# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1040718336173137920

host2.azaronline.com

# Reference: https://twitter.com/avman1995/status/1039929322612641792

mail.efx.net.nz

# Reference: https://twitter.com/James_inthe_box/status/1039878859007569920
# Reference: https://www.virustotal.com/#/ip-address/37.59.117.243

http://37.59.117.243

# Reference: https://twitter.com/avman1995/status/1040493935234371584

ftp://ftp.fasttradeco.com

# Reference: https://twitter.com/MalwareHunterBR/status/1016486687059402752

herosoup.org

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0
# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, AgentTesla)

http://190.97.166.194
190.97.166.194:8080
aaatechh.com
agent.rooderoofing.com.au
arbistars.com
bobby.ziraat-helpdesk.com
brther-group.com
callvaxglobal.com
captainbugattiautos.com
ceoinboxs.com
chibu.ziraat-helpdesk.com
chisom.ziraat-helpdesk.com
dashi-dashi.ziraat-helpdesk.com
data-startssllink.com
eizzy.haoldd.com
elb.haoldd.com
emaaiil-163.com
emy.agrillcs.com
etvidanueva.com
excelaires.com
ezeoma.agrillcs.com
figure.agrillcs.com
files.ziraat-helpdesk.com
flopdlsofrd.com
forteol.com
free.agrillcs.com
grindtreu.online
haoldd.com
ike.agrillcs.com
isa.haoldd.com
jboy.agrillcs.com
jizzy.ziraat-helpdesk.com
joe.ziraat-helpdesk.com
kc.ziraat-helpdesk.com
kelvin.agrillcs.com
kodarkalaris.com
magnaki.com
marchforward.usa.cc
mi.haoldd.com
milonestlevevy.com
oceantrading-jp.co
okey.haoldd.com
pounds.ngrok.io
prominienttec.com
shileniniliv.com
siamzime.com
sindevil.com
sm.rooderoofing.com.au
small-kelly.agrillcs.com
tonishl.ga
tonishl.ml
uccftl.org
valedein.com
workupdates.net
yg.haoldd.com
zomcnxbilo.com

# Reference: https://twitter.com/James_inthe_box/status/1046070749138735110

shahrproject.ir/wp--admin/

# Reference: https://twitter.com/James_inthe_box/status/1044198938847244289

moranhq.duckdns.org

# Reference: https://twitter.com/Jan0fficial/status/1047023512383311873

venividivici.host

# Reference: https://twitter.com/Jan0fficial/status/1047051546851254272

etvidanueva.com/photos/images/WebPanel/login.php
etvidanueva.com/photos/images/fulls/WebPanel/login.php

# Reference: https://twitter.com/Jan0fficial/status/1047053960689987584

allpeople.cc/WebPanel/

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

hp-compoundlng.com/zuniga/zuniga.php

# Reference: https://twitter.com/avman1995/status/1046620646137102336

repoyochar2u.ddns.net
repoyochar2u.hopto.org

# Generic callback path

/zuniga.php

# Reference: https://twitter.com/Racco42/status/1055370151984537602

ftp.dolphins-gb.com

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

rat8882018.bounceme.net

# Reference: https://twitter.com/ItsReallyNick/status/925754844706689024

regiusersme63.com
twendekazi.co.ke

# Reference: https://twitter.com/JAMESWT_MHT/status/1111231704847581185

server15.thcservers.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1117787548787597313
# Reference: https://app.any.run/tasks/a7f299b3-0b84-4403-a75f-7fb45700e14e

severeweatheralerts02.severeweatheralerts.net

# Reference: https://otx.alienvault.com/pulse/5cb636d8706621055e694e0a
# Reference: https://twitter.com/_cpresearch_/status/1118201474809462784

checkoutspace.com

# Reference: https://twitter.com/dvk01uk/status/1137669359273435138
# Reference: https://app.any.run/tasks/318a9aa9-8c2e-4d21-9a4c-aa023de19d74/

mail.trezaexim.com

# Reference: https://twitter.com/Lvanoel/status/1140500849904537600
# Reference: https://app.any.run/tasks/b4361590-d24e-4a4d-a273-5776ee377b08/

mail.jyotistrips.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

mail.crypy.top

# Reference: https://twitter.com/killamjr/status/1143288308300013568

vr9519.club

# Reference: https://twitter.com/B1naryG/status/1143818690040860673
# Reference: https://app.any.run/tasks/3b4e7470-3144-47e3-8caf-ad069c4a5419/

algadeed-com.ga
mail.sweeddehacklord.us

# Reference: https://github.com/pan-unit42/iocs/edit/master/agenttesla/agenttesla_panels.txt

123.makologg.website
13020.vhost.myvirtualserver.de
13140.vhost.myvirtualserver.de
a-work.info
addmehosts.com
admin.downloadtip.club
agenttesla.com
agentteslapanel.site
airnicoltd.biz
appleconnect.online
blasternoon.ru
blockchian.us
bossbadoo123.000webhostapp.com
brunam90.me
cellularwizard.biz
china-smi.biz
classicfllters.com
cloud9files.net
coleweinman1.000webhostapp.com
combinaparts.com
comebackto.info
compassiwater.com
cp.gonerallying.com
csgoshuffle.trade
cyberfreakz.cf
daalkha.com
darkmat3r-v3nom.lawcost.com
davcandle.life
defaomfg.com
diplomaticcourier.net
dongabito.com
douglascellings.com
dovemessengers.com
dropped.cf
e-paymentonline.online
egoigwe.date
elihanss.ru
emailaccountsupdate.com
emybeks.diplomaticsecurityservicelondon.com
essentialsupdate.com
exam2quiz.com.ng
eyeover.it
fash2v.com
fbillion.essentialtechsolutions.com
frank.diplomaticsecurityservicelondon.com
franklinpanel.xyz
frankpanel.xyz
friendfinances.com
fundz1st.fav.al
futurarice.com
graficafolha.com.br
halifacxz.com
helofitsol.com
hiflowwing.com
hopewordnlos.info
hoplikes.com
hp.gonerallying.com
hugoslyltd.com
hummerenergyinc.com
hustle.paneltesla.net
ibouz.co.business
icoud.online
iiltd.xyz
januoey.com
jerelpacks.com
jpoffice2017.xyz
karmakintra.com
kf3nqetgl3p3qlvnl4ze.ru
kidertalerz.com
killatenderz.com
kolapharma.com
koloongroupinc.ru
lakhakaidea.com
libazo.com
magosnegt.net
maxibrainz.net
mctagents.ml
mgelectroncs.com
miloill.com
mitch.sudimex.ml
mnbvcxzus.com
mogosan.com
mqbearing.club
mrabengo.com
nckportugal.com
nellsonn.com
newseuro2015.org
nexuscoltd.com
notifuls.com
onlinesypoi.com
optifinecapes.us
panel.profitstakers.com
panelci.xyz
panelone.xyz
panelp.xyz
paneltesla.net
pansha.regworldmail.com
pegeng-ch.com
petush32.beget.tech
picasuminion.com
plasdic.com
pron.wonkarima.ru
robphish.xyz
rootjoy20.net
roperspump.com
saintahotel.com
secpolicy.info
senator1st.fav.al
sender.agenttesla.com
shalla.eyeofbangladesh.com
shingrela.com
signaturehealthcarltd.com
smartmanber.com
someshitejob.ru
sosignshome.com
steamstatus.pw
stlmre.xyz
suabepga.net
suchsuggestions.com
sweed-office.comie.ru
syncav.ms-sync.com
t1st.fav.al
t2st.fav.al
t3st.fav.al
t4st.fav.al
t5st.fav.al
tecomou1d.com
tesla.dailyawamitime.com
tesla.lawcost.com
teslalogs.club
toke.paneltesla.net
tokimecltd.ru
tomfill.xyz
trade-accounts.com
transfoffer.com
transstates.us
u-nyx.ru
ugo.diplomaticsecurityservicelondon.com
upgr-serv.com
vacanzaimmobiliare.it
vimeostream.com
viprecycleresourcesltd.com
vivaasindustry.com
weviio.com
wlttraco.com
womensmuseumca.org
wonkarima.ru
xbool.ru
xboolean.com
xz2dtd11bm97h36.host
yeubiope.com
you.paneltesla.net
yyyxyyxxyxxx.xyz
zjxhqd.com

# Reference: https://twitter.com/killamjr/status/1145131854984556545

spellsove.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html

Oralbdentaltreatment.tk
aelna.com
aiaininsurance.com
aidanube.com
anernostat.com
blssleel.com
bwayachtng.com
cablsol.com
candqre.com
catalanoshpping.com
cawus-coskunsu.com
crosspoiimeri.com
dougiasbarwick.com
erieil.com
etqworld.com
evegreen-shipping.com
gufageneys.com
hybru.com
intermodaishipping.net
jltqroup.com
jyexports.com
kayneslnterconnection.com
kn-habour.com
leocouriercompany.com
lnnovalues.com
mglt-mea.com
mti-transt.com
profbuiiders.com
quycarp.com
regionaitradeinspections.com
repotc.com
rsaqencies.com
samhwansleel.com
serec.us
snapqata.com
spedaqinterfreight.com
sukrltiv.com
supe-lab.com
sweed-office.comie.ru
sweed-viki.ru
sweeddehacklord.us
sweedoffice-bosskobi.duckdns.org
sweedoffice-chuks.duckdns.org
sweedoffice-goodman.duckdns.org
sweedoffice-kc.duckdns.org
sweedoffice-olamide.duckdns.org
sweedoffice.duckdns.org
usarmy-mill.com
virdtech.com
willistoweswatson.com
wlttraco.com
worldjaquar.com
xlnya-cn.com
zarpac.us
zurieh.com

# Reference: https://twitter.com/stoerchl/status/1157237675302240257

serverstresstestgood.duckdns.org

# Reference: https://twitter.com/dvk01uk/status/1159391837553090560

server1.monovm.com

# Reference: https://any.run/report/3c240ee0a740b57daea65b81faa99b951731f23c694bb5b6964b553152ee8d6c/1561dcbd-2a96-469a-8822-7cf9d495441e

helsanaa.com

# Reference: https://app.any.run/tasks/ab36a3dc-063e-41ee-8077-dc501f4d1403/
# Reference: https://brica.de/alerts/alert/public/1263301/agenttesla-keylogger-and-binary-options-scam/

mail.tendertradeforex.co.uk

# Reference: https://app.any.run/tasks/c1c8ad7a-f1d0-4ddf-b1d7-648d8f097ef8/

smtp.odogwugroup.icu

# Reference: https://app.any.run/tasks/d4aff5ad-9b44-42f0-8165-74731e1114c4/

smtp.rexsativa.com

# Reference: https://app.any.run/tasks/df208288-e4f1-4efd-99ee-12c2e37905c4/

mail.interflow.com.pk
tfvn.com.vn

# Reference: https://app.any.run/tasks/8b18fd2b-2610-49b0-9dea-55b45742adc5/

smtp.iconic-qrp.com

# Reference: https://app.any.run/tasks/8b668f18-5854-43ef-a2af-f4e8ee9b9b55/

server1.monovm.com

# Reference: https://twitter.com/dvk01uk/status/1171723427138420738
# Reference: https://app.any.run/tasks/fef429fb-bec4-4368-9b3e-9e37866221c7/

94.199.200.64:587
mail.appliedfuturevison.com

# Reference: https://twitter.com/wwp96/status/1173611784743378944
# Reference: https://app.any.run/tasks/948a6bd8-0cfb-4a82-a3f9-1e631965900b/

workbigfinetonychuckgoodallarefinezynovaexploitgood.warzonedns.com

Reference: https://app.any.run/tasks/43064ac6-b617-44c8-8942-bacf12288dfc/

smtp.uml-db.com

# Reference: https://app.any.run/tasks/7545bb05-60f9-4995-b6ee-e5b32a8783ec/

smtp.nifl.icu

# Reference: https://twitter.com/Lvanoel/status/1173838721201922048
# Reference: https://app.any.run/tasks/1b86cdd7-f235-4159-ab74-127bd0d0912a/

5.9.3.218:26
mail.siicegypt.com

# Reference: https://twitter.com/reecdeep/status/1174270764461244417
# Reference: https://app.any.run/tasks/f3372717-35fb-43fc-aa1e-073bc762c39e/

198.187.29.188:26
mail.cjcurrent.com

# Reference: https://twitter.com/wwp96/status/1176581010554793984
# Reference: https://app.any.run/tasks/ed1bc8c6-d83b-4dfd-9b6e-2b3ad128c83a/

198.187.29.4:587
server263.web-hosting.com

# Reference: https://twitter.com/wwp96/status/1178661072993173504

smtp.kobitek-tr.com

# Reference: https://www.virustotal.com/gui/url/752918f8cfbeff0e6bbb5f0c62edc1bedca657b5eb659ab07d610260e3b7a48d/details
# Reference: https://urlhaus.abuse.ch/url/235725/
# Reference: https://any.run/report/2ff7a5b19dbf914d2607623b255fc392b20e86a61109cac6de96cf214e88f963/2a188e52-c397-4805-b62a-faefe02c9d8f

wirelord.us

# Reference: https://precisionsec.com/threat-intelligence-feeds/agenttesla/

khotawa.com
xdzzs.com
demo.shopping.co.mz

# Reference: https://urlhaus.abuse.ch/url/236622/

decodes.in

# Reference: https://urlhaus.abuse.ch/url/236510/

cafe-milito.com

# Reference: https://urlhaus.abuse.ch/url/235644/

mpsoren.cc

# Reference: https://urlhaus.abuse.ch/url/235546/

alhaji.top

# Reference: https://twitter.com/0xFrost/status/1179459193662853120

smtp.alliadintl.com

# Reference: https://app.any.run/tasks/5434da4e-e090-4642-be8d-a0117eaeb143/

smtp.alfe-eng.net

# Reference: https://twitter.com/MrGlaive/status/987780707551469569
# Reference: https://www.virustotal.com/gui/file/281053cbe38ffb8634e33d8a42ab772fb334de9e0a94af370a2426e00a502d6b/detection

mail.crosspolimeri-com.ga

# Reference: https://twitter.com/wwp96/status/1188897624776216576
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations

olodofries.ddns.net
victoryinkings.ddns.net

# Reference: https://twitter.com/ViriBack/status/1189329887074619395
# Reference: https://app.any.run/tasks/4fb9044e-3ab4-4475-94d0-0070bef4acdc/

52.15.102.232:16654

# Reference: https://twitter.com/wwp96/status/1189564875040788480

smtp.krisorigin.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1192365857810341888

ftp.kassetiabi.ee

# Reference: https://app.any.run/tasks/ab049db9-c6b6-4fc5-9052-1e27dd897f18

crilod.com

# Reference: https://twitter.com/P3pperP0tts/status/1193202523974389760

eastbrightness.com

# Reference: https://twitter.com/James_inthe_box/status/1193965109552406528

webtoall.in/men/inc/c7afb5603b20fe.php

# Reference: https://twitter.com/w3ndige/status/1194263536572207104

ftp.hotnails.ee

# Reference: https://www.virustotal.com/gui/file/88195f6db022c6008fb958dffcb3ab7bfcb2cab063ea4af0e228fc33abab7e7b/detection

192.3.24.147:5200

# Reference: https://www.virustotal.com/gui/file/94ec08ac699040cca3bd81024e2ae842dec93146e066ea8332a4c990b9db5726/detection

192.69.169.25:54901
dboy.duckdns.org

# Reference: https://twitter.com/wwp96/status/1203003462746804225

smtp.tkbill.biz

# Reference: https://twitter.com/wwp96/status/1203003008822452225

mail.garlascontrol.com

# Reference: https://twitter.com/wwp96/status/1203006028998205442

smtp.juili-tw.com

# Reference: https://www.virustotal.com/gui/file/d80bd95f435fc2b41a60a4412ec3c38cc2024c57048047c1e679e4df2d93a88c/detection

91.193.75.181:90
lexdemall.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5229dd43528a6fedaa89771dfcac9789fc0ac6f3297b83f9a5d15e4f55ebe9bd/detection

46.85.239.38:1994
79.134.225.42:1994
sandra.hopto.org

# Reference: https://www.virustotal.com/gui/file/bfc6098802823eaf83b3f49cba4b515076ce4889c192f7961bd0d55bcde4c83e/detection

79.134.225.121:5288

# Reference: https://www.virustotal.com/gui/file/40ebfd1d5b2e140d8d147f8cd304f6f3f5795591b4883cf21012a350f1b941c5/detection

79.134.225.7:8152

# Reference: https://www.virustotal.com/gui/file/9f750443a7f48cbdb29cf846bba9fe467233e6f11a9f7c70215c7eaeea38b6fb/detection

151.106.56.110:3606
moneytrade.trade

# Reference: https://twitter.com/JayTHL/status/1214332738167287810
# Reference: https://pastebin.com/raw/c2JsbUeh

adoptfashions.tk
agatamodels.ml
ahphaeg.ml
ahphaeg.tk
aldohawater.tk
allinkenya.ml
allinkenya.tk
alojobs.ml
andreyhosting.com
archiself.tk
artateknik.tk
avjrggs.ml
bargainsnyc.ml
baristageek.ml
bedrocktire.tk
blazonjewelry.ml
blazonjewelry.tk
bodyfitny.ml
boisegmc.ml
boisegmc.tk
bokkhao.ml
bokkhao.tk
bounuspornos.ml
brazosvalleypts.ml
bunnyby.ml
buyshares.ga
buyshares.ml
carriven.tk
casualfiber.tk
chefport.tk
chenfqi.tk
citjunta.ml
clanliqr.ml
coffeeod.tk
conanandjasmine.ml
cpajwood.ml
cpajwood.tk
cpanel.sunlitcars.tk
demonm.tk
destaquefitness.tk
dlskoda.ml
dombasticknas.tk
drysupplies.tk
dwgdhfy.tk
ecuacentauro.ml
ecuacentauro.tk
eleganteclub.ml
eleganteclub.tk
endzoneswagger.ml
endzoneswagger.tk
ezmoneymyteam.ml
fanbcanton.ml
finddrives.ml
finddrives.tk
fllwme.ml
fourwheller.tk
gbbpestcontrol.tk
greatpurity.ml
greatpurity.tk
hemorroidehq.ml
hemorroidehq.tk
henriquepneus.tk
hostarctic.ml
ilovesweetie.ml
ilovesweetie.tk
imagoindia.ml
instantqual.ml
interoutesme.tk
itechcity.ga
itechcity.ml
jademodern.tk
kedaisuki.ml
kedaisuki.tk
kinofkenefret.ml
laluney.ml
layingday.tk
lebanonoil.ml
lebanonoil.tk
litse.ml
lscucusc.tk
lvmotorsports.ml
lvmotorsports.tk

# Reference: https://twitter.com/wwp96/status/1214939236195086337
# Reference: https://app.any.run/tasks/fa148110-1474-4c52-b9f7-264bca3a41a1/

limmergarden.com/pa/webpanel/inc/5d54ff24322827.php

# Reference: https://app.any.run/tasks/3403cffd-adef-40bd-ac59-53edab63a0e1/

ftp.myloginoffice3.com

# Reference: https://www.virustotal.com/gui/file/7d8909c7fcb490c98941f17d30179cf932231f0a82ce25c8343fd8904fea802a/detection

185.38.151.11:50472

# Reference: https://www.virustotal.com/gui/file/31644ce7e514cdf426d1ab3e36d2ebd37068d66eb164f0d6d6ab87ab0471f897/detection

185.38.151.11:56769
185.38.151.11:61321

# Reference: https://www.virustotal.com/gui/file/da09ac88b81d53207f01371dacc653437e95b9da05ea982d397fce8c033c2ce6/detection

185.38.151.11:61628
185.38.151.11:63603

# Reference: https://www.virustotal.com/gui/file/d7eb28958866d10626c0a7f5974e32da9a7e1ad988fe09dc48ac01d103da6ace/detection

185.38.151.11:50041

# Reference: https://www.virustotal.com/gui/file/682fbcd0f7299831baca107e58095772cb425437c7d4f1cd08d81ba4d4d353a4/detection

185.27.134.11:36951

# Reference: https://www.virustotal.com/gui/file/d02569687c55976dc1fea3fbfb031a821d4072cac3971b3bf97cb6877b72e32a/detection

185.27.134.11:32281

# Reference: https://www.virustotal.com/gui/file/cffed6d9add784bf2951db23c55fb44c201535cf0417b46ced760cbf05cccbda/detection

185.27.134.11:14908
185.27.134.11:24257

# Reference: https://www.virustotal.com/gui/file/5657b7923550dc5e89b5048c7a74f665cb29aaa923ba8fe114f98bc449e81d1b/detection

185.27.134.11:21389
185.27.134.11:29037
185.27.134.11:49162

# Reference: https://twitter.com/wwp96/status/1219614957416873984
# Reference: https://app.any.run/tasks/c510f521-e3c2-45d9-98a9-b6c329189db1/

kironofer.com/webpanel/inc/d380803e561db4.php
kironofer.com/webpanel/login.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1219902709882662912
# Reference: https://app.any.run/tasks/cb6f47d6-61b4-4298-a0cf-117eea65dca0/

91.82.85.66:21
91.82.85.66:33132
ftp.metris3d.hu

# Reference: https://www.virustotal.com/gui/file/434ee3a7d5f1d23b7d2a2ca22bbf197b1275ff1bd11b03c11cfc45a6cae5fd11/detection

45.74.1.8:1122

# Reference: https://twitter.com/_lockhum/status/1220774737435074561

limmergarden.com/pa/webpanel/login.php

# Reference: https://www.virustotal.com/gui/file/4202c3c6970a870ce7fb6826dc69422c83de9da2462e28e2162a237579ff5192/detection
# Reference: https://www.virustotal.com/gui/file/8e9a4181cfd63b6d2a32352882d7022670236a5bdd0b824b547e69fde5b20c13/detection

nortonlilly.info

# Reference: https://www.virustotal.com/gui/file/67e30c288e1025728c58ad7093e34ea97d7f1e5f3c4450859e9de775e49f4dca/detection

185.244.30.53:4782

# Reference: https://twitter.com/cocaman/status/1222227693099462656
# Reference: https://app.any.run/tasks/193b764b-c408-4226-9a66-8400d1b1f4f9/
# Reference: https://www.virustotal.com/gui/ip-address/1.217.125.148/relations

1.217.125.148:8080
web.riderit.com

# Reference: https://twitter.com/wwp96/status/1222261603028152326
# Reference: https://app.any.run/tasks/227edd93-0480-404d-a7b8-0da81c2b3ce7/

78.142.19.101:587

# Reference: https://twitter.com/wwp96/status/1222262561296519168

208.91.198.143:587
208.91.199.223:587
208.91.199.224:587
208.91.199.225:587
smtp.xyzdomain.us

# Reference: https://app.any.run/tasks/3d1f67f1-6384-4980-a2e7-20ea0c0c8523/

smtp.dynamics-id.com

# Reference: https://twitter.com/wwp96/status/1222569538094534656
# Reference: https://app.any.run/tasks/6782cb3d-bd47-4351-977e-7b0bb14ae649/

effetka.com

# Reference: https://twitter.com/wwp96/status/1222575075028807681
# Reference: https://app.any.run/tasks/b71139f8-e198-4ebc-8b72-7e6399442199/

67.215.224.83:21

# Reference: https://twitter.com/wwp96/status/1223258955989815301

dkjpipnigproducts.com

# Reference: https://www.virustotal.com/gui/file/e9ae77ff1f9146e6c5296dfafb93c43ce062348136a4091d74087d603e2a18b8/detection

185.148.241.50:4782
23.105.131.230:4782

# Reference: https://www.virustotal.com/gui/file/f92ffc14ebc9ea2be74f7a6f73fa2055e345a42428171cee6491e6903816dce3/detection

varancha.com

# Reference: https://twitter.com/wwp96/status/1228359538505658371

dembal.com

# Reference: https://www.virustotal.com/gui/file/6fe5eed4b01642b919c7670f09548bce679233d8d522b20c36c29ed6fad0614d/detection

176.57.209.21:31177

# Reference: https://www.virustotal.com/gui/file/cb3534e092ee89bb8c1c4adb12a7a42a46629f0f939c13ad12be001ac1f7bb94/detection

176.57.209.21:46975

# Reference: https://app.any.run/tasks/24809127-df0b-4e16-9c94-35450bd9f283/

cydelink.com
officearchives.duckdns.org

# Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23)

190.97.166.194:80
190.97.166.194:8080
79.134.225.77:44
aaatechh.com
agent.rooderoofing.com.au
arbistars.com
bauremediaus.com
bawsymoney.ga
brther-group.com
callvaxglobal.com
captainbugattiautos.com
ceoinboxs.com
credoaz.com
data-startssllink.com
deveinsun.com
emaaiil-163.com
emtelakproperties.com
eqtweb.com
etvidanueva.com
excelaires.com
flopdlsofrd.com
forteol.com
goldenfuturepower5.com
grindtreu.online
groupbizconsulting.com
impulsefittness.info
ipblasta.com
kironofer.com
kodarkalaris.com
limmergarden.com
magnaki.com
milonestlevevy.com
milux-my.com
mshhmasvx.com
nortonlilly.info
oceantrading-jp.co
pounds.ngrok.io
prominienttec.com
shileniniliv.com
siamzime.com
sindevil.com
sm.rooderoofing.com.au
softtouchcollars.com
speedfolks.com.ng
svmarketingindia.com
telewire.online
uccftl.org
usarmyvacations.info
valedein.com
varancha.com
wieda-mc.com
workupdates.net
zomcnxbilo.com

# Reference: https://www.virustotal.com/gui/file/ae5d91ffad3a752a7568bc1197770f0ba06f33ba567740c4a18ca7bf0be6dc85/detection

168.235.111.253:1078

# Reference: https://twitter.com/wwp96/status/1232323995933929474

hitek-pk.com

# Reference: https://app.any.run/tasks/4630ac10-0749-4c13-ab1b-90f2c27c9c14/

prodiggy.xyz

# Reference: https://app.any.run/tasks/510f53d6-553e-4dae-a629-ae24c10e19ca/

office-cleaner-commander.com

# Reference: https://www.virustotal.com/gui/file/0a25a76d3b998edf56357790356abac4dd2d275c144e8d640f0c4bb4249d03a7/detection

79.134.225.75:1717
indigo22.publicvm.com

# Reference: https://www.virustotal.com/gui/file/25623344c636700823f0927a1c784b06a016b73dfa5083dc2d92baf1b40c2b71/detection

79.134.225.74:7688

# Reference: https://app.any.run/tasks/2e8a87dc-28e5-466d-8b48-772962c5515e/
# Reference: https://www.cert.hr/PhishCoviD
# Reference: https://www.virustotal.com/gui/ip-address/77.83.117.234/relations

77.83.117.234:587
aodeindustry.icu
deepsaeemirates.com
emmannar.com
bisol.icu
bkfglobal.icu
allcare-in.icu

# Reference: https://www.virustotal.com/gui/file/daf5e6207242777ec4cf6defdb9783ee4a109784de6e4be0dab7795eb8e3fd3b/detection

178.124.140.148:9955

# Reference: https://www.virustotal.com/gui/file/809f119816b9937ddc40b8821a8256373b1acfb029c9d1a226a0a402bb901e3c/detection

178.124.140.144:9955

# Reference: https://www.virustotal.com/gui/file/53f46d8f5cb827c8fd27acdb2ae47babc71a7bc9189dca78f759bb222972a06f/detection

185.19.85.172:9955

# Reference: https://www.virustotal.com/gui/file/c21528cb1bc34467b51f355d2a5ab00e5c93dc85daa288f758cb32b62c70d247/detection

129.56.115.44:9955

# Reference: https://www.virustotal.com/gui/file/c56ed81b368a4569017dc1fa62d66aa09bae779079db07e6d37057979553fb88/detection

185.19.85.158:9955

# Reference: https://www.virustotal.com/gui/file/6fc77a77ea8a0f5b9159cb397fbce10ad9db993bec824da3607d887763a4d84d/detection

129.56.24.87:9955

# Reference: https://www.virustotal.com/gui/file/22f01bda2127d3ae0a430f926e03f2fb91077f1df236de440e896cfb808e6571/detection

91.189.180.211:9955

# Reference: https://app.any.run/tasks/b46ab76d-67c1-4446-8e46-cb06ba4b56b9/

ehbsd.ueuo.com

# Reference: https://app.any.run/tasks/e7c0011c-965c-4f60-882d-c1635524d592/

mujhedilsena.com

# Reference: https://twitter.com/gorimpthon/status/1242842075202109440

http://216.170.114.99

# Reference: https://www.virustotal.com/gui/domain/goldenlion.sg/relations

goldenlion.sg/file01/
goldenlion.sg/blacky2/
goldenlion.sg/white/

# Reference: https://www.virustotal.com/gui/domain/getegroup.com/relations

getegroup.com

# Reference: https://app.any.run/tasks/50fefae3-86a8-463f-b73f-30b4578255fb/

easydatatransfercleansystemprofessional.duckdns.org

# Reference: https://app.any.run/tasks/fff397ba-c5b8-4db0-91ea-49a10e5ac00d/

sterilizationvalidation.com

# Reference: https://twitter.com/James_inthe_box/status/1245706675266306049

proyectomontvento.com/img/files/class/webp/

# Reference: https://twitter.com/James_inthe_box/status/1247162504293179392
# Reference: https://twitter.com/JayTHL/status/1247163058071523328

pussyclub88.com

# Reference: https://csirt.bank.gov.ua/news-ioc/78 (Ukrainian)
# Reference: https://www.virustotal.com/gui/domain/unlimitedimportandexport.com/detection
# Reference: https://app.any.run/tasks/21ca8f99-92aa-47a5-8787-846ab59f5841/

unlimitedimportandexport.com

# Reference: https://twitter.com/James_inthe_box/status/1252657380807938049

nabionov.net

# Reference: https://www.virustotal.com/gui/domain/rabok.io/relations

rabok.io

# Reference: https://www.virustotal.com/gui/file/0cc36114a155515acdf192cbde8cc6f2eb5bfc833920075ee5deb156944371eb/detection

185.140.53.129:8323
xacnsnva.bounceme.net

# Reference: https://unit42.paloaltonetworks.com/silverterrier-covid-19-themed-business-email-compromise/

coffiices.com

# Reference: https://www.virustotal.com/gui/file/fdd40bcfba668b785d404214fd35db117b186e21944b24f16540cce86f7bec78/detection

103.133.109.74:3050

# Reference: https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/
# Reference: https://otx.alienvault.com/pulse/5ecebea5f3c7fdfd2f5f9cd9

atn-com.pw

# Reference: https://www.virustotal.com/gui/domain/mechnicsde.dp.ua/relations

mechnicsde.dp.ua

# Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection

209.58.144.239:1738
dimitriv.duckdns.org

# Reference: https://twitter.com/benkow_/status/1270278177336803331

bpoxnet.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1270997007180730368
# Reference: https://app.any.run/tasks/4dede486-355d-4e84-874c-d9318532db23/

http://193.42.96.111

# Reference: https://twitter.com/Bl4ng3l/status/1272531788678729732

spdodoma.com/jss/1156000032.jpg

# Reference: https://app.any.run/tasks/de803f92-9a35-43b2-a84b-53b596893de4/

199.188.200.203:587
mail.marpx.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1273562883578880000

strahovka-osago.com/coer/2031777055.jpg

# Reference: https://twitter.com/James_inthe_box/status/1273983069435789316

http://180.214.236.98

# Reference: https://www.virustotal.com/gui/file/183112cc344d1629e2d63bde89fee8fd7040a70b53c695e843e6892dfb4c4c63/detection

185.244.30.14:20391
papauwa.ddns.net
