[mc0blck]

Blocker: hxxp://xxx-mixxi.ru/ (95.211.111.80) -> hxxp://morexporno.ru/in.cgi?2 (95.211.111.80) -> hxxp://llz3porn.s3.amazonaws.com/index.htm (72.21.194.16) -> hxxp://llz3porn.s3.amazonaws.com/xxx_video.exe (72.21.194.16)

[EP_X0FF]

Blocker: hxxp://xxx-mixxi.ru/ (95.211.111.80) -> hxxp://morexporno.ru/in.cgi?2 (95.211.111.80) -> hxxp://llz3porn.s3.amazonaws.com/index.htm (72.21.194.16) -> hxxp://llz3porn.s3.amazonaws.com/xxx_video.exe (72.21.194.16)

Were off.

New trace.

hxxp://mixxporkaa.ru/ (95.211.111.80) -> hxxp://porno-vsetut.com/in.cgi?2 (95.211.111.80) -> hxxp://zx1uporn.s3.amazonaws.com/index.htm (72.21.203.149) -> hxxp://zx1uporn.s3.amazonaws.com/xxx_video.exe (72.21.203.149)

8906-798-31-34
8906-797-75-37
8909-157-39-71
8963-724-50-48
8909-157-82-99

update: Amazon has taken down the host

New trace.

hxxp://eroticzporn.ru/ (95.211.111.80) -> hxxp://eroticzporn.ru/video.htm (95.211.111.80) -> hxxp://uspornno.ru/in.cgi?2 -> hxxp://w2biporn.s3.amazonaws.com/index.htm (72.21.203.146) -> hxxp://w2biporn.s3.amazonaws.com/xxx_video.exe (72.21.203.146)

hxxp://w2biporn.s3.amazonaws.com DELETED

8906-798-28-52
8906-797-81-58
8963-650-12-80
8906-797-79-57
8963-634-37-89

hxxp://frtnnbc.s3.amazonaws.com/xxx_video.exe DELETED

8909-650-67-08
8906-798-05-28
8909-986-37-91
8909-157-42-20
8906-096-99-25

hxxp://ndcporka.s3.amazonaws.com/xxx_video.exe DELETED

8965-212-14-06
8906-798-31-24
8967-102-15-20
8906-096-61-82
8906-798-28-64

[mc0blck]

Blocker: hxxp://askpornkas.ru/ (95.211.111.80) -> hxxp://jjkpornoz.ru/in.cgi?2 (95.211.111.80) -> hxxp://cbipoxf.s3.amazonaws.com/index.htm (72.21.214.42) -> hxxp://cbipoxf.s3.amazonaws.com/xxx_video.exe (72.21.214.42)

[EP_X0FF]

Trace the same. Kids multipacked this one.

hxxp://sukazporka.s3.amazonaws.com/xxx_video.exe DELETED

8906-798-28-50
8909-650-39-08
8906-097-13-23
8906-097-10-11
8906-097-07-39

[mc0blck]

hxxp://mansboxporn.ru/ (95.211.111.80) -> hxxp://mansboxporn.ru/video.htm (95.211.111.80) -> hxxp://bhtdsnz.ru/in.cgi?2 (95.211.111.80) -> hxxp://ttedhoki.s3.amazonaws.com/index.htm (72.21.214.144) -> hxxp://ttedhoki.s3.amazonaws.com/xxx_video.exe (72.21.214.144)

[EP_X0FF]

hxxp://mansboxporn.ru/ (95.211.111.80) -> hxxp://mansboxporn.ru/video.htm (95.211.111.80) -> hxxp://bhtdsnz.ru/in.cgi?2 (95.211.111.80) -> hxxp://ttedhoki.s3.amazonaws.com/index.htm (72.21.214.144) -> hxxp://ttedhoki.s3.amazonaws.com/xxx_video.exe (72.21.214.144)

Were off.

New trace.

hxxp://ninnporno.ru/ -> hxxp://ninnporno.ru/video.htm -> hxxp://jjkpornoz.ru/in.cgi?2 (95.211.111.80) -> hxxp://3rewporn.s3.amazonaws.com/index.htm -> hxxp://3rewporn.s3.amazonaws.com/xxx_video.exe

update
Were off.

8909-151-40-23
8909-155-78-09
8909-151-43-58
8909-151-34-70
8906-096-92-04
8965-361-12-10
8967-102-16-18
8967-102-15-22
8909-156-22-59
8909-650-79-84
8909-650-74-52
8909-157-81-02
8965-410-17-49
8906-798-30-15
8965-388-31-89
8906-798-30-19
8906-798-29-54
8967-041-42-04
8909-650-80-59
8909-650-39-53
8906-096-77-61
8906-096-77-25
8967-102-13-74
8906-097-03-68
8909-151-46-55
8909-650-81-51
8909-157-29-89
8965-212-13-53
8906-097-06-86
8906-797-82-20
8909-650-79-83
8909-622-14-32
8909-650-80-29
8906-797-82-87
8909-650-67-30

[EP_X0FF]

Several posts have been merged.

Starting from yesterday we will not anymore post links to Lock'Em'All ransom hosts here in this thread.
However table at first page will be updated with takedowns if they will take place.

[nickvth2009]

Does that rule now apply to all threads, or only for the Lock Em All thread?

[EP_X0FF]

Does that rule now apply to all threads, or only for the Lock Em All thread?

Only for threads with ransoms. We are forced to do this because of leechers and lurkers and their parasitical behavior. Of course we will continue placing unlock codes (where they exists) in these threads.

[nickvth2009]

That's a great move; you're supporting people to find new locations themselfs, resulting in more samples being found.