Over the last couple of days, we’ve been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes. What all of these campaigns have in common is the fact that they all share the same malicious infrastructure.
Let’s profile one of the most recently spamvertised campaigns, and expose the cybercriminals’ complete portfolio of malicious domains, their related name servers, dropped MD5 and its associated run time behavior.
More details:
Sample screenshot of the spamvertised email:
Sample spamvertised compromised URLs:
hxxp://2555.ruksadindan.com/page-329.htm
hxxp://www.athenassoftware.com.br/page-329.htm
hxxp://www.sweetgarden.ca/page-329.htm
hxxp://lab.monohrom.uz/page-329.htm
hxxp://easy2winpoker.com/page-329.htm
hxxp://ideashtor.ru/page-329.htm
Sample client-side exploits serving URL:
hxxp://202.72.245.146:8080/forum/links/public_version.php
The following malicious domains also respond to the same IP (202.72.245.146) and are part of multiple campaigns spamvertised over the past couple of days:
enakinukia.ru
dekamerionka.ru
evskindarka.ru
exibonapa.ru
esigbsoahd.ru
dmssmgf.ru
epianokif.ru
elistof.ru
dmpsonthh.ru
esekundi.ru
egihurinak.ru
exiansik.ru
ewinhdutik.ru
efjjdopkam.ru
eipuonam.ru
emaianem.ru
epionkalom.ru
disownon.ru
estipaindo.ru
ejiposhhgio.ru
epilarikko.ru
damagalko.ru
emalenoko.ru
epiratko.ru
evujalo.ru
bananamamor.ru
eminakotpr.ru
dfudont.ru
Related Name Servers (part of the infrastructure of these campaigns):
Name server: ns1.enakinukia.ru – 85.143.166.174
Name server: ns2.enakinukia.ru – 41.168.5.140
Name server: ns3.enakinukia.ru – 42.121.116.38
Name server: ns4.enakinukia.ru – 110.164.58.250
Name server: ns5.enakinukia.ru – 210.71.250.131
Name server: ns1.dekamerionka.ru – 62.76.185.169
Name server: ns2.dekamerionka.ru – 41.168.5.140
Name server: ns3.dekamerionka.ru – 42.121.116.38
Name server: ns4.dekamerionka.ru – 110.164.58.250
Name server: ns5.dekamerionka.ru – 210.71.250.131
Name server: ns1.evskindarka.ru – 85.143.166.174
Name server: ns2.evskindarka.ru – 41.168.5.140
Name server: ns3.evskindarka.ru – 42.121.116.38
Name server: ns4.evskindarka.ru – 110.164.58.250
Name server: ns5.evskindarka.ru – 210.71.250.131
Name server: ns1.exibonapa.ru – 85.143.166.174
Name server: ns2.exibonapa.ru – 41.168.5.140
Name server: ns3.exibonapa.ru – 42.121.116.38
Name server: ns4.exibonapa.ru – 110.164.58.250
Name server: ns5.exibonapa.ru – 210.71.250.131
Name server: ns1.esigbsoahd.ru – 62.76.40.244
Name server: ns2.esigbsoahd.ru – 41.168.5.140
Name server: ns3.esigbsoahd.ru – 110.164.58.250
Name server: ns4.esigbsoahd.ru – 210.71.250.131
Name server: ns5.esigbsoahd.ru – 203.171.234.53
Name server: ns1.dmssmgf.ru – 62.76.185.169
Name server: ns2.dmssmgf.ru – 41.168.5.140
Name server: ns3.dmssmgf.ru – 42.121.116.38
Name server: ns4.dmssmgf.ru – 110.164.58.250
Name server: ns5.dmssmgf.ru – 210.71.250.131
Name server: ns1.epianokif.ru – 62.76.40.244
Name server: ns2.epianokif.ru – 41.168.5.140
Name server: ns3.epianokif.ru – 110.164.58.250
Name server: ns4.epianokif.ru – 210.71.250.131
Name server: ns1.elistof.ru – 62.76.40.244
Name server: ns2.elistof.ru – 41.168.5.140
Name server: ns3.elistof.ru – 110.164.58.250
Name server: ns4.elistof.ru – 210.71.250.131
Name server: ns1.dmpsonthh.ru – 62.76.185.169
Name server: ns2.dmpsonthh.ru – 41.168.5.140
Name server: ns3.dmpsonthh.ru – 42.121.116.38
Name server: ns4.dmpsonthh.ru – 110.164.58.250
Name server: ns5.dmpsonthh.ru – 210.71.250.131
Name server: ns1.esekundi.ru – 85.143.166.174
Name server: ns2.esekundi.ru – 41.168.5.140
Name server: ns3.esekundi.ru – 42.121.116.38
Name server: ns4.esekundi.ru – 110.164.58.250
Name server: ns5.esekundi.ru – 210.71.250.131
Name server: ns1.egihurinak.ru – 85.143.166.174
Name server: ns2.egihurinak.ru – 41.168.5.140
Name server: ns3.egihurinak.ru – 42.121.116.38
Name server: ns4.egihurinak.ru – 110.164.58.250
Name server: ns5.egihurinak.ru – 210.71.250.131
Name server: ns1.exiansik.ru – 85.143.166.174
Name server: ns2.exiansik.ru – 41.168.5.140
Name server: ns3.exiansik.ru – 42.121.116.38
Name server: ns4.exiansik.ru – 110.164.58.250
Name server: ns5.exiansik.ru – 210.71.250.131
Name server: ns1.ewinhdutik.ru – 62.76.40.244
Name server: ns2.ewinhdutik.ru – 41.168.5.140
Name server: ns3.ewinhdutik.ru – 110.164.58.250
Name server: ns4.ewinhdutik.ru – 210.71.250.131
Name server: ns5.ewinhdutik.ru – 203.171.234.53
Name server: ns1.efjjdopkam.ru – 62.76.40.244
Name server: ns2.efjjdopkam.ru – 41.168.5.140
Name server: ns3.efjjdopkam.ru – 110.164.58.250
Name server: ns4.efjjdopkam.ru – 210.71.250.131
Name server: ns5.efjjdopkam.ru – 203.171.234.53
Name server: ns1.eipuonam.ru – 62.76.40.244
Name server: ns2.eipuonam.ru – 41.168.5.140
Name server: ns3.eipuonam.ru – 110.164.58.250
Name server: ns4.eipuonam.ru – 210.71.250.131
Name server: ns5.eipuonam.ru – 203.171.234.53
Name server: ns1.emaianem.ru – 62.76.40.244
Name server: ns2.emaianem.ru – 41.168.5.140
Name server: ns3.emaianem.ru – 110.164.58.250
Name server: ns4.emaianem.ru – 210.71.250.131
Name server: ns1.epionkalom.ru – 62.76.40.244
Name server: ns2.epionkalom.ru – 41.168.5.140
Name server: ns3.epionkalom.ru – 110.164.58.250
Name server: ns4.epionkalom.ru – 210.71.250.131
Name server: ns5.epionkalom.ru – 203.171.234.53
Name server: ns1.disownon.ru – 62.76.185.169
Name server: ns2.disownon.ru – 41.168.5.140
Name server: ns3.disownon.ru – 42.121.116.38
Name server: ns4.disownon.ru – 110.164.58.250
Name server: ns5.disownon.ru – 210.71.250.131
Name server: ns1.estipaindo.ru – 62.76.40.244
Name server: ns2.estipaindo.ru – 41.168.5.140
Name server: ns3.estipaindo.ru – 110.164.58.250
Name server: ns4.estipaindo.ru – 210.71.250.131
Name server: ns1.ejiposhhgio.ru – 62.76.40.244
Name server: ns2.ejiposhhgio.ru – 41.168.5.140
Name server: ns3.ejiposhhgio.ru – 110.164.58.250
Name server: ns4.ejiposhhgio.ru – 210.71.250.131
Name server: ns5.ejiposhhgio.ru – 203.171.234.53
Name server: ns1.epilarikko.ru – 85.143.166.174
Name server: ns2.epilarikko.ru – 41.168.5.140
Name server: ns3.epilarikko.ru – 42.121.116.38
Name server: ns4.epilarikko.ru – 110.164.58.250
Name server: ns5.epilarikko.ru – 210.71.250.131
Name server: ns1.damagalko.ru – 62.76.185.169
Name server: ns2.damagalko.ru – 41.168.5.140
Name server: ns3.damagalko.ru – 42.121.116.38
Name server: ns4.damagalko.ru – 110.164.58.250
Name server: ns5.damagalko.ru – 210.71.250.131
Name server: ns1.emalenoko.ru – 62.76.40.244
Name server: ns2.emalenoko.ru – 41.168.5.140
Name server: ns3.emalenoko.ru – 110.164.58.250
Name server: ns4.emalenoko.ru – 210.71.250.131
Name server: ns1.epiratko.ru – 85.143.166.174
Name server: ns2.epiratko.ru – 41.168.5.140
Name server: ns3.epiratko.ru – 42.121.116.38
Name server: ns4.epiratko.ru – 110.164.58.250
Name server: ns5.epiratko.ru – 210.71.250.131
Name server: ns1.evujalo.ru – 85.143.166.174
Name server: ns2.evujalo.ru – 41.168.5.140
Name server: ns3.evujalo.ru – 42.121.116.38
Name server: ns4.evujalo.ru – 110.164.58.250
Name server: ns5.evujalo.ru – 210.71.250.131
Name server: ns1.bananamamor.ru – 62.76.186.24
Name server: ns2.bananamamor.ru – 41.168.5.140
Name server: ns3.bananamamor.ru – 42.121.116.38
Name server: ns4.bananamamor.ru – 110.164.58.250
Name server: ns5.bananamamor.ru – 210.71.250.131
Name server: ns1.eminakotpr.ru – 62.76.40.244
Name server: ns2.eminakotpr.ru – 41.168.5.140
Name server: ns3.eminakotpr.ru – 110.164.58.250
Name server: ns4.eminakotpr.ru – 210.71.250.131
Name server: ns5.eminakotpr.ru – 203.171.234.53
Name server: ns1.dfudont.ru – 62.76.185.169
Name server: ns2.dfudont.ru – 41.168.5.140
Name server: ns3.dfudont.ru – 42.121.116.38
Name server: ns4.dfudont.ru – 110.164.58.250
Name server: ns5.dfudont.ru – 210.71.250.131
Sample malicious payload dropping URL:
hxxp://202.72.245.146:8080/forum/links/public_version.php?mmltejvt=1g:2v:33:2v:2w&pstvw=3d&xrej=1j:33:32:1l:1g:1i:1o:1n:1o:1i&vczaspnq=1n:1d:1f:1d:1f:1d:1j:1k:1l
Sample client-side exploits served: CVE-2010-0188
Upon successful client-side exploitation, the campaign drops MD5: 04e9d4167c9a1b82e622e04ad85f8e99 – detected by 31 out of 46 antivirus scanners as Trojan.Win32.Yakes.cdxy.
Once executed, the sample creates the following Registry Keys:
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlMediaResourcesmsvideo
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlMediaResourcesmsvideo
HKEY_CURRENT_USERSoftwareMicrosoftMultimediaDrawDib
And modifies them in the following way:
[HKEY_CURRENT_USERSoftwareMicrosoftMultimediaDrawDib] -> vga.drv 640x480x32(BGR 0) = “31,31,31,31”
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon] -> shell = “explorer.exe,%AppData%skype.dat”
Once executed, the sample phones back to the following URLs:
hxxp://gpbxn.ru/rzprxtgxtyebms-qtda-nmxt-ndfvohvndd-cbdh-qtorpp-fprg-sdqj-yszh-vnamvylalipbpyykeawkdastftukky.php
hxxp://jhlxk.su/oyxioyxi-oyxioyxibcvnosrqqrprar-nbjk-ndelquqjoheyowmsndxp-ltwgysxixsnnceksdm_rzbi_aumr-ysix.php
hxxp://gpbxn.ru/itqukqcbkydftmysmrrqfqnbptfpxlyedapffv-uqxfakkoqp-orzmsd-cupz-atqc_ybeh_ohtfsi-ykjz_prdmuq-yk.php
hxxp://jhlxk.su/cnpmezeamv-kort-ioou_wkzjvr-alpb-cuqsfv-lipt_nhuk-jzgx-acix_abgn-fvca-oept-zhgjtmqtdnkg-pvzo-zauuqk-.php
hxxp://gpbxn.ru/rkow-pvpz-turnndgkgnrueglazvrdqzmvdhsukgcuzjyxofuynn-kkhj-wpli-lxca-auwbybppplyjouiivnno_xf.php
hxxp://jhlxk.su/qnjt-ixjxqnjtixjxyeppoycn-qzgb-gbihspkftiqu-syqtdhxydk_zozm_dkgbsprnxljz-quplhcpixo-rzdm-zvyx-.php
hxxp://gpbxn.ru/rnnd-gkjkpp-phacuypfsrhcawshpi-prmx-nfuyqzdnxopygt-pyko-acus-tugaxfiqegybqcdheabi-zmiirkculi.php
hxxp://jhlxk.su/my-nsoe-exjlbwipnafquq-nbqk-cglx-cexcdaykcn_baohzaiirkfy-qzdn-gdva_yhlzif-jtca-cgclrcnlgkpvfcxx.php
hxxp://gpbxn.ru/piqjteitqukqcbkyvyteptofxpxsyerksrfmvp-jpjxej-uswi-kkjl-xytewpegnezjsuon-ownq-xcbt_xqyb_uxeh.php
hxxp://jhlxk.su/lajutfofnoygfq-uomyor-lxpqnqwpzvawsn-kyst-nfmpmpsuarkdsulz-lgtmnwabjtcj-aueblmifioiqvkoarn.php
hxxp://gpbxn.ru/ebmsqtusqzukwgrgky-shpicusygkppuavaca-cnfq-ddsu_ynorjkllgoon-juns-goyhcgyjzmlg-rzpq-qpjt_xvuq.php
hxxp://jhlxk.su/ip-nadw-wipqne-ytmx_bldr-lzht-cjro-lgty-qcky-coprzrjwalpz-myteez-owwk-suab_bcjt_nojt_ysnakb-jkos-fyzj-.php
hxxp://gpbxn.ru/vy_vlcu-opvk-dgks-babc-ixgsuy-nqey-cjjh-eaxtzriioasd-jgnd_rcea_fcoudf-kktiezfpwp-phon_jtea_dgamzhga.php
hxxp://jhlxk.su/hjyqybti-sddn-xocq-ohlx-osgt-gdhcrnyqvqukclyx-fyjk-oxoy-nwsn_oxmr_glwk-nmqn-vyac-pbrtmyvafappnlea.php
hxxp://gpbxn.ru/igyhva-xlsyft-xplx-rizh-yszn-ltli-wpnstmspdanqmy_qsqj-cqjkfzgdwfuy-garalabwyear_ouabdhldcbuqjp.php
hxxp://jhlxk.su/jutf-ofnoygfquobi-jtbilmrdpixp-pabcdnstos-dhti_ohjp_pyqt-mvkdsiqttykfgs-lirkfc-zhxl-gjyhzvhelx.php
hxxp://gpbxn.ru/pt-ptptptptptptptuqmpbhjlstusplfmgtdh_xyuyms-ofvizovqqcxohemp-mpzv-vlit-nhne_htuqvl-yxph-zjuu-.php
hxxp://jhlxk.su/ipna-dwwi_pqneytmxbldrlzht-cjro-lgtyqckycoprzrjwalpzmyte-ezowwk-suabbcjtno-jtys-nakb-jkos-fyzj-.php
hxxp://gpbxn.ru/uqfplgsncexczjddtybaonfcybioiisimyprmvxvea-laxvjvfzpv-oatu-gdoe-bafrqkstkgowitbfblsujguo-.php
hxxp://jhlxk.su/sncexczjddongdqkpaoyvnxtdm-qtqu-yvvpbtgxfrynwg_dkspqposoaohqt-ouvqtixoxxvacg-xqte_ofzj-xcfr-.php
hxxp://gpbxn.ru/mpfmgnlt-blcrkgoxopelar-uaop-vtrp-lmcd-juosvalzoaqt-xplx-siwkcokqnssu_nskq_uavi_jhvpca-owdgab-jz.php
hxxp://jhlxk.su/bihc-kkrq-shgscdnbuulx-qcipvtcaaw-lxzm_ygxt-ygyxpacenosdvybhnbwinaixoykdxqduxpdunwnhxlyvbi.php
hxxp://gpbxn.ru/cd-nbvpherovnvy-vlxsrnitlzorjthtldkoxqfccd-frjuzmgtjp-dmbc-bwau-bccdsnohezwidmduqtzhbqrn-nn.php
hxxp://jhlxk.su/vqsrznyjbqricoarxplasiuu_fqye_dfuq-qcrtddfzroxowgowix-ygnmllrpabus-gkfzjxoxjxopplitzvkfla.php
hxxp://gpbxn.ru/nfwfmrhttwwp-wbjg_bwms-iqdwqcliop-nlos-qpuanfmrndzo-kots-ppjt-akzmgncjgdorouohabfv-bhhtrpaccn.php
hxxp://jhlxk.su/jkpp-phacuyqckfouvlznkg-rquxjgstybditmbwtmixacyehe-uaejcbvpxfjkgdgxiffzxtfaebbwviqj-qsip-.php
hxxp://gpbxn.ru/zh-rubt-oahjyqybtiybnesncnofstdforqn-awpf-ptcqfmsuqzgdlxusif-ftybuozacnvnsnosnfnaneye_akea.php
hxxp://jhlxk.su/ppph-acuy-qckfougjlznw_bipbnf-ifgdvylzshsdigsuuynmqrybptzm_kkxttm-ioqsfyrchcvrop-kdip_oajvpi.php
hxxp://gpbxn.ru/zv-yxpajheluqfp-lgii-ynyvvpjkoaeg-ksxi-tsioygzrxcytvqzvhezmjtmppftmosit_qrks_xotf_ptnaqugbcq.php
hxxp://jhlxk.su/itqukqcbkydf-tmysmr-rqfq-nbpt-fpxl_yeda_pffv_uqxfak-koqporzmsdcupzatqcybehohtfsiykjzprdm-uqyk.php
hxxp://gpbxn.ru/zmfrqsrafyabdiii-xpkkxj-exsu-pbbtuk-oait-llar_rukf_jtsi_yttsjw-fvfr-qzsplgtuosdwjh-ruyb-rtne-kgif-.php
hxxp://jhlxk.su/oa-hjyqybtisddnxojgtskorpvqvrdgksauqkddxxrc-elpaehsdceal-alfz_oyoamr-dgqs_xjyt-cnxignohzhqt.php
hxxp://gpbxn.ru/vl-cuopvkdgksba_fvux-ytfpygzvbtbidg-dadrlxacmxjponvtfvcbfr-dnprauzmsrnfdk-ltju-alkbpqxlcqll.php
hxxp://jhlxk.su/mynsoeexjlbwip-nafquqnbqkcglxcexcda_ykcn_baohza-iirkfyqzdngdva-yhlzifjtcacgcl-rcnl_gkpvfc-xx.php
hxxp://gpbxn.ru/ux-mpfmgnltblcrkg-tinf-rpty-jhynuyhctycuzmtfzmspatipky-qkmrtuauzallcj-kqftkytwmrgl-zvfvey-sy.php
hxxp://jhlxk.su/ougjyv-xvak-uakbegmvezzafabieyoszmpfnwcb-tmgari-tyrnjzcaqsgs_mswfnd-dhkqzv-snptpynqldbqioxt.php
hxxp://gpbxn.ru/uxmpfmgnltbl-crkg-tinfrptyjhyn-uyhcty-cuzm-tfzmspatipkyqkmrtuauzallcjkqftky-twmrglzvfveysy.php
hxxp://jhlxk.su/ar-zmfr-qsra-fyabdimvzvmsyxuojz-laebalcuzryeyeuqrnrk-pyzj-fzqnqkzadiihtugoxl-tufthealmsvasn.php
hxxp://gpbxn.ru/sddn-xocq-piqjteitdwyvfmatqc_akgn-xqsnmxqzcahtjzyjftznqz-yjor-kdrqdrakvyms-cbdwrncolljhjuam.php
hxxp://jhlxk.su/vaxlsyft-xplx-stzhit-qnzn-vaea-wfbwihytzjfp-ehehnlhtiivy-zjcaorjzyttempli_kovy_pfkddk-abht-opxf-.php
hxxp://gpbxn.ru/wfmrht-twwp-wbjgnfgnebwbjpkoxc-prkdyv-jptm_ejzh_pyxoehpvgkbh_jhgkdivqzaoygsammxakdw_fmixzoez.php
hxxp://jhlxk.su/kk_rqshgs-cdnb-vphe-rprd_pqez_bwalbquqjtradnejtsak-lamsfvqcmrejifqkbtkfeh_prnbuk-ykzo-zjkf-viyh.php
hxxp://gpbxn.ru/xyawrkowpvpztu-rnjp-cjopouzasnxcjgyjiogbna_nnix_xtkbcu-bijgbqjxvtositpzxypq-gapvejrdmyoxfy.php
hxxp://jhlxk.su/ih_zovr_dmih-zovrdmxcnwrialroju-iocu-rulaga-gbeh-kqnornvionpisyspxqruyeyvpixlvifmft-kygkawjx.php
hxxp://gpbxn.ru/teitqukqcbkydftm_htra_eygo-usgnlmzhtevlrk-owxyiojuehcj-wksh_auoy-rpbajxrocgdrvajxitlidr-exip_.php
hxxp://jhlxk.su/mynsoeexjlbwipnafq_uqnb-qkcg-lxce_xcda_ykcnba-ohzaiirkfy-qzdngdvayhlzifjtcacgclrcnlgkpvfcxx.php
hxxp://gpbxn.ru/kq-cbky-dftmys-glga_ohtm-vrqswprpvqmslmatdwgtzmbhkggtukuu-cbyt-yquu-wfptjkpflxmxkq-qjllhcrgko.php
hxxp://jhlxk.su/ygfquobihc-kkrq-shjppf-ifytxf-wixv_gtxp-bfceoxyvht-ddshqs-pbfq_rcli-gbalxcauriebhtxyqkwfprwgkd.php
hxxp://gpbxn.ru/opvk-dgksbafvsudu-jhvinsrogojlnhsikgofgbuyqkkfrixvfrdmvnsuhtehifnsky-jxwk_dniiys-bwraeb-of.php
hxxp://jhlxk.su/exjlbwip-nadwwipqrqtswblmfp-vifayqwfioxtyquabi-cnfm-osel-fcli_rqjtearzhcac-vkoaxqpypp-qnnnlm-.php
hxxp://gpbxn.ru/vaxlsyftxplxstzhitqnzn-vaea-wfbwihytzjfp-eheh-nlhtiivyzjcaorjzytte_mpli_kovypf-kddk-abht-opxf-.php
hxxp://jhlxk.su/ifej_dapl_jvzvyxpaoaih_pqgx_ipiisilipmohowoewiacxxplshsntiuoxopyhelisybhsn-kkms-vlbc-ukmxfp.php
hxxp://gpbxn.ru/ygfquobihckk-rqshjppfifytxf-wixvgtxpbfceoxyvhtdd_shqspbfqrcligbalxcauriebhtxyqkwfprwgkd.php
hxxp://jhlxk.su/lz-lipbux-mpfmgnltwpdmmpli_dudf-tfih-oari_bhgo_elixawdnrgcdzjra-jgsd-yjnw-korojuysdh-ykpynekqlt.php
hxxp://gpbxn.ru/bqricoarzmfrqsracewg-paruoxhjmy-oxvi_ptopbajpehgsnl-culg-eaxfli-lagdcaptrgfq_itvasd-gtwk-gaqn-.php
hxxp://jhlxk.su/jgnf-wfmrhttwwp-wbxo_hjii-xfbh-kqfcjujkgacg-zngt-vnce-xvwkjwnsgd-godu-pmqzceftrgcrkqjgdgnn_mxfq-.php
hxxp://gpbxn.ru/noygfquobihckkrqwfuocllgdh-zrouipdurqlililakyzvsrcjjurqxopfipauabqu-wfba-kbegzjyvqjbhvl.php
hxxp://jhlxk.su/gjyv-xvakuakbeg-nldg_zmexcunhwiosxfsugspqearomy_pycu-dwys-xvvykseyfr_spuq_dnfc_osjthtllkdonxj.php
hxxp://gpbxn.ru/kfougj-yvxv_akuakbigohzhxowiezzjbigddh-ytxsbwexsy-exdmcbatehgnyqcnjxsujl_hjpzglfpzhdkkb-ih.php
hxxp://jhlxk.su/nnrpfaau-xfjwbheynblxqt-gofqtmqcnmignhhceluujgaclzvpawyvpikykqykoullzvlzclbteh-nliivqoy.php
hxxp://gpbxn.ru/kydf-tmysglgajzqrdrtwjtqtoehjnlllzvuastnsmrakiixcsuxscqrdgoppjxoreakq-mytsamwfpq-qczjgj.php
hxxp://jhlxk.su/opvkdgksbafvsudujh-vins-rogo-jlnhsikgofgbuyqkkfrixvfrdmvnsuhtehifnskyjxwkdn-iiys-bwra-ebof.php
hxxp://gpbxn.ru/on-gdqk-kdvttsorqpamqp_zvysxs-nmqc-rgyx-fvhj-zrrnbtatfcqcawquvkwfej-gncjit-vtsn-fqpi-bcyn-yxclgb-.php
hxxp://jhlxk.su/hjyqybtisddnxocqohlxosgtgdhcrnyqvqukclyx-fyjkox-oynwsnoxmrglwknmqnvyacpbrtmyvafa-ppnl-ea.php
hxxp://gpbxn.ru/kb_egnlxj-igyh-vaxltyegnwtwykyhtsifoegdglxf-xixliquqdnqpfcxpfapf-ebvl_earqqu-lmmsqp-kfnemynd.php
hxxp://jhlxk.su/nwamrdmynsoeexjlliiolt-bqvnebpytico_oxua-egig-linbllcornxjowzrgkrztuexux-ebop-qnjxaratuqvi.php
hxxp://gpbxn.ru/nn_rpfaau-xfjwbheynblxqtgo-fqtm-qcnm-ignh-hcel-uujgaclzvpawyvpikykqykoullzvlz-clbtehnliivqoy.php
hxxp://jhlxk.su/ba-fvsuducalaju-tfig_ampvkqyxfyuu-uszvbc-nodkjkdusp-rtla-xcey-amlm-jwzmdiuonfno-xjglvlusigtfpm.php
hxxp://gpbxn.ru/yvxvakuakbeg_nlxj_caoy_vpkdjxqsdfnwfzhecoshegussi-dkcr-nfjw-cjfm-btii_fqjgxq-jvftqr-rduqjzoapb.php
hxxp://jhlxk.su/dg_ksba_fvsu_duca_layxlitmuqxoynfqpmpf_xvty-rceacdcnrq-vnco-rkwb_nqyt-blfvukoftwks-cjlauu-eaqp-mv.php
hxxp://gpbxn.ru/bcgocnpmez-eamv-kons-ksaw_yjvl-xpyb-gkjw-nwjukbcbsh_bqfy_ebxoyv-ykbqatdirkoejtqj_pbpq_lzdk-jkrq-bh.php
hxxp://jhlxk.su/amrdmy-nsoeex-jlbwndftcajvgnabjgfqvtsnfc-nhyt_gtejshfcdgsu-rnuypzduns_egye-mpgojhoekfnnyjhc-.php
hxxp://gpbxn.ru/bafvsuducala-jutf-igampv-kqyxfyuuuszvbcnodkjkdusprtla-xceyamlmjwzmdiuonfnoxjglvlus-igtfpm.php
hxxp://jhlxk.su/owpvpzturn-ndgkjkdhro_fyfzzokbofoaxlbfonsngbkdwgbl-ofqzfmoakf-yjqr-dfro_osvl-rggbouplallt-rg.php
hxxp://gpbxn.ru/yv_xvakuakbegnlxj_caoy_vpkdjx-qsdfnw-fzheco-sheg-ussi-dkcr_nfjw-cjfm-btii_fqjg-xqjvftqrrduq-jzoapb-.php
hxxp://jhlxk.su/gocnpm_ezea_mvkortcdranq-jvtuqjuodmbqiifpca-dwptpqpioa_xcsh-lxgbmrwigbakpvrg-pisyegnoxymp_ru.php
hxxp://gpbxn.ru/xo-cqpi-qjteitqukqrz-zjqrxfxqgjuy-cnns_ihuo_nlxxda-oukk-tsbauq-uykb_uudi-bwiqbwynof-jkuo-znawkgux.php
hxxp://jhlxk.su/bqricoarzmfrqs-racewg-paru-oxhjmy-oxviptopbajpeh-gsnl-culgeaxflilagdcaptrg-fqitvasdgt_wkga_qn.php
hxxp://gpbxn.ru/egnl-xjig-yhva_xlsy_uyruvr-uoyq-pyrp-ynht-gkce-cejkbhmsxliq-phatlzgnfcxlpa-fzxp-ukwbeayhrkzmnlit.php
hxxp://jhlxk.su/ndgkjkppphacuyqcipduyhmy-ladr-fcbayh-cdcn_tmppft-gxyt-pvvkkkrqartsorquxxrannygiicnkfyq-owjv.php
hxxp://gpbxn.ru/calajutf_ofnoyg-fqih-wgti-ehjg-ybdm-jvcaru-tmwiybnsnb-jzey_mrowxl-bljh_jlpm-bfof-gsnq-cncq-ybzm-fyvr.php
hxxp://jhlxk.su/ihzo-vrdmihzovrdmxc-nwrialroju-iocurulagagbeh-kqnornvion_pisy-spxq-ruyeyvpixlvi-fmftkygkawjx-.php
hxxp://gpbxn.ru/rd-mynsoeexjlbwiptivtynddlgcdllusmrqngkac-pzjwjwblpaihkq-lgmpifiqbans-almrtiplop-ybsd-xpuo-.php
hxxp://jhlxk.su/wkcl-albc-gocnpmezsycqxqftuy-tuqz-qkampyytcbfmio-pikq-xilmpaihcagbmpzayv-ytvq_vayx_cjxjjz-jxdw.php
hxxp://gpbxn.ru/atrz_prxtgxtyebmsjwop-phkd-dayedavyqsyx-mxmy-kodw-ndfclldadrna-ebybtsqnrkifcojzqsbwuq-xfheuy.php
hxxp://jhlxk.su/rafy-abdi_iiye_ohif-syph-vtmvyjohhetmnolg_kopvqkfzgoejaw-qrvl-fyuumvawph_vrwkvliimpuqwbfyraht-.php
hxxp://gpbxn.ru/btoahjyq-ybti-sddn-tugl-koty-nbvq-dfjvrodhejgajxkqpaoaspnbkkkfcartgxnexozhoyuarg_nlpa_expq-rt.php
hxxp://jhlxk.su/rp-faau-xfjw-bhey_vixv-rpld-vripyh-cgvicq-orcjam-awegihrgyqphvp-kbam-qtvq-fykq-jubqlxfysusivqht-ft.php
hxxp://gpbxn.ru/rnnd-gkjkppphacuypfsrhcawsh-pipr-mxnfuyqzdnxo-pygt-pykoacustu_gaxf-iqegybqcdheabizmiirkculi.php
hxxp://jhlxk.su/uobihckkrqsh_gscdpt-yxuu-spwi-xitept-gngauomsvamrph-hcmypy-ldnn-rnzrkyjkosel-mpoujuvtsidizjkf.php
hxxp://gpbxn.ru/my-nsoe-exjl-bwipnafquqnbqkcglxcexc-daykcnbaoh_zaiirk-fyqz-dngdva-yhlzif-jtca-cgcl_rcnlgk-pvfc-xx.php
hxxp://jhlxk.su/jpfc-gtdh-xsdknqzapzvqzrteejixuaplpbtivpcjvpyh-qkeb_sdnoqr-oeca-biorehsrbt-ehuy-tmybza-wipfcj-.php
hxxp://gpbxn.ru/fplgsncexc_zjddonjufzna-gdfrtycjukonxvruuqawpmti-yjnawbgarc-xcsh-rgqzzvjlexrkmxzofckgdi-di.php
hxxp://jhlxk.su/duca-laju-tfofno-ygsi-exnd-wfjt-banafqpbpmos_oskyaknstiqtehjziqukfqltba-ykmvnniosdlzzncg-fqju-.php
hxxp://gpbxn.ru/akua-kbegnl-xjig-yhclpq-sypa-runo-plpmcq-gadk-ruramrkdvnfq-ohjh-mvxleg-ukcdsy-ofox-onqz-syqt-ksxf-ts.php
hxxp://jhlxk.su/dftm-ysglgajzqrpftfoaxj-fzco-uofp-dwon-jtrpqtnmlllxoeuoga-itwk-rngkfrzrxpptcqfcuujplixc-ykvr.php
hxxp://gpbxn.ru/rq_shgscdnbvphero-pyga_vnnete-fmkk_rgiivkfaxjfpejoy-bczokqatno-mvdk-zmbf-cbtf_itnsxoqznenopl-vq.php
hxxp://jhlxk.su/jxqn_jtixjxqnjtixjkcqstll-elvpgn-jplikqbluu-dicbukitiokq-xonh-iioynovnbqtedd_xlbt_jtwi-ipmyal.php
hxxp://gpbxn.ru/calajutfofnoygfqihwgtiehjgybdmjv-caru_tmwi_ybnsnb-jzeymrowxlbljhjlpmbfofgsnqcn-cqybzmfyvr.php
hxxp://jhlxk.su/bihckkrqshgs-cdnb_uulx_qcipvtcaawlxzm-ygxtygyxpace-nosdvybhnbwinaixoykdxqduxpdu-nwnh-xlyv-bi.php
Webroot SecureAnywhere users are proactively protected from these threats.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
