local\Temp\65C5.exe
C:\Users\Admin\AppData\Local\Temp\65C5.exe
C:\Users\Admin\AppData\Local\Temp\65C5.exe
C:\Users\Admin\AppData\Local\Temp\65C5.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6CF7.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6CF7.dll
C:\Users\Admin\AppData\Local\Temp\7E37.exe
C:\Users\Admin\AppData\Local\Temp\7E37.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 124
C:\Users\Admin\AppData\Local\Temp\8672.exe
C:\Users\Admin\AppData\Local\Temp\8672.exe
C:\Users\Admin\AppData\Local\Temp\A20D.exe
C:\Users\Admin\AppData\Local\Temp\A20D.exe
C:\Users\Admin\AppData\Local\Temp\B705.exe
C:\Users\Admin\AppData\Local\Temp\B705.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\u1mg.0.exe
"C:\Users\Admin\AppData\Local\Temp\u1mg.0.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\taskeng.exe
taskeng.exe {1306C29E-18E0-4817-A946-4641537DDDE3} S-1-5-21-2297530677-1229052932-2803917579-1000:HKULBIBU\Admin:Interactive:[1]
C:\Users\Admin\AppData\Local\Temp\u1mg.1.exe
"C:\Users\Admin\AppData\Local\Temp\u1mg.1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| N/A | 127.0.0.1:49224 | tcp | |
| US | 147.135.64.217:443 | tcp | |
| DE | 162.19.244.234:443 | tcp | |
| FR | 51.159.195.41:993 | tcp | |
| FR | 51.159.195.41:993 | tcp | |
| DE | 162.19.244.234:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| KR | 211.119.84.111:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 104.21.29.103:80 | joly.bestsup.su | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | gmbol.pl | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | verozez.zej | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | gmbol.pl | udp |
| US | 8.8.8.8:53 | mobmo.edu | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.pl | udp |
| US | 8.8.8.8:53 | verozez.zej | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | mobmo.edu | udp |
| US | 8.8.8.8:53 | mbxb.bsob | udp |
| US | 8.8.8.8:53 | sjudezjs.dkuj.bc.ke | udp |
| US | 8.8.8.8:53 | jblezje.jls.edu.pe | udp |
| US | 8.8.8.8:53 | sjudezjs.dkuj.bc.ke | udp |
| US | 8.8.8.8:53 | bzdremedbbpps.cem.mx | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | jblezje.jls.edu.pe | udp |
| US | 8.8.8.8:53 | mbxb.bsob | udp |
| US | 8.8.8.8:53 | jblezje.jls.edu.pe | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | jbblom.mb | udp |
| US | 8.8.8.8:53 | ozjerob.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | obrzy.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | jbblom.mb | udp |
| US | 8.8.8.8:53 | bzdremedbbpps.cem.mx | udp |
| US | 8.8.8.8:53 | jbblom.mb | udp |
| US | 8.8.8.8:53 | ozjerob.cem | udp |
| US | 8.8.8.8:53 | bzdremedbbpps.cem.mx | udp |
| US | 8.8.8.8:53 | ozjerob.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | bzdremedbbpps.cem.mx | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | eujleek.fr | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | uoewb.edu | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | obrzy.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | orbzmbrcepele.cem | udp |
| US | 8.8.8.8:53 | eujleek.fr | udp |
| US | 8.8.8.8:53 | uoewb.edu | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | deureluz.cem | udp |
| US | 8.8.8.8:53 | ocleud.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | orbzmbrcepele.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | deureluz.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ocleud.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | sel8.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | sel8.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.jw | udp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | blu.cbjmbrobzosjes.cem | udp |
| US | 8.8.8.8:53 | msz.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | jhejbxselujoez.cb | udp |
| US | 8.8.8.8:53 | ybhee.cem.jw | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | msz.cem | udp |
| US | 8.8.8.8:53 | ftp.verozez.zej | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ftp.mobmo.edu | udp |
| US | 8.8.8.8:53 | ftp.sjudezjs.dkuj.bc.ke | udp |
| US | 8.8.8.8:53 | blu.cbjmbrobzosjes.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | mail.ybhee.cem | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ftp.ybhee.fr | udp |
| US | 8.8.8.8:53 | ftp.gmbol.pl | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ftp.jblezje.jls.edu.pe | udp |
| US | 8.8.8.8:53 | cbzlv.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | jhejbxselujoez.cb | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | efppj-edu.mb | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.bzdremedbbpps.cem.mx | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | efppj-edu.mb | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ftp.bzdremedbbpps.cem.mx | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ftp.obrzy.cem | udp |
| US | 8.8.8.8:53 | ftp.gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | mail.sjudezjs.dkuj.bc.ke | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | mail.ybhee.fr | udp |
| US | 8.8.8.8:53 | ftp.jbblom.mb | udp |
| US | 8.8.8.8:53 | ftp.eujleek.cem | udp |
| US | 8.8.8.8:53 | whu.edu.cz | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | whu.edu.cz | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ftp.mbxb.bsob | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | educbcoez.zbvbrrb.es | udp |
| US | 8.8.8.8:53 | ftp.ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.jblezje.jls.edu.pe | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | blremejers.ce.zb | udp |
| US | 8.8.8.8:53 | educbcoez.zbvbrrb.es | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.gmbol.cem.br | udp |
| US | 8.8.8.8:53 | blremejers.ce.zb | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | blremejers.ce.zb | udp |
| US | 8.8.8.8:53 | ssh.gmbol.cem.br | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | myzej.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | educbcoez.zbvbrrb.es | udp |
| US | 8.8.8.8:53 | gmbol.cem.br | udp |
| US | 8.8.8.8:53 | ftp.eujleek.fr | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | myzej.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ftp.orbzmbrcepele.cem | udp |
| US | 8.8.8.8:53 | ftp.gmbol.cem.br | udp |
Files
memory/2412-1-0x0000000001E90000-0x0000000001F90000-memory.dmp
memory/2412-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2412-3-0x0000000000400000-0x0000000001A2B000-memory.dmp
memory/2412-5-0x0000000000400000-0x0000000001A2B000-memory.dmp
memory/1204-4-0x0000000002DD0000-0x0000000002DE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\65C5.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2616-17-0x0000000003650000-0x0000000003808000-memory.dmp
memory/2616-20-0x0000000003650000-0x0000000003808000-memory.dmp
memory/2980-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2616-23-0x0000000003810000-0x00000000039C7000-memory.dmp
memory/2980-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2616-27-0x0000000003650000-0x0000000003808000-memory.dmp
memory/2980-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-31-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-32-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6CF7.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2464-40-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2464-41-0x0000000000130000-0x0000000000136000-memory.dmp
memory/2464-45-0x0000000002740000-0x0000000002868000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 7dbfa1014c5d83d171026c54b1c3872f |
| SHA1 | 98c29ab8c6ccca393af0b89edd7fc340af0d226f |
| SHA256 | e3d18d030e30992deb1bd00a8021f22b887a4e09d9d40f576be6dc583ad0812b |
| SHA512 | ff11b7a300f7e0cf2138322bd4fda2a8cd4e49ed9ebb553cbd5dfaaae2069ae003f3eef1f72d46faa60523693f58b6ff48d0fb34c408605500b246df7020926b |
memory/2464-52-0x0000000002870000-0x000000000297D000-memory.dmp
memory/2464-55-0x0000000002870000-0x000000000297D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7E37.exe
| MD5 | eb334ecb58d60de1fc5f84762b4a944f |
| SHA1 | 64609fbf3ed3e5e5d9500d44934457ad2e382a4c |
| SHA256 | d57a503efdb28c8db382ad35f3be89deba4ed87f1d3c2e55643490ca283f595d |
| SHA512 | bedc8e8c12dbcd2186f1a284cbeb12f18e3dc882da92af0b11ae157ab6e20686ba67c72808aa8aa3899cef45e03f9287ee524ad7c3450855476a4dbf1f6d929f |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 36ed652e39edf9a056a6e1d570cd3c60 |
| SHA1 | f3b2b26a5c0319224a85ea3e3d05ced852ca21ba |
| SHA256 | 52d4a2c30a5a79c0a587c5d79fc2b4e1a762071a56718ba4cbd7225716d3659f |
| SHA512 | 44970121d5e86dac797667ec6081d3f7a8a18552fb6c5212b80eb1743b0fca94edb9e2d67ba20b890fcedd3f56f0f4520ea9c9879a0d5aee5d437fda1a1ab7e5 |
memory/1036-68-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/1036-69-0x0000000000220000-0x0000000000B11000-memory.dmp
memory/1036-71-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/1036-73-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/1036-74-0x0000000077840000-0x0000000077841000-memory.dmp
memory/1036-77-0x00000000001D0000-0x00000000001D1000-memory.dmp
\Users\Admin\AppData\Local\Temp\7E37.exe
| MD5 | d689d942a645a468007b85fdf9413de9 |
| SHA1 | c94e0a7ff515c05a73048f3c6d2dd0c95071c4b6 |
| SHA256 | 82177bd7ae6c995aa53d63d21e5c53883af16f3b84832d5557fe3dfce3cf58cd |
| SHA512 | 525184773ae2e1642e05bee15b58457a995a3225f417a8b26580d306bd292ab880d9768187b6e5c144bf9d4eb3f95f2a2b82f7402eb11b3239740f5412f7608c |
C:\Users\Admin\AppData\Local\Temp\8672.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/1760-88-0x0000000001B40000-0x0000000001C40000-memory.dmp
memory/1760-89-0x00000000002F0000-0x000000000035B000-memory.dmp
memory/1760-93-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/1760-91-0x0000000000400000-0x0000000001A77000-memory.dmp
\Users\Admin\AppData\Local\Temp\7E37.exe
| MD5 | 422db637dbf50842dd07e17ee94816f3 |
| SHA1 | 60e6cd9c324737ccec09e8a1db38d87af9d28ab8 |
| SHA256 | 4a9704a22b1a4dd8902bb3f11c1358f6a84962c0296c38cb1e8453abc24351ce |
| SHA512 | 124a61f149c30951a6b2f8ee5d4653a961d23fbf3aed416605f2f0594af8c2c8909af811f21cf5c74341a4d632ca4c3ff54caa5089965447928209778f69b6d7 |
C:\Users\Admin\AppData\Local\Temp\A20D.exe
| MD5 | 0454be875081197247dcb6b0eb540d30 |
| SHA1 | b650269a1f4e64d0e74d4d36c772b3ce35e7115f |
| SHA256 | acdbc17774b694869a0fbcdc3bad6821440efee1ab74636525c2c3e55a4f402d |
| SHA512 | a236f0864fca7abe73f202ecb8431daa12ed6d0884bc6969570b1180a571983db0263c725cc0ca6cb1f1552fc9a0726aa6f7686bf4d23fa14c9696c965bdadab |
memory/2980-106-0x0000000000400000-0x0000000000848000-memory.dmp
memory/788-108-0x0000000000150000-0x00000000005DC000-memory.dmp
memory/2980-109-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2464-107-0x0000000010000000-0x0000000010202000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A20D.exe
| MD5 | 2c7078b90caee9d791dd338c2441ca32 |
| SHA1 | 56901d99127fd701353ab7c68e66c94c49eb507c |
| SHA256 | 8ad20c4b4c312feb468a58d1748c0d7abba3dd2d0fb8e6bfbee837c47a0e8c5a |
| SHA512 | 000d81908bc2df1f09fcbf0ac50c72079064923f23fbea2ee0868590eaf693dff4246bb0090083aaec6f031b11353147393b710f72cd1e3630c2ecd071401ef6 |
memory/788-113-0x0000000073540000-0x0000000073C2E000-memory.dmp
memory/1760-114-0x0000000000400000-0x0000000001A77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B705.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/2980-128-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-130-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2104-132-0x00000000031E0000-0x0000000003247000-memory.dmp
memory/2104-131-0x0000000000290000-0x0000000000390000-memory.dmp
memory/2104-133-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2980-136-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-137-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-138-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-139-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-146-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-151-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-157-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-162-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-170-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-176-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2136-180-0x0000000003CB0000-0x000000000459B000-memory.dmp
memory/1972-185-0x0000000000230000-0x000000000023B000-memory.dmp
memory/2980-173-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2136-172-0x00000000038B0000-0x0000000003CA8000-memory.dmp
memory/2980-171-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1972-208-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/2980-168-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-167-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-166-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2136-263-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2980-164-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-161-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-158-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-154-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-153-0x0000000000400000-0x0000000000848000-memory.dmp
memory/788-152-0x0000000073540000-0x0000000073C2E000-memory.dmp
memory/1972-410-0x0000000002495000-0x00000000024A3000-memory.dmp
memory/2980-150-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2980-149-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1972-445-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/2136-148-0x00000000038B0000-0x0000000003CA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 277d1546b36f954f6e2a2849b42a411c |
| SHA1 | 90a47d719732fd029402e4fa95d664b615a259ff |
| SHA256 | c2f32201946d6de15605ba78b7ee026373185839af2421b66e787fe859d8faac |
| SHA512 | 11ed096c0b1642d7136628e543ee6b89bf023b2b79b51e3b960967ed9595c852291f700676c7a9e3d0966e00c256d796ee6ee07c77c6a363d925ad658b2ec166 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d935a508089b9cfa5dff650e0617106d |
| SHA1 | 9d921ddc1602abef9683651af16fd7ea8b41dcf2 |
| SHA256 | faf86926b1a67f57829139fd3262a0c008ce51e770955e737fde5d930cd42f6c |
| SHA512 | f26dd07cd6c8b7566375f9c9dde3f70ff3a50e0fd8e35f07b60106a8a89c75cbd89dfcae66b0c96b76e4ed6ca1a0d947d9ac482194dabd05d248c73ce8f2356a |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | df62820e41acc522e7f3b5d1f351ba48 |
| SHA1 | d691f914102065321a68f34b64d818037e1ad3ec |
| SHA256 | e813b8e6cb0deb1629c03f9f556e36090ffb9e52f4875c40712f9e3c60b5a3a1 |
| SHA512 | a4f9fdbba7320ef8ffe45565b6ed248efa54669585b4ee3ad806b258a021208e4bb505d3b324730ee28a4007fbd1c020901b2129df0498a0039fa9fad3704155 |
\Users\Admin\AppData\Local\Temp\u1mg.0.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Temp\u1mg.0.exe
| MD5 | fca19f7c9ce9bb2e1e66dfd64e93cff2 |
| SHA1 | 14b630aa974ecac0a110c0e9c403e9fef4a865fb |
| SHA256 | f7dc2384f8350d7817ba36e537045a2f2823680872bc9662c681eba7fec46a48 |
| SHA512 | 61c8163e98a3db57189aa63194cf6851cc0de182c884b39915d9f7da347033cd9085cf0139ab88aceb713d27a8bd63f25ca9343c195e5e8b6270784d8659053d |
C:\Users\Admin\AppData\Local\Temp\u1mg.0.exe
| MD5 | 9138b3911de9fd72e602a79fb607ab98 |
| SHA1 | 50c2245a5c17d1dbadec43e026ddb21603834e36 |
| SHA256 | c02d1221a17d8502c86709708e98056afad9dbf01e6351b509fdb46a706a094c |
| SHA512 | 3af4f1f1f07a92a60acbb0921e4ffb5516942f61d71132c695afb96fb447175d0be66ae7a2e508d5439fcf857b99de85f41f872894810594448d6f97caedc7b0 |
\Users\Admin\AppData\Local\Temp\u1mg.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
\Users\Admin\AppData\Local\Temp\u1mg.1.exe
| MD5 | 0fb85b1e7ed30de7956b2462e114974d |
| SHA1 | 6e970eeb401f8d57dfdae81b98ee518a577c2186 |
| SHA256 | fd40333f3dd43a6b42f605cac5a8ee7fa8609513b14569268ec22d7ee460b195 |
| SHA512 | a29c38c2ac1cea89926cc7779efb261b1823ee3ecdf6e8584f792a182e13931ea00dd4c1e38f83fb49a1cc239dfff1b1892947d468b2c7325fc0d2ee26319d9e |
\Users\Admin\AppData\Local\Temp\u1mg.1.exe
| MD5 | 0de2159cf8712f4064b2da3bc11755f4 |
| SHA1 | 7c20b9adf1a257be15c29e2090023b97760ca18d |
| SHA256 | ea0fe5e472a2c3412cc703348c797bece948256f1e6ff9c37bd4fe07c885e2ab |
| SHA512 | 874b83556bb1bb25d832ae16ad7b419faa88c5a8a370da5cba2d4bd97c201cf3322a036fc94a7a3fc85ddf917ecb240203aef18bf2bfece54c13ff900605b5f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 01:28
Reported
2024-02-29 01:31
Platform
win10v2004-20240226-en
Max time kernel
73s
Max time network
157s
Command Line
Signatures
DcRat
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Contacts a large (658) amount of remote hosts
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\F5CE.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C505.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C505.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E37C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E811.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F5CE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FF16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C505.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C505.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\E811.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4544 set thread context of 2216 | N/A | C:\Users\Admin\AppData\Local\Temp\C505.exe | C:\Users\Admin\AppData\Local\Temp\C505.exe |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\FF16.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\FF16.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\FF16.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FF16.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe
"C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe"
C:\Users\Admin\AppData\Local\Temp\C505.exe
C:\Users\Admin\AppData\Local\Temp\C505.exe
C:\Users\Admin\AppData\Local\Temp\C505.exe
C:\Users\Admin\AppData\Local\Temp\C505.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CD82.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\CD82.dll
C:\Users\Admin\AppData\Local\Temp\E37C.exe
C:\Users\Admin\AppData\Local\Temp\E37C.exe
C:\Users\Admin\AppData\Local\Temp\E811.exe
C:\Users\Admin\AppData\Local\Temp\E811.exe
C:\Users\Admin\AppData\Local\Temp\F5CE.exe
C:\Users\Admin\AppData\Local\Temp\F5CE.exe
C:\Users\Admin\AppData\Local\Temp\FF16.exe
C:\Users\Admin\AppData\Local\Temp\FF16.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe
"C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe"
C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe
"C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 692
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2340 -ip 2340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 900
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3092 -ip 3092
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 2400
C:\Users\Admin\AppData\Roaming\reivsgs
C:\Users\Admin\AppData\Roaming\reivsgs
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 104.21.94.2:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.94.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| MK | 95.86.30.3:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 3.30.86.95.in-addr.arpa | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 23.129.64.239:443 | tcp | |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 199.249.230.115:443 | tcp | |
| GB | 109.150.12.235:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.21.59.86.in-addr.arpa | udp |
| SE | 213.113.1.191:6881 | tcp | |
| FI | 95.217.112.218:80 | tcp | |
| US | 8.8.8.8:53 | 218.112.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.1.113.213.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| SE | 213.113.1.191:6881 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| FI | 95.217.112.218:80 | tcp | |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:55765 | tcp | |
| N/A | 127.0.0.1:34513 | tcp | |
| US | 8.8.8.8:53 | infoparole.com | udp |
| US | 8.8.8.8:53 | inforetech.com | udp |
| US | 8.8.8.8:53 | innovessio.com | udp |
| US | 8.8.8.8:53 | inoxtanphu.com | udp |
| US | 108.167.141.125:443 | infoparole.com | tcp |
| US | 8.8.8.8:53 | invdymport.com | udp |
| US | 192.190.221.188:443 | innovessio.com | tcp |
| US | 8.8.8.8:53 | investix24.com | udp |
| SG | 172.96.191.101:443 | inoxtanphu.com | tcp |
| US | 8.8.8.8:53 | ioctrading.com | udp |
| KR | 141.164.58.218:443 | inforetech.com | tcp |
| US | 8.8.8.8:53 | iptvqatare.com | udp |
| LT | 84.32.84.32:443 | investix24.com | tcp |
| US | 8.8.8.8:53 | iptvstarup.com | udp |
| IN | 103.129.97.166:443 | ioctrading.com | tcp |
| US | 8.8.8.8:53 | irongym-tr.com | udp |
| US | 8.8.8.8:53 | islameshop.com | udp |
| LT | 46.17.175.37:443 | iptvqatare.com | tcp |
| US | 8.8.8.8:53 | istra-medd.com | udp |
| US | 8.8.8.8:53 | it-rayanco.com | udp |
| US | 195.179.238.167:443 | iptvstarup.com | tcp |
| US | 104.21.38.22:443 | irongym-tr.com | tcp |
| US | 8.8.8.8:53 | itbreakers.com | udp |
| US | 8.8.8.8:53 | upccecbasak.com | udp |
| DE | 37.60.237.114:443 | islameshop.com | tcp |
| US | 8.8.8.8:53 | 125.141.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.221.190.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.191.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.58.164.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.97.129.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.175.17.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| DE | 89.238.65.181:443 | istra-medd.com | tcp |
| DE | 46.4.96.88:80 | it-rayanco.com | tcp |
| US | 8.8.8.8:53 | www.uptondillon.com | udp |
| US | 8.8.8.8:53 | ur1lifeshop.com | udp |
| US | 89.116.192.41:443 | upccecbasak.com | tcp |
| US | 173.236.212.205:443 | itbreakers.com | tcp |
| US | 8.8.8.8:53 | urbanotales.com | udp |
| ES | 185.162.54.12:443 | ur1lifeshop.com | tcp |
| US | 8.8.8.8:53 | usanewsdeal.com | udp |
| US | 8.8.8.8:53 | sashimi-sp.com | udp |
| US | 172.67.220.101:443 | www.uptondillon.com | tcp |
| US | 8.8.8.8:53 | ustedi-ulje.com | udp |
| US | 8.8.8.8:53 | vacgetaways.com | udp |
| US | 8.8.8.8:53 | vaknus-wood.com | udp |
| US | 8.8.8.8:53 | vamosabolsa.com | udp |
| US | 8.8.8.8:53 | vamoshiking.com | udp |
| US | 104.21.76.79:443 | sashimi-sp.com | tcp |
| IN | 89.117.27.77:443 | urbanotales.com | tcp |
| US | 104.234.134.10:443 | usanewsdeal.com | tcp |
| US | 8.8.8.8:53 | vankieptong.com | udp |
| US | 8.8.8.8:53 | vatlieulabo.com | udp |
| US | 8.8.8.8:53 | 22.38.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.238.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.237.60.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.96.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.212.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.192.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.54.162.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.220.67.172.in-addr.arpa | udp |
| DE | 185.216.203.181:443 | ustedi-ulje.com | tcp |
| BR | 89.117.7.83:443 | vamosabolsa.com | tcp |
| FR | 154.49.245.61:443 | vaknus-wood.com | tcp |
| US | 8.8.8.8:53 | veloblareix.com | udp |
| GB | 141.136.43.108:443 | vamoshiking.com | tcp |
| US | 23.231.0.115:443 | vacgetaways.com | tcp |
| US | 8.8.8.8:53 | vencerdores.com | udp |
| US | 8.8.8.8:53 | vibesmodern.com | udp |
| US | 8.8.8.8:53 | vicsuraisne.com | udp |
| US | 8.8.8.8:53 | vidasanavip.com | udp |
| VN | 42.112.16.146:443 | vatlieulabo.com | tcp |
| VN | 45.252.251.31:443 | vankieptong.com | tcp |
| ES | 134.0.11.125:80 | veloblareix.com | tcp |
| US | 108.167.188.45:443 | vencerdores.com | tcp |
| US | 108.62.0.232:443 | vibesmodern.com | tcp |
| US | 8.8.8.8:53 | vigorinvest.com | udp |
| US | 8.8.8.8:53 | viptourcebu.com | udp |
| US | 8.8.8.8:53 | vision-opti.com | udp |
| US | 8.8.8.8:53 | virtualvaxx.com | udp |
| FR | 54.36.91.62:80 | vicsuraisne.com | tcp |
| FR | 54.38.122.177:443 | vidasanavip.com | tcp |
| US | 8.8.8.8:53 | 79.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.134.234.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.203.216.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.43.136.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.0.231.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.7.117.89.in-addr.arpa | udp |
| US | 172.67.176.133:443 | vigorinvest.com | tcp |
| US | 8.8.8.8:53 | visitukland.com | udp |
| US | 8.8.8.8:53 | vividvertex.com | udp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| SG | 156.67.222.241:443 | viptourcebu.com | tcp |
| GB | 195.110.59.53:80 | virtualvaxx.com | tcp |
| US | 8.8.8.8:53 | vstaragency.com | udp |
| US | 8.8.8.8:53 | www.vacgetaways.com | udp |
| US | 8.8.8.8:53 | vtcchartres.com | udp |
| FR | 51.91.236.193:80 | vision-opti.com | tcp |
| US | 8.8.8.8:53 | vulcano-bet.com | udp |
| US | 8.8.8.8:53 | vuniktravel.vn | udp |
| US | 8.8.8.8:53 | www.walkleyhalo.com | udp |
| US | 8.8.8.8:53 | wealthpyvot.com | udp |
| US | 198.252.98.73:443 | vividvertex.com | tcp |
| US | 104.21.31.97:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | wearengaged.com | udp |
| US | 172.67.148.137:443 | visitukland.com | tcp |
| US | 8.8.8.8:53 | wikidormamu.com | udp |
| US | 8.8.8.8:53 | weddinghara.com | udp |
| US | 8.8.8.8:53 | 125.11.0.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.0.62.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.188.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.91.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.16.112.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.252.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.122.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.59.110.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wordpressjy.com | udp |
| US | 8.8.8.8:53 | wowfactorqc.com | udp |
| US | 23.231.0.115:443 | www.vacgetaways.com | tcp |
| DE | 217.160.0.193:443 | vtcchartres.com | tcp |
| SG | 104.248.152.137:443 | vuniktravel.vn | tcp |
| US | 89.117.139.157:443 | wealthpyvot.com | tcp |
| US | 8.8.8.8:53 | wphighlevel.com | udp |
| US | 172.67.180.55:443 | weddinghara.com | tcp |
| US | 107.154.160.13:80 | vstaragency.com | tcp |
| US | 8.8.8.8:53 | wtpro-group.com | udp |
| IS | 185.165.170.250:443 | vulcano-bet.com | tcp |
| US | 8.8.8.8:53 | yatikitchen.com | udp |
| US | 208.113.188.130:443 | www.walkleyhalo.com | tcp |
| US | 104.18.211.89:443 | wearengaged.com | tcp |
| US | 8.8.8.8:53 | youngwonbiz.com | udp |
| US | 8.8.8.8:53 | yssyogawear.com | udp |
| US | 8.8.8.8:53 | zantesunset.com | udp |
| US | 8.8.8.8:53 | zawajfinder.com | udp |
| US | 8.8.8.8:53 | www.vigorinvest.com | udp |
| US | 8.8.8.8:53 | 241.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.236.91.51.in-addr.arpa | udp |
| US | 172.67.222.9:443 | wowfactorqc.com | tcp |
| KR | 183.111.183.76:443 | wikidormamu.com | tcp |
| US | 8.8.8.8:53 | 97.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.98.252.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.148.67.172.in-addr.arpa | udp |
| SG | 23.106.53.146:80 | wordpressjy.com | tcp |
| US | 8.8.8.8:53 | www.yolyardim24.com | udp |
| US | 35.224.194.103:443 | wphighlevel.com | tcp |
| US | 8.8.8.8:53 | zuleimamelo.com | udp |
| US | 8.8.8.8:53 | www.veloblareix.com | udp |
| US | 8.8.8.8:53 | zinmangaapk.com | udp |
| US | 8.8.8.8:53 | irisreviews.com | udp |
| DE | 46.4.69.115:443 | zantesunset.com | tcp |
| US | 66.235.200.145:443 | zawajfinder.com | tcp |
| US | 8.8.8.8:53 | islanderfit.com | udp |
| US | 8.8.8.8:53 | isseoagency.com | udp |
| US | 104.21.5.18:443 | youngwonbiz.com | tcp |
| US | 185.230.63.171:443 | yatikitchen.com | tcp |
| US | 86.38.202.131:443 | yssyogawear.com | tcp |
| UA | 176.111.63.142:80 | wtpro-group.com | tcp |
| US | 8.8.8.8:53 | www.itmafiatech.com | udp |
| TR | 31.186.11.142:443 | www.yolyardim24.com | tcp |
| US | 8.8.8.8:53 | itphanthiet.com | udp |
| US | 104.21.31.126:443 | www.vigorinvest.com | tcp |
| US | 8.8.8.8:53 | 193.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.160.154.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.170.165.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.152.248.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.211.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.183.111.183.in-addr.arpa | udp |
| US | 162.159.137.9:443 | zuleimamelo.com | tcp |
| US | 8.8.8.8:53 | itrepair247.com | udp |
| US | 8.8.8.8:53 | ivanwooddop.com | udp |
| US | 104.21.12.225:443 | isseoagency.com | tcp |
| ZA | 102.222.124.14:443 | www.itmafiatech.com | tcp |
| ES | 134.0.11.125:80 | www.veloblareix.com | tcp |
| SG | 109.106.254.39:443 | zinmangaapk.com | tcp |
| US | 8.8.8.8:53 | jacktaillie.com | udp |
| US | 104.219.248.24:443 | islanderfit.com | tcp |
| US | 8.8.8.8:53 | jaderferraz.com | udp |
| US | 8.8.8.8:53 | www.yatikitchen.com | udp |
| US | 8.8.8.8:53 | jakunamusic.com | udp |
| US | 8.8.8.8:53 | jantetravel.com | udp |
| US | 8.8.8.8:53 | jbeachamlaw.com | udp |
| US | 8.8.8.8:53 | jedrekparzy.com | udp |
| VN | 112.213.89.73:80 | itphanthiet.com | tcp |
| US | 8.8.8.8:53 | 146.53.106.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.69.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.63.230.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.63.111.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.11.186.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.194.224.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jejakkabar7.com | udp |
| US | 8.8.8.8:53 | jijholdings.com | udp |
| US | 8.8.8.8:53 | jobifyindia.com | udp |
| US | 8.8.8.8:53 | jleyvasolar.com | udp |
| US | 103.181.98.8:443 | ivanwooddop.com | tcp |
| US | 34.149.87.45:443 | www.yatikitchen.com | tcp |
| US | 8.8.8.8:53 | joeysnysubs.com | udp |
| US | 8.8.8.8:53 | www.jsmoothlife.com | udp |
| US | 194.195.84.215:443 | itrepair247.com | tcp |
| US | 208.113.188.116:443 | jakunamusic.com | tcp |
| US | 162.241.230.123:443 | jbeachamlaw.com | tcp |
| US | 104.21.46.5:443 | jacktaillie.com | tcp |
| US | 74.208.160.65:443 | jantetravel.com | tcp |
| ID | 103.234.210.238:443 | jejakkabar7.com | tcp |
| US | 8.8.8.8:53 | judaberlian.com | udp |
| US | 8.8.8.8:53 | juguetisexy.com | udp |
| US | 192.185.177.230:443 | jaderferraz.com | tcp |
| US | 8.8.8.8:53 | juridico-ec.com | udp |
| US | 8.8.8.8:53 | www.itbreakers.com | udp |
| US | 8.8.8.8:53 | k-jjang2023.com | udp |
| US | 8.8.8.8:53 | maduraperkasa.com | udp |
| US | 8.8.8.8:53 | kabineconde.com | udp |
| US | 8.8.8.8:53 | kaikasaisei.com | udp |
| US | 8.8.8.8:53 | 225.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.124.222.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.248.219.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.254.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.89.213.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | karmaotomat.com | udp |
| US | 8.8.8.8:53 | www.kasihsyurga.com | udp |
| DE | 5.9.68.102:443 | jedrekparzy.com | tcp |
| US | 75.102.22.216:443 | jleyvasolar.com | tcp |
| FI | 65.109.175.204:443 | jijholdings.com | tcp |
| IN | 217.21.87.95:443 | jobifyindia.com | tcp |
| US | 8.8.8.8:53 | kasyno-news.com | udp |
| US | 8.8.8.8:53 | katie-loans.com | udp |
| US | 8.8.8.8:53 | kausafinita.com | udp |
| US | 8.8.8.8:53 | kawandesain.com | udp |
| US | 165.140.69.238:443 | joeysnysubs.com | tcp |
| US | 108.178.7.22:443 | www.jsmoothlife.com | tcp |
| US | 8.8.8.8:53 | kfmcatering.com | udp |
| US | 8.8.8.8:53 | khelogamess.com | udp |
| US | 8.8.8.8:53 | kinhmatstar.com | udp |
| US | 8.8.8.8:53 | www.kittygarcia.com | udp |
| US | 162.241.2.162:443 | juguetisexy.com | tcp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.98.181.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.84.195.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.160.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.177.185.192.in-addr.arpa | udp |
| US | 173.236.212.205:443 | www.itbreakers.com | tcp |
| US | 104.21.11.136:443 | kaikasaisei.com | tcp |
| NL | 213.5.71.103:443 | kabineconde.com | tcp |
| ID | 45.66.153.74:80 | judaberlian.com | tcp |
| US | 143.198.61.132:443 | k-jjang2023.com | tcp |
| TR | 94.199.200.244:443 | karmaotomat.com | tcp |
| ID | 203.175.9.116:443 | maduraperkasa.com | tcp |
| US | 8.8.8.8:53 | kizzygeorge.com | udp |
| US | 172.67.152.199:443 | katie-loans.com | tcp |
| IS | 82.221.136.40:443 | kasyno-news.com | tcp |
| US | 8.8.8.8:53 | kmsliftbaan.com | udp |
| US | 8.8.8.8:53 | kokowebsite.com | udp |
| US | 8.8.8.8:53 | kombuchakai.com | udp |
| US | 8.8.8.8:53 | ufa9000autobet.com | udp |
| US | 8.8.8.8:53 | kontrolle-k.com | udp |
| US | 8.8.8.8:53 | knittywomen.com | udp |
| US | 8.8.8.8:53 | urbanphnompenh.com | udp |
| US | 173.254.29.38:443 | juridico-ec.com | tcp |
| SG | 156.67.213.88:443 | kawandesain.com | tcp |
| US | 8.8.8.8:53 | ustrendinginfo.com | udp |
| MY | 103.122.164.9:443 | www.kasihsyurga.com | tcp |
| US | 50.87.253.44:443 | kfmcatering.com | tcp |
| US | 104.21.38.25:443 | www.kittygarcia.com | tcp |
| US | 8.8.8.8:53 | 102.68.9.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.210.234.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.22.102.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.175.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.87.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.7.178.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.69.140.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uwaomajennifer.com | udp |
| US | 8.8.8.8:53 | valiantbeavers.com | udp |
| US | 8.8.8.8:53 | utmopharmacorp.com | udp |
| US | 8.8.8.8:53 | valleyofdrones.com | udp |
| VN | 202.92.7.54:443 | kinhmatstar.com | tcp |
| US | 104.21.88.25:443 | kizzygeorge.com | tcp |
| EE | 193.228.128.67:443 | khelogamess.com | tcp |
| US | 8.8.8.8:53 | www.victoriagodart.com | udp |
| US | 8.8.8.8:53 | vigilancehallal.com | udp |
| US | 172.67.215.28:443 | kmsliftbaan.com | tcp |
| US | 104.21.64.62:443 | ufa9000autobet.com | tcp |
| IN | 154.41.233.119:443 | universalrenew.com | tcp |
| NL | 89.38.98.88:443 | kontrolle-k.com | tcp |
| US | 8.8.8.8:53 | vincentaussems.com | udp |
| US | 154.49.142.137:443 | ustrendinginfo.com | tcp |
| LU | 198.251.88.24:443 | kombuchakai.com | tcp |
| US | 8.8.8.8:53 | www.jakunamusic.com | udp |
| ID | 153.92.10.177:80 | kokowebsite.com | tcp |
| US | 8.8.8.8:53 | vinpearlcuahoi.com | udp |
| US | 8.8.8.8:53 | visionitwithus.com | udp |
| US | 8.8.8.8:53 | virtualcardgen.com | udp |
| US | 8.8.8.8:53 | vitalityxperts.com | udp |
| US | 104.156.226.237:443 | urbanphnompenh.com | tcp |
| US | 8.8.8.8:53 | 162.2.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.71.5.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.61.198.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.153.66.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.136.221.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.9.175.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.29.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.38.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.213.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.253.87.50.in-addr.arpa | udp |
| US | 162.241.225.129:80 | knittywomen.com | tcp |
| US | 8.8.8.8:53 | www.vivi-logistics.com | udp |
| US | 192.200.117.92:443 | utmopharmacorp.com | tcp |
| US | 66.85.47.62:443 | uwaomajennifer.com | tcp |
| IN | 89.117.188.246:443 | valleyofdrones.com | tcp |
| US | 8.8.8.8:53 | www.wacotxdumpster.com | udp |
| US | 8.8.8.8:53 | wavynarratives.com | udp |
| US | 8.8.8.8:53 | wealthfocusing.com | udp |
| US | 8.8.8.8:53 | wellnessgolden.com | udp |
| US | 8.8.8.8:53 | wdwattractions.com | udp |
| NL | 185.220.172.4:443 | www.victoriagodart.com | tcp |
| GB | 192.250.239.193:443 | valiantbeavers.com | tcp |
| US | 8.8.8.8:53 | autocompleteus.com | udp |
| US | 8.8.8.8:53 | www.jacktaillie.com | udp |
| US | 8.8.8.8:53 | averynormalguy.com | udp |
| DE | 217.160.0.23:443 | vigilancehallal.com | tcp |
| US | 8.8.8.8:53 | axieinfinity20.com | udp |
| US | 191.101.13.234:443 | vitalityxperts.com | tcp |
| FR | 51.91.236.193:443 | vincentaussems.com | tcp |
| US | 208.113.188.116:443 | www.jakunamusic.com | tcp |
| US | 68.178.245.137:443 | visionitwithus.com | tcp |
| US | 8.8.8.8:53 | barrosoherrera.com | udp |
| US | 8.8.8.8:53 | 9.164.122.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.88.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.7.92.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.98.38.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.88.251.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.10.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | batteryanalyze.com | udp |
| SG | 95.111.202.25:443 | vinpearlcuahoi.com | tcp |
| US | 104.21.50.244:443 | virtualcardgen.com | tcp |
| HK | 43.159.192.148:443 | www.vivi-logistics.com | tcp |
| US | 66.29.153.80:443 | wealthfocusing.com | tcp |
| BR | 154.49.247.12:443 | wellnessgolden.com | tcp |
| US | 170.39.76.35:443 | www.wacotxdumpster.com | tcp |
| US | 104.21.46.5:443 | www.jacktaillie.com | tcp |
| US | 8.8.8.8:53 | behradsabateng.com | udp |
| US | 8.8.8.8:53 | bekabooseason2.com | udp |
| US | 8.8.8.8:53 | benoitfrerotte.com | udp |
| US | 8.8.8.8:53 | baccarat888-th.com | udp |
| US | 8.8.8.8:53 | besidesmusichk.com | udp |
| US | 8.8.8.8:53 | bestdealsamigo.com | udp |
| US | 8.8.8.8:53 | binksofamerica.com | udp |
| US | 8.8.8.8:53 | www.biosanitafrica.com | udp |
| US | 34.120.137.41:443 | wavynarratives.com | tcp |
| US | 8.8.8.8:53 | birthdaycovers.com | udp |
| US | 141.193.213.11:443 | autocompleteus.com | tcp |
| IT | 129.152.30.187:443 | averynormalguy.com | tcp |
| US | 8.8.8.8:53 | 237.226.156.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.47.85.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.117.200.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.172.220.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.239.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blaxemediatech.com | udp |
| US | 8.8.8.8:53 | booktaxiwithus.com | udp |
| US | 8.8.8.8:53 | brokerwatchers.com | udp |
| US | 8.8.8.8:53 | browardlocator.com | udp |
| US | 3.129.177.166:80 | batteryanalyze.com | tcp |
| US | 8.8.8.8:53 | cakeshopsqatar.com | udp |
| US | 172.67.147.131:443 | barrosoherrera.com | tcp |
| US | 8.8.8.8:53 | campingtoursca.com | udp |
| US | 3.33.130.190:80 | birthdaycovers.com | tcp |
| FR | 46.182.4.115:80 | binksofamerica.com | tcp |
| US | 159.223.186.29:443 | besidesmusichk.com | tcp |
| US | 104.21.11.220:443 | baccarat888-th.com | tcp |
| DE | 84.16.249.34:443 | www.biosanitafrica.com | tcp |
| US | 8.8.8.8:53 | www.kizzygeorge.com | udp |
| US | 8.8.8.8:53 | candidinterior.com | udp |
| IN | 89.117.27.203:443 | blaxemediatech.com | tcp |
| IN | 89.117.27.58:443 | booktaxiwithus.com | tcp |
| LT | 45.84.205.250:443 | browardlocator.com | tcp |
| US | 154.49.142.247:443 | bestdealsamigo.com | tcp |
| US | 8.8.8.8:53 | 234.13.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.50.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.76.39.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.153.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.137.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.192.159.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.30.152.129.in-addr.arpa | udp |
| US | 104.21.22.111:443 | cakeshopsqatar.com | tcp |
| US | 8.8.8.8:53 | caracoisdesign.com | udp |
| US | 8.8.8.8:53 | canzanelliboat.com | udp |
| US | 8.8.8.8:53 | cartowingalain.com | udp |
| US | 8.8.8.8:53 | www.carinocatering.com | udp |
| US | 8.8.8.8:53 | casadoconhijos.com | udp |
| US | 151.106.98.32:443 | campingtoursca.com | tcp |
| US | 8.8.8.8:53 | cassandralotus.com | udp |
| US | 8.8.8.8:53 | cendanamassage.com | udp |
| US | 8.8.8.8:53 | centrekenbugul.com | udp |
| US | 8.8.8.8:53 | changthong2022.com | udp |
| US | 8.8.8.8:53 | chantalmonette.com | udp |
| US | 8.8.8.8:53 | chiplunkartech.com | udp |
| US | 8.8.8.8:53 | checklescobill.com | udp |
| US | 8.8.8.8:53 | cigaronlineusa.com | udp |
| US | 8.8.8.8:53 | cindysmoothies.com | udp |
| US | 8.8.8.8:53 | celebsnewslive.com | udp |
| US | 8.8.8.8:53 | 131.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.4.182.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.249.16.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.186.223.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.205.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.142.49.154.in-addr.arpa | udp |
| US | 108.162.195.36:443 | candidinterior.com | tcp |
| US | 8.8.8.8:53 | classiczonellc.com | udp |
| BE | 213.158.94.166:443 | canzanelliboat.com | tcp |
| US | 156.67.67.196:443 | cartowingalain.com | tcp |
| US | 8.8.8.8:53 | cliquebemviver.com | udp |
| US | 8.8.8.8:53 | codemasterdeal.com | udp |
| US | 8.8.8.8:53 | cogdilllawfirm.com | udp |
| GB | 154.49.138.166:443 | caracoisdesign.com | tcp |
| US | 8.8.8.8:53 | consermafeeirl.com | udp |
| US | 3.33.130.190:443 | birthdaycovers.com | tcp |
| US | 172.67.150.74:443 | www.kizzygeorge.com | tcp |
| US | 192.249.116.52:443 | www.carinocatering.com | tcp |
| CA | 199.59.247.183:443 | chantalmonette.com | tcp |
| US | 104.21.80.249:443 | cassandralotus.com | tcp |
| IN | 217.21.87.23:443 | chiplunkartech.com | tcp |
| GB | 109.70.148.39:80 | centrekenbugul.com | tcp |
| US | 104.21.28.72:443 | cigaronlineusa.com | tcp |
| US | 8.8.8.8:53 | canopy-collective.com | udp |
| US | 154.49.142.155:443 | classiczonellc.com | tcp |
| US | 151.106.103.13:443 | cindysmoothies.com | tcp |
| US | 172.67.211.66:80 | celebsnewslive.com | tcp |
| TH | 103.208.27.192:443 | changthong2022.com | tcp |
| US | 8.8.8.8:53 | capoeirabarcelona.com | udp |
| US | 8.8.8.8:53 | diamondlinks.com | udp |
| US | 8.8.8.8:53 | littlebuddhacorner.com | udp |
| US | 8.8.8.8:53 | maamamtafoundation.com | udp |
| US | 8.8.8.8:53 | magesticbuckgaming.com | udp |
| US | 8.8.8.8:53 | malgorzatajasiniak.com | udp |
| US | 8.8.8.8:53 | 32.98.106.151.in-addr.arpa | udp |
| US | 141.193.213.10:443 | cogdilllawfirm.com | tcp |
| US | 8.8.8.8:53 | 36.195.162.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.94.158.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marathinewstracker.com | udp |
| US | 8.8.8.8:53 | marianoelrequesens.com | udp |
| US | 8.8.8.8:53 | melbournesalsascene.com | udp |
| US | 8.8.8.8:53 | menopausaharmoniosa.com | udp |
| US | 8.8.8.8:53 | www.megaworldfortcondos.com | udp |
| US | 8.8.8.8:53 | menuelpolloinkaperu.com | udp |
| US | 8.8.8.8:53 | mermaid-masterclass.com | udp |
| US | 8.8.8.8:53 | mesosettlementclaim.com | udp |
| BR | 45.152.46.160:443 | cliquebemviver.com | tcp |
| US | 8.8.8.8:53 | miconeinternational.com | udp |
| US | 8.8.8.8:53 | micromobilityrepair.com | udp |
| US | 104.21.36.144:443 | checklescobill.com | tcp |
| US | 8.8.8.8:53 | 166.138.49.154.in-addr.arpa | udp |
| US | 199.188.201.192:443 | codemasterdeal.com | tcp |
| US | 198.23.62.250:443 | consermafeeirl.com | tcp |
| US | 8.8.8.8:53 | 74.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.247.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.28.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.116.249.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.87.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.103.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.142.49.154.in-addr.arpa | udp |
| US | 104.21.85.77:443 | canopy-collective.com | tcp |
| PL | 85.128.144.130:80 | malgorzatajasiniak.com | tcp |
| US | 104.21.74.129:443 | capoeirabarcelona.com | tcp |
| FR | 89.117.169.223:443 | magesticbuckgaming.com | tcp |
| IN | 89.117.157.105:443 | maamamtafoundation.com | tcp |
| US | 35.239.245.242:443 | diamondlinks.com | tcp |
| GB | 185.77.97.141:443 | littlebuddhacorner.com | tcp |
| FR | 188.165.132.18:443 | marianoelrequesens.com | tcp |
| US | 8.8.8.8:53 | mohammadrezaghasemi.com | udp |
| IN | 89.117.157.78:443 | marathinewstracker.com | tcp |
| US | 8.8.8.8:53 | montagestudioafrica.com | udp |
| US | 8.8.8.8:53 | news.celebsnewslive.com | udp |
| US | 3.33.130.190:443 | mesosettlementclaim.com | tcp |
| US | 208.109.213.34:443 | mermaid-masterclass.com | tcp |
| US | 198.20.92.86:443 | www.megaworldfortcondos.com | tcp |
| CA | 70.33.246.91:443 | melbournesalsascene.com | tcp |
| US | 199.250.206.147:443 | micromobilityrepair.com | tcp |
| US | 68.178.221.187:443 | menuelpolloinkaperu.com | tcp |
| US | 8.8.8.8:53 | moreexclusiveoffers.com | udp |
| US | 8.8.8.8:53 | msglobalengineering.com | udp |
| US | 8.8.8.8:53 | mskconstructionswll.com | udp |
| US | 162.241.252.17:443 | menopausaharmoniosa.com | tcp |
| US | 8.8.8.8:53 | multipliquesolution.com | udp |
| US | 8.8.8.8:53 | 192.27.208.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.62.23.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.144.128.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.201.188.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.46.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.193.141.in-addr.arpa | udp |
| IR | 5.144.131.240:443 | mohammadrezaghasemi.com | tcp |
| US | 192.124.249.162:443 | miconeinternational.com | tcp |
| US | 172.67.211.66:443 | news.celebsnewslive.com | tcp |
| US | 8.8.8.8:53 | nabaa-adeemhospital.com | udp |
| US | 8.8.8.8:53 | ontargeteducational.com | udp |
| US | 8.8.8.8:53 | nevaltingayrimenkul.com | udp |
| US | 8.8.8.8:53 | offerzonechandigarh.com | udp |
| BR | 149.100.155.198:443 | moreexclusiveoffers.com | tcp |
| US | 155.138.175.184:443 | montagestudioafrica.com | tcp |
| US | 8.8.8.8:53 | pan-africanmaritime.com | udp |
| US | 162.241.252.221:443 | mskconstructionswll.com | tcp |
| US | 31.170.167.26:443 | msglobalengineering.com | tcp |
| US | 8.8.8.8:53 | www.pixiecoverecommends.com | udp |
| US | 8.8.8.8:53 | paopopcreationsblog.com | udp |
| BR | 154.49.247.241:443 | multipliquesolution.com | tcp |
| US | 8.8.8.8:53 | planetaryexpedition.com | udp |
| US | 8.8.8.8:53 | plasticsurgeon-iran.com | udp |
| US | 8.8.8.8:53 | pmproskillstraining.com | udp |
| IN | 154.41.233.179:443 | offerzonechandigarh.com | tcp |
| US | 8.8.8.8:53 | 141.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.132.165.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.245.239.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.206.250.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.246.33.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.92.20.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.252.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | projetovidacomsaude.com | udp |
| US | 8.8.8.8:53 | programaflowselling.com | udp |
| US | 8.8.8.8:53 | www.puritas-erfahrungen.com | udp |
| US | 8.8.8.8:53 | realtydreamproperty.com | udp |
| US | 8.8.8.8:53 | realstatecasamakhom.com | udp |
| IR | 89.39.208.139:443 | plasticsurgeon-iran.com | tcp |
| US | 173.252.167.20:443 | pan-africanmaritime.com | tcp |
| US | 185.150.190.75:443 | www.pixiecoverecommends.com | tcp |
| US | 162.241.224.50:443 | nabaa-adeemhospital.com | tcp |
| TR | 104.247.168.99:443 | nevaltingayrimenkul.com | tcp |
| US | 149.100.151.232:443 | paopopcreationsblog.com | tcp |
| US | 172.67.222.124:443 | ontargeteducational.com | tcp |
| NL | 185.41.127.20:443 | planetaryexpedition.com | tcp |
| US | 149.100.151.135:443 | pmproskillstraining.com | tcp |
| US | 8.8.8.8:53 | stcatalina.com | udp |
| US | 8.8.8.8:53 | www.stitchloud.com | udp |
| US | 8.8.8.8:53 | storyonweb.com | udp |
| US | 8.8.8.8:53 | www.cassandralotus.com | udp |
| US | 8.8.8.8:53 | stylotrend.com | udp |
| US | 108.167.132.208:443 | projetovidacomsaude.com | tcp |
| US | 192.185.131.135:443 | realstatecasamakhom.com | tcp |
| US | 8.8.8.8:53 | sutinguide.com | udp |
| US | 8.8.8.8:53 | www.capoeirabarcelona.com | udp |
| US | 8.8.8.8:53 | suy-noblog.com | udp |
| US | 8.8.8.8:53 | swamisevak.com | udp |
| US | 8.8.8.8:53 | swing-cart.com | udp |
| US | 8.8.8.8:53 | 240.131.144.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.167.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.252.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tailstower.com | udp |
| US | 8.8.8.8:53 | pecaslunares.com | udp |
| US | 8.8.8.8:53 | peakhotelinn.com | udp |
| LT | 45.84.207.35:443 | programaflowselling.com | tcp |
| US | 104.21.78.97:443 | www.puritas-erfahrungen.com | tcp |
| IN | 89.117.157.95:443 | realtydreamproperty.com | tcp |
| FR | 37.59.70.160:443 | stcatalina.com | tcp |
| US | 34.160.17.71:443 | www.stitchloud.com | tcp |
| PL | 146.59.70.127:443 | stylotrend.com | tcp |
| US | 149.100.151.109:443 | storyonweb.com | tcp |
| US | 23.105.170.37:443 | tailstower.com | tcp |
| US | 172.67.136.85:443 | www.cassandralotus.com | tcp |
| US | 8.8.8.8:53 | persianloves.com | udp |
| GB | 153.92.7.177:443 | peakhotelinn.com | tcp |
| US | 82.180.174.156:443 | pecaslunares.com | tcp |
| US | 8.8.8.8:53 | petejgerardo.com | udp |
| US | 172.96.187.179:443 | sutinguide.com | tcp |
| US | 8.8.8.8:53 | picsbyfabian.com | udp |
| US | 8.8.8.8:53 | www.canopy-collective.com | udp |
| JP | 160.251.148.89:443 | suy-noblog.com | tcp |
| US | 172.67.202.196:443 | www.capoeirabarcelona.com | tcp |
| US | 8.8.8.8:53 | 75.190.150.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.208.39.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.167.252.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.41.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.168.247.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.132.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.131.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.207.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.17.160.34.in-addr.arpa | udp |
| US | 62.72.50.26:443 | swing-cart.com | tcp |
| US | 104.21.67.4:443 | swamisevak.com | tcp |
| US | 8.8.8.8:53 | pinkymanager.com | udp |
| US | 8.8.8.8:53 | pintujatitua.com | udp |
| US | 8.8.8.8:53 | pinkladymaid.com | udp |
| US | 8.8.8.8:53 | piotrcwalina.com | udp |
| US | 8.8.8.8:53 | platingastro.com | udp |
| GB | 31.132.0.114:80 | persianloves.com | tcp |
| US | 8.8.8.8:53 | pmdentelcare.com | udp |
| DE | 45.81.232.20:443 | picsbyfabian.com | tcp |
| US | 8.8.8.8:53 | pmvaustralia.com | udp |
| US | 50.87.145.246:443 | petejgerardo.com | tcp |
| US | 8.8.8.8:53 | policykhabar.com | udp |
| US | 8.8.8.8:53 | www.pompaandalan.com | udp |
| US | 8.8.8.8:53 | polymerkimia.com | udp |
| US | 8.8.8.8:53 | www.mohammadrezaghasemi.com | udp |
| US | 8.8.8.8:53 | popnprofit17.com | udp |
| PL | 91.241.62.248:443 | piotrcwalina.com | tcp |
| BR | 89.117.7.121:443 | pinkladymaid.com | tcp |
| US | 172.67.203.135:443 | www.canopy-collective.com | tcp |
| US | 8.8.8.8:53 | posf-cyssoft.com | udp |
| US | 8.8.8.8:53 | 109.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.7.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.50.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.0.132.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.232.81.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.148.251.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.poteriemaroc.com | udp |
| US | 8.8.8.8:53 | postsblogger.com | udp |
| US | 8.8.8.8:53 | prettyinjoya.com | udp |
| US | 8.8.8.8:53 | powerpcgames.com | udp |
| US | 8.8.8.8:53 | pricepointad.com | udp |
| US | 104.21.88.92:443 | policykhabar.com | tcp |
| US | 162.241.216.77:443 | pmdentelcare.com | tcp |
| FI | 65.108.69.111:443 | platingastro.com | tcp |
| FR | 37.187.78.11:80 | polymerkimia.com | tcp |
| US | 82.180.175.121:443 | popnprofit17.com | tcp |
| US | 8.8.8.8:53 | projecttest2.com | udp |
| AU | 203.28.49.193:443 | pmvaustralia.com | tcp |
| US | 8.8.8.8:53 | primezondeal.com | udp |
| IR | 5.144.131.240:443 | www.mohammadrezaghasemi.com | tcp |
| US | 66.55.68.73:443 | powerpcgames.com | tcp |
| US | 8.8.8.8:53 | prospervibez.com | udp |
| US | 173.236.195.223:443 | posf-cyssoft.com | tcp |
| US | 66.85.47.15:443 | www.poteriemaroc.com | tcp |
| US | 209.182.203.89:443 | pricepointad.com | tcp |
| US | 8.8.8.8:53 | protracksvts.com | udp |
| US | 8.8.8.8:53 | protradingfd.com | udp |
| US | 8.8.8.8:53 | provocationz.com | udp |
| US | 38.107.250.230:443 | postsblogger.com | tcp |
| US | 89.116.190.244:443 | primezondeal.com | tcp |
| US | 8.8.8.8:53 | prudenehijos.com | udp |
| US | 8.8.8.8:53 | 248.62.241.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.145.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.203.67.172.in-addr.arpa | udp |
| SG | 23.106.52.199:443 | www.pompaandalan.com | tcp |
| DE | 91.195.240.123:443 | prospervibez.com | tcp |
| SG | 85.187.128.40:443 | protracksvts.com | tcp |
| ID | 202.52.146.246:443 | warisanherbalnusantara.com | tcp |
| IN | 89.117.157.237:443 | prettyinjoya.com | tcp |
| US | 8.8.8.8:53 | pruebamatcha.com | udp |
| US | 23.239.27.53:443 | protradingfd.com | tcp |
| US | 8.8.8.8:53 | publycom-web.com | udp |
| US | 8.8.8.8:53 | qadri-sports.com | udp |
| US | 8.8.8.8:53 | quannhaubros.com | udp |
| US | 208.113.191.146:443 | provocationz.com | tcp |
| US | 8.8.8.8:53 | quickregedit.com | udp |
| US | 8.8.8.8:53 | questrecipes.com | udp |
| US | 8.8.8.8:53 | ragammandiri.com | udp |
| US | 8.8.8.8:53 | radiantnutra.com | udp |
| US | 8.8.8.8:53 | raiseyourart.com | udp |
| US | 8.8.8.8:53 | rambut-sihat.com | udp |
| US | 8.8.8.8:53 | 92.88.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.7.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.69.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.78.187.37.in-addr.arpa | udp |
| ES | 217.76.130.105:443 | prudenehijos.com | tcp |
| IN | 62.72.14.131:443 | projecttest2.com | tcp |
| US | 8.8.8.8:53 | 77.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.175.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.49.28.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.47.85.66.in-addr.arpa | udp |
| DE | 173.212.198.78:443 | qadri-sports.com | tcp |
| US | 195.179.239.4:443 | publycom-web.com | tcp |
| US | 8.8.8.8:53 | 223.195.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.203.182.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.250.107.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.190.116.89.in-addr.arpa | udp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | raoneazevedo.com | udp |
| US | 82.180.172.2:443 | quickregedit.com | tcp |
| IN | 89.117.188.185:443 | questrecipes.com | tcp |
| SG | 209.58.169.75:443 | rambut-sihat.com | tcp |
| US | 64.90.51.151:443 | raiseyourart.com | tcp |
| SG | 185.237.145.172:443 | ragammandiri.com | tcp |
| US | 8.8.8.8:53 | rebecamayora.com | udp |
| US | 8.8.8.8:53 | recipeblog07.com | udp |
| US | 8.8.8.8:53 | refer-agency.com | udp |
| US | 8.8.8.8:53 | reformas-rhd.com | udp |
| US | 8.8.8.8:53 | relyinterior.com | udp |
| US | 8.8.8.8:53 | reparatodoya.com | udp |
| US | 8.8.8.8:53 | www.pricepointad.com | udp |
| US | 8.8.8.8:53 | retepatsigel.com | udp |
| US | 134.122.10.147:443 | pruebamatcha.com | tcp |
| US | 172.67.217.13:443 | quannhaubros.com | tcp |
| IN | 217.21.91.229:443 | relyinterior.com | tcp |
| US | 8.8.8.8:53 | 123.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.191.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.128.187.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.52.106.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.27.239.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.146.52.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.130.76.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.14.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.198.212.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.5.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.239.179.195.in-addr.arpa | udp |
| US | 63.250.38.100:443 | retepatsigel.com | tcp |
| FR | 5.196.72.102:443 | reparatodoya.com | tcp |
| GB | 185.77.97.23:443 | refer-agency.com | tcp |
| US | 65.181.111.144:443 | rebecamayora.com | tcp |
| US | 209.182.203.89:443 | www.pricepointad.com | tcp |
| BR | 186.209.113.98:443 | raoneazevedo.com | tcp |
| FR | 54.36.145.173:443 | reformas-rhd.com | tcp |
| US | 8.8.8.8:53 | retirosyndao.com | udp |
| IN | 154.41.233.134:443 | recipeblog07.com | tcp |
| US | 8.8.8.8:53 | revengelaser.com | udp |
| US | 8.8.8.8:53 | revitavision.com | udp |
| US | 8.8.8.8:53 | riddigitalia.com | udp |
| US | 38.107.250.230:443 | postsblogger.com | tcp |
| US | 8.8.8.8:53 | riffjunction.com | udp |
| US | 8.8.8.8:53 | riobajoelrio.com | udp |
| US | 8.8.8.8:53 | riveriacraft.com | udp |
| US | 8.8.8.8:53 | rkpnutrition.com | udp |
| IN | 154.41.233.33:443 | riddigitalia.com | tcp |
| US | 156.67.74.29:443 | retirosyndao.com | tcp |
| GB | 154.49.138.54:443 | revengelaser.com | tcp |
| BR | 170.81.42.20:443 | revitavision.com | tcp |
| US | 149.100.151.227:443 | riffjunction.com | tcp |
| BE | 188.208.36.80:443 | rkpnutrition.com | tcp |
| US | 8.8.8.8:53 | rnspamassage.com | udp |
| US | 50.6.138.154:443 | riobajoelrio.com | tcp |
| US | 8.8.8.8:53 | rodzinagizow.com | udp |
| US | 8.8.8.8:53 | 185.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.172.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.10.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.51.90.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.169.58.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.145.237.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.72.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.145.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.111.181.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.91.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.38.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.113.209.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.74.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.36.208.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | royalrent-tr.com | udp |
| US | 8.8.8.8:53 | www.posf-cyssoft.com | udp |
| US | 8.8.8.8:53 | ruricdouglas.com | udp |
| US | 8.8.8.8:53 | www.s1ngularlife.com | udp |
| US | 8.8.8.8:53 | saasblogging.com | udp |
| US | 8.8.8.8:53 | saludablekim.com | udp |
| US | 8.8.8.8:53 | salam7langit.com | udp |
| US | 8.8.8.8:53 | samonconsult.com | udp |
| ID | 103.229.73.226:443 | rnspamassage.com | tcp |
| US | 8.8.8.8:53 | samruddhioil.com | udp |
| US | 8.8.8.8:53 | sarkariyodha.com | udp |
| US | 8.8.8.8:53 | www.sanyachauhan.com | udp |
| US | 8.8.8.8:53 | satoshi-pepe.com | udp |
| US | 8.8.8.8:53 | sasoliorigin.com | udp |
| US | 173.236.165.166:80 | rodzinagizow.com | tcp |
| US | 8.8.8.8:53 | saudirepairs.com | udp |
| ID | 103.229.73.226:443 | rnspamassage.com | tcp |
| US | 8.8.8.8:53 | roelantsfood.com | udp |
| US | 8.8.8.8:53 | 227.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.42.81.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.provocationz.com | udp |
| US | 8.8.8.8:53 | sbancabomber.com | udp |
| US | 8.8.8.8:53 | seomagicmode.com | udp |
| US | 173.236.195.223:443 | www.posf-cyssoft.com | tcp |
| US | 172.67.140.124:443 | roelantsfood.com | tcp |
| US | 8.8.8.8:53 | shahedmasoud.com | udp |
| US | 8.8.8.8:53 | sialiulujami.com | udp |
| US | 89.117.139.199:443 | saudirepairs.com | tcp |
| ID | 153.92.13.91:80 | salam7langit.com | tcp |
| US | 173.236.63.42:443 | www.s1ngularlife.com | tcp |
| IN | 154.41.233.138:443 | sarkariyodha.com | tcp |
| US | 149.100.151.145:443 | satoshi-pepe.com | tcp |
| IN | 68.178.159.92:80 | saasblogging.com | tcp |
| FR | 154.49.245.133:443 | sahibajewels.com | tcp |
| IN | 217.21.94.93:443 | sasoliorigin.com | tcp |
| US | 172.67.188.55:443 | royalrent-tr.com | tcp |
| US | 108.170.44.115:443 | www.sanyachauhan.com | tcp |
| US | 162.214.80.130:443 | samruddhioil.com | tcp |
| US | 35.196.170.28:443 | saludablekim.com | tcp |
| US | 8.8.8.8:53 | sdskaridosai.com | udp |
| US | 66.29.132.149:443 | samonconsult.com | tcp |
| US | 208.113.191.146:443 | www.provocationz.com | tcp |
| US | 8.8.8.8:53 | simonbeckett.com | udp |
| US | 8.8.8.8:53 | www.sinergyevent.com | udp |
| US | 8.8.8.8:53 | sirenacyprus.com | udp |
| US | 50.87.253.56:443 | shahedmasoud.com | tcp |
| US | 172.67.149.73:443 | sbancabomber.com | tcp |
| US | 162.241.218.112:80 | seomagicmode.com | tcp |
| US | 8.8.8.8:53 | 166.165.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.73.229.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.140.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.188.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.sirstaffnews.com | udp |
| IT | 46.252.147.154:443 | www.sinergyevent.com | tcp |
| US | 193.42.137.158:443 | sirenacyprus.com | tcp |
| IN | 89.117.27.234:443 | sdskaridosai.com | tcp |
| DE | 217.160.0.235:443 | simonbeckett.com | tcp |
| SG | 185.237.145.22:443 | sialiulujami.com | tcp |
| US | 8.8.8.8:53 | sitemaestros.com | udp |
| FR | 188.165.208.104:443 | www.sirstaffnews.com | tcp |
| FR | 89.117.169.147:443 | sitemaestros.com | tcp |
| US | 8.8.8.8:53 | siyarampujan.com | udp |
| US | 8.8.8.8:53 | skiathosland.com | udp |
| LT | 84.32.84.32:443 | siteroofview.com | tcp |
| US | 8.8.8.8:53 | skills-group.com | udp |
| US | 8.8.8.8:53 | www.skillsikhobd.com | udp |
| US | 8.8.8.8:53 | skullsgalaxy.com | udp |
| US | 8.8.8.8:53 | smartstrroze.com | udp |
| US | 8.8.8.8:53 | 2dtradingsac.com | udp |
| US | 8.8.8.8:53 | mesapoolrepair.com | udp |
| US | 8.8.8.8:53 | hoststaydanang.com | udp |
| US | 8.8.8.8:53 | 42.63.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.80.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.44.170.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.94.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.13.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.149.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.137.42.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.208.165.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.145.237.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mountainmafiaa.com | udp |
| US | 8.8.8.8:53 | mylifefullness.com | udp |
| US | 8.8.8.8:53 | syncrenovations.com | udp |
| US | 8.8.8.8:53 | taikhoannetflix.com | udp |
| US | 8.8.8.8:53 | snackeconomy.com | udp |
| IN | 154.41.233.73:443 | siyarampujan.com | tcp |
| US | 68.65.120.202:443 | mylifefullness.com | tcp |
| FR | 91.234.195.179:80 | skills-group.com | tcp |
| CA | 23.227.38.65:443 | smartstrroze.com | tcp |
| US | 8.8.8.8:53 | thisisreggaeton.com | udp |
| DE | 3.64.163.50:443 | mesapoolrepair.com | tcp |
| SG | 156.67.222.51:443 | skiathosland.com | tcp |
| US | 66.198.240.49:80 | mountainmafiaa.com | tcp |
| KR | 183.111.183.55:443 | snackeconomy.com | tcp |
| US | 8.8.8.8:53 | topeng-editions.com | udp |
| US | 8.8.8.8:53 | umkmtempehkidul.com | udp |
| US | 8.8.8.8:53 | ultimatexgaming.com | udp |
| VN | 45.252.250.39:443 | taikhoannetflix.com | tcp |
| US | 8.8.8.8:53 | warehouseexcess.com | udp |
| US | 8.8.8.8:53 | walpoleshipping.com | udp |
| US | 8.8.8.8:53 | projekt-abenteuer.de | udp |
| US | 8.8.8.8:53 | xpresshomedecor.com | udp |
| US | 89.117.77.115:443 | skullsgalaxy.com | tcp |
| VN | 202.92.4.11:443 | hoststaydanang.com | tcp |
| US | 209.59.191.142:443 | syncrenovations.com | tcp |
| US | 8.8.8.8:53 | rasselbande-rohr.com | udp |
| US | 66.29.146.48:443 | thisisreggaeton.com | tcp |
| US | 8.8.8.8:53 | 147.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.195.234.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.163.64.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.120.65.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | siavserviciosweb.com | udp |
| US | 8.8.8.8:53 | slotonlinebeacon.com | udp |
| DE | 162.55.131.89:443 | 2dtradingsac.com | tcp |
| US | 8.8.8.8:53 | slotonlineblockr.com | udp |
| US | 8.8.8.8:53 | slotonlinedebate.com | udp |
| US | 68.65.122.94:443 | topeng-editions.com | tcp |
| US | 162.254.39.111:443 | xpresshomedecor.com | tcp |
| US | 8.8.8.8:53 | smglucosecontrol.com | udp |
| US | 104.21.16.105:443 | slotonlinebeacon.com | tcp |
| IN | 154.41.233.105:443 | skytechlimitless.com | tcp |
| DE | 81.169.145.157:80 | rasselbande-rohr.com | tcp |
| DE | 81.169.145.159:443 | projekt-abenteuer.de | tcp |
| US | 82.180.174.231:443 | siavserviciosweb.com | tcp |
| US | 8.8.8.8:53 | smubizconference.com | udp |
| US | 162.241.253.177:443 | warehouseexcess.com | tcp |
| US | 104.21.65.91:443 | slotonlineblockr.com | tcp |
| SG | 151.106.119.248:80 | umkmtempehkidul.com | tcp |
| US | 172.67.146.6:443 | slotonlinedebate.com | tcp |
| US | 8.8.8.8:53 | 49.240.198.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.131.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.191.59.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.146.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.250.252.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.4.92.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | snapstagedesigns.com | udp |
| US | 8.8.8.8:53 | soberintegration.com | udp |
| US | 8.8.8.8:53 | solutionswithcas.com | udp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 104.21.65.254:443 | smglucosecontrol.com | tcp |
| US | 8.8.8.8:53 | sommetexcellence.com | udp |
| US | 52.10.62.74:443 | smubizconference.com | tcp |
| US | 8.8.8.8:53 | spareroomquilter.com | udp |
| US | 8.8.8.8:53 | www.thisisreggaeton.com | udp |
| US | 74.208.236.5:80 | soberintegration.com | tcp |
| DE | 81.169.145.157:443 | rasselbande-rohr.com | tcp |
| US | 162.241.217.150:443 | snapstagedesigns.com | tcp |
| US | 162.241.253.174:443 | solutionswithcas.com | tcp |
| US | 162.241.225.87:443 | spareroomquilter.com | tcp |
| GB | 154.49.138.62:443 | sommetexcellence.com | tcp |
| US | 66.29.146.48:443 | www.thisisreggaeton.com | tcp |
| US | 8.8.8.8:53 | srtoursandexport.com | udp |
| US | 8.8.8.8:53 | stahlmanoutdoors.com | udp |
| IN | 217.21.94.229:443 | srtoursandexport.com | tcp |
| US | 8.8.8.8:53 | wed-webs.com | udp |
| US | 82.180.174.232:443 | stahlmanoutdoors.com | tcp |
| US | 8.8.8.8:53 | studiomauricette.com | udp |
| US | 8.8.8.8:53 | 105.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.122.65.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.119.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.62.10.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | supernovapodcast.com | udp |
| US | 8.8.8.8:53 | techgadgetportal.com | udp |
| US | 8.8.8.8:53 | surajswadridhani.com | udp |
| US | 8.8.8.8:53 | temitopeolagbegi.com | udp |
| US | 8.8.8.8:53 | techycoolgadgets.com | udp |
| US | 8.8.8.8:53 | tempnibtnesxnald.com | udp |
| US | 104.21.43.222:443 | tempnibtnesxnald.com | tcp |
| BR | 149.62.37.59:443 | supernovapodcast.com | tcp |
| US | 194.195.84.236:443 | techycoolgadgets.com | tcp |
| FR | 154.49.245.158:443 | studiomauricette.com | tcp |
| US | 3.33.130.190:80 | surajswadridhani.com | tcp |
| US | 8.8.8.8:53 | tensiometroideal.com | udp |
| US | 8.8.8.8:53 | theaveragewriter.com | udp |
| US | 8.8.8.8:53 | thedigitalslomad.com | udp |
| US | 8.8.8.8:53 | theexecutivelens.com | udp |
| US | 8.8.8.8:53 | thehybridprogram.com | udp |
| US | 8.8.8.8:53 | theitgirlarchive.com | udp |
| SG | 151.106.119.71:443 | wed-webs.com | tcp |
| US | 82.180.174.239:443 | techgadgetportal.com | tcp |
| US | 131.153.147.90:443 | temitopeolagbegi.com | tcp |
| US | 8.8.8.8:53 | 229.94.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thelavishcomfort.com | udp |
| US | 8.8.8.8:53 | thesparkcenterwv.com | udp |
| US | 8.8.8.8:53 | theroadtoagrammy.com | udp |
| US | 8.8.8.8:53 | server4.ghostly.top | udp |
| US | 8.8.8.8:53 | threedots-online.com | udp |
| US | 8.8.8.8:53 | thryveinbusiness.com | udp |
| US | 8.8.8.8:53 | titantraininghub.com | udp |
| US | 8.8.8.8:53 | topcaregrouphome.com | udp |
| US | 8.8.8.8:53 | travelinglullaby.com | udp |
| IN | 154.41.233.150:443 | theaveragewriter.com | tcp |
| US | 160.153.0.161:443 | theroadtoagrammy.com | tcp |
| DE | 77.105.132.4:443 | server4.ghostly.top | tcp |
| US | 217.21.77.177:443 | theexecutivelens.com | tcp |
| US | 191.101.79.211:443 | thehybridprogram.com | tcp |
| IN | 68.178.154.108:80 | threedots-online.com | tcp |
| US | 162.241.219.143:443 | theitgirlarchive.com | tcp |
| US | 192.185.71.136:443 | thryveinbusiness.com | tcp |
| US | 8.8.8.8:53 | taxaccconsultants.com | udp |
| US | 8.8.8.8:53 | enlightenedmindss.com | udp |
| US | 50.87.144.239:443 | thesparkcenterwv.com | tcp |
| US | 108.167.164.135:443 | thelavishcomfort.com | tcp |
| US | 162.144.15.174:80 | thedigitalslomad.com | tcp |
| US | 8.8.8.8:53 | 158.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.84.195.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.37.62.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.147.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.119.106.151.in-addr.arpa | udp |
| US | 104.21.47.21:443 | titantraininghub.com | tcp |
| US | 8.8.8.8:53 | todaystatesidenews.com | udp |
| US | 3.33.130.190:443 | surajswadridhani.com | tcp |
| US | 8.8.8.8:53 | woundcareprocenter.com | udp |
| US | 148.72.86.249:80 | topcaregrouphome.com | tcp |
| US | 50.87.171.154:443 | travelinglullaby.com | tcp |
| US | 8.8.8.8:53 | yvettebrownconsult.com | udp |
| US | 66.29.137.15:443 | todaystatesidenews.com | tcp |
| US | 8.8.8.8:53 | moonlightingfloral.com | udp |
| FI | 65.21.134.164:443 | enlightenedmindss.com | tcp |
| US | 198.54.125.146:443 | woundcareprocenter.com | tcp |
| US | 8.8.8.8:53 | myrelojinteligente.com | udp |
| US | 8.8.8.8:53 | nationoneinsurance.com | udp |
| US | 162.254.39.94:443 | yvettebrownconsult.com | tcp |
| US | 50.87.139.112:443 | moonlightingfloral.com | tcp |
| US | 8.8.8.8:53 | negrilislandgrille.com | udp |
| US | 8.8.8.8:53 | 161.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oceanpearlinfotech.com | udp |
| US | 8.8.8.8:53 | 21.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.77.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.79.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.219.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.164.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.144.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.15.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.171.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.137.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.134.21.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acceleratemycapital.com | udp |
| US | 8.8.8.8:53 | acetraveladventures.com | udp |
| US | 131.153.165.33:443 | taxaccconsultants.com | tcp |
| US | 8.8.8.8:53 | antoniobritoalcalde.com | udp |
| US | 8.8.8.8:53 | allinclusivemindset.com | udp |
| US | 8.8.8.8:53 | www.andreamariabonavita.com | udp |
| US | 8.8.8.8:53 | myempoweringenergy.com | udp |
| US | 8.8.8.8:53 | asglobalconsultancy.com | udp |
| US | 8.8.8.8:53 | bolddetailingstudio.com | udp |
| US | 8.8.8.8:53 | championhealthbetel.com | udp |
| IT | 89.46.105.98:443 | www.andreamariabonavita.com | tcp |
| FR | 5.39.109.102:443 | myrelojinteligente.com | tcp |
| US | 162.241.225.189:443 | acetraveladventures.com | tcp |
| US | 162.241.216.185:443 | negrilislandgrille.com | tcp |
| US | 162.241.226.151:443 | myempoweringenergy.com | tcp |
| US | 192.185.52.236:443 | acceleratemycapital.com | tcp |
| US | 162.241.252.89:443 | allinclusivemindset.com | tcp |
| US | 162.241.85.65:443 | asglobalconsultancy.com | tcp |
| US | 160.153.0.174:443 | antoniobritoalcalde.com | tcp |
| US | 108.167.157.139:80 | nationoneinsurance.com | tcp |
| US | 8.8.8.8:53 | cinderellanewmexico.com | udp |
| US | 108.167.188.67:443 | bolddetailingstudio.com | tcp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | 146.125.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.139.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.165.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | claritypowerpurpose.com | udp |
| US | 8.8.8.8:53 | classiccityscooters.com | udp |
| US | 72.167.69.4:80 | championhealthbetel.com | tcp |
| US | 162.241.85.240:443 | oceanpearlinfotech.com | tcp |
| US | 162.241.216.155:443 | claritypowerpurpose.com | tcp |
| US | 8.8.8.8:53 | coconailsysuplidora.com | udp |
| US | 8.8.8.8:53 | coryonlinemarketing.com | udp |
| US | 160.153.0.138:443 | cinderellanewmexico.com | tcp |
| US | 208.109.79.3:80 | classiccityscooters.com | tcp |
| US | 172.67.187.199:443 | coryonlinemarketing.com | tcp |
| US | 198.187.29.149:443 | comfylifeaccesories.com | tcp |
| US | 192.185.131.123:443 | coconailsysuplidora.com | tcp |
| US | 8.8.8.8:53 | dicaspersonalizadas.com | udp |
| US | 8.8.8.8:53 | futurepriceforecast.com | udp |
| US | 8.8.8.8:53 | 98.105.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.109.39.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.52.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.157.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.188.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.252.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.85.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.187.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.harmoniorganizasyon.com | udp |
| US | 8.8.8.8:53 | 65.85.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | HAWAIIANOVERLANDERS.COM | udp |
| US | 8.8.8.8:53 | himalayajetholidays.com | udp |
| US | 8.8.8.8:53 | hizlibiletislemleri.com | udp |
| US | 8.8.8.8:53 | jasadesaindanbangun.com | udp |
| US | 8.8.8.8:53 | www.pmvaustralia.com | udp |
| US | 8.8.8.8:53 | jcservicosesolucoes.com | udp |
| US | 8.8.8.8:53 | kelasbahasainggeris.com | udp |
| US | 8.8.8.8:53 | officialhealthplaza.com | udp |
| US | 8.8.8.8:53 | realbiblicalanswers.com | udp |
| MY | 103.27.73.60:443 | kelasbahasainggeris.com | tcp |
| US | 68.65.122.110:443 | futurepriceforecast.com | tcp |
| US | 108.167.188.68:443 | dicaspersonalizadas.com | tcp |
| US | 50.87.179.245:443 | HAWAIIANOVERLANDERS.COM | tcp |
| TR | 94.199.200.135:443 | www.harmoniorganizasyon.com | tcp |
| US | 8.8.8.8:53 | residencialbrisamar.com | udp |
| US | 8.8.8.8:53 | sleepbettersolution.com | udp |
| US | 8.8.8.8:53 | royaltouchceylontea.com | udp |
| US | 8.8.8.8:53 | soldierpoetkingquiz.com | udp |
| ID | 103.247.8.73:443 | jasadesaindanbangun.com | tcp |
| US | 68.178.220.38:443 | hawkshamanichealing.com | tcp |
| US | 160.153.0.102:443 | hizlibiletislemleri.com | tcp |
| US | 172.67.161.89:443 | himalayajetholidays.com | tcp |
| US | 8.8.8.8:53 | 149.29.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.131.185.192.in-addr.arpa | udp |
| US | 106.0.62.84:443 | realbiblicalanswers.com | tcp |
| US | 69.49.241.187:443 | jcservicosesolucoes.com | tcp |
| NL | 213.249.70.41:443 | officialhealthplaza.com | tcp |
| US | 8.8.8.8:53 | southwest-analytics.com | udp |
| MY | 103.130.153.14:443 | khasiatsendudukasli.com | tcp |
| US | 8.8.8.8:53 | amthor-carbontechnik.de | udp |
| US | 8.8.8.8:53 | srivishnugopinathan.com | udp |
| AU | 203.28.49.193:443 | www.pmvaustralia.com | tcp |
| US | 198.54.115.85:443 | sleepbettersolution.com | tcp |
| US | 65.181.111.166:443 | residencialbrisamar.com | tcp |
| US | 198.187.31.171:443 | soldierpoetkingquiz.com | tcp |
| DE | 85.13.137.141:443 | amthor-carbontechnik.de | tcp |
| US | 162.241.24.239:443 | southwest-analytics.com | tcp |
| US | 8.8.8.8:53 | block-chain-insights.com | udp |
| US | 50.87.253.59:443 | srivishnugopinathan.com | tcp |
| SG | 179.61.199.2:80 | royaltouchceylontea.com | tcp |
| US | 8.8.8.8:53 | foodandbeveragetoday.com | udp |
| US | 8.8.8.8:53 | farmoaid.com | udp |
| US | 8.8.8.8:53 | himalayajet.co.uk | udp |
| US | 8.8.8.8:53 | izkarsan.com | udp |
| US | 8.8.8.8:53 | smokietees.com | udp |
| US | 8.8.8.8:53 | 89.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.188.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.70.249.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.122.65.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.179.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.241.49.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.62.0.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.73.27.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.153.130.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.8.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.111.181.65.in-addr.arpa | udp |
| US | 63.250.38.114:443 | farmoaid.com | tcp |
| FI | 95.217.127.27:443 | himalayajet.co.uk | tcp |
| US | 8.8.8.8:53 | staceyrn.com | udp |
| US | 8.8.8.8:53 | stps-edu.com | udp |
| US | 8.8.8.8:53 | strimnet.com | udp |
| US | 8.8.8.8:53 | www.talkkung.com | udp |
| JP | 140.83.34.244:443 | block-chain-insights.com | tcp |
| US | 8.8.8.8:53 | www.tannerus.com | udp |
| FR | 92.205.2.25:80 | izkarsan.com | tcp |
| US | 8.8.8.8:53 | teeteoil.com | udp |
| US | 8.8.8.8:53 | 8thsquare.com | udp |
| US | 8.8.8.8:53 | abdostyle.com | udp |
| US | 74.208.53.227:443 | foodandbeveragetoday.com | tcp |
| US | 8.8.8.8:53 | ablscrubs.com | udp |
| US | 8.8.8.8:53 | aidatapis.com | udp |
| US | 8.8.8.8:53 | airahills.com | udp |
| US | 8.8.8.8:53 | www.scalebuilt.ai | udp |
| US | 162.241.216.68:443 | smokietees.com | tcp |
| US | 8.8.8.8:53 | ajiralink.com | udp |
| US | 8.8.8.8:53 | 141.137.13.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.31.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.199.61.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.38.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alabamaca.com | udp |
| US | 172.67.214.135:443 | www.talkkung.com | tcp |
| US | 50.87.146.15:443 | staceyrn.com | tcp |
| DE | 162.55.131.89:443 | strimnet.com | tcp |
| US | 3.237.254.153:443 | www.scalebuilt.ai | tcp |
| IN | 154.41.233.248:443 | airahills.com | tcp |
| US | 8.8.8.8:53 | alabradio.com | udp |
| US | 162.241.85.202:443 | www.tannerus.com | tcp |
| IR | 89.235.79.56:443 | abdostyle.com | tcp |
| US | 162.241.203.241:443 | ablscrubs.com | tcp |
| US | 8.8.8.8:53 | alkalino2.com | udp |
| US | 74.220.199.6:443 | teeteoil.com | tcp |
| US | 66.235.200.147:443 | ajiralink.com | tcp |
| US | 8.8.8.8:53 | almasheal.com | udp |
| US | 8.8.8.8:53 | alkh-aima.com | udp |
| US | 8.8.8.8:53 | alphalish.com | udp |
| US | 8.8.8.8:53 | arkingweb.com | udp |
| US | 8.8.8.8:53 | ascomobil.com | udp |
| US | 107.154.169.84:443 | stps-edu.com | tcp |
| US | 162.241.225.147:443 | 8thsquare.com | tcp |
| ID | 103.247.11.243:443 | aidatapis.com | tcp |
| US | 8.8.8.8:53 | 27.127.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.53.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.34.83.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.216.241.162.in-addr.arpa | udp |
| FR | 154.49.245.84:443 | aidealbot.com | tcp |
| US | 104.21.31.97:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | bawarimsp.com | udp |
| US | 8.8.8.8:53 | bestshill.com | udp |
| FR | 15.237.197.211:443 | almasheal.com | tcp |
| IN | 217.21.87.217:443 | alabradio.com | tcp |
| LU | 198.251.88.24:443 | bawarimsp.com | tcp |
| US | 8.8.8.8:53 | bricsmark.com | udp |
| US | 8.8.8.8:53 | chupybaby.com | udp |
| FR | 154.49.245.95:443 | alkh-aima.com | tcp |
| US | 8.8.8.8:53 | dexkstore.com | udp |
| US | 66.235.200.112:443 | alphalish.com | tcp |
| US | 162.0.215.132:443 | ascomobil.com | tcp |
| US | 148.163.93.106:443 | arkingweb.com | tcp |
| RO | 188.241.222.254:443 | alkalino2.com | tcp |
| US | 8.8.8.8:53 | deyesperu.com | udp |
| US | 8.8.8.8:53 | digipydia.com | udp |
| US | 8.8.8.8:53 | dioutlett.com | udp |
| US | 8.8.8.8:53 | dittebags.com | udp |
| US | 8.8.8.8:53 | diziboost.com | udp |
| US | 8.8.8.8:53 | divinatum.com | udp |
| US | 8.8.8.8:53 | 135.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.146.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.79.235.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.85.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.169.154.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.11.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dohaeagle.com | udp |
| US | 8.8.8.8:53 | djapraweb.com | udp |
| US | 8.8.8.8:53 | dorhassan.com | udp |
| US | 68.65.120.151:443 | bestshill.com | tcp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 198.54.119.115:443 | bricsmark.com | tcp |
| US | 8.8.8.8:53 | jacobs4mo.com | udp |
| US | 8.8.8.8:53 | www.jaluzicam.com | udp |
| BR | 154.49.247.148:443 | dexkstore.com | tcp |
| GB | 154.49.138.141:443 | deyesperu.com | tcp |
| US | 8.8.8.8:53 | www.jdsartist.com | udp |
| US | 8.8.8.8:53 | jarrucheo.com | udp |
| US | 8.8.8.8:53 | jermdraws.com | udp |
| US | 44.213.187.159:443 | digipydia.com | tcp |
| LT | 45.84.207.87:443 | dohaeagle.com | tcp |
| VN | 103.57.222.10:80 | chupybaby.com | tcp |
| FR | 154.49.245.77:443 | dorhassan.com | tcp |
| US | 104.21.34.37:443 | dittebags.com | tcp |
| US | 8.8.8.8:53 | jesstrend.com | udp |
| IN | 154.41.233.133:443 | diziboost.com | tcp |
| US | 104.21.59.146:443 | djapraweb.com | tcp |
| US | 8.8.8.8:53 | jobxthere.com | udp |
| US | 8.8.8.8:53 | jolivoile.com | udp |
| US | 8.8.8.8:53 | 95.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.87.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.93.163.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.120.65.68.in-addr.arpa | udp |
| US | 24.144.104.213:443 | dioutlett.com | tcp |
| US | 172.67.155.141:443 | divinatum.com | tcp |
| US | 8.8.8.8:53 | jungblatt.com | udp |
| US | 104.131.178.126:443 | jacobs4mo.com | tcp |
| US | 8.8.8.8:53 | www.jyotidevi.com | udp |
| FR | 109.234.164.228:443 | www.jdsartist.com | tcp |
| DE | 164.90.213.49:443 | jesstrend.com | tcp |
| US | 8.8.8.8:53 | www.kabulwood.com | udp |
| US | 104.21.77.149:443 | iufabetde.com | tcp |
| DE | 91.216.248.21:443 | jungblatt.com | tcp |
| FI | 65.108.134.49:443 | jarrucheo.com | tcp |
| TR | 46.20.146.37:443 | www.jaluzicam.com | tcp |
| JP | 52.193.90.155:443 | jermdraws.com | tcp |
| NL | 212.107.17.2:443 | jolivoile.com | tcp |
| US | 172.67.144.153:443 | jobxthere.com | tcp |
| IN | 62.72.28.231:443 | www.jyotidevi.com | tcp |
| US | 8.8.8.8:53 | www.kamnadevi.com | udp |
| US | 173.208.242.178:443 | www.kabulwood.com | tcp |
| US | 8.8.8.8:53 | 141.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.119.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.207.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.34.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.104.144.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.131.104.in-addr.arpa | udp |
| SG | 179.61.199.2:443 | royaltouchceylontea.com | tcp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | www.kavutepin.com | udp |
| IN | 89.117.188.130:443 | www.kamnadevi.com | tcp |
| US | 172.67.163.110:443 | www.kavutepin.com | tcp |
| US | 8.8.8.8:53 | keemscuts.com | udp |
| US | 160.153.0.186:443 | keemscuts.com | tcp |
| US | 8.8.8.8:53 | www.dein-hebammensupport.de | udp |
| US | 8.8.8.8:53 | kerdosbiz.com | udp |
| US | 8.8.8.8:53 | www.ketkiarya.com | udp |
| US | 8.8.8.8:53 | 228.164.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.213.90.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.134.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.17.107.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.144.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.146.20.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.90.193.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.242.208.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.163.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kodekashi.com | udp |
| US | 8.8.8.8:53 | korean108.com | udp |
| DE | 91.216.248.22:443 | www.dein-hebammensupport.de | tcp |
| US | 8.8.8.8:53 | kolideals.com | udp |
| US | 8.8.8.8:53 | ksikitchens.com | udp |
| US | 8.8.8.8:53 | ktthealth.com | udp |
| US | 8.8.8.8:53 | kurupunch.com | udp |
| US | 8.8.8.8:53 | pizzalore.com | udp |
| IN | 68.178.145.166:80 | kerdosbiz.com | tcp |
| IN | 89.117.27.47:443 | kodekashi.com | tcp |
| US | 34.210.137.143:443 | www.ketkiarya.com | tcp |
| US | 8.8.8.8:53 | plotiobcf.com | udp |
| US | 8.8.8.8:53 | pmk-chiba.com | udp |
| US | 8.8.8.8:53 | pmk-ginza.com | udp |
| US | 8.8.8.8:53 | pmk-kyoto.com | udp |
| US | 8.8.8.8:53 | pmk-omiya.com | udp |
| SG | 143.198.201.128:443 | korean108.com | tcp |
| FR | 154.49.245.167:443 | kolideals.com | tcp |
| PL | 146.59.70.127:443 | pizzalore.com | tcp |
| US | 192.210.0.37:443 | ksikitchens.com | tcp |
| KR | 183.111.183.60:443 | ktthealth.com | tcp |
| FR | 155.133.132.2:443 | kurupunch.com | tcp |
| US | 8.8.8.8:53 | pmk-sakae.com | udp |
| US | 8.8.8.8:53 | 22.248.216.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pmk-umeda.com | udp |
| FR | 18.161.111.120:443 | pmk-umeda.com | tcp |
| FR | 18.161.111.120:443 | pmk-umeda.com | tcp |
| FR | 18.161.111.120:443 | pmk-umeda.com | tcp |
| FR | 18.161.111.120:443 | pmk-umeda.com | tcp |
| FR | 18.161.111.79:443 | pmk-umeda.com | tcp |
| US | 8.8.8.8:53 | pnwtracks.com | udp |
| FR | 18.161.111.36:443 | pmk-umeda.com | tcp |
| US | 8.8.8.8:53 | pontiwear.com | udp |
| HK | 103.73.163.170:80 | plotiobcf.com | tcp |
| US | 172.67.138.246:443 | pontiwear.com | tcp |
| US | 8.8.8.8:53 | www.kodekashi.com | udp |
| US | 162.241.253.192:443 | pnwtracks.com | tcp |
| US | 8.8.8.8:53 | portbryan.com | udp |
| US | 8.8.8.8:53 | porpholio.com | udp |
| US | 8.8.8.8:53 | prestputt.com | udp |
| US | 8.8.8.8:53 | www.www.ketkiarya.com | udp |
| US | 8.8.8.8:53 | prevandco.com | udp |
| US | 8.8.8.8:53 | www.prevermas.com | udp |
| US | 8.8.8.8:53 | proeyepet.com | udp |
| US | 8.8.8.8:53 | projectkz.com | udp |
| US | 8.8.8.8:53 | 47.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.132.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.201.198.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.163.73.103.in-addr.arpa | udp |
| IN | 89.117.27.47:443 | www.kodekashi.com | tcp |
| US | 8.8.8.8:53 | purgeware.com | udp |
| US | 8.8.8.8:53 | prosyncds.com | udp |
| US | 8.8.8.8:53 | qasreamin.com | udp |
| N/A | 127.0.0.1:34513 | tcp | |
| US | 8.8.8.8:53 | quaggamer.com | udp |
| US | 8.8.8.8:53 | www.plotiobcf.com | udp |
| IN | 154.41.233.149:443 | porpholio.com | tcp |
| FR | 51.91.236.193:443 | prevandco.com | tcp |
| US | 160.153.41.131:443 | portbryan.com | tcp |
| US | 162.241.203.60:443 | proeyepet.com | tcp |
| CL | 186.64.114.65:443 | www.prevermas.com | tcp |
| FR | 151.106.26.219:443 | purgeware.com | tcp |
| US | 8.8.8.8:53 | racksauto.com | udp |
| US | 8.8.8.8:53 | rajuislam.com | udp |
| US | 34.68.234.4:443 | prosyncds.com | tcp |
| GB | 109.123.65.85:443 | qasreamin.com | tcp |
| US | 208.109.42.45:443 | projectkz.com | tcp |
| US | 62.72.2.201:443 | prestputt.com | tcp |
| US | 8.8.8.8:53 | regionite.com | udp |
| US | 8.8.8.8:53 | reactlasl.com | udp |
| IN | 154.41.233.152:443 | quaggamer.com | tcp |
| US | 208.97.150.186:443 | racksauto.com | tcp |
| DE | 88.198.100.142:443 | rajuislam.com | tcp |
| DE | 49.12.121.200:80 | reactlasl.com | tcp |
| US | 8.8.8.8:53 | 192.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.123.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.233.41.154.in-addr.arpa | udp |
| HK | 103.73.163.170:443 | www.plotiobcf.com | tcp |
| US | 8.8.8.8:53 | www.houseofacker.at | udp |
| US | 8.8.8.8:53 | remaxeasy.com | udp |
| US | 8.8.8.8:53 | remax4win.com | udp |
| AT | 81.19.159.43:443 | www.houseofacker.at | tcp |
| US | 8.8.8.8:53 | revitavit.com | udp |
| US | 8.8.8.8:53 | rfidlinen.com | udp |
| US | 8.8.8.8:53 | thehordey.com | udp |
| US | 8.8.8.8:53 | thelhview.com | udp |
| US | 8.8.8.8:53 | thewebpag.com | udp |
| US | 8.8.8.8:53 | thewebish.com | udp |
| GB | 185.77.97.120:443 | remaxeasy.com | tcp |
| US | 67.20.115.50:443 | remax4win.com | tcp |
| IN | 143.244.139.106:443 | thempwire.com | tcp |
| US | 64.31.43.186:80 | thehordey.com | tcp |
| US | 66.235.200.147:443 | thewebish.com | tcp |
| US | 8.8.8.8:53 | 4.234.68.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.2.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.114.64.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.100.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.121.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.150.97.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.159.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thicwitit.com | udp |
| SG | 217.21.72.248:443 | rfidlinen.com | tcp |
| IN | 154.41.233.144:443 | thewebpag.com | tcp |
| US | 162.241.170.179:443 | thelhview.com | tcp |
| BR | 177.11.50.82:443 | revitavit.com | tcp |
| US | 8.8.8.8:53 | tinnituss.com | udp |
| US | 8.8.8.8:53 | toddstile.com | udp |
| US | 35.81.52.103:443 | toddstile.com | tcp |
| US | 172.67.203.199:443 | tinnituss.com | tcp |
| US | 66.235.200.146:80 | thicwitit.com | tcp |
| US | 8.8.8.8:53 | eastafricajobcenter.com | udp |
| US | 8.8.8.8:53 | www.goizargizumelzucoach.com | udp |
| US | 8.8.8.8:53 | www.palmbaydentistrycare.com | udp |
| US | 8.8.8.8:53 | www.kharepackersandmovers.com | udp |
| US | 8.8.8.8:53 | kidsinmotiontherapies.com | udp |
| US | 104.21.20.159:443 | kidsinmotiontherapies.com | tcp |
| US | 162.254.39.100:443 | eastafricajobcenter.com | tcp |
| ES | 185.156.219.125:443 | www.goizargizumelzucoach.com | tcp |
| US | 8.8.8.8:53 | 50.115.20.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.139.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.43.31.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.170.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.50.11.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.72.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.52.81.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kindredconnectionstuc.com | udp |
| US | 8.8.8.8:53 | klondikesolitaireplay.com | udp |
| US | 8.8.8.8:53 | ladistribuidorafloral.com | udp |
| US | 8.8.8.8:53 | krsmaindianrestaurant.com | udp |
| IN | 103.212.121.75:443 | www.kharepackersandmovers.com | tcp |
| US | 70.32.23.62:443 | www.palmbaydentistrycare.com | tcp |
| US | 8.8.8.8:53 | lasvegascasinosufabet.com | udp |
| US | 8.8.8.8:53 | lawyer-truck-accident.com | udp |
| US | 8.8.8.8:53 | leopoldodeonlinesells.com | udp |
| US | 8.8.8.8:53 | lot35palmbeachforsale.com | udp |
| US | 8.8.8.8:53 | localbiznessdirectory.com | udp |
| US | 8.8.8.8:53 | lovelypuppiescomplexe.com | udp |
| US | 8.8.8.8:53 | rabitaclubdemarrakech.com | udp |
| US | 8.8.8.8:53 | gardenaromarestaurant.com | udp |
| US | 8.8.8.8:53 | gestionimmobilieresls.com | udp |
| US | 8.8.8.8:53 | getmachupicchutickets.com | udp |
| US | 162.144.15.124:443 | krsmaindianrestaurant.com | tcp |
| US | 160.153.0.56:443 | kindredconnectionstuc.com | tcp |
| US | 8.8.8.8:53 | 159.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.219.156.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prime-consultoria.com.mx | udp |
| US | 157.230.0.88:443 | klondikesolitaireplay.com | tcp |
| AR | 200.58.112.237:443 | ladistribuidorafloral.com | tcp |
| US | 104.21.59.127:443 | lasvegascasinosufabet.com | tcp |
| US | 74.208.236.88:443 | localbiznessdirectory.com | tcp |
| RU | 91.215.85.51:443 | lovelypuppiescomplexe.com | tcp |
| US | 8.8.8.8:53 | giwoneducationallinks.com | udp |
| US | 8.8.8.8:53 | globallogistics-cargo.com | udp |
| US | 104.21.57.208:443 | lawyer-truck-accident.com | tcp |
| US | 8.8.8.8:53 | getthespecialoftheday.com | udp |
| US | 8.8.8.8:53 | www.tinnituss.com | udp |
| US | 173.236.193.181:443 | gestionimmobilieresls.com | tcp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 50.87.216.15:443 | leopoldodeonlinesells.com | tcp |
| US | 8.8.8.8:53 | globalscholarsconnect.com | udp |
| US | 162.0.229.168:443 | rabitaclubdemarrakech.com | tcp |
| US | 195.179.238.65:443 | getmachupicchutickets.com | tcp |
| US | 162.241.219.29:443 | lot35palmbeachforsale.com | tcp |
| US | 8.8.8.8:53 | www.grandemosqueemamelles.com | udp |
| US | 8.8.8.8:53 | 62.23.32.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.121.212.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.15.144.162.in-addr.arpa | udp |
| IN | 68.178.149.40:443 | gardenaromarestaurant.com | tcp |
| US | 104.37.183.1:443 | prime-consultoria.com.mx | tcp |
| ZA | 102.130.122.231:443 | globalscholarsconnect.com | tcp |
| GB | 154.49.138.172:443 | giwoneducationallinks.com | tcp |
| US | 104.21.22.92:443 | www.tinnituss.com | tcp |
| US | 8.8.8.8:53 | guerriers-guerisseurs.com | udp |
| US | 8.8.8.8:53 | smartlinkconnectivity.com | udp |
| US | 8.8.8.8:53 | shinemakerrugcleaning.com | udp |
| US | 8.8.8.8:53 | silvertopgraphicsdev3.com | udp |
| US | 8.8.8.8:53 | smartgreeninnovations.com | udp |
| GB | 31.22.4.60:443 | globallogistics-cargo.com | tcp |
| US | 162.241.203.140:443 | getthespecialoftheday.com | tcp |
| US | 8.8.8.8:53 | somewhatawesomewashes.com | udp |
| US | 206.189.233.179:443 | shinemakerrugcleaning.com | tcp |
| US | 65.61.8.110:443 | silvertopgraphicsdev3.com | tcp |
| FR | 51.91.236.193:443 | guerriers-guerisseurs.com | tcp |
| US | 198.54.115.24:443 | shrooqalshamstoursuae.com | tcp |
| US | 148.72.122.188:443 | smartlinkconnectivity.com | tcp |
| US | 8.8.8.8:53 | 88.0.230.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.112.58.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.193.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.238.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.229.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.219.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.183.37.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.4.22.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | socialufabetaffiliate.com | udp |
| US | 63.250.43.134:443 | smartgreeninnovations.com | tcp |
| US | 162.241.2.93:443 | smartshoppingemporium.com | tcp |
| US | 8.8.8.8:53 | spinamusementscapital.com | udp |
| US | 8.8.8.8:53 | spreaddentalmarketing.com | udp |
| US | 8.8.8.8:53 | strongprintpublishing.com | udp |
| US | 8.8.8.8:53 | studiolegalestrambini.com | udp |
| US | 8.8.8.8:53 | synrcosurgicaltrading.com | udp |
| US | 8.8.8.8:53 | sunnyrehmanijewellers.com | udp |
| US | 35.83.159.219:443 | somewhatawesomewashes.com | tcp |
| US | 104.21.28.14:443 | socialufabetaffiliate.com | tcp |
| US | 8.8.8.8:53 | www.tapandpaysolutionsltd.com | udp |
| US | 172.67.215.185:443 | strongprintpublishing.com | tcp |
| US | 185.212.71.74:443 | synrcosurgicaltrading.com | tcp |
| US | 154.49.142.38:443 | sunnyrehmanijewellers.com | tcp |
| US | 173.254.1.247:443 | spinamusementscapital.com | tcp |
| US | 8.8.8.8:53 | tdsantiqueufabetchips.com | udp |
| US | 156.67.68.171:443 | spreaddentalmarketing.com | tcp |
| US | 8.8.8.8:53 | 231.122.130.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.233.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.8.61.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.2.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.28.21.104.in-addr.arpa | udp |
| DE | 172.105.250.34:443 | studiolegalestrambini.com | tcp |
| GB | 185.199.220.50:443 | www.tapandpaysolutionsltd.com | tcp |
| US | 8.8.8.8:53 | technoshiftinnovation.com | udp |
| US | 172.67.194.251:443 | tdsantiqueufabetchips.com | tcp |
| US | 8.8.8.8:53 | staging.silvertopgraphicsdev3.com | udp |
| US | 8.8.8.8:53 | thecoachingsisterhood.com | udp |
| US | 8.8.8.8:53 | thegirlstheintroverts.com | udp |
| US | 108.179.253.44:443 | thebestishereofficial.com | tcp |
| US | 65.61.8.110:443 | staging.silvertopgraphicsdev3.com | tcp |
| US | 198.54.125.253:443 | thecoachingsisterhood.com | tcp |
| US | 8.8.8.8:53 | thehairlossretoration.com | udp |
| US | 8.8.8.8:53 | thehomesteadoriginals.com | udp |
| US | 8.8.8.8:53 | therealdealbatesville.com | udp |
| IN | 103.92.235.64:443 | technoshiftinnovation.com | tcp |
| US | 8.8.8.8:53 | tiffanysibajaelizondo.com | udp |
| US | 8.8.8.8:53 | thetraveliciousfoodie.com | udp |
| US | 66.235.200.145:80 | thegirlstheintroverts.com | tcp |
| US | 8.8.8.8:53 | toolsofdigitalsuccess.com | udp |
| US | 8.8.8.8:53 | 219.159.83.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.220.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.250.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.1.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.71.212.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.194.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.68.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.253.179.108.in-addr.arpa | udp |
| US | 63.250.43.132:80 | thehomesteadoriginals.com | tcp |
| US | 50.87.253.68:443 | thetraveliciousfoodie.com | tcp |
| US | 8.8.8.8:53 | tourisme-sud-tunisien.com | udp |
| US | 8.8.8.8:53 | triunedeityministries.com | udp |
| US | 8.8.8.8:53 | truyenthongtruyenhinh.com | udp |
| US | 8.8.8.8:53 | www.uappalasportingpicchi.com | udp |
| US | 8.8.8.8:53 | underrecruitedathlete.com | udp |
| BR | 154.56.48.35:443 | thehairlossretoration.com | tcp |
| US | 96.43.139.18:443 | therealdealbatesville.com | tcp |
| LU | 198.251.88.24:443 | tiffanysibajaelizondo.com | tcp |
| US | 104.21.6.248:443 | thehealthyandwealthyu.com | tcp |
| US | 8.8.8.8:53 | vailmountainbikecamps.com | udp |
| US | 8.8.8.8:53 | vanchuyenhangdicondao.com | udp |
| US | 8.8.8.8:53 | valleyvillagedadsclub.com | udp |
| US | 8.8.8.8:53 | vanchuyenhanghoadilao.com | udp |
| US | 8.8.8.8:53 | ventetracteur.ca | udp |
| US | 8.8.8.8:53 | venda-oficial-digital.com | udp |
| US | 82.180.172.144:443 | toolsofdigitalsuccess.com | tcp |
| US | 74.208.236.219:443 | underrecruitedathlete.com | tcp |
| US | 8.8.8.8:53 | virtualinternetufabet.com | udp |
| US | 8.8.8.8:53 | www.walkertraveleducation.com | udp |
| US | 8.8.8.8:53 | wanderandwonderstruck.com | udp |
| FR | 51.83.41.3:443 | tourisme-sud-tunisien.com | tcp |
| IT | 89.46.107.251:443 | www.uappalasportingpicchi.com | tcp |
| US | 160.153.0.38:443 | triunedeityministries.com | tcp |
| US | 8.8.8.8:53 | weiss-serviceberatung.com | udp |
| US | 8.8.8.8:53 | worldsoundtranslation.com | udp |
| US | 8.8.8.8:53 | 64.235.92.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.125.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.48.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.139.43.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.6.21.104.in-addr.arpa | udp |
| US | 172.67.161.11:443 | truyenthongtruyenhinh.com | tcp |
| BR | 154.49.247.193:443 | venda-oficial-digital.com | tcp |
| US | 106.0.62.80:443 | valleyvillagedadsclub.com | tcp |
| US | 50.87.226.64:443 | ventetracteur.ca | tcp |
| US | 199.250.206.91:443 | vailmountainbikecamps.com | tcp |
| US | 104.21.66.172:443 | virtualinternetufabet.com | tcp |
| US | 50.87.171.154:80 | wanderandwonderstruck.com | tcp |
| US | 8.8.8.8:53 | www.guerriers-guerisseurs.com | udp |
| US | 8.8.8.8:53 | www.worship-china-service.com | udp |
| US | 8.8.8.8:53 | yellvillelandclearing.com | udp |
| US | 8.8.8.8:53 | y3sistemasysoluciones.com | udp |
| US | 8.8.8.8:53 | shanghaipacificleather.com | udp |
| US | 8.8.8.8:53 | www.uappalapicchicalcio.com | udp |
| US | 8.8.8.8:53 | www.shinemakerrugcleaning.com | udp |
| VN | 202.92.4.51:443 | vanchuyenhanghoadilao.com | tcp |
| US | 162.241.203.45:443 | worldsoundtranslation.com | tcp |
| US | 66.225.201.23:443 | www.walkertraveleducation.com | tcp |
| VN | 103.57.222.18:443 | vanchuyenhangdicondao.com | tcp |
| US | 206.189.233.179:443 | www.shinemakerrugcleaning.com | tcp |
| IT | 89.46.106.69:443 | www.uappalapicchicalcio.com | tcp |
| US | 8.8.8.8:53 | shopmichiganhealthcare.com | udp |
| US | 8.8.8.8:53 | www.thecoachingsisterhood.com | udp |
| US | 8.8.8.8:53 | sharpsdigitalmarketing.com | udp |
| US | 8.8.8.8:53 | 38.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.41.83.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.107.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.172.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.206.250.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.226.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.62.0.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.201.225.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | skyunlimitedenterprise.com | udp |
| US | 8.8.8.8:53 | socialufabetaffiliates.com | udp |
| FR | 92.205.13.20:443 | y3sistemasysoluciones.com | tcp |
| US | 192.254.186.135:443 | www.worship-china-service.com | tcp |
| FR | 51.91.236.193:443 | www.guerriers-guerisseurs.com | tcp |
| SG | 45.80.183.107:443 | shanghaipacificleather.com | tcp |
| US | 104.21.9.42:443 | yellvillelandclearing.com | tcp |
| US | 8.8.8.8:53 | stockinvestinginsights.com | udp |
| US | 198.54.125.253:443 | www.thecoachingsisterhood.com | tcp |
| US | 35.232.96.238:443 | shopmichiganhealthcare.com | tcp |
| US | 172.67.218.41:443 | socialufabetaffiliates.com | tcp |
| US | 8.8.8.8:53 | thearbitragecollective.com | udp |
| US | 141.193.213.10:443 | skyunlimitedenterprise.com | tcp |
| US | 8.8.8.8:53 | www.thebrighthousecleaning.com | udp |
| US | 8.8.8.8:53 | theemotionalexperience.com | udp |
| US | 8.8.8.8:53 | thevintageshopclothing.com | udp |
| US | 8.8.8.8:53 | tomcunninghammediation.com | udp |
| US | 8.8.8.8:53 | transforminglivestoday.com | udp |
| US | 195.179.238.247:443 | sharpsdigitalmarketing.com | tcp |
| NL | 45.82.188.40:443 | stockinvestinginsights.com | tcp |
| US | 8.8.8.8:53 | transitiontotechafrica.com | udp |
| FR | 52.84.45.7:443 | www.thebrighthousecleaning.com | tcp |
| US | 8.8.8.8:53 | 51.4.92.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.222.57.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.106.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.9.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.186.254.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.183.80.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.218.67.172.in-addr.arpa | udp |
| FR | 216.137.52.27:443 | thearbitragecollective.com | tcp |
| US | 8.8.8.8:53 | traveldestinationsasia.com | udp |
| US | 173.254.30.113:443 | thevintageshopclothing.com | tcp |
| FR | 94.23.73.16:443 | theemotionalexperience.com | tcp |
| US | 104.21.74.157:443 | transitiontotechafrica.com | tcp |
| US | 209.182.214.22:443 | tomcunninghammediation.com | tcp |
| US | 8.8.8.8:53 | tudomaispersonalizados.com | udp |
| US | 8.8.8.8:53 | unitedtastesofcalcutta.com | udp |
| US | 8.8.8.8:53 | universalfinancialnews.com | udp |
| US | 192.185.211.39:443 | transforminglivestoday.com | tcp |
| US | 8.8.8.8:53 | vanchuyenhangdiphuquoc.com | udp |
| US | 162.241.24.158:443 | traveldestinationsasia.com | tcp |
| US | 67.223.118.104:80 | universalfinancialnews.com | tcp |
| IN | 119.18.49.75:443 | unitedtastesofcalcutta.com | tcp |
| US | 8.8.8.8:53 | velvetvibebeautyparlor.com | udp |
| BR | 154.56.48.55:443 | tudomaispersonalizados.com | tcp |
| VN | 103.57.221.19:443 | vanchuyenhangdiphuquoc.com | tcp |
| US | 172.67.170.69:443 | velvetvibebeautyparlor.com | tcp |
| US | 8.8.8.8:53 | wdadvertisinganddesign.com | udp |
| US | 8.8.8.8:53 | 40.188.82.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.96.232.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.45.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | romanostromboli.com | udp |
| US | 8.8.8.8:53 | 27.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.73.23.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.214.182.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.211.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.30.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.118.223.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.49.18.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.48.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | westknoxsafeandstorage.com | udp |
| US | 8.8.8.8:53 | whatwouldyoudoforabeer.com | udp |
| US | 8.8.8.8:53 | williamphillipanderson.com | udp |
| US | 8.8.8.8:53 | wolfpackwrestlingcamps.com | udp |
| US | 8.8.8.8:53 | hotrokekhaithuemienphi.com | udp |
| US | 8.8.8.8:53 | hire-berkshirehathaway.com | udp |
| US | 8.8.8.8:53 | www.ecoturismeterraalta.com | udp |
| US | 8.8.8.8:53 | cambiumx.com | udp |
| US | 8.8.8.8:53 | www.car-take.com | udp |
| US | 8.8.8.8:53 | cartslys.com | udp |
| US | 54.208.164.230:443 | romanostromboli.com | tcp |
| US | 67.223.118.104:443 | universalfinancialnews.com | tcp |
| US | 8.8.8.8:53 | www.cat-deal.com | udp |
| US | 8.8.8.8:53 | www.hk-front.com | udp |
| US | 8.8.8.8:53 | heaven29.com | udp |
| US | 8.8.8.8:53 | www.homes-jk.com | udp |
| US | 66.235.200.147:443 | wdadvertisinganddesign.com | tcp |
| US | 162.241.217.72:443 | wolfpackwrestlingcamps.com | tcp |
| US | 8.8.8.8:53 | 69.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.221.57.103.in-addr.arpa | udp |
| US | 74.208.236.68:443 | westknoxsafeandstorage.com | tcp |
| ID | 202.52.146.246:443 | warisanherbalnusantara.com | tcp |
| US | 162.241.216.80:443 | williamphillipanderson.com | tcp |
| US | 162.241.194.117:443 | whatwouldyoudoforabeer.com | tcp |
| US | 8.8.8.8:53 | i-sunads.com | udp |
| US | 8.8.8.8:53 | iclickhq.com | udp |
| IR | 185.159.153.58:80 | www.car-take.com | tcp |
| VN | 112.213.89.38:443 | hotrokekhaithuemienphi.com | tcp |
| US | 8.8.8.8:53 | www.imagidis.com | udp |
| ES | 134.0.10.143:443 | www.ecoturismeterraalta.com | tcp |
| ES | 188.164.194.213:443 | cambiumx.com | tcp |
| US | 8.8.8.8:53 | indoguns.com | udp |
| CN | 42.171.229.177:443 | www.busbyrio.com | tcp |
| US | 62.72.25.85:443 | cartslys.com | tcp |
| US | 172.67.206.111:443 | www.cat-deal.com | tcp |
| US | 8.8.8.8:53 | infobuja.com | udp |
| KR | 183.111.138.237:443 | www.homes-jk.com | tcp |
| US | 8.8.8.8:53 | infolati.com | udp |
| US | 8.8.8.8:53 | 72.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.10.0.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.194.164.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.194.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.153.159.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.164.208.54.in-addr.arpa | udp |
| KR | 183.111.183.51:80 | heaven29.com | tcp |
| US | 50.31.188.124:443 | www.imagidis.com | tcp |
| US | 66.235.200.251:443 | i-sunads.com | tcp |
| US | 8.8.8.8:53 | inzakang.com | udp |
| US | 8.8.8.8:53 | iptvhand.com | udp |
| ID | 103.131.51.31:443 | indoguns.com | tcp |
| US | 8.8.8.8:53 | itisshan.com | udp |
| US | 8.8.8.8:53 | janasaul.com | udp |
| US | 8.8.8.8:53 | johargas.com | udp |
| US | 8.8.8.8:53 | katviral.com | udp |
| US | 8.8.8.8:53 | www.kapateam.com | udp |
| US | 8.8.8.8:53 | kazatoru.com | udp |
| HK | 219.234.31.161:80 | www.hk-front.com | tcp |
| SG | 68.183.178.47:443 | infobuja.com | tcp |
| US | 8.8.8.8:53 | jxchains.com | udp |
| US | 104.21.40.27:443 | infolati.com | tcp |
| US | 8.8.8.8:53 | kbn-shop.com | udp |
| US | 8.8.8.8:53 | 85.25.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.138.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.188.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.183.111.183.in-addr.arpa | udp |
| US | 104.152.109.72:443 | itisshan.com | tcp |
| US | 162.0.209.152:443 | iptvhand.com | tcp |
| US | 162.0.229.63:443 | katviral.com | tcp |
| US | 104.21.37.200:443 | janasaul.com | tcp |
| US | 172.67.192.218:443 | johargas.com | tcp |
| US | 8.8.8.8:53 | keenstor.com | udp |
| US | 8.8.8.8:53 | korapply.com | udp |
| JP | 160.251.71.118:443 | kazatoru.com | tcp |
| US | 50.31.188.124:443 | www.kapateam.com | tcp |
| US | 45.56.95.147:443 | jxchains.com | tcp |
| US | 162.213.251.101:443 | kbn-shop.com | tcp |
| KR | 183.111.199.222:80 | inzakang.com | tcp |
| US | 8.8.8.8:53 | kozykubz.com | udp |
| US | 8.8.8.8:53 | leedahxo.com | udp |
| US | 8.8.8.8:53 | www.kydagame.com | udp |
| US | 8.8.8.8:53 | leucelia.com | udp |
| US | 8.8.8.8:53 | www.levenola.com | udp |
| US | 104.21.65.90:443 | kozykubz.com | tcp |
| US | 8.8.8.8:53 | liiliian.com | udp |
| US | 8.8.8.8:53 | 31.51.131.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.40.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.178.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.31.234.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.109.152.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.37.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.209.0.162.in-addr.arpa | udp |
| US | 104.21.33.174:443 | leedahxo.com | tcp |
| US | 104.21.28.148:443 | www.kydagame.com | tcp |
| SG | 134.209.98.180:443 | keenstor.com | tcp |
| KR | 117.52.89.197:80 | korapply.com | tcp |
| FR | 109.234.164.75:443 | leucelia.com | tcp |
| US | 172.67.176.74:443 | www.levenola.com | tcp |
| US | 8.8.8.8:53 | linhgiac.com | udp |
| US | 8.8.8.8:53 | www.lsr-luft.de | udp |
| US | 8.8.8.8:53 | lubtexco.com | udp |
| US | 104.21.87.29:443 | lojadrex.com | tcp |
| US | 8.8.8.8:53 | lumidoka.com | udp |
| US | 8.8.8.8:53 | www.lumoquip.com | udp |
| US | 8.8.8.8:53 | mafviral.com | udp |
| GB | 154.49.138.110:443 | linhgiac.com | tcp |
| KR | 117.52.89.197:80 | korapply.com | tcp |
| US | 8.8.8.8:53 | 147.95.56.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.251.213.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.71.251.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.199.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.98.209.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.164.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.89.52.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marcearl.com | udp |
| US | 162.0.229.63:443 | katviral.com | tcp |
| US | 8.8.8.8:53 | meankown.com | udp |
| GB | 185.77.97.28:443 | www.lookatyu.com | tcp |
| VN | 103.221.221.39:443 | lubtexco.com | tcp |
| DE | 94.130.184.17:443 | www.lsr-luft.de | tcp |
| US | 8.8.8.8:53 | mileojet.com | udp |
| US | 104.21.54.57:443 | www.lumoquip.com | tcp |
| US | 165.22.13.126:443 | lumidoka.com | tcp |
| US | 8.8.8.8:53 | menusset.com | udp |
| US | 8.8.8.8:53 | mueblive.com | udp |
| US | 23.105.221.135:443 | meankown.com | tcp |
| US | 8.8.8.8:53 | mujerpan.com | udp |
| US | 104.21.28.7:443 | marcearl.com | tcp |
| US | 8.8.8.8:53 | illumixco.com | udp |
| US | 8.8.8.8:53 | imperlaje.com | udp |
| US | 172.67.154.168:443 | mileojet.com | tcp |
| US | 63.250.43.16:80 | mistyscc.com | tcp |
| DE | 217.160.0.230:443 | menusset.com | tcp |
| US | 8.8.8.8:53 | indoorgem.com | udp |
| US | 8.8.8.8:53 | infogultd.com | udp |
| US | 8.8.8.8:53 | 29.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.184.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.54.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.13.22.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.221.221.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.221.105.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ingridtol.com | udp |
| US | 8.8.8.8:53 | qufakd4842.mycafe24.com | udp |
| US | 8.8.8.8:53 | lookatyu.com | udp |
| US | 68.183.154.32:443 | mujerpan.com | tcp |
| US | 8.8.8.8:53 | investxid.com | udp |
| ID | 103.142.21.66:443 | maorumah.com | tcp |
| US | 8.8.8.8:53 | iriafilms.com | udp |
| US | 172.67.148.50:443 | mueblive.com | tcp |
| SG | 128.199.222.17:443 | mkdkblog.com | tcp |
| US | 8.8.8.8:53 | ishoppeja.com | udp |
| US | 162.241.3.30:443 | imperlaje.com | tcp |
| US | 104.21.61.13:443 | ingridtol.com | tcp |
| US | 173.254.104.65:443 | indoorgem.com | tcp |
| US | 172.67.210.221:80 | investxid.com | tcp |
| KR | 183.111.183.51:80 | qufakd4842.mycafe24.com | tcp |
| GB | 154.49.138.216:443 | lookatyu.com | tcp |
| US | 172.67.169.18:443 | infogultd.com | tcp |
| US | 8.8.8.8:53 | j36casino.com | udp |
| US | 8.8.8.8:53 | iteachapp.com | udp |
| US | 8.8.8.8:53 | jahanallc.com | udp |
| FR | 92.205.13.40:443 | iriafilms.com | tcp |
| US | 209.17.116.165:80 | ishoppeja.com | tcp |
| US | 8.8.8.8:53 | janetpeel.com | udp |
| US | 8.8.8.8:53 | 7.28.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.148.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.154.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.3.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.222.199.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.21.142.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.61.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.104.254.173.in-addr.arpa | udp |
Files
memory/2888-1-0x0000000001CA0000-0x0000000001DA0000-memory.dmp
memory/2888-2-0x0000000003770000-0x000000000377B000-memory.dmp
memory/2888-3-0x0000000000400000-0x0000000001A2B000-memory.dmp
memory/3472-4-0x0000000000980000-0x0000000000996000-memory.dmp
memory/2888-5-0x0000000000400000-0x0000000001A2B000-memory.dmp
memory/2888-8-0x0000000003770000-0x000000000377B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C505.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/4544-17-0x00000000037A0000-0x0000000003960000-memory.dmp
memory/4544-18-0x0000000003A90000-0x0000000003C47000-memory.dmp
memory/2216-19-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2216-21-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C505.exe
| MD5 | aa4d2da41beb1cff9d5e8976a6614c9b |
| SHA1 | 55220085d0eadc5801f11d13a42407abb18164ec |
| SHA256 | 070358003d65fc59726a1c10c5f12ace47a20891037abc050e63a746b61a86f7 |
| SHA512 | 28d1884ae99281e8dd87d19b3a321741a8473c069531a5afdce52dc0dbd010e0af8cdb1b29d8af601b2eabb00be7a622aa35a385d5d711951a3ed35dea4d445f |
memory/2216-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2216-23-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CD82.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2216-26-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2216-27-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CD82.dll
| MD5 | cd9252ba97e54a4425be872512fb1c90 |
| SHA1 | 0f3c5d795fe6a62337c518348bf2dea84420ccb0 |
| SHA256 | edf95d4b4f57a1bfa2b17f5f677c09e878aaa756086304dd369c43b4074f6ea1 |
| SHA512 | 7f505cb8a42a52faad1ac690bdfd70c98fd51b1bd5cd9cf79e132aacde30c62a11a72c37c12f6b4d6df088d530647b8b11ab87ed31e5b6aa493c889b951016c3 |
memory/2216-30-0x0000000010000000-0x0000000010202000-memory.dmp
memory/1472-35-0x0000000000980000-0x0000000000986000-memory.dmp
memory/2216-31-0x0000000000B60000-0x0000000000B66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E37C.exe
| MD5 | f9dfad37321a3366ef3f3d4de3c9692b |
| SHA1 | cdd16f32498a5596c1b11af89c41a782308d1143 |
| SHA256 | 34ccb9a856a8b9fc6448030518d69af5e518bdbc76a2a63ce976020d3187593d |
| SHA512 | bec84ce05eca34b9d874e7730dd1c778b76a57b2bb4315231b6a3e0a9a2394cf3f1d8afbe37c886c754b019e3b56f153db9aa4f1fda40a032c91d4dbe78f2e74 |
C:\Users\Admin\AppData\Local\Temp\E37C.exe
| MD5 | 545ea65be2741bfa7cf40f26b56a9d4a |
| SHA1 | 06d208f6ef7be414314654348156599e50f68e08 |
| SHA256 | 4660b3fb8b75d479637b17fb36f40106c49a622b9bfb75fc1d261aa94b9089fe |
| SHA512 | 0d9f0eff748f46e8800dc6dbfdefcc485ce7bc1743e9fef06957aec166181605fe199d8901e7cc2013c12951277a772684b92bb7d8b900c22987ca06a6c0044a |
C:\Users\Admin\AppData\Local\Temp\E811.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/756-45-0x0000000000DC0000-0x0000000000DC1000-memory.dmp
memory/756-46-0x0000000000EB0000-0x00000000017A1000-memory.dmp
memory/4156-49-0x0000000001C00000-0x0000000001D00000-memory.dmp
memory/4156-47-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/4156-51-0x00000000036C0000-0x000000000372B000-memory.dmp
memory/756-52-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/756-53-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/756-54-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/756-55-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/2216-56-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\F5CE.exe
| MD5 | 8cd6b6903ff5b0ed65a3c090d7f9a248 |
| SHA1 | f95f22506fb6e47caf5ec933ca81ee01cd59dacb |
| SHA256 | 316dc6faed94ef405e8b91f1b869ca72215dc776f77a0a0d4a88bcf19f5c7ea0 |
| SHA512 | 9ebd5299a431de9c8c1e1c72507a765a8b4b37e901d801924a0eeb3881d5d1bc656c4a1cd16365ff10a5ea7ad6199b9b56e94b9b4ae914436dd0f7f45deb3eee |
C:\Users\Admin\AppData\Local\Temp\F5CE.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1472-62-0x0000000010000000-0x0000000010202000-memory.dmp
memory/4852-63-0x0000000000470000-0x00000000008FC000-memory.dmp
memory/2216-65-0x0000000002CF0000-0x0000000002E18000-memory.dmp
memory/4852-66-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/1472-64-0x0000000002670000-0x0000000002798000-memory.dmp
memory/1472-68-0x00000000027A0000-0x00000000028AD000-memory.dmp
memory/2216-70-0x0000000002E20000-0x0000000002F2D000-memory.dmp
memory/2216-74-0x0000000002E20000-0x0000000002F2D000-memory.dmp
memory/1472-75-0x00000000027A0000-0x00000000028AD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
C:\Users\Admin\AppData\Local\Temp\FF16.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
memory/5004-91-0x0000000001CB0000-0x0000000001DB0000-memory.dmp
memory/5004-94-0x00000000036E0000-0x0000000003747000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
memory/4852-104-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/5004-105-0x0000000000400000-0x0000000001A4B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | b93108b3671a16cc43cc0fddcfbdba3f |
| SHA1 | 214cec6912a00942c3687e8ba25dd4a67edddcfb |
| SHA256 | 941245b551e8c714f3c4afb07b61ad39897fa2c541455c6afa693e50d14e492b |
| SHA512 | 847a95b66b6d21e5dbc6c15dcad69de98ff378c80034daca676a94abb27dfebf08394dbd03806a3fc435164e8ec3de8f9051885f03b7ac9d26ca2847ba4ba5b0 |
memory/1472-97-0x00000000027A0000-0x00000000028AD000-memory.dmp
memory/2216-98-0x0000000002E20000-0x0000000002F2D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | e0bda1036cb1e33e6f3a28ea7b0619e2 |
| SHA1 | cf20fbd01abfa05f3788ec0166518ed643cd166b |
| SHA256 | a512d49b209b57e575459e34b99872f34b64562c538880f98e83bb51ef2498ce |
| SHA512 | 99390d218f88d0b53f67e877da7d90a2e4713012b7a551e771b94b67f6dd6f9118396872e9422a83fa881a673a6f890812206e870e3e352b94f253c07ab08e3b |
memory/2340-107-0x0000000003950000-0x0000000003D4B000-memory.dmp
memory/2340-110-0x0000000003E50000-0x000000000473B000-memory.dmp
memory/2340-118-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe
| MD5 | 3617a29bd8a5ce15c26c390d950c4269 |
| SHA1 | 3249c854aafedcf0787ce9f759f451df803afc9c |
| SHA256 | c932561935ced4b282d3e0f7dca8e74b3f073e03966151f96359c815cd25b234 |
| SHA512 | a6a355ca6ebbcf334cdba7d5522cb9f3365c0a1ea9eb32806c4a771a544ad21b7425efc839c999a656cf714f1d77c7b48f73248d7976f0c774dcf5dd0ced8366 |
memory/2216-133-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4156-134-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/4700-135-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2216-137-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4700-136-0x0000000000D00000-0x0000000000D01000-memory.dmp
memory/5004-139-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/4556-143-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/4556-144-0x00000000025A0000-0x00000000026A0000-memory.dmp
memory/4556-145-0x00000000023F0000-0x00000000023FB000-memory.dmp
memory/2340-146-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 982d86e6224481651e6e47bff114232e |
| SHA1 | 0bc788de366cc6a0005a8c4d281781d37703997a |
| SHA256 | 767456707586974ac33bb3a61dc4a12b64d1ffcadc21a0430d6ef88b73af40bf |
| SHA512 | 86a34151578b8a9975b5d7d957678de231d0cb96dddf951167afd07d2acce27553f4f2b9ee899dcc0cf2613fc8209812f2c74c532a128d6792f65113333392d4 |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/3472-157-0x0000000002EF0000-0x0000000002F06000-memory.dmp
memory/2216-161-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1816-162-0x0000000002150000-0x0000000002186000-memory.dmp
memory/4556-159-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/1816-167-0x0000000004DD0000-0x00000000053F8000-memory.dmp
memory/1816-165-0x0000000004790000-0x00000000047A0000-memory.dmp
memory/4700-164-0x0000000000400000-0x0000000000930000-memory.dmp
memory/756-169-0x0000000000EB0000-0x00000000017A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | c8e14e182d14c76ced299bae435ab28b |
| SHA1 | 5e09b067cc573119956127220ae7919acc8846c3 |
| SHA256 | 2e93d6fae9912232b5a4bb9d9705a27656bce7bf7e763289fba574c275cc5db0 |
| SHA512 | a507a2f46b00b0158ca7b9129e184e066cc3daf25a3f29263b5b13cd6ecfbfc591078efa8afafa35808dfd34837e6b30811d6d14ef1e37f6f3d0b5e1860b143e |
memory/1816-174-0x0000000004790000-0x00000000047A0000-memory.dmp
memory/1816-172-0x0000000072920000-0x00000000730D0000-memory.dmp
memory/756-177-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/4156-176-0x0000000001C00000-0x0000000001D00000-memory.dmp
memory/756-178-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/756-179-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/756-181-0x0000000000DD0000-0x0000000000E02000-memory.dmp
memory/3092-185-0x0000000003E00000-0x0000000003E27000-memory.dmp
memory/3092-183-0x0000000002420000-0x0000000002520000-memory.dmp
memory/1816-182-0x0000000004C90000-0x0000000004CB2000-memory.dmp
memory/2340-186-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1816-194-0x0000000004D40000-0x0000000004DA6000-memory.dmp
memory/1816-199-0x0000000005470000-0x00000000054D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ofkim0d4.fr2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1816-200-0x00000000055E0000-0x0000000005934000-memory.dmp
memory/3092-203-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/1816-208-0x0000000004880000-0x000000000489E000-memory.dmp
memory/1816-209-0x0000000005B30000-0x0000000005B7C000-memory.dmp
memory/3092-210-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/1816-232-0x0000000006C00000-0x0000000006C44000-memory.dmp
memory/2216-244-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1816-253-0x0000000006DA0000-0x0000000006E16000-memory.dmp
memory/1816-255-0x0000000004790000-0x00000000047A0000-memory.dmp
memory/756-259-0x0000000000EB0000-0x00000000017A1000-memory.dmp
memory/1816-263-0x00000000074A0000-0x0000000007B1A000-memory.dmp
memory/1816-267-0x0000000006E40000-0x0000000006E5A000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | d57820879867c26d0a12cf705742aea5 |
| SHA1 | 099ed7e26d3aa905241e223fd562efb4a6da3117 |
| SHA256 | ef7ca3616ad339af502d30320b0f297171e259348d2f2dddb4dc2f36f237218c |
| SHA512 | dcccfbac75a5c7f1ab3950a901fa984ae1389d2b6725fc02f0e8f756cb48f38100afa0c9b7859d5b068ead7974c4fd3598273fe7dfdcf969502ab10d27fc83e0 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/1816-285-0x0000000007000000-0x0000000007032000-memory.dmp
memory/1816-289-0x00000000747D0000-0x000000007481C000-memory.dmp
memory/1816-291-0x000000006F600000-0x000000006F954000-memory.dmp
memory/1816-301-0x0000000006FE0000-0x0000000006FFE000-memory.dmp
memory/1816-302-0x0000000007040000-0x00000000070E3000-memory.dmp
memory/1816-305-0x000000007EEA0000-0x000000007EEB0000-memory.dmp
memory/1816-306-0x0000000007130000-0x000000000713A000-memory.dmp
memory/1816-310-0x00000000071F0000-0x0000000007286000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 6ed0423b605c5ae80bc9695cb8c18d1a |
| SHA1 | 3062203aae80249f23c2064b2466cdff956453ac |
| SHA256 | f5810d899b09e94142f16a61a762a4aea9eef36070cca208bf3ea49372096f4c |
| SHA512 | 42e53ece8999811fbe91ef59660799196f7646959c55298735b85ff31bbbf33e5ac037235be7bee77baa9c0ac2d56cd4504c9b4d29fc0007d171de98d7bbdaaa |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Roaming\reivsgs
| MD5 | 5c666aed70980ea1d08ad44459eaacaa |
| SHA1 | 800d5a7826018c9ca3093cca18b41989d086a370 |
| SHA256 | b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107 |
| SHA512 | fdf44e1c4ee18a8d67334cce30a22cf391ad48ad95c92f858f35e2090cd5cf5029240a2e7bbe4a7a924d75d5c3c9c616115baeb02af08c2c285e46f53312a5fc |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 3d086a433708053f9bf9523e1d87a4e8 |
| SHA1 | b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28 |
| SHA256 | 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69 |
| SHA512 | 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a243f932f50561a96d7a97546a32b3d8 |
| SHA1 | f508265851d9568212f495b72c5afc94bcc8b384 |
| SHA256 | f25a2a5efa57c314d53ad7d54db2024049f4231870fd0d6e37f0517f28b6aadd |
| SHA512 | 8b015c6564364652e8d2c19c20a135e729e1450e6f20cff315c2b1d924ce8668f6f9e8c5e66f9db1e46273a4ef960297c6c5672e53b2d39b7eb324cd6e509dec |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | cdb70dc039771fcf9e67cc141d6df24d |
| SHA1 | 4dcb1fadbaf419515b1268ea89207cc6c7069950 |
| SHA256 | 421c1a2bc981103c332c94391868a5a519badcd9867a6063b8fc4518596da3f3 |
| SHA512 | a1c2096f2657daa625be64b4ecf295d24a5d50c46302fe9a8f1df809ae2a9fe27a0340978cecb8f057cb6eb8ac11236d47717ecd80d894268c4bb9167a28225d |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 67714b94ff22937f555ef0c23681e0a6 |
| SHA1 | eb8406fcdbcd78d44b583ea20bfdf4b61a5937e5 |
| SHA256 | 271c6e7f2e1f968bcf9114d55e9e8536e378d828abaf5471839378468c1b42c7 |
| SHA512 | 268bb3d2ad88ffca3ca494197c3bce9c3243c0c5f223a36709e2531eaa4280a5e5c478870fb153a8d9ccb787e13413a34eb0d4396735746274b31b228c6230e9 |
C:\Windows\rss\csrss.exe
| MD5 | 87242b84e5aa10ce234cce1b3d34746e |
| SHA1 | 390da1c7d5484a6b645fdc0bb087feffe8c6b7b4 |
| SHA256 | e277ad127d7a62431b349fd6d15c15186a57aed74a1aaa88ce3c2530341cc599 |
| SHA512 | 70844a34724a77a129bdf844b419f906bae6c0db1b42c7a90b1b88cd98f260631cb3394f9fbc05285845c708530ececfc0d42d470571ea70fb29b79334eaddea |
C:\Windows\rss\csrss.exe
| MD5 | e00f2014541006c46bd69677d27eee52 |
| SHA1 | 3f494dff72105b0c816250437c5051728a8694c3 |
| SHA256 | 0f083588893441a0fbfa9f548bec90c6b76b5103bdee80602c6cb45b10bdc1e1 |
| SHA512 | 3755b57e127e58f6156b24975e321613b8f80c776974b04c7c9c7c1a367a474a6fe8668d0ff902a352c6f6c2d9d3930e8f280963f2cea340fce4046053edd8fb |