# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/
# Reference: https://www.virustotal.com/gui/file/347687813e6c14e190fa3545f088555b241bc63bb1a5796d672747a7303d276b/detection

madh0use8.no-ip.org
madh0use8.no-ip.org.ovh.net

# Reference: https://www.virustotal.com/en/domain/vajityu.club/information/

vajityu.club

# Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx

aepahphahv.co.vu
aisohcaehi.co.vu
anothertembr.cf
anothertembr.ga
anothertembr.gq
anothertembr.ml
chughaiquu.co.vu
eewujoopai.co.vu
faeceedaba.co.vu
iewohpotae.co.vu
kladara.ml
meicashala.co.vu
rooniebohl.co.vu
sheibohchu.co.vu
sootateiso.co.vu
xooseishoh.co.vu

# Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/

facetwop.ru
rulething.ru
montirose.com

# Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100

server2.bjdnxbgp3.ru
bogerando.ru

# Misc (incidents)

devomchart.com
getmyhouse.net
ginbig.com
moksaduqqovlof.net
observatorystarsoh.net
runningwayforsun.net
locatedforporternok.net
addressbooklocater.net
alarg53.ddns.net
kiliposturgy22.no-ip.biz
beatyourmeatwhileweeat.com
qibrasob.ru
zibravopl.ru
forgiveme.workisboring.com
75ulqnwb.ru
i7gd9ultgx.ru
v99ay4wuo.ru
gd14hp0u6x.ru
qsqjeuno53.ru

# Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/

lightsmokesky.net
segateslondo.ru
devomchart.com
lemotgraph.com
wittersphere.net
monitmock.su
monitnear.ru
zapoio.com
napalmstories.su
jabberstorm.su
photohubchart.com
thoughtdog.net

# Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/

wanmeishua.com

# Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl

alsblueshelpt.nl

# Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/
# Reference: https://cymon.io/46.166.165.114

46.166.165.114
committeedub.com
09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link
cekmakasabasa.com
0oers58juxhcm7e.aze.link
yadakbloghesaplar.link
aze.link
fsafakfskane.net
cclamarablog.xyz
cutecatworldhappy.website

# Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/
# Reference: https://cymon.io/181.174.164.3

181.174.164.3
adobeflashplayernew.com
adobeflashplayernew.org
adobeplayerdownload.com
adobeuploadplayer.com
adobeflashplaayer.com
flashplayeerupdate.com
adobeupdateplayer.com
adobeupdateplayeer.com
adobeupdateflash11.com
update-flash-player.org
adobeflashupdate.org
updateflashplayer11.com
alarkamaravaas.pw
lin.kim
cutecatworldhappy.website
abaza.ninja
shoppet.net
aze.link
q0a2wqepvhz8ame.aze.link
samaravablog.pw
weightloss-secrets-revealed.net
gomen.ninja

# Reference: https://www.snort.org/rule_docs/1-30285

palauone.com

# Reference: https://marc.info/?l=emerging-sigs&m=135207116130028

whatandwhyeh.com
manymanyd.com
traindiscover.com

# Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617

bktwenty.com
adbullion.com
sleeveblouse.com

# Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951

meherdelam.com
fordulak.com
germerand.com

# Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/

meherdelam.com
royalbankofcanadahelp.com
dns8.ffv3.ru
dns9.ffv3.ru
royalbankservicescheck.com

# Reference: http://www.urlvoid.com/scan/recenthosts.ru/

recenthosts.ru

# Reference: https://www.siteadvisor.com/sites/intelcorpsg.com

intelcorpsg.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx

cyber7.bit

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx

fionades.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx

cgi.dubkill.com

# Reference: https://www.virustotal.com/en/file/bb7238944240e9eeee1371e1970cbd5d7697180b0ba1436ef7e62da3d97438db/analysis/

srv5020.net
srv5010.net

# Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120

fina.online

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

blooping.ovh.net
salako.net

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

himynameisnoah.su
ichockealotkrug.com
idontlikeitwhenyoudoit.ru
iliketopunchnoah.com
justreggitifyouknowit.ru
karnevallizdageil.com
merhabaslm.su
wheniseeyourdedows.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

joaosgk03.sytes.net
spectrun2008.no-ip.org

# Reference: https://twitter.com/ps66uk/status/1037866649435729921

widewiderangers.fun

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section)

http://122.14.210.142
http://141.8.225.75
http://198.46.86.224
http://43.230.143.219
americasculturalstudies.net
danhbaviet.com
kegodanang.com
sevbizleadservices.com
siyaghasourccing.com
vhecha.com
www970234.com

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0)

amniyatgostariranian.ir

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0)

ducklife.ddns.net
homersides.duckdns.org
wandersongay.ddns.net

# Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html

2bunny.com

# Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/

vv338.com

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

laserjetpro.com

# Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680

manapowermta.us

# Reference: https://twitter.com/jonaha92/status/1045344161690505217

11m.online

# Reference: https://twitter.com/blu3_team/status/1046054098884349953

images.laofamilymerce.com

# Reference: https://twitter.com/blu3_team/status/1037854618477383681

tub.gotomental.com
/bin/page/hpsrv.tmp

# Reference: https://twitter.com/blu3_team/status/1033356637543825408

nhatbao.chatpacific.com

# Reference: https://twitter.com/blu3_team/status/1030263686001246210

v2.buydiamond.hk

# Reference: https://twitter.com/blu3_team/status/993121509643378688

fb-dn.net/disrt/
ap12.ms-update-server.net

# Reference: https://twitter.com/blu3_team/status/988204223975305218

kmbk8.hicp.net

# Reference: https://twitter.com/blu3_team/status/981659638776115200

unnews.freetcp.com

# Reference: https://twitter.com/blu3_team/status/971351907095711745

baoin.baotintu.com:8001

# Reference: https://twitter.com/blu3_team/status/968588888867393536

news.voteandreahorwath.com
/polar-beer/election2018/info.html

# Reference: https://twitter.com/blu3_team/status/964324749106130944

zero-emissioncar.org

# Reference: https://twitter.com/blu3_team/status/958573054052978688

weather.gbaycruise.com

# Reference: https://twitter.com/blu3_team/status/956144807554043906

teredo-update.com

# Reference: https://twitter.com/blu3_team/status/951759637816205312

chrome.softupdate.xyz

# Reference: https://twitter.com/blu3_team/status/951658055858622464

mktnplace.com:81

# Reference: https://twitter.com/blu3_team/status/951647866531057665

nubpubwizard.jetos.com
worktrs.wikaba.com

# Reference: https://twitter.com/blu3_team/status/950126294137819136

thestar.live

# Reference: https://twitter.com/blu3_team/status/950124083332689920

newmysticvision.com

# Reference: https://twitter.com/FewAtoms/status/1045358651307962369

lse-my.asia

# Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376

firefox-addons.com

# Reference: https://twitter.com/James_inthe_box/status/1046844087469391872

kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz

# Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648

docs.herobo.com/in/
docs.herobo.com/mr/

# Reference: https://twitter.com/FewAtoms/status/1047533778665660425

americanxdrive.gq

# Reference: https://twitter.com/FewAtoms/status/1047514168105082881

uchservers.ga

# Reference: https://twitter.com/virqdroid/status/1047419271662505985

bibonado.com

# Reference: https://pastebin.com/AasLyArF

monochromestr.site
motiondev.com.br
studio2321.com

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

alangudiagroindia.com

# Reference: https://twitter.com/dvk01uk/status/1047797297835397121

tokovio.com
/kfjvbdrlq

# Reference: https://twitter.com/ScumBots/status/1035348180903321601

23ace.site

# Reference: https://twitter.com/avman1995/status/1047354322974064640

yoacafpshlcz.de

# Reference: https://twitter.com/Dashowl/status/1047924040026001409

noipppl-online.com

# Reference: https://twitter.com/James_inthe_box/status/1047907038582304768

alsafeeradvt.com/m/

# Reference: https://twitter.com/nullcookies/status/1048030992320143360

h2hphotography.com

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

faktura24.ml
przelewy24.tk

# Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888
# Reference: https://pastebin.com/raw/fLf15eVp

1drivemail.ml
aghightile.ml
atlasglb.tk
bengusi.ga
britwind.tk
capt.ga
cmfgen.cf
cpseeds.ml
dajjuooltd.ga
foodpro.cf
generationgrowth.ml
illumin8blinds.ml
inmailadmin\.(cf|ga|gq|ml|tk)$
italamp.tk
itc-co.cf
kooshkan.ml
kwangshin-co.tk
nsewyainc.ml
onedrivemail\.(cf|ga|gq|ml|tk)$
onmailadmin\.(cf|ga|gq|ml|tk)$
potoflogz.tk
premiumchemical.ga
pseaways.tk
pvtechuae.cf
rathot.ml
ritter.gq
rivonka.ga
royalgroup.ga
safetexgroup.tk
salturchltd.ga
sebbeninternational.ml
sense-eng.ml
sercer.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
utehaltd.tk
veritasoverseas.ga
vip163.cf
yuan-fa.tk

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0)

q0fpkblizxfe1l.com

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Win.Malware.Razy-6703914-0)

extreme33.dns1.us
mdformo.ddns.net
mdformo1.ddns.net

# Reference: https://twitter.com/ViriBack/status/950478648150282240

0m0.in

# Reference: https://twitter.com/FewAtoms/status/1048982479783309314

capt.ga
italamp.tk
nsewyainc.ml
sense-eng.ml
sercer.tk

# Reference: https://twitter.com/FewAtoms/status/1048978792931368960

britwind.tk
dajjuooltd.ga
illumin8blinds.ml
kooshkan.ml
potoflogz.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
veritasoverseas.ga
vip163.cf

# Reference: https://twitter.com/James_inthe_box/status/1049445992808890369

viswavsp.com/newworld/

# Reference: https://twitter.com/malware_traffic/status/1049407739619880961

23.249.161.109/extrum/

# Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264

readyteam.org

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

guarana.pw
marryjane.club
names34.top
safi.co.za

# Reference: https://twitter.com/nullcookies/status/1050907886392623104

dirajrakhbhae.com

# Reference: https://twitter.com/FewAtoms/status/1050457033810558976

akznqw.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448

wemusthammer.com

# Reference: https://twitter.com/FewAtoms/status/1051099620020035585

msmapparelsourcing.com/directory/
msmapparelsourcing.com/wp-admin/users/

# Reference: https://twitter.com/nullcookies/status/1051321548634804226 

ghrelokamkaj.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560

globamachines.com

# Reference: https://twitter.com/FewAtoms/status/1050802529498525697

plus1interactive.com/bots/

# Reference: https://twitter.com/James_inthe_box/status/1050762064665309185

my.mixtape.moe

# Reference: https://twitter.com/olihough86/status/1050722705740304384

www.wheelnet.ca

# Reference: https://twitter.com/ximo2006/status/1050331166597758976

93.174.93.149:21

# Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service

hard-grooves.com
hellonwheelsthemovie.com
miamirecyclecenters.com

# Reference: https://twitter.com/nullcookies/status/1051244629704740865

daduhinnawmaz.com

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

datingittlive.info

# Reference: https://twitter.com/nullcookies/status/1030243288677277696

mayorel.website

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

osdsoft.com

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

faktura24.cf
przelewy24.ml

# Reference: https://twitter.com/MaelSecurity/status/1051900926078922753

adobe-reader.site

# Reference: https://twitter.com/avman1995/status/1052023584187719680

elektroklinika.pl/wp-content/languages/plugins/includes/

# Reference: https://twitter.com/ulexec/status/1051959861964169217

alprazolam.rip

# Reference: https://twitter.com/nullcookies/status/1052339217056129026

grafmx.com

# Reference: https://twitter.com/olihough86/status/1052607058883870720

yootbe.org

# Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329

holisticxox.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

cuezo.tk

# Reference: https://twitter.com/avman1995/status/1052879462449274880

ondasolution.ga

# Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382
# Reference: https://pastebin.com/raw/v7XN8dZS

alfredbusinessltd.flu.cc
citytrading.usa.cc

# Reference: https://twitter.com/FewAtoms/status/1053365757197860864

hnmseminar.aamraresources.com/dotcom/

# Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360

loggerz.xyz

# Reference: https://twitter.com/ViriBack/status/971430374919122944

acctspayable.com

# Reference: https://twitter.com/executemalware/status/999034066258284545

theipgenerators.com

# Reference: https://twitter.com/malware_traffic/status/1053494383708844032
# Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html

2019bracket.com
2069brackets.com
activenavy.com
adomesticworld.com
allpurplehandling.com
anilmoni.com
answermanagementgroup.com
antinomics.com
bluestarpaymentsolutions.com
boobfanclub.com
borderlands3.com
brickell100.com
bubsware.com
cactopelli.com
careercoachingbusiness.com
cclawsuit.com
cgunited.com
crosspeenpress.com
crystalhotel.com
dehionsgbes.com
dmknott.com
docswitch.com
expertsjourney.com
farminginthefloodplain.com
geziyurdu.com
gloria-glowfish.com
gnosmij.com
gokceozagar.com
greatwp.com
ieltsonlinetest.com
indiangirlsnude.com
indicasativas.com
inmotionframework.com
internationalboardingandpetservicesassociation.com
intimateimagery.com
iptechnologysolutions.com
iscanhome.com

# Reference: https://twitter.com/ps66uk/status/1053632722667794433

dWUJncxxb.sh-master02.com
qixjd277g3621166.impressoxpz97367.com

# Reference: https://twitter.com/DissectMalware/status/1042276512886599680

exxxwrtw1111111.kloudghtlp.com

# Reference: https://twitter.com/ni_fi_70/status/1053207719291879424

84.38.130.139/pk/office/

# Reference: https://twitter.com/xxdesmus/status/1053440011289280512

123.249.71.250:666
89.34.237.210/ikahedbts/

# Reference: https://twitter.com/nullcookies/status/1054185582467993600

daxiu678.com
lianyebo1.com

# Reference: https://twitter.com/FewAtoms/status/1054419759511547904

guideofgeorgia.org/doc/

# Reference: https://twitter.com/FewAtoms/status/1054762247405424642

nabato.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

davidharvill.org
hotkine.com
informanetwork.com
invasivespecies.us
lookper.eu
maleass.eu
schwerdt.org

# Reference: https://twitter.com/KorbenD_Intel/status/1054857588695683072

6cameronr.ga

# Reference: https://twitter.com/FewAtoms/status/1055149939456688133

linetrepanier.com/wp-data/

# Reference: https://twitter.com/avman1995/status/1055360237484552192

ponti-int.com/a/

# Reference: https://twitter.com/yvesago/status/1055362284569145344

84.38.130.139/pk/office/

# Reference: https://twitter.com/FewAtoms/status/1055477161577115648

192.3.162.102/out/

# Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network
# Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6

officesales2.com

# Reference: https://blog.en.elevenpaths.com/2019/01/chrome-extension-card-cybersecurity.html

fbsgang.info

# Reference: https://ti.360.net/blog/articles/upgrades-in-winrar-exploit-with-social-engineering-and-encryption/

manage-shope.com
local-update.com
conloap.linkin.tw

# Reference: https://twitter.com/blu3_team/status/1053669632438099970
# Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802

pus.inter.cloudns.cc

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

bite-me.wz.cz
jma-go.jp
mountainhigh.at
racemodel.at
thunderbolt-price.com
sungmap.at

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/

chadikaysora.com
lt99.ddns.net
http://35.227.52.26

# Reference: https://twitter.com/ScumBots/status/1094811119154356224

gxbjugb.xyz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Autoit-6877140-0)
# Reference: https://www.virustotal.com/#/file/028914f9d3455b44d9186d218874047530a367cb1d20cbc7d9b047a42faf1774/detection

kuangdl.com

# Reference: https://www.virustotal.com/#/url/0d8185a9bf6eb842a7e07758882d86a33f090d7572efd61d1b296382c2af4a7a/detection

j0mla.sytes.net

# Reference: https://news.drweb.com/show/?i=12955&c=23&lng=en&p=0
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/Trojan.Click3.27430
# Reference: https://app.any.run/tasks/0a0be637-4950-4727-bfaa-8eaa05563262

barmash.ru
dnsip.ru
dns-free.com

# Reference: https://twitter.com/ScumBots/status/1105495431864303616

flowerstick.net

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html

mokoaehaeihgiaheih.ru

# Reference: https://twitter.com/James_inthe_box/status/1106551689132138497

llkty.gq

# Reference: https://twitter.com/James_inthe_box/status/1105124840501989378

dsmbil.ml

# Reference: https://www.virustotal.com/#/domain/cloudnetwork.kz
# Reference: https://twitter.com/James_inthe_box/status/1101548458090016768

cloudnetwork.kz

# Reference: https://twitter.com/bad_packets/status/1104313051166068737

methaddict.xyz

# Reference: https://twitter.com/bad_packets/status/1090885643197009920

bulehero.in

# Reference: https://twitter.com/VK_Intel/status/1044631042454249473

mintsbox.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1107662516824535041

xqzuua1594.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1107932063209017344

/gr.mpwq

# Reference: https://twitter.com/James_inthe_box/status/1107977083123204102

brokenway.cf

# Reference: https://twitter.com/James_inthe_box/status/1108085222317289473

goldchainsblue.com
validcc.ch

# Reference: https://twitter.com/ActorExpose/status/1108113213164523521

vocational-age.000webhostapp.com

# Reference: https://twitter.com/dvk01uk/status/1108204451309981697

alta-brasiil.com

# Reference: https://twitter.com/dvk01uk/status/1106429454736388096

fast4elev.gq

# Reference: https://twitter.com/dvk01uk/status/1105718483118108672

remenelectricals.com

# Reference: https://twitter.com/dvk01uk/status/1105736132908720128

morningfresh.ga

# Reference: https://twitter.com/dvk01uk/status/1105819049831862278

chemisoli.com

# Reference: https://twitter.com/dvk01uk/status/1105437702999166976

goodlord.cf

# Reference: https://twitter.com/dvk01uk/status/1103507380892061696

evaglobal.eu

# Reference: https://twitter.com/dvk01uk/status/1103259569013305344

mamaknowyourname.gq

# Reference: https://twitter.com/dvk01uk/status/1103257149508075520

modexcommunications.eu

# Reference: https://twitter.com/dvk01uk/status/1102820682713522176

ruga.africa

# Reference: https://twitter.com/dvk01uk/status/1099697529409671168

maheshshukla.com

# Reference: https://twitter.com/dvk01uk/status/1098244837374070786

findouttheway.gq

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

etruht.ml

# Reference: https://twitter.com/dvk01uk/status/1093734309947719680

etruht.ga

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

tanerm.ug

# Reference: https://twitter.com/dvk01uk/status/1096445096306921472

xvirginieyylj.city

# Reference: https://twitter.com/dvk01uk/status/1095633303758127104

joshdghd.cf

# Reference: https://twitter.com/dvk01uk/status/1094924981971107840

geepaulcast.com

# Reference: https://twitter.com/dvk01uk/status/1092780337434947584

lightmusic.cocomet-china.com

# Reference: https://twitter.com/dvk01uk/status/1092685964743503872

imtooltest.com

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

sulphurrnills.com

# Reference: https://twitter.com/dvk01uk/status/1088391308849434629

pornhouse.mobi

# Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf

bhrserviceaps.dk

# Reference: https://twitter.com/pollo290987/status/1108393592605863940

brothersjoy.nl

# Reference: https://twitter.com/fletchsec/status/1108144401530978304

86818.prohoster.biz

# Reference: https://twitter.com/killamjr/status/1108455343816916992

quiltyfabricsorders.xyz

# Reference: https://www.virustotal.com/gui/domain/fid.hognoob.se/details
# Reference: MT heuristic (direct exe download)

fid.hognoob.se

# Reference: https://twitter.com/nao_sec/status/1108388558539087873

dogfunnyviedeos.xyz

# Reference: https://twitter.com/JayTHL/status/1108402913938935808

mansoura.co
root-mrx.tk

# Reference: https://twitter.com/Racco42/status/1107351502878842880

angel-aristizabal.com.co

# Reference: https://twitter.com/Racco42/status/1106547527334154240

thinknik.ca

# Reference: https://twitter.com/Racco42/status/1106225615705948167

ministere-elshaddai.org

# Reference: https://twitter.com/Racco42/status/1106201029127880704

tiemokodoumbia.com

# Reference: https://twitter.com/Racco42/status/1105504898525917184

mincare.vn
sharegroup.info

# Reference: https://twitter.com/Racco42/status/1102896181011795969

wearewhatwesay.com

# Reference: https://twitter.com/Racco42/status/1102869794502705152

fm.radio.googlemenow.org

# Reference: https://twitter.com/Racco42/status/1102590512228388866

handbuiltapps.com
luxdecor.co.il

# Reference: https://twitter.com/Racco42/status/1101142170663354370

loh-tech.com

# Reference: https://twitter.com/Racco42/status/1100855213668421632

oppws.cn
skity.hk

# Reference: https://twitter.com/Racco42/status/1100733716995944448

aviatorssm.bit

# Reference: https://twitter.com/Racco42/status/1098979285443006465

burcutekstil.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1108668614742368261

mkatarina7094maybelle.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1108683102187110400
# Reference: https://app.any.run/tasks/7d5fcd3a-9d57-45f4-8616-f867ee76f765

nuovilod.icu
wwikrrtt.info

# Reference: https://twitter.com/malwrhunterteam/status/1108689191326625794

bigassbabyart.com

# Reference: https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/

gxxservice.com
infestexe.com
xigncodeservice.com

# Reference: https://twitter.com/anyrun_app/status/1108695731530055680
# Reference: https://app.any.run/tasks/f9c9b7ed-ac6b-454f-86c6-8bbc7c3b8d1f

n48lxj5097.email
wyideegb.city

# Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168

brandin.nu
servicemanager.icu

# Reference: https://twitter.com/luc4m/status/1103952276132192256

splitbiin.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1100698122563567616

mi88karine.company

# Reference: https://twitter.com/avman1995/status/1094181713121558529

fpetraardella.band

# Reference: https://twitter.com/benkow_/status/1088009157733683200

uni-full.com

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

tollzwork.ru

# Reference: https://twitter.com/CryptoInsane/status/1074048007912464389

ooxxzzvv.com

# Reference: https://twitter.com/Racco42/status/1067027684906151936

pdf\-compare\.(site|space)

# Reference: https://twitter.com/benkow_/status/1057977911607783425

osxmacservice.com

# Reference: https://twitter.com/Racco42/status/1040144285453180928

emailerservo.science

# Reference: https://twitter.com/James_inthe_box/status/1108727176038236166

fnutdue.ru

# Reference: https://twitter.com/dvk01uk/status/1108706531636326400

lovliygtyu.ml

# Reference: https://twitter.com/dvk01uk/status/1108745052686307328

hytexxi.xyz

# Reference: https://twitter.com/pollo290987/status/1108755025604591622

tarhona-libya.com

# Reference: https://twitter.com/Jan0fficial/status/988318117532176384

mlhxyz.ml

# Reference: https://twitter.com/fumik0_/status/973504037999075329

win-dows.net

# Reference: https://twitter.com/dvk01uk/status/1109045863664533504

zentacher3.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1109085932949590018

u1a2zlzeuya.company

# Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480

nitb.pk-gov.org

# Reference: https://app.any.run/tasks/7dff8b86-1cff-4d38-9264-aa5a217eca0e

interruption.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1109089319871004673

r414525xw.band

# Reference: https://app.any.run/tasks/b853927b-ff78-4744-81db-789e8592bda2

realdealhouse.eu

# Reference: https://twitter.com/casual_malware/status/1107101098714656768

elec-tb.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1106579701290672129

abhicoupon.com

# Reference: https://twitter.com/JaromirHorejsi/status/1105806463468036096

awdmiami.com

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

freedomate.ga

# Reference: https://twitter.com/ViriBack/status/1093994913249853440

cocomet-china.com
naceco.com
qai-abb.com

# Reference: https://twitter.com/nullcookies/status/1029173962595598336

appgosecurity.com

# Reference: https://twitter.com/FewAtoms/status/1109119034082103298

shannai.us

# Reference: https://twitter.com/James_inthe_box/status/1109120289604931584

zjnewdan.us

# Reference: https://twitter.com/ClearskySec/status/1001833343581900800

stcinet.com
stcnet.ddns.net

# Reference: https://twitter.com/guelfoweb/status/1109103783571795970

mit-gov-it.icu

# Reference: https://twitter.com/Racco42/status/1109591919561187330

alph.staroundi.com

# Reference: https://twitter.com/FewAtoms/status/1109773299985379329

ruih.co.uk

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

oteam.io

# Reference: https://twitter.com/James_inthe_box/status/1079727395161104384

amsi.co.za

# Reference: https://twitter.com/James_inthe_box/status/1109832439700971520
# Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e

a-7763.com
davidich.life
domekan.ru
doshimotai.ru
kifge43.ru
/MatherFuckerAv.dll

# Reference: https://www.hybrid-analysis.com/sample/b0b9beba8089d5ff30d11703648b1bc2083bac677da4cdd3a9ef007dd62282b4?environmentId=100

soplifan.ru

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

gmltdprocrop.com

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

mulenrooj.adygeya.su

# Reference: https://twitter.com/avman1995/status/1090972632261029891

monstercartune.club

# Reference: https://twitter.com/dms1899/status/1070382435148447745

ph0en1x.tk

# Reference: https://twitter.com/avman1995/status/1035723902612324352

botsphere.biz

# Reference: https://twitter.com/Racco42/status/1110098645263810561

bzios.info

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-10-22: Ukrainian telcos fake domains on servers with Metasploit and Cobalt Strike)

24tv.agency
2mdns.org
a-msedge.org
ads1-msn.com
ads1-msn.net
akadns-ms.net
api-p001-1drv.com
apostrophe-news.biz
appex-bing.net
appex-bing.org
bigmir.email
blob-weather.com
cdn-onenote.net
censornews.org
client-googledns.com
cnn-metanews.biz
compatexchange-cloudapp.com
corpext-datamart.net
delometaua.biz
diagnostics-support-microsoft.net
diagnostics-support.com
dns-msftncsi.com
eizvestia-news.org
espreso.today
feedback-google.net
feedback-google.org
feedback-windows.com
feedback-windows.org
foxnewsmeta.biz
fwdcdn.org
gateway-telemetry.net
gateway-telemetry.org
gazetaua-news.org
gismeteo.city
img-s-msn-com-akamaized.net
interfax-globalnews.com
ipv4-microsoft.net
ipv4-microsoft.org
ipv6-google.net
ipv6-google.org
ipv6-microsoft.org
kyivstar-ip.com
ls2web-redmond-corp.com
microsoft-com-nsatc.org
microsoft-metaservices.com
microsoft-nsatc.org
ms-akadns.org
news-liga.net
newska-uanews.biz
nod-update.org
ns0-ukrpack.net
ns0-volia.net
ns1-datagroup.com
ns1-datagroup.org
ns1-volia.net
ns2-datagroup.com
ns2-datagroup.org
ns2-ukrtel.com
ns3-datagroup.org
ns4-datagroup.org
obozrevatel-news.com
officeclient-microsoft.com
paypal-com1.com
paypal-com2.com
pppoe-infocom.com
pppoe-kyivstar.com
pppoe-ukrtel.com
preview-msn.org
redir-metaservices.com
redir-metaservices.org
reports-telemetry-microsoft.com
rian-ua.org
sandbox-cloudapp.com
sandbox-cloudapp.org
search-msn.net
search-msn.org
secure-telemetry.net
secure-telemetry.org
securenod32.com
segodnya-news.org
services-glbdns2.com
services-glbdns2.org
services-google.org
serving-sys-windows.net
serving-windows.net
social-msn.net
social-msn.org
ssw-live.org
statototalitario.com
support-cloudapp.net
support-microsoft.biz
telecommand-microsoft.net
telecommand-microsoft.org
telegraf-news.biz
telemetry-akadns.org
uatimes-meta.biz
ubr-news.org
ui-skype.net
ukrfreshnews.com
unian-search.com
urs-microsoft.net
watson-microsoft.org
win-msecnd.com
win-msecnd.org
win10-telemetry.net

# Reference: https://twitter.com/James_inthe_box/status/1056920457218125826

mypanell.online

# Reference: https://twitter.com/Racco42/status/1029986121286074369

atcproje.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1110147918995091457
# Reference: https://app.any.run/tasks/8e80d6b5-507a-40ab-98bd-2dfd73d313ab

klub046.co

# Reference: https://twitter.com/Racco42/status/1110160140962066432

zaczvk.pl

# Reference: https://twitter.com/Racco42/status/1110170198005436417
# Reference: https://app.any.run/tasks/30775d98-c3a7-4de0-b4e1-5ae6db7fece9

space.bajamelide.ch

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

zabenkot.top

# Reference: https://twitter.com/angel11VR/status/1109075153114279936
# Reference: https://app.any.run/tasks/37b99bb8-a81b-4298-bc78-b19ecc0adb0f

185.25.50.168:4444

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

89.105.202.62:1080

# Reference: https://twitter.com/James_inthe_box/status/1110196027338817538

erimbil.ml

# Reference: https://twitter.com/ScumBots/status/1110265736029712384

safetimes.biz

# Reference: https://twitter.com/ScumBots/status/1110265564428226565

wite.biz

# Reference: https://twitter.com/ScumBots/status/1110265483264167939

s3rpfish.biz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Autoit-6897734-0)

charlesprofile.website

# Reference: https://twitter.com/Racco42/status/1110450502087725057

kozol.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1110470611137114112

fubuy60w.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1110533916279128071

24forejungl.site

# Reference: https://twitter.com/James_inthe_box/status/1110563590950445056

lattempted.pw

# Reference: https://twitter.com/James_inthe_box/status/1110560151977623552

conamylups.com

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/avman1995/status/951077991966064640

itgpll.com

# Reference: https://twitter.com/ViriBack/status/950469147976257536

m3ss4g3rtesla.com

# Reference: https://twitter.com/ViriBack/status/950354442917990400

dominica2.com

# Reference: https://twitter.com/cocaman/status/909339498445705216

iemnnyanmar.com

# Reference: https://twitter.com/58_158_177_102/status/1110814561500708864

onbraker.com
podertan.com

# Reference: https://twitter.com/Racco42/status/1110844776075706368

zolik.info

# Reference: https://twitter.com/ClearskySec/status/1110941180106366976

/D2_de2o@sp0/

# Reference: https://twitter.com/ClearskySec/status/1062026777604820994

disw.top
jobk.info
ktis.club
kotb.top
lupx.info

# Reference: https://twitter.com/Racco42/status/1111189949712420864

armasglass.com

# Reference: https://twitter.com/dvk01uk/status/1111218416227102720

babamaturu.cf

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1111223066137448449

bambamdumer.ml
kodjdsjsdjf.tk
lookatmenaaaa.tk

# Reference: https://twitter.com/ps66uk/status/1111309717664604162

poperjffd.gq
zentacher.cf

# Reference: https://otx.alienvault.com/pulse/5c9d13987ec3ed127b3175a5

crypt24.in
clean.crypt24.in
zani.streghettaincucina.com
midgnighcrypt.com
yinhbygrm.com
4uland.com
favoritfile.in
img.martatovaglieri.com

# Reference: https://twitter.com/James_inthe_box/status/1111371723092299776

edjsqvg.ua

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/JayTHL/status/1111497469937045504

brynn.ink

# Reference: https://twitter.com/DissectMalware/status/1111511953061621760

onbraker.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623245965545473

justpony.xyz
warezpony.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623824695611392

myloki.icu

# Reference: https://twitter.com/ViriBack/status/1111646690233192449

pamthasion.pw

# Reference: https://twitter.com/Racco42/status/1111651759276072961

zerio.info

# Reference: https://twitter.com/James_inthe_box/status/1111666754604789760

recordsforsmssent.xyz

# Reference: https://twitter.com/ViriBack/status/1067995331810549760

oceanicproducts.eu
jesseworld.eu
modexdeals.xyz
modecloudserver.eu

# Reference: https://twitter.com/ekamioka/status/1111658931624001540

edzz.la
nanowopsite.club

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-16: New Order PO)

/buchi/i/fred.php

# Reference: https://twitter.com/ViriBack/status/971430374919122944

carolp1.xyz

# Reference: https://twitter.com/malware_traffic/status/1111049259305046016

ultimateyahoo.top

# Reference: https://twitter.com/jfslowik/status/1112010565742788609

download-updates-comp.com
get-updates-ms.com

# Reference: https://twitter.com/benkow_/status/1112046921303113729

gcleaner.info

# Reference: https://twitter.com/ps66uk/status/1112172657729044480

00399a4.netsolhost.com

# Reference: https://twitter.com/Racco42/status/1112623595459612673

zesis.info

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

not-my-guilty.com
onlinedattingforlife.info
russkistandart.info

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

datingforllives.info

# Reference: https://twitter.com/malwrhunterteam/status/1112969094322683904

danhuaile.net

# Reference: https://twitter.com/packet_Wire/status/1112802915650027520

ordernow.cf

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
rivier.at

# Reference: https://twitter.com/KorbenD_Intel/status/1113151983030943744

vilamax.home.pl
# Reference: https://twitter.com/James_inthe_box/status/1113114356714168321

bluewales.ml
worldatdoor.in

# Reference: https://twitter.com/albertzsigovits/status/1113096573284728839

powellpablooo.myjino.ru
fnsss77.ru
darbl.icu

# Reference: https://twitter.com/illegalFawn/status/1113336529433374721

4fallingstar.info
esurf.info
childrensliving.com

# Reference: https://twitter.com/malware_traffic/status/1113586907655680001

tytalrecoverysolutions.com
zakromanoff.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113747351405985792

bobbobb1z.com

# Reference: https://twitter.com/dvk01uk/status/1094130931596701696

liqurestore.cf

# Reference: https://twitter.com/benkow_/status/1090564148184924160

dfgdfgghjghfshfgh.ru

# Reference: https://twitter.com/JayTHL/status/1036810959644438528

dvpont.com
itwsaelants.com
kmnnl.com
tekinkgroup.com

# Reference: https://twitter.com/James_inthe_box/status/1113888371204472832

smart.cloudnetwork.kz
nicru.supermicrotransapi.ru
mel.cloudcontentsmak.com
js.securetopdevelopment.kz
secure.jsc0nten1maker.com
secure.jscontentmaker.kz
tel.jsapisettings.kz

# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
top.sineadholly.com

# Reference: https://twitter.com/K_N1kolenko/status/1113818032248430593

waorveled.com
hegutceper.ru
dintroprula.ru

# Reference: https://twitter.com/takerk734/status/1113851637292920832

artdefensive.com

# Reference: https://twitter.com/takerk734/status/1113852021579206658

ceaningthe.com
hosttrade.ru
letsdoitquick.site

# Reference: https://twitter.com/Racco42/status/1114080917402861568

pasios.info

# Reference: https://www.bromium.com/mapping-malware-distribution-network/
# Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58

l-jaxx.com
monkeyinferno.net

# Reference: https://twitter.com/smica83/status/1114099330628096000

echuhnova.digital

# Reference: https://twitter.com/smica83/status/1114101564648689664

daidaowu.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1114103736731951104

vip-163.cc

# Reference: https://twitter.com/Bank_Security/status/1114122727080771585

g53lois51bruce.company

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

11totalzaelooop11.club

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Autoit-6919193-0)

jfnutts.com
jamesxx.dynu.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Vobfus-6919817-0)

backdates[0-9]{1,2}\.(com|net)

# Reference: https://imgur.com/a/8mFGk
# Reference: https://otx.alienvault.com/pulse/5a49115f93199b171b90a212

conectionapis.com

# Reference: https://twitter.com/JayTHL/status/1115077956781715456
# Reference: https://pastebin.com/raw/HggkKKVu

awazpeople25.com.pl
awazpeople25.net.pl
awazpeople25.pl
awazpeople25.waw.pl
e-helpingcenterxg.pl
egalleryimagesas.pl
ehelpingcentervh.pl
estoremkg.pl
everificationaccountls.pl
galleryimagesas.com.pl
galleryimagesas.net.pl
galleryimagesas.pl
galleryimagesas.waw.pl
helpingcentervh.com.pl
helpingcentervh.net.pl
helpingcentervh.pl
helpingcentervh.waw.pl
helpingcenterxg.com.pl
helpingcenterxg.net.pl
helpingcenterxg.pl
helpingcenterxg.waw.pl
hypemediahdy.com.pl
hypemediahdy.net.pl
hypemediahdy.pl
hypemediahdy.waw.pl
i-awazpeople25.pl
i-mzenjdfu.pl
ihypemediahdy.pl
make-upvalleyusastoread.pl
mzenjdfu.com.pl
mzenjdfu.pl
mzenjdfu.waw.pl
storemkg.com.pl
storemkg.net.pl
storemkg.pl
storemkg.waw.pl
verificationaccountls.com.pl
verificationaccountls.net.pl
verificationaccountls.pl
verificationaccountls.waw.pl

# Reference: https://twitter.com/smica83/status/1115174343288545280

etechnocrat.us

# Reference: https://twitter.com/Racco42/status/1115216282670989313

hallos.info

# Reference: https://twitter.com/MisterCh0c/status/1115001122673102848

yolodice.icu

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

vapeegy.com

# Reference: https://twitter.com/Racco42/status/1115259915877146625

e-mailupgrade.com

# Reference: https://twitter.com/malwrhunterteam/status/1115289020421025792

bestpage1.com

# Reference: https://twitter.com/BroadAnalysis/status/731653488443305985

khamsanphukhoa.com.vn

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

gingerandcoblog.com

# Reference: https://twitter.com/illegalFawn/status/1115537607256150016

logger-keyz.tk

# Reference: https://twitter.com/Artilllerie/status/1115556048243437568

subby.xyz

# Reference: https://twitter.com/James_inthe_box/status/1115591879586795521

hot-mail.online

# Reference: https://twitter.com/slayersecurity/status/1115599512758697984

bobbobb1z.com

# Reference: https://twitter.com/pollo290987/status/1115613838689341440

nicholaspring.xyz

# Reference: https://twitter.com/slayersecurity/status/1115902366686031878

klis.icu
notz.icu
qgb.us
shortener.icu
shortit.icu
zvb.us

# Reference: https://twitter.com/JAMESWT_MHT/status/1115926996582830081

nemelyu871.info
s1591e46.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1115928599792640000

instant-payments.ru

# Reference: https://twitter.com/makflwana/status/1115953092090941440

vman23.com

# Reference: https://twitter.com/x42x5a/status/1115980225127571456

freelim.cf

# Reference: https://app.any.run/tasks/34e6fb84-9c9f-4839-8c08-a2db34280b72

younglybae.tk

# Reference: https://twitter.com/KorbenD_Intel/status/1115987185206013953

b02aee36.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1116302275335475201

a.uchi.moe

# Reference: https://twitter.com/tkanalyst/status/1116370690444124160

adpop.xyz

# Reference: https://twitter.com/58_158_177_102/status/1116608652985585670

aupa.xyz
azedizayn.com
aussiescanners.com
fumicolcali.com
sundarbonit.com

# Reference: https://twitter.com/Racco42/status/1116787155710500866

yassra.com

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://www.virustotal.com/gui/domain/appboxlive.host/relations

appboxlive.host

# Reference: https://twitter.com/JAMESWT_MHT/status/1095672902232477697

cytotan.xyz
fatando.pw
srv18427.microhost.com.pl

# Reference: https://twitter.com/devnullek/status/1073159905480183808

favbaby.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

ahgsuy3829.top
best-remit.com
hybypi.xyz
nerdcommunity.top
reballancefreestyle.win

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

chebersto.com
chelkibot.com
jejefolso.com
kalambint.com
karachark.com
kerukiron.com
kurtillon.com
markrelso.com
nintedrer.com
reregaton.com

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

arabicdessert.co
prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

badbigbearr.com
bearbigger.top
beargrizzler.win
dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

lowashemterle.top
yfyke.xyz

# Reference: https://twitter.com/x42x5a/status/1117697750886428672

ahsantiago.pt

# Reference: https://twitter.com/dvk01uk/status/1117752424331190273

licenses-renewal.com

# Reference: https://twitter.com/killamjr/status/1117776513288503296
# Reference: https://www.virustotal.com/gui/domain/netlux.in/relations
# Reference: https://www.virustotal.com/gui/domain/vitalmania.eu/relations

netlux.in
vitalmania.eu

# Reference: https://twitter.com/FewAtoms/status/952884418733072384

gg.usdipc.com

# Reference: https://twitter.com/DynamicAnalysis/status/1117833770332303365

ridihaagroup.com

# Reference: https://twitter.com/FewAtoms/status/1117824449670209536

annaviyar.com

# Reference: https://twitter.com/malware_traffic/status/1117811800395767808

shahkara.com.tr

# Reference: https://twitter.com/HONKONE_K/status/1118035160362913792

new2019.mine.nu

# Reference: https://twitter.com/JAMESWT_MHT/status/1118102912549433345

fineiksus.com

# Reference: https://cofense.com/latest-software-functionality-abuse-url-internet-shortcut-files-abused-deliver-malware/

buyviagraoverthecounterusabb.net

# Reference: https://twitter.com/James_inthe_box/status/1118146373361078272

tshukwasolar.com

# Reference: https://twitter.com/Racco42/status/1118476901876674561

vreau-relatie.eu

# Reference: https://twitter.com/FewAtoms/status/1118588045312368641

http://188.209.52.180

# Reference: https://twitter.com/FewAtoms/status/1118893063219372034

krosnovunderground.se

# Reference: https://twitter.com/ViriBack/status/1119019674006687744

deuor.info/index.php

# Reference: https://twitter.com/ActorExpose/status/1118914631609794561

kulsofttech.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

plenoils.com
sharedrive.top
alkzonobel.com
web2prox.com
webxpo.us
office.webxpo.us
sunny-displays.com
modernizingforeignassistance.net

# Reference: https://twitter.com/malware_traffic/status/1119021844416405504

sunmeter.eu

# Reference: https://twitter.com/ViriBack/status/1119592527106072576

http://185.79.156.15

# Reference: https://twitter.com/James_inthe_box/status/1119758368858468352

gbchb.com

# Reference: https://twitter.com/pancak3lullz/status/1117825748583243776

esko7.cf

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

benelll.com

# Reference: https://twitter.com/pancak3lullz/status/1085189158866378754

liftocean.us

# Reference: https://twitter.com/The_d0c_T0R/status/1120184484312354816

bbkac.com

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

get.extra-files.com

# Reference: https://twitter.com/malwrhunterteam/status/1120969169233690624

187.ip-54-36-162.eu

# Reference: https://twitter.com/devnullek/status/1120708504619290624

news-medias.ru

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

icbegypt.com

# Reference: https://twitter.com/makflwana/status/1121063810289238018

newfield-us.info

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

alspi.cf

# Reference: https://twitter.com/smii_mondher/status/962702751762468866

centropesquisabit.com.br

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

baldorclip.icu

# Reference: https://twitter.com/malwrhunterteam/status/1121095736299597824

geraldgore.com/news/

# Reference: https://twitter.com/malware_traffic/status/1121097028426194944

iblservicosonline.com

# Reference: https://twitter.com/MisterCh0c/status/1121125682032119808

noda-8879.cf

# Reference: https://twitter.com/malware_traffic/status/1061039473448734722

po0o0o0o.com

# Reference: https://twitter.com/coldshell/status/936173677854580736
# Reference: https://pastebin.com/9JfkQ1FX 

accessyouraudience.com
alucmuhendislik.com
awholeblueworld.com
bit-chasers.com
datenhaus.info
hexacam.com
mh-service.ru

# Reference: https://twitter.com/coldshell/status/936588497216995328
# Reference: https://pastebin.com/LRTA7NSn

basedow-bilder.de
centralbaptistchurchnj.org
highlandfamily.org
motifahsap.com
pdj.co.id
pragmaticinquiry.org
schwellenwertdaten.de
shamanic-extracts.biz
team-bobcat.org
troyriser.com

# Reference: https://twitter.com/coldshell/status/894908561855307776
# Reference: https://pastebin.com/dZXyvmvL

adelaidemotorshow.com.au
apositive.be
autoecoleathena.com
autoecoleboisdesroches.com
autoecoledufrene.com
beansviolins.com
cipemiliaromagna.cateterismo.it
firstonetelecom.com
fly2.com.tw
harristeavn.com
heathrowestudios.com
hydronetinfo.com
melting-potes.com
microsom.com
modemagazine.net
new.intranet.wem.fr
patrickreeves.com
potamitis.gr
rosascomendador.com
scoot-mail.net
sixty-six.org
telesolutionsconsultants.com
trombositting.org

# Reference: https://twitter.com/tmmalanalyst/status/891998398462566400

luczki.pl

# Reference: https://twitter.com/x42x5a/status/1121702655464751104

payeer-coin.icu

# Reference: https://twitter.com/FewAtoms/status/1121751424096845831

http://216.170.120.137

# Reference: https://twitter.com/JAMESWT_MHT/status/1121755894511960064
# Reference: https://app.any.run/tasks/c18ca904-42a7-4cda-89ca-8960f38ff406

gcleaner.info
melbettyge.top
refpagdcmr.top
salosvodkoi.ru

# Reference: https://twitter.com/FewAtoms/status/1121780178676527104
# Reference: https://twitter.com/FewAtoms/status/1121096964869959682

http://80.82.66.58

# Reference: https://twitter.com/neonprimetime/status/1121800377727426561

hlggregoriazl.xyz

# Reference: https://twitter.com/QuaestioQuestio/status/1121777747834155012

gatiropimonita.website
updateservice.work

# Reference: https://twitter.com/x42x5a/status/1122096731800375296

fin18.org

# Reference: https://twitter.com/slayersecurity/status/1122137824076148736

basaso.mobi
dpyfo.mobi
enchanted.mobi
ghtc.mobi
hfik.mobi
mobisad.mobi
nefal.mobi
nkdyo.xyz
professional.mobi
rhggy.mobi

# Reference: https://twitter.com/DbgShell/status/1121583280145543168

http://84.200.43.124

# Reference: https://twitter.com/jpcert_ac/status/1121701529847603202

officecrack.gi2.cc

# Reference: https://twitter.com/ViriBack/status/1122527363772887044

90551.prohoster.biz

# Reference: https://twitter.com/hexlax/status/988881472403763200

untorsnot.in

# Reference: https://twitter.com/0x13fdb33f/status/1122544651628576768
# Reference: https://www.kernelmode.info/forum/viewtopic.php?p=32871
# Reference: https://otx.alienvault.com/pulse/5cc6ca1e69cc6cfee80974a7

fusu.icu
keke.icu
letask.me
luru.icu
qoqo.icu
susu.icu
zqfgy.app

# Reference: https://twitter.com/dvk01uk/status/1122803607269773312

findrew.gq

# Reference: https://twitter.com/makflwana/status/1122818381856555010

http://91.243.83.154

# Reference: https://twitter.com/James_inthe_box/status/1122861244023656453

anticcolonial.cf

# Reference: https://twitter.com/x42x5a/status/1122863171222560768

h-drums.cf

# Reference: https://twitter.com/dvk01uk/status/1122702052482846720

ayakkokulari.com

# Reference: https://twitter.com/ScumBots/status/1122874459432599555

s0ft3r.ru

# Reference: https://twitter.com/Racco42/status/1122966809924329472

iceslyt.ru

# Reference: https://twitter.com/Sm0k10/status/1123018192228626443

quo75fbm.club

# Reference: https://twitter.com/dave_daves/status/1123143230852358145

mail-tools.info

# Reference: https://twitter.com/JaromirHorejsi/status/1095328020028628992

nim3.xyz

# Reference: https://twitter.com/FewAtoms/status/1123154922562678784

http://23.249.163.113

# Reference: https://twitter.com/avman1995/status/1035033720489734145

kangnaterayna.com

# Reference: https://twitter.com/x42x5a/status/1123191255679291392

sellingproducts.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123209767135141889

cliniquevoyage.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123214806251646977
# Reference: https://www.virustotal.com/gui/domain/digital-studio.org/details
# Reference: https://app.any.run/tasks/27874df0-5ed8-469e-8a53-0741bb8fca58

digital-studio.org

# Reference: https://twitter.com/siri_urz/status/1123212324385513472

http://92.63.197.153

# Reference: https://twitter.com/x42x5a/status/1123250026883497985

lovemepls.com

# Reference: https://twitter.com/malwrhunterteam/status/1123262864029040641

nathanklebe.com

# Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

http://188.166.74.218
http://45.55.211.79

# Reference: https://twitter.com/makflwana/status/1123465749027225600

http://5.188.231.210

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

auzonet.net

# Reference: https://twitter.com/FewAtoms/status/1123563237084024832

http://155.138.134.133

# Reference: https://twitter.com/ScumBots/status/1122705081953132549

bitwhites.top

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834

frameupds.info

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976

hbr0.icu

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

teleduck.de
zaremedspa.com

# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

individualkipitera.site
individualkipitera24.site
intimorg.xyz
prostitutkivoronezha24.bid
prostitutkiyaroslavlya76.men
prostitutkisoy.com
prostitutki-adlera.xyz
prostitutki-sterlitamaka.xyz
prostitutki-vologdy.xyz
prostitutki-tomska.xyz
prostitutkisochi24.xyz
prostitutki-magnitogorska.xyz
prostitutki-tveri.xyz
prostitutki-kaliningrada.xyz
prostitutki.soy
prostitutkimoskvy.surf
prostitutkiyaroslavlya.xyz
prostitutki-surguta.xyz
prostitutki-izhevska.xyz
prostitutki-permi.xyz
prostitutkikazani.xyz
prostitutkikrasnoyarska.xyz
prostitutkiomska.xyz
prostitutkirostova.xyz
prostitutkiufy.xyz
prostitutkivoronezha.xyz
prostitutki-arhangelska.xyz
prostitutki-biyska.xyz
prostitutki-taganroga.xyz
prostitutki-tambova.xyz
prostitutkipitera.soy
prostitutkivologdy.win

# Reference: https://twitter.com/JayTHL/status/1123591741347704832

92.222.151.63:36437

# Reference: https://twitter.com/JayTHL/status/1123829087913508865

leon-l-atkinson.club

# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

vman23.com

# Reference: https://otx.alienvault.com/pulse/5ccab2b0769cdc85663c84b9

747f9d59.ngrok.io

# Reference: https://twitter.com/x42x5a/status/1123914216665174016
# Reference: https://twitter.com/JAMESWT_MHT/status/1126420676427096065

ccleaner.host
ccleaner.top

# Reference: https://twitter.com/Racco42/status/1123953925831446529

41.231.120.138:7700
http://4more5.67.14.61

# Reference: https://twitter.com/Racco42/status/1123974086970019840

fjlryd.com

# Reference: https://twitter.com/drok3r/status/1124018831444385794

http://185.79.156.23

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

a-7763.com

# Reference: https://twitter.com/SickPeaSec/status/1124078107617574912

http://42.51.65.7

# Reference: https://www.virustotal.com/gui/domain/heheda.tk/relations

heheda.tk

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Tovkater-6956309-0)

dicier.ru
triobol.ru
walforder.ru

# Reference: https://twitter.com/TheMan___TheMan/status/1124526444955295744

http://3.14.6.4

# Reference: https://twitter.com/slayersecurity/status/1124605083554078720

ckssplcom.ga

# Reference: https://twitter.com/FewAtoms/status/1124624471548149761

megaklik.top

# Reference: https://twitter.com/James_inthe_box/status/1124634464447950848

hamriadhurai1.com

# Reference: https://twitter.com/James_inthe_box/status/1124648077627838465

http://106.13.96.196

# Reference: https://twitter.com/VK_Intel/status/1124826957764603905

ghostru.biz

# Reference: https://twitter.com/ViriBack/status/1125145578638389248

umc-tech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (#Win.Malware.Shadowbrokers-6958490-0)
# Reference: https://www.virustotal.com/gui/domain/sex.kuai-go.com/relations

teetah.com
thmqyo.com
iadaef.com
yvyqyr.com
yyhhwt.com
yoiupy.com
abvyoh.com
evoyci.com
nzooyn.com
niulzo.com
meadgz.com
yxpwly.com
cberyk.com
xuvvie.com
nfgesv.com
rjodmz.com
ygjuju.com
iauany.com
zopkpn.com
ubnuov.com
kroqzu.com
uxmaie.com

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1125358634979012613

polaroil.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1125388900862767105

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/pmelson/status/1125070087218659330

anyconnect.stream
bigip.stream
fortiweb.download
kaspersky.science
microtik.stream
owa365.bid
symanteclive.download
windowsdefender.win

# Reference: https://twitter.com/angel11VR/status/1125765188370731009
# Reference: https://app.any.run/tasks/8bee6450-d92c-4a21-8b8e-6dbec1e777e5

joeing2.duckdns.org

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

neperepahano.top

# Reference: https://twitter.com/Jan0fficial/status/1093123191504031746

scanjet.tk

# Reference: https://twitter.com/P3pperP0tts/status/979416398932905985

mdolk.ru

# Reference: https://twitter.com/P3pperP0tts/status/980426489802960897

ponysolution.tk

# Reference: https://twitter.com/x0rz/status/763396946371436544

andmabi.com
redidfe.ru
undwohed.ru

# Reference: https://twitter.com/hexlax/status/740548297723678720

cussocarve.net

# Reference: https://twitter.com/hexlax/status/777967707601895424

tortonrcommt.pw

# Reference: https://twitter.com/hexlax/status/905947662595366913

detrogoldenmayer.com

# Reference: https://twitter.com/teoseller/status/674601023076462596

beamtech-tw.com

# Reference: https://twitter.com/teoseller/status/790919712909697024

zjibingfeng.com

# Reference: https://twitter.com/hexlax/status/803324541858627584

ru-id21387192837.com

# Reference: https://twitter.com/bomccss/status/1125902307030265856

donersonma.com

# Reference: https://twitter.com/executemalware/status/1125818675519459328

58.218.66.168:32221

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

samuelkerns.com

# Reference: https://www.virustotal.com/gui/ip-address/90.103.111.117/relations

iamahackeur.servehttp.com
jesuisunhackeur.servehttp.com

# Reference: https://twitter.com/papa_anniekey/status/1090808731393155072

kuroekoyamato.com
kuronekoyamao.com

# Reference: https://twitter.com/051R15/status/984704059109093382

jcgloball.org

# Reference: https://twitter.com/dvk01uk/status/1126064949212721152

carlostevez.ga
carlostevez.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1126109441651245057
# Reference: https://app.any.run/tasks/004e0cf9-8b5c-41eb-a7af-d048dcb80608

green.nogel.tech
safa.205dundas.com
ssw.138front.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/

link.fivetier.com

# Reference: https://twitter.com/MisterCh0c/status/1126214464334979074

ftp://computernewb.ml

# Reference: https://twitter.com/VirITeXplorer/status/1126382269646741505

zuisarch.top

# Reference: https://twitter.com/x42x5a/status/1126402234676404225

abscete.info
fopstudios.com

# Reference: https://twitter.com/x42x5a/status/1126395015566102528

bluedahab.ga

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

effe-erre.es
sigaingegneria.com

# Reference: https://twitter.com/JayTHL/status/1126254567568695301

fuckchriscollingsworth.com

# Reference: https://twitter.com/DissectMalware/status/1126384963497205762

http://51.89.0.134

# Reference: https://otx.alienvault.com/pulse/5cd3f89df12b501c477a6fba

vision2030.cf
vision2030.tk

# Reference: https://twitter.com/malwrhunterteam/status/1126438072047099905
# Reference: https://twitter.com/malwrhunterteam/status/1126443181879459842
# Reference: https://twitter.com/malwrhunterteam/status/1126450000425361408

abidefr.com
ambertut.com
profile.sandoct.com
sagdao.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126435324530503680

binnatto.de
megaklik.top
uzocoms.eu
venzatechi.online

# Reference: https://twitter.com/ActorExpose/status/1126448541637984256

can25.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126476203253280773

ezeada.site

# Reference: https://twitter.com/James_inthe_box/status/1126487574317490179

aotiahua.com

# Reference: https://twitter.com/James_inthe_box/status/1126590019269840896

farmfit.ru

# Reference: https://twitter.com/dvk01uk/status/1126726101055574016

xzhch.ml

# Reference: https://app.any.run/tasks/b9d22ade-b917-421b-a117-e514d56fefd5
# Reference: https://www.virustotal.com/gui/domain/ndtst.com/details

ndtst.com

# Reference: https://twitter.com/dvk01uk/status/1121281997643636736
# Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf

nxgenbiz.us

# Reference: https://twitter.com/dvk01uk/status/1118559250471628800

terryhill.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1126803185753047040

gcleaner.info

# Reference: https://twitter.com/malwrhunterteam/status/1126808002986639361

rapport.lcto.lu

# Reference: https://twitter.com/x42x5a/status/1126832160936214529

soksanhotels.com

# Reference: https://twitter.com/dave_daves/status/1126840642485784576

mecharniser.com

# Reference: https://twitter.com/James_inthe_box/status/1126846840060571648

vasinvestment.tk

# Reference: https://twitter.com/ViriBack/status/1126992620310470656

iujoaqstqiywertgpu.club

# Reference: https://twitter.com/ViriBack/status/1127224259837878273

phumyhunggiatot.com

# Reference: https://twitter.com/daphiel/status/1123927542149328896

blanki-shabloni24.ru
ezstat.ru
icq.chatovod.info
medialeaks.icu
superjob.icu
women-history.me

# Reference: https://twitter.com/malware_traffic/status/810966197881671680
# Reference: http://malware-traffic-analysis.net/2016/12/19/index.html

talhanterbutres.top
srugbah.com

# Reference: https://twitter.com/pancak3lullz/status/1022845906041929728

asterixenergy.in

# Reference: https://twitter.com/pancak3lullz/status/746337709774430208

camera-test.hi2.ro
summerr554fox.su

# Reference: https://twitter.com/FewAtoms/status/1127531654019334144

222.187.238.16:2020

# Reference: https://twitter.com/ActorExpose/status/1127565211832135681

webarconet.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1127927901725306881

rabbitscafenyc.com
rerplan.tk
ttreface.tk

# Reference: https://twitter.com/malware_traffic/status/1128019457966735360

dhlexpress.club

# Reference: https://twitter.com/ActorExpose/status/1128018026673131521

double-minded-elect.000webhostapp.com

# Reference: https://twitter.com/ActorExpose/status/1128004155673542657

ryselis.xyz

# Reference: https://twitter.com/ActorExpose/status/1128017378518892544

aquilesarocaltda.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1128214459334500353

sonofgraceoffice.website

# Reference: https://twitter.com/dvk01uk/status/1128239904402694144

modipond.gq

# Reference: https://twitter.com/dvk01uk/status/1128286894553489408

terryhill.top

# Reference: https://twitter.com/JayTHL/status/1128405725888307200

maketheswitch.ca

# Reference: https://twitter.com/58_158_177_102/status/1128310206327283713

mondayis.info

# Reference: https://twitter.com/virusbtn/status/1128556881079930881

ezinebachelor.top

# Reference: https://twitter.com/ViriBack/status/1128828811796242433

187.ip-54-36-162.eu

# Reference: https://twitter.com/Racco42/status/1128955163023171584

myscs.ca

# Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232

ybtvmt.info

# Reference: https://twitter.com/x42x5a/status/1128995801286492162

tandf.xyz

# Reference: https://twitter.com/pancak3lullz/status/1129392247924035584

brsystem1000k33.com

# Reference: https://twitter.com/James_inthe_box/status/1129452679250321408

officeboss.xyz

# Reference: https://app.any.run/tasks/4a96e0a9-8b6a-46ac-8e31-5d7d6a417720/

asnkar.me

# Reference: https://twitter.com/dave_daves/status/1129401061696036864

http://13.58.74.46

# Reference: https://twitter.com/James_inthe_box/status/1129514888148086784

botonbot.net
ruit.live

# Reference: https://twitter.com/malware_traffic/status/1129758980585283584

alimstores.com

# Reference: https://twitter.com/Jouliok/status/1129662977664274432

microsoft-products.com
228276216.net

# Reference: https://twitter.com/ActorExpose/status/1130119521770102791

thenewsystemsetup.online

# Reference: https://www.virustotal.com/gui/url/a23b74470167c11d15f0ece4f0859c10f411a21f895836a7df383a87ce857930/detection

android-fanatics.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130401062710648832
# Reference: https://app.any.run/tasks/e4f79fa5-1908-4791-8e49-bd966a4ff139/

maso.at

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclick.live

# Reference: https://twitter.com/dave_daves/status/1130465690740232193

gdres.tk

# Reference: https://twitter.com/FewAtoms/status/1130496077759746050

mnsoorysoemsystems.com

# Reference: https://twitter.com/James_inthe_box/status/1130541505356095488
# Reference: https://pastebin.com/LFHR1XX1

absentselection.icu
chargement-pro.icu
commande.icu
commandeapp.icu
commandehq.icu
commandehub.icu
commandelabs.icu
continentaltourist.icu
document-joint.icu
documentpro.icu
emaillabs.icu
emailly.icu
opencommande.icu
proapp.icu
prohq.icu
standardpopulation.icu

# Reference: https://twitter.com/ActorExpose/status/1130199745287413760

mywegsite.com

# Reference: https://twitter.com/dvk01uk/status/1130735131793207296

handuruz.cf
handuruz.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304

office365-cloud5.com
office365-cloud5.space

# Reference: https://twitter.com/ViriBack/status/1130814960517427201

carsitxal.tk

# Reference: https://twitter.com/James_inthe_box/status/1130882574853632002

http://82.221.139.139

# Reference: https://twitter.com/ViriBack/status/1131000954613108737

http://54.37.141.202

# Reference: https://twitter.com/FewAtoms/status/1131234678550220805

faqshub.xyz

# Reference: https://twitter.com/ViriBack/status/1131318550759641088

lucid44.xyz

# Reference: https://twitter.com/ViriBack/status/1131542334850699264

modestworld.top

# Reference: https://twitter.com/James_inthe_box/status/1131717489824428032
# Reference: https://www.virustotal.com/gui/domain/baihes.com/relations
# Reference: https://www.virustotal.com/gui/domain/coipip.com/relations

baihes.com
coipip.com

# Reference: https://twitter.com/blackorbird/status/1131790385884278784

asia-kunsthandwea1-online.com
kkrudy.com

# Reference: https://twitter.com/x42x5a/status/1131822281452380160
# Reference: https://twitter.com/James_inthe_box/status/1131855420073496576

airliness.info
donaldcity.club
nevernews.club
weekdanys.com

# Reference: https://twitter.com/James_inthe_box/status/1131927201496961024

tryfast-v52.cf

# Reference: https://twitter.com/FewAtoms/status/1131961073219899394

http://82.221.139.139
eyeseepotential.com

# Reference: https://twitter.com/Racco42/status/1132056583293329408

eurogov.pw

# Reference: https://twitter.com/BroadAnalysis/status/880488094277009408

batbetorzen.com

# Reference: https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/

51.255.101.144:4444
twitter.com-users.info

# Reference: https://twitter.com/HONKONE_K/status/1132892192719101952

naiei-aldiel.16mb.com

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclicks.live

# Reference: https://twitter.com/JAMESWT_MHT/status/1133024098542604288

ethchain.live

# Reference: https://twitter.com/x42x5a/status/1133025211606077440

ethmoney.live
ethcrypto.live
ethpromo.live
ethmoney.club
ethmoney.club

# Reference: https://twitter.com/jorgemieres/status/1133052016568274950

vbtz.cf

# Reference: https://twitter.com/FewAtoms/status/1133059049887604737

vaddesobhanadri.com

# Reference: https://twitter.com/cybsecbot/status/1133275353349316610

gettyimages-okta.com
harpercollins-okta.com
login-hulu.com
dropbox-apps.com
webmail-premierpr.com

# Reference: https://twitter.com/dvk01uk/status/1133294737006518272

oliver-khan.tk

# Reference: https://twitter.com/HONKONE_K/status/1133205335877885952

ip1.qqww.eu

# Reference: https://twitter.com/Racco42/status/1133330864216133632

secureserverftp.xyz

# Reference: https://twitter.com/ActorExpose/status/1133339071630204928

ntexplorerlite.com

# Reference: https://twitter.com/MalwarePatrol/status/1133417154009870337

banner.poker.williamhill.com

# Reference: https://twitter.com/MalwarePatrol/status/1133054765573844993

attachments.goapk.com

# Reference: https://twitter.com/MalwarePatrol/status/1132692376848281600

img2.img.9xiu.com

# Reference: https://twitter.com/tkanalyst/status/1133505361145556993

makemoneyeasy.live

# Reference: https://app.any.run/tasks/324f1dc9-5cce-42b4-bec0-f572b37bedfa/

kentona.su

# Reference: https://twitter.com/raby_mr/status/1133347073154097153
# Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
# Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/ip-address/185.142.97.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.182.200.111/relations

185.142.97.228:65233
217.182.200.111:21
217.182.200.111:35046
217.182.200.111:35579
217.182.200.111:35829
217.182.200.111:35348
http://217.182.200.111

# Reference: https://twitter.com/SickPeaSec/status/1133660498023501824

129.204.248.16:65534

# Reference: https://twitter.com/JAMESWT_MHT/status/1133701006238375937

anmcousa.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1133691719348830208

bobbyworld.top

# Reference: https://twitter.com/P3pperP0tts/status/1133897358402564096

http://193.32.161.77

# Reference: https://twitter.com/dvk01uk/status/1133950202233200640

amanihackz.com

# Reference: https://twitter.com/SoulRage6/status/1133994359987277831

http://84.38.135.164

# Reference: https://twitter.com/JAMESWT_MHT/status/1134050405430808577
# Reference: https://app.any.run/tasks/f1a352c4-1174-41bb-809f-ab4ed0b6be7c/

redinqtongvlftadf.xyz

# Reference: https://twitter.com/MalwarePatrol/status/1134141928541446146

tripdownload.com

# Reference: https://twitter.com/FewAtoms/status/1134146787953000449

moonday-v54.tk

# Reference: https://twitter.com/SickPeaSec/status/1134180182544093186

190.37.209.37:3569

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

sj81helmer.top

# Reference: https://twitter.com/BleepinComputer/status/1134227276101554176

up-date.to

# Reference: https://twitter.com/VK_Intel/status/1134606562180382720

li888-183.members.linode.com

# Reference: https://www.virustotal.com/gui/domain/swtest.ru/relations

[a-z0-9]{10}\.temp\.swtest\.ru

# Reference: https://twitter.com/ViriBack/status/1134912329597050880

sm.rooderoofing.com.au

# Reference: https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360/

big-partynew.ru

# Reference: https://twitter.com/MalwarePatrol/status/1135410287992025088

www8.piaodown.com

# Reference: https://twitter.com/securiteoff/status/740562516699447296
# Reference: https://www.virustotal.com/gui/domain/lasersteam178.ru/relations

lasersteam178.ru

# Reference: https://twitter.com/pancak3lullz/status/748146742571372544
# Reference: https://www.virustotal.com/gui/domain/19891108.info/relations

19891108.info

# Reference: https://twitter.com/Jouliok/status/1135293849314693126

http://82.221.139.139

# Reference: https://twitter.com/dms1899/status/1135693930492829696

proapp.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1135825545038401536

ar-energyservice.com

# Reference: https://app.any.run/tasks/9a352314-04a9-4594-8d10-9f375b7cc2c3/

http://176.10.118.191

# Reference: https://www.virustotal.com/gui/domain/yourdocument.biz/relations

yourdocument.biz

# Reference: https://twitter.com/takerk734/status/1135955547310632960

http://95.213.217.139
http://54.36.218.96
maidcafeyoyo.fun
simbaooshi.space
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/eComscan/status/1136181192796061697

dns-forwarding.com

# Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dnsedc.com

# Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dellnewsup.net

# Reference: https://twitter.com/0xrb/status/1135869164239769601 (# root domain)

yiffgallery.xyz

# Reference: https://www.virustotal.com/gui/domain/sportsnewsa.net/relations

sportsnewsa.net

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/

bazar.services
ds38.test-hf.su

# Reference: https://twitter.com/James_inthe_box/status/1136631137571237888

mysecrethope.com

# Reference: https://twitter.com/benkow_/status/1136623836936495104

china-hql.com

# Reference: https://twitter.com/FewAtoms/status/1136672182967439361

yonghonqfurniture.com

# Reference: https://twitter.com/malware_traffic/status/1136682537005305858

flash2019.xyz

# Reference: https://twitter.com/ViriBack/status/1136695799818215424

cvbt.ml

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

http://209.141.46.175
http://54.36.218.96

# Reference: https://twitter.com/KorbenD_Intel/status/1136765613412671488

ddl7.data.hu

# Reference: https://twitter.com/dave_daves/status/1137001089088315392

http://212.73.150.157

# Reference: https://twitter.com/VK_Intel/status/1137003147887566848

gstestat.com

# Reference: https://twitter.com/MalwarePatrol/status/1137041033609584640

vilamax.home.pl

# Reference: https://twitter.com/James_inthe_box/status/1137067993739943937

http://45.76.37.123
melirossa-shop.xyz
zipmatchpost.net

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

regwide.club
streetsave.club

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

keuhne-negal.com

# Reference: https://www.virustotal.com/gui/domain/panasocin.com/relations

panasocin.com

# Reference: https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
# Reference: https://www.virustotal.com/gui/ip-address/176.103.48.228/relations

http://176.103.48.228
baranevents.com
baranweddings.com
ctifsouteni.icu
etapportert.icu
ffrirbesoin.icu
hrhuae.com
ielassocier.icu
ourmazdcompany.net
samaste.net
sarahelizabethjewelry.com

# Reference: https://twitter.com/P3pperP0tts/status/1138360072168509440
# Reference: https://twitter.com/P3pperP0tts/status/1138373736187518977
# Reference: https://app.any.run/tasks/d9984618-81f4-48e5-883e-ee5591d73483/

qxyl.date
148.70.57.37:878
148.70.57.37:3

# Reference: https://twitter.com/P3pperP0tts/status/1138352249007222784
# Reference: https://twitter.com/P3pperP0tts/status/1140603446921433090

47.112.130.235:258
47.112.130.235:280

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

http://176.105.252.168

# Reference: https://otx.alienvault.com/pulse/5cff9b9b7a111ab1f15d7819
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/

139.180.199.167:1012
45.32.28.187:1012

# Reference: https://twitter.com/James_inthe_box/status/1138440424765288454
# Reference: https://www.virustotal.com/gui/domain/hognoob.se/relations

hognoob.se
fid.hognoob.se
haq.hognoob.se
pxi.hognoob.se
pxx.hognoob.se
uio.hognoob.se
q1a.hognoob.se
upa1.hognoob.se
upa2.hognoob.se

# Reference: https://twitter.com/FewAtoms/status/1138477829434351624

2be431d7.ngrok.io
niggalife.5gbfree.com
sheddy.5gbfree.com

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

46fordhamavenue-camberwell.com
haveahealthy.life
homepage-iclouds.com

# Reference: https://twitter.com/bomccss/status/1138620211140030464

elievarsen.ru

# Reference: https://twitter.com/HarioMenkel/status/1138725169323790336

bluecornerblog.xyz

# Reference: https://www.virustotal.com/gui/ip-address/121.41.39.145/relations

121.41.39.145:7149
http://121.41.39.145

# Reference: https://twitter.com/James_inthe_box/status/1138930135548157952

http://5.206.226.15

# Reference: https://twitter.com/FewAtoms/status/1139177275977555970

sripipat.com

# Reference: https://twitter.com/James_inthe_box/status/1139206166385348613

138.68.16.227:8080

# Reference: https://twitter.com/yvesago/status/1139209832014274562

fujielectric.cf

# Reference: https://twitter.com/P3pperP0tts/status/1139277669575659529

182.254.220.148:88

# Reference: https://twitter.com/gorimpthon/status/1139351204540977152
# Reference: https://app.any.run/tasks/51d14dec-d0de-4718-b5f1-3ae489013df9/

185.106.122.120:80
185.140.248.17:80

# Reference: https://twitter.com/58_158_177_102/status/1139369225863065602

185.164.72.213:80

# Reference: https://twitter.com/dave_daves/status/1139509798926467073
# Reference: https://twitter.com/FewAtoms/status/1139608798119768065

adl-groups.com
deluxerubber.com
greatmischiefdesign.com

# Reference: https://twitter.com/MalwarePatrol/status/1139758944224731141

a0310625.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1139841634655277056

check511.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1140333563319128064

222.186.172.44:9

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

785sou.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1140525091110998017

mondaydrem.ru

# Reference: https://twitter.com/x42x5a/status/1140530422172045312

storage.alfaeducation.mk

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568
# Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/

sventiskai.lt
45.67.14.157:80

# Reference: https://twitter.com/Sebdraven/status/1140597344720830471
# Reference: https://app.any.run/tasks/d7ce191d-c04f-4eff-a13c-02cbe746c256/
# Reference: https://www.virustotal.com/gui/domain/cdn-dl.cn/relations

cdn-dl.cn

# Reference: https://twitter.com/nullcookies/status/1140780769914302467

belllflight.com

# Reference: https://twitter.com/VirITeXplorer/status/1140875655955079168

btta.xyz

# Reference: https://twitter.com/papa_anniekey/status/1140825590632570880

blogmason.mixh.jp

# Reference: https://twitter.com/luc4m/status/1140928778799124482

http://185.230.161.116

# Reference: https://twitter.com/malware_traffic/status/1141083006574178304

tor2net.com

# Reference: https://twitter.com/58_158_177_102/status/1141226169720815616

bibicity.ru

# Reference: https://twitter.com/James_inthe_box/status/1141326136212766720

http://185.158.248.80

# Reference: https://twitter.com/James_inthe_box/status/1141429831688605697

joeing.duckdns.org

# Reference: https://twitter.com/SecurityGuyPhil/status/1141466335592869888
# Reference: https://twitter.com/ItsReallyNick/status/1141517097991835648
# Reference: https://otx.alienvault.com/pulse/5d0aeb6260c8332e03da9063

89.34.111.113:443
185.49.69.210:80

# Reference: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

http://185.162.131.92
http://185.49.71.101

# Reference: https://twitter.com/P3pperP0tts/status/1141611364953337856

94.191.94.149:8080

# Reference: https://twitter.com/P3pperP0tts/status/1141961999796113408
# Reference: https://twitter.com/FewAtoms/status/1144567670555254787

103.45.174.46:81
103.45.174.46:8080

# Reference: https://twitter.com/James_inthe_box/status/1142005711808765952

jplymell.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

crypy.top

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
# Reference: https://www.virustotal.com/gui/ip-address/45.67.14.179/relations

http://45.67.14.179

# Reference: https://twitter.com/peterkruse/status/1141993808105811968

proyectobasevirtual.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142065672387792896

makemoneyeasywith.me

# Reference: https://twitter.com/James_inthe_box/status/1140768910465101824

aeg.tmc.mybluehost.me

# Reference: https://twitter.com/FewAtoms/status/1142143526165073920

http://185.82.200.189

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Zusy-6995723-0)

brureservtestot.cc
qytufpscigbb.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Trojan.Shiz-6994953-0)
# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Packed.Shiz-7945013-0)

cilupakuquk.eu
cilynitiseg.eu
cinazetybiq.eu
ciqehefitij.eu
dikuvizigiz.eu
fodavibusim.eu
foxofewuteq.eu
gaherobusit.eu
gahoqohofib.eu
ganazywutes.eu
ganovowuqur.eu
jenupydaces.eu
kemimojitir.eu
keraborigin.eu
kerijudacyj.eu
lygowunezep.eu
lykemujebeq.eu
lyruterodiq.eu
lyvoguraxeh.eu
magofetequb.eu
masafytunux.eu
nojepofyren.eu
norumikemem.eu
novacofebyz.eu
nozapekidis.eu
pumumagojef.eu
pupucuvymup.eu
qeburuvenij.eu
qegefavipev.eu
qeguxylevus.eu
qekusagigyz.eu
qeqotogemet.eu
qexusulakiq.eu
ryciqavuqav.eu
rytahagemeg.eu
tufamugevih.eu
tunarivutop.eu
tunupegirec.eu
tupazivenom.eu
tuwypagupeb.eu
vocupotusyz.eu
vopycyfutoc.eu
xubifaremin.eu
xuboninogyt.eu
xudevunymex.eu
xukafinezeg.eu
xuxetiryqem.eu

# Reference: https://twitter.com/P3pperP0tts/status/1142248371631140867

http://149.202.29.67

# Reference: https://twitter.com/executemalware/status/1141882448063737857

blogmason.mixh.jp

# Reference: https://www.reverse.it/sample/a4ca81a3f7dc09377bbda508db39b48ef08073a07a0472f78db8b5256e93bdb5
# Reference: https://www.virustotal.com/gui/domain/winshipway.com/relations

winshipway.com

# Reference: https://twitter.com/DissectMalware/status/1142979828339150850

aesculapius.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1143142047987195904

baidu.wookhost.me

# Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/

mechanicaltools.club

# Reference: https://twitter.com/killamjr/status/1110889738653913089

valdez.pw

# Reference: http://vxcube.com/tools/domain/mailsa-qau.com/relate_iocs

153-66-11-33.com
154-65-22-26.com
154-65-22-29.com
154-66-11-33.com
154-66-21-29.com
154-66-21-30.com
154-66-21-33.com
154-66-22-29.com
anima-sana.cz
askdrthomas.com
beetfeetlife.bit
btoaspa.xyz
canadianposcorp.com
chaibuckz.com
checkmyurls.com
cognitionclassroom.com
dual-it.com
fastandup.co.in
fin-plcukltd.com
gracesandoval.com
id-19190249012904912904190249129490219049129419.pro
intecwi.org
internettenparakazanma.org
istanbulside.net
ivanajankovic.com
jointings.org
kitcross.ca
llkty.gq
masee.info
mcnconstruction.net
mincoindia.com
onlinemail.kz
ox2ybk1nf4muo3.net
pekip-und-mehr.de
pilarrakyat.com
propertiesfirst.com
rencontres-idf.fr
sewardsfollybarandgrill.net
shawneklassen.com
theevanescense.com
tiltangeomatics.tk
trafficartspace.com
unlaca.info
unlaca.net
unlaca.org

# Reference: https://twitter.com/killamjr/status/1143498263892582402

deserv.ie/gunie/

# Reference: https://twitter.com/JAMESWT_MHT/status/1143514933646245889

up-dates.to
svarog-jez.com

# Reference: https://www.lacework.com/cve-2019-3396-poc-deep-dive/
# Reference: https://otx.alienvault.com/pulse/5d12356ce0b0b1db4062231e

http://37.44.212.223
51.15.56.161:201
68.183.164.16:2121
jukesbrxd.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1143539589849767936

selly.duckdns.org

# Reference: https://twitter.com/OttoScav/status/1143567557649154048

birthdayeventdxb.com
cscuniversal.com

# Reference: https://twitter.com/malware_traffic/status/1143624752956940288

kooovaqas.biz
naaleazas.net
rogojaob.info
vaxeiayas.mobi
oltaeazas.mobi
amlivaias.us
ijcaiatas.name
ufayubja.me

# Reference: https://twitter.com/luc4m/status/1143808322430218241

aeg.tmc.mybluehost.me/xx/

# Reference: https://twitter.com/MalwarePatrol/status/1140664914417205249

cloud.xenoris.fr

# Reference: https://twitter.com/neonprimetime/status/1116754139281805317

eventricity.biz

# Reference: https://twitter.com/FewAtoms/status/1144223806195716098

mikejesse.top

# Reference: https://twitter.com/h4ckak/status/1144173749056315392

http://217.163.23.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1144238644460433408

qwerty123456.space

# Reference: https://twitter.com/sniko_/status/1144454852698705924

digidick.xyz

# Reference: https://twitter.com/x42x5a/status/1144554536809435136

42.51.194.10:81

# Reference: https://twitter.com/x42x5a/status/1144559810123370496

http://114.118.80.241
114.118.80.241:8081

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

natchotuy.com

# Reference: https://twitter.com/FewAtoms/status/1144636921437655041

http://123.207.143.211

# Reference: https://twitter.com/The_d0c_T0R/status/1144640214293520385

http://47.95.252.24

# Reference: https://twitter.com/malware_traffic/status/1144726582596186120
# Reference: https://www.malware-traffic-analysis.net/2019/06/28/index.html
# Reference: https://twitter.com/malware_traffic/status/1144027142696656896

thetechhaus.com
ntri.triplegconsults.com
green.mattingsolutions.co
ruscacademy.in

# Reference: https://twitter.com/Bank_Security/status/1115131039511396352
# Reference: https://www.malware-traffic-analysis.net/2019/04/05/index.html
# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
snap.cr-acad.com
static.spillpalletonline.com
tops.sineadholly.com

# Reference: https://twitter.com/Paladin3161/status/1144641457992556546

119.188.250.55:8080

# Reference: https://twitter.com/dineshdina04/status/1008621004896198657
# Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/

111.73.46.110:2233

# Reference: https://twitter.com/ViriBack/status/970443789234929664

cajo.com.au

# Reference: https://twitter.com/TelecomixSyria/status/301863376395587584
# Reference: https://www.virustotal.com/gui/domain/syrian-martyrs.com/details

syrian-martyrs.com

# Reference: https://twitter.com/ViriBack/status/1145040024297181186

mimiplace.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/rarog/c2_w_timestamps.csv (# root domains)

0100.name
111orion.xyz
1gq.ru
4spirin.pw
5max.xyz
7bog.ru
abibletit.ru
accbmosol.com
admina.xyz
adminbtc.ru
albertsrun.xyz
badboy.pw
banddos.ru
bcjsoinlsidun3.eu
bdwiki.ru
bfvvsdfvjbvcdg.pw
billionaireboys.pw
bitcoin.lisx.ru
bitoklg.ru
bizmailcon.ru
bjkdfhbvvr.pw
bldimablog.xyz
bnknw.pw
bsdfbsadjfb.pw
bsdfksbdfj.pw
bsdfvsh.pw
btc-db.com
btchash777.ru
btcminergate.ru
bvjhsdvbfjsd.pw
centralfargo.com
checkingsite.site
checkmeout.ru
chvpobidno.com
cryptongram.org
cryptopoly.pw
csgotrade.vip
csobik.xyz
dcr048dd.ru
dedpanel.xyz
def397.pw
dfgsfdkj3jk4h5.ru
dfsfgsdfg.pw
digital-game.ru
dismay.pw
doomed.cf
dratuti.info
drujbanu.pw
enable.pw
enigma-top.bid
euirterhgt.pw
f1eriya.pw
fl-god.pw
games-revi.ru
getdownload4812.ru
ghjdthrf.tk
googleanalistics7431.ru
gopanel.ru
gslll.ru
hfyljv.ru
highwrite.ru
hjbkfwejhkfbj2334f.pw
hjdskyewljfdn.pw
hlebb.pw
how-to-how.club
hsnqy2no.host
ibsmoney.ru
igogos.ga
incor.xyz
itemsbet.com
itsmydomain.xyz
jackblack.pw
jisec.xyz
kdjsnbfgkjdf.pw
kefirsports.xyz
kevyank.ru
kiras.kz
kolokolchik.info
kopilka.io
kwam.gdn
land-seo.ru
lkasdjfklhngn.pw
m234.xyz
macadmin.xyz
mainivent.xyz
malmine.ru
maxpinezzz.ru
microtrend.xyz
min2rarllsknfoeihe.ru
minerarog.xyz
minergood.ru
minerhash.pw
minetbot.online
money-exchanger.info
mousehous.gdn
moy-mayner.ru
mrgap.pw
mybblog.xyz
mynebo7.xyz
mysuperprojectnumone.xyz
nbvnfuyjft567uygvhgfc.pw
nebuchadnezzar.xyz
newmine.ru
norfest1x.win
o4kobati.xyz
odmenarmi9z.site
plastileen.pw
poiwebm.ru
rand0msh1tm1n3r.xyz
rar740.xyz
rarog-cobetchik.ru
raznospower.ru
realbarbos.life
realtek.website
recheckmail24.ru
rikimaru7.pw
rrealstats.ru
rublikzarabotok.com
sadating.xyz
sanya330.pro
sdbfhjbsdfjh.pw
sdfbdsfjhkbgdf.pw
sdfvbshgdvf.pw
shilo.ml
soft-portal.kz
spaceman07.ru
spiridus.pw
staglion.pro
stingtek.com
sychost.com
system-analyse.win
tapblackmoney.pw
tiberious.xyz
torprojectonioncheck.com
tyha84.info
ugrym.pw
vergames.ru
webbserfer.ru
wilhost.com
wolframalpha.pw
wwqrwwwreewrqwer.xyz
xgames.su
xyw.space
zerstoren.pro
zloki.pw

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations

11fhfh.com
11xhxh.com
11xjxj.com
123dmdm.com
123fhfh.com
123hyhy.com
123jjyy.com
123kbkb.com
123xhxh.com
123xjxj.com
123xmxm.com
123xxbb.com
123yybb.com
22ctct.com
22fhfh.com
22hyhy.com
33dmdm.com
33jjyy.com
33xjxj.com
33xxaa.com
44ctct.com
44dmdm.com
44fhfh.com
44jjyy.com
44qxqx.com
44xhxh.com
44xjxj.com
44xmxm.com
44xxaa.com
44xxpp.com
520dmdm.com
520fhfh.com
520qxqx.com
520ssbb.com
520xhxh.com
520xjxj.com
520xmxm.com
55dmdm.com
55fhfh.com
55jjyy.com
55qxqx.com
55sdsd.com
55xhxh.com
55xjxj.com
55xxaa.com
55xxpp.com
628ai.com
6688cdn.com
66bbmm.com
66dmdm.com
66fhfh.com
66hyhy.com
66jjyy.com
66qxqx.com
66xhxh.com
66xjxj.com
66xxaa.com
66xxpp.com
6ctct.com
77dmdm.com
77hyhy.com
77xhxh.com
77xxaa.com
7ctct.com
7ufuf.com
888dmdm.com
888fhfh.com
888hbhb.com
888kbkb.com
888mbmb.com
888xhxh.com
888xjxj.com
888xmxm.com
88cscs.com
88ctct.com
88dmdm.com
88fhfh.com
88jjyy.com
88mkmk.com
88xhxh.com
88xjxj.com
88xxpp.com
890ai.com
898ai.com
999dmdm.com
999fhfh.com
999kbkb.com
999xhxh.com
999xjxj.com
999xmxm.com
99bbmm.com
99dmdm.com
99fhfh.com
99jjyy.com
99ppss.com
99xhxh.com
99xjxj.com
99xxpp.com
avav99.com
bcbc11.com
bcbc22.com
btbt33.com
btbt44.com
btbt77.com
didi22.com
gbgb11.com
gbgb66.com
mbmb55.com
mbmb99.com
nbnb33.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations

5444666.com
lh590.com
lh65.com
lh660.com
lh993.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.105/relations

1122sb.com
1188sb.com
629k.com
yh558877.com

# Reference: https://twitter.com/FewAtoms/status/1145357973579083778

securefilesdatas23678842nk.cf

# Reference: https://app.any.run/tasks/8df63024-05d4-4d67-bea9-ecdb1b9884a7/

nixtin.us

# Reference: https://twitter.com/ViriBack/status/1145366573898747905

http://190.97.166.189

# Reference: https://twitter.com/JayTHL/status/1145425745315008516

flavorizedjuice.de

# Reference: https://twitter.com/0bfusCat/status/1145269019374698496

http://31.207.34.129

# Reference: https://twitter.com/luc4m/status/1145650430476783617

http://23.249.167.147

# Reference: https://twitter.com/malware_traffic/status/1145793372126416897

http://31.184.252.188
cellfom.com
chungfamily.us

# Reference: https://twitter.com/david_jursa/status/1146014269940609025

beahero4u.com

# Reference: https://twitter.com/ps66uk/status/1146090626498347009

holahospice.org
john1715.com

# Reference: https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (# CVE-2017-11774)
# Reference: https://twitter.com/obiwanblee/status/1146152208976584704
# Reference: https://otx.alienvault.com/pulse/5d1bb4b9a3f21fdc4d509f47

customermgmt.net

# Reference: https://twitter.com/James_inthe_box/status/1146183202467303424

xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/community

rainbowtrade.net

# Reference: https://twitter.com/James_inthe_box/status/1146446614367576065

bonus-ssl.com

# Reference: https://twitter.com/malware_traffic/status/1146503887215636480

cohen-nicoleau.com
mkzd.ru

# Reference: https://twitter.com/alex_lanstein/status/1146073296502501376

http://185.222.58.151

# Reference: https://twitter.com/killamjr/status/1146521318503964678

equipmnts.com

# Reference: https://www.virustotal.com/gui/domain/alcatelupd.xyz/relations

alcatelupd.xyz

# Reference: https://www.virustotal.com/gui/domain/symcorp.xyz/relations

symcorp.xyz

# Reference: https://twitter.com/FewAtoms/status/1146804894785056768

http://35.230.88.182

# Reference: https://twitter.com/James_inthe_box/status/1146896227000209408

http://92.119.113.32
xzshadows13.icu

# Reference: https://twitter.com/anyrun_app/status/1147040289300910080

ciber1250.gleeze.com

# Reference: https://twitter.com/VK_Intel/status/1147276748331081728
# Reference: https://www.virustotal.com/gui/domain/jsc0nten1maker.com/details

jsc0nten1maker.com

# Reference: https://twitter.com/benkow_/status/1147443642728103936

trading-secrets1.ru

# Reference: https://twitter.com/FewAtoms/status/1147484142218752002

janavenanciomakeup.com.br

# Reference: https://twitter.com/P3pperP0tts/status/1147540932490719233

58.218.66.92:1990
xdzzt.cn

# Reference: https://twitter.com/pancak3lullz/status/748521146321035264

htver.com

# Reference: https://twitter.com/FewAtoms/status/953966104887676928

gaming4life.org

# Reference: https://twitter.com/p5yb34m/status/1147269466293592064

servicess.online

# Reference: https://twitter.com/FewAtoms/status/1147829136146219009

bizimedebiyatimiz.com

# Reference: https://www.virustotal.com/gui/domain/metoristrontgui.info/relations

metoristrontgui.info

# Reference: https://www.virustotal.com/gui/domain/forstraus.co/relations

forstraus.co

# Reference: https://twitter.com/seguridadyredes/status/1054112048559329282

printnow.club

# Reference: https://twitter.com/P3pperP0tts/status/1148122871883030528

http://118.89.185.104
111.231.142.229:9921

# Reference: https://twitter.com/david_jursa/status/1148199946618732544
# Reference: https://app.any.run/tasks/839a2d29-1bf5-4d54-bd12-e179f9d1154f/

104.203.92.254:8080

# Reference: https://twitter.com/vigilantbeluga/status/1148118035581960193

expressdatings.info
herasimaonline.biz
ohso.site

# Reference: https://twitter.com/jeromesegura/status/1006616151118397440

feelingsdi.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912

fpayyhh.com

# Reference: https://twitter.com/malware_traffic/status/1148330383634812933

sgbzw12y.club
hlilaf44erick.xyz
kherthax0yua.info

# Reference: https://twitter.com/JayTHL/status/1118595885208866819
# Reference: https://twitter.com/JayTHL/status/1118650213084872705

helplog[0-9]{3,4}\.(ml|ga|gq|tk|cf)

# Reference: https://twitter.com/FewAtoms/status/1148623685412110336

creativecompetitionawards.gq

# Reference: https://twitter.com/x42x5a/status/1148603527444480000

obichereu.website

# Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632

111.30.107.131:228

# Reference: https://twitter.com/James_inthe_box/status/1148598156109799425

http://34.214.24.187

# Reference: https://twitter.com/James_inthe_box/status/1148652274727575558

apertona.com

# Reference: https://twitter.com/benkow_/status/1128639735960875010

abovethecrowd.site

# Reference: https://twitter.com/benkow_/status/1148658101463203841

ubercoupon.site

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/
# Reference: https://www.virustotal.com/gui/ip-address/195.154.255.174/relations

http://194.109.206.212
http://195.154.255.174
http://46.165.250.224
http://162.247.74.200
http://178.17.171.78
http://188.138.88.42
http://204.85.191.9
http://23.129.64.207
http://91.203.146.126

# Reference: https://twitter.com/Ledtech3/status/1148883757094645760

http://5.56.133.137

# Reference: https://twitter.com/mrmolley/status/1149120144305729536

177.37.79.206:3000
http://35.193.98.140
http://78.201.31.9

# Reference: https://twitter.com/1ZRR4H/status/1149282913751617536
# Reference: https://www.virustotal.com/gui/ip-address/91.209.70.21/relations

accesso-cupo-de-tarjeta-cl.cf
accesso-cupo-de-tarjeta-cl.gq
activacion-aumento-tarjeta-cl.cf
activacion-aumento-tarjeta-cl.gq
active-cupo-de-2-millones-avance-cl.cf
active-cupo-de-2-millones-avance-cl.gq
active-cupo-de-avances-cl.cf
active-cupo-de-avances-cl.gq
aprobacion-cupo-web-cl.cf
aprobacion-cupo-web-cl.gq
aprobado-cupo-de-avance-cl.cf
aprobado-cupo-de-avance-cl.gq
aumento-activo.cf
aumento-activo.gq
aumento-aprobado.cf
aumento-aprobado.gq
aumento-cupo-aprobacion-cl.cf
aumento-cupo-diferido-cl.cf
aumento-cupo-diferido-cl.gq
aumento-para-clientes.cf
aumento-servicios.cf
aumento-servicios.gq
aumento-validacion-cupo-de-avance-en-tarjeta-cl.cf
aumento-validacion-cupo-de-avance-en-tarjeta-cl.gq
aumento-verificado-de-tarjeta-cl.cf
aumento-web-activado.cf
aumento-web-activado.gq
avance-activo-en-cuotas-cl.cf
avance-aprobado-cl.cf
avance-aprobado-cl.gq
avance-cupo-diferido-cl.cf
avance-cupo-diferido-cl.gq
avance-cupo-diferido-personas-cl.cf
avance-cupo-diferido-personas-cl.gq
avance-cupo-informacion-cl.cf
avance-cupo-informacion-cl.gq
avance-cupo-simulador-web.cf
avance-cupo-simulador-web.gq
avance-de-aumento-cl.cf
avance-de-aumento-cl.gq
avance-de-confimacion-web-cl.cf
avance-de-confimacion-web-cl.gq
avance-de-cupo-en-linea-personal-cl.cf
avance-de-cupo-en-linea-personal-cl.gq
avance-en-linea-diferido-web-cl.cf
avance-en-linea-diferido-web-cl.gq
avance-en-linea-verificado-cl.cf
avance-en-linea-verificado-cl.gq
avance-en-linea-web-simulador-cl.cf
avance-en-linea-web-simulador-cl.gq
avance-online-cl.cf
avance-online-cl.gq
avance-personas-cuotas-diferido-cl.cf
avance-personas-cuotas-diferido-cl.gq
avance-solicitud-cupo.cf
avance-solicitud-cupo.gq
avance-web-activo-simulador-cl.cf
avance-web-aprobado-cl.cf
avance-web-aprobado-cl.gq
avance-web-confirmacion-cl.cf
avance-web-confirmacion-cl.gq
avance-web-servicios-cl.cf
avance-web-servicios-cl.gq
avances-cuotas-diferido-promo-cl.cf
avances-cuotas-diferido-promo-cl.gq
avances-online-asignado-cl.cf
avances-online-asignado-cl.gq
consulta-activacion-de-avance-cl.cf
consulta-activacion-de-avance-cl.gq
cupo-avance-credito-en-linea-cl.cf
cupo-avance-credito-en-linea-cl.gq
cupo-avance-online-cl.cf
cupo-avance-online-cl.gq
cupo-de-avance-online-cl.cf
cupo-de-avance-online-cl.gq
cupo-disponible-avance-cl.cf
cupo-disponible-avance-cl.gq
cupo-financiado-cl.cf
cupo-financiado-cl.gq
cupo-prestamo-cl.cf
cupo-prestamo-cl.gq
cupo-tarjeta-activo-cl.cf
cupo-tarjeta-activo-cl.gq
cupo-tarjeta-aumento.cf
cupo-tarjeta-aumento.gq
cupo-tarjeta-cuotas-diferido-cl.cf
cupo-tarjeta-cuotas-diferido-cl.gq
cupo-tarjeta-linea-de-credito-cl.cf
cupo-tarjeta-linea-de-credito-cl.gq
cupo-web-avance-cl.cf
cupo-web-avance-cl.gq
cupo-web-para-avance-cl.cf
cupo-web-para-avance-cl.gq
incremento-avance-en-tarjeta-cl.cf
incremento-avance-en-tarjeta-cl.gq
ingreso-cupo-de-tarjeta-cl.cf
ingreso-para-avance-cl.cf
ingreso-para-avance-cl.gq
ingreso-verificacion-cupo-de-avance-cl.cf
ingreso-verificacion-cupo-de-avance-cl.gq
ingreso-verificacion-de-avance-cl.cf
ingreso-verificacion-de-avance-cl.gq
login-avance-incremento-web-cl.cf
login-avance-incremento-web-cl.gq
login-web-avances-cl.cf
login-web-avances-cl.gq
obten-cupo-enlinea-cl.cf
obten-cupo-enlinea-cl.ga
obten-cupo-enlinea-cl.gq
obten-cupo-enlinea.cf
obten-cupo-enlinea.ga
obten-cupo-enlinea.gq
obten-validacion-cupo-web.cf
obten-validacion-cupo-web.gq
obtener-avance.cf
obtener-avance.ga
obtener-avance.gq
portal-avances-de-cupo-cl.cf
portal-avances-de-cupo-cl.gq
portal-para-avance-activado-cl.cf
portal-para-avance-activado-cl.gq
registro-de-avance-cl.cf
registro-de-avance-cl.gq
revision-cupo-tarjeta.cf
revision-cupo-tarjeta.gq
servicio-de-avance-cl.cf
servicio-de-avance-cl.gq
servicio-web-activacion-avance-cl.cf
servicio-web-activacion-avance-cl.gq
solicitud-avance-cupo-en-linea-cl.cf
solicitud-avance-cupo-en-linea-cl.gq
solicitud-cupo-de-avance-personal-cl.cf
solicitud-cupo-de-avance-personal-cl.gq
validacion-aumento-cupo.cf
validacion-aumento-cupo.gq
validacion-incremento.cf
validacion-incremento.gq
verificacion-de-aumento.cf
verificacion-de-aumento.gq
verificacion-de-avance-cl.cf
verificacion-de-avance-cl.gq
web-avance-de-tarjeta-cl.cf
web-avance-en-linea-cl.cf
web-avance-en-linea-cl.gq
web-avance-para-personas-scotia-cl.cf
web-avance-para-personas-scotia-cl.gq
www-aumento-de-avance-cl.cf
www-aumento-de-avance-cl.gq
www-avances-online-cl.cf
www-avances-online-cl.gq
www-login-retiro-de-avance-web-cl.cf
www-login-retiro-de-avance-web-cl.gq

# Reference: https://twitter.com/coderippers/status/1149312700205416448

vman22.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1149574068435218432

dgkhj.ru
fdghfghdfghjhgjkgfgjh234569.ru
hjkg456hfg.ru

# Reference: https://twitter.com/Paladin3161/status/1149456134622863360
# Reference: https://www.virustotal.com/gui/file/a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8/detection

aol.vready.cn
v2api.v6.cn
118.25.165.228:443
134.175.107.117:80

# Reference: https://twitter.com/1ZRR4H/status/1121146391127044096

http://163.172.84.54

# Reference: https://twitter.com/James_inthe_box/status/1149640703082815489
# Reference: https://app.any.run/tasks/9bb12825-d6d8-4c82-9491-c6a460196bad/

43.254.217.67:443

# Reference: https://twitter.com/KorbenD_Intel/status/1146463851526938625

http://34.68.116.148

# Reference: https://twitter.com/stvemillertime/status/1142593479966691333

http://45.32.89.133

# Reference: https://www.virustotal.com/gui/domain/pre23sence.club/relations

pre23sence.club

# Reference: https://twitter.com/RedDrip7/status/1145877272945025029

http://43.254.217.67

# Reference: https://twitter.com/killamjr/status/1150218238573404160

pictureviewerpro.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1150378625268666370

218.61.16.142:886

# Reference: https://twitter.com/P3pperP0tts/status/1150389146185342976
# Reference: https://app.any.run/tasks/d9edfd31-3526-4a6e-9657-0037a9c3ec43/
# Reference: https://twitter.com/James_inthe_box/status/1150402589449568257

82.202.221.61:4015
justdoits.pw
russianbase.ru

# Reference: https://twitter.com/P3pperP0tts/status/1150419408197693442
# Reference: https://app.any.run/tasks/bd7ea7cd-d94f-4e21-b809-864653ae59e7/

dircon88.bit
185.126.200.39:4000
185.126.200.39:4158

# Reference: https://twitter.com/JAMESWT_MHT/status/1150688427307929600

balances.duckdns.org

# Reference: https://twitter.com/nao_sec/status/1149273164058222592
# Reference: https://app.any.run/tasks/b2f81922-c7cf-4974-8a02-570ac3f440c1/

http://45.12.215.157

# Reference: https://twitter.com/James_inthe_box/status/1150794193494630401

mis.us

# Reference: https://twitter.com/James_inthe_box/status/1059087094612602881

jobs.samref.com.sa

# Reference: https://twitter.com/malware_traffic/status/856924240158896128

chaggma.com
hurtmehard.net

# Reference: https://twitter.com/Zerophage1337/status/854883694905098241

red.5efinance.net.in

# Reference: https://twitter.com/tmmalanalyst/status/796650651631505408

http://151.248.116.32
o61ulk.top

# Reference: https://twitter.com/BroadAnalysis/status/796379886738874368

di8dzlz.top
whitaker-detail.com

# Reference: https://twitter.com/oppimaniac/status/1151113181751906304

zerodayv3startedexploitpcwithexcelgreat.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

http://5.56.133.137

# Reference: https://twitter.com/James_inthe_box/status/1151222412890927104

icf-fx.kz

# Reference: https://twitter.com/FewAtoms/status/1151220766337167360

jessecom.top

# Reference: https://twitter.com/jeromesegura/status/1148289957716344832

http://213.227.154.121
azera.club

# Reference: https://twitter.com/dvk01uk/status/1151351846411390976

mrjbiz.top

# Reference: https://twitter.com/sugimu_sec/status/1151463058138525696

woeiuyfgowe.xyz

# Reference: https://twitter.com/fletchsec/status/1151553862110720006

danmaxexpress.com

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

4wereareyou.icu

# Reference: https://twitter.com/ViriBack/status/1151644173302456320

http://5.252.192.117

# Reference: https://twitter.com/ViriBack/status/1151642872778776581

http://172.86.120.238

# Reference: https://twitter.com/anyrun_app/status/1151747662011674624

charest-orthophonie.ca

# Reference: https://twitter.com/reecdeep/status/1151756075407945729

onholyland.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
# Reference: https://otx.alienvault.com/pulse/5d30c84b82e46bd810cb4957

http://37.252.15.241
http://89.105.198.28
http://185.202.174.44
http://199.189.108.71

# Reference: https://twitter.com/FewAtoms/status/1152182269454499840

baladefarms-com.ga
baladefarms.ga

# Reference: https://twitter.com/x42x5a/status/1152203190898778112

sxhts-group.com

# Reference: https://twitter.com/HerbieZimmerman/status/1152207191962767360

f72f7994.green.mattingsolutions.co

# Reference: https://twitter.com/Paladin3161/status/1151809951762964480

zhujb.cn

# Reference: https://twitter.com/P3pperP0tts/status/1152231737583271936

103.118.221.190:38888
111.6.76.54:959

# Reference: https://twitter.com/P3pperP0tts/status/1152538885974634496

granportale.com.br

# Reference: https://twitter.com/SBousseaden/status/1152532262589800448

78sh68279.atspace.eu

# Reference: https://twitter.com/DGAFeedAlerts/status/1151931732725293060
# Reference: https://www.virustotal.com/gui/ip-address/63.251.106.22/relations

404mobi.com
51ginkgo.com
adqwozlzb.info
aszzfjwuzngkao.com
brokenpiano.ru
ceuflaxurxy.info
down.heheelibom.com
gatherreceive.net
haprtwfitgylgiivvcaunvealzqcfq.com
heheelibom.com
kibertuz.site
m8374.net
nzizemese.info
oymjiasojevof.com
plsskq.com
ponka.biz
qicswtcvvxnmv.info
sernak.xyz
sr57mj1bcvng4yqf2y41cep8d5.com
storyhave.net
system-internals.com
systembooster.info
thisborn.net
tpyntpcnxwvsjqow.com
windows-pcrepair.com
xrjlmyhds.info

# Reference: https://twitter.com/FewAtoms/status/1152611531890331648

climapro-africa.com

# Reference: https://twitter.com/Xylit0l/status/1152980561943760896

wwkkss.com

# Reference: https://twitter.com/petrovic082/status/1152952807600939008

bruze2.ug

# Reference: https://twitter.com/bad_packets/status/1153089384884736000

silynigr.xyz

# Reference: https://twitter.com/reecdeep/status/1153248954911514625

karysmarie.me

# Reference: https://twitter.com/P3pperP0tts/status/1153257218780909568

enc-tech.com

# Reference: https://twitter.com/James_inthe_box/status/1153385401278771201

novocontador.club
thenewsystemsetup.online

# Reference: https://twitter.com/FewAtoms/status/1153714739324829696

adityebirla.com

# Reference: https://twitter.com/JayTHL/status/1153744085737512962

africanmobilenetworks.com
cxgtgdf.com
forteol.com
onwamay.in

# Reference: https://twitter.com/killamjr/status/1153760441056845824

100puntos.com

# Reference: https://twitter.com/gorimpthon/status/1153476585736925184

dellbankyzaj.com

# Reference: https://twitter.com/James_inthe_box/status/1154036514600308737

fomoportugal.com

# Reference: https://twitter.com/FewAtoms/status/1154065536596107264

http://185.62.189.153
comforitgreel.ml
jbssa.one

# Reference: https://twitter.com/luc4m/status/1154390964045254656

rgalldmn.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1155093166841892864

alldayever231.su

# Reference: https://twitter.com/DissectMalware/status/1069507395448184833

cxvbilladsoi-legal.1gb.ru
dttmasterpropriv.ml

# Reference: https://www.virustotal.com/gui/ip-address/173.231.184.61/relations

http://173.231.184.61

# Reference: https://twitter.com/FewAtoms/status/1155496035461947392

u700222964.hostingerapp.com

# Reference: https://twitter.com/MisterCh0c/status/1155725091214372864

tjcyint.ml
razorcrypter.com
systemswift.group
oymmadencilik.com.tr

# Reference: https://twitter.com/Racco42/status/1155790202306211841

http://23.81.246.28

# Reference: https://twitter.com/stvemillertime/status/1155896477195091971

s2lol.com

# Reference: https://twitter.com/James_inthe_box/status/1155845641949442048

serverstresstestgood.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

robertogowin.com

# Reference: https://twitter.com/Artilllerie/status/1155851644262920199

protest-01262505.ga

# Reference: https://twitter.com/ninoseki/status/1156110479028133889

fatmazpharmc.com

# Reference: https://twitter.com/p5yb34m/status/1155956248681930755

modexcommunications.eu

# Reference: https://twitter.com/FewAtoms/status/1156156572747390977

creativecompetitionawards.ga

# Reference: https://twitter.com/p5yb34m/status/1156420680725831680

anthasoft.mx

# Reference: https://twitter.com/pulsedive/status/1156474611015528448

103.243.26.251:8988

# Reference: https://www.virustotal.com/gui/domain/rigneda.ru/relations
# Reference: https://www.virustotal.com/gui/file/4466e9258c00ecb4783001c678af6da8682fac36e5dd542a59f28a29245e5efa/detection

kuitrafes.ru  # Note: found on infected machine
rigneda.ru

# Reference: https://www.virustotal.com/gui/file/27e68e5e547860a9312d751381127ac85e89eeb40d74fa04aa4ca7fbc5498e51/detection

green5news.org

# Reference: https://twitter.com/malware_traffic/status/1157037634167984128

81.171.31.247:4567

# Reference: https://twitter.com/P3pperP0tts/status/1157196635207847938

kmxxw8.com

# Reference: https://twitter.com/alex_lanstein/status/1157261034521939968

122.114.173.174:3306

# Reference: https://twitter.com/James_inthe_box/status/1157406598769213440

zywuqcxtmqtz.000webhostapp.com

# Reference: https://twitter.com/Paladin3161/status/1157425240948920321
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

legion17.icu
vidardeep4.icu

# Reference: https://twitter.com/bad_packets/status/1157720176487329792

fxxxxxxk.me

# Reference: https://twitter.com/fatihsirinnnn/status/1158440148696293376

http://23.95.212.108

# Reference: https://twitter.com/ps66uk/status/1158456891623792647

http://149.202.110.2

# Reference: https://twitter.com/DynamicAnalysis/status/1158406596533338118

fomoportugal.com

# Reference: https://twitter.com/James_inthe_box/status/1158484189685010432

http://165.22.201.28

# Reference: https://twitter.com/P3pperP0tts/status/1158666213960179712

198.44.228.10:665

# Reference: https://twitter.com/Racco42/status/1158729618389643264

gsm-security-solutions.com

# Reference: https://twitter.com/wwp96/status/1158716438598836224

aspsensewiretransfergoogle.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1158812093786857475

http://23.82.128.23

# Reference: https://twitter.com/425A_/status/1158824075676069889
# Reference: https://twitter.com/JayTHL/status/1158839203884650499
# Reference: https://www.virustotal.com/gui/ip-address/94.237.40.127/relations

1dct.ru
3dface-nn.ru
4pplus.ru
aleksvip.ru
alienss.ru
anson-lkz.ru
ariosgroup.ru
aurora-mind.ru
balakhonov-yuriy.ru
bet-club.ru
business-in.ru
child-time.ru
clean24world.ru
csgo-fun.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
downloadjimm.ru
e-engenering.ru
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
favoritklg.ru
films-smotret-online.ru
flashsgame.ru
foleco.ru
fondafon.ru
fso29.ru
gocpro.ru
grozovoy-pereval.ru
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
hochu-shoping.ru
invest-alliance.ru
irkomp.ru
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
jotdesks.ru
kartofelmoptom.ru
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kopenbar.ru
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
krugosvet-ap.ru
ksmxnerqs.com
lenobl-primorsk.ru
leorex-super.ru
lifeofbeer.ru
limo69.ru
lizoblyudnichat.ru
mix-zarabotok.ru
nazarovdesign.ru
okovci.ru
oleg-boyko.ru
parustaxi.ru
plaksa-bdsm.ru
prazd-pack.ru
protest22.ru
pu97.ru
rabotasuper.ru
retro-cinema.ru
richelle-mead.ru
rock2.ru
rosmedpravo.ru
rostov-shops.ru
rulezzwarez.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
salon-na-domu.ru
sam-go.ru
shooting-portal.ru
soft-arhiv.ru
spstav.ru
srf48.ru
srkbelayareka.ru
storeprint.ru
story-toy.ru
strekozafitness.ru
stroydvor-kanev.ru
sunkom.ru
super-boost.ru
svet-lustra.ru
ta4ila.ru
tancemaster.ru
tatnadzor.ru
trialanet.ru
triumf18.ru
tvoyabezopasnost.ru
tvz2.ru
ukspravedlivost.ru
ulitka-plitka.ru
valchenco.ru
vedyshiy-na-svadby.ru
vip-xost.ru
visiohelp.ru
vorkutasport.ru
vradujnom.ru
vs-clab.ru
vseorake.ru
waple.ru
warabase.ru
web2kochanova.ru
webpartizan.ru
winx-clubs.ru
withmychild.ru
wmspb.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
bikton43.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
ksmxnerqs.com
lizoblyudnichat.ru
richelle-mead.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
sam-go.ru
spstav.ru
web2kochanova.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
xvehpuabh.icu
yourub.ru
yzbobdl.space
zaimable.ru
zentrstroy.ru

# Reference: https://twitter.com/FewAtoms/status/1159155277695819776

dhlexpressdeliver.com

# Reference: https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis.html

http://154.222.140.49

# Reference: https://twitter.com/DynamicAnalysis/status/1159564232469417988

karlvilles.com

# Reference: https://twitter.com/FewAtoms/status/1159490383350587392

u700222964.hostingerapp.com

# Reference: https://twitter.com/FewAtoms/status/1159482237513064449

http://13.67.107.73

# Reference: https://twitter.com/FewAtoms/status/1159473273870196736

http://13.75.76.78

# Reference: https://twitter.com/nao_sec/status/1159484498569863169

fasttransfer-trafficads.xyz

# Reference: https://twitter.com/Timele9527/status/1159673642332016640

fateh.aba.ae

# Reference: https://twitter.com/James_inthe_box/status/1159834709209128961

master712.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

lnkexploit.com

# Reference: https://twitter.com/James_inthe_box/status/1159861664960749569

beastmas.club

# Reference: https://twitter.com/James_inthe_box/status/1159916671055757312

http://40.117.61.41
americanaspromocoes.ga

# Reference: https://twitter.com/James_inthe_box/status/1160150821830418432

3prokladkaeu.com
setseta.com

# Reference: https://twitter.com/FewAtoms/status/1160195673054015488

rubthemoneybear.xyz

# Reference: https://twitter.com/FewAtoms/status/1160543075372032006

sevenj.club

# Reference: https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat
# Reference: https://otx.alienvault.com/pulse/5d517a359da59958f72dc6c8

aeconex.com

# Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations

americanexpresscardconfirmationsystemservice.com
americanexpressesitz.com
americanexpressfeedback.com
associatedbnking.com
badaprutus.pw
biboressurection.info
blaerck.xyz
bozem.co
carolambasola.co
carrefour-moncompte.info
chaseonlinebusinesssolution.com
chaseonlinei.com
chaseonlinenotifier.com
chasesonliines.com
chasessonline.com
cloudresemblao.top
co-operative-bank.com
contributionsthroughy.net
csh0p.ru
dranidepod.org
flowjob.top
formasnetoyvnastrchine.com
garizzlas.top
hudsonenorincludes.com
igjqwnedjgqwnqwemnta.net
instant-payments.ru
jumpinghouse.org
kerbitsallor.us
kunden-contact-5126351253252.icu
kunden-contact-6478585764.top
landoftools.ru
manfam.co
moikopoli.com
mymoneywallets.com
nettubex.top
paysell.org
pooiukjadnqwdjnqasdne.com
portfos.org
postedecretosecure.info
posteitalianedecreto.top
posteitalianesicurezzadecreto.info
potomuchtosrazuskazaleb.com
quickbooks-intuits.com
scottfranch.org
siruksazon.us
thefreshstuffs.org
thefreshstuffs.ru
thefreshstuffs.to
tiamos.co
toperdona.com
topwarenhub.top
trading-secrets.ru
try2swipe.ws
tuyngsdnfwefwef.com
ukmarket.su
usaa-communication.com
usaa-urgentrequest.com
usaacominetentproofproofingeventactioninitevent.com
usaadbfeedback.com
usaamemberservices1.com
usaamembersupports.com
vaslbntr.ru
verificadeidatipostali.com
verify-konto-326351323.icu
wellsfargosz.com
withadvertisingthe.net
zxciuniqhweizsds.com

# Reference: https://twitter.com/malware_traffic/status/1160988600391086081

http://107.173.90.141

# Reference: https://www.virustotal.com/gui/domain/orderbox-dns.com/details
# Reference: https://app.any.run/tasks/68c8f400-eba5-4d6c-b1f1-8b07d4c014a4/
# Reference: https://www.virustotal.com/gui/file/17901948c9c9f2f0d47f66bbac70592a7740d181f5404bf57c075ed6fa165b67/detection
# Reference: https://www.virustotal.com/gui/ip-address/176.119.29.14/relations

http://176.119.29.14
bbouble.xyz
mtcunlocker.info

# Reference: https://twitter.com/stoerchl/status/1161159995217653761

zerosugaraddonexploit.duckdns.org

# Reference: https://twitter.com/p5yb34m/status/1161323938313457665

dk-rc.com/js/

# Reference: https://twitter.com/FewAtoms/status/1161981277815410688

asdklgb.ga
forconfirmation.gq
xingyang-glove.com

# Reference: https://twitter.com/chen_erlich/status/1162009562674843649
# Reference: https://www.virustotal.com/gui/ip-address/185.99.133.219/relations

http://185.99.133.219
earphorialofts.net
urbanholidaylo.net
wrigleychicago.org

# Reference: https://twitter.com/_jsoo_/status/1162039650791198720

a.ycwave.cn

# Reference: https://twitter.com/w3ndige/status/1162331454233370624
# Reference: https://app.any.run/tasks/c374d548-02b0-4419-9551-d8800388af42/

http://23.106.215.95
114.221.16.192:443
154.149.31.37:443
64.77.134.20:443

# Reference: https://twitter.com/killamjr/status/1162360718395658240

http://195.123.243.210

# Reference: https://twitter.com/FewAtoms/status/1162667333573390337

http://156.238.3.105
59.188.255.217:6320

# Reference: https://twitter.com/0xrb/status/1162955576927670272
# Reference: https://www.virustotal.com/gui/ip-address/216.224.181.16/relations

99bcare.com
apacbizpartner.com
apacsfsolutions.com
apactechbiz.com
asiapacsolution.com
b2janitorial.com
bitmailpost.com
bizventuresgroup.com
bizvertical.com
bpsservices.org
bpswired.com
bsnprotocol.com
cbxsystematics.com
cliquedasia.com
comcleanserv.com
connexionweb.net
csbizsolution.com
csbprofile.com
cstechnology.org
directitsolutions.com
enterpriselevelsolutions.com
expressstrategy.net
file-keeps.com
firstclassit.net
fluxserveasia.com
globalitbuilder.com
great-tec.com
idealprospecting.com
infotechsoln.com
innovationtech-asia.com
insidesalesinc.com
intellibiz.net
istglobal.net
it-salesmktg.com
kickstartsalesforce.com
knitgeek.com
lamultispecialty.com
mail-bounce.com
medassistforte.com
medsolutionscare.com
merchadvisors.com
multichannelmktg.com
realtech-international.com
rhipecloud.com
secureditgroup.net
sf-apac.com
softbizsoln.com
softitcare.net
softstreams.com
softtechenterprise.com
technocloudxpert.com
techpacific-international.com
tecnevo.com
tecqna.com
thebusinessdrift.com
thesoftwareenterprise.com
thewisesoln.com
thunderlinkz.com
tradespecialistgroup.com
ultimateintelligence.net
universalitbiz.com
vitrexa.com
wallstreetguru.info
worldsfinestservice.com
xpresstrategy.net
zenbitsolution.com
zenithnetworxs.com

# Reference: https://twitter.com/FewAtoms/status/1163043154628624385
# Reference: https://www.virustotal.com/gui/file/94543f02145c8cbc924fe6a4229b16f3b1d2988c6db4b66df5cd766322982f93/detection
# Reference: https://www.virustotal.com/gui/file/5e505f7876fbde8e323f698982f189b12be25569113a2426d6f6f8dda0e7d8be/detection
# Reference: https://www.virustotal.com/gui/file/300ece5931709d15dfd9a5ddce2f69ec6aa7466277a0a0edba134375bf2c20be/detection
# Reference: https://www.virustotal.com/gui/file/4ed245f6ae78a3a39543d865c0660c5dab39bcee18ee1abb212d8a3893e6584a/detection

http://193.112.160.173
193.112.160.173:33221
193.112.160.173:55421

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

sexshops.site
sreex.info
sygicstyle.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163565834343632897
# Reference: https://app.any.run/tasks/04a0a774-dd16-43bd-a966-2a35ca66fe70/
# Reference: https://pastebin.com/Lv0KAQ0k

dogware.pw
cy91219.tmweb.ru
cy[0-9]{5}\.tmweb\.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1163736730371022848

nainyet.casa

# Reference: https://twitter.com/gorimpthon/status/1163616173860122624

evaglobal.eu

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

http://194.58.38.50
http://194.58.58.70

# Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/James_inthe_box/status/1163880851236462592

bulehero2019.club
kingminer.club
oiwcvbnc2e.stream

# Reference: https://twitter.com/KorbenD_Intel/status/1163929665230299137

u700222964.hostingerapp.com

# Reference: https://twitter.com/WarlordLestat/status/1164118573872271360

malikom.xyz
mrtcom.space
rainit.xyz
sauronn.host
sidom.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1164140106095177731
# Reference: https://app.any.run/tasks/0c5278c0-d505-4873-b612-9318dbbc2733/

101legit.com
legitville.com
moskaumoskau.com
savemax.store

# Reference: https://twitter.com/n0p1shing/status/1164150184517033986

akudobia.com

# Reference: https://twitter.com/VK_Intel/status/1164194019930497025

vregbqeg.com

# Reference: https://twitter.com/dms1899/status/1164699178527842304

dngerpppsa.xyz

# Reference: https://twitter.com/bad_packets/status/1165041748772438016

fuckingmy.life

# Reference: https://twitter.com/JAMESWT_MHT/status/1165942869359759361

xyskyewhitedevilexploitgreat.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166243679058694145

statexadver3552mn12.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1166252297124552704

collinsserver.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1166278659629408257
# Reference: https://app.any.run/tasks/acaedaa7-fbe2-4139-b190-edaebc601c08/

http://45.76.113.195

# Reference: https://twitter.com/FewAtoms/status/1166319332051128320

http://161.202.40.99

# Reference: https://twitter.com/malware_traffic/status/1166114783676051456

statexadver3552mn12.club

# Reference: https://twitter.com/DynamicAnalysis/status/1166433211548913668

filebase.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166491923911184385

owak-kmyt.ru
pdofan.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1166721502579974146

curly-bar-8ce5.myloaders.workers.dev
young-bonus-b8e4.myloaders.workers.dev

# Reference: https://twitter.com/James_inthe_box/status/1166683407943794688

chernovik55.ru

# Reference: https://twitter.com/P3pperP0tts/status/1166782653623918592

brizy5.ru

# Reference: https://app.any.run/tasks/b79f8f2f-d8d9-4f39-ad9c-4feae85babdf/

mailadvert19.world

# Reference: https://twitter.com/FewAtoms/status/1167070059010953218

background.pt

# Reference: https://twitter.com/bad_packets/status/1167336978041303040

stresser.cc

# Reference: https://twitter.com/JAMESWT_MHT/status/1167443194033901568

i03kf0g2bd9papdx.com

# Reference: https://twitter.com/JayTHL/status/1167666533260304385

azuremoonentertainment.mobi

# Reference: https://twitter.com/nao_sec/status/1167797188363055105 (CVE-2018-15982)
# Reference: https://app.any.run/tasks/49618924-ee31-4ed7-9669-17e0816f59a4/

http://82.146.59.230
gw.brownsine.com

# Reference: https://twitter.com/P3pperP0tts/status/1167890224644362241

k1ristri.ru

# Reference: https://twitter.com/FewAtoms/status/1168131803560984577

accoun2-sign1-secur-ace324490748.com

# Reference: https://www.virustotal.com/gui/file/7d48a6706013036266dbcd44aa7528d9e9331de0e9214b564255b96b5767b282/detection

absetup5.icu

# Reference: https://twitter.com/Paladin3161/status/1168863588015935488

sebains.kozow.com

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

farnbrands.com

# Reference: https://twitter.com/JayTHL/status/1169000377120935941

rdmapperels.com

# Reference: https://twitter.com/angel11VR/status/1169155232447762437

ukr1.net

# Reference: https://twitter.com/malware_traffic/status/1169312743956066305

http://45.142.212.25
dersed.com

# Reference: https://twitter.com/FewAtoms/status/1169333693325946880

macvin.5gbfree.com

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

fomoportugal.com

# Reference: https://twitter.com/malware_traffic/status/1169358788748615680

http://179.43.169.43
wyyjacky.club

# Reference: https://twitter.com/P3pperP0tts/status/1169642311942397954

brizy5.ru
ho3fty.ru
j990981.ru
seraph15.ru
valerana44.ru
ww2rai.ru

# Reference: https://twitter.com/malwrhunterteam/status/1169638468647096321

http://10.103.2.247

# Reference: https://twitter.com/JayTHL/status/1169688507700457472

waymahikatudor.com

# Reference: https://twitter.com/blackorbird/status/1169859337709207552

http://220.158.216.134

# Reference: https://www.virustotal.com/gui/domain/tomx.xyz/relations

tomx.xyz

# Reference: https://twitter.com/SecSome/status/1169972222439690241
# Reference: https://app.any.run/tasks/21339218-b4fd-4084-95d5-5c42fed4c71d/

204.152.219.82:9008
jobmalawi.com

# Reference: https://twitter.com/Zerophage1337/status/1007645365133246464

http://199.192.19.133
http://91.210.104.247

# Reference: https://twitter.com/FewAtoms/status/1170323745195663360

aagaeyarintz.com

# Reference: https://twitter.com/James_inthe_box/status/1170641393875742720
# Reference: https://www.virustotal.com/gui/domain/educationaltools.info/relations

educationaltools.info

# Reference: https://twitter.com/tkanalyst/status/1170688633172443139
# Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/

digimonex.host
mailadvert917dx.world
umbr.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1170726870519824384

pp-back.info

# Reference: https://twitter.com/ViriBack/status/1170731470039789568

fiscalia.ga

# Reference: https://twitter.com/FewAtoms/status/1171076098244919297

http://23.106.124.142

# Reference: https://app.any.run/tasks/1765b64a-78f0-4360-afaf-6ba886a6d72f/

http://195.123.242.175

# Reference: https://twitter.com/tkanalyst/status/1171572121648033792

starserver715km.world

# Reference: https://twitter.com/reecdeep/status/1171365416180080640

bobbychiz.top

# Reference: https://twitter.com/trungduc751995/status/1171693318117281793
# Reference: https://otx.alienvault.com/pulse/5d78e9388461b273c265778e

http://35.224.233.140

# Reference: https://twitter.com/killamjr/status/1171849775911772165

globalpaymentportal.co

# Reference: https://twitter.com/sugimu_sec/status/1172058813177851904

aliiydr.xyz

# Reference: https://twitter.com/gigafio/status/1172102628546924545

alhaji.top

# Reference: https://twitter.com/Paladin3161/status/1171954425780289542

qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1172122495652155392

mewahgroup.pw

# Reference: https://twitter.com/rpsanch/status/1172548993177522176
# Reference: https://app.any.run/tasks/f24e56fa-c8b8-4b7d-99b0-2975e04429fa/
# Reference: https://otx.alienvault.com/pulse/5d921f7a6ff5154cba005284

213.252.246.80:448
213.252.246.80:80
213.252.246.80:8888
8933-16423.bacloud.info
mtcareers.myftp.org
mantechcareers.serveftp.com
ngcareers.myvnc.com
northropgrumman.sytes.net

# Reference: https://www.virustotal.com/gui/domain/lalitmumbai.net/relations
# Reference: https://app.any.run/tasks/086e4aa9-1ece-441a-a5c3-eb8879d26e2e/

lalitmumbai.net

# Reference: https://twitter.com/jeFF0Falltrades/status/1173300902242988032
# Reference: https://otx.alienvault.com/pulse/5d7f50c9b115a641c04aacd6

dapoerwedding.com

# Reference: https://twitter.com/Racco42/status/1173547031979278336

fomoportugal.com

# Reference: https://twitter.com/struppigel/status/1173883825333706752
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/
# Reference: https://documents.trendmicro.com/assets/Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C&C.pdf
# Reference: https://www.virustotal.com/gui/file/f8bf2120bdec3da240bf4a56760ee42d045e42ec4ae1d261774ff13fc2cb7cc0/detection

http://95.179.168.23
http://144.202.19.31
diangovcomuiscia.com
eltiempocomco.com
medicosempresa.com

# Reference: https://twitter.com/FewAtoms/status/1173982410951839745

http://185.250.240.84

# Reference: https://twitter.com/reecdeep/status/1174270764461244417

indta.co.id

# Reference: https://twitter.com/wwp96/status/1174311496639221760

this-a22.tk

# Reference: https://twitter.com/James_inthe_box/status/1174336699112906752

hushpan.icu

# Reference: https://twitter.com/FewAtoms/status/1174350146768965636

http://34.87.96.249

# Reference: https://twitter.com/blackorbird/status/1174894127378358272

http://141.98.213.198

# Reference: https://twitter.com/DbgShell/status/1174997242425565185

xozidazatibotiko.ddns.net

# Reference: https://twitter.com/JayTHL/status/1175248668502437888

discribechnl.com
menukndimilo.com
raatphailihai.com

# Reference: https://app.any.run/tasks/ce52b6fb-5444-4d4d-9071-aa4a3d4d0f52/

http://185.206.212.65

# Reference: https://twitter.com/illegalFawn/status/1176077657311764480

sicurezzaonline.info

# Reference: https://twitter.com/luc4m/status/1176045112469725184

http://216.170.126.139

# Reference: https://twitter.com/P3pperP0tts/status/1176831679106826240

systemgooglegooglegooglegooglegooglegoole.warzonedns.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048

redmoscow.info

# Reference: https://twitter.com/h4ckak/status/1112953627478351874
# Reference: https://app.any.run/tasks/72dd9d2e-5d7d-412a-830b-d2bd59f98760/
# Reference: https://www.virustotal.com/gui/file/f99cb5b099030834f84c5053b1610e911727673767dd9a6a938a13f1da9d6a33/detection

88.80.144.9:9987
exchangeser.com

# Reference: https://twitter.com/FewAtoms/status/1177940330655543302

202.168.151.38:3880

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496

whoil.club

# Reference: https://twitter.com/Edgespot_io/status/1069690604198682624

34.227.171.221:8080

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html

cindysonam.org

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

kiskakisska.xyz
xyxyxoooo.com

# Reference: https://twitter.com/0xFrost/status/1179128508817260545
# Reference: https://app.any.run/tasks/c08c12cc-4a9f-44f4-9aa7-ef11900a8bc8/

wirelord.us

# Reference: https://twitter.com/tkanalyst/status/1179174693963587584
# Reference: https://app.any.run/tasks/a2ef7bde-fc71-4f7e-9246-1af8f16b5e6b/

crasyhost.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-08-14-microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253/microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253.csv

missaruba.aw

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-05-04-drive-by-downloads-attack-adobe-zero-day-flaw/drive-by-downloads-attack-adobe-zero-day-flaw.csv

jeentern.dyndns.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-12-14-inside-adobe-reader-zero-day-exploit-cve-2011-2462/inside-adobe-reader-zero-day-exploit-cve-2011-2462.csv
# Reference: https://www.virustotal.com/gui/file/c6072e6446c1641d35e1e471adf4ce533f0615a0365168728bcefe4df2d213ff/detection

prettylikeher.com

# Reference: https://twitter.com/James_inthe_box/status/1180128778229444608
# Reference: https://twitter.com/P3pperP0tts/status/1180141309685837825

corpcougar.com
corpcougar.in

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-03-rtf-attack-takes-advantage-of-multiple-exploits/rtf-attack-takes-advantage-of-multiple-exploits.csv

aulbbiwslxpvvphxnjij.biz
invoice-accounts.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2015/2015-05-18-malware-spreads-facebook-tag-scam/malware-spreads-facebook-tag-scam.csv

exusers.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-02-hackers-bypassed-adobe-flash-protection-mechanism/hackers-bypassed-adobe-flash-protection-mechanism.csv

korea-tax.info

# Reference: https://twitter.com/YttriumSec/status/1180101251855343616

http://115.159.87.251

# Reference: https://twitter.com/FewAtoms/status/1180819300476755969

http://34.87.19.73

# Reference: https://twitter.com/jishuzhain/status/1181201933714911232

103.99.2.65:1010

# Reference: https://twitter.com/ecarlesi/status/1181522701195849728

downloadtg4.website

# Reference: https://twitter.com/P3pperP0tts/status/1181547444837986304

http://43.255.241.160

# Reference: https://twitter.com/JAMESWT_MHT/status/1181616566024183809

http://209.141.42.23

# Reference: https://twitter.com/0xFrost/status/1182037064344322053

5571875.info

# Reference: https://twitter.com/P3pperP0tts/status/1182225501387141120

http://31.44.184.123
goji-actives.net

# Reference: https://twitter.com/benkow_/status/1182604054742085632

wisecleaner.cleaning

# Reference: https://twitter.com/JAMESWT_MHT/status/1182613351425368066

taskhostw.com

# Reference: https://twitter.com/James_inthe_box/status/1182703889012813824

http://198.23.202.49

# Reference: https://twitter.com/P3pperP0tts/status/1182968741283454977

madnik.beget.tech

# Reference: https://twitter.com/ViriBack/status/1183098116263858176

taxjustice-usa.org

# Reference: https://twitter.com/ViriBack/status/1183157722348433413

gayaju.com

# Reference: https://www.virustotal.com/gui/domain/paletoxyz.com/relations

paletoxyz.com

# Reference: https://twitter.com/ecarlesi/status/1183415444612485120

inationnetwork.xyz

# Reference: https://twitter.com/w3ndige/status/1171159313865465856

http://108.62.118.233

# Reference: https://twitter.com/w3ndige/status/1168437823193669632

posqit.net

# Reference: https://www.virustotal.com/gui/domain/accessheler.com/relations

accessheler.com

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

http://45.114.8.161

# Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/

http://167.114.95.127

# Reference: https://twitter.com/ffforward/status/1184379075642773505

show-qo13.tk

# Reference: https://twitter.com/P3pperP0tts/status/1184405805648564226

qisqholden.com

# Reference: https://twitter.com/tkanalyst/status/1184825216033099777

185.193.26.154:14596
186.4.254.199:18941
vwxqv.xyz

# Reference: https://twitter.com/tkanalyst/status/1188778602306818048

173.26.52.16:13821
202.91.248.237:17613
hxfiqz.dynu.net

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

fbigov.website

# Reference: https://twitter.com/FewAtoms/status/1185249656235843588

afrimarinecharter.com

# Reference: https://twitter.com/JayTHL/status/1185303303892033536

thekukuaproject.com

# Reference: https://twitter.com/FewAtoms/status/1185980535497207808

collierymines.com

# Reference: https://twitter.com/albertzsigovits/status/1186255610163187714

logover.su

# Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html
# Reference: https://otx.alienvault.com/pulse/5dadb6fad17367c025d25421

abcxyz.stream

# Reference: https://twitter.com/James_inthe_box/status/1186363546155663360

0b8a67f7.ngrok.io

# Reference: https://twitter.com/wwp96/status/1186365682520338434

granuphos-tn.com

# Reference: https://twitter.com/smica83/status/1186520175467810817
# Reference: https://www.virustotal.com/gui/domain/taamgol.com/relations

taamgol.com

# Reference: https://twitter.com/wwp96/status/1186637571876630529

46.183.220.10:1010

# Reference: https://twitter.com/JAMESWT_MHT/status/1186641478996639745

cloudown.icu

# Reference: https://app.any.run/tasks/83bf663d-6020-4186-970e-3c50b842510c/

newandupdates1234.blogspot.com

# Reference: https://twitter.com/FewAtoms/status/1186676588013899776

http://151.80.8.7

# Reference: https://twitter.com/ANeilan/status/1186847142113173504

diporpef.com

# Reference: https://twitter.com/j_rom_/status/1184880435219849218

amz-syndication.com

# Reference: https://twitter.com/fatihsirinnnn/status/1186938514845380608

acmestoolsmfg.com

# Reference: https://twitter.com/P3pperP0tts/status/1186988588656934913

tourscentralasian.com

# Reference: https://twitter.com/wwp96/status/1187023690636152832

romanceobsessed.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187296372833357825

http://5.188.9.33

# Reference: https://twitter.com/dms1899/status/1187270160220147712

modexcourier.eu

# Reference: https://www.virustotal.com/gui/ip-address/161.117.41.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/161.117.8.4/relations

abs-glt.com
akinsab.ru
app-comercialex.top
aucklandcustom-nz.com
avgsupport.info
bkam.tech
capeplcinc.com.ua
casmagnat.rocks
clinefr12.com
clotiahs.info
cremeroloe.com
doosamnt.com
dotmpegjdj.com
echaintool.info
efore.info
esetsupport.info
famoosonutt.com
fueda.info
gidnik.com
gihf2.com
gracetime.tech
grindtreue.online
grindtruex.online
gunmak-com.tk
higomanga.info
jajar.ru
jer23.com
jobttast.com
kaburto.info
knt73.com
kord23.com
mikeservers.eu
modcloudserver.eu
modexcommunications.eu
nestp11.com
niiqata-power.com
offsolo-gbb.tech
oker1.com
oldendroff.com
pache22.com
paramountemporium.vip
peaches19.com
posqit.net
priv112.com
qoqip.com
quecik.com
rnuganbank.com
roumines.com
saturatix.top
siiigroup.com
smart-net.rocks
sun-clear.net
sylvaclouds.eu
torresansrl-it.com
tr0nsf01.org
tr30nfs01.com
tsep13.com
tyler14.com
uloego.info
vcmcompanys.com
vinaprio.com
wgeise4.com
xinblasta.us
yuxinproteins.com
zhchlt.com

# Reference: https://twitter.com/petrovic082/status/1187762565969043457
# Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/

neroolive.org

# Reference: https://www.virustotal.com/gui/domain/aklianfa.com/relations

aklianfa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1188005690130026498

http://193.26.217.230

# Reference: https://twitter.com/DissectMalware/status/1006784787854581760

111.73.46.110:7717

# Reference: https://twitter.com/InQuest/status/1188373526622941186

lritck.tk

# Reference: https://twitter.com/JayTHL/status/1188801316417687552

http://37.1.219.172

# Reference: https://app.any.run/tasks/24cc7183-7345-46f6-b26e-1e173d9c98a9/

d1c56b05.ngrok.io

# Reference: https://twitter.com/JAMESWT_MHT/status/1188856141633261570

blockchainblogger.club

# Reference: https://twitter.com/FewAtoms/status/1188858041686466561

enkaypastri.com

# Reference: https://twitter.com/DrStache_/status/1188917585540276224

torishima-qa.com

# Reference: https://twitter.com/david_jursa/status/1189155057834647552

thekokokoupd.online

# Reference: https://app.any.run/tasks/4c6e0f94-e147-47ca-9467-c3864047439f/

lkdff.com

# Reference: https://twitter.com/wwp96/status/1189236233613889538

frenddizoni.org

# Reference: https://twitter.com/OttoScav/status/1189220259842187264

213.152.160.146:1010

# Reference: https://app.any.run/tasks/986f65f5-5208-4133-b9af-c993edcc1e34/

http://199.195.254.187

# Reference: https://twitter.com/James_inthe_box/status/1189287512684019714

oz-dn.org

# Reference: https://twitter.com/w3ndige/status/1189301536691752960

http://74.118.138.167

# Reference: https://twitter.com/ViriBack/status/1189329887074619395

arbistars.com

# Reference: https://twitter.com/wwp96/status/1189536892322304002

uzojesse.top

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://185.193.125.135

# Reference: https://twitter.com/killamjr/status/1189717599040528386

esascom.com

# Reference: https://twitter.com/InvertedLina/status/1189940700311379968

amana-agro.com

# Reference: https://www.virustotal.com/gui/ip-address/23.227.207.137/relations

http://23.227.207.137

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667

http://107.181.175.118
http://149.154.67.19

# Reference: https://twitter.com/unmaskparasites/status/1184973893225865222

dropboxfiles.net
mydropboxfiles.com

# Reference: https://twitter.com/killamjr/status/1190087811803815936

http://51.89.163 174

# Reference: ttps://twitter.com/pmelson/status/1190419506620981248

azuredatabox.azureedge.net

# Reference: https://pastebin.com/29uSdMAk

chinalarnpbase.com

# Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577
# Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26

5.100.251.106:443
5.100.251.106:80

# Reference: https://app.any.run/tasks/2be23d42-242b-47bc-8d0f-76a5b80e7a4b/

1xv4.com

# Reference: https://app.any.run/tasks/e15b03be-14d2-49c0-b6c1-04249d0783f1/
# Reference: https://www.virustotal.com/gui/domain/stroytrest19.by/details

stroytrest19.by

# Reference: https://twitter.com/tkanalyst/status/1190975614766833664
# Reference: https://otx.alienvault.com/pulse/5dc1a88e1cf7281dc5c4ed5b

http://107.167.244.67
http://138.68.15.227
http://198.199.104.8
blockchainblog.club

# Reference: https://twitter.com/wwp96/status/1191013406175830017

racetech.club

# Reference: https://twitter.com/ViriBack/status/1062544747062050817

web-bancadigitalbod.com

# Reference: https://twitter.com/ViriBack/status/989663475445190656

pf-pv.xyz

# Reference: https://twitter.com/fumik0_/status/968070745766154240

updatecenter.ru

# Reference: https://twitter.com/FewAtoms/status/1191349702920474625

http://35.247.253.206

# Reference: https://www.reddit.com/r/sysadmin/comments/aswr03/anyone_identify_this_miner_or_malware/
# Reference: https://app.any.run/tasks/daddea03-d06c-42ce-a539-516b5173467f

185.112.156.92:8092
http://173.247.239.186

# Reference: https://app.any.run/tasks/02fc860e-cb3b-4ed4-84c5-95ee52d7e96a/

http://45.147.229.149

# Reference: https://twitter.com/w3ndige/status/1191752055012122625

mostfirstandnow.site

# Reference: https://twitter.com/FewAtoms/status/1191751916570763264

mjnalha.ml

# Reference: https://www.virustotal.com/gui/ip-address/185.212.128.189/relations

http://185.212.128.189

# Reference: https://www.symantec.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet
# Reference: https://otx.alienvault.com/pulse/5dc0b264b1356775410765ec

http://193.32.161.69
http://193.32.161.77
http://92.63.197.153
http://92.63.197.38
http://92.63.197.48
aiiaiafrzrueuedur.ru
fafhoafouehfuh.su
osheoufhusheoghuesd.ru
ouhfuosuoosrhfzr.su
unokaoeojoejfghr.ru

# Reference: https://twitter.com/QW5kcmV3/status/1191441479467708417
# Reference: https://otx.alienvault.com/pulse/5dc190575e635818231a16d9

ms-audit-server.club
ms-dll-com.info
ms-dll-service.site

# Reference: https://twitter.com/wwp96/status/1191754793737428993

http://66.154.103.133

# Reference: https://twitter.com/tccontre18/status/1191638837136633856
# Reference: https://app.any.run/tasks/dc833ad4-508a-42eb-9bc2-cef42a558e89/

http://47.240.70.20
47.240.70.20:8080

# Reference: https://twitter.com/P3pperP0tts/status/1191862832360501249

http://192.3.247.119

# Reference: https://twitter.com/killamjr/status/1191923979549921280

admin-578472.serveo.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1192034769011388417

http://78.47.36.215

# Reference: https://twitter.com/wwp96/status/1192102384819933185

megatraffik.com

# Reference: https://twitter.com/pancak3lullz/status/1192132907277733889

http://162.218.210.202

# Reference: https://twitter.com/FewAtoms/status/1192129351871082496

http://185.102.122.2

# Reference: https://twitter.com/KorbenD_Intel/status/1192147546086498311

http://47.102.114.62

# Reference: https://twitter.com/lazyactivist192/status/1192458664407392256

http://185.12.29.38

# Reference: https://twitter.com/dave_daves/status/1192472618261254145
# Reference: https://app.any.run/tasks/74221158-9b70-43ab-9a59-df368ff001ed/

http://18.229.155.115
socios20199.webcindario.com

# Reference: https://twitter.com/ccxsaber/status/1191916749630783489
# Reference: https://otx.alienvault.com/pulse/5dc4b4c2bada09c6a58dd516

http://192.119.111.4

# Reference: https://twitter.com/coderippers/status/1192746152514469888

phltimberwarehouse.co.uk

# Reference: https://twitter.com/killamjr/status/1192788604508131333

http://181.143.146.58

# Reference: https://twitter.com/FewAtoms/status/1192847054130831360

soldi.duckdns.org

# Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef/

og-funds.net

# Reference: https://twitter.com/rpsanch/status/1181455677920829440

plazatiles.sytes.net

# Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/

exe-3.icu

# Reference: https://twitter.com/mszustak/status/1159824933171544064

hobby-l0bby.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/domain/proyectobasevirtualcol.com/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.33.68.255/relations

proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://zerophagemalware.com/2018/01/23/maldoc-rtf-drop-loda-logger/
# Reference: https://www.virustotal.com/gui/domain/humiconfort.com/relations

humiconfort.com

# Reference: https://twitter.com/malware_traffic/status/988589136163622912

plumberspro.us

# Reference: https://twitter.com/HSAFTeam/status/1189557108498485248

http://111.90.150.133
filabella.ga

# Reference: https://twitter.com/James_inthe_box/status/1193539893000986624

35.247.208.129:4748

# Reference: https://community.rsa.com/community/products/netwitness/blog/2018/01/12/malspam-delivers-njrat-1-11-2018
# Reference: https://www.virustotal.com/gui/ip-address/162.144.63.238/relations

eagleepcisocks.com

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

vjro.biacap.com

# Reference: https://twitter.com/wwp96/status/1193942503864651776

zinkobeauty.com

# Reference: https://twitter.com/jcarndt/status/1194305779634970625

office365.firewall-gateway.net

# Reference: https://twitter.com/James_inthe_box/status/1194358787513077766
# Reference: https://www.virustotal.com/gui/file/fcdf29266f3508bd91d2446f20a73a811f53e27ad1f3e9c1f822458f1f30b5c9/detection
# Reference: https://twitter.com/James_inthe_box/status/1194367229879472129

bitbucket.org/anatoliisaharoff/rep/downloads/

# Reference: https://twitter.com/KorbenD_Intel/status/1194361467660836864

http://217.73.62.206

# Reference: https://twitter.com/w3ndige/status/1194889495868592130

dubem.top

# Reference: https://twitter.com/Rmy_Reserve/status/1194944079076835333
# Reference: https://app.any.run/tasks/bca1d42d-ea10-4a7b-b98c-4d645ba1e204/
# Reference: https://www.virustotal.com/gui/domain/n-trip.com/relations

n-trip.com

# Reference: https://twitter.com/pmelson/status/1195009552921616386
# Reference: https://www.virustotal.com/gui/domain/008ex.com/relations

008ex.com
bill.008ex.com
download.008ex.com
jan.008ex.com
slay.008ex.com

# Reference: https://twitter.com/ItsReallyNick/status/1195233697630445569

d1lkxepo6u8zf.cloudfront.net

# Reference: https://twitter.com/FewAtoms/status/1195313326500327424

alg0sec.com

# Reference: https://app.any.run/tasks/b7103ff0-18bb-431e-8175-f1274a17de18

andrewharmon.x10host.com

# Reference: https://www.virustotal.com/gui/file/2b2697a0a26e746b6dd27d3aee7b126f6b72a09d8bf52961203a849b043d8fbd/relations

longvoyages.com

# Reference: https://twitter.com/KorbenD_Intel/status/1195341394132525056

http://35.181.60.96

# Reference: https://app.any.run/tasks/8da10f37-1e46-4c71-88bb-e72c40c99e24/

harmonyfacility.com

# Reference: https://www.virustotal.com/gui/file/5a9deafa8e6837307213369aa2e64287fa1bedd3dd2b4e9c6c2f7f44629f8a35/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.217.1.190/relations

apkauto.xyz
every1sad.club

# Reference: https://twitter.com/FewAtoms/status/1195727132112150529

sktinds.com

# Reference: https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/

nb.ruisgood.ru
pc.5b6b7b.ru

# Reference: https://www.virustotal.com/gui/ip-address/23.249.165.218/relations

http://23.249.165.218

# Reference: https://app.any.run/tasks/10beb62e-cbee-4661-90b1-5a3d4509da3a/
# Reference: https://twitter.com/JayTHL/status/1195824602498437128

ocean-v.com/wp-content/1.txt
ocean-v.com/wp-content/1.exe

# Reference: https://twitter.com/benkow_/status/1196016846841012224
# Reference: https://www.virustotal.com/gui/file/2d6e42c8aed0b6e23d809d8010e9bc72f0eb59aa1249b97c10f8f15097c4a777/detection

donkixota.com
loodd01.xyz
loodd02.xyz
prioritywireless.club

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

kfaxyl.com

# Reference: https://twitter.com/FewAtoms/status/1196079049157808128

realgauthier.com

# Reference: https://twitter.com/_re_fox/status/1196122304138399745

vulpss.net/696969crpty/

# Reference: https://twitter.com/SoulRage6/status/1196392449318494209

mac-mmanuel.com

# Reference: https://twitter.com/FewAtoms/status/1196453357008957440

http://13.54.13.60

# Reference: https://twitter.com/KanbeWorks/status/1196639129812881408

http://54.36.139.1

# Reference: https://twitter.com/ANeilan/status/1196748994728333313

feguhkejwfkgwvfjhkbevcgh.cf

# Reference: https://twitter.com/trotsky57271861/status/1196765541014224896

kitchenraja.in

# Reference: https://twitter.com/FewAtoms/status/1197921095250300928

http://217.73.60.123

# Reference: https://twitter.com/James_inthe_box/status/1197917197324058624

http://23.254.228.211

# Reference: https://twitter.com/FewAtoms/status/1198574338036969474

uloab.com

# Reference: https://twitter.com/H_Miser/status/1198907447534067712

dlfact.club

# Reference: https://twitter.com/FewAtoms/status/1199015111794536455

yakusgewe.xyz

# Reference: https://twitter.com/wwp96/status/1199000890541256704

milliemefford.com

# Reference: https://twitter.com/wwp96/status/1199056486460207106
# Reference: https://app.any.run/tasks/25229a32-2a2b-4bd3-b1ca-046fafb192f5/

http://193.70.124.48

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

skjhjl.xyz

# Reference: https://twitter.com/FewAtoms/status/1199331943348867072

new-year-packages.com

# Reference: https://twitter.com/wwp96/status/1199412245857484813

http://45.137.22.59

# Reference: https://twitter.com/Jouliok/status/1199582844751941635

gsa.co.in/work/

# Reference: https://www.virustotal.com/gui/ip-address/54.202.202.94/relations

http://54.202.202.94

# Reference: https://app.any.run/tasks/112fd54b-a113-4484-88db-b59b26dce809/

tfortytimes.com

# Reference: https://twitter.com/FewAtoms/status/1200079922959699968

ihs-usa.com/doocs/

# Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/
# Reference: https://www.virustotal.com/gui/ip-address/182.50.135.88/relations

http://182.50.135.88

# Reference: https://twitter.com/VK_Intel/status/1200706216256843776
# Reference: https://www.virustotal.com/gui/file/dbd1d88ea93e26a4a52dd4180a5f2eb461822e3f5a2dcc0e61a5fc31d8c77f75/detection

141.193.6.84

# Reference: https://www.virustotal.com/gui/file/2de81be5ccb948ebadfbf8f469bb3ea749d23a33a203267ef78b07b496da8052/detection

http://185.61.138.111

# Reference: https://www.virustotal.com/gui/file/377cb36c07f059e3e46752e56a9fcf79aa673d453272edaa30a2fa83ecbf5780/detection

http://185.62.188.169

# Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection

http://66.154.103.133

# Reference: https://twitter.com/smii_mondher/status/1201820356694163457
# Reference: https://www.virustotal.com/gui/ip-address/83.136.106.208/relations

http://83.136.106.208

# Reference: https://twitter.com/cyber__sloth/status/1202274774342406144

http://89.40.12.19

# Reference: https://twitter.com/killamjr/status/1202386355378098177
# Reference: https://app.any.run/tasks/a5aa519c-9739-4096-8549-6f5af5af3290/
# Reference: https://app.any.run/tasks/b480973a-0b99-46ad-9a74-6fab20fc206e/

http://198.23.202.33
http://64.188.27.121

# Reference: https://twitter.com/ViriBack/status/1202767892518883329

panel222.info

# Reference: https://twitter.com/VK_Intel/status/1202844659908825088
# Reference: https://www.virustotal.com/gui/file/18501a9284b2160d17a9ec5f6fcfdc094e036b7d8c7b84594351129472ac925c/detection

176.122.130.199:8080

# Reference: https://twitter.com/malwrhunterteam/status/1202919436912603137

http://217.8.117.61

# Reference: https://twitter.com/ecarlesi/status/1202360981449531392

audanmon.com

# Reference: https://twitter.com/notajungman/status/1203034991858466817

worldwidetechsecurity.com

# Reference: https://twitter.com/GrujaRS/status/1203413394642161664

http://185.222.202.218

# Reference: https://twitter.com/GrujaRS/status/1197290398810542081

manage-invoices.info

# Reference: https://app.any.run/tasks/927fdec0-3dd3-4da8-8e4e-3fd632c5589f/

iphm.info

# Reference: https://twitter.com/VK_Intel/status/1203941934869438464
# Reference: https://www.virustotal.com/gui/file/10d46ea95b9168c93f05fe617c83763dcd734c69efd454512a46c9f225712119/detection

7.24.136.88

# Reference: https://pastebin.com/63w4JXts

meitao886.com

# Reference: https://twitter.com/James_inthe_box/status/1204063774933581824

http://141.255.164.13
http://146.185.195.20

# Reference: https://twitter.com/wwp96/status/1204112610096009218

globalfbdnsaddressgoogle.duckdns.org

# Reference: https://www.virustotal.com/gui/file/30b3e5e0f5fe6b2209d8bf77f36794faf7aa99989016e2cefea820ef1f507d4f/detection

http://216.170.126.11

# Reference: https://twitter.com/cyber__sloth/status/1204366146389958656

http://5.255.63.12

# Reference: https://www.virustotal.com/gui/ip-address/89.35.178.104/relations

http://89.35.178.104

# Reference: https://twitter.com/JAMESWT_MHT/status/1204410470574125058

http://34.217.107.238

# Reference: https://twitter.com/silascutler/status/1204422133780242434

http://205.185.115.72

# Reference: https://twitter.com/midnight_comms/status/1204429816956620807

205.185.115.72:9801

# Reference: https://app.any.run/tasks/18af3b1c-d5b4-4727-a06e-8c2aa9d2daac/

http://192.236.155.17

# Reference: https://twitter.com/James_inthe_box/status/1205177628623130624

xmr-services.tk

# Reference: https://www.virustotal.com/gui/file/a98b22bb93491a53434640c0f89cac49c12de89fea28c5f84caaccd7961f1b06/detection

white-hita-3339.but.jp

# Reference: https://twitter.com/KorbenD_Intel/status/1205620725526208513

drmarciavila.com.br

# Reference: https://twitter.com/0xFrost/status/1116608057268527105

toothless28.pw

# Reference: https://www.virustotal.com/gui/ip-address/94.73.32.235/relations

http://94.73.32.235

# Reference: https://www.virustotal.com/gui/domain/greatmischiefdesign.com/relations

greatmischiefdesign.com

# Reference: https://twitter.com/malwrhunterteam/status/1205942062610141185

http://45.128.133.37

# Reference: https://www.virustotal.com/gui/domain/urbanvillager.xyz/relations

urbanvillager.xyz

# Reference: https://twitter.com/Rmy_Reserve/status/1206596674920972288

newcontest.xyz

# Reference: https://twitter.com/VK_Intel/status/1206643330488184832
# Reference: https://www.virustotal.com/gui/file/570768d139c2ed7f75c792746a13247dea897baac575b8faf62452d37399aab0/detection

47.107.136.247:8080

# Reference: https://twitter.com/wwp96/status/1206662163869380608

l500c.com

# Reference: https://twitter.com/FewAtoms/status/1206986920036896769

http://133.18.202.74

# Reference: https://twitter.com/mal_share/status/1206691868639141888

http://161.246.67.165

# Reference: https://twitter.com/James_inthe_box/status/1206952335764795392

masabikpanel.top

# Reference: https://www.virustotal.com/gui/file/6929d2d74fa9846394f03ba2639480b920cb614fff4698316507237161c9600e/detection

185.147.15.13:443

# Reference: https://twitter.com/david_jursa/status/1207631642988298240

mainsourceoffreeupdate.best

# Reference: https://twitter.com/SaudiDFIR/status/1207621069227614208
# Reference: https://app.any.run/tasks/bb422434-c9c8-4e89-bf95-7e44b9f0bf98/

lizen-pierre.be

# Reference: https://twitter.com/James_inthe_box/status/1207678562712637441

bhraman.org

# Reference: https://twitter.com/James_inthe_box/status/1207379438179999747 (# mailerbot)

http://185.174.173.152
/rkeurewvfgo4/cmd.php

# Reference: https://app.any.run/tasks/157ab2e2-f469-415d-9288-f7fe304704d7/

http://80.93.182.219

# Reference: https://www.virustotal.com/gui/ip-address/45.142.213.167/relations

http://45.142.213.167
45.142.213.167:443

# Reference: https://twitter.com/Jesse_V_Burke/status/1207878795430109186

185.122.59.78:443

# Reference: https://twitter.com/VK_Intel/status/1208340410331996160
# Reference: https://www.virustotal.com/gui/ip-address/101.132.43.162/relations

http://101.132.43.162

# Reference: https://twitter.com/prsecurity_/status/1208950830918860800
# Reference: https://www.virustotal.com/gui/ip-address/176.99.11.209/relations

176.99.11.209:80
176.99.11.209:443
5025026.ru
avito.cm
avito.vg
deffender.website
drunk-ac.ru
engineer-s.ru
exploits.pro
getsees.website
gryphs.ru
lapaz.ru
legenda.casa
money-match.ru
muhosransk.site
mymoneycontrol.site
photobattle.ru
popyti.com
securepay.cm
strastimardasti.club
telegrambillionaire.top
tinkoff.llc
yourluck.pro
yourluck.xyz

# Reference: https://twitter.com/nao_sec/status/1209090544711815169

krostaur.com

# Reference: https://twitter.com/James_inthe_box/status/1209150941661810690

http://185.216.35.21

# Reference: https://twitter.com/malware_traffic/status/1209638262970748929
# Reference: https://www.virustotal.com/gui/ip-address/45.72.3.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.174.12.130/details

45.72.3.132:80
45.72.3.132:443
79.174.12.130:80
alertactivityonaccwellslockedacconholdwf.host
alertkaccountwellsblockedverifyidacconholdwf.host
alertnoticealertlockedwellsaccessblockedacconholdwf.host
alertnoticealertwellsaccblockedacconholdcheckwf.host
alertonlinebankaccesswellsblockedacconholdwf.host
alertsecuritybrokenaccesswellsblockedacconholdwf.host

# Reference: https://www.virustotal.com/gui/ip-address/5.149.248.134/relations

http://5.149.248.134

# Reference: https://twitter.com/tkanalyst/status/1209829485643612160

earlyace55.com
infocarnames.ru

# Reference: https://twitter.com/James_inthe_box/status/1209833422832558081

imaginemix.ru

# Reference: https://twitter.com/killamjr/status/1210215114407735296

armantraders.net

# Reference: https://www.virustotal.com/gui/ip-address/37.46.135.58/relations

momo33333.fvds.ru

# Reference: https://twitter.com/FewAtoms/status/1210646032780070914

http://94.158.245.73

# Reference: https://www.virustotal.com/gui/file/c04548d4218739cba4b320b75c8cc58f8cc1d18996226344b892e0140e273798/detection

http://52.47.207.162
52.47.207.162:82

# Reference: https://www.virustotal.com/gui/file/946e6abf72126a942cfb63916e6ec2e2b597a6c7beba04d76c4213a0e51ce97d/detection

3.17.202.129:80
35aad9f7.ngrok.io

# Reference: https://www.virustotal.com/gui/file/db58265db4c657a02cc16ae7efc62f288c97af3b6734b3a891f7bcf105eff802/detection

18.223.41.243:443
3.14.212.173:443
f9e7020b.ngrok.io

# Reference: https://www.virustotal.com/gui/file/a3dcc3c8b03f6c5602c95b83864c69d8f0255b44a62f16cc79a22c963dbcf870/detection

3.17.202.129:443
af721e3a.ngrok.io

# Reference: https://www.virustotal.com/gui/file/38f55a06ce1abdbba07acb14aaca0fd7f8f5cfa017f9ae6519455cc35f36efdb/detection

18.188.14.65:443
1d9f0a85.ngrok.io

# Reference: https://www.virustotal.com/gui/file/4d4bd13f171d0a9fd7a71285bd90cacd4b2f00a15cbf374af0937cbafffb7674/detection

3.17.202.129:22

# Reference: https://www.virustotal.com/gui/domain/capeturk.com/relations

capeturk.com

# Reference: https://www.virustotal.com/gui/domain/goldenshoponline.us/relations

goldenshoponline.us

# Reference: https://app.any.run/tasks/76423975-6bd1-48f0-9758-89ceb126bf48/

lifesuporte.site

# Reference: https://twitter.com/FewAtoms/status/1211992847643238400

http://133.18.201.42

# Reference: https://www.virustotal.com/gui/file/80fe44438b4d25301a09e6b14a8e746980d858191319e8970617b7ffb7cb29de/detection

193.161.193.99:443
193.161.193.99:80

# Reference: https://twitter.com/malwrhunterteam/status/1212337904892207106
# Reference: https://www.virustotal.com/gui/ip-address/119.3.232.159/relations

119.3.232.159

# Reference: https://twitter.com/VK_Intel/status/1212432682162016257

103.56.53.100

# Reference: https://twitter.com/ps66uk/status/1212730450432679936

newyearddnsaddressupdatelink.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1210343558705795074

http://66.85.173.6

# Reference: http://plok1.blogspot.com/2018/02/a-new-spreader-with-mimikatz.html
# Reference: https://www.virustotal.com/gui/domain/kishi73.com.br/relations

kishi73.com.br

# Reference: https://twitter.com/Jouliok/status/1212682749452148736
# Reference: https://www.virustotal.com/gui/ip-address/100.43.136.34/relations

100.43.136.34:1717
100.43.136.34:80

# Reference: https://www.virustotal.com/gui/file/a260de9672842bfc45f9335a7d405b64d53815d7d1b8ec8f3e0768c422e73a30/detection

http://194.36.191.245

# Reference: https://twitter.com/pancak3lullz/status/1212781520483758083

http://133.18.169.9

# Reference: https://www.virustotal.com/gui/file/6291a9f4ac7dbb741f317c61b7f60bb5d9bc064abeb47e66292ededbfcb38966/detection

http://185.234.218.210

# Reference: https://www.virustotal.com/gui/file/14843438836afd53d256e4e71b57365ba2e7fd3a9631c377fe6e5a0aca3e45a1/detection

sweethome11.tk

# Reference: https://www.virustotal.com/gui/file/e0b416bd9da9580632cf8b56021a7f132f3f305a52e1facde9243df1dd7aaaf8/detection

werfcdxv.ru

# Reference: https://www.virustotal.com/gui/file/85f350b9d26c0a7c79558237ececfaa2c3472b2fe5ade88c0147eb3ec38fc991/detection

solex.duckdns.org
systic.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4e94d2474092220738319eece43e0c959a34339ab0871ccbd620f0366b4faf5c/detection

ecstay.website

# Reference: https://www.virustotal.com/gui/domain/sergiormo.duckdns.org/relations

sergiormo.duckdns.org

# Reference: https://app.any.run/tasks/1c4d20f3-d267-4176-9a2b-1a35656aa4c6/

recoverydata.merehosting.com

# Reference: https://twitter.com/JayTHL/status/1213530066065526784

lokigoblinoppd.com
simnlpedezir.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969

http://23.227.207.185

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

pinkpanda.pw

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

bc2rymcehnrb.gq
zpu5mahtuq3t.tk

# Reference: https://twitter.com/securitydoggo/status/1214185262160457728

maxtraders.net

# Reference: https://twitter.com/James_inthe_box/status/1214176338040410112

davespack.top

# Reference: https://twitter.com/FewAtoms/status/1214258688980062208

l500c.com

# Reference: https://twitter.com/SecSome/status/1214606873665650688

dyessar.buzz

# Reference: https://www.virustotal.com/gui/file/27b2c05614676616e8e3b62658c6dabd603ab8e4d135a9384871166998753f42/detection

portofino.ug

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1215267911666950145

http://3.84.5.126

# Reference: https://twitter.com/reecdeep/status/1215666445264224256

buzztrends.club

# Reference: https://twitter.com/malwrhunterteam/status/1215689657880662018
# Reference: https://twitter.com/James_inthe_box/status/1215706026302824449

http://178.128.215.46

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://www.virustotal.com/gui/domain/bobbitopedia.com/relations

bobbitopedia.com

# Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/

dsi-info.fr

# Reference: https://twitter.com/FewAtoms/status/1216753032504975362

aaagpsovot.com

# Reference: https://twitter.com/malware_traffic/status/1216882597789360134

cheklre4.xyz

# Reference: https://twitter.com/dave_daves/status/1217021709498363904

uptodateread.ddns.net

# Reference: https://twitter.com/reecdeep/status/1217101781563584513

http://185.159.82.39

# Reference: https://twitter.com/James_inthe_box/status/1217123673502445573

http://45.77.173.124

# Reference: https://twitter.com/3XS0/status/1217144032591257600

alldayever231.su

# Reference: https://app.any.run/tasks/35c35367-58e4-46bc-ac62-4052ce7689ed/

http://191.239.243.112

# Reference: https://twitter.com/James_inthe_box/status/1217481969581219840 

youaernedit.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1217739290270191616

interpremier1998.ru

# Reference: https://twitter.com/James_inthe_box/status/1217781646717419520

mellle.com

# Reference: https://twitter.com/malware_traffic/status/1217791790423650304

turnkeycre.com

# Reference: https://twitter.com/securitydoggo/status/1217802812769349633

fajr.com

# Reference: https://twitter.com/nao_sec/status/1217834630612647946
# Reference: https://app.any.run/tasks/c5f307eb-4389-4713-83a4-67ee331409f9/

easy-web-weight-loss.com

# Reference: https://twitter.com/unmaskparasites/status/1217866836324339713

http://45.83.122.65

# Reference: https://www.virustotal.com/gui/file/e92ba8c91051a2491c7b0c7a6310a3381734c11e54045e687c1591e2d757d8ab/detection

http://144.217.83.43
http://5.206.225.104

# Reference: https://www.virustotal.com/gui/ip-address/5.2.70.145/relations

http://5.2.70.145

# Reference: https://app.any.run/tasks/e9d670ed-e84c-4bf6-8fa2-2b1b7310d827/

down.onefast.cc
mprrpt.hjkl45678.xyz
cltrpt.vbnm34567.xyz
8xxjezfm.slt.cdntip.com
zhaobin.byc.580.bydj2019.com
byd.580.bydj2019.com
yun3.6fenkj.com

# Reference: https://www.virustotal.com/gui/file/e6e69be7d884b4bde7505593a450153a67c51eab8e46a75419e2610edf947076/detection

185.38.151.11:80
fl4shg4m35.com

# Reference: https://intezer.com/blog-linux-rekoobe-operating-with-new-undetected-malware-samples
# Reference: https://otx.alienvault.com/pulse/5e25cfbcd7e22ce9b7d4ea71
# Reference: https://www.virustotal.com/gui/domain/bitscan.win/relations

bitscan.win

# Reference: https://twitter.com/Jouliok/status/1219337071405477890

buildyourownbotnet.com

# Reference: https://twitter.com/wwp96/status/1219363482031861760

achpanel.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1219555398266605568

alphaputin.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1219848952239050754

mobile-lot.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1219906163875221504/photo/1

http://46.183.218.248

# Reference: https://www.virustotal.com/gui/domain/fd6fq54s6df541q23sdxfg.eu/relations

fd6fq54s6df541q23sdxfg.eu

# Reference: https://www.virustotal.com/gui/domain/fflyy.su/relations

fflyy.su

# Reference: https://www.virustotal.com/gui/domain/emedtutor.com/relations

emedtutor.com

# Reference: https://app.any.run/tasks/50c91d01-3e7b-40b3-a6e2-2ada1de3c2b9/

alphaenergyeng.com

# Reference: https://www.exposedbotnets.com/2012/08/bbqcto-irc-botnets-hosted-by-france.html

bb.qc.to

# Reference: https://www.exposedbotnets.com/2013/04/x01bkr2biz-snk-asper-mod-irc-botne.html

x01bkr2.biz
zr0x1b9.biz
xkzykxb.biz
xeyaz.biz

# Reference: https://www.exposedbotnets.com/2013/05/srv5su-snk-asper-mod-irc-botnet-hosted.html

srv5.su
srv50.su

# Reference: https://www.exposedbotnets.com/2013/03/x1x4x0su-snk-asper-mod-irc-botne.html

x1x4x0.su

# Reference: https://www.malekal.com/bossabotv2-another-linux-backdoor-irc/

ircqfrum.com
ka3ek.com
nadnadzzz.info
srv5050.co
saudicool.org
x01bkr2.biz
zerx-virus.biz
lebanonbt.info

# Reference: https://www.exposedbotnets.com/2018/07/bticoinsumonero-miner.html

bticoin.su

# Reference: https://www.exposedbotnets.com/2017/10/bullguard09wm01toinjectordsce-hosted-in.html

bullguard09.wm01.to

# Reference: https://www.virustotal.com/gui/ip-address/5.182.211.76/relations

5.182.211.76:80

# Reference: https://www.virustotal.com/gui/ip-address/185.251.39.251/relations

185.251.39.251:80

# Reference: https://www.virustotal.com/gui/ip-address/46.173.219.17/relations

46.173.219.17:80

# Reference: https://app.any.run/tasks/a3d578ef-0492-4ec2-b640-de38ab8eed74/

askarindo.or.id/js/

# Reference: https://twitter.com/James_inthe_box/status/1220818460235583489

alwasl-syria.com

# Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection

http://216.83.52.40
http://45.139.236.14
silvergeoa.com

# Reference: https://www.virustotal.com/gui/file/1eb6c25406ed155d70cc2e5df02f6327458ac48542e1d633532e444ac6f97065/detection

http://109.169.89.117

# Reference: https://www.virustotal.com/gui/file/706d442630e1505c69f1ccd33e74ae87a5a228cea5dd3de1337f38157e1915c3/detection

http://23.92.211.212

# Reference: https://twitter.com/Rmy_Reserve/status/1221030155088318466

cnamel.com

# Reference: https://www.virustotal.com/gui/domain/lanjayn.ga/relations

lanjayn.ga

# Reference: https://twitter.com/JohnLaTwC/status/1221111943387209730
# Reference: https://www.virustotal.com/gui/domain/insurance-statistics.com/relations

insurance-statistics.com

# Reference: https://www.virustotal.com/gui/domain/morganjeff.com/relations

morganjeff.com

# Reference: https://www.virustotal.com/gui/domain/sasill.com/relations

sasill.com

# Reference: https://www.virustotal.com/gui/file/b4161c6001b0e97db2f134f8bb9095ee809b47c8e1a2ed5021d081838b33d5cb/detection

unitedwebpay.co

# Reference: https://www.virustotal.com/gui/file/918c1f5862dd56d81876b83d2846eaac2c64ac00004e3b4ccae48a2ead77088c/detection

ancrout.info

# Reference: https://twitter.com/SBousseaden/status/1221562146573758472
# Reference: https://app.any.run/tasks/2f64ab4f-b405-4462-830c-03cbdf475216/
# Reference: https://www.virustotal.com/gui/ip-address/87.57.141.215/relations
# Reference: https://www.virustotal.com/gui/file/082eff8046385cb9233ddd792d4e118c9834a8a11cf4d980b4279ec5aeb53968/detection
# Reference: https://www.virustotal.com/gui/file/aaa246dfe7122fcb872ec5298b9fd53aa50486bfb4107db70c1fbfca112218c4/detection
# Reference: https://www.virustotal.com/gui/file/f26ecee1261cb0732b0b84bc4802c3828a57c53906c1c6d283675e28f097b515/detection
# Reference: https://www.virustotal.com/gui/file/994bdaa56ca8652f249cfae35d6726edfcd324fe8524144e06bf3b6e542f00d9/detection

87.57.141.215:443
87.57.141.215:80
mine.fortipower.com

# Reference: https://www.virustotal.com/gui/ip-address/198.46.190.14/relations

198.46.190.14:80

# Reference: https://www.virustotal.com/gui/ip-address/193.26.217.230/relations

193.26.217.230:80

# Reference: https://twitter.com/JayTHL/status/1221880058995970049

5.45.71.32:443
5.45.71.32:80

# Reference: https://twitter.com/wwp96/status/1221889989346320385
# Reference: https://www.virustotal.com/gui/ip-address/142.93.64.230/relations

142.93.64.230:443
belflax.pt
eclipsagr.site
ordernow.site
transferorder.xyz
webbelflax.pt
webeclipsagr.site
webordernow.site
webtransferorder.xyz
webwestfieldindustries.tk
webwetrans.xyz
westfieldindustries.tk
wetrans.xyz

# Reference: https://app.any.run/tasks/23fa0ea9-a950-48d1-9134-7f4ef49eadc6/

0.le4net00.net
0.weathdata.nu

# Reference: https://twitter.com/benkow_/status/1221862063888314368
# Reference: https://www.virustotal.com/gui/domain/exee.space/relations

exee.space

# Reference: https://twitter.com/FewAtoms/status/1222240268944125954

metaseed.duckdns.org

# Reference: https://twitter.com/unmaskparasites/status/1222248365666250755

hypanis.ru

# Reference: https://www.virustotal.com/gui/ip-address/209.141.59.245/relations

209.141.59.245:80

# Reference: https://www.virustotal.com/gui/domain/flkjnoijoljoioli21.top/relations

flkjnoijoljoioli21.top

# Reference: https://www.virustotal.com/gui/domain/dafadeewewwzzzz.website/relations

dafadeewewwzzzz.website

# Reference: https://twitter.com/SBousseaden/status/1222465015975948289
# Reference: https://app.any.run/tasks/b63ec8f5-70a6-4379-97e9-acbe3ce5ecde/
# Reference: https://app.any.run/tasks/4c404a75-4caf-430b-a901-c18bc8fb0824/

104.28.1.134:2087
172.86.75.211:80
dentalmatrix.net

# Reference: https://twitter.com/laskow26/status/1222332258092105729

sophosdefence.com

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.153/relations

dark-team.pw

# Reference: https://www.virustotal.com/gui/file/2377a5c17179b5284b7abb170fbdb900d98dfd72131dd4e37438c8688074c378/detection

fateh-news.my-firewall.org

# Reference: https://www.virustotal.com/gui/ip-address/3.112.246.37/relations

3.112.246.37:80

# Reference: https://twitter.com/phishunt_io/status/1222960636780597249
# Reference: https://www.virustotal.com/gui/domain/amazongifts.org/relations

amazongifts.org

# Reference: https://twitter.com/benkow_/status/1223234991678787584

greyrockland.com
spineyes.club

# Reference: https://twitter.com/DynamicAnalysis/status/1223303076100169730

seobrooke.com

# Reference: https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9
# Reference: https://otx.alienvault.com/pulse/5e35b7da3cd07e55edf22c8c

cdn-line.kz
crewtyxz.biz
faxtoweb.org
gcdn.kz
gstatic.kz
hotmail.org.kz
maildomain.kz
msf.org.kz
nexfail.com
office.com.kz
oneppdatemicro.com
outlook.kz
regsvr32.kz
webfax.org
yahoo.org.kz

# Reference: https://twitter.com/SBousseaden/status/1221834746084368385
# Reference: https://app.any.run/tasks/4a40a89c-bddd-4df8-993e-5732d8a52133/
# Reference: https://www.virustotal.com/gui/domain/securelogonweb.com/relations
# Reference: https://www.virustotal.com/gui/file/a8abcfde1a8d2eb3008e346c68ab4486c402e8d4dcd8d17e56787fa1c52e616b/detection

securelogonweb.com

# Reference: https://twitter.com/FewAtoms/status/1224372841786855425

http://13.234.231.211
http://178.218.222.185
http://www.pedrojorge.pt/cypher/

# Reference: https://twitter.com/OttoScav/status/1224359600352301056
# Reference: https://www.virustotal.com/gui/file/42fe3715f6197416ff34c99a0fbcf5a8fe4757c3080a4518f2ac54e94a05251c/detection

194.36.188.132:443

# Reference: https://twitter.com/James_inthe_box/status/1224398473065189376

evalogs.top

# Reference: https://twitter.com/ScumBots/status/1224442375088435200

46.28.205.87:80

# Reference: https://www.virustotal.com/gui/ip-address/199.19.226.33/relations

199.19.226.33:80

# Reference: https://twitter.com/ScumBots/status/1224527205759438850

iexploreservice.com

# Reference: https://twitter.com/ScumBots/status/1224529580444221440

40.114.116.10:80

# Reference: https://twitter.com/wwp96/status/1224382200218603521

impulsefittness.info

# Reference: https://app.any.run/tasks/1f6ecf5b-ce20-430e-b319-e4a695fab823/

merkez.tk

# Reference: https://twitter.com/Rmy_Reserve/status/1224878446565683201
# Reference: https://www.virustotal.com/gui/ip-address/172.86.75.211/relations
# Reference: https://app.any.run/tasks/1362c931-b93e-41c1-8497-4a7132ce7459/

172.86.75.211:80
dentalmatrix.net

# Reference: https://twitter.com/FewAtoms/status/1225072383087841281

palmiericurtains.com

# Reference: https://twitter.com/JayTHL/status/1225117583898218496

aluminum.dyndns.dk
maios12.dyndns.dk

# Reference: https://app.any.run/tasks/36f61504-d0ce-4bfe-be53-3f4a21817677/

185.253.99.100:80
185.51.203.211:80

# Reference: https://twitter.com/FewAtoms/status/1226175723775258624

45.141.86.18:80

# Reference: https://twitter.com/ViriBack/status/1226223550387933184

pentestblog.xyz

# Reference: https://www.virustotal.com/gui/domain/niggacumyafacenet.xyz/relations

niggacumyafacenet.xyz

# Reference: https://twitter.com/K_N1kolenko/status/1226769404274335744

104.211.165.111:1942

# Reference: https://www.virustotal.com/gui/file/a1b4597019f73f54d3981468c9bbe0ca1e144f06bda349d8baa2f607d90f4fb1/detection
# Reference: https://www.virustotal.com/gui/file/8c6cc35529e440cbccb7e33019d7a0ccea0db9f30d2035cad4e66a0d47341b79/detection
# Reference: https://www.virustotal.com/gui/ip-address/77.83.172.136/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.158.113.232/relations

185.158.113.232:7777
77.83.172.136:7777
kiras.hk
manip2.hk
bgpaio75egqvqigekt5bqfppzgth72r22f7vhm6xolzqd6ohroxs7pqd.onion
jr2jjfxgklthlxh63cz3ajdvh7cj6boz3c3fbhriklk7yip4ce4vzsyd.onion
rcjndzwubq5zbay5xoqk4dnc23gr4ifseqqsmbw5soogye6yysc7nkyd.onion
uovyniuak3w4d3yzs4z4hfgx2qa6l2u6cx4wqsje4pmnmygc6vfddwqd.onion

# Reference: https://twitter.com/ANeilan/status/1226957261697843200

dotcfmkc.cf

# Reference: https://twitter.com/ANeilan/status/1226943927430848512

cdfolkme.cf

# Reference: https://twitter.com/ANeilan/status/1226941630722322434

adnmya.tk

# Reference: https://twitter.com/Arkbird_SOLG/status/1226977494215077888

marcuskirol.online

# Reference: https://twitter.com/reecdeep/status/1227158430013677569

185.195.237.17:80

# Reference: https://github.com/stamparm/maltrail/pull/6726#issuecomment-585133462

185.27.134.11:21
ftpupload.net

# Reference: http://cybercrime-tracker.net/index.php?search=Stealer (as seen on 2018-09-01)

alessa-kw.com
alrayyanplastics.com
ambliglobal.nut.cc
annapoliscrabtownphotos.com
bclm-es.info
binousgroup.nut.cc
bitgetglobal.club
briiskgroup.com
cliten.microdoctor.com.br
cyberfreakz.cf
deffanogroup.co.id
emiretas.com
gazeboindonesia.com
gg.net.co
goldenalhaji.com
gpt.sa.com
gruopcor.com
gtneifnsyrf.tk
handsomelaw.id
hectords.us
ieejotex.com
imsa.com.au
iykepc.com
jasonetworks.com
kantanka.com
kiiey.ga
kindomstar.com
kwe-za.com
l2cc9521.justinstalledpanel.com
lacasonadelcartero.cl
lwis.cf
mahgoubsons.ml
owenscorming.com
owerri.usa.cc
richweva.com
ronjustthetrebho.net
sellychukwu.ru
sentrinonline.com
sepprod.com
spearsrnfq.net
stealerpanel.usa.cc
toddstretinc.com
trafficxx.com
u19982p14980.web0119.zxcs.nl
u19982p14983.web0119.zxcs.nl
untorsnot.in
wahuiilopi.club
webapp-mpp2.com
work.chukzenter.tk

# Reference: https://twitter.com/petrovic082/status/1145373440230273024
# Reference: https://pastebin.com/SCsbLU1n

theridgeatdanbury.com/wp-admin/network/server/login.php

# Reference: https://twitter.com/serhack_/status/1147795722215022592

electrumportal.com

# Reference: https://bitcointalk.org/index.php?topic=5133490.0 (Russian)

btc-electrum.com
btcelectrum.org
downloadelectrum.com
downloadelectrum.org
eiectrum.net
electrum.bz
electrumapp.org
electrumapps.com
electrumbase.com
electrumbase.net
electrumbase.org
electrumbitcoin.org
electrumbtc.org
electrumbuild.com
electrumcircle.com
electrumclient.org
electrumcore.com
electrumcore.net
electrumdownload.com
electrumdownload.org
electrume.com
electrume.org
electrumfix.com
electrumget.com
electrumget.com 
electrumhub.com
electrumnet.com
electrumofficial.com
electrumopen.org
electrumpgrade.com
electrumsafe.org
electrumsite.com
electrumsource.org
electrumstart.org
electrumtxn.com
electrumupdate.com
electrumupgrade.com
electrumupgrade.org
electrumware.com
electrumware.org
electrumweb.net
getelectrum.com
getelectrum.live
getelectrum.org
goelectrum.com
myelectrum.org
electro1wallet.info
electrodwallet.info
digi-wallet.info
jotubhsbn.website
zpvuvcf.xyz

# Reference: https://twitter.com/0xFrost/status/1188458586453745664
# Reference: https://pastebin.com/JDecBDpM

btc-electrum.net
btcelectrum.com
electrum-btc.net
electrum.ink
electrum.media
electrum.tools
electrum.zone
electrumapp.info
electrumapps.info
electrumball.com
electrumbase.online
electrumbase.sh
electrumbin.com
electrumbit.net
electrumbitcoin.club
electrumbitcoin.co
electrumbitcoin.info
electrumblocks.com
electrumboard.com
electrumbtc.info
electrumbtc.live
electrumbtc.me
electrumcoin.com
electrumeasy.net
electrumfiles.com
electrumflow.com
electruminstall.info
electruminstall.org
electrumpack.com
electrumpack.net
electrumpack.org
electrumpass.com
electrumpatch.com
electrumpath.com
electrumpath.org
electrumpin.com
electrumportal.net
electrumportal.org
electrumsecure.com
electrumserver.info
electrumset.com
electrumsite.org
electrumstar.com
electrumtech.me

# Reference: https://twitter.com/andsyn1/status/1271513659718668288

xn--elctrum-u8a.com

# Reference: https://twitter.com/Racco42/status/1148877632412487682
# Reference: https://app.any.run/tasks/698e5d3b-7080-4e00-a827-aabb132a8821/

/PostaSatanas.php

# Reference: https://twitter.com/ItsReallyNick/status/1150058573671665665
# Reference: https://www.virustotal.com/gui/file/5fb6d259f04a202d9d73110b568370a0eabbc24ce08d8416a85c2e718b7b8721/detection

52.90.226.47:443

# Reference: https://twitter.com/James_inthe_box/status/1159202555961851904

sd346.zzz.com.ua

# Reference: https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/ (# C2 section)

my.gobiox.com
login3.kimbrelelectric.com

# Reference: https://twitter.com/sniko_/status/1165293103655333888

wwwelectrum.org

# Reference: https://twitter.com/P3pperP0tts/status/1166493391263358976

rtsdyfucgj.temp.swtest.ru

# Reference: https://twitter.com/PRODAFT/status/1154016659868409856

undergrounddynamics.site

# Reference: https://twitter.com/VK_Intel/status/1171782155581689858

66.42.76.46:21

# Reference: https://twitter.com/sS55752750/status/1173668868784644105

s2.abcvg.ovh

# Reference: https://twitter.com/JAMESWT_MHT/status/1177109960309858304
# Reference: https://app.any.run/tasks/947e97aa-fb67-4856-bcc7-297b4d14c9cd/

http://112.175.138.213

# Reference: https://twitter.com/JAMESWT_MHT/status/1182597039105941504

nfe-fazenda.myftp.org

# Reference: https://twitter.com/James_inthe_box/status/1184519173268897792

9f249.f249724.96.lt

# Reference: https://twitter.com/iocsvault/status/1176144857284395009

jaster24h.biz
tviewer.ga

# Reference: https://twitter.com/James_inthe_box/status/1187689326353600512

luckykey.tk

# Reference: https://twitter.com/angel11VR/status/1189135390655078402

212.47.208.135:21

# Reference: https://twitter.com/unmaskparasites/status/1190016192511131655
# Reference: https://www.virustotal.com/gui/domain/saleforyou.org/details

1.saleforyou.org/tong/pa/newpw/pass.php
bingstyle.com/tong/pa/pass.php

# Reference: https://twitter.com/cyber__sloth/status/1182395650752892928
# Reference: https://www.virustotal.com/gui/file/7e3a8eda2a3c53b4e169db8b11d344c0308ede32884b18b2f225baf8bcb30aa5/detection

195.50.7.214:43231

# Reference: https://twitter.com/darienhuss/status/1192736459167588353 (# Cyber Agent)
# Reference: https://www.virustotal.com/gui/file/04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30/detection
# Reference: http://benkow.cc/wp_prezo.pdf

chrome-update-center.com
geolocation-sys.com

# Reference: https://twitter.com/GlaCiuS_/status/1192772160881868801
# Reference: https://www.virustotal.com/gui/file/ebddf88ffdf3cea966a66aa7337e5fdf7e2579db486521a869e7c12c40bb1916/detection

gregoirius2015.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1168894993160974336
# Reference: https://app.any.run/tasks/d2b6177d-e257-49ce-bc82-e1dc31321c64/
# Reference: https://www.virustotal.com/gui/file/a0f75184426976dfe0603507b99f87ce63ad79a5af10de935439576f0c48f47f/detection

gamebooster.pro
lokicode.had.su

# Reference: https://twitter.com/DbgShell/status/1197996130585460737

4aeoewr91oas1.anomalix.ml
lka177m3agc.37xia484cnd499x.ga
wa5to7naa1.a01mt584zk32sw1.ml

# Reference: https://twitter.com/JayTHL/status/1199021248417861632

45.137.151.95:21

# Reference: https://twitter.com/i/status/1199127438435012608

finabisope.xyz
happysitesworld.xyz
timenotbesea.xyz

# Reference: https://twitter.com/James_inthe_box/status/1200431694307684352
# Reference: https://www.virustotal.com/gui/file/00a1237e8faa646219744517b24cb4c8ebdbaa10d62e2b56fc25dffca832583c/detection

18.220.85.117:27000

# Reference: https://twitter.com/pancak3lullz/status/748631479144452096

ctr1p.com

# Reference: https://www.virustotal.com/gui/file/c180f56cf3d571352a7ea36c968000d61e543347d64a063bf2dcac26b1afe5df/detection

gf1433.f3322.net

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204447068321964032
# Reference:m https://twitter.com/0_1_0_1_0_0_0_0/status/1204503912092446730
# Reference: https://www.virustotal.com/gui/file/1da250bbb5fbbe268ca2b919a8c2621237a1debda5bb42492b640b8e4f178818/detection

5.188.9.24:9171

# Reference: https://twitter.com/James_inthe_box/status/1204606741947666433
# Reference: https://app.any.run/tasks/768e34db-2ef1-41ed-ad8d-30a9ac7f35a4/

browserlootar.xtreme-apis.top

# Reference: https://twitter.com/0xFrost/status/1205927089691648002

lqo02.pro

# Reference: https://twitter.com/MBThreatIntel/status/1208135822261637120

193.35.50.253:443
193.35.50.253:80
cardspay.xyz
interpaykabinet.cf
interpaykabinet.ga
interpaykabinet.gq
interpaykabinet.ml
interpaykabinet.tk
interpayoffice.cf
interpayoffice.ga
interpayoffice.gq
interpayoffice.ml
interpayoffice.tk
kibermansuladu.cf
kibermansuladu.ga
kibermansuladu.gq
kibermansuladu.ml
kibermansuladu.tk
luckipasdretop.cf
luckipasdretop.ga
luckipasdretop.gq
luckipasdretop.ml
luckipasdretop.tk
offensepayinter.cf
offensepayinter.ga
offensepayinter.gq
offensepayinter.ml
offensepayinter.tk
paycards.xyz
pireulwiterykam.cf
pireulwiterykam.ga
pireulwiterykam.gq
pireulwiterykam.ml
pireulwiterykam.tk
zaemaropiteds.cf
zaemaropiteds.ga
zaemaropiteds.gq
zaemaropiteds.ml
zaemaropiteds.tk

# Reference: https://twitter.com/MBThreatIntel/status/1213201167838089216
# Reference: https://www.virustotal.com/gui/ip-address/193.35.50.250/relations

193.35.50.250:443
193.35.50.250:80
paygooloffice.cf
paygooloffice.ga
paygooloffice.gq
paygooloffice.ml
paygooloffice.tk
paygoolofficearabi.cf
paygoolofficearabi.ga
paygoolofficearabi.gq
paygoolofficearabi.ml
paygoolofficearabi.tk

# Reference: https://www.virustotal.com/gui/ip-address/193.35.50.252/relations

193.35.50.252:443
193.35.50.252:80
arabianpayclub.cf
arabianpayclub.ga
arabianpayclub.gq
arabianpayclub.ml
arabianpayclub.tk
freepayinterkom.cf
freepayinterkom.ga
freepayinterkom.gq
freepayinterkom.ml
freepayinterkom.tk
interkomarabipay.cf
interkomarabipay.ga
interkomarabipay.gq
interkomarabipay.ml
interkomarabipay.tk
payarabionmany.cf
payarabionmany.ga
payarabionmany.gq
payarabionmany.ml
payarabionmany.tk

# Reference: https://twitter.com/unmaskparasites/status/1214266385003495424

http://200.63.40.60

# Reference: https://www.virustotal.com/gui/file/3c154dc2e1eaab82e28934368e05e125787d748b27f90d4dea2265fbde1f6997/detection

179.180.82.144:80

# Reference: https://www.virustotal.com/gui/file/3eea2a5d7d5b692179500b8c6e6edb40454538fd8593bc6d4be042c744af0b1e/detection

185.140.53.134:443

# Reference: https://www.virustotal.com/gui/file/1a49dc441d93c44de5fe946e14f8f06464680cf9d9e537fb36d3535003a1a1b1/detection

95.182.122.184:80

# Reference: https://twitter.com/reecdeep/status/1220256702722977793
# Reference: https://app.any.run/tasks/45fa3d27-2f55-44de-914c-f93af54234c9/

toratoratora.altervista.org

# Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection

installsilver.com
confirmssystems.com
passwordkernel.online
123321123.fun
myprintscreen.com
budison-oklarly.com
megagemes.info
termscenter.com
cleand8yv0m6g.top
newbook-t.info

# Reference: https://www.virustotal.com/gui/domain/pix-fix.net/relations

pix-fix.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.225.32/relations

ddtupdate1.top
ddtupdate4.top
legion17.com
mypandacleaner.info
rrudate1.top
rrudate2.top
slupdate1.top
slupdate2.top
slupdate3.top
ssdupdate1.top
ssdupdate2.top
ssdupdate3.top
statistics-pro.best

# Reference: https://www.virustotal.com/gui/ip-address/52.59.77.115/relations

http://52.59.77.115

# Reference: https://twitter.com/ni_fi_70/status/1227561744702283776

deadrick-812.tk

# Reference: https://app.any.run/tasks/9190151a-739e-41c0-b89d-71bf74414ab4/

googlechromeupdate.ga
googlechromeupdate.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1227982693889183744
# Reference: https://app.any.run/tasks/967c009c-cfaa-411f-b804-69bc23bb5814/

13.72.105.98:443
13.72.105.98:80

# Reference: https://www.virustotal.com/gui/file/267c20b0295420c2638bd6b6087ab7e82f1e10341a8a957a3c28c69fd3bf2890/detection

docxuploads.com

# Reference: https://www.virustotal.com/gui/ip-address/23.224.179.28/relations

o076un.com
sggl1527.top
sggl6527.top
dlytw.com

# Reference: https://www.virustotal.com/gui/file/c64a96098559189d85c0e59c4a45740db8cae250520beeff1ff5556e211850d8/detection

23.224.179.28:8008

# Reference: https://www.virustotal.com/gui/file/7be2ec6b3b8190f56c62d44e98b7a8e8fb9404b381d53ddadd43fde622b08206/detection

23.224.179.28:7788

# Reference: https://www.virustotal.com/gui/file/0a94d90a3b91b117741ca0dd37ab14828a59a10c71b27be803480be7d2542ea2/detection

23.224.179.28:8888

# Reference: https://www.virustotal.com/gui/file/2d694ba25af171e61a2cb9b5a8b9588e0c149e691ded7796542ba97449a0b4cb/detection

23.224.179.28:9666

# Reference: https://www.virustotal.com/gui/file/b8d7a2d94c30947e7983961d490143bce7ae677a126320a14457cd96d47f7cbf/detection

23.224.179.28:4131

# Reference: https://www.virustotal.com/gui/file/4181e87462a5913e73f09cdf61a464718a15d17df519ee25dd05f1bd9c93cf97/detection

23.224.179.28:8552

# Reference: https://www.virustotal.com/gui/file/2daad3f8ac834067c85ea75889b388e381f25fab6c2c5c988dfd84c63956842d/detection

23.224.179.28:8180

# Reference: https://www.virustotal.com/gui/file/94c758666acc50035e0028cfcd26d669e6e8fb11ffbd384802b90b5e07b094f2/detection

23.224.179.28:9888

# Reference: https://twitter.com/ps66uk/status/1228268374649659392
# Reference: https://app.any.run/tasks/9be4f8eb-e828-4ca5-ba76-6f8db7f1627a/

107.189.7.176:80

# Reference: https://www.virustotal.com/gui/domain/breda.vanhiele.nl/relations

breda.vanhiele.nl

# Reference: https://www.virustotal.com/gui/domain/linkomember.info/relations

linkomember.info

# Reference: https://urlhaus.abuse.ch/url/314830/
# Reference: https://www.virustotal.com/gui/ip-address/111.90.149.246/relations

111.90.149.246:80

# Reference: https://twitter.com/ScumBots/status/1229284924450123776
# Reference: https://www.virustotal.com/gui/file/beec8fc6ea45f0862fa13107b05a4d92cc2fc3c6f1c0c23fd2f04c3d3988c8c1/detection

62.108.37.42:1013

# Reference: https://twitter.com/vikas891/status/1229360459830087680

jomamba.best

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

aisioy.xyz

# Reference: https://twitter.com/reecdeep/status/1229390645355261953

joeing.rapiddns.ru

# Reference: https://www.virustotal.com/gui/domain/bhatner.com/detection

bhatner.com

# Reference: https://www.virustotal.com/gui/domain/store.nvprivateoffice.com/relations

store.nvprivateoffice.com

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155

69.87.219.49:80

# Reference: https://twitter.com/Bl4ng3l/status/1229687760279293952

gali.keipta.us

# Reference: https://twitter.com/James_inthe_box/status/1229509229267972097
# Reference: https://app.any.run/tasks/6fc45ad8-8993-4fc6-8e60-c437d66593e3/

ba97b047bd6aa1e4f76f84fd6ec96bd8.gq

# Reference: https://app.any.run/tasks/a12db284-e0a7-4834-bc94-21debc6ea72b/

rifat02.info

# Reference: https://app.any.run/tasks/3440bfb4-736c-4a27-8f63-ea82988bbd67/

rifat01.info

# Reference: https://twitter.com/wwp96/status/1229838934563225600
# Reference: https://app.any.run/tasks/4e12a96e-3a18-45a8-8965-8ee6bd3fbb77/

http://34.253.184.43

# Reference: https://twitter.com/Jouliok/status/1230009062810628097

worldatdoor.in

# Reference: https://twitter.com/DynamicAnalysis/status/1230171498670886924

gm-adv.com

# Reference: https://twitter.com/FewAtoms/status/1230168466142978053

mi.ceceliansanders.us

# Reference: https://app.any.run/tasks/e6427a49-7a93-451a-9342-27948f7a0cef/

http://syncode.com.br/forum.php?xmapnawaykkfc=3748139090763247
http://redfinance.pl/forum.php?xmapnawaykkfc=14678699031243286
http://spaxman.com/forum.php?xmapnawaykkfc=586795938240767

# Reference: https://app.any.run/tasks/f4ebed77-6d4c-40fb-a73c-37cae62ca33e/

78.42.70.24:2214

# Reference: https://twitter.com/KorbenD_Intel/status/1230504991191793664

youalmost.gotdns.com

# Reference: https://twitter.com/wwp96/status/1230504598852526080

111.90.146.27:80

# Reference: https://twitter.com/baberpervez2/status/1230606469101477902
# Reference: https://www.virustotal.com/gui/ip-address/185.158.249.22/relations

185.158.249.22:80

# Reference: https://app.any.run/tasks/8ed48f9c-38b7-4f70-bd1a-3bb44a403122/

0x0.best
yaprostopopitalsyaoboitietosrannoeav.club

# Reference: https://twitter.com/D3LabIT/status/1230756245511917570

zekelliott.com/ams/amsweb.php

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.64/relations
# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection

217.8.117.64:80
217.8.117.64:443
185.224.128.41:80

# Reference: https://twitter.com/FewAtoms/status/1231201262944882688

bt-design.org

# Reference: https://twitter.com/James_inthe_box/status/1231247315672809473
# Reference: https://www.virustotal.com/gui/file/3b701eac4e3a73aec109120c97102c17edf88a20d1883dd5eef6db60d52b8d92/detection
# Reference: https://app.any.run/tasks/844d5358-bf5d-4a4a-89b2-d3bf06df79e3/

cloud-security.ggpht.ml
ggpht.ml

# Reference: https://twitter.com/FewAtoms/status/1231994766398717954

13.95.31.136:80

# Reference: https://twitter.com/FewAtoms/status/1232274564262105088

1579850.xyz

# Reference: https://twitter.com/wwp96/status/1232326236636090370

185.112.250.168:80

# Reference: https://twitter.com/FewAtoms/status/1232358875472461829

portermedicals.com

# Reference: https://app.any.run/tasks/92f686b8-9cdf-4070-ae98-96cfd34a78ef/

alaziz.in

# Reference: https://twitter.com/DynamicAnalysis/status/1232426353766563840

docxuploads.com
pacieinco.com

# Reference: https://app.any.run/tasks/34e48272-ccf9-4ace-805d-6cedfce263b5/

mitelcelfact-spain.com

# Reference: https://twitter.com/James_inthe_box/status/1232764239321845760

ironbigpanel.com

# Reference: https://twitter.com/MBThreatIntel/status/1232828557040029696

http://92.63.197.190

# Reference: https://twitter.com/ScumBots/status/1233042331072421892

firsttus.com

# Reference: https://twitter.com/0xAmit/status/1224369244797796352
# Reference: https://www.virustotal.com/gui/domain/serralheriacic.com.br/relations

serralheriacic.com.br

# Reference: https://twitter.com/DynamicAnalysis/status/1233209872889602048

http://8.3.29.166

# Reference: https://app.any.run/tasks/ae89227d-182e-46c6-8dea-dc4275eb859c/

jumpingjetz.net

# Reference: https://twitter.com/KorbenD_Intel/status/1233498740914294784

http://13.92.226.218

# Reference: https://www.virustotal.com/gui/domain/cureprm.com/relations

cureprm.com

# Reference: https://twitter.com/dave_daves/status/1119185135646195712

hijaiyh.net

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

mx.neperepahano.top

# Reference: https://twitter.com/stecar792/status/1034858782990512128

wasabbybomba.space

# Reference: https://twitter.com/de_aviation/status/1125099666218078218

mozilla.theworkpc.com

# Reference: https://twitter.com/illegalFawn/status/1177557065742594048

illegalfawn.com

# Reference: https://twitter.com/MisterCh0c/status/1154056708806848515

g.icab.pk

# Reference: https://twitter.com/phishunt_io/status/1234095925246689280

userauth-appleid.ddns.net

# Reference: https://twitter.com/jorgemieres/status/1233964775748636673

a-d.me

# Reference: https://twitter.com/Vishnyak0v/status/1234457104347430915

http://92.119.160.145
/gate4e56d5415700.php

# Reference: https://www.virustotal.com/gui/domain/dynamicrosoft.com/relations

dynamicrosoft.com

# Reference: https://www.virustotal.com/gui/domain/hokage.ru/relations

hokage.ru

# Reference: https://twitter.com/malwrhunterteam/status/1233666708616941570

omegaeyehospital.com

# Reference: https://twitter.com/FewAtoms/status/1234893577362210825

http://109.169.89.118

# Reference: https://twitter.com/KorbenD_Intel/status/1234931931168542723

http://78.128.92.24

# Reference: https://twitter.com/malwrhunterteam/status/1235179767604924416

alphastore.store

# Reference: https://twitter.com/KorbenD_Intel/status/1235256882048073728

http://109.201.143.181

# Reference: https://twitter.com/baberpervez2/status/1235253914724962309

bigtrading.ga
edauto.ga

# Reference: https://www.virustotal.com/gui/domain/workshop002.duckdns.org/relations

workshop002.duckdns.org

# Reference: https://pastebin.com/uveiJed9

gm-adv.com

# Reference: https://www.virustotal.com/gui/domain/umeed.app/relations

umeed.app

# Reference: https://twitter.com/GlaCiuS_/status/1234991709223735296

http://217.8.117.76

# Reference: https://ddanchev.blogspot.com/2019/09/massive-portfolio-of-apt-advanced.html  (Note: removed trails already appearing in other files)

amana1.duckdns.org
casinonono.ddns.net
daisy101.ddns.net
ezelogs.ddns.net
glendyling.ddns.net
gujulio.duckdns.org
hykedscams.ddns.net
jaaav.ddns.net
koutafa.ddns.net
ldouab.ddns.net
lilop.ddns.net
mogofockerdu94.chickenkiller.com
oryano.ddns.net
probityjrat5.duckdns.org
projecttestingforedu.chickenkiller.com
ramadan.mywire.org
servicepcinfo.myddns.rocks
stanley10.linkpc.net
sugesu.ddns.net
thefuturisus.ddns.net
trasatlis.sytes.net
xfxf.ddns.net
yurmaufat.ddns.net
abbaass313.hopto.org
an.droidsuper.su
android.no-ip.org
droidcraftismelmao.ddns.net
droidjack.hopto.org
droidjack1.sytes.net
ehsanmaali.ddns.net
hacker-81.no-ip.biz
haker-2119.ddns.net
jackdroid.systes.net
jnkey.ddns.net
opt91.ddns.net
pplweb.pplmotorhomes.com
ratforandroid.ddns.net
s.leas.im
test.pagez.kr
usa.myftp.biz

# Reference: https://www.virustotal.com/gui/domain/quiet-goto-7536.penne.jp/relations

quiet-goto-7536.penne.jp

# Reference: https://twitter.com/KorbenD_Intel/status/1235313936091746305

http://111.90.149.212

# Reference: https://twitter.com/wwp96/status/1235587667393269767

hmmrr.com

# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/
# Reference: https://www.virustotal.com/gui/domain/alrazi-pharrna.com/relations

alrazi-pharrna.com

# Reference: https://twitter.com/killamjr/status/1235727868040077312

http://216.189.145.11

# Reference: https://twitter.com/Artilllerie/status/1235879088944033792

seekersme.com

# Reference: https://twitter.com/ps66uk/status/1235959155980210178

18655.aqq.ru

# Reference: https://twitter.com/James_inthe_box/status/1236318055203889158
# Reference: https://www.virustotal.com/gui/domain/casaconceitoltda.info/relations

casaconceitoltda.info

# Reference: https://www.virustotal.com/gui/ip-address/117.78.50.197/relations

http://117.78.50.197

# Reference: https://www.virustotal.com/gui/ip-address/112.74.75.143/relations

http://112.74.75.143

# Reference: https://www.virustotal.com/gui/ip-address/210.222.25.223/relations

http://210.222.25.223

# Reference: https://www.virustotal.com/gui/ip-address/113.214.1.34/relations

http://113.214.1.34

# Reference: https://www.virustotal.com/gui/ip-address/37.72.171.98/relations

http://37.72.171.98

# Reference: https://twitter.com/0xCARNAGE/status/1236650024601374720

bigtrading.ga

# Reference: https://twitter.com/Jouliok/status/1236904231568846849

http://155.94.185.68

# Reference: https://twitter.com/JayTHL/status/1237025355212431361

dubriah.com

# Reference: https://twitter.com/VK_Intel/status/1237039891365625856

http://45.11.181.17

# Reference: https://twitter.com/malware_traffic/status/1237070035841175562
# Reference: https://app.any.run/tasks/b799a194-ff60-465f-b781-2914d50d3696/

posqit.net

# Reference: https://twitter.com/malware_traffic/status/1237109406288011264

http://64.110.24.130

# Reference: https://www.virustotal.com/gui/domain/trufco.com/relations

trufco.com

# Reference: https://www.virustotal.com/gui/domain/limos-us.com/relations

limos-us.com

# Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/

27.124.43.55:8000

# Reference: https://twitter.com/James_inthe_box/status/1237362183828209666

sercon.com.mx

# Reference: https://twitter.com/JayTHL/status/1237384903181897729

hindold.com

# Reference: https://twitter.com/JayTHL/status/1237398536687362048

sulainul.com

# Reference: https://twitter.com/wwp96/status/1237796218773831680

cutox.info
lolel.best
omalll.com

# Reference: https://twitter.com/HeavyMetalAdmin/status/1237380963564498944

uzoclouds.eu

# Reference: https://twitter.com/AdAstra247/status/1230131129216380928

iopaos.dyndns.dk

# Reference: https://twitter.com/FewAtoms/status/1237432289451298822

http://51.81.29.60

# Reference: https://twitter.com/JayTHL/status/1237422040052875269

abctvlive.ru
adrakwalichae.com
cyanobac.com
frekishalm.com
joekelpanel.com
khitlinphoto.ru
kindleedxded.ru
lahkaycentz.com
lhawarlaw.com
live-en-us.ml
lowcostpower.ru
minmindough.com
muabancaoocwnet.ru
noreplyinfo-office.com
onedrivenoreply.com
pinkeyesaure.com
prairietruckx.ru
rlabinsahab.com
savedbyangelsworg.ru
swanbleck.com
tilsmiangotha.com
tutijae.com
vitaminepowed.ru
wpsitebuilder.ru
yanarascla.com
yepi2eco.ru
yetehoga.com
zalmips.com
zucikni.com

# Reference: https://twitter.com/FewAtoms/status/1237798224221667328

gdrintl.com

# Reference: https://twitter.com/IntezerLabs/status/1238090332639842304

jave.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1238102354320166912

http://93.65.162.134

# Reference: https://twitter.com/malwrhunterteam/status/1238113568442265602

trynda.xyz

# Reference: https://twitter.com/JayTHL/status/1238182874223910915

vonty.best

# Reference: https://www.virustotal.com/gui/domain/pulid.net/relations

pulid.net

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/more-excel-4-0-macro-malspam-campaigns/
# Reference: https://otx.alienvault.com/pulse/5e6a65de61606ee5b177c86f

paypeted.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1238421963347054594
# Reference: https://www.virustotal.com/gui/file/ca1641bb37075d73a357e454753ab038962d04b7465ac32c4b5675eb2cffff92/detection

w1750996.ferozo.com/content/archivos/tarjetas/server.php

# Reference: https://twitter.com/James_inthe_box/status/1238606200154886144

maildrive.icu

# Reference: https://twitter.com/FewAtoms/status/1238821505171107840

arkallsaintsacademy.com

# Reference: https://www.virustotal.com/gui/file/d81122f9d8a55ac1a0b607e321520df3dad2d69959acc99d2ee4e17219cbe4f5/detection

http://185.94.191.35

# Reference: https://twitter.com/FewAtoms/status/1239179323266957314

symriseltd.com

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

http://216.170.123.111

# Reference: https://twitter.com/bad_packets/status/1239693959330287616

ero.bckl.ir

# Reference: https://twitter.com/reecdeep/status/1239843956424409089

fibare.com

# Reference: https://www.virustotal.com/gui/domain/brupas.com/relations

brupas.com

# Reference: https://twitter.com/MSteve25/status/1239935490779987971

typrer.com

# Reference: https://twitter.com/casual_malware/status/1239760321021128706

http://94.242.59.225

# Reference: https://twitter.com/Bl4ng3l/status/1240188476789788672

http://209.141.54.161

# Reference: https://twitter.com/malwrhunterteam/status/1240195163265421312

omecanism2.sslblindado.com

# Reference: https://www.virustotal.com/gui/file/eb88393fc02fdab866b43176c03eb1fc27073c62033a7a51fcdd9f79fcb8882c/detection

transvale.sslblindado.com

# Reference: https://twitter.com/nmatte90/status/1240231606297788416

c0vidupdate.xyz

# Reference: https://twitter.com/ViriBack/status/1240249046280912896
# Reference: https://app.any.run/tasks/473692f1-73e5-4996-a1b3-2a497938cc58/

http://95.181.178.156

# Reference: https://www.virustotal.com/gui/file/602e17d3aada73b0be2bd791237b3bc4340980d9e14b53dbf6d437e69738afb1/detection

http://103.102.44.83

# Reference: https://app.any.run/tasks/dcd48517-ad5f-4f16-a6d0-8d12463ee3a2/

lxj.vvn.mybluehost.me

# Reference: https://app.any.run/tasks/5279381c-b255-482a-ae64-02ed6177bc12/

savannahhoney.co.ke/wp-content/uploads/

# Reference: https://github.com/silence-is-best/c2db#unknowns

103.136.43.131:9998
185.222.202.29:9998
nicholaspring.xyz
smartwaay.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.101.200.87/relations

http://95.101.200.87

# Reference: https://twitter.com/ScumBots/status/1240677572612104192

thesawmeinrew.net

# Reference: https://otx.alienvault.com/pulse/5e72b54ff5ee7b31653e7192

cdn-01.anonfiles.com
cdn-13.anonfiles.com
darkload.cf

# Reference: https://www.virustotal.com/gui/file/fa5f120243a4f0569df10aa04e6581a38ac28a8d07c059aeb80424cf982b6a0b/detection

braincarney.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1240935138537676800
# Reference: https://twitter.com/pancak3lullz/status/1240983894461231104

corona-virus2019.us
coronavirus2019.us

# Reference: https://twitter.com/malwrhunterteam/status/1240996072425652224

http://185.242.104.197

# Reference: https://twitter.com/malware_traffic/status/1241072162750029825
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.70/relations

http://37.1.212.70

# Reference: https://twitter.com/malwrhunterteam/status/1241106612737228800

redeturismbrasil.com/marco/

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0313-0320.html (# Win.Worm.Barys-7617456-0)

altincopps.com
l33t-milf.info
tuntu.info
tut0r1allsvu.info
x01bkr2.biz
xsaudix.net
yeh7292ahyssozananan.com

# Reference: https://www.virustotal.com/gui/file/f6851102c2ee6afc2eb48af99aea4a1313db2d2a81630641f568fb4749a815ba/detection

blog.sina.com.cn
blogx.sina.com.cn

# Reference: https://twitter.com/malwrhunterteam/status/1241328902343188481
# Reference: https://twitter.com/malwrhunterteam/status/1241332425491468288
# Reference: https://www.virustotal.com/gui/ip-address/68.183.199.205/relations

aguiws.com
ajisanjoseairport.com
ajisjc.com
arizonastatekwos.com
haduhabankaemasalahteh.com
haduhayawaemasalahteh.com
jalanbebekjos.com
r2techsystems.com
youngllpcnbstrs.com

# Reference: https://www.virustotal.com/gui/file/d920f89a4d8ae2f2cc597779c57e515c0f9451a66ecdaeef35169f6d0a43a35d/detection

ultraspeed.info

# Reference: https://twitter.com/FewAtoms/status/1241813291460067329

http://77.73.70.28

# Reference: https://www.virustotal.com/gui/file/e60b0b0e57ca395709aeae6016e39f4114c84272e32cf040f5d972372f212f08/detection

youtube4kprod.xyz

# Reference: https://www.virustotal.com/gui/domain/duleal.com/detection

duleal.com

# Reference: https://www.virustotal.com/gui/ip-address/46.105.155.114/relations

http://46.105.155.114

# Reference: https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/
# Reference: https://app.any.run/tasks/ce33bea3-9f2d-4507-ae43-2a96bb814bc5/

http://5.199.143.127

# Reference: https://app.any.run/tasks/e89173e6-eabc-44f5-899a-69945b914773/

newmarchess.com

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

http://64.44.57.65

# Reference: https://www.virustotal.com/gui/domain/blockchainglobal.cf/relations

blockchainglobal.cf

# Reference: https://twitter.com/KorbenD_Intel/status/1242571675738071040

http://35.192.198.16

# Reference: https://www.virustotal.com/gui/file/683844d7a032bb668c23f85020338451f43f4d9a19885d246459fd5f2e6b64d2/detection

skyxdata.ddns.net

# Reference: https://twitter.com/CyberCapta1n/status/1242865927185674245

la42.website
masry-corona.com

# Reference: https://twitter.com/jorgemieres/status/1242906665395027976

mwrc.ca/a/

# Reference: https://www.virustotal.com/gui/domain/m0bile.net/relations

m0bile.net

# Reference: https://twitter.com/bryceabdo/status/1243168325443690500

amdchecker.com
comwoman.com
developmasters.com
newservicehelper.com
powerlifterr.com
servicemonsterr.com
superservicee.com

# Reference: https://twitter.com/VK_Intel/status/1243230686858878981

wizardside.club

# Reference: https://www.virustotal.com/gui/domain/ikdarkhawast.com/relations

ikdarkhawast.com

# Reference: https://www.virustotal.com/gui/domain/ashkokatroma.com/relations

ashkokatroma.com

# Reference: https://twitter.com/KorbenD_Intel/status/1243231484212736000

vigilanciaepdemiologica.com

# Reference: https://twitter.com/FewAtoms/status/1243579932590161930

http://185.242.104.78

# Reference: https://twitter.com/FewAtoms/status/1243583843942182915

http://45.88.110.171

# Reference: https://www.virustotal.com/gui/domain/deadnig.ga/detection

deadnig.ga

# Reference: https://www.virustotal.com/gui/ip-address/193.135.12.22/relations

awaken1337.xyz
digicert-global-root.site

# Reference: https://www.virustotal.com/gui/domain/panellogs.ml/relations

panellogs.ml

# Reference: https://www.virustotal.com/gui/domain/api-dns1-e.xyz/relations

api-dns1-e.xyz

# Reference: https://www.virustotal.com/gui/domain/api-oberonapps.org/relations

api-oberonapps.org

# Reference: https://www.virustotal.com/gui/file/d57fbab9b0c261a448af29172f31458491c97942d07bcb562b263306560a132d/detection

81.61.77.92:9898

# Reference: https://twitter.com/Jouliok/status/1244494861362962441

asgardia.cl

# Reference: https://twitter.com/dms1899/status/1244596518402785280
# Reference: https://twitter.com/FewAtoms/status/1245700149952872448
# Reference: https://twitter.com/James_inthe_box/status/1245706266464288775

office-cleaner-indexes.com
office-cleaner-commander.com
office-updates-index.com

# Reference: https://twitter.com/malwrhunterteam/status/1244616242641735681

pay4ever.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1244684201653415940
# Reference: https://www.virustotal.com/gui/domain/ws09ku66vbu31pka.tk/relations

ws09ku66vbu31pka.tk

# Reference: https://twitter.com/JayTHL/status/1245245851661983746

friendsacrossthepasefika.buzz

# Reference: https://blog.cloudmark.com/2020/03/27/covid-19-sms-spam-attacks-shift-from-panic-to-stimulus/
# Reference: https://otx.alienvault.com/pulse/5e821ee9f9dc1acdaaef68b8

aircovid19virus.com
clearcovid19virus.com
coronabreath.com
covidflix19.xyz
covidflix20.xyz

# Reference: https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-target-cdc-who
# Reference: https://otx.alienvault.com/pulse/5e8242f59b8b637793daf071

cdchealth.org

# Reference: https://twitter.com/FewAtoms/status/1245337912889262085

jotunireq.com

# Reference: https://twitter.com/FewAtoms/status/1245693287140413440

boken-jjne0.tk

# Reference: https://twitter.com/FewAtoms/status/1245695682385715200

centrehotel.vn/js/

# Reference: https://twitter.com/w3ndige/status/1245783409781362688

ococococ.xyz

# Reference: https://twitter.com/yvesago/status/1245588527380717573

expertswebservices.com

# Reference: https://twitter.com/KorbenD_Intel/status/1245104618213748737

http://185.208.211.67

# Reference: https://twitter.com/FewAtoms/status/1246423618474647552

parasvijay.com/wp-includes/css/dist/list-reusable-blocks/dir/

# Reference: https://www.virustotal.com/gui/domain/dr-cold.com/relations

dr-cold.com/wp-content/uploads/2019/11/1223/
dr-cold.com/wp-content/uploads/2019/11/12261/

# Reference: https://twitter.com/FewAtoms/status/1246789609192816640

birthdaytrend.top

# Reference: https://twitter.com/VK_Intel/status/1239934124212785154
# Reference: https://www.virustotal.com/gui/file/81003dc976fa06b15142d1b0541e0f60adf295a06a188f81e9458b32970a8a87/detection
# Reference: https://www.virustotal.com/gui/ip-address/31.44.184.50/relations

http://31.44.184.50

# Reference: https://twitter.com/James_inthe_box/status/1233128596165685248

munesdon.top

# Reference: https://twitter.com/bryceabdo/status/1247550103205875717

orange-vpn.com
orangeyouglad.xyz

# Reference: https://app.any.run/tasks/d30d1c49-05e8-4767-ade8-66a3204f8821/

microsoft-hohm.space

# Reference: https://app.any.run/tasks/c4aa1b6e-a92c-4a19-a5c0-b644bd415374/

quickmaildrive.com

# Reference: https://twitter.com/malwrhunterteam/status/1247931172811874305
# Reference: https://app.any.run/tasks/15f42296-0d96-4536-a255-04105ec7339d/
# Reference: https://www.virustotal.com/gui/file/d3c075c5c6d9c6e8fcfda4a408c5bd8f5fc4c6ff6acf339293c50f72f89f585f/detection

scproducts7.ru
informatioshopname.ru
yamaha.ug
crocopexpire.ug
opetileon.ru
siciliyaopartion.ru
amfibiyapolyakova.com

# Reference: https://twitter.com/JayTHL/status/1247971248291880962

medicacademic.com/aza/

# Reference: https://twitter.com/pancak3lullz/status/1247985242092326920

hallmarkherbals.com

# Reference: https://www.virustotal.com/gui/domain/analyticsonline.top/relations
# Reference: https://twitter.com/FaLconIntel/status/1247895934127591426

analyticsonline.top

# Reference: https://twitter.com/MBThreatIntel/status/1248412024305897475
# Reference: https://www.virustotal.com/gui/ip-address/198.12.66.107/relations

http://198.12.66.107

# Reference: https://www.virustotal.com/gui/file/b9626de5d7262ab3985c0a064e3855f7a40fb9a6a941a29f55c2cb67df503fcf/detection

http://45.95.168.62

# Reference: https://app.any.run/tasks/eb87c335-fe94-477f-b6e5-01e75b74673e/

gulf-builders.com

# Reference: https://app.any.run/tasks/3ebea34f-7c85-41e5-983e-810ac1f43ab1/

http://193.168.3.93

# Reference: https://www.virustotal.com/gui/ip-address/74.208.13.22/relations

http://74.208.13.22

# Reference: https://twitter.com/JAMESWT_MHT/status/1249641912136617984
# Reference: https://www.virustotal.com/gui/domain/1podcast.best/relations

1podcast.best

# Reference: https://twitter.com/FewAtoms/status/1250412878781431810

bovientix.com

# Reference: https://twitter.com/bryceabdo/status/1250420225008259072

at-2.com
f-db.info

# Reference: https://twitter.com/bryceabdo/status/1250501636201512965

microsoft-ns1.com
office365upgrade.com

# Reference: https://twitter.com/stecar792/status/1250845389340774400

http://217.8.117.60

# Reference: https://twitter.com/YouMayBeHacked/status/1251161689812131841

igrejayhwh.com/wo/

# Reference: https://twitter.com/ydklijnsma/status/1251166858797101057

fileserveravast.com

# Reference: https://twitter.com/fr0s7_/status/1251445876398194690

mitsui-jyuku.mixh.jp/uploads/

# Reference: https://twitter.com/FewAtoms/status/1251574078965723136

mindrey.co/docu/

# Reference: https://twitter.com/malwrhunterteam/status/1251562811257507841

coronavirusmaps.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1251824300539219970
# Reference: https://www.virustotal.com/gui/domain/fasttads.com/relations
# Reference: https://www.virustotal.com/gui/domain/updateplayer.to/relations
# Reference: https://twitter.com/Arkbird_SOLG/status/1251827928134045696

fasttads.com
updateplayer.to
/pixel/install/?e=
/pixel/log/?e=
/pixel/update/?e=

# Reference: https://twitter.com/ReBensk/status/1252200857753382912

riversouthhomes.com/wp-includes/SimplePie/Net/

# Reference: https://twitter.com/FewAtoms/status/1252232647339720705

http://162.213.255.176

# Reference: https://twitter.com/James_inthe_box/status/1252249689811857408

http://167.114.85.125

# Reference: https://twitter.com/p5yb34m/status/1252660135408750597

office-archive-index.com
office-archive-reserve.com
ftp.centredebeautenellycettier.fr

# Reference: https://twitter.com/cyber__sloth/status/1252879669558312960

13pope.com/wrd/

# Reference: https://www.virustotal.com/gui/domain/gbud.webd.pl/relations

gbud.webd.pl

# Reference: https://twitter.com/MBThreatIntel/status/1253088809677320192

martner.com/sym/

# Reference: https://app.any.run/tasks/bd29f951-1fe7-4ce8-b26a-c440121d6fac/

wsdyanaekppyinitalymedicalconsultant3.duckdns.org

# Reference: https://www.virustotal.com/gui/domain/toliku.com/relations

toliku.com

# Reference: https://twitter.com/p5yb34m/status/1253473594631286785

apbfiber.com/openme/

# Reference: https://twitter.com/JayTHL/status/1253891233296060416

alkalabs.cf

# Reference: https://twitter.com/malwrhunterteam/status/1253984108109324288

http://117.50.106.161

# Reference: https://twitter.com/nao_sec/status/1254023052100120582
# Reference: https://app.any.run/tasks/d9f04401-83b4-4a83-8880-e82750d8b030/
# Reference: https://www.virustotal.com/gui/domain/yourfuturewin.online/relations

yourfuturewin.online
/grhcwZ?source=
/T33sBb?source=
/tpQpXh?source=

# Reference: https://www.virustotal.com/gui/ip-address/185.234.218.68/relations

http://185.234.218.68

# Reference: https://www.virustotal.com/gui/file/78ed52fd5cdeeeccaf079c7fd7c90ed7dc99664310c75e8829163546b2ce83cb/detection

http://185.242.104.98

# Reference: https://twitter.com/Jouliok/status/1254707467570774017

anjelo-directhelp.de/fotos/

# Reference: https://twitter.com/jstrosch/status/1254787385587572736

ttkplc.com/office/

# Reference: https://twitter.com/KorbenD_Intel/status/1254920769731063808

http://23.96.112.43

# Reference: https://twitter.com/KorbenD_Intel/status/1254912377130110977
# Reference: https://www.virustotal.com/gui/domain/properrty.co/relations

properrty.co/files/

# Reference: https://twitter.com/benkow_/status/1255423719037702144

http://213.226.100.140

# Reference: https://twitter.com/baberpervez2/status/1255581708189085696
# Reference: https://www.virustotal.com/gui/domain/dongiln.co/relations

dongiln.co

# Reference: https://app.any.run/tasks/7f13ba75-4ae3-4a33-8a0a-ac5a659b9c12/

http://84.38.134.120

# Reference: https://twitter.com/bry_campbell/status/1255786478480822272

http://45.147.228.245

# Reference: https://www.virustotal.com/gui/domain/elievarsen.ru/relations

elievarsen.ru

# Reference: https://www.virustotal.com/gui/domain/gobigonbig.info/relations

gobigonbig.info

# Reference: https://twitter.com/malwrhunterteam/status/1255907032944775171

softcheck3u.biz

# Reference: https://twitter.com/James_inthe_box/status/1255856345175044096

rockersdolphin.co.za

# Reference: https://twitter.com/KorbenD_Intel/status/1255979526925869056
# Reference: https://www.virustotal.com/gui/ip-address/185.22.153.166/relations

ajzconsulting.pw
kokoshi.website

# Reference: https://twitter.com/KorbenD_Intel/status/1255970615372079104

http://185.227.82.72

# Reference: https://twitter.com/bryceabdo/status/1256256516430143488
# Reference: https://www.virustotal.com/gui/ip-address/93.190.138.35/relations

http://93.190.138.35
93.190.138.35:8080
popeyesbox.org

# Reference: https://twitter.com/malwrhunterteam/status/1256263426441125888
# Reference: https://www.virustotal.com/gui/domain/9sg.me/relations

9sg.me

# Reference: https://twitter.com/bit_dam/status/1256311982992633862

maringareservas.com.br

# Reference: https://www.virustotal.com/gui/file/72663c3c01ba82e498550d5b6710f02353adb277903f5b588e49a847f6040e05/detection

hlde1.online

# Reference: https://www.virustotal.com/gui/file/44c3366e1c09d45096ae06709cf7edcc66e088c6f35b465f3fbfb2d81eb9460d/detection

149.248.37.246:10000
fasterpdfdashboard.top
/api/anonymous/cookie/post

# Reference: https://twitter.com/petrovic082/status/1256537423166791680

http://63.250.42.34/~bulght/

# Reference: https://twitter.com/JayTHL/status/1256668154383785986

http://45.9.148.123

# Reference: https://twitter.com/jorgemieres/status/1255243161099735046

273625612.netxi.in

# Reference: https://www.virustotal.com/gui/domain/prepaidgift.co/relations

prepaidgift.co

# Reference: https://twitter.com/jstrosch/status/1256705024241086464

ozz.su

# Reference: https://twitter.com/petrovic082/status/1256861192481538049

invoice7mukszq9nbpa7online.ru

# Reference: https://twitter.com/James_inthe_box/status/1256929937178517505

invoice9kat5ggmml0c6online.ru

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/google.nov.su/relations

google.nov.su

# Reference: https://twitter.com/3xp0rtblog/status/1257189013699657728
# Reference: https://app.any.run/tasks/ef44292d-3b2e-4571-8b68-fb49c1db1b1a/

geroipanel.site

# Reference: https://twitter.com/malwrhunterteam/status/1257264743775076353
# Reference: https://twitter.com/malwrhunterteam/status/1258281482805796865
# Reference: https://twitter.com/malwrhunterteam/status/1258663175806992384
# Reference: https://twitter.com/malwrhunterteam/status/1259724745907613696
# Reference: https://twitter.com/malwrhunterteam/status/1260812454294061057

kremlin-malwrhunterteam.info
nitro-malwrhunterteams.com
screw-malwrhunterteam.com
skidware-malwrhunterteams.com
putin-malwrhunterteams.com

# Reference: https://twitter.com/500mk500/status/1257300194984509444
# Reference: https://www.virustotal.com/gui/file/a3fb31d5f00d84fe35edb1e43acfa64a6d77fca443d49e67e6728cd33373bd29/detection
# Reference: https://app.any.run/tasks/de4c7c53-60c9-4f0d-9920-ff756532a28d/

http://185.183.76.32/Oq8d

# Reference: https://app.any.run/tasks/6a77f6f2-50fb-4a3e-ad20-e0bdd2ba7031/

http://185.141.27.131

# Reference: https://twitter.com/petrovic082/status/1257373903292432387

mitonegbh.xyz

# Reference: https://app.any.run/tasks/6a448b87-5f8a-493b-927c-09439f8e652a/

http://205.185.122.246

# Reference: https://twitter.com/bryceabdo/status/1257407631368519681

dl-microsoft.com
kaspernsky.com

# Reference: https://twitter.com/pmelson/status/1257474730703101959

56ed6ae9.ngrok.io

# Reference: https://urlhaus.abuse.ch/browse.php?search=web.lavishsupplystore.com

lavishsupplystore.com

# Reference: https://twitter.com/petrovic082/status/1257665271831113728

adamtcarruthers.com/sb/img/

# Reference: https://twitter.com/FewAtoms/status/1257685823711055875

adamtcarruthers.com/bottest/node_modules/files/

# Reference: https://twitter.com/felixaime/status/1257699061488070656
# Reference: https://www.virustotal.com/gui/domain/coramap.site/relations

coramap.sit

# Reference: https://twitter.com/KorbenD_Intel/status/1257792636292698112
# Reference: https://www.virustotal.com/gui/ip-address/183.131.80.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/207.246.106.233/relations
# Reference: https://www.virustotal.com/gui/ip-address/58.49.59.139/relations

http://183.131.80.72
http://207.246.106.233
http://58.49.59.139
183.131.80.72:16950
207.246.106.233:17470
58.49.59.139:13187

# Reference: https://twitter.com/ReBensk/status/1257902089411256321

linktodown.com

# Reference: https://twitter.com/PRODAFT/status/1257957444887744512
# Reference: https://www.virustotal.com/gui/ip-address/193.187.173.112/relations
# Reference: https://www.virustotal.com/gui/file/6d3a2dd3bd042a0484ba076f7ae7de39fb39d3aa7decc1809266c7e9b36dbb5a/detection

http://193.187.173.112

# Reference: https://twitter.com/FewAtoms/status/1258097048257265666

pocketfsa.com/m/

# Reference: https://twitter.com/James_inthe_box/status/1258099799066243072

medlinee.com

# Reference: https://twitter.com/James_inthe_box/status/1258117201610944514
# Reference: https://www.virustotal.com/gui/domain/rititi.com/relations

rititi.com

# Reference: https://twitter.com/ScumBots/status/1258145657514332161

freepics.bezatraud.me

# Reference: https://twitter.com/ScumBots/status/1258148818404679681

cloud.falconoasisdubai.com

# Reference: https://twitter.com/ReBensk/status/1258349048903266304

c9f44961.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1258390247341043712

ec2.amazzed.top

# Reference: https://twitter.com/KorbenD_Intel/status/1258508684159619073

colovilla.top

# Reference: https://twitter.com/KorbenD_Intel/status/1258514599436902401

http://5.206.224.216

# Reference: https://twitter.com/Circuitous__/status/1258467178141138944
# Reference: https://twitter.com/tkanalyst/status/1258744515977854977

theclinicabarros.com/a.jpg
theclinicabarros.com/ab.jpg

# Reference: https://www.virustotal.com/gui/file/259596170a1e0fb6e75d30cef5258005f1a2ddf7330baac54bab65e92310a750/detection

websolution.vipwell.org

# Reference: https://twitter.com/petrovic082/status/1259039290505519105

http://77.73.69.137

# Reference: https://twitter.com/FewAtoms/status/1258753855426306049

alphauniforms.ae/collinxx/
alphauniforms.ae/huss/
alphauniforms.ae/wetransfers/

# Reference: https://twitter.com/malwrhunterteam/status/1259208656819798017

outletdemakeup.ro

# Reference: https://twitter.com/petrovic082/status/1259446499353620480

http://40.89.185.52

# Reference: https://www.virustotal.com/gui/file/f1e753cf6e66c7ced7ac61aa4bc6646d8f772cec9ed513ae8bfc056cb4070ba3/detection

ad-repack.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1259916041431343104

http://94.158.245.25

# Reference: https://twitter.com/petrovic082/status/1260202592195543040

gossip-candy.stars.bz

# Reference: https://twitter.com/petrovic082/status/1260204809644277766
# Reference: https://twitter.com/petrovic082/status/1260205055866699776

aarontveit.net/doc/
aarontveit.net/zy/

# Reference: https://twitter.com/James_inthe_box/status/1260356146335899648

temp.news

# Reference: https://twitter.com/FewAtoms/status/1260610055151509504

http://37.59.90.90

# Reference: https://twitter.com/KorbenD_Intel/status/1260714876525256707

159.65.133.180:81

# Reference: https://twitter.com/_re_fox/status/1260931809103101957

ownemail.me

# Reference: https://twitter.com/executemalware/status/1260947413474381824

orlandovoicestudio.com/new/

# Reference: https://twitter.com/FewAtoms/status/1260979618716225536

http://194.26.29.128
id-929734532482.com

# Reference: https://twitter.com/abuse_ch/status/1261191304182206464

polaaadetadf.org

# Reference: https://twitter.com/KorbenD_Intel/status/1261369088229720065

http://79.124.8.122

# Reference: https://twitter.com/JAMESWT_MHT/status/1261484589035458560
# Reference: https://app.any.run/tasks/41685b2e-fa5b-444a-8948-8580e0c49ef4/

lightning.dns-cloud.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1261702858216558592
# Reference: https://app.any.run/tasks/44eac201-23e0-42cc-ae03-189ae1e9c430/

apkelites10.com

# Reference: https://twitter.com/malwrhunterteam/status/1262278709752578050

members.westnet.com.au/~marioncraig/

# Reference: https://app.any.run/tasks/efb52b8d-464c-4378-959f-0a4c12016dc7/

rough-grass-45e9.poecdjusb.workers.dev

# Reference: https://twitter.com/ScumBots/status/1262695833629274114

holy-shit.ubuntu.workers.dev

# Reference: https://twitter.com/FewAtoms/status/1262775320001814529

skdwre-mhteam.best

# Reference: https://twitter.com/KorbenD_Intel/status/1262859931717234689

http://185.62.188.26

# Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/

http://35.198.146.176
http://64.225.73.172
http://185.236.231.222
pirscupper.club
regapi.gamigo.com

# Reference: https://twitter.com/Vishnyak0v/status/1263110496347140098

strongapt.ga
strongapt.life

# Reference: https://twitter.com/James_inthe_box/status/1263179511123685376

pagamentos.rensz.com.br/craftbrew/

# Reference: https://twitter.com/petrovic082/status/1263413662569594880

ideaomar.net

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1263284829027786752

the-moondelight.96.lt

# Reference: https://twitter.com/yusaerguven/status/1263470947706773504

vpn-dragon.com

# Reference: https://twitter.com/FewAtoms/status/1263510144819908610

learnteachweb.ru/ikt/filter/algebra/tests/test/

# Reference: https://twitter.com/w3ndige/status/1263515049978626049
# Reference: https://app.any.run/tasks/91b1966a-7d29-44fc-834e-3666fbd0367a/

tani-klucz.pl/2/

# Reference: https://twitter.com/petrovic082/status/1263768808105402369

http://45.141.86.137

# Reference: https://twitter.com/James_inthe_box/status/1263863548418994178

wikiapply.ir

# Reference: https://twitter.com/malwrhunterteam/status/1263772532194205696
# Reference: https://twitter.com/VK_Intel/status/1264191430068711426
# Reference: https://www.virustotal.com/gui/file/f8cbdb2369a642d07a944f6fea135bc6c6755dbcf3e984b3f170b03d586ce053/detection

39.104.67.122:453

# Reference: https://twitter.com/petrovic082/status/1264193721836408833

tayga.mx/wp-content/themes/twentytwenty/assets/fonts/

# Reference: https://www.virustotal.com/gui/file/3d3351726f3b5cd848ad58cabcc33c9dcd1c601cc1664f197f10b8b1adf7038b/detection

tavukkement.tk

# Reference: https://www.virustotal.com/gui/domain/kiss58.org/relations

kiss58.org

# Reference: https://app.any.run/tasks/3a99ae00-8cdc-43fc-b0d0-cfef5c5fc65b/

craghoppers.icu

# Reference: https://twitter.com/FewAtoms/status/1264929672166506497

conveyancing.pro/wp-admin/js/widget/

# Reference: https://twitter.com/JAMESWT_MHT/status/1264828072001495041

fofl.it

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

http://185.205.209.166

# Reference: https://twitter.com/James_inthe_box/status/1265390063203975168

http://185.177.59.184

# Reference: https://twitter.com/ScumBots/status/1265610032487563264

striker.work

# Reference: https://twitter.com/petrovic082/status/1265938802176077825

http://217.8.117.132

# Reference: https://twitter.com/nao_sec/status/1266773287733825537
# Reference: https://app.any.run/tasks/6ed3b407-889f-4165-bd04-4a9f73b46dee/

crypt.guru

# Reference: https://twitter.com/_re_fox/status/1266917702435835904

goodhk.azurewebsites.net

# Reference: https://www.virustotal.com/gui/file/cbcbf58f7d5df41edaef663f74519ce633d326de0705ab22dee43fe6726e956a/detection

kiglskfws.serveminecraft.net

# Reference: https://twitter.com/reecdeep/status/1267328903846207494

http://45.76.126.209
http://45.77.50.112

# Reference: https://twitter.com/p5yb34m/status/1267971830301601795
# Reference: https://pastebin.com/hbCT919x

westuatrans.com/storage/

# Reference: https://twitter.com/James_inthe_box/status/1268190189794426880

manguifajas.com/admin/

# Reference: https://www.virustotal.com/gui/domain/anyeddos.com/relations

anyeddos.com

# Reference: https://twitter.com/VK_Intel/status/1268610373004845059
# Reference: https://twitter.com/malwrhunterteam/status/1268966003582566401
# Reference: https://www.virustotal.com/gui/file/91e18e5e048b39dfc8d250ae54471249d59c637e7a85981ab0c81cf5a4b8482d/detection
# Reference: https://twitter.com/abuse_ch/status/1269852916074110976
# Reference: https://twitter.com/ScumBots/status/1270904922909872128
# Reference: https://twitter.com/bryceabdo/status/1271498581271330821
# Reference: https://twitter.com/ScumBots/status/1266120897020248065
# Reference: https://twitter.com/VK_Intel/status/1273346999740481536
# Reference: https://twitter.com/cyber__sloth/status/1273990449796198407
# Reference: https://twitter.com/MBThreatIntel/status/1275106542795329536
# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Note: CobaltStrike, CrowdStrike

http://149.129.72.37
103.214.168.176:443
cofeedback.com
consultane.com
microsoftdoc.live
websitelistbuilder.com
typiconsult.com
image91.360doc.com
welcome.toutiao.com
payroll.blogtodaynews.com
zalofilescdn.com

# Reference: https://www.virustotal.com/gui/file/cc4d665c468bcb850baf9baab764bb58e8b0ddcb8a8274b6335db5af86af72fb/detection

http://217.8.117.63

# Reference: https://twitter.com/JAMESWT_MHT/status/1268837262516727809
# Reference: https://app.any.run/tasks/fbce704e-e748-4898-b36a-0cab2ecd5105/

freekzvideo.cloud

# Reference: https://twitter.com/jstrosch/status/1268961202778116096

thugesh.cf

# Reference: https://twitter.com/jcarndt/status/1268585900969283585

hizmetotomotiv.com

# Reference: https://app.any.run/tasks/2b9c3175-8d4c-4030-8ba7-0ec2b6591dc6/

mainwhile.com

# Reference: https://twitter.com/nao_sec/status/1269422460362870784

http://192.241.208.221

# Reference: https://www.virustotal.com/gui/file/c38e150306fbbe4ea692c3f4b76dcd39d8ebdd97d58dcdad7d70b8be88d79278/detection (# Aliases: disbuk, socelars)

infokscents.com

# Reference: https://www.virustotal.com/gui/ip-address/155.138.226.36/relations

channelinfo.pw
downcleardown.xyz
exeinfo.pw
goodvisit.pw
jsxjbxx.pw
nextinfo.pw
sjjscenter.pw
smartpdfreader.com
wbinstall.pw

# Reference: https://twitter.com/abuse_ch/status/1269863589382369282

bluechippropertyexperts.com/autorenew/

# Reference: https://twitter.com/reecdeep/status/1269911390141190144
# Reference: https://www.virustotal.com/gui/domain/szn.services/relations

szn.services

# Reference: https://twitter.com/James_inthe_box/status/1270007086978486272

transgear.in/ssc/

# Reference: https://twitter.com/FewAtoms/status/1270030123480289281

boasteel.us

# Reference: https://twitter.com/FewAtoms/status/1270038201533632514

eurostudiescy.com/putttty/

# Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection

majia.pw

# Reference: https://twitter.com/yusaerguven/status/1269373995197042688

irsupd.com

# Reference: https://twitter.com/ViriBack/status/1270105258908401678
# Reference: https://twitter.com/trungduc751995/status/1270279726980984832
# Reference: https://www.virustotal.com/gui/file/43a922ce521114e7a4be1aa6987129e57cec880a8d235056e20ed933ff808a57/detection

http://217.8.117.63

# Reference: https://twitter.com/FewAtoms/status/1270765647182663681

http://5.152.203.117

# Reference: https://twitter.com/FewAtoms/status/1270754951380205569

ivobrandao.com/wp-admin/maint/files/
ivobrandao.com/wp-admin/includes/files/
ivobrandao.com/wp-admin/images/files/

# Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618

social-turnips.xyz

# Reference: https://app.any.run/tasks/bbf298e2-3f58-4702-80ff-eb0b742f5a6a/

http://176.57.208.130

# Reference: https://twitter.com/bad_packets/status/1271568773867204608

http://107.189.11.170

# Reference: https://twitter.com/FewAtoms/status/1272132057901273091

http://43.229.151.135

# Reference: https://www.virustotal.com/gui/file/acb6fe32500a2a116c9a56bc4cc897ecad4d38839cd73d09b5904d7ebe29d047/detection

webewr.com

# Reference: https://twitter.com/1ZRR4H/status/1272311078148550656

small-business-solutions.biz

# Reference: https://twitter.com/ScumBots/status/1272445067232530433

microsoft.dtgsiam.pw

# Reference: https://twitter.com/malware_traffic/status/1272973262788734977

pops.works/manahet/

# Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/

office-service-secs.com

# Reference: https://twitter.com/James_inthe_box/status/1273271196298080258

asmreekasounds.com/upfiles/up_down/

# Reference: https://twitter.com/benkow_/status/1273205562122153984
# Reference: https://www.virustotal.com/gui/domain/covidbase.info/detection
# Reference: https://www.virustotal.com/gui/file/0d98e0007c97324e37dbaceadd478378b1e803ade4bac2e2642603d2ed709b9e/detection

covidbase.info
faithohp2pohm1einee5.youtubecom.watch

# Reference: https://twitter.com/mz_malhunt/status/1272844728950652928
# Reference: https://twitter.com/p5yb34m/status/1273415760052805632
# Reference: https://twitter.com/FewAtoms/status/1273664376470462464

microtechnology.hk/fidex/
microtechnology.hk/wapdast/

# Reference: https://twitter.com/jstrosch/status/1273077060303454209

gpt.alarmasystems.ru/wp-content/themes/twentysixteen/inc/

# Reference: https://twitter.com/reecdeep/status/1273576796735377408

playthefinancialgame.com/createfoldernow/

# Reference: https://twitter.com/_re_fox/status/1273655899073187840

crm-domain.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1273922229865234433
# Reference: https://app.any.run/tasks/21a85887-bcb6-4733-b3fa-17137886052e/

http://137.74.137.211
http://45.125.66.95

# Reference: https://twitter.com/reecdeep/status/1273935123910713346

http://45.139.236.5

# Reference: https://twitter.com/jstrosch/status/1274009131603472385

omeubebexxs.org/storage/app/files/

# Reference: https://www.virustotal.com/gui/domain/admindepartment.ir/detection

admindepartment.ir

# Reference: https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
# Reference: https://otx.alienvault.com/pulse/5ef1091a9653016c3a10d2c8

http://134.209.196.51
http://134.209.200.91
http://139.59.1.154
http://139.59.79.105
http://139.59.81.167
http://157.245.78.153
http://165.22.201.190
http://188.166.14.73
http://188.166.25.156
http://202.59.79.131
139.59.1.154:8201
202.59.79.131:8080
tecbeck.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275338252531249152

office-services-sec.com

# Reference: https://pastebin.com/5QKdKvZH

http://80.76.42.107
real-chat.website

# Reference: https://twitter.com/cyber__sloth/status/1275339899789553666

89.248.168.197:443

# Reference: https://twitter.com/RobbieWhite98/status/1275781443063623680

aravindweb.in/my_files/others/

# Reference: https://twitter.com/James_inthe_box/status/1275831258216411136

http://37.49.230.204

# Reference: https://twitter.com/_re_fox/status/1275887920910610432

aquacare2.com

# Reference: https://twitter.com/James_inthe_box/status/1275914690627899392
# Reference: https://twitter.com/ThreatHive/status/1275918481800617984
# Reference: https://app.any.run/tasks/d40e13a1-f17a-449c-8ac4-a7fd947f986b/

charjackyum.com
electroncador.com
gemmiparalyzed.com
jaglamorous.com
judicialance.com
neighborhoodlumish.com
podestablished.com
spontaneousance.com
spoolopedia.com
temptationone.com

# Reference: https://app.any.run/tasks/764bc39b-9b3d-4e12-a7e6-4f1f905e7891/

ahjuric.si
office-service-tech.info

# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Reference: https://www.virustotal.com/gui/file/4c9a53b3cc66aef4e9e58e84bc2a873ce2e1ae8a39ac44323aae5c5ac5f443cd/detection

144.202.98.198:8443

# Reference: https://www.virustotal.com/gui/file/65fa0b682baabead9786a6b7d540af673155d32394424e64c77e0ccd509567ae/detection

45.77.249.92:443

# Reference: https://www.virustotal.com/gui/ip-address/81.16.141.208/relations

http://81.16.141.208

# Reference: https://app.any.run/tasks/8473c16b-cbb5-4885-a48b-8952654d5031/

blackl1vesmatter.org

# Reference: https://twitter.com/BlackonIntel/status/1276166654980956161

http://202.146.222.249

# Reference: https://twitter.com/BlackonIntel/status/1276399848586014720

http://47.112.99.43

# Reference: https://twitter.com/BlackonIntel/status/1276398237868408834

http://194.87.18.147

# Reference: https://twitter.com/Circuitous__/status/1276560882538098690

biz9holdings.com

# Reference: https://twitter.com/FewAtoms/status/1276582665366441984

lont.co.in

# Reference: https://www.virustotal.com/gui/domain/akhbarrecords.com/detection

akhbarrecords.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

0022a601.pphost.net
children.ru.com

# Reference: https://twitter.com/p5yb34m/status/1277003721893834752

http://88.119.174.241

# Reference: https://www.virustotal.com/gui/domain/valencaagora.com.br/relations

valencaagora.com.br

# Reference: https://www.virustotal.com/gui/file/2430b443aa2f97bf06ce3a60d328c379bf8f0df540dbb68523eff1f23cb254af/detection

184.168.221.59:444
50.63.202.34:444
haoqing.me

# Reference: https://bazaar.abuse.ch/sample/de5648abf555a4574df8ebf2d2b75dde4ea73639662ae62bf62a109a54f14fd4/

http://170.130.55.135

# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.91/detection

http://101.99.90.91

# Reference: https://twitter.com/reecdeep/status/1277510958647250945
# Reference: https://app.any.run/tasks/1077f681-1dce-4232-a044-1d31f7b56a5f/

itsmeyourfriendhi.ga

# Reference: https://twitter.com/malware_traffic/status/1277619624243314688

feedingyourhealth.com/oprawilson/

# Generic

/newratexploitlink
