# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside

briancobert.com

# Reference: http://cybercrime-tracker.net/index.php?search=AZORult

00v.xyz
0131.ga
4max.xyz
accqweqweazo.com
ad.icab.pk
aimnawnt.beget.tech
akingu.bit.md-98.webhostbox.net
alexblog24.p-host.in
among3919.com
andreimolchanov.siteme.org
art4.xyz
asdfz.ru
azorneutrino.com
banckofamerica.info
benchadcrd.nl
bitcoalko.com
bitscoinsme.com
blackexploitz.net
bmagikleak.website
bucscrup.ru
cc33782.tmweb.ru
ch.baskpower.com
coinbitbot.ru
cresbuy.ga
crypto-e.org
cryptopiabot.cc
cryptopiasupport.co
cryptotrust.today.md-35.webhostbox.net
defaultbrowser.xyz
donperenion.com
doueven.click
druvan.xyz
elowpuki.com
elysium-inc.pro
elysium-ltd.pro
ernazar.tk
eualube.com
fde4.tk
fdsv.ml
feamleys.com
flash-piayer-update.com.md-90.webhostbox.net
fsdf.ga
gmx7.com
gob.grantflaskparty.com
gohithatsandrof.win
grantflaskparty.com
hallojab.co.ua
hellojab.com
hhamay.website
holidey.pw
hondobakr.top
hotbest-apps.com
iddqdp.pw
imbaxqxq.org
inc0de.gq
kalakhomes.club
kamyn9ka.com
keyar12f.beget.tech
l2fog.ru
lelllnn.com
lers.xyz
levonside.space
loveyouneed.pw
mcgau2.bit.md-100.webhostbox.net
methodist.sch.id
mike.rivalserver.com
mix1456465.com.cp-47.webhostbox.net
mobwerpingthis.com
mopw.men
mybigfish.stream
myxamop.com
needmorelogs.club
nervozn.tk
nimerstat.ru
ninjatrader.life
npromo.world
ogabosworld.com
ortaksistem.com
panamera.site
pchel8.tk
poloniex.spb.ru
pornhospital.net
port.so.tl
preramet123.name
ps4akk.ru
qers.xyz
rar-lab.ru
rotkit.tk
sads.ml
scat01.tk
scat.cf
sepprod.com
sharfik.club
sinutinu.com
skyroot.ru
solimetalspa.com
sondomax.co
sskyokker256.bit.md-89.webhostbox.net
sslwmi.top
sumocloud.club
svchost.pw
sysplugins.com
taskdata.gq
trimasjaya.com
ubmwuyq.com
ultimaspots.co.uk
usa-bank.info.md-91.webhostbox.net
videocommercialsforyou.com
videopopups.com
vm239011.had.su
vsd1.net
wattmeter.win
www.alkratrad.com
www.antonskoritskii.com
www.asdasdq.com
www.azghost888.com
www.benchadcrd.nl
www.cryptopiasupport.co
www.elowpuki.com
www.ghost888abc.com
www.gopety.cc
www.grandmasson.pw
www.rar-lab.ru
x7x.xyz
zevs3.xyz
zevs5.xyz

# Reference: https://twitter.com/SevenLayerJedi/status/950761083509313536

macpay.pw

# Reference: https://twitter.com/James_inthe_box/status/1039250061065039873

microsoft-update-server.bit
securityupdateserver4.com

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

fdos.tk
genri.ga
gfcv.tk
gfsd.ga
grlo.tk
qpzm.gq
suka1.tk
vfsv.tk

# Reference: https://cert.gov.ua/news/44
# Reference: https://www.virustotal.com/#/ip-address/192.198.87.130
# Reference: https://www.virustotal.com/#/ip-address/185.193.38.78

http://185.193.38.78/
cashouts.tk
vitani.tk

# Reference: https://twitter.com/JAMESWT_MHT/status/1046755632299352064

columbusfunnybone.com/images/drop.php

# Reference: https://twitter.com/ViriBack/status/1050032466164154368

bigchlen.tk

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

bitdotz.top

# Reference: https://twitter.com/avman1995/status/1052426452187185153

qe.igg.biz/gate.php

# Reference: https://research.checkpoint.com/the-emergence-of-the-new-azorult-3-3/

certipin.top
infolocalip.com
tohertgopening.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

kenkelord.gq

# Reference: https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update

s63.bit

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

/java/java9356/index.php

# Reference: https://twitter.com/James_inthe_box/status/1106558836171632642

/027-xcv-j/index.php

# Reference: https://twitter.com/James_inthe_box/status/1106551689132138497

llkty.gq/8s/index.php

# Reference: https://twitter.com/James_inthe_box/status/1105124840501989378
# Reference: https://twitter.com/James_inthe_box/status/1110196027338817538

/simbi/index.php

# Reference: https://twitter.com/VK_Intel/status/1108604579938131968

google-analutics.com

# Reference: https://twitter.com/Racco42/status/1103435627343822848

directdns.duckdns.org
httsdomainset.ddns.net

# Reference: https://twitter.com/Racco42/status/1101131815216168961

myprepaidfiles.ddns.net
directdns.cc

# Reference: https://twitter.com/Racco42/status/1095444880749481986

maxmini.duckdns.org
newconnect.duckdns.org

# Reference: https://securelist.ru/azorult-analysis-history/93645/ (Russian)
# Reference: https://securelist.com/azorult-analysis-history/89922/ (English)

daticho.ac.ug
ravor.ac.ug

# Reference: https://twitter.com/luc4m/status/1107680285834006528

gsutekardookay.com

# Reference: https://twitter.com/luc4m/status/1078691595111878657

sherkseafoods.com

# Reference: https://twitter.com/ps66uk/status/1108295117826387969

/cz/cjin3/index.php

# Reference: https://twitter.com/James_inthe_box/status/1109120289604931584

/azrt/index.php

# Reference: https://twitter.com/James_inthe_box/status/1109835474493829120
# Reference: https://pastebin.com/tvn8EMyS

ymad.ug/1/index.php

# Reference: https://twitter.com/ViriBack/status/1069965350442283009
# Reference: https://pastebin.com/PTkLE0se

/panel632541/admin.php
/io213b5obo/admin.php

# Reference: https://twitter.com/albertzsigovits/status/1110124808572948482

a.helps.site
azmarterroos.com
hellacademy.com
horseliker.ac.ug
justflux.org/webupl.php
parnakol.ug
stelfeshor.ru
zelner.info

# Reference: https://twitter.com/albertzsigovits/status/1110124941356212224

dragonfire.ac.ug
frupidgi.cn
hostname.vip
roninan.ac.ug
tembumgo.pw

# Reference: https://twitter.com/James_inthe_box/status/1110915814725550080

http://78.142.29.208/real/index.php

# Reference: https://twitter.com/Racco42/status/1111189949712420864

armasglass.com/oni/index.php

# Reference: https://twitter.com/James_inthe_box/status/1111666754604789760

recordsforsmssent.xyz/jeff/index.php

# Reference: https://twitter.com/x42x5a/status/1112693567103868928

http://92.63.192.72/index.php

# Reference: https://twitter.com/James_inthe_box/status/1113510502439616513

0x234.com/index.php

# Reference: https://twitter.com/thlnk3r/status/1113658517544550401

gamingserversplus.life/index.php

# Reference: https://twitter.com/ViriBack/status/1094261293693972480

ibrandworld.com/jsl.php

# Reference: https://twitter.com/takerk734/status/1113851637292920832

/Qw2XbN3/index.php

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

cubaworts.gq

# Reference: https://twitter.com/x42x5a/status/1115651159388246016

cryptofaze.com

# Reference: https://twitter.com/VK_Intel/status/982346117298843649

balepinos.com

# Reference: https://twitter.com/LEICHAO_init/status/1118910795675521030

lestonline.gq

# Reference: https://twitter.com/pancak3lullz/status/1085591305269460992

/robb/index.php

# Reference: https://twitter.com/OttoScav/status/1080485559787835392

freetalksa.xyz

# Reference: https://twitter.com/James_inthe_box/status/1121047649459642369

mintyoctopus.com

# Reference: https://twitter.com/avman1995/status/1120893763977658369
# Reference: https://app.any.run/tasks/80464c35-e9f8-44ed-a346-50bf0642cec9

http://95.179.189.49/CC/index.php

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

klyaksa.xyz

# Reference: https://twitter.com/x42x5a/status/1121523221432500225

asahi-tankar.com

# Reference: https://twitter.com/x42x5a/status/1121702655464751104

huanopkey.site

# Reference: https://twitter.com/Racco42/status/1122797588120592384
# Reference: https://app.any.run/tasks/ae52cc1b-f2d5-4d6d-a93c-8c15dff0132f

geu.life
millanplaners.duckdns.org

# Reference: https://twitter.com/Racco42/status/1123953925831446529

izone.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1124625622913806336

lusectech.eu

# Reference: https://twitter.com/x42x5a/status/1125467728406548481

istats.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1126092095465381888

formigations.world

# Reference: https://twitter.com/James_inthe_box/status/1126182590153515009

prolificwealth.ml/wp-content/mee/32/index.php

# Reference: https://twitter.com/James_inthe_box/status/1126846840060571648

/nedu/32/index.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1128675913728700416

dawanepondi.com

# Reference: https://twitter.com/ViriBack/status/1128826571010260994

doomaal.ac.ug

# Reference: https://twitter.com/James_inthe_box/status/1129460760076115969

http://77.222.55.225/index.php

# Reference: https://twitter.com/x42x5a/status/1130816960315498496

mikmuncen.ac.id

# Reference: https://twitter.com/P3pperP0tts/status/1131607738457513989

evaglobal.eu

# Reference: https://twitter.com/nao_sec/status/1132588323262742528
# Reference: https://app.any.run/tasks/27aec731-68a6-4bdf-9feb-55c413acd9f0/

getsee-soft.xyz

# Reference: https://twitter.com/P3pperP0tts/status/1133520317341753347

arispedservices.eu

# Reference: https://twitter.com/SethKingHi/status/1133564418355163136

aramkaaz14.temp.swtest.ru
bigsuper.rocks
bloomsolutions.top
i2kq82kd.cn
lary-pages.com
narcos.3utilities.com
qepxc.ga
witatto.co

# Reference: https://twitter.com/jorgemieres/status/1130863029573312512

privacytool.ru

# Reference: https://twitter.com/James_inthe_box/status/1134149799601553408

begurtyut.info

# Reference: https://twitter.com/James_inthe_box/status/1134464016095383552

veegoo.com.sg

# Reference: https://twitter.com/ViriBack/status/1134662952898965504
# Reference: https://pastebin.com/pkZ0TBnc

arispedservices.eu
binnatto.de
binatech.eu
kmgroup.pw
yogh.eu
lexaalkash.temp.swtest.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1135515112121540609
# Reference: https://app.any.run/tasks/a470917e-fb77-4f53-945a-109804624e8b/

http://185.79.156.18/jam/index.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1136204624342503425

cd57063.tmweb.ru

# Reference: https://twitter.com/Racco42/status/1136602289953746944

visionscape.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1139630548626751488

http://185.62.190.23/index.php

# Reference: https://twitter.com/DbgShell/status/1142257921889316870
# Reference: https://www.virustotal.com/gui/file/72288ab34ee508d0f65e7ebf884b21e94ee191e96de5931dd68288fcc8bfcf7f/detection

dotbit.me/a/

# Reference: https://twitter.com/malware_traffic/status/1143662206099365890
# Reference: https://app.any.run/tasks/4365c9b9-7ea6-4d90-897c-8302410c9234/
# Reference: https://twitter.com/JAMESWT_MHT/status/1144239446759563265
# Reference: https://app.any.run/tasks/61f4998e-27bf-4429-80c6-e23c694e6c65/

http://51.15.241.96/1/3D890117-1CEB-4558-BA94-0C64E21A9504/index.php
http://51.15.231.96/4/3AFDF4A3-33B5-4028-B8B8-E66616F1CBA7/index.php

# Reference: https://twitter.com/James_inthe_box/status/1144227200209580032

lusecproducts.top

# Reference: https://twitter.com/Paladin3161/status/1144341515428196352
# Reference: https://pastebin.com/i6Gfxs0q

http://185.164.72.241/wogor/index.php

# Reference: https://twitter.com/P3pperP0tts/status/1144868292525461504

stanendybiz.top

# Reference: https://app.any.run/tasks/dee05de9-4286-45b5-8b0d-7291e09f6c16/

vh64.timeweb.ru

# Reference: https://twitter.com/malware_traffic/status/1145749834923696129

lucknowww.top

# Reference: https://twitter.com/MisterCh0c/status/1145598683997724673

69.kl.com.ua

# Reference: https://twitter.com/P3pperP0tts/status/1146398222904152066

http://92.63.192.127/index.php

# Reference: https://twitter.com/benkow_/status/1147442492046020608

brain.ac.ug
jopa.ac.ug
nobrain.ac.ug

# Reference: https://twitter.com/ps66uk/status/1148876602727653376

http://103.133.106.156/july/index.php

# Reference: https://twitter.com/ps66uk/status/1148876604296368129

http://103.125.191.69/donserly/index.php

# Reference: https://twitter.com/adrian__luca/status/1149689208405221378
# Reference: https://app.any.run/tasks/333bda58-5a37-4543-8492-d3b7d2d85361/
# Reference: https://twitter.com/nao_sec/status/1160878626688008195

vh308850.eurodir.ru
vh307870.eurodir.ru
vh314957.eurodir.ru
vh[0-9]{6}\.eurodir\.ru

# Reference: https://twitter.com/malware_traffic/status/1090366374772383745

http://51.15.241.168/AEDD77D05-A028-477C-B013-04F33F1385C3/index.php

# Reference: https://twitter.com/James_inthe_box/status/1150418960464039936

timekeeper.ug
hjkg456hfg.ru

# Reference: https://twitter.com/James_inthe_box/status/1151222412890927104

k.icf-fx.kz

# Reference: https://twitter.com/Paladin3161/status/1151447962058465282

dottybiz.top
mrjbis.top

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

7wereareyou.icu

# Reference: https://app.any.run/tasks/15240364-844c-4489-9b74-c6f28a9d72d1

/.well-known/backup/index.php

# Reference: https://twitter.com/Paladin3161/status/1152645058434338816

asicivilsurvey.com

# Reference: https://twitter.com/x42x5a/status/1153208780714369025

dfghdfghhffd.ru
timebound.ug

# Reference: https://twitter.com/Racco42/status/1153297037791760385

savana.duckdns.org
xchange.duckdns.org

# Reference: https://twitter.com/Racco42/status/1154713892314066944

edirect.duckdns.org
irila1.duckdns.org

# Reference: https://twitter.com/Artilllerie/status/1155851644262920199

free-bitcoin-earnings.tk

# Reference: https://twitter.com/Paladin3161/status/1156509693872758784

http://185.136.171.122/russia/index.php

# Reference: https://twitter.com/Paladin3161/status/1157069487662723072

http://137.74.181.121/index.php
http://184.164.137.183/index.php

# Reference: https://twitter.com/romonlyht/status/1157190035868807169

warnning-accounts-recovery-appleid-apple.com

# Reference: https://twitter.com/Paladin3161/status/1158527567411871744

trafficaddicts.ru

# Reference: https://twitter.com/Lvanoel/status/1159335174838083584
# Reference: https://app.any.run/tasks/6340754c-5c71-4690-877f-55cb33e480e9/

firemetrics.com.au

# Reference: https://twitter.com/Paladin3161/status/1159984827124162560

lycos.top
modexcommunications.eu

# Reference: https://twitter.com/Paladin3161/status/1160640437272469504

program.zadc.ru

# Reference: https://twitter.com/Paladin3161/status/1160887839770284033

http://185.11.146.158/index.php

# Reference: https://twitter.com/Paladin3161/status/1161226389476929536

http://185.11.146.144/index.php

# Reference: https://twitter.com/Paladin3161/status/1160892405760966656
# Reference: https://www.virustotal.com/gui/domain/myihor.ru/relations

ih[0-9]{7}\.myihor\.ru

# Reference: https://twitter.com/Paladin3161/status/1161420183124058112

bazar-top4ik.best

# Reference: https://twitter.com/gorimpthon/status/1163616173860122624

modcloudserver.eu

# Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/

soroog.xyz

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

http://103.253.27.234/teststeal/gate.php
parking-services.us

# Reference: https://twitter.com/Paladin3161/status/1163788023005208577

http://185.222.56.163/index.php

# Reference: https://twitter.com/Paladin3161/status/1163997644898750465

normpost.club
testaztest.xyz

# Reference: https://twitter.com/James_inthe_box/status/1164898833500798976

losjardinesdejavier.com/admin/32/index.php

# Reference: https://twitter.com/DynamicAnalysis/status/1165720711219929088
# Reference: https://pastebin.com/wHV90Sc2

http://151.80.8.23/panel/index.php
http://185.222.56.163/index.php
http://23.227.201.16/gidi/index.php
http://92.63.192.119/index.php
a0327852.xsph.ru
a0329841.xsph.ru
cdl24885oq.temp.swtest.ru
kilangsprcoket.tk
latiso.ru
modcloudserver.eu
roberto.ac.ug
testaztest.xyz
testieng.kl.com.ua
u4504124br.ha003.t.justns.ru
lakeshoreintegrated.com/ch/index.php
xcvcdgfg.ru

# Reference: https://twitter.com/P3pperP0tts/status/1166320996640419841

http://87.98.166.117

# Reference: https://twitter.com/Paladin3161/status/1166341820533497856

hellhounds713.ddnsking.com

# Reference: https://twitter.com/smica83/status/1166348627025039360

craft-holdings.duckdns.org
westernautoweb.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1166480667992936449

opengopro.live

# Reference: https://twitter.com/Paladin3161/status/1166665502803890176

dell2.ug

# Reference: https://twitter.com/P3pperP0tts/status/1167083511385378816

new-credit.space

# Reference: https://twitter.com/Paladin3161/status/1167411656122519552

wasserettederoos.nl

# Reference: https://twitter.com/P3pperP0tts/status/1168068329027694594

gdfdfv.ru

# Reference: https://twitter.com/benkow_/status/1168598376977448960

twooo.cn

# Reference: https://twitter.com/killamjr/status/1168904634498502656

dooo74.imparisystems.com

# Reference: https://twitter.com/Paladin3161/status/1169585589420580864
# Reference: https://pastebin.com/CWzW2L5U

http://45.76.87.43
absetup7.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1169911257987780608

http://170.130.205.86

# Reference: https://twitter.com/James_inthe_box/status/1171154845908140038

http://192.95.56.53/index.php

# Reference: https://twitter.com/Paladin3161/status/1172235296223584256

http://83.97.20.170/index.php

# Reference: https://twitter.com/Paladin3161/status/1172252192054661122

bruxara.com

# Reference: https://twitter.com/SolutionsXnotes/status/1173236541092556807

bloggingmarks.ga

# Reference: https://twitter.com/James_inthe_box/status/1174336699112906752

geohotw.com

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html

jma-go.jp
ivanoffol3.temp.swtest.ru
mockerton.top
nagoyashi.chimkent.su

# Reference: https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
# Reference: https://otx.alienvault.com/pulse/5d92273c5bc9b66ef6ef87a7

amibas8722.ddns.net
wh-32248.portmap.io

# Reference: https://twitter.com/P3pperP0tts/status/1178989832380518401

flozzy.uk/wp-admin/file/32/panel/admin.php
flozzy.uk/wp-includes/admin/32/panel/admin.php
worldmasterclass.com/wp-admin/file/32/panel/admin.php

# Reference: https://blog.prevailion.com/2019/10/mastermana-botnet.html

http://216.170.126.146/2ky/index.php
http://216.170.126.146/ahsan/index.php
http://23.249.163.135/index.php

# Reference: https://twitter.com/eramirezgc/status/1179519997057667073

http://170.130.205.86/index.php

# Reference: https://twitter.com/P3pperP0tts/status/1181170339675553793

testieng.kl.com.ua

# Reference: https://twitter.com/P3pperP0tts/status/1181504485685899264

superlatinradio.com/edu/32/panel/admin.php
superlatinradio.com/nons/32/panel/admin.php

# Reference: https://twitter.com/P3pperP0tts/status/1181526309438185473

gstfast.tk/wp-content/cii/32/panel/admin.php

# Reference: https://app.any.run/tasks/2c1d5942-b788-4316-952b-320f61494fd2/

http://5.188.231.19/index.php

# Reference: https://twitter.com/Racco42/status/1183676828910804992

1990.duckdns.org
c1e86f3506cfe05a6738ea6893ff7e.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1184082484050518019

riascos.org/cjay/32/panel/admin.php

# Reference: https://app.any.run/tasks/fc2c8026-c40c-493d-aadc-4b701bdc516b/

http://81.177.6.14/index.php

# Reference: https://twitter.com/wwp96/status/1188830383401504768

http://185.250.240.237

# Reference: https://twitter.com/DrStache_/status/1188917585540276224

rsk.co.tz

# Reference: https://twitter.com/P3pperP0tts/status/1189107385341743105

http://18.216.84.23

# Reference: https://twitter.com/P3pperP0tts/status/1190217928949534720

sylvaclouds.eu

# Reference: https://twitter.com/P3pperP0tts/status/1191014883028062211

waresystem.com

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04)

http://103.207.36.97
http://151.80.8.23
http://172.86.120.238
http://185.62.190.23
http://185.79.156.15
http://185.79.156.18
http://185.79.156.23
http://193.56.28.224
http://23.227.201.16
http://23.249.167.183
http://23.254.224.104
http://23.254.226.244
http://45.67.14.181
http://5.8.88.71
http://81.177.6.14
http://92.63.192.127
http://92.63.192.140
http://92.63.197.102
a0311644.xsph.ru
a0327852.xsph.ru
a0329841.xsph.ru
abzac.in
ahus.duckdns.org
ak3indonesia.com
alhaidarylawfirm.com
analniy4ervyak.zzz.com.ua
arabkrobo.duckdns.org
arispedservices.eu
azor.saloed.pp.ua
b1wr1337.zzz.com.ua
begurtyut.info
binatech.eu
binnatto.de
bluecornerblog.tk
c1e86f3506cfe05a6738ea6893ff7e.duckdns.org
cd57063.tmweb.ru
check-time.ru
corpcougar.com
corpcougar.in
cssime.com
darktool.org
dgkhj.ru
doosamnt.com
efore.info
emmex.duckdns.org
evaglobal.eu
exploitz.duckdns.org
fikus.zzz.com.ua
ghfdfghj324.ru
gloodin.com
godsave.tk
govrvid.com
grindtruex.online
himdeal.xyz
hodrika13.myjino.ru
huejjdhs.xyz
idealindustries.us
indexdoll.top
jefjqjfqfq.temp.swtest.ru
jesunaememma.icu
jinyuanlightings.com
julaly.ml
justritepharmacy.com
kitchenraja.com
kmgroup.pw
lakeshoreintegrated.com
latiso.ru
lexaalkash.temp.swtest.ru
lusecproducts.top
mikeservers.eu
mmaju.top
modcloudserver.eu
modestclouds.eu
mybogeyman.com
nunuraw.apishealth.org
posnxqmp.ru
powent.net
puruntis.ug
qlibasketball.com
quecik.com
riascos.org
richmoreworld.top
rsk.co.tz
senseint.info
sesawulandari.com
slipcentral.com
stanendybiz.top
stastports.com
steelclik.us
stirgh.com
superlatinradio.com
sylvaclouds.eu
taleohio.cf
taleohio.gq
tblasta.us
testieng.kl.com.ua
theartistpixie.com
timacker3423dsdf54dgf.ru
time-check.ru
timeattacker3423dsdf54dgf.ru
timebound.ug
timecheck.ug
timekeeper.ug
tren-zbs.info
trj6rwk.beget.tech
ttcopy.ru
tutvids.ir
unitedshopbd.com
uuid.thetrancoe.com
uzocoms.eu
venzatechi.online
visionscape.duckdns.org
waresystem.com
wupx.ml
yogh.eu
zrozelos.com
zzzmen99.had.su

# Reference: https://twitter.com/Paladin3161/status/1191430198350082049
# Reference: https://pastebin.com/1X9xdfJT

mvbtfgdsf.ru
sdfgdsf.ru
sylvaclouds.eu
waresystem.com

# Reference: https://twitter.com/James_inthe_box/status/1191483501314334720
# Reference: https://app.any.run/tasks/394a2b26-d6d0-4182-a4ee-731b3762ea7b/

9kbgftfr82z4.space

# Reference: https://twitter.com/killamjr/status/1191923979549921280

http://155.94.136.188

# Reference: https://www.virustotal.com/gui/file/4cc116c6b06609d44c458a657ac146a01786c99df10316f86409c9fa11387a2c/detection

xcapdatap.capetown

# Reference: https://twitter.com/KanbeWorks/status/1196639129812881408
# Reference: https://app.any.run/tasks/cbe4e301-eb32-4c63-8455-96656930db8a/

http://164.68.107.60
amazingkanye.bit

# Reference: https://app.any.run/tasks/0d441a52-ede7-4f4c-a801-f3b7f1200b19/

xp1lht2kd6h.icu

# Reference: https://twitter.com/James_inthe_box/status/1199707661945593862

algo.empirehempmarket.com

# Reference: https://twitter.com/killamjr/status/1200943745367248896

http://185.222.57.75

# Reference: https://pastebin.com/DrVftnBR

http://185.125.59.74
http://2.56.215.211
http://92.63.107.154
mm5132645.xyz

# Reference: https://any.run/malware-trends/azorult (Note: as seen on 2019-12-04)

worldatdoor.in
kitchenraja.in
performancehaelth.com
granuphos-tn.com
secure04b-inet.com
dwkhel.com
mail.yuzhani-group.com
cycleplansx.com
kholdinq.com
secure1-inet.com
centuryarns.com
lookoutcraamp.com
tradmets.co.uk

# Reference: https://any.run/malware-trends/azorult (Note: as seen on 2020-01-05)

kathbowling.ru
winapp24.pl
enodablork.ru
constructioninc.zzz.com.ua
56c8.zzz.com.ua
kapkin2121.zzz.com.ua
influg.zzz.com.ua
steller2020.zzz.com.ua

# Reference: https://pastebin.com/h3YjZwW7

degavu.esy.es

# Reference: https://pastebin.com/pYhfzidr

http://5.34.177.120
go-clean.tech

# Reference: https://twitter.com/James_inthe_box/status/1203297994222624768

sgtltd.com/wp-content/uploads/2019/11/2cb.php

# Reference: https://pastebin.com/63w4JXts

superlatinradio.com

# Reference: https://twitter.com/Vishnyak0v/status/1204312402306752513

http://185.203.117.232

# Reference: https://twitter.com/Paladin3161/status/1205111995378237440

sailent.store

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/
# Reference: https://www.virustotal.com/gui/file/90f8b87a516308e1acbc92175cf4b5459302c3883be6fc03822438fc8e1047e6/detection

blockchain-news.info

# Reference: https://www.virustotal.com/gui/file/08bf71ef253f7fe7681d82b10b8293e28207ca32bb2609498d4b0225962c0d86/detection

tubehuyube.tk

# Reference: https://www.virustotal.com/gui/file/dc50ff09cb46a522d7222627349f3e835159bbfda8e271d6214c869e585f033b/detection
# Reference: https://www.virustotal.com/gui/file/8ba566a04dcbb6aacf87c9fadd74e9343da9826383ef7e21288b1aa8997c13d4/detection

5.188.232.211:80
95.181.178.80:80
185.178.45.193:80
klubirsik.info

# Reference: https://www.virustotal.com/gui/file/73329e3f83c16d89d4a148fd55879ab3b6e29a565ded704212d8664eeefcd391/detection

185.244.219.115:80
fitings.ac.ug

# Reference: https://pastebin.com/H6MNzpM3

johida7397.xyz

# Reference: https://twitter.com/James_inthe_box/status/1207439117866291200
# Reference: https://app.any.run/tasks/d6440cc9-7338-4b5d-b800-9a79773c021e/

511431mnogoznaallevangel16194.space

# Reference: https://pastebin.com/dkNYSKW6

kjsdtrfuyhgxcv.ru
mardjdf.ug
nsabeau.com.my

# Reference: https://pastebin.com/VXAQ6N69

http://194.33.45.71

# Reference: https://twitter.com/DrStache_/status/1210522035627139073

hack4you.ru

# Reference: https://twitter.com/wwp96/status/1212807385493975047

http://23.249.165.196

# Reference: https://otx.alienvault.com/pulse/5e11d0f18d61568e3086efa9

klickus.in
lootchem.com
nokiahuyviyphone.com
sendi118.hostlife.link

# Reference: https://twitter.com/makflwana/status/1214430313599754240

http://23.106.160.1

# Reference: https://app.any.run/tasks/4d347c70-17e9-4e34-b71f-bf5ae96fbef3/

sendi118.hostlife.link
185.43.220.19:80

# Reference: https://pastebin.com/APiGq28W

drjones88ave.com

# Reference: https://twitter.com/DrStache_/status/1217069620114468865

http://144.217.105.118

# Reference: https://www.virustotal.com/gui/file/1dc7af344f9f992a9b2dd87f2b11c816e1e10d19c7e63bb692301315f8bb9fca/relations

http://185.11.146.210

# Reference: https://app.any.run/tasks/536cea79-48bf-464b-879b-f4fb4a6b50d0/

spartltd.com

# Reference: https://twitter.com/wwp96/status/1219343269513125889

http://35.158.92.3

# Reference: https://app.any.run/tasks/5b92871e-75f6-40db-bd79-0419866304c6/

http://45.32.207.9

# Reference: https://twitter.com/killamjr/status/1219675115937550337

smartlinktelecom.top

# Reference: https://app.any.run/tasks/0e36a72e-93a1-4823-aec7-0bf48462f22e/
# Reference: https://app.any.run/tasks/c5f72165-7c42-4c5b-a5b6-255f6257e926/

juletta.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1220660269116022784
# Reference: https://app.any.run/tasks/35ca85b2-cd39-4a64-8886-d0e95db4caa3/

xmode.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97c2312e4ceed112798356889ce6a3faedfb707ef49adc1be126330f2c0de5f4/detection

jdjjegellowd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/222a8bb1b3946ff0569722f2aa2af728238778b877cebbda9f0b10703fc9d09f/detection

stcubegames.netxi.in

# Reference: https://www.virustotal.com/gui/file/c868b9b966fa9b732493f53cd51166219f155a70895115c6006d924b324d449f/detection

traffichunter21.xyz

# Reference: https://www.virustotal.com/gui/file/f789e97471a2a877d26ab4fc2fb82a61856b8968d33f4e62311c5bda186be558/detection

margaery.club

# Reference: https://www.virustotal.com/gui/file/932759b7b78a2e02d3d185c51f85a68000b14ac72ac5f0ef75bdef49a4c11370/detection

pnumbrero3.ru

# Reference: https://app.any.run/tasks/6dc3cc9b-807f-4c5a-8c3c-b334646cbfde/

23.106.124.196:80

# Reference: https://twitter.com/wwp96/status/1222975496981557257

farzanatradings.com

# Reference: https://twitter.com/James_inthe_box/status/1224372409504976903

198.23.200.241:80

# Reference: https://app.any.run/tasks/81c645c9-26a5-4e05-b89b-dc60c28278b5/

185.244.150.165:80

# Reference: https://twitter.com/_lockhum/status/1225719271046701056

107.189.10.150:80

# Reference: https://www.virustotal.com/gui/domain/besfdooorkoora.com/relations
# Reference: https://www.virustotal.com/gui/file/520fcf300b616c51fa49731fbb77732d853584448af1683493becc7f9f308228/detection

85.204.74.152:80
besfdooorkoora.com

# Reference: https://twitter.com/wwp96/status/1226915477286531078

borrdrillling.com

# Reference: https://app.any.run/tasks/fa7cd86e-2149-4038-bde3-663d44c3f87e/

j6g3fzp.5k5.ru

# Reference: https://app.any.run/tasks/e1ab75b5-5f51-4ee7-81c3-f6d8cb3720c8/

23.83.134.109:80

# Reference: https://app.any.run/tasks/c4dcf884-4633-4c14-a974-b1ba7d4b712d/

duglazo.info

# Reference: https://app.any.run/tasks/61e769d0-3a50-4052-8cce-884627d90048/

hyperlan.xyz

# Reference: https://twitter.com/_lockhum/status/1228772084001669121

vovagaka.myjino.ru

# Reference: https://twitter.com/James_inthe_box/status/1226930186655916032

system-update.us

# Reference: https://pastebin.com/rzYwJXP3

vitya01.xyz

# Reference: https://app.any.run/tasks/5a492b38-7ce5-4f08-929e-c9bc013656a2/

sadhate.zzz.com.ua

# Reference: https://securelist.com/azorult-spreads-as-a-fake-protonvpn-installer/96261/
# Reference: https://otx.alienvault.com/pulse/5e4c44ee78e30307e4058616
# Reference: https://blog.team-cymru.com/2020/02/19/azorult-what-we-see-using-our-own-tools/

account.protonvpn.store
accounts.protonvpn.store

# Reference: https://app.any.run/tasks/effe443e-efe4-4b7d-812e-0d5f1f46fb5e/

neoneo.site
atest001.site

# Reference: https://twitter.com/wwp96/status/1230543129708761088

194.5.177.120:80

# Reference: https://app.any.run/tasks/e1ef3645-0d4f-4893-b539-7425e06af63d/

abyng.com

# Reference: https://www.virustotal.com/gui/url/4d1b7cbbdc63340416cdafc897140772d76b6975abcc7fde84e38448850f197f/detection

insuncos.com

# Reference: https://twitter.com/KorbenD_Intel/status/1232026591712034816

zantechcorp.online

# Reference: https://www.virustotal.com/gui/domain/yx1.duckdns.org/relations

yx1.duckdns.org

# Reference: http://tracker.viriback.com/dump.php (2020-02-29, Azorult)

http://103.207.36.97
http://104.168.99.168
http://107.175.150.73
http://149.28.199.128
http://151.80.8.23
http://155.138.222.174
http://172.86.120.238
http://185.11.146.210
http://185.219.81.127
http://185.222.57.75
http://185.62.190.23
http://185.79.156.15
http://185.79.156.18
http://185.79.156.23
http://193.56.28.224
http://194.180.224.10
http://195.245.112.235
http://207.246.67.4
http://216.170.114.11
http://23.106.160.1
http://23.227.201.16
http://23.249.165.196
http://23.249.167.183
http://23.254.224.104
http://23.254.226.244
http://35.158.92.3
http://45.32.161.249
http://45.32.207.9
http://45.67.14.181
http://5.8.88.71
http://51.83.200.164
http://67.215.224.101
http://70.35.200.77
http://81.177.6.14
http://82.165.18.207
http://92.63.192.127
http://92.63.192.140
http://92.63.197.102
http://93.185.105.43
a0311644.xsph.ru
a0327852.xsph.ru
a0329841.xsph.ru
a84bl82rni.ru
absoluteloh.zzz.com.ua
abyng.com
abzac.in
aglfreight.com.my
ahus.duckdns.org
ak3indonesia.com
albion.zzz.com.ua
algo.empirehempmarket.com
alhaidarylawfirm.com
analniy4ervyak.zzz.com.ua
apexelectronics-au.com
appeq.000webhostapp.com
arabkrobo.duckdns.org
arispedservices.eu
atest001.site
auxinity.000webhostapp.com
azor.saloed.pp.ua
azorult2410.000webhostapp.com
b1wr1337.zzz.com.ua
begurtyut.info
binatech.eu
binnatto.de
bluecornerblog.tk
c1e86f3506cfe05a6738ea6893ff7e.duckdns.org
cantecme.xyz
castmart.ga
cd57063.tmweb.ru
check-time.ru
cococo.zzz.com.ua
corpcougar.com
corpcougar.in
cssime.com
d2575423ur.temp.swtest.ru
darktool.org
debianflexibles.info
december.zzz.com.ua
dgkhj.ru
didxbooks.com
doosamnt.com
efore.info
emmex.duckdns.org
enodablork.ru
evaglobal.eu
exploitz.duckdns.org
f0371887.xsph.ru
f0387404.xsph.ru
fentq.org
fikus.zzz.com.ua
flashcatmage.ru
fssshipping.com
ghfdfghj324.ru
gloodin.com
godsave.tk
govrvid.com
grindtruex.online
gta-fast.pro
himdeal.xyz
hodrika13.myjino.ru
homieshing.temp.swtest.ru
huejjdhs.xyz
idealindustries.us
incorporatebelize.org
indexdoll.top
infeeble.zzz.com.ua
infos2020com.fr
insuncos.com
iruta.ru
ivchenkosv.online
j1019443.myjino.ru
j6g3fzp.5k5.ru
jdjjegellowd.duckdns.org
jefjqjfqfq.temp.swtest.ru
jesunaememma.icu
jinyuanlightings.com
julaly.ml
jusqit.com
justritepharmacy.com
kitchenraja.com
kitchenraja.in
klickus.in
kmgroup.pw
ksk36139ev.temp.swtest.ru
lakeshoreintegrated.com
latiso.ru
lexaalkash.temp.swtest.ru
liweff.eu
lusecproducts.top
marinov.zzz.com.ua
mecharnise.ir
mfekm.club
mikeservers.eu
mixaton.000webhostapp.com
mmaju.top
modcloudserver.eu
modestclouds.eu
moneta44.zzz.com.ua
mr10.duckdns.org
mybogeyman.com
networkboardspinof.com
newnewnew228.su.swtest.ru
newworld.zzz.com.ua
ntrcgroup.com
nunuraw.apishealth.org
perca.ir
performancehaelth.com
pom4ekk.myjino.ru
posnxqmp.ru
powent.net
puruntis.ug
qlibasketball.com
quecik.com
rgmechanics.fun
riascos.org
richmoreworld.top
rsk.co.tz
s-steal.kl.com.ua
sdfsd.zzz.com.ua
senseint.info
sesawulandari.com
sh1000816.had.su
sinkable-ingredient.000webhostapp.com
slipcentral.com
smartlinktelecom.top
stanendybiz.top
stastports.com
stcubegames.netxi.in
steelclik.us
stirgh.com
strarwars.zzz.com.ua
superlatinradio.com
sw6jshf91sdqg.duckdns.org
sylvaclouds.eu
taleohio.cf
taleohio.gq
tblasta.us
testieng.kl.com.ua
theartistpixie.com
tillivilli.website
timacker3423dsdf54dgf.ru
time-check.ru
timeattacker3423dsdf54dgf.ru
timebound.ug
timecheck.ug
timekeeper.ug
tranpip.com
tren-zbs.info
trimasjaya.com
trj6rwk.beget.tech
tslserver.duckdns.org
ttcopy.ru
tutvids.ir
tylblasta.pw
unitedshopbd.com
uuid.thetrancoe.com
uzocoms.eu
vademics.com
venzatechi.online
visionscape.duckdns.org
vware.duckdns.org
waresystem.com
worldatdoor.in
wupx.ml
wwe23pro.myjino.ru
xmode.duckdns.org
yogh.eu
zozylya5565.zzz.com.ua
zrozelos.com
zzzmen99.had.su

# Reference: https://twitter.com/hexlax/status/1053780496579248130

k3x.xyz

# Reference: https://twitter.com/drok3r/status/1124017680439181313

cc01213.tmweb.ru

# Reference: https://pastebin.com/PTkLE0se

bingobongo.space
gafigaf.in

# Reference: https://github.com/stamparm/maltrail/pull/7116#issuecomment-593117654

paklabourercare-gov.ml

# Reference: https://twitter.com/wwp96/status/1234509116455997441

itsallaboutthetubmans.com

# Reference: https://twitter.com/malwrhunterteam/status/1234850871936274435
# Reference: https://app.any.run/tasks/f3b8f694-0878-4bd1-8e93-0038834725aa/

coronavirusstatus.space

# Reference: https://pastebin.com/aXrJwaiD

marroiq.com

# Reference: https://app.any.run/tasks/91c8414c-663d-4af6-984f-611ad2263bbe/

invalid666.zzz.com.ua

# Reference: https://twitter.com/wwp96/status/1237132225675755523

http://195.245.112.115
softnet.duckdns.org

# Reference: https://pastebin.com/q4qr42ti

jfghhwscxsa.ug
uzoclouds.eu

# Reference: https://twitter.com/wwp96/status/1237462869404508161

hwsrv-688863.hostwindsdns.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.8.99/relations

lspo01.top
lspo02.top
myy01.top
perrr01.pro
zam02.top

# Reference: https://pastebin.com/h6MW55pz

freeelscghf.ug

# Reference: https://twitter.com/James_inthe_box/status/1239573037097209856

xratfrd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/444cc81f219ebc02dbaa89e8e0f17a7c36f0be6f6c98de7a9a108c2c46d91821/detection

http://151.80.8.23

# Reference: https://www.virustotal.com/gui/file/be3cfbf10a732af9965dab5b769ef622233eeca26dc1a3e541326e7ce6788bab/detection

http://149.202.29.73

# Reference: https://app.any.run/tasks/77fd66e5-424a-4fbf-b215-61c0991622e2/

francearefrogs.xyz

# Reference: https://twitter.com/cyber__sloth/status/1241733283060297728
# Reference: https://twitter.com/daphiel/status/1241811019095330819
# Reference: https://otx.alienvault.com/pulse/5e7913b232c26fa54ea031f5

http://185.62.188.204
http://195.130.73.229

# Reference: https://twitter.com/Artilllerie/status/1242443063626252293

cashbackfb.com

# Reference: https://app.any.run/tasks/7879aebd-82f2-4ebb-936e-c7c723af50bc/

ovdoker.myjino.ru

# Reference: https://www.virustotal.com/gui/file/2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307/detection

51.68.178.28:65233
coronavirusstatus.space

# Reference: https://www.virustotal.com/gui/file/acd9ade38ec0b73ea1f84dd82b5eaf78df04687472f8be462b186ba3bb96c581/detection

tiloxsykabla.hopto.org

# Reference: https://www.virustotal.com/gui/file/9f96160e842f6641451f8ab28a3163a7fffa311e8c7e5be3405b8e904d092d72/detection

176.195.137.101:7777
sh1035797.a.had.su

# Reference: https://www.virustotal.com/gui/file/05cb4709348a14bc500316acdbe7932d79c556cd62755fbe141f2146d6524d48/detection

/azor/index.php

# Reference: https://www.virustotal.com/gui/file/517ee76fd17ae8ee2ca4052d2e4d3fad9a2f97e4c45e9f0b4aeabf9de8614b46/detection

d3c00.duckdns.org

# Reference: https://twitter.com/Racco42/status/1244649301030113280

blastforcleaningservices.com/webfonts/PL341/index.php

# Reference: https://pastebin.com/EscWd1Cx

boec.ubksg.ru
vzlomvimeworldv3.000webhostapp.com

# Reference: https://app.any.run/tasks/4b15391f-7cc7-47da-a03f-e55f35dc02ba/

latum666.kl.com.ua

# Reference: https://twitter.com/James_inthe_box/status/1245342936834822144

emails-blockchain.com

# Reference: https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html
# Reference: https://otx.alienvault.com/pulse/5e8798226278e890b02ca96d

http://195.123.234.33
answerstedhctbek.onion
answerstedhctbek.onion.pet
d6shiiwz.pw
darkfailllnkf4vf.onion.pet
dfgdgertdvdf.online
dfgdgertdvdf.xyz
dreadditevelidot.onion.pet
fhcwk4q.xyz
jthnx5wyvjvzsxtu.onion.pet
memedarka.xyz
qlqd5zqefmkcr34a.onion.pet
r77vh0.pw
runionv62ul3roit.onion.pet
rutorc6mqdinc4cz.onion.pet
thehub7xbw4dc5r2.onion.pet
torgatedga35slsu.onion
torgatedga35slsu.onion.pet
torrentzwealmisr.onion.pet
uj3wazyk5u4hnvtk.onion.pet
vkphotofqgmmu63j.onion.pet
xmh57jrzrnw6insl.onion.pet
zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.pet
zzz.onion.pet

# Reference: https://twitter.com/makflwana/status/1247133939501658112

kaso.cf

# Reference: https://twitter.com/malwrhunterteam/status/1247916517888610304
# Reference: https://app.any.run/tasks/0ffe1cae-f25b-4a64-887c-0f57fbd95b30/

bibrpenal.xyz

# Reference: https://www.virustotal.com/gui/file/f3b05b353fab09a7b67b1049ed0a3511b0d109d6e7a8f3ab4898316b85082326/detection

razvalina.xyz

# Reference: https://twitter.com/pancak3lullz/status/1248331847425314816

http://54.37.78.107

# Reference: https://twitter.com/James_inthe_box/status/1248722896681234433

http://38.68.39.209

# Reference: https://pastebin.com/FLxNqzpc

aurumboy.com
ghbjdfvbxc.ru

# Reference: https://app.any.run/tasks/c58ae060-8cf2-4535-a16c-0715809fdd03/

a0417340.xsph.ru

# Reference: https://twitter.com/MBThreatIntel/status/1250165322516054018
# Reference: https://www.virustotal.com/gui/ip-address/54.37.131.204/relations

http://54.37.131.204

# Reference: https://pastebin.com/KM6AZKJ9

hvhcsgo.000webhostapp.com

# Reference: https://pastebin.com/dtR7uD4k

http://35.226.8.173
f0420740.xsph.ru
mrkennylove.myjino.ru
strtesr4.beget.tech
t3lson.myjino.ru

# Reference: https://twitter.com/DrStache_/status/1252724838801735682

samwellgs.com

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html

dfgdgertdvdf.site
gfaefskfht.xyz
obrpenal.xyz

# Reference: https://twitter.com/James_inthe_box/status/1255496095586713606

nicecars.com.ar/surep/32/index.php

# Reference: https://www.virustotal.com/gui/domain/grepolis-download.space/relations

grepolis-download.space

# Reference: https://www.virustotal.com/gui/domain/kadzimagenius.com/relations

kadzimagenius.com

# Reference: https://azorult-tracker.net/api/list/domain?format=plain

0-800-email.com
0300ssm0300.xyz
23strong58.xyz
2c15b6d719.myjino.ru
430lodsposlok.site
430lodsposlok.store
511431mnogoznaallevangel16194.space
57d3e30e.duckdns.org
5infall.zzz.com.ua
777hustle777.info
7imperial7sosat7.cloudpower.me
88futur.xyz
8989898989.000webhostapp.com
a0298423.xsph.ru
a0371219.xsph.ru
a0386457.xsph.ru
a0392617.xsph.ru
a0394307.xsph.ru
a0395941.xsph.ru
a0402552.xsph.ru
a0403929.xsph.ru
a0407571.xsph.ru
a0411983.xsph.ru
a0417340.xsph.ru
a0422199.xsph.ru
a84bl82rni.ru
aboutworld.info
absorbent-spokes.000webhostapp.com
abyng.com
account.protonvpn.store
adnoc.biz
adtechsolutions.in
aerobicsfit.com
aglfreight.com.my
agressor.beget.tech
agxcvxc.ru
akkauntmax4.myjino.ru
alexkraskrasnov.myjino.ru
algo.empirehempmarket.com
aljubab.com
allenservice.ga
alvaros.beget.tech
amushknm.beget.tech
anorelier.hk
apexelectronics-au.com
app.beepn.pw
appeq.000webhostapp.com
arizonawindowtinting.com
arvindsinghyadav.xyz
asdasfff2.beget.tech
asdjsdfgvbxc.ru
asdnbcv.ru
atest001.site
aurumboy.com
auxinity.000webhostapp.com
av4.website
av7.online
ayamng.com
azik11.top
azik22.top
azor.lordgame.ru
azor.saloed.pp.ua
azor2020.space
azorult2410.000webhostapp.com
babkastilak.000webhostapp.com
basest-rooms.000webhostapp.com
batka228.000webhostapp.com
baxinyo.000webhostapp.com
bbmalayalam.000webhostapp.com
bendetta.online
benjam1ine0013.xyz
benzemahaha.000webhostapp.com
bestlogs.myjino.ru
betprognoz.pro
bfxuknchdic.duckdns.org
bhs404.site
blastforcleaningservices.com
blog.gruzotaxi.dn.ua
boec.ubksg.ru
boomcoins.ml
bores.xyz
borrdrillling.com
botheist.xyz
buythebest.pw
by1337.000webhostapp.com
c1yag2b1er.xyz
camillemarielle.com
cantecme.xyz
cashbackfb.com
castmart.ga
cb98944.tmweb.ru
cbmyrw.beget.tech
cbn-cargo.co.id
ccilfov.ro
ceaee16e53.myjino.ru
cheap9xxxx.beget.tech
checkcheck.pk
coronavirusstatus.space
corpcougar.com
corpcougar.in
crackhahanono.000webhostapp.com
cryptotest.beget.tech
cxvbdsfgxvc.ug
cy62976.tmweb.ru
d0lphin1337.xyz
d2575423ur.temp.swtest.ru
d3c00.duckdns.org
dalall.beget.tech
damvdolgdayn.com
danladen4.000webhostapp.com
davidosik228.000webhostapp.com
deathskins.ru
deathsun1337.000webhostapp.com
debianflexibles.info
deciduate-pot.000webhostapp.com
defeax123g.temp.swtest.ru
degavu.esy.es
desperoz.myjino.ru
deviceful-errors.000webhostapp.com
dfcworldcompany.com
dgfdgdgkjkghhfgdfsdgtyuuuyiuoutredfsdfgfgfhbbnmcvxcxcvf.ac.ug
diakovpro.ru
didxbooks.com
directmalta.com
discaredforftp.000webhostapp.com
dnraviations.com
doohs.000webhostapp.com
doohs1111.000webhostapp.com
dreamkr.com.ua
dthorn2a.myjino.ru
dubeysurya2468.xyz
dublingeek.xyz
duglazo.info
dyslexic-picture.000webhostapp.com
e90677op.beget.tech
eas1tlink.xyz
easymoney-cc.com
eleon-crypto.site
elien123.000webhostapp.com
emails-blockchain.com
emdholdings.co.za
emells.ir
engman.ac.ug
engranesfinos.com
enodablork.ru
ensaenerji.com
eptablyaym.temp.swtest.ru
erkmuhval.ru
ewges38c.beget.tech
f0362146.xsph.ru
f0367026.xsph.ru
f0371188.xsph.ru
f0371578.xsph.ru
f0371887.xsph.ru
f0374667.xsph.ru
f0377252.xsph.ru
f0378370.xsph.ru
f0383643.xsph.ru
f0386279.xsph.ru
f0386817.xsph.ru
f0387181.xsph.ru
f0387404.xsph.ru
f0388335.xsph.ru
f0390199.xsph.ru
f0390547.xsph.ru
f0390746.xsph.ru
f0391270.xsph.ru
f0394067.xsph.ru
f0396130.xsph.ru
f0396733.xsph.ru
f0400435.xsph.ru
f0400620.xsph.ru
f0401036.xsph.ru
f0401354.xsph.ru
f0401703.xsph.ru
f0403892.xsph.ru
f0405203.xsph.ru
f0406543.xsph.ru
f0406552.xsph.ru
f0409474.xsph.ru
f0411256.xsph.ru
f0412066.xsph.ru
f0412189.xsph.ru
f0414238.xsph.ru
f0420740.xsph.ru
f0421164.xsph.ru
f0425296.xsph.ru
f0429316.xsph.ru
fakesitexbait.000webhostapp.com
farzanatradings.com
fdbvcdffd.ug
felicombo.club
fentq.org
fesfesfsefes.000webhostapp.com
fiasyfssa.mywps.me
filess2.000webhostapp.com
fiodar2003.myjino.ru
firefox.ac.ug
fjoersm.beget.tech
flashcatmage.ru
fludocio.mcdir.ru
followgf.myjino.ru
foutbolchannnels.com
francearefrogs.xyz
fredmartinz.com
fredokrug2.temp.swtest.ru
freeelscghf.ug
freycinetvista.com.au
fssshipping.com
fullappz.pk
funpay1.000webhostapp.com
fyvittyo.mywps.me
gamervordl.000webhostapp.com
gamesenser.000webhostapp.com
gatertayer.xyz
gatsby.best
geggegegegegeg.000webhostapp.com
gemateknindoperkasa.co.id
get-free-btc.000webhostapp.com
ghbjdfvbxc.ru
ghost250960.worldhosts.ru
gineuter.info
glom-2019.com
golder.hk
gpsindia.biz
grabberweter.000webhostapp.com
gravyshop111.000webhostapp.com
gravyshop228.000webhostapp.com
gravyshops.000webhostapp.com
greenzo.xyz
groysman.club
gta-fast.pro
gtxlpfirefly.000webhostapp.com
gwinxx.com
gyjn.000webhostapp.com
h145197.s27.test-hf.su
ha4cker.000webhostapp.com
hack4you.ru
heddguardian.website
heryantosaleh.xyz
hodrika13.myjino.ru
hohrn.myjino.ru
hojokk.com
homieshing.temp.swtest.ru
homiletic-submarine.000webhostapp.com
hustdomains.host
hvhboss.000webhostapp.com
hvhcsgo.000webhostapp.com
hvhlegendpro.000webhostapp.com
hyperlan.xyz
id8053.com
ignatsuhac.temp.swtest.ru
ignovikovo.temp.swtest.ru
ikemturkey.eu3.biz
imlubu.myjino.ru
inboxindexwin.kebapkokorec.com
incorporatebelize.org
infos2020com.fr
insuncos.com
iruta.ru
it-ha.ru
itsallaboutthetubmans.com
ivanover.beget.tech
ivchenkosv.online
iwkvndkkasfsd.ug
j1019443.myjino.ru
j1019553.myjino.ru
j1034033.myjino.ru
j1036203.myjino.ru
j1041445.myjino.ru
j1047544.myjino.ru
j6g3fzp.5k5.ru
jayrolzcashout.000webhostapp.com
jcvksdf.ug
jddjj4j4j.000webhostapp.com
jdjjegellowd.duckdns.org
jehard.000webhostapp.com
jerichoconstructioncompany.com
jiemoh13.000webhostapp.com
jjjaya.zadc.ru
jlckey.000webhostapp.com
johida7397.xyz
jonas1athan.xyz
jordinoalebri4.myjino.ru
josephgrief.000webhostapp.com
josephgrief228.000webhostapp.com
junkjorejacke.space
jusqit.com
jzvhzmu.duckdns.org
k90177j3.beget.tech
kahtamarkalar.com
kakawevich.temp.swtest.ru
karamelka1.000webhostapp.com
karamlol.000webhostapp.com
kaso.cf
kecid.ru
keklolymai.temp.swtest.ru
khaliddib398.xyz
khjbndgvbxc.ru
killersam.beget.tech
kino-dom.pro
kitchenraja.in
klickus.com
klickus.in
krork.xyz
ksk36139ev.temp.swtest.ru
l2c9b1d0.justinstalledpanel.com
l2orion.beget.tech
lamefrp.xyz
lasinka.000webhostapp.com
lasvegas.beget.tech
lerteco.ug
lexentaazor.me
lifeisbetternow.ml
littlebarbar.online
livdecor.pt
liweff.eu
logiakk1i.000webhostapp.com
logroom.top
m11necraft.000webhostapp.com
marashmara.dx.am
marroiq.com
marsksfdgdf.ug
martinicos.had.su
massivedynamics.pe
mcxlxad.ug
mecharnise.ir
medireab.ga
memotech.cf
menylead.xyz
mez.kl.com.ua
mfekm.club
microsft.beget.tech
mikeservers.eu
minerkg.myjino.ru
mixaton.000webhostapp.com
mmuell.com
mnjkoug.ug
mociwanf.beget.tech
modcloudserver.eu
moonman.beget.tech
moquite.ga
morhenshtern.com
morsee1337.beget.tech
mr10.duckdns.org
mrkennylove.myjino.ru
musicwwv.beget.tech
mvhgjvbn.ug
mybogeyman.com
mzaky.com
narkoman1337.000webhostapp.com
nazarvitalik.000webhostapp.com
networkboardspinof.com
newazo.info
newnewnew228.su.swtest.ru
newplug.monster
news.gruzotaxi.dn.ua
newsize.in
newwave.host
newworld.zzz.com.ua
newxico.kl.com.ua
nextbridge.info
nicecars.com.ar
nikitaakimenkoklass.000webhostapp.com
nokiahuyviyphone.com
nootpositivo.xyz
noratting.xyz
nothing.monster
nsabeau.com.my
nsgvcxzcv.ug
ntrcgroup.com
nunugurl.xyz
nvutionefasfsa.000webhostapp.com
obimmaa.ir
officelog.org
ogzetmailc.temp.swtest.ru
olgaa.ir
online3130.000webhostapp.com
onlygodem.com
opera3773.000webhostapp.com
opira.000webhostapp.com
ovdoker.myjino.ru
ovz3.skazkatut2222.px7zm.vps.myjino.ru
partnercoin.ml
patayka.000webhostapp.com
pate1k.000webhostapp.com
pathofexile.host
patrilinear-mixture.000webhostapp.com
paufx.000webhostapp.com
pavaroy5.beget.tech
paypasecureservice.com
perca.ir
performancehaelth.com
petr555.beget.tech
petrovasik.beget.tech
pickel666.000webhostapp.com
pizdaruly.000webhostapp.com
pizzamazz.000webhostapp.com
planktondavid.000webhostapp.com
pnumbrero3.ru
polarisp0laris.000webhostapp.com
pom4ekk.myjino.ru
pom4ekoffi.temp.swtest.ru
prmcsdgs.ug
pssa.000webhostapp.com
purity.monster
qiwi-api.site
qlibasketball.com
qukz.000webhostapp.com
razlockas.beget.tech
referral-casino.club
reliancectg.com
rentfare.com
rgmechanics.fun
rhaeecetbsgmpbulkfz4rhmw.xyz
roling.000webhostapp.com
rollscar.pk
romasshved41.000webhostapp.com
rqx10504bc.temp.swtest.ru
rrgodshsf.ug
rulletedonut.000webhostapp.com
rupoc.beget.tech
russellipm-storedproductsinsects.com
ryiew.beget.tech
ryvan000.xyz
sadhukha1n.xyz
sakataexpl.temp.swtest.ru
samaaj.org.pk
samperbbcash.000webhostapp.com
samwellgs.com
sashavpisdu.000webhostapp.com
sber-host.000webhostapp.com
scogcs.000webhostapp.com
sdadsfdfsf.temp.swtest.ru
sdfg34av.beget.tech
sdfsdfv.ru
sdn003kaubun.sch.id
seijs.site
selftasarim.com
sendi118.hostlife.link
server20.duckdns.org
sespipilmu.myjino.ru
sh1000816.had.su
sh1007969.had.su
sh1035797.a.had.su
sharjoff.000webhostapp.com
sinkable-ingredient.000webhostapp.com
sisse.site
smartlinktelecom.top
smddd.monster
snowagainfearfreezesagainagainitfeelslikeiceisinmyhands.space
sosatsuki.000webhostapp.com
sostupid.ac.ug
spartltd.com
spartvishltd.com
spede.000webhostapp.com
spherewinner.ga
st11llers.000webhostapp.com
stalker098.000webhostapp.com
stalkeronline1.000webhostapp.com
stalkershops111.000webhostapp.com
standartjuke.info
starf1.000webhostapp.com
stcubegames.netxi.in
steallog.tk
stephir.ug
stilakk.mcdir.ru
stirgh.com
stodfm34.ug
strarwars.zzz.com.ua
strtesr4.beget.tech
sufficientblessing.com
sukaponic.com
superoleggamer.000webhostapp.com
sw6jshf91sdqg.duckdns.org
swandersd.000webhostapp.com
sylvaclouds.eu
t3lson.myjino.ru
tacsi4niym.temp.swtest.ru
tarasov.ac.ug
tatle.net
tawiwa6455.temp.swtest.ru
tdsjkh42.ug
techxim.com
tenntechs.com
terminal75.temp.swtest.ru
test9812.site
thori.xyz
tiberton.top
tillivilli.website
tokorankoscr.000webhostapp.com
tomylee.xyz
topik07.mcdir.ru
topsaller31213.000webhostapp.com
tragee.000webhostapp.com
tranpip.com
transcendem.com
trasjhsdf.ug
trepeth3.beget.tech
tribunitial-impulse.000webhostapp.com
trimasjaya.com
tslserver.duckdns.org
tutvids.ir
tylblasta.pw
u0929560.cp.regruhosting.ru
u0945186.cp.regruhosting.ru
u4429322ee.ha003.t.justns.ru
umka.elitkom.uz
unitedshopbd.com
updateapiweb.com
uploadsnew.site
uraganhokino222.000webhostapp.com
user2332.royal-hosting.ru
uzoclouds.eu
v174990.hosted-by-vdsina.ru
v178903.hosted-by-vdsina.ru
v200235.hosted-by-vdsina.ru
v200598.hosted-by-vdsina.ru
v201750.hosted-by-vdsina.ru
v202207.hosted-by-vdsina.ru
v204306.hosted-by-vdsina.ru
v205557.hosted-by-vdsina.ru
v205579.hosted-by-vdsina.ru
v205588.hosted-by-vdsina.ru
v207213.hosted-by-vdsina.ru
v207249.hosted-by-vdsina.ru
vacompany.co.za
vademics.com
vc.kunwersachdev.com
verifycrash.mcdir.ru
veritynova.com
vh332705.eurodir.ru
video-ld.ru
viebyvieby.ru
vincecamutogiftcard.com
vipmas15.beget.tech
visitcolumbia.xyz
vitya01.xyz
vlad-kharin-2000.myjino.ru
vovagaka.myjino.ru
vplserv.duckdns.org
vplserver.duckdns.org
vware.duckdns.org
vzlomvimeworldv3.000webhostapp.com
wannabyby.000webhostapp.com
warfik2020.temp.swtest.ru
webpanell.website
wedro228.000webhostapp.com
weilbrain01.000webhostapp.com
wertyddd.dx.netxi.in
westbeast.monster
whyuneedcrackfakesitehaha.000webhostapp.com
wlcmyanmar.tk
worldatdoor.in
ww6.000webhostapp.com
xcvfghfds.ug
xenicolnc.mskhost.pro
xinchaocacchau.000webhostapp.com
xmode.duckdns.org
xpologistics.ga
xratfrd.duckdns.org
xvcvhgnfdg.ug
xxffornikationxz.duckdns.org
xxl.fatedlove888.com
xxpollacoxx.xyz
xzcvuipofjgh.icu
yandibiotech.com.vn
yaroslavdimitriev.000webhostapp.com
yoflccv.ug
youtubinstall.website
yuidfgxcvbxc.ru
yuioph.beget.tech
yx1.duckdns.org
zantechcorp.online
zenben.site
zg-hose.xyz
zidrekilta.myjino.ru
ziggeroff.000webhostapp.com
zxvcm.ug
гала-про.рф

# Reference: https://azorult-tracker.net/api/list/loaders?format=plain

http://107.155.162.15
http://18.218.130.236
http://185.219.81.127
http://188.120.245.179
http://195.54.162.123
http://23.247.102.120
http://23.247.102.125
http://23.247.102.18
http://23.247.102.23
http://23.249.165.196
http://3.120.37.138
http://35.226.8.173
http://35.245.148.20
http://38.68.47.61
http://51.83.200.164
http://51.83.210.201
http://87.251.76.122
http://94.103.84.71
2c15b6d719.myjino.ru
8989898989.000webhostapp.com
a0395941.xsph.ru
a0403929.xsph.ru
a0411983.xsph.ru
a0417340.xsph.ru
agxcvxc.ru
alfreseamarine.com
alvaros.beget.tech
asdjsdfgvbxc.ru
asdnbcv.ru
avp.ie
blastforcleaningservices.com
blog.gruzotaxi.dn.ua
blurstationcloud.com
bores.xyz
bot.lordgame.ru
cashbackfb.com
castmart.ga
cd92647.tmweb.ru
ceaee16e53.myjino.ru
cheap9xxxx.beget.tech
deathskins.ru
deathsun1337.000webhostapp.com
egtch.com
emedtutor.com
f0377252.xsph.ru
f0400620.xsph.ru
f0411256.xsph.ru
f0420740.xsph.ru
fdbvcdffd.ug
ghost250960.worldhosts.ru
infos2020com.fr
innovarce.com
jcvksdf.ug
jjjaya.zadc.ru
jlckey.000webhostapp.com
lodergord.com
manedina.top
marsksfdgdf.ug
martin-burboeck.com
mcxlxad.ug
mnjkoug.ug
morsee1337.beget.tech
mvhgjvbn.ug
narkoman1337.000webhostapp.com
nsabeau.com.my
ovdoker.myjino.ru
planktondavid.000webhostapp.com
platform.clubpetnyc.com
prmcsdgs.ug
redmoscow.info
regalo-beauty.com
rrgodshsf.ug
scooptek.com
sdfsdfv.ru
sdn003kaubun.sch.id
seijs.site
siddharthagroup.co.in
sosatsuki.000webhostapp.com
stodfm34.ug
strtesr4.beget.tech
tdsjkh42.ug
tenntechs.com
tiberton.top
trasjhsdf.ug
tribunitial-impulse.000webhostapp.com
umka.elitkom.uz
v200598.hosted-by-vdsina.ru
vputin.pk
wlcmyanmar.tk
xxxgame.su
yandibiotech.com.vn
yip.su
yoflccv.ug
youtubinstall.website
yuidfgxcvbxc.ru
zxvcm.ug

# Reference: https://app.any.run/tasks/ec033058-32fe-4e1a-81fc-ccd0ca4ba971/

http://kkarakas.com/wp-includes/css/mde/
http://gargiulo.com.ar/wp-content/file/

# Reference: https://pastebin.com/LRahpy2C

annetka012.temp.swtest.ru

# Reference: https://twitter.com/ninoseki/status/1260399404726415360

account-support.dynamic-dns.net

# Reference: https://twitter.com/malware_traffic/status/1260685460113948674
# Reference: https://app.any.run/tasks/fdc5e34f-1f77-4043-bf0d-08de95051433/

sorrentino.ug
vincenzos.ug

# Reference: https://pastebin.com/izB7hkv0

bigassprod.ug
caleromartinez.ug
vjhscvbncv.ru

# Reference: https://app.any.run/tasks/a1c1090f-9ce7-4576-b2ed-a8742528e378/

up908.viewdns.net

# Reference: https://pastebin.com/0j1kCxhK

http://195.245.112.115
http://217.8.117.45
http://34.105.129.68
aaronthompson.ug
zaragoza.ug

# Reference: https://pastebin.com/KZ24bymJ

barcla.ug
gadem.ug
