# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: qakbot, qbot

# Reference: http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=2

abc-hobbies.com
acadubai.org
adserv.co.in
alfamex.com
b.nt002.cn
b.rtbn2.cn
b.tn001.cn
bckp01.in
boogiewoogiekid.com
buldrip.com
cdcdcdcdc212121cdsfdfd.com
cdcdcdcdc2121cdsfdfd.com
citypromo.info
du01.in
du02.in
ftp.acmeinformation.com
ftp.hunterscentral.com
ftp.periodicopuruvida.com
gator862.hostgator.com
googcnt.co.in
hostrmeter.com
inetrate.info
laststat.co.in
nt002.cn
nt010.cn
nt101.cn
nt13.co.in
nt16.in
nt17.in
nt20.in
nt202.cn
ppcimg.in
prstat.in
redserver.com.ua
s046.panelboxmanager.com
saper.in
spotrate.info
successful-marketers.com
swallowthewhistle.com
up002.cn
up003.com.ua
up004.cn
up01.co.in
up02.co.in
up03.in
whitepix.info
yimg.com.ua
zenpayday.com
zurnretail.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://twitter.com/abuse_ch/status/1116023921894219778

d221-73-45.commercial.cgocable

# Reference: https://twitter.com/Bank_Security/status/1124209952019689472
# Reference: https://pastebin.com/pTXbXVnZ
# Reference: https://blog.talosintelligence.com/2019/05/qakbot-levels-up-with-new-obfuscation.html
# Reference: https://twitter.com/_Bear_Crawl_/status/1124357801906716672
# Reference: https://pastebin.com/Tq6ji8uV

lg.prodigyprinting.com
hp.prodigyprinting.com
layering.wyattspaintbody.net
painting.duncan-plumbing.com
rss.thulos.com
wordpress.4ainternacional.com
feedback.couponpx.com
10tillcom.montgomerytech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Qakbot-6956539-0)

jpfdtbmvuygvyyrebxfxy.info
hknkmwfdngcfavzhqd.biz
ywubouysdukndoakclnr.org
uwujtnymeyeqovftsc.org
kaaovcddwmwwlolecr.org
ijdlykvhnvrnauvz.com
lunkduuumhmgpnoxkbcjqcex.org
hsyglhiwqfc.org
forumity.com
zebxhuvsz.com
yxssppysgteyylwwprsyyvgf.com
fcptxaleu.net
olosnxfocnlmuw.biz
cbqjxatxrumjpyvp.biz
sproccszyne.org
uschunmmotkylgsfe.biz
wgysvrmqugtimwhozoyst.biz
tkpxkpgldkuyjduoauvwoiwcg.org
cufgghfrxaujbdb.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Qakbot-7079811-0)

aqksafpuovjyfrzit.org
aulmkpipscpopgwrtzhlnqmjk.info
bmbtgoova.com
cagkhrabktfwkuroydfwtta.org
doiknfcneeeydnyofyurzy.info
erbqfnvqsahyshygeglwhxhvd.org
hibqrywwciwhbks.net
jkijlzrsvic.com
jueafvkiigmul.org
mgpepssjlpytbdktejekl.net
nwocsvuw.net
pzsbodhuinrzhcjin.org
tvntnfczmfiewin.info
uofdwoxezbdujgadioqvy.net
vljfhvniqpl.org
vwsbvkpkzgsvyhapfcm.org
wlakhytkctowfowlzyehtt.net
wupgkipgaiu.biz
yaznaovutvzwgp.net
ymoabqpo.com
zqpbnjvmfkfzbyko.info

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html (# Win.Dropper.Qakbot-7287972-0)

ageanrzekiycakzrswcq.com
cyiynudufvqmswxgtdkgyal.org
evvedpvqyno.net
fmncuwynktocekwqmthsr.net
hrmmnxigwodcsbqhcezedv.net
ocqfamsdr.org
ohfckvgylddiulbtgcrdijtpl.org
ohnzjsjoyxmkfpafaouujked.biz
qguuivkqppwohlzzvjv.org
rpagfveavil.com
tnqnpjthcwhhit.biz
utglavlafksmzfcniumfwwbm.biz
wpaoyqevfvmqquvpfwo.com
wyrlmssiybtkxemblgkturpw.net
zhkclrrbgufzsgljzohs.com

# Reference: https://twitter.com/killamjr/status/1183831240090312706

mottosfer.com
sosanhapp.com

# Reference: https://twitter.com/killamjr/status/1184219573664530437

ivoireboutique.net
newbestacademy.com

# Reference: https://twitter.com/DGAFeedAlerts/status/1186130743241707520

veadymnpvxjxzicecamltc.com

# Reference: https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html
# Reference: https://tria.ge/reports/191119-kdqwsphw2e/task1
# Reference: https://twitter.com/malware_traffic/status/1223044973836361729



content.markdutchinc.com

# Reference: https://twitter.com/reecdeep/status/1218172158633029632

deccolab.com
helpvan.su

# Reference: https://twitter.com/reecdeep/status/1222429871621709824

productsphotostudio.com/wp-content/uploads/2020/01/lane/444444.png

# Reference: https://twitter.com/ps66uk/status/1244784860927004672

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
worldplaces.in/direct/444444.png

# Reference: https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9

411foru.biz
411foru.com
411foru.info
411foru.net
411foru.org
aecfdpuspicop.biz
aifrbgvit.org
akurktsicohzxrfoynqaixspe.org
americansvoice.com
americasvoice.net
angelandthebackbeat.com
angelandthebackbeats.info
angelandthebackbeats.net
angelandthebackbeats.org
anthonybryanauthor.com
aoznszhhyhktgb.com
awtptzoblgkkdmfb.biz
ballbutter.com
bbostybfmaa.org
bdbprqhsomsonztxios.net
beverlyhillsaestheticplasticsurgery.com
beverlyhillsaestheticplasticsurgeryassociates.com
beverlyhillsshrinkwrapliposuction.com
bhapsa.com
bogtdrfdeqabyyxdg.net
bookhotelonlinetoday.com
boomer-talk.com
boomerstalk.com
boomersvoice.com
boomersvoice.net
brpnkctjvgdmnbwtv.biz
bryhitenwzmdtakavoofanp.org
bwzxubzdgaq.biz
bzkgskajhmcwrbk.net
candcbuilding.com
candcplumbing.com
casinobettingpoker.com
cecate.net
cio-inspired.com
cioemea.com
cioeurope.com
cioinnovate.com
cisoinspired.com
cmoinspired.com
cortezs.com
cortezs.net
costcoexpress.com
coxrwiuxkcausxnlbgjmakxrw.net
coxrwiuxkcausxnlbgjmakxrw.net
cpoinspired.com
creinspired.com
csgoclimb.ru
csgoevent.com
csgohs.ru
czkwuxvndxrjsprm.org
dandymanscrubs.com
dandyscrub.com
dandyscrubs.com
dejyjcwo.info
dfnchvkjlzlkdaygzdakqhn.info
dkdjezurex.org
doctorraffi.com
domandvilma.com
dpsjwmwzuwnicaq.biz
dpsjwmwzuwnicaq.biz
drhovsepian.com
drhovsepianbeverlyhillsbotchedme.com
drhovsepianbeverlyhillsbotchedmeup.com
drhovsepianbeverlyhillsexperience.com
drhovsepianbeverlyhillsreview.com
drhovsepianbeverlyhillsreviews.com
drhovsepianbotched.com
drhovsepianbotchedme.com
drhovsepianbotchedmeup.com
drhovsepianplasticsurgeon.com
drhovsepianplasticsurgery.com
drhovsepianreview.com
drhovsepianreviews.com
drhovsepianruinedme.com
drraffibeverlyhills.com
drraffibeverlyhillsbotched.com
drraffibeverlyhillsbotchedme.com
drraffibeverlyhillsbotchedmeup.com
drraffibeverlyhillsreview.com
drraffibeverlyhillsreviews.com
drraffibotched.com
drraffibotchedme.com
drraffibotchedmeup.com
drraffihovsepian.com
drraffihovsepianbeverlyhillsbotched.com
drraffihovsepianbeverlyhillsbotchedme.com
drraffihovsepianbeverlyhillsbotchedmeup.com
drraffihovsepianbeverlyhillsexperience.com
drufxhimmwwnfhegujbutyw.com
drufxhimmwwnfhegujbutyw.com
dslmkpgjvuisnqa.com
dslmkpgjvuisnqa.com
dtvsxudgnort.biz
dynamicwords.us
eeaforums.org
ejnkyujcazyyrehecjmox.net
engeniusforum.com
facilitiesmanagementforum.com
fbptaqbegdpqfkqeniulcz.com
felruzatqofkxlzkrskrbcilq.org
fgmbdteifejszcmn.org
fm-inspired.com
fminnovate.com
fmpevent.com
fobccpaug.org
frcblvtmpuygvxzdjsdw.net
gandhiprobably.com
gdfqutzvshhgzheqksxj.biz
gfapuxkfzsddekagqyvtibckx.org
gfsbfuaogfwrcvstpnvuskqjh.net
gilkeyphotography.com
gjcybzvmvir.com
gjcybzvmvir.com
gkvimqrvoscnuvggw.net
godbetter.com
godbigger.com
godonlinetv.com
gvyxwaslgliazuilhtyl.com
hbjzvgyej.org
hernandezenterprise.com
hernandezenterprise.info
hernandezenterprise.mobi
hernandezenterprise.net
hernandezenterprise.org
hhwkqccfvmbxvgsrfodzblfk.org
hihybiipewmutcpqjsnnn.org
hr-inspired.com
htibkjlyhffmhnetwvaia.net
hvjhbdtxslkr.net
hyfotrom.biz
hyfpcoogiuxackrjlvqfoa.org
iaahouston1.com
inspiredbusinessmedia.com
internetmarketingenterprise.net
izfrynscrek.net
jaxmksttqwcfycm.org
jdqmdauuzavhvzmchymtn.com
jekawtzb.net
jfgsifrptbirusgs.net
jghgaukpemdsitwrbkm.org
jhsjqyopeiivfjonxfd.com
justportraits.ca
jyemfaceteeg.info
kvwyoivqwydfdlpzd.org
kyimozmtezqaghxaqbykf.net
kzdmlrtrdfmuvyczjeoysnnr.com
lifewavechina.com
lifewavedenmark.com
lifewavedistributor.com
lifewaveforever.com
lifewaveindia.com
lifewaveuk.com
listentoamericans.com
listentoamericans.net
ljiececesruwqsiaafspjb.biz
ljiececesruwqsiaafspjb.biz
lowtechinternational.com
lssteedshlf.org
lzxrbgvcpdefafmtkmypd.org
marcelohernandez.net
marcelohernandez.org
messifootball.com
messimessimessi.com
messistar.com
messistars.com
mlmbonus.com
modernhide.com
mushroomalley.com
my-voice.net
myvoiceamerica.com
myvoiceusa.com
mzvmmsedkr.biz
naughtytimebooks.com
nknpagmexfmpivpfkej.org
nkwnfcvlqvouqyspcpfxdbmkv.org
nwqsckeoatb.biz
nyqvjyehgmyzwsutaoeqrzdff.net
oabtwabgoyatl.info
oeisvpck.com
ofcource.com
ohjnxkcqhyzcqxoxyrqsvmovb.org
ohnzjsjoyxmkfpafaouujked.biz
ohpjbauaztbcqjwbxyepjg.info
olecram.info
olecram.org
olecramproductions.info
olecramproductions.net
olecramproductions.org
onlineredwine.com
onlyportraits.com
onpzjbvxnbvuhrjbjb.info
osnyjaaliqdpegehd.com
oxpsuqkej.org
pgnioogwlucnv.com
pptyqmktluqnpameptwtzno.org
pqmqomkgjnfdng.org
pzmftmgqnxaqgrznm.net
qfdjjouamlbqtfyewaxci.org
qotavczeb.info
raymondelectronics.com
rdnzplgrz.net
reckchfhtndingqrynjdgpbjy.net
revivearizona.com
reviveindiana.net
reviveindiana.org
revivejerusalem.org
revivelondon.org
revivemilwaukee.org
reviveminnesota.com
reviveminnesota.info
reviveminnesota.net
reviveminnesota.org
revivemississippi.net
revivemississippi.org
revivemsp.org
reviverichmondca.org
revivesarasota.org
reviveseattle.org
revivesoutherncaribbean.com
revivesoutherncaribbean.org
revivetheholyland.com
revivetheholyland.org
revivethepromisedland.com
revivethepromisedland.org
revivetupelo.com
revivetupelo.org
revivetwincities.org
revivewisconsin.org
rhjbkrqiekhdxlgzrzdzw.net
riiqynnpolhrrqtjq.com
rkdxaovlaoltxnorwhtqo.com
rss.dimadimapress.com
rtachicago.com
rudedogbrewery.com
rudedogbrewery.info
rudedogbrewery.net
rudedogbrewery.org
rudedogbrewing.co
rudedogbrewing.net
rustywallacefordtennessee.com
saveonfordtrucks.com
saveonscion.com
saveontoyotas.com
sda-courier24.biz
sdacourier.info
senior-voice.com
sexlag.com
shehtaamozvljiemrijsgzff.com
shoprustywallace.com
shoprustywallaceford.com
silent-majority.net
simnewsdaily.com
sportsbettingrace.com
stat.nickspizzade.com
tnqnpjthcwhhit.biz
trackbonus.com
ttzioiyzupuntyceqbwqr.org
tybsrwyftchsd.biz
uisfhfwqrcsqcvo.org
uitutnmieyxfk.org
usobtaaxtdkpzqqvkahae.com
utalkhere.com
utalkhere.net
uvaphhxjmijvuvobqfezgnc.com
uvaphhxjmijvuvobqfezgnc.com
uzjwupjsjfpcezlchdsmzodkm.org
vcavovfkbnxdi.org
vpsbrubhqlrpqfnadsvc.net
vvdpprlurgnja.biz
vxozgiucpq.com
vyffojtfi.net
vzdrlswljtpgsmvddeehav.org
walmgvyongcjrfpjjlwiweyiv.biz
wolfgnards.com
wybmdazfdaapjtabgbamyuq.biz
xkwczygvqosxx.com
xykrgjnhkhjgpkdi.net
year2018.com
year2019.com
year2023.com
year2024.com
yliolxjywjpmtpxwkcsc.biz
yqwjvhxgaiszygziq.org
yqwjvhxgaiszygziq.org
yrkinsiwejn.biz
yuhjomyygtrbcr.info
zlczwkjposmtcawsga.org
zvwidimzmcbsrdbrtk.org
zwdhqcthdwlugocbiqn.info

# Reference: https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/

content.bigflimz.com
fixdoctorsfirst.net
help.postsupport.net
ontario.postsupport.net
portla.mlcsoft.com
qt.files.diggerspecialities.com
store.thecenterforyoga.com
store.birthtothreeipswich.org
uhfudshfduhsf.com

# Reference: https://twitter.com/Bank_Security/status/1121684786068611072

apps.theandroidstore.tv

# Reference: https://twitter.com/killamjr/status/1184564829140291584

baytk-ksa.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://app.any.run/tasks/affb8f2b-864b-4919-94f9-628bb8de9c1c/

maishousemeovac.com

# Reference: https://twitter.com/Arkbird_SOLG/status/1230436957693632512

http://91.196.70.103

# Reference: https://twitter.com/shiftybitshiftr/status/1231422937799856128

qthrebadf.mrbonus.com

# Reference: https://twitter.com/Jouliok/status/1235446560735080449
# Reference: https://app.any.run/tasks/35172a93-5c37-44c2-aac8-7697c4682667/

murreeweather.com

# Reference: https://app.any.run/tasks/4e308047-6593-4aa7-9ca6-aab1d55d324f/

a-o-concepts.ch

# Reference: https://twitter.com/JAMESWT_MHT/status/1244933553151979520
# Reference: https://app.any.run/tasks/d1f38527-29f0-4367-8b65-68896c52ebf6/
# Reference: https://app.any.run/tasks/65300f66-2666-427f-815e-a155b346ceab/

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
t.unplugrevolution.com/articles/18928/2910.png
worldplaces.in/direct/444444.png

# Reference: https://twitter.com/ps66uk/status/1245050707180498947

worldsatellitemedia.com/tools/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1246089064182435840

wizcapture.com/Branding/444444.png
swisscleantechreport.ch/Branding/444444.png
aaronfickling.com/Branding/444444.png
5.unplugrevolution.com/234/4324/43.png

# Reference: https://app.any.run/tasks/4eed74e1-5dd0-4a78-8e92-6a0351adf6e5/

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png

# Reference: https://twitter.com/0xCARNAGE/status/1235716209540296704

samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
careers.sorint.it/idle/33333.png
uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://pastebin.com/3ZzD5N51

tubolso.cl/wp-content/uploads/2020/02/white/444444.png
samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
murreeweather.com/wp-content/white/444444.png

# Reference: https://twitter.com/wwp96/status/1234919547590905856

samphaopet.com/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://twitter.com/wwp96/status/1230183193300676609

g2creditsolutions.com/trusty/444444.png

# Reference: https://twitter.com/wwp96/status/1229887414069579777

kantei-center.com/wp/wp-content/uploads/2020/02/safety/444444.png

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1227767571547590657

mostasharanetalim.ir/wp-content/uploads/2020/02/recent/444444.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1246109511473037312

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
4.unplugrevolution.com/189/24/4788.png

# Reference: https://twitter.com/lazyactivist192/status/1247179930821177344

a.assignmentproff.com/ashduhfudsf.png
corbucrochet.com/cursors/444444.png
stajer.eu/cursors/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1247530680776417282
# Reference: https://app.any.run/tasks/23430199-4079-4202-a847-683ef164c392/

b.assignmentproff.com/amyceyaihd.png
kramo.pl/wp-content/plugins/apikey/slider/444444.png
wppunk.com/wp-content/uploads/2020/04/slider/444444.png
retroband.uk/wp-content/uploads/2020/04/slider/444444.png
almohadonera.clichead.club/slider/825381.zip

# Reference: https://pastebin.com/C9Jmzvdu

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/plugins/advanced-ads-genesis/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/pN5DfFyS

millionsawesomeproducts.com/string/444444.png
common-factor.nl/string/444444.png
funpartyrent.com/string/444444.png
leukkado.be/string/444444.png
unik-evenements.fr/string/444444.png
d.teamworx.ph/1839/20/279.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1250473025012711424

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/themes/calliope/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/hYd6S8YT
# Reference: https://otx.alienvault.com/pulse/5e97740b990dafad240cf9e7

bizzlon-realty.com/wp-content/themes/calliope/beads/444444.png
pakgt.com/wp-content/themes/calliope/beads/444444.png
marinerevetement.com/wp-content/themes/calliope/beads/444444.png
chattosport.com/wp-content/themes/calliope/beads/444444.png
a.coolbreeze.uk/213/312d/6748.png

# Reference: https://twitter.com/secret_return/status/1250574408566976512

/wp-content/themes/calliope/db.php?u=true
/wp-content/themes/calliope/wp-data.php
/wp-content/themes/calliope/wp_class_datalib.php

# Reference: https://twitter.com/ActorExpose/status/1252183338141601793
# Reference: https://app.any.run/tasks/be4a431b-fdb7-4dec-ad40-f67201493494/

greindustry.com
paceldelivery.express

# Reference: https://www.virustotal.com/gui/domain/automatischer-staubsauger.com/relations

automatischer-staubsauger.com

# Reference: https://www.virustotal.com/gui/file/9a8206be5f1eeca651f0d858f752fd84e7014ab561a3b7a8ad2a56971e5f338f/detection

anamikaindanegas.in
demo.caglificioclerici.com

# Reference: https://twitter.com/lazyactivist192/status/1252946567780319233
# Reference: https://pastebin.com/L0g5fRgv
# Reference: https://app.any.run/tasks/286bb4a8-6392-4b31-8e36-ae143522d0d6/

hasumvina.nrglobal.top/wp-content/themes/mapro/pump/55555.png
4mco.com.pk/wp/wp-content/themes/mapro/pump/55555.png
cloud.wmsinfo.com.br/wordpress/wp-content/themes/mapro/pump/55555.png
jeromenetpanel.ml/wp-content/themes/mapro/pump/55555.png
cheshirecheetah.com/wp-content/themes/mapro/pump/55555.png

# Reference: https://pastebin.com/7bYzetJF

170.82.210.138:2222
178.193.33.121:2222
184.167.2.251:2222
188.26.150.82:2222
195.162.106.93:2222
68.14.210.246:2222
72.204.242.138:50003
75.117.128.20:2222
atn24live.com/spool/8888.png
bg142.caliphs.my/spool/8888.png
afsholdings.com.my/spool/8888.png
alphapioneer.com/spool/8888.png
kbzsa.cn/wp-content/plugins/apikey/spool/8888.png

# Reference: https://pastebin.com/55uiNwYC

auxiliumassessoria.com.br/docs_tmj/8888.png
inglesdoribas.com.br/docs_cyq/8888.png
adamdtmassage.co.uk/docs_394/8888.png
adwokat-pleszka.pl/docs_v6n/8888.png
afterdrugs.life/docs_kxk/8888.png

# Reference: https://pastebin.com/BSe9sHVR

arcyten.cl/iulbxki/88888.png
beforeshithappens.com/docs_2re/55555.png
can-media.de/e/88888.png
cirugiagenital.com.mx/rrigg/88888.png
clair-salon.info/docs_xgy/55555.png
clubtempel.de/zeksv/88888.png
delmaestro.cl/uyc/88888.png
mytex.pe/phsse/88888.png
svvlive.com/docs_fbz/55555.png
themmacoach.com/wp-content/uploads/2020/04/docs_cv0/55555.png
tianmaouae.com/docs_9qu/55555.png
y-sani.com/docs_bcx/55555.png

# Reference: https://pastebin.com/SbZvFXPa

batdongsanbentre.com.vn/vbtbnvxnrl/22222.png
betopceo.com/ivbglae/22222.png
capath.vn/yxrw/22222.png
cerisiers.be/fczjua/22222.png
daricci.de/wp-content/uploads/2020/04/owkf/22222.png

# Reference: https://pastebin.com/Qsf0XmFj

tradingwithharmony.com/wp-content/uploads/2020/04/phsse/8888.png
moinmo.de/phsse/8888.png
herrfischer.me/phsse/8888.png
ngon10.com/phsse/8888.png
gmassurance.fr/wp-content/uploads/2020/04/phsse/8888.png

# Reference: https://app.any.run/tasks/173baaa3-8577-49a3-b525-04dddc3ed2a5/
# Reference: https://app.any.run/tasks/23781225-7661-48b5-a3bb-4f3c22b99252/

tristatehs.com
new.tristatehs.com

# Reference: https://app.any.run/tasks/20fdc52d-21bd-4a76-aa4e-0a0b6729c66f/

hotelbharatpurpalace.com/fjtpbqbq/88888.png

# Reference: https://pastebin.com/czHZP8AJ

beachtour14.fr/bpqlrau/2222.png
casadospa.com.br/wp-content/uploads/2020/05/fougrzbplzd/2222.png
chapaitoday.com/olsce/2222.png
ecogold.com.au/wp-content/uploads/2020/05/ggmjmxnvzabj/2222.png
en.goldwin1.ir/sysaasdyrwt/2222.png
cupid.ninja/jbwyga/3333.png
era.co.id/jwpgqgdwcg/3333.png
escriba.art/wp-content/uploads/2020/05/volbgwi/3333.png
flowersforfuneral.net/zkqsxgiuc/3333.png
ftluae.com/wp-content/uploads/2020/05/nkwyacugcyjt/3333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1258057381637955586
# Reference: https://app.any.run/tasks/84e1beae-8ca6-484e-9124-c9ffd0116307/

alhussain.pk/ioxix/88888.png
beta.enerbras.com.br/muvolifvmg/88888.png
blog.saigon247.vn/wp-content/uploads/2020/05/axtcud/88888.png
it.shopforever.pk/ewbaleo/88888.png
limonauto.com.ua/gdjcigc/88888.png

# Reference: https://pastebin.com/j5tcBGZR

p2b.in/tpgcy/6666.png
cjemskayyoor.com/wp-content/uploads/2020/05/yaakhc/6666.png
cosmea.pl/wp-content/uploads/2020/05/lqauk/6666.png
hobsnchimney.in/dawfxassh/6666.png
hyundainamdinh.org/wp-content/uploads/2020/05/nxacxffh/6666.png

# Reference: https://pastebin.com/jmh7jtHb

landing1.allencarr.co.il/wp-content/themes/danfe/itfmy/4444.png
laraib.freelancefront.com/wp-content/themes/danfe/seobfszigf/4444.png
learn.milwayresources.com/wp/wp-content/plugins/wp-block-pack/yaziwtgpugnl/4444.png
kazemart.com/wp-content/themes/danfe/eupsvyto/4444.png
kenfendi.com/wp-content/themes/danfe/abfbbq/4444.png

# Reference: https://pastebin.com/NfiYEGRW

datphatlocsg.com/wp-content/uploads/2020/05/scfcgmbjsv/77777.png
moydom.md/wp-content/uploads/2020/05/hflhgo/77777.png
renobarapp.es/wp-content/uploads/2020/05/ahrtqqlwe/77777.png
league265.com/awoaokzq/77777.png
doryfotografia.com/wordpress_1/valoub/77777.png

# Reference: https://pastebin.com/drJgf5aZ

conference.vlgprojects.ru/fsxijcpft/5555.png
sjabbens.xyz/wp-content/uploads/2020/05/xngij/5555.png
telefonrammen.dk/pcixoheru/5555.png
vdovira.net.ua/qjzcgusihgg/5555.png
formationcap.tn/wp-content/uploads/2020/05/avxvwjxvpzh/5555.png

# Reference: https://pastebin.com/55RY1qcm

fitoluri.cat/wp-content/themes/twentyseventeen/inc/turns/55555.png
mrdgrupointegral.com/wp-content/themes/twentytwenty/inc/turns/55555.png
demo.dehliwalalunch.com/wp-content/themes/twentyseventeen/inc/turns/55555.png
dr-nano.ir/wp-content/themes/twentytwenty/classes/turns/55555.png
bondarenkopjatk.ru/wp-content/themes/twentyseventeen/inc/turns/55555.png

# Reference: https://pastebin.com/PwQfddsP

new.myoc.com.au/pqurjvfpjl/8888888.png
uhuru.online/krtxtkiajk/8888888.png
one2onedriving.co.uk/zxzhmxut/8888888.png
kancelariaziolkowscy.pl/xfyinzwfwqv/8888888.png
shop.luisvillalonga.com/fztdvmyodegs/8888888.png

# Reference: https://pastebin.com/15vppTwk

idea-development.ru/afqwno/8888888.png
rifey-zlat.ru/oezwkp/8888888.png
m.alt-hospital.ru/dsancifk/8888888.png
6pond.com/yjssrdxwb/8888888.png
redletterliving.org/iqoehhnywvt/8888888.png

# Reference: https://twitter.com/ffforward/status/1268905190041759744

test.acdlec.be/ilxjzhky/8888888.png

# Reference: https://pastebin.com/HkmkarTG
# Reference: https://app.any.run/tasks/68251632-8093-4ae1-9a33-99c8b2437e21/

salwadm.com/tcphx/8888888.png
flipkenya.com/nujazbwrhjy/8888888.png
10x45.com/zfbjvvqxktx/8888888.png
iamployed.nl/lbbiujdyjy/8888888.png
aptociudadamuralladacartagena.com/gddqez/8888888.png
autoescolaciganos.com.br/gezzf/8888888.png

# Reference: https://twitter.com/lazyactivist192/status/1271079253988093953
# Reference: https://pastebin.com/Kx6ADJ3z

amandadecardy.com/NSUEdD/wp-includes/js/tinymce/plugins/directionality/pdvav/8888888.jpg
ameliasmoments.com/wp-includes/js/thickbox/wifgyfro/8888888.jpg
digitalschoolfaridabad.in/courses/images/parallax/mjogqxakfxg/8888888.jpg
sometechsense.com/wp-includes/js/tinymce/plugins/wptextpattern/tbpfdfelf/8888888.jpg
uniquehindunames.com/wp-content/uploads/cnesco/8888888.jpg

# Reference: https://twitter.com/JAMESWT_MHT/status/1271486893188886531
# Reference: https://pastebin.com/L8JGi5nE

leeephee.top
withifceale.top
wpsnoum.pw
wsaexdig.pw
xeemoquo.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1272522078252609538
# Reference: https://pastebin.com/wfQduHVS
# Reference: https://app.any.run/tasks/c5fe9c77-58b8-4e45-9df9-a0fa5e41a627/

sehgalestates.co.in/zvufsph/8888888.png
dentixdentalcare.com/ftoddj/8888888.png
fooodshooters.com/enlokgqs/8888888.png
new.carfinancehotline.ca/lqjdqsckuihv/8888888.png
altuspsg.com/fyhhqlmq/8888888.png

# Reference: https://twitter.com/Bank_Security/status/1272787094319095809

w1.plenimusic.com/fakes/

# Reference: https://twitter.com/0xCARNAGE/status/1274062746716438528
# Reference: https://app.any.run/tasks/78977d8c-8907-418d-87ae-bfbddd3d611d/

savemall.store/shiolmqj/33333333.png
tshirtstirupur.com/zbdmzdogdptt/33333333.png
maxacerna.org/ekasrroy/33333333.png
kwickshop.co.tz/lwhtksmfrbyh/33333333.png
paschalhildreth.com/bnqcndfbrfc/33333333.png

# Reference: https://pastebin.com/sEPSHH4j

test.africanamericangolfersdigest.com/kkmthjsvf/5555555.png
frankiptv.com/liehyidqtu/5555555.png
klubnika-malina.by/utgritefmjq/5555555.png
centr-toshiba.by/wogvynkombk/5555555.png
marokeconstruction.com.au/hhmzmlqct/5555555.png

# Reference: https://app.any.run/tasks/26bee149-383f-4e98-91b9-3f1a36f821e6/

digisham.ir/cbroi/33333333.png
renukagraphics.com/ttgoccwx/33333333.png
tempusout.co.uk/qqzweuuwqo/33333333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1275434967418327041

girandolegiobas.it/jvhum/33333333.png

# Generic

/TealeafTarget.php
/treusparq.php
/tpan/azep.php
/uQnED83/tltZT3.php
/tltZT3.php
/vbtbnvxnrl/22222.png
/ivbglae/22222.png
/yxrw/22222.png
/fczjua/22222.png
/owkf/22222.png
/bpqlrau/2222.png
/fougrzbplzd/2222.png
/olsce/2222.png
/ggmjmxnvzabj/2222.png
/sysaasdyrwt/2222.png
/jbwyga/3333.png
/jwpgqgdwcg/3333.png
/volbgwi/3333.png
/zkqsxgiuc/3333.png
/nkwyacugcyjt/3333.png
/cbroi/33333333.png
/jvhum/33333333.png
/ttgoccwx/33333333.png
/qqzweuuwqo/33333333.png
/bnqcndfbrfc/33333333.png
/ekasrroy/33333333.png
/lwhtksmfrbyh/33333333.png
/shiolmqj/33333333.png
/zbdmzdogdptt/33333333.png
/itfmy/4444.png
/seobfszigf/4444.png
/yaziwtgpugnl/4444.png
/eupsvyto/4444.png
/abfbbq/4444.png
/beads/444444.png
/previous/444444.png
/slider/444444.png
/string/444444.png
/differ/999999.png
/ahrtqqlwe/77777.png
/awoaokzq/77777.png
/hflhgo/77777.png
/scfcgmbjsv/77777.png
/valoub/77777.png
/feature/777777.png
/tpgcy/6666.png
/yaakhc/6666.png
/lqauk/6666.png
/dawfxassh/6666.png
/nxacxffh/6666.png
/pump/55555.png
/spool/8888.png
/docs_tmj/8888.png
/docs_cyq/8888.png
/docs_394/8888.png
/docs_v6n/8888.png
/docs_kxk/8888.png
/cnesco/8888888.jpg
/mjogqxakfxg/8888888.jpg
/pdvav/8888888.jpg
/tbpfdfelf/8888888.jpg
/wifgyfro/8888888.jpg
/fztdvmyodegs/8888888.png
/ilxjzhky/8888888.png
/krtxtkiajk/8888888.png
/pqurjvfpjl/8888888.png
/xfyinzwfwqv/8888888.png
/zxzhmxut/8888888.png
/fyhhqlmq/8888888.png
/afqwno/8888888.png
/oezwkp/8888888.png
/dsancifk/8888888.png
/yjssrdxwb/8888888.png
/iqoehhnywvt/8888888.png
/tcphx/8888888.png
/nujazbwrhjy/8888888.png
/zfbjvvqxktx/8888888.png
/lbbiujdyjy/8888888.png
/gddqez/8888888.png
/gezzf/8888888.png
/zvufsph/8888888.png
/ftoddj/8888888.png
/enlokgqs/8888888.png
/lqjdqsckuihv/8888888.png
/fsxijcpft/5555.png
/turns/55555.png
/xngij/5555.png
/pcixoheru/5555.png
/qjzcgusihgg/5555.png
/avxvwjxvpzh/5555.png
/docs_2re/55555.png
/docs_9qu/55555.png
/docs_bcx/55555.png
/docs_cv0/55555.png
/docs_fbz/55555.png
/docs_xgy/55555.png
/kkmthjsvf/5555555.png
/liehyidqtu/5555555.png
/utgritefmjq/5555555.png
/wogvynkombk/5555555.png
/hhmzmlqct/5555555.png
/e/88888.png
/fjtpbqbq/88888.png
/iulbxki/88888.png
/phsse/88888.png
/rrigg/88888.png
/uyc/88888.png
/zeksv/88888.png
/ioxix/88888.png
/muvolifvmg/88888.png
/axtcud/88888.png
/ewbaleo/88888.png
/gdjcigc/88888.png

# IP connections

104.153.240.6:2222
104.173.119.54:2222
104.174.71.153:2222
104.221.4.11:2222
104.32.185.213:2222
107.15.153.110:8443
108.184.57.213:8443
108.190.151.108:2222
111.125.70.30:2222
116.30.4.51:2222
116.72.208.166:2222
116.72.213.83:2222
118.93.167.173:2222
120.147.65.97:2222
120.147.83.120:2222
146.200.250.17:2222
150.143.128.70:2222
166.62.180.194:2078
171.100.86.168:2222
172.58.107.229:2222
173.22.120.11:2222
173.247.186.90:2087
173.26.65.44:50010
174.34.67.106:2222
176.193.14.165:2222
176.223.0.185:2222
176.223.35.19:2222
176.223.43.145:2222
178.193.33.121:2222
184.167.2.251:2222
184.180.157.203:2222
184.191.61.13:32100
184.90.139.176:2222
186.47.208.238:50000
186.94.173.62:2078
187.194.16.208:2222
188.25.223.107:2222
188.25.233.157:2222
188.26.150.82:2222
188.27.166.186:2222
189.163.230.27:2222
190.198.124.212:2078
190.204.58.240:2078
190.75.173.8:2078
193.248.44.2:2222
195.162.106.93:2222
196.194.28.127:2222
196.194.74.33:2222
196.194.76.68:2222
196.194.77.181:2222
196.194.84.165:2222
196.221.15.34:6881
2.45.53.40:2222
2.50.47.97:2222
201.209.0.55:2078
201.209.218.89:2078
201.209.22.209:2078
201.209.4.83:2078
206.51.202.106:5000
206.51.202.106:50002
206.51.202.106:50003
207.255.161.8:2078
207.255.161.8:2087
207.255.161.8:2222
207.255.161.8:32100
207.255.161.8:32102
207.255.161.8:32103
209.182.121.133:2222
213.31.203.38:2222
216.137.140.236:2222
216.21.168.27:32101
216.21.168.27:50000
216.221.73.45:2222
216.8.170.82:2222
220.135.31.140:2222
222.195.69.36:2078
23.49.13.33:7000
24.100.46.201:2222
24.110.14.40:3389
24.136.33.120:2222
24.184.5.251:2222
24.184.6.58:2222
24.201.68.105:2078
24.201.68.105:2087
24.201.79.208:2078
24.202.42.48:2222
24.203.221.252:2222
24.203.36.180:2222
24.203.64.26:2222
24.228.185.224:2222
24.231.54.185:2222
24.26.1.14:2222
24.27.82.216:2222
24.44.180.236:2222
24.46.40.189:2222
31.50.210.205:2222
35.142.12.163:2222
35.142.24.147:2222
37.182.238.170:2222
45.37.57.119:2222
45.45.51.182:2222
47.39.177.171:2222
47.48.236.98:2222
49.144.81.46:8443
5.107.144.131:2222
5.107.208.94:2222
5.107.229.6:2222
5.107.232.32:2222
5.12.213.152:2222
5.12.214.109:2222
5.14.44.173:2222
5.193.175.12:2078
5.193.178.241:2078
5.193.61.212:2222
5.233.222.211:61202
5.233.232.81:61202
5.89.115.73:2222
50.198.141.161:2078
54.36.108.120:65400
62.38.111.70:2222
63.230.11.201:2083
63.230.2.205:2083
64.72.102.10:2222
65.100.247.6:2083
65.169.66.123:2222
65.30.213.13:6882
66.25.168.167:2222
66.76.255.133:2078
67.200.146.98:2222
67.209.195.198:3389
67.214.201.117:2222
67.5.33.229:2078
67.7.2.109:2222
67.83.122.112:2222
67.83.54.76:2222
67.87.38.242:2222
68.14.210.246:2222
68.207.33.232:2222
68.207.39.244:2222
70.123.92.175:2222
70.21.182.149:2222
70.62.160.186:6883
70.74.159.126:2222
70.95.94.91:2078
70.95.94.91:2222
71.12.214.209:2222
71.217.112.41:2222
71.220.186.241:2222
71.221.224.19:2222
71.222.141.81:61200
71.57.230.51:50000
71.69.128.2:2222
71.77.252.14:2222
72.204.242.138:2078
72.204.242.138:2087
72.204.242.138:32100
72.204.242.138:32102
72.204.242.138:50001
72.204.242.138:50003
72.204.242.138:53
72.204.242.138:6881
72.224.213.98:2222
72.231.224.122:2222
72.240.200.181:2222
72.255.200.129:2222
72.255.200.69:2222
72.29.181.77:2078
72.29.181.77:2083
72.29.181.77:2222
72.36.59.46:2222
73.152.213.187:80
73.183.145.218:2222
74.88.112.250:2222
74.90.76.128:2222
75.109.193.173:2087
75.109.193.173:8443
75.131.72.82:2087
75.161.36.21:2222
75.165.112.82:50002
75.182.220.196:2222
75.183.171.155:3389
75.86.193.144:2222
76.14.129.53:2222
76.172.59.56:2222
76.182.33.43:2222
76.187.97.98:2222
76.67.162.70:2222
76.86.57.179:2222
78.94.55.26:50003
80.14.209.42:2222
80.195.103.146:2222
81.133.234.36:2222
81.147.42.176:2222
81.147.42.195:2222
81.147.42.227:2222
82.127.193.151:2222
82.77.169.118:2222
83.25.10.201:2222
83.25.14.84:2222
83.25.18.252:2222
83.25.3.51:2222
83.25.31.13:2222
83.79.2.218:2222
85.25.211.31:65400
85.7.22.186:2222
86.121.95.169:2222
86.121.95.197:2222
86.122.254.67:2222
86.123.95.59:2222
86.125.140.0:2222
86.126.97.183:2222
86.127.144.244:2222
86.153.98.125:2222
86.153.98.35:2222
86.153.98.37:2222
86.153.98.75:2222
86.233.4.153:2222
87.115.53.122:2222
88.111.255.235:2222
89.35.93.254:2222
89.45.102.218:2222
90.43.120.113:2222
90.43.6.185:2222
92.1.83.210:2222
92.17.167.87:2222
92.5.146.37:2222
93.118.214.168:2222
96.20.238.2:2078
96.20.238.2:2083
96.20.238.2:2087
96.20.238.2:2222
96.20.238.2:61201
96.22.239.27:2222
96.23.62.35:2222
96.27.47.70:2222
96.35.170.82:2222
96.56.237.174:32103
97.127.144.203:2222
97.84.210.38:2222
98.16.70.197:2222
98.23.52.168:2222
