# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gozi, isfb, dreambot, ursnif

# Reference: https://github.com/fideliscyber/indicators/blob/master/Blogs/New%20URSNIF%20Targeting%20Italy%20and%20US/url.csv

creatortherefore.cn
goinumder.su
goyanok.at
hothegivforsuffer.cn
hulivam.at
justiceseasfriends.cn
lopertopgo.su
mid100.at
nexpoo.at
noopex.at
outaplaceshave.cn
pergozip.at
therepalon.su
trepeatedandequal.cn

# Reference: https://www.forcepoint.com/blog/security-labs/many-faces-ursnif-email-hijacking-mailslots-and-insecure-servers

14ca1s5asc45.com
9qwe8q9w7asqw.com
asd5qwdqwe4qwe.com
d4q9d4qw9d4qw9d.com
dq9wq1wdq9wd1.com
dqowndqwnd.net
eq9we1qw1qw8.com
fqw4q8w4d1qw8.com
g98d4qwd4asd.com
gtqw5dgqw84.com
hhhasdnqwesdasd.com
hhjfffjsahsdbqwe.com
jjasdkeqnqweqwe.com
kkjkajsdjasdqwec.com
kkmmnnbbjasdhe.com
mmmnasdjhqweqwe.com
oiwerdnferqrwe.com
ooaisdjqiweqwe.com
oooiasndqjwenda.com
oooiawneqweasd.com
oqk4123613123.net
oyiyuarogonase.net
popopoqweneqw.com
ppoadajsqwenqw.com
ppoasdqnwesad.com
pqwoeasodiqwejes232.com
q5q1wdq41dqwd.com
qiwjesijdqweqs.com
qw6e54qwe54wq.com
qw8e78qw7e.com
qwd1q6w1dq6wd1.com
qwd1qw8d4q1wd.com
qwdohqwnduasndwjd212.com
qwe1q9we1qwe51.com
qwekasdqw8412.net
qweoiqwndqw.net
qwojdaisd1231.net
qwqw1e4qwe14we.com
qwqweqw4e1qwe.com
qwundqwjnd.net
r9qweq19w1dq.com
rqw1qwr8qwr.com
rrrradkqwdojnqwd.com
sdf5wer4wer.com
sdjqiweqwnesd.com
t8q79q8wdqw1d.com
tr8q4qwe41ewe.com
tttiweqwneasdqwe.com
uuasdjqwehnasd.com
uurty87e8rt7rt.com
uuyyhsdhasdbee.com
wdojqnwdwd.net
wdq9d5q18wd.com
yyjqnwejqnweqweq.com

# Reference: https://www.f-secure.com/v-descs/trojan_w32_ursnif.shtml

bergesoma.com
polinodara.com

# Reference: https://www.cert-pa.it/news?id=10536

werwaarogonase.net
fhjjndiasnew.net
axewansdownew.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1045682605662851073

d792jssk19usnskdxnsw.com
29uwuwousuw8wuwyuwie.com
ye8283yeiw283929wu2.com
h2812932937292sjshskz.com

# Reference: https://twitter.com/luc4m/status/1045671697268051968

h2812932937292sjshskz.com

# Reference: https://twitter.com/avman1995/status/1047018001810300928

382oiso10si8sowppdoiwpc.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1047414713850781697

/MXE/files/
/TOL/files/

# Reference: https://twitter.com/Bank_Security/status/1049640177361186818
# Reference: https://pastebin.com/mkMfAf9Z

avitoon.at
dicin.at
fofon.at
go10og.at
jimden.at
kaonok.at
kartop.at
twidix.at
tylron.at
mahono.cn

# Reference: https://twitter.com/ViriBack/status/1051565888212791296

hdiwuey872629hsgs18702837.com
k37aos82skd9nal92kamcdla.com

# Reference: https://twitter.com/mgiovamo/status/1051771811438964736

testmykickstarter.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1052469234159239168

37iwdmx103qlsmx.com
againstitudents.com
ey271psx8127301.com
woatinkwoo.com

# Reference: https://blog.minerva-labs.com/attackers-insert-themselves-into-the-email-conversation-to-spread-malware

nesocina.com
tapertoni.com
tenicoriv.com
onkoloper.com
nidersona.com
maxigozo.com
nasodirom.com

# Reference: https://twitter.com/Bank_Security/status/1055099888906702850
# Reference: https://pastebin.com/DYZhgSnH

33gourmetdelinyc.com
smallworld-parties.com
kapswholesale.com
aghapyfoodridgewood.com
810delicafe.com
ajisaijapanesenyc.com
jfklandscape.com

# Reference: https://www.nttsecurity.com/docs/librariesprovider3/default-document-library/jp_ursnif_20161226

i56a4c1dlzcdsohkwr.biz
66ssywiogjvwljaopw.com
reebovnenewbne001.com
neneeeenqwenene188.com
ceeoerunw10.com
echo.listentree.com
pop.lawadviceonline.org
licensecanadian.ru
arewithoutwarranty.xyz
thenotwithsoldsuequiv.ru
goglosmmosss.com

# Reference: https://blog.yoroi.company/research/ursnif-long-live-the-steganography/

pereloplatka.host
roiboutique.ru
uusisnfbfaa.xyz
nolavalt.icu
sendertips.ru

# Reference: https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features

baderson.com
mopscat.com
gorsedog.com
pintodoc.com
ropitana.com
pirenaso.com
papirosn.com
delcapen.com

# Reference: https://twitter.com/avman1995/status/1094181713121558529

qfelicialew.city
mzg4958lc.com
gxuxwnszau.band

# Reference: https://twitter.com/avman1995/status/1108760534894170113

insurancephotolive.xyz
nophotoinsecure.xyz
topolotonop.xyz

# Reference: https://twitter.com/avman1995/status/1108623779062861824

fnyah44.email
wrladoph.city
rsf58.city
subaldodd.email

# Reference: https://twitter.com/James_inthe_box/status/1109520290323693568

keepincomemoney.website

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Ursnif-6896385-0)

kkariannekatrina.company
f61leeii.com
qmitchelkp.com

# Reference: https://otx.alienvault.com/pulse/5c9a405e5645c8011c7030f3

blogger.scentasticyoga.com

# Reference: https://twitter.com/bomccss/status/1110997371188465664

sumeriun.com

# Reference: https://twitter.com/gorimpthon/status/1078159820371288064

thatconditions.online

# Reference: https://twitter.com/gorimpthon/status/1077498826934480896

theanyexppatent.online

# Reference: https://twitter.com/Sec_S_Owl/status/1084967201222717440

theincludingte.online

# Reference: https://twitter.com/58_158_177_102/status/1087514326607355904

freetoper.accountant

# Reference: https://twitter.com/AES256bit/status/1079582045439877121

tformlicensable.online

# Reference: https://twitter.com/gorimpthon/status/1078159820371288064

thatconditions.online

# Reference: https://twitter.com/gorimpthon/status/1077498826934480896

theanyexppatent.online

# Reference: https://twitter.com/AES256bit/status/1063113281441738752

cjwefomatt.com
dubbergergbb.com
ticrerfgiff.com

# Reference: https://twitter.com/bomccss/status/1103211371817197568

mopscat.com

# Reference: https://twitter.com/CybereasonJPSOC/status/940267086802063360

comanylimiteddocume.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113063803753684995
# Reference: https://app.any.run/tasks/223464af-a7be-454b-8f8f-2a8819bde8c1

posakloska.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113429156040196096
# Reference: https://app.any.run/tasks/22f1f4c3-0297-49a9-89a9-787eee944de9

adonis-medicine.at

# Reference: https://blog.yoroi.company/research/ursnif-the-latest-evolution-of-the-most-popular-banking-malware/

nuovalo.icu
nuovalo.site

# Reference: https://twitter.com/avman1995/status/1116271689057427456

lunchrappz.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1117694292359819265
# Reference: https://app.any.run/tasks/ca845868-1bba-47ac-8fc5-cf3ba9b86b80

eloiyus.site
nuovalo.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1117711355363168256
# Reference: https://app.any.run/tasks/f6198a2a-e3c2-48dd-b1ab-dcd723770fd1

itschoolegz.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123206109421027329
# Reference: https://pastebin.com/NqSBZYCd

npou82vb.info
xjustusia37.xyz

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Ursnif-6957672-0)

ciemona.top
fqwalfredoesheridan.info
resolver1.opendns.com
vmelynaa.club
zwbaoeladiou.xyz

# Reference: https://twitter.com/bomccss/status/1125667764868247552

lidersonef.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1125746846335479808

b49ealsgrjf63w.info

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

sharktankdigestq.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126044178327191558

velissimilio.site
zxcvsdffffdsv.icu

# Reference: https://twitter.com/VirITeXplorer/status/1128936190311391233

jxfps21tjohnathon.xyz
ntyrique6024karlie.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304
# Reference: https://twitter.com/James_inthe_box/status/1130805489707520000
# Reference: https://pastebin.com/ZUKsE8FQ

r588uaacornell.info
tzdottopm.xyz
v22xscot.info

# Reference: https://twitter.com/SethKingHi/status/1131762896793268224

fbilly75.com
tcletuswi.top
vtaeladarius47.com

# Reference: https://twitter.com/sugimu_sec/status/1133293529025744896

newupdatindef.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1133327173467672581

loaidifds.club

# Reference: https://twitter.com/SethKingHi/status/1133565099577266176

dohilda.club
m49crod.info
mshaun24sidney.top

# Reference: https://twitter.com/sugimu_sec/status/1133714003455168512

aliooird.us

# Reference: https://twitter.com/sugimu_sec/status/1133716946967416835

doliurt.icu

# Reference: https://twitter.com/VirITeXplorer/status/1134009733705359360

clarrywillow.top
rueu5334.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1134039582729822209

office-365-cloud6-2.pw

# Reference: https://twitter.com/JAMESWT_MHT/status/1134373743634071557

sumvawe1s.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

tericks90.info

# Reference: https://pastebin.com/8AkBCP3p

cannamariecordell.com
hchyna985.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1135815803880820742
# Reference: https://twitter.com/sugimu_sec/status/1135818200455626752

http://176.10.118.191
markeettit.club
markeettit.email
riehmconstruction.com
westseattlenailsalon.com

# Reference: https://twitter.com/58_158_177_102/status/1136164132279861248

paderson.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1136181780531294208

allspanawaystorage.net
extrastoragesandiego.com
searchstoragequote.com
usastoragenetwork.com

# Reference: https://twitter.com/VirITeXplorer/status/1136165811968716800

gopickupnow.com

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://twitter.com/VirITeXplorer/status/1136529259000995840

mmmtbsusanna.info
r52yoo.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1136542388510441472

vduncanoo.club

# Reference: https://twitter.com/Racco42/status/1136991881626341377

blockshain.info

# Reference: https://twitter.com/sugimu_sec/status/1137987552097366016

iqqoiuetyd.club
niloiuyrt.info

# Reference: https://twitter.com/bomccss/status/1138620211140030464

marcoplfind.at

# Reference: https://twitter.com/Bank_Security/status/1138680380242968576
# Reference: https://pastebin.com/ut0fw5Ry

filomilalno.club
fileneopolo.online
reziki.online
reziki.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1138703768994758656

b64zwvi.top
mjoan95bn.info

# Reference: https://twitter.com/58_158_177_102/status/1140519789368098818

timenard.top
tupeska.top

# Reference: https://twitter.com/reecdeep/status/1140880338790617089

m6147keeganpw.info

# Reference: https://twitter.com/VirITeXplorer/status/1141597876432322560

dmurrayh52k.club
fconnieao.club

# Reference: https://twitter.com/sugimu_sec/status/1141618472612319232

iluuryeqa.info
ueba6ka.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1141636986912018432

jyoe91alverta.top

# Reference: https://twitter.com/James_inthe_box/status/1141788413697253376

fiho.at
audiobookjunkie.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1141969652656082944

imtbreds.com

# Reference: https://twitter.com/reecdeep/status/1142006559247097856

iluuryeqa.info

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Ursnif-6995948-1)

capoverso.info
cyberplay.at

# Reference: https://twitter.com/killamjr/status/1143138622289391616

zuvwax.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1143483784605708291

sdelaneyuaclotilde.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1144155439598309376
# Reference: https://app.any.run/tasks/383c4c0a-e2f0-46d2-9688-27243cd17681/

n82burdette62.top

# Reference: https://twitter.com/reecdeep/status/1144156253075247104

fundoluyr.fund

# Reference: https://twitter.com/JAMESWT_MHT/status/1144154461759311872

mmontyireina.club
riul.xyz
s62mxcn.club

# Reference: https://twitter.com/sugimu_sec/status/1144180837526585344

48727711.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1145676603038605312

g69jylv.xyz
koe32dayton.com
woa79ewinfield.club

# Reference: https://twitter.com/VirITeXplorer/status/1145961294945771521

je28oy379.info

# Reference: https://twitter.com/p5yb34m/status/1146420354564280321

danforthdrugmart.ca
toolz22n5.info

# Reference: https://twitter.com/gorimpthon/status/1147099717693661185

pjr82milford.xyz
cio12y21e99.top
pp70guy53kevin.top

# Reference: https://twitter.com/luc4m/status/1148855879686656000
# Reference: https://pastebin.com/F24ifaDe

celvai.info
wlulua99reagan.info
wms533713juana.club

# Reference: https://github.com/stamparm/maltrail/pull/2869/commits/aef8355aa623f3a137aa885dd6b844b17115b371

cocoon1city.com
kolaandpepsi.com
lloydsbankdocs.com

# Reference: https://twitter.com/reecdeep/status/1151405327335743488

http://185.193.141.248/gs.php
fcamylleibrahim.top
viuecody.club

# Reference: https://twitter.com/sugimu_sec/status/1151491320956874754

qo34789g.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1152118722577993728

thebohuff.com

# Reference: https://twitter.com/VirITeXplorer/status/1152121710369546245

roza1beach.com

# Reference: https://twitter.com/VirITeXplorer/status/1152118727036588032

kolaawhatepsi.com
wyattspaintbody.com

# Reference: https://twitter.com/killamjr/status/1152235739679059969

jpearl26kacey.top
sdorthyyantonietta.top
cutaylorpascale.top

# Reference: https://twitter.com/0bfusCat/status/1153266712130859009

project-xxx1.biz

# Reference: https://twitter.com/P3pperP0tts/status/1154325581795696640

blaneymarquise.info
prnaajm83.club
rcamryny.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1154380971753529344

http://109.196.164.79/3.php

# Reference: https://twitter.com/58_158_177_102/status/1155753745486974976

irwhfgowe.xyz
newupprolods.club
riuytessl.xyz

# Reference: https://twitter.com/58_158_177_102/status/1155758187309436928

siurreje.xyz
aliiuyrt.xyz
aliiuyrt.space
newupprolods.fun

# Reference: https://twitter.com/Mesiagh/status/1156235282515025920
# Reference: https://pastebin.com/PYgnFqSU

c67562ukx.top
czgpoy30kane.xyz
zbmou8oa.top

# Reference: https://twitter.com/smica83/status/1156482263019872256

powerprivat.ru
trading-secrets.ru
vaslbnt.ru
intrade-support.at
intrade-support.ru
66.181.168.248:80

# Reference: https://twitter.com/reecdeep/status/1156538323206311936

q9676cassie.com

# Reference: https://twitter.com/reecdeep/status/1156813693872726017

d8021.club
pgtimelda97.top
w47cldemario.top

# Reference: https://twitter.com/killamjr/status/1159088302965833728

t10zulamgya.com

# Reference: https://twitter.com/Cybor_Tooth/status/1161683663840514050

zvaleriefs96.com

# Reference: https://twitter.com/killamjr/status/1161713701684174848

hoal9.com

# Reference: https://twitter.com/sugimu_sec/status/1163786238685401088

llooioloi.xyz

# Reference: https://twitter.com/sugimu_sec/status/1163813726962606081

newupprolods.club

# Reference: https://twitter.com/zuinmichele/status/1164088051418697729
# Reference: https://twitter.com/zuinmichele/status/1164088197485387776

asksuze.com
suze10n1.com
vregbqeg.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1164132237195063296

moneymindedmoms.com

# Reference: https://twitter.com/BompaniMarco/status/1164444291701313537

13287469.best
egiiuouy.club
newupprolods.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1164879244759113729

goarebecao.club
khgyurm.com

# Reference: https://twitter.com/killamjr/status/1164988661848510464

bsamnz.com
gjoannemajor.com

# Reference: https://twitter.com/luc4m/status/1165285566012907520
# Reference: https://pastebin.com/78khyf1y

waehaylieoumaximus.top
wtlverner.club
zjackyouoa.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1165999042180128770
# Reference: https://twitter.com/malware_traffic/status/1166090267767791616

b71t2012.xyz
jt23932.xyz

# Reference: https://twitter.com/sugimu_sec/status/1166005809001558016

mzy48domenico.com

# Reference: https://twitter.com/killamjr/status/1166347365235724288

k23ueugeniay.com
sizfjalenk51.com
v25brigittet.com

# Reference: https://twitter.com/killamjr/status/1166350012961435648

inmax.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1166610985106493443

sizfjalenk51.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166993754697453568

lyckapost.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1167048860327452677

qmiller.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1167442145231482880

essaycomplete.xyz
eroomia.com
zuoashlyc.com

# Reference: https://twitter.com/killamjr/status/1167513746689970178

ze5upyoybvc0yeke.com
zuoashlyc.com
x4fwben.xyz
rreynold77.club

# Reference: https://twitter.com/reecdeep/status/1168776666790944768

gfewvb6phuhcjy.com

# Reference: https://twitter.com/VirITeXplorer/status/1168797417417904128

xiviola30heber.xyz

# Reference: https://twitter.com/James_inthe_box/status/1168914983578755073

ciaraburkett.xyz

# Reference: https://twitter.com/gigafio/status/1168927448223932416

tanguear.it
hsz59c1evs1h30.com
x77unhucolten.com

# Reference: https://twitter.com/reecdeep/status/1168776666790944768

107gam.com
10bonusonline24.info
406lawyers.net
alicetheguru.com
atbstroy.com
harpbyrequest.com
litum.org
mesondelprincipe.com
miamicoffeebar.com
orangetheorymb.com
rosenstock.net
stat-football.com
zepcnc.com

# Reference: https://twitter.com/reecdeep/status/1169174309149061121
# Reference: https://app.any.run/tasks/816dc2bd-2f23-4d06-b16f-7f8e904059c7/

alloiudh.casa

# Reference: https://twitter.com/reecdeep/status/1169178088963543040

llaiuyeiv.xyz

# Reference: https://twitter.com/James_inthe_box/status/1169265148659261441
# Reference: https://pastebin.com/VyyyMUJa

d2h2e7azvio4e7sp.com
hateatate.xyz
tcolleen4463dn.com
v57zfvp.com

# Reference: https://twitter.com/notajungman/status/1169274359397199872

zbtgcvclwr3qoz7h.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169280410238562304

gl6063f3cc237zqm.com
kv4gfnj59y0r9q6l.com

# Reference: https://twitter.com/malware_traffic/status/1169312743956066305

pb128o6c2favwk.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169592043246690304

gbszciag8tgf2m.com

# Reference: https://twitter.com/Paladin3161/status/1169588648259411968
# Reference: https://pastebin.com/Z7YSad5d

fiho.at
inmax.at

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

f39fxnzeanabelle.xyz
sdscqgtm63mz1b.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169899678453731329

bostonfrogpond.com/groups/tag.emf
neobootcamp.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1169936612769370112
# Reference: https://app.any.run/tasks/ff7fda21-ff34-4b9d-bae0-6588d0682e0e/

ty29lt.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1171034830143987712

w6948qzoila.xyz

# Reference: https://twitter.com/luc4m/status/1171721625043161092

ooakieyrc.xyz

# Reference: https://twitter.com/reecdeep/status/1172056906803924995

wantriopplos.xyz

# Reference: https://twitter.com/gigafio/status/1172481607334342657

tabibmadical.com

# Reference: https://twitter.com/VirITeXplorer/status/1173879933124448256

30082019.xyz
aliiuyrt.xyz
bateshkeeutgv.best
fileouya.xyz
leuzervllik.website
rezervoi300819.online
zelrvllik.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1175037824451665926

limitsno.at

# Reference: https://twitter.com/pancak3lullz/status/1175089086614462464

tkynyd710wiw.com

# Reference: https://twitter.com/pancak3lullz/status/1175081472945983490

gyttgod.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1176152753510473729

shvaiwq.com

# Reference: https://twitter.com/reecdeep/status/1176383004995923968

centalnana.com
the53augustine.com

# Reference: https://twitter.com/sugimu_sec/status/1176409540004200448

newupistebls.shop
UpdatelinkNew.cc

# Reference: https://twitter.com/Mesiagh/status/1176245402737135616

chiasun.xyz
eleanora.xyz
sweetlights.at

# Reference: https://twitter.com/reecdeep/status/1176743174133432322

skindnarog.com
twbaayoe.com

# Reference: https://twitter.com/reecdeep/status/1176754046352408578

asinaptali.com

# Reference: https://twitter.com/VirITeXplorer/status/1176764806344380416

utirierons.com
huminatacp.com
meartitalo.com
jmmeamafaldaannamae.xyz

# Reference: https://twitter.com/reecdeep/status/1176809589418975232

UplUpdkb21.pw

# Reference: https://twitter.com/JAMESWT_MHT/status/1177238068618846208

noteboockfix993.info
guiqkuoeelenor.top

# Reference: https://twitter.com/58_158_177_102/status/1178963613882601472

alister-mathmatics.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1179294188107653120

soatti2.com
x91aot53.club

# Reference: https://twitter.com/w3ndige/status/1179292167652679680
# Reference: https://app.any.run/tasks/ee7bf38d-c9ad-4ded-a236-10c54eae623c/

miooosooosos.xyz

# Reference: https://twitter.com/luc4m/status/1179351029726502912

lfdxf54ia.com
muucriogabe.com

# Reference: https://twitter.com/blu3_team/status/1179544056457768962
# Reference: https://app.any.run/tasks/e2cc76c0-0551-496f-8830-65b4a5de6077/

cornsholav.com

# Reference: https://twitter.com/VirITeXplorer/status/1179663290118615040

gonetplay.xyz

# Reference: https://twitter.com/dor0n1/status/1179663720974303232

doizvethea.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1179721642462851074

fornewinst0310.info
majavontehm.com

# Reference: https://twitter.com/w3ndige/status/1180003595921612805
# Reference: https://twitter.com/w3ndige/status/1180003598039683072
# Reference: https://app.any.run/tasks/2ce5a776-f5f9-4724-a652-ce6a08e5f268/

buismashallah.at
doollsllslaas.xyz

# Reference: https://twitter.com/James_inthe_box/status/1180124151320698880
# Reference: https://app.any.run/tasks/3ab547c6-d615-46f4-8a96-94ba4458d48f/

angiasatop.com
fumpregere.com

# Reference: https://twitter.com/bomccss/status/1180442530548076544
# Reference: https://app.any.run/tasks/b98c0ab1-0c9f-465c-83e2-c476ec4786c8/

limitsno.at
mashallah.at

# Reference: https://twitter.com/sugimu_sec/status/1181139013362544640

pianiilii.pw

# Reference: https://twitter.com/luc4m/status/1181158309845450752

aaxvkah7dudzoloq.onion
anumal-planet.at
weekends-estate.xyz

# Reference: https://twitter.com/sugimu_sec/status/1181195928469852160

newupistebls.online

# Reference: https://twitter.com/VirITeXplorer/status/1181244650432192513

finlllaio.club
finlllaio.host
finlllaio.space
zelrvllik.fun
30082019.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1181512884637114373

kenneyai.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1181466099252109313

atomoton.xyz
customwastereceptacles.com
enrichcollege.xyz
prodartsfans.com
suckpussycat.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1181515327223545857

laogxsc3377allison.club

# Reference: https://twitter.com/abuse_ch/status/1181521509971644416

reejosephiney.top
wr29shaniakobe.xyz
zkeaganarlie.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1181465402611777536

attorneyfd.com
corsoesq.info
enrichcollege.xyz
customwastereceptacles.com
national-industries.com
newplannersolutions.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1181833036478009345

hemamasandthepapasband.com
barradesalinas.com
proboxingfans.com
emilystravel1.com

# Reference: https://twitter.com/VirITeXplorer/status/1181850076857155584

finemineraldealers.co
forensicpursuit.info
proboxingfans.com

# Reference: https://twitter.com/reecdeep/status/1181851038753656833

alerihbfer.xyz

# Reference: https://twitter.com/reecdeep/status/1181854384101216257

newupistebls.shop

# Reference: https://twitter.com/JAMESWT_MHT/status/1181930891133804544

gacraze0710.com
t7763jykqeiy.com

# Reference: https://twitter.com/VirITeXplorer/status/1182185779860299776

adigitalteam.com
randyrash.xyz
theramones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1182236944467714048

cartoons-online.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1182270410601222147

puylzmay.xyz

# Reference: https://twitter.com/sugimu_sec/status/1182284839061348352

c66845582aniyah.club
dcz35percy.top
tfernzq.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1182552698459250689

deidrekreuz.com
newmillerhvac.com
samportal.com
skinrenaissanceclinic.net
spaceagemeat.xyz
sprintnetworksti.com
thekingofsoul.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1182560077070454786

vip-statistic.at

# Reference: https://twitter.com/James_inthe_box/status/1182682649753600000

tenusitidi.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1183647452353695745

bracesonpostcard.com
startdfy.com
yourpremiersmile.com
adultprizes.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1183639745726943232

carringtonit.xyz
thefuturesgame.biz

# Reference: https://twitter.com/w3ndige/status/1183799724979249152

jonkortyjjsas.xyz
seioodsoi.club
joskaejw.club

# Reference: https://twitter.com/w3ndige/status/1181989173458288640

chetropposdsa.xyz

# Reference: https://twitter.com/w3ndige/status/1181276348003864576

proposopsd.xyz

# Reference: https://twitter.com/reecdeep/status/1184023581455454209

raloautt.pro

# Reference: https://twitter.com/luc4m/status/1184049545833058304

livejunto.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1184120117929611265

qisqholden.com

# Reference: https://twitter.com/sugimu_sec/status/1184448482641240065

newupistebls.site
obolko.site

# Reference: https://pastebin.com/HLnQT4qy

votaritar.at

# Reference: https://twitter.com/abuse_ch/status/1184757198364258304

sjoanie52v3.com
wgersonioia.com

# Reference: https://www.sentinelone.com/blog/writing-malware-traffic-decrypters-for-isfb-ursnif/

bemiljqjohnpaul.com
jjasonbenedict.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1185078973614743552

sac-sofom.com
patinauniversity.net
northcarolinaforeclosuresforsale.com
jostensarlington.com
emilystravel1.com

# Reference: https://twitter.com/reecdeep/status/1186552161255280640
# Reference: https://twitter.com/reecdeep/status/1186572239006846976
# Reference: https://twitter.com/sugimu_sec/status/1189110803716165632

slalloim.host
slalloim.pw
slalloim.site
slalloim.space

# Reference: https://twitter.com/reecdeep/status/1186555095049211904

iehrbfoei.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1186556083927691264

wngtdpablo.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187274922588082176

issmalta.xyz
mrsvgnpwr.com
waszkovia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187319895685500928

nokatelinabe.top
r8566noahthea.com
wlnfermin.com

# Reference: https://twitter.com/killamjr/status/1187731670696378368

bullisworg.com

# Reference: https://twitter.com/killamjr/status/1187733046377754624

cy56emie.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187699534144651265

mqz8342lela.com

# Reference: https://twitter.com/Paladin3161/status/1187740438180061185

rexa.at

# Reference: https://twitter.com/sugimu_sec/status/1189113687711219712
# Reference: https://twitter.com/reecdeep/status/1191283783644917760

oeuhbfqw.xyz
oeurhbf.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1191280036273360896
# Reference: https://app.any.run/tasks/140d1cda-31c4-4151-9f88-cec83f2475a1/

chucelo.fun
chucelo.pw

# Reference: https://twitter.com/reecdeep/status/1191998519525224449

wensa.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1192034769011388417

lmikelnf.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1192029516543254528

intraders-support.at

# Reference: https://twitter.com/reecdeep/status/1192346259635539968

jscfgfuevx.com
t6kamillemoshe.com

# Reference: https://twitter.com/reecdeep/status/1192415305873670144

nazscklpaq.com

# Reference: https://twitter.com/reecdeep/status/1194557484867997696

eyrgfero.red
owuefoeu.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1194655073353240581

astacefaim.com

# Reference: https://twitter.com/luc4m/status/1194899996019171328

ghdy656262oe.com 
tnzf3380au.top 
xijamaalj.com

# Reference: https://twitter.com/reecdeep/status/1196363455772741632

reloffersstart.co

# Reference: https://twitter.com/reecdeep/status/1196408189643874304

mantoropols.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1196717243528298496

hivechannel3.com
myegy.club
teablitziloilo.xyz
thefork.info

# Reference: https://twitter.com/w3ndige/status/1196809536767700993

arethatour.icu
drunt.at
offupweekin.xyz
potronisl.xyz
seioodsoi.club

# Reference: https://twitter.com/matte_lodi/status/1197082261608452096

generalmusician.xyz

# Reference: https://pastebin.com/GbV8Vdzb

ahah100.at
ahonpot.at
beemstop.at
casus.at
kastrop.at
rexa.at
targoo.at
unomal.at
votaritar.at
wensa.at

# Reference: https://twitter.com/malware_traffic/status/1197562166309724166

185.118.165.109:443
45.132.19.167:80
k55gaisi.com
n9maryjanef.com

# Reference: https://twitter.com/nao_sec/status/1198613811277598720

platonusklakiusojw.xyz

# Reference: https://twitter.com/sugimu_sec/status/1198889984876408833

padareova.fun
toloadname.xyz

# Reference: https://twitter.com/sugimu_sec/status/1198885293715156992

booksale.red
guatemal.xyz
hummercarss.com
nsdaqos.pw
randomord.com
reoomavo.fun
skrollinu.xyz
steercos.pw
wessell.pw

# Reference: https://twitter.com/malware_traffic/status/1199082282033778693

s82dortha27r.top

# Reference: https://twitter.com/reecdeep/status/1199227801980882944

disecliear.com

# Reference: https://twitter.com/reecdeep/status/1199236030676770816

qyr78wfya85.top

# Reference: https://twitter.com/reecdeep/status/1199247687738109952

iristwaica.com

# Reference: https://twitter.com/reecdeep/status/1199250532231208960

gogaritons.com

# Reference: https://twitter.com/reecdeep/status/1199600932369108992

fjavieryvette94.com
thantifick.com

# Reference: https://twitter.com/James_inthe_box/status/1199725721989443584

fulldin.at

# Reference: https://twitter.com/0xSirDom/status/1200398273476997120

addloanalao.xyz
doorlooplsit.xyz
goodpanelselinum.xyz
laodonaln.xyz
philippeschellekens.com
skamulinus.xyz
stamperistm.com

# Reference: https://twitter.com/nao_sec/status/1201128853055213571
# Reference: https://app.any.run/tasks/e38e7b50-0dd6-403d-b591-4159be2cb33e/

llohumas.today

# Reference: https://twitter.com/reecdeep/status/1201448424064856064

newsitalybiz.club

# Reference: https://twitter.com/sugimu_sec/status/1201505212814569472
# Reference: https://twitter.com/sugimu_sec/status/1201431470893436929

agenziadelleentr.pw
armanidesk.xyz
asistenzaonliine.com
asistenzaonline.pw
asistenzaonlinu.red
genzleentr.host
helpabout.pw
newsitalybiz.club
readmebook.fun
redxyzred.xyz

# Reference: https://twitter.com/Bl4ng3l/status/1201896387471978497

aforattren.com

# Reference: https://twitter.com/reecdeep/status/1201786601078185984

w83v45ws.com

# Reference: https://any.run/malware-trends/ursnif (Note: as seen on 2019-12-04)

wensa.at
fulldin.at
ahah100.at
spiritualdreamsdecoder.com
embracethechill.com
furbuddyz.com
wellswise.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1202159145975238657

digoedani.xyz
legacymodsquad.xyz
penrithrivercafe.com
robsitbon.net

# Reference: https://app.any.run/tasks/20bdf9c8-e914-401e-b7b8-7d1a970de5ae/

popuribart.com

# Reference: https://twitter.com/jcarndt/status/1202224056659038210

trayeantir.com

# Reference: https://twitter.com/fr3dhk/status/1202283961881370624

bjanicki.com

# Reference: https://twitter.com/pancak3lullz/status/1202331586324123648

aermewerog.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1202588193843032065

azonpowerpick.xyz
wanderunderwater.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1202590541248188416

balanceonwater.com

# Reference: https://pastebin.com/9eq0JJkz

penrithrivercafe.com

# Reference: https://twitter.com/reecdeep/status/1203960845413294080
# Reference: https://twitter.com/sugimu_sec/status/1203960241773113344

abrakam.site
hiteronak.icu
makretplaise.xyz
marvellstudio.online
sdkscontrol.pw
sutsyiekha.casa
ublaznze.online
udatapost.red

# Reference: https://twitter.com/sugimu_sec/status/1203964696623112194

laddloanalao.xyz

# Reference: https://twitter.com/sugimu_sec/status/1204335451990945792

sutsyiekha.casa

# Reference: https://twitter.com/luc4m/status/1204095111568805889

jhrevawef.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1204665342863253504

customerspick.com
hintdeals.com
sscupace.xyz

# Reference: https://twitter.com/reecdeep/status/1206497364351033344

abrakam.site
agenziadelleentrate.site
hiteronak.icu
holikokooo.com
mictosofts.com
qartabeers.com
teslaoilcar.com
ublaznze.online

# Reference: https://twitter.com/sugimu_sec/status/1206502975763431424

eioeruhgirbe.xyz

# Reference: https://twitter.com/reecdeep/status/1206527095452700673

eioeruhgirbe.pw

# Reference: https://twitter.com/matte_lodi/status/1206861746322968576

chloroz.xyz
tripuruguay.info

# Reference: https://twitter.com/sugimu_sec/status/1207139952334524419

vestcheasy.com

# Reference: https://twitter.com/sugimu_sec/status/1207244889559191553
# Reference: https://twitter.com/JAMESWT_MHT/status/1207247283328303105

desaidles.fun
desaidles2.fun
furmul2aso.com
furmulaso.com
ge1dmond.info
gedmond.info
gedmond.pro
gedmond0.pro
kolonimalosi.pw
kolonimalosi8.pw
new1discoveries1.com
newdiscoveries.com
newsaplicamento.surf
newsaplicamento2.surf
ohfebveub.fun
ohfebveub.xyz
zal6etuf.pro
zaletuf.pro

# Reference: https://twitter.com/malware_traffic/status/1207779656998498304

axelerode.club
brinchik.xyz
lovely-honey.club
onionpie.at
sweetlights.at
vbsdh1kjd.online

# Reference: https://twitter.com/malware_traffic/status/1208205022925860865

impedignaw.com

# Reference: https://pastebin.com/NaAgYa42

estate-advice.at
thefreshstuffs.mu

# Reference: https://twitter.com/luc4m/status/1214968509232549894

domnfrayder.site
llohumas.today
llosmoder.adygeya.su
mirroriles.adygeya.su
simferopoliulike.space
simlleratio.today
slalomdrivevrsto.today

# Reference: https://twitter.com/JAMESWT_MHT/status/1215201598642835456
# Reference: https://app.any.run/tasks/2d12799d-7ab5-47d9-a6e0-06c32e7315da/

calag.at

# Reference: https://www.fireeye.com/blog/threat-research/2020/01/saigon-mysterious-ursnif-fork.html
# Reference: https://otx.alienvault.com/pulse/5e176bed2647907c1efb1621

cdn-digicert-i31.com
cdn-gmail-us.com
cdn-google-eu.com
cdn-mozilla-sn45.com
google-download.com
mozilla-yahoo.com
securecloudbase.com
setworldtime.com
softcloudstore.com

# Reference: https://twitter.com/nao_sec/status/1216385095277219841
# Reference: https://app.any.run/tasks/8844703d-676b-415f-bf9c-83e7f507336a/

docdoccountry.agency
kilogrammund.adygeya.su

# Reference: https://twitter.com/nao_sec/status/1218051679779606529
# Reference: https://app.any.run/tasks/c1cdf8ec-0903-456c-b3bf-17f23ec61766/

boartdsdf.today
datrtkonnect.today
drupplasduemonet.today
financeleving.today
iittemgoodsg.today
klaaasdumnim.today
lohuanusiams.today
shumaherosjhlf.today
spektrumasd.agency
wyckysodary.today

# Reference: https://twitter.com/JAMESWT_MHT/status/1218099872143941638
# Reference: https://app.any.run/tasks/61bcfc59-a710-4181-b816-b8b21a42c558/

beadventure.us
institutionalknowledgemanagement.com
ivorycell.net
monalisapizzeriasi.com
philippeschellekens.com
understudyknowledge.com

# Reference: https://twitter.com/malware_traffic/status/1219804448349966336

emblareppy.com
limpopo.at
n60peablo.com
nk47yicbnnsi.com
pzhmnbargurite4819.com

# Reference: https://twitter.com/reecdeep/status/1219957440269180928

ftevinpgreta.com

# Reference: https://urlhaus.abuse.ch/browse/tag/Gozi/

asodergina.com
cuinangila.com
emblareppy.com
godeageaux.com
gutasiergo.com
gutasiergo1.com
jadityaieelyse.com
legouscuma.com
r69ioaylabrooklyn.com
rieseenchs.com
shlerlashu.com
swaloordot.com
vinalpapel.com
xpnidellashane.com
z99jeaebony.com

# Reference: https://twitter.com/luc4m/status/1220274548488265733

ey7kuuklgieop2pq.onion
living-start.at
news-deck.at
taslks.at

# Reference: https://app.any.run/tasks/70807bc4-b30a-4b53-8c3f-0b03214f9fd1/

pzhmnbarguerite4819.com
ergyeevlwtgourtney66f.com
n60peablo.com

# Reference: https://twitter.com/reecdeep/status/1220373843375722501

rheracstar.com
puminsceft.com
happopaess.com
ddeneaungy.com
wagoatilby.com
winserver-cdn.at

# Reference: https://app.any.run/tasks/f97034b0-943b-42db-8328-33cd15be4494/

bpzhmarguemrite4819z.com

# Reference: https://twitter.com/reecdeep/status/1220374457505787906
# Reference: https://app.any.run/tasks/b5149816-3148-421a-a165-572d0694a0c0/

dithomatos.com

# Reference: https://twitter.com/reecdeep/status/1220630563247337473

fampraffer.com
g53uuxexm.com
kekbobbie.com

# Reference: https://app.any.run/tasks/db0afa40-8b60-4300-ac83-93301d1710e1/

mimeaniega.com

# Reference: https://twitter.com/reecdeep/status/1220637814519402496

swloovrxcwzholden.com

# Reference: https://twitter.com/malware_traffic/status/1220531434865283072

bn60pabmloz.com
mk47ymmmcsi.com
nguyendungcosmetics.com
terersepal.com

# Reference: https://twitter.com/Bl4ng3l/status/1220629376536055808

mrcsecure.ru
secureccvip.ru

# Reference: https://twitter.com/malware_traffic/status/1220847700846968833

jottnistic.com
t199447q.com

# Reference: https://www.virustotal.com/gui/ip-address/95.181.198.151/relations
# Reference: https://any.run/report/1800822b3e467eba73278f94f26291942497c31267fe8111bc55e845d17454e2/242a8158-ba6e-4b5f-95ae-0f7bd1f80ca1

cnicaliasi.com
dampfelang.com
sfectervie.com
wonnesende.com

# Reference: https://twitter.com/reecdeep/status/1222066336672702464

logrichasi.com

# Reference: https://app.any.run/tasks/45ee09de-b199-4216-8a29-3c73c47b8b98/

drzjqkpjd34.com

# Reference: https://twitter.com/sugimu_sec/status/1222084797796777984

agenziadellentrate.space
wodce2020.xyz

# Reference: https://twitter.com/sugimu_sec/status/1222081060789317632

desaidles.fun
hammersummer.com
kolonimalosi.pw
legogogogo.pro
zaletuf.pro

# Reference: https://twitter.com/sugimu_sec/status/1222086450096640001

qsxw2020.xyz

# Reference: https://twitter.com/reecdeep/status/1222195271066583041

tahhir.at

# Reference: https://app.any.run/tasks/f73a7192-488d-4756-9f5d-a6b9f67e1b11/

boezl40.com
toblatcous.com

# Reference: https://pastebin.com/raw/3mpyeQPx

jbgool.at

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

h33a7jzovxp2dxfg.onion

# Reference: https://twitter.com/James_inthe_box/status/1122988160223305730

aaxvkah7dudzoloq.onion
alfa-sentavra.at
anti-doping.at
miska-server.at

# Reference: https://twitter.com/benkow_/status/1147443642728103936

jm2g6cyszkutaurp.onion 
inferno-girls.at
regeneration-data.at 

# Reference: https://twitter.com/58_158_177_102/status/1150932578062352384

bibicity.ru
marcoplfind.at

# Reference: https://twitter.com/w3ndige/status/1192828465407500288

cxzko43pnr7ujnte.onion
freshness-girls.at
greenedus.com
intraders-support.at
salesforcelead.com

# Reference: https://twitter.com/w3ndige/status/1183799724979249152

ey7kuuklgieop2pq.onion
shoshanna.at
maiamirainy.at
ujaioep.website

# Reference: https://twitter.com/w3ndige/status/1198984590427340800

arethatour.icu
drunt.at
ey7kuuklgieop2pq.onion
finogorosod.xyz
maiamirainy.at
seioodsoi.club

# Reference: https://twitter.com/reecdeep/status/1199633624158679041

colordrawyx.xyz

# Reference: https://twitter.com/w3ndige/status/1201531023466610688

news-deck.at
ponimuliosdop.xyz

# Reference: https://twitter.com/w3ndige/status/1201902091100397569

elseweofferthas.co
tuesyuioodpps.xyz

# Reference: https://twitter.com/James_inthe_box/status/1207993350856380417
# Reference: https://pastebin.com/DXHpmjX0

buddy-calc.at

# Reference: https://www.certego.net/it/news/malware-tales-dreambot/

qjdyugisselle.club

# Reference: https://app.any.run/tasks/45ee09de-b199-4216-8a29-3c73c47b8b98/

drzjqkpjd34.com

# Reference: https://app.any.run/tasks/4dc52007-410d-4666-aa69-1d4da5f7b66e/

wodce2020.xyz

# Reference: https://twitter.com/benkow_/status/1221862063888314368
# Reference: https://www.virustotal.com/gui/file/2a6fef0ef37de199270eb697e42816608a2dac6e3505e71ca4e3bfd11f819def/detection
# Reference: https://www.virustotal.com/gui/ip-address/34.240.96.52/relations

34.240.96.52:80

# Reference: https://www.secureworks.com/research/gozi

/cgi-bin/certs.cgi

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy:Win32/Ursnif.gen!F

/system/prinimalka.py/forms
/system/prinimalka.py/options
/system/prinimalka.py/command

# Reference: https://ae.norton.com/security_response/print_writeup.jsp?docid=2009-060121-0427-99

/cgi-bin/trash.py

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2009-January/001818.html

/cgi-bin/pstore.cgi
/cgi-bin/forms.cgi
/cgi-bin/ss.cgi

# Reference: https://marc.info/?l=emerging-sigs&m=135206981711334&w=2

assisback.com

# Reference: https://twitter.com/VK_Intel/status/1045830804545298434
# Reference: https://pastebin.com/cDz5dvMx

aporen.at
dreemkol.at
freemon.at
ioptool.at
leproeg.at
mahono.cn
matr.at
nytronex.at
twidix.at
umpalok.at
upcu100.at
zicino.at

# Reference: https://www.vkremez.com/2018/08/lets-learn-in-depth-reversing-of-recent.html

cdrome.at
galio.at
harent.cn
ledal.at
lottos.at
popdel.at
robatop.at
tohio.at
torafy.cn
yraco.cn
4fsq3wnmms6xqybt.onion
em2eddryi6ptkcnh.onion
nap7zb4gtnzwmxsv.onion
t7yz3cihrrzalznq.onion

# Reference: https://twitter.com/campuscodi/status/1039531511144431616
# Reference: https://marcoramilli.blogspot.com/2018/08/hacking-hacker-stopping-big-botnet.html

1000numbers.com
batterygator.com
beard-style.com
englandlistings.com
gardenforyou.org
pomidom.com
jfklandscape.com
thefutureiskids.com
romanikustop.space
securitytransit.site
sssloop.host
sssloop.space
upsvarizones.space

# Reference: https://twitter.com/VK_Intel/status/1047033551957504003
# Reference: https://pastebin.com/aMgJJc5D

doriton.at
ledalco.at
letosos.at
musicdance.at
patrons.at
relonter.at
rendes.at
strikeapple.at

# Reference: https://twitter.com/VK_Intel/status/1048068456082432000

loadbirthdaymoveproper1x4v.com

# Reference: https://twitter.com/VK_Intel/status/1105578215605764096

polkanidog.website

# Reference: https://twitter.com/VK_Intel/status/1072254720755068928

akamaicln.com
aplatmesse.com
nowerdleat.com
touggledle.com

# Reference: https://twitter.com/VK_Intel/status/1048068456082432000

loadbirthdaymoveproper1x4v.com

# Reference: https://twitter.com/VK_Intel/status/1017946476389888000

cojnqwjenqwe.com
woudausdnw.com

# Reference: https://twitter.com/Racco42/status/1102896181011795969

/about/conservative.php

# Reference: https://twitter.com/abuse_ch/status/1072117868555366400

black-transsexual-hardcore.com

# Reference: https://twitter.com/James_inthe_box/status/1109090277380116480

investingfutureram.ac.ug

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
beetfeetlife.bit
rivier.at

# Reference: https://twitter.com/makflwana/status/1037120013574914048

aclassshades.net

# Reference: https://twitter.com/makflwana/status/1034320489500401664

aclassshades.com

# Reference: https://twitter.com/makflwana/status/1033935638830010368

basedplants.net

# Reference: https://twitter.com/VK_Intel/status/1114477236890083329

t97uoquintengbnia.company
koo89iiignatius.com
s45ooallison.com

# Reference: https://twitter.com/VK_Intel/status/1118143457292320769

ptl8sb.xyz
jrosinaiabbigail.com
xdanialsx.info

# Reference: https://twitter.com/VK_Intel/status/1123398721222402049

ericsgamesz.com

# Reference: https://twitter.com/VK_Intel/status/1124055499513696258

sharktankdigestq.com

# Reference: https://twitter.com/VK_Intel/status/1124400215165997056
# Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-05-03-gozi-isfb-v3-signed-vk.misp.csv
# Reference: https://twitter.com/VK_Intel/status/1134211079553388547

ch12ozoo.com

# Reference: https://twitter.com/VK_Intel/status/1123015463515115522
# Reference: https://pastebin.com/0yXa5Lqg

aaxvkah7dudzoloq.onion
alfa-sentavra.at
anti-doping.at
miska-server.at
classpana.host

# Reference: https://twitter.com/VK_Intel/status/1134600583065853953

tericks90.info

# Reference: https://twitter.com/VK_Intel/status/1142287900836601856

kusasukusa.com

# Reference: https://twitter.com/VK_Intel/status/1142517721109803009

jigalon.com

# Reference: https://twitter.com/VK_Intel/status/1143985084099420160

lolaamorza.com

# Reference: https://twitter.com/VK_Intel/status/1145235372944822273

asdcat.com

# Reference: https://twitter.com/VK_Intel/status/1146311735072215041

orzamorza.com

# Reference: https://twitter.com/kyleehmke/status/1145688670743224322

simkaart-veilig.com
veilig-simkaart.com

# Reference: https://twitter.com/reecdeep/status/1146698386319560704

xmagnoliarhoda.top

# Reference: https://twitter.com/blackorbird/status/1146688979908976642

mmrihe.xyz

# Reference: https://twitter.com/VK_Intel/status/1147229146126475264

jokerlol.com

# Reference: https://twitter.com/reecdeep/status/1148484499245817856

http://185.139.69.177/si.php
xpiperae94xw.com

# Reference: https://twitter.com/sS55752750/status/1151134247299588097

49.88.112.70:34172

# Reference: https://twitter.com/Paladin3161/status/1152003576807346177

narutik.at
pranahat.at

# Reference: https://twitter.com/VK_Intel/status/1154121098012844033

whatpepsi.com

# Reference: https://twitter.com/VK_Intel/status/1157692747475836928

morkamora.com

# Reference: https://twitter.com/VK_Intel/status/1162049529581047812

centuryboxing.xyz

# Reference: https://twitter.com/daphiel/status/1132986879895318528

nickburkholder.pw

# Reference: https://twitter.com/VK_Intel/status/1164189047218147329

wai177iowjedidiah.xyz

# Reference: https://twitter.com/VK_Intel/status/1167150071537909762

lyckapost.xyz

# Reference: https://twitter.com/VK_Intel/status/1167513152424165377

essaycomplete.xyz

# Reference: https://twitter.com/Paladin3161/status/1169920724737261568

zurichwhispers.com

# Reference: https://twitter.com/VK_Intel/status/1172601031605272576

urgentmouse.xyz

# Reference: https://twitter.com/VK_Intel/status/1172646711879032832

hanakahuna.xyz

# Reference: https://twitter.com/VK_Intel/status/1173479653723508741

yourampdlife.xyz

# Reference: https://twitter.com/VK_Intel/status/1174353167414378497

bombinet.xyz

# Reference: https://otx.alienvault.com/pulse/5d88b195e7e1652651a6aa05

brciy29o.com
ckvhss79yo87u.com
dkeagan23uiart.info
dnv9619cathy.xyz
esek412782.com
faayjasperoln.top
fea820q.info
fgbbonnie.top
fuin54baby.com
g59darlenedereck.com
h28qiay.club
j6793yojewell.club
nuiuei15norbert.com
r96hfhardyee5.com
tie12christopher30.info
twr84ue.com
zy19oeya.xyz

# Reference: https://twitter.com/VK_Intel/status/1183632661300027392

studiosrm.xyz

# Reference: https://twitter.com/jcarndt/status/1184512273412493312

koenealack.com

# Reference: https://twitter.com/reecdeep/status/1184732718371876864

nvoaeicweston.com
onivallort.com

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Packed.Gozi-7329531-0)

frame303.at

# Reference: https://twitter.com/abuse_ch/status/1195283758414479363

z39bldfq.com

# Reference: https://twitter.com/James_inthe_box/status/1213080091439161347

securecc.ru

# Reference: https://twitter.com/malware_traffic/status/1214520928773853184

ccsecure.ru

# Reference: https://twitter.com/reecdeep/status/1223341509300424709

needforbestpropouse.xyz

# Reference: https://twitter.com/reecdeep/status/1224620543632125952

romaitaliacommerciale.site
milanoofficialfatt.online
barifattonumero.pw
officebuysell.pro

# Reference: https://twitter.com/reecdeep/status/1224623242360565763

2020lhjfhf.xyz
2020lplm.xyz

# Reference: https://www.virustotal.com/gui/domain/roiboypoka.ru/relations
# Reference: https://twitter.com/reecdeep/status/1224661920680157185

roiboypo.ru
roiboypok.ru
roiboypog.ru
roiboypoka.ru

# Reference: https://www.virustotal.com/gui/ip-address/79.124.89.241/relations

cloud-start.at
dossecure.ru
everydayparty.xyz
thefreshstuff.at

# Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations

adonis-medicine.at
americanexpresscprs.at
carforklou.at
cloud-start.at
dioarmmonoder.at
fitalyaka-service.at
genesisgrandergh.at
intrade-support.at
marcoplfind.at
miska-server.at
regeneration-data.at
thefreshstuff.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1225064419790589952
# Reference: https://app.any.run/tasks/6021c4bb-88a2-447d-b29c-8265765483e5/

goose-mongoose.at
roiboypoleno.ru

# Reference: https://twitter.com/reecdeep/status/1227136074822115328

llh23.com
lcdixieeoe.com
vpnderrick.com
wv01gwbrgs.com

# Reference: https://twitter.com/reecdeep/status/1227521698037223424

mailnofattndel.vip
aziendaitalymail.online
fatturamentolaniasicilia.website
softwaremicrosoft.red
hiteronak.icu
abrakam.site

# Reference: https://app.any.run/tasks/64825b57-2762-4a94-91ed-90b385bc338b/

40.74.35.71:80

# Reference: https://twitter.com/Bl4ng3l/status/1228329084347920385

allage.at
aromun.at
beetfo.at
dianer.at
iomal.at
lapenik.at
6buzj3jmnvrak4lh.onion
g4xp7aanksu6qgci.onion
l35sr5h5jl7xrh2q.onion

# Reference: https://twitter.com/VirITeXplorer/status/1229697387800616965
# Reference: https://twitter.com/VirITeXplorer/status/1229698314922315776

banksesiqueira.xyz
dungdoptiop.xyz

# Reference: https://twitter.com/reecdeep/status/1230033500612505603

businessknowledgetransfer.com
ulovesaving.com
mandyenando.xyz
stilthousebeer.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1230032577425281024

bomoer.co.uk

# Reference: https://twitter.com/reecdeep/status/1230075428527910913

litmanses.at

# Reference: https://twitter.com/reecdeep/status/1230160762963988482

6vcatkjlim35nscu.onion
regutalor-stat.at
winserver-cdn.at

# Reference: https://twitter.com/reecdeep/status/1230407172686827521

ali-express1.at

# Reference: https://twitter.com/VK_Intel/status/1231451249486290944

mandyenando.xyz
stilthousebeer.xyz

# Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23, Ursnif)

digifriendste.com
dobaserdo.com
hiteronak.icu
holoderyttonten.website
llohumas.today
marryscristmasssanta.website
ohfebveub.xyz
skamulinus.xyz
warryotrisjmsolvlmsf.website

# Reference: https://twitter.com/reecdeep/status/1231848276812615680

link.paichecafe.com

# Reference: https://twitter.com/reecdeep/status/1231896971193069568

megpagamil.pw
megpagamilmegpagamil.xyz

# Reference: https://twitter.com/reecdeep/status/1231878352883134465

fatturapagamentodi.pw
odelpagamentorome.site
samementolaniasicilia.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1231944849533829125

fragrancewipes.com

# Reference: https://twitter.com/reecdeep/status/1231955240150278144

co.ncte-india.org.in

# Reference: https://twitter.com/prsecurity_/status/1231781712742404096

http://162.213.253.229

# Reference: https://twitter.com/malware_traffic/status/1232765858910527491
# Reference: https://app.any.run/tasks/2095164e-0684-4036-8a46-aa427eac5268/

mnogonimalo.ru

# Reference: https://twitter.com/reecdeep/status/1232951783854661632

appbaripagamento.pw
fatturanewpagamentodiversi.pw
pagamentodimilanotobari.fun

# Reference: https://app.any.run/tasks/733e1200-e3e3-4d6b-a0c9-504874c58b86/

embroiderco.info

# Reference: https://twitter.com/VK_Intel/status/1233430069152026626

litelicense.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1123206109421027329

jbfd8699nia.com
wadameee.club

# Reference: https://twitter.com/x42x5a/status/1114468129327984640

westeast.world

# Reference: https://twitter.com/malware_traffic/status/1234637023971024896
# Reference: https://app.any.run/tasks/5cb7e507-da2e-4feb-90c5-7211a2187451/

start.olivebranchmissionarybaptistchurch.org

# Reference: https://twitter.com/luc4m/status/1234903113166802944

alistherdata.at

# Reference: https://twitter.com/reecdeep/status/1234847737532821504

lissavets.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1235527459824521216
# Reference: https://app.any.run/tasks/51556172-5f30-43f8-8501-2fdb9f4714af/

get.marquettburton.com

# Reference: https://twitter.com/reecdeep/status/1235639226567454721

cdn-cloud.at
i3r01ls5rua.com

# Reference: https://twitter.com/MSteve25/status/1235597615737319429

mt8qe6yrbd6.com
vefp242hbai.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1236966723410108416

italycovid-19.site
recoverrryasitalycovid-19.xyz
stornocovid-19.pw

# Reference: https://twitter.com/reecdeep/status/1236945237404196864

italycovid.site
stornocovid.pw
recoverrryasitalycovid.xyz

# Reference: https://twitter.com/D3LabIT/status/1236947913453993984

periufge.xyz

# Reference: https://twitter.com/reecdeep/status/1236974596487774208

asistenon.xyz
asistenzaonline.xyz
febbrarioferraro.pw
marrzioolio.casa
pizdelko.xyz

# Reference: https://twitter.com/nao_sec/status/1237046081512300544
# Reference: https://app.any.run/tasks/30763803-fe7a-4da1-8152-330e115111ff/

buchxuchsd.agency
bumbelbeed.agency
chevroletd.agency
cypryccsg.today
jeepcherhsd.agency
klivierlerthlf.today
krosfiticd.agency
loassrery.today
luhndfchsd.agency
phukeemonet.today
pokevboiving.today
pontiaxkect.today
prosprberrysd.agency
rspberrytd.agency
ruffsdf.today
rufinursd.agency
seamseamnim.today
stopcfams.today
stroganod.agency
strongerhsd.agency
yaichkihsd.agency

# Reference: https://twitter.com/VK_Intel/status/1237256944538333184

milos.hostelbobi.com

# Reference: https://twitter.com/reecdeep/status/1237391646934708227

gwc1qur.com
zsxzfgg.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1237387643194724352

wex-notdead.ru

# Reference: https://urlhaus.abuse.ch/browse/tag/Gozi/

bghqyf1.com
dvt553ldkg.com
f200rotcl2.com
fal6qo3f68.com
fukbeegh4.com
g4057ewrgyhqy.com
gs11fd5.com
kmqdagp70r.com
knuymon.com
ku3rgq4.com
nvdvdgp.com
qr12s8ygy1.com
wv01gwbrgs.com
z4v1qth.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1237396282718572551

v3wkdzd.com

# Reference: https://twitter.com/malwrhunterteam/status/1237434259553562624

primankanamanky.ru

# Reference: https://twitter.com/VirITeXplorer/status/1237655433617330176

kotbikes.xyz
mlzange.com

# Reference: https://twitter.com/VirITeXplorer/status/1237662195174998016

imhappyabout.xyz
localjobsph.xyz

# Reference: https://twitter.com/reecdeep/status/1237671965705613312

simpleboatcover.com
seokudos.com
sweetmatchup.com
lcyaolu.com
mister-al.com
elkarmacompound.com
ihatestarbucks.com
msstolemybrain.com
imebooksgiveaway.com
freesubmissiondirectoryy.com
wishnwish.com
5continentsproperty.com
travelconfidently.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1237686282970697728

eyerockphotography.net

# Reference: https://twitter.com/reecdeep/status/1237679921545306112

q9gee3f1.com

# Reference: https://twitter.com/Bl4ng3l/status/1237680913443684352

details.wherefreestylelives.com

# Reference: https://twitter.com/VirITeXplorer/status/1238014307121745920

collegeinmenu.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1238054206386450432
# Reference: https://app.any.run/tasks/1714849b-23d4-4c4f-a147-4ab1dfeaa258/

scultbet.com

# Reference: https://twitter.com/bomccss/status/1238312640096563201

netretgidare.com

# Reference: https://twitter.com/bomccss/status/1209842185551499265

detacacids.com

# Reference: https://twitter.com/bomccss/status/1209843734088601600

c71yovern.com
sfmtcxts.com

# Reference: https://twitter.com/bomccss/status/1209905697690812416

b9kamrynlilliana.com

# Reference: https://twitter.com/bomccss/status/1210047638843772929

imnantrape.com

# Reference: https://twitter.com/Zerophage1337/status/989571016895713280
# Reference: https://app.any.run/tasks/2a064aed-3e5a-4690-87e7-78da4435352c/

86.105.18.236:443

# Reference: https://twitter.com/nao_sec/status/1239137537328701442
# Reference: https://twitter.com/reecdeep/status/1239466649356550144
# Reference: https://app.any.run/tasks/72580d88-98c9-4495-8321-27f0f6763a2c/

bblugadash.agency
braunierwherbatis.today
chuvakastod.today
cmelgibdsong.today
drupboxedsd.agency
feruimniimsxs.today
globalnishkad.agency
if3instore4.agency
lelemssd.agency
lilybanksed.agency
loophyperrd.agency
loshamakentisht.today
lrufunurd.agency
naggantsd.agency
pigtamnetd.today
pilllowedsd.agency
sroibushkashsd.agency
stopcfams.today
stophangerdslf.today
stratorsct.today
stuppedrtef.today
tybdranocidw3.agency
yukadukas.agency

# Reference: https://twitter.com/reecdeep/status/1239473120987275266
# Reference: https://app.any.run/tasks/dc56ada8-0d1a-41f9-85c4-354966b56a71/

aftnoop.at
laurela.at
pipen.at

# Reference: https://twitter.com/bomccss/status/1239716843431923712
# Reference: https://app.any.run/tasks/b881bebf-8ded-4eb2-a62e-198a095bad69/

alistherdatas.at
get.fletchapp.com

# Reference: https://twitter.com/reecdeep/status/1239851638992646144

eiurbfvpewirub.xyz
eouryfvioeurfoevri.xyz
findoitaliafattura.pw

# Reference: https://twitter.com/FaLconIntel/status/1239876026513022976
# Reference: https://pastebin.com/JECpbgp6

donatafatturaitalia.pro
pgfatt.xyz

# Reference: https://twitter.com/Bl4ng3l/status/1240253133785358336

vatunboard.com

# Reference: https://twitter.com/malware_traffic/status/1240326583786844162

pmfi74.com
snap-licdn.com

# Reference: https://twitter.com/reecdeep/status/1240570564017901570
# Reference: https://app.any.run/tasks/a4b2eff3-77f7-4da0-bcdc-7c04b9156837/

kamalak.at

# Reference: https://twitter.com/w3ndige/status/1240637812887732226

cloudservice.club
form-updater.at

# Reference: https://twitter.com/malware_traffic/status/1240810985776205827

avqm2sd6.com
jearlenef.com
q5278biboyd.com

# Reference: https://twitter.com/jorgemieres/status/1240804469228568578

silviaformigligooo.us

# Reference: https://twitter.com/reecdeep/status/1240906811559022593

q29lanceshaniya.com
vtorrancekx59.com

# Reference: https://twitter.com/teamcymru/status/1240972864892928001
# Reference: https://securityaffairs.co/wordpress/99823/malware/ursnif-campaign-targets-italy.html

kolamana.com
tealex.it

# Reference: https://twitter.com/FaLconIntel/status/1241568444551741441
# Reference: https://app.any.run/tasks/e074bc0d-7edf-4e58-86ad-f7e3dd8df714/
# Reference: https://pastebin.com/M1JFcPcj

alfabanjrrd.agency
bsberbakh.agency
cdastroitod.today
cmguffiong.today
dampometiktd.today
dstopdaltdsd.agency
glmrakobesad.agency
ilupitdrope4.agency
lbusinesd.agency
lkakaushkid.agency
lostellazikdht.today
lotlybankied.agency
mozetradugis.today
nlembdasd.agency
pikazanhsd.agency
schepsdik.today
slaungdt.today
sstrousihhsd.agency
ssvetleitef.today
stanetvsemxs.today
stkraevoirdslf.today
tasinhromiidw3.agency
ymulenrougas.agency
zetradugis.today
vetleitef.today

# Reference: https://www.virustotal.com/gui/ip-address/47.74.44.93/relations

malorun.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1242014733886201858

falloitalbar.store
gioliofattura.xyz
pagamentodelordinenumero.online

# Reference: https://app.any.run/tasks/44378179-4c2a-42d0-99e9-5818b7e8937a/

poskncpeiuywbt.xyz

# Reference: https://twitter.com/reecdeep/status/1242017555675480066

803g4548fgf.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1242041463925506053
# Reference: https://app.any.run/tasks/751f395b-33e4-4f5e-89eb-0b63153195a8/

dangerously.xyz

# Reference: https://twitter.com/reecdeep/status/1242163727123824641
# Reference: https://app.any.run/tasks/53918911-78d7-429d-95a0-6ec6c7542db3/

m1rd9egxfxinnsoq.com

# Reference: https://twitter.com/DynamicAnalysis/status/1242169195388907521

aperforrmingnextyou.xyz

# Reference: https://twitter.com/malware_traffic/status/1242251392640782337

bao-universe.com
rylandi2002.com
shengbo769.com

# Reference: https://twitter.com/malware_traffic/status/1242523433537339392
# Reference: https://app.any.run/tasks/977c8ac0-f325-428b-bbbf-0719bde2dfb6/

chersoicryss.com
cqftatumg59.com
fharmonue54w.com
jtevin46.com

# Reference: https://twitter.com/Mesiagh/status/1242524899605753856

xolzrorth.com

# Reference: https://twitter.com/w3ndige/status/1243251811559055361
# Reference: https://www.virustotal.com/gui/domain/yubz.net/relations

yubz.net

# Reference: https://twitter.com/malware_traffic/status/1243301158002855938

x0fopmxsq5y2oqud.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1244897065387397126

philippeschellekens.com
timbervalleyfarm.com

# Reference: https://twitter.com/reecdeep/status/1244929068262404096
# Reference: https://app.any.run/tasks/74e7b8d1-793a-4dbc-a365-78063dc7531d/

loadkaklokja.xyz
9ureyowuher9b.xyz
newitpagamentofor.xyz

# Reference: https://app.any.run/tasks/964e4bb8-5a59-496b-9fa8-c3799b6f687e/

phukeemonet.today

# Reference: https://twitter.com/FaLconIntel/status/1244987364033720330
# Reference: https://pastebin.com/dbnX69rX

afilepagamentoinn.xyz

# Reference: https://twitter.com/VK_Intel/status/1245435955982610432

conniethemonkey.xyz

# Reference: https://twitter.com/prakhargyl/status/1245129816346472448

residenzaborgopio.it/cartanoevo/billmanager.php
projectsplanit.xyz

# Reference: https://app.any.run/tasks/fd306d47-a412-4594-a82e-c452cd6f9db6/

prlottonews.xyz

# Reference: https://app.any.run/tasks/872756de-b4bf-4d23-a7a6-d4ab87200e51/

karntnatural.xyz

# Reference: https://twitter.com/luc4m/status/1245681887294771200

prlottonews.xyz

# Reference: https://twitter.com/luc4m/status/1245673834100871168

karntnatural.xyz

# Reference: https://twitter.com/reecdeep/status/1246079898722217988
# Reference: https://app.any.run/tasks/41af3257-45ea-4b9b-8eb1-717e87eaa98d/

c93dg24kellie.info
liiuab4.com
tidgoee51connor.top

# Reference: https://twitter.com/malware_traffic/status/1245116296368394240

10bonusonline24.info
kapswholesale.info

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html (# Win.Malware.Ursnif-7641287-1)

groupcreatedt.at

# Reference: https://twitter.com/abuse_ch/status/1247065975662555137

dropshipbear.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1247084500305227778
# Reference: https://app.any.run/tasks/f4c80d1b-74fc-4ee4-9b16-920abaf19a9d/

prlottonews.xyz

# Reference: https://twitter.com/VK_Intel/status/1248317800587972610

triomigratio.xyz

# Reference: https://app.any.run/tasks/0798e675-9b4f-467b-98e0-889321182f90/

ni96lyric.com

# Reference: https://twitter.com/abuse_ch/status/1249986843334057984

basa.nutarborg.com
fatturatrader.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1249996944698757120

trattoriafiori.xyz

# Reference: https://twitter.com/reecdeep/status/1249956885329072128

primecontentstudios.com

# Reference: https://twitter.com/reecdeep/status/1250041202847727617

localjobsph.xyz

# Reference: https://twitter.com/reecdeep/status/1250319363019657219
# Reference: https://app.any.run/tasks/61e2d22b-39c2-4693-a6af-a817954d8405/
# Reference: https://pastebin.com/7MWMbikn

brabusery.today
buhlavashie.agency
dimdimichf.today
ktravelcd.agency
kvestianopolupas.today
labibocraf.today
lyblyatovorysd.agency
mechtvoid.agency
monakolorakosg.today
motilkayotrkid.agency
nosapodyuid.agency
ogonkaflowerd.agency
optimustraiin.agency
pechenietatd.agency
pikaninet.today
sambabelogotd.agency
shtormition.agency
storunesgim.today
sviridovosd.agency
tokyomangass.host
vetrograds.today
yrganitoving.today
ytrechts.agency

# Reference: https://twitter.com/reecdeep/status/1250378509245128705

asistenon.xyz
febbrarioferraro.pw
flazzomazzo.xyz
marrzioolio.casa
marzoferazzo.xyz
newuploadswift.pw
rezelko.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1250391330192269314

largefamiliesonpurpose.com
monalisapizzeriasi.com

# Reference: https://twitter.com/reecdeep/status/1250378509245128705
# Reference: https://app.any.run/tasks/147930cb-471c-4a7b-90eb-2df1bbb022fa/

iuyefgweoiuhf.xyz

# Reference: https://twitter.com/reecdeep/status/1252859101291241472

bluechipstaffing.com
securezza.at

# Reference: https://www.virustotal.com/gui/domain/thatallmafaka.at/detection

thatallmafaka.at

# Reference: https://www.virustotal.com/gui/domain/vip-tours.at/detection

vip-tours.at

# Reference: https://www.virustotal.com/gui/domain/mcc.avast.com/relations

mcc.avast.com

# Reference: https://twitter.com/reecdeep/status/1253232918224351232

personalfsbocoach.com
wudjarather.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1253217826367832065

andrewzelaya.com
dermvalet.xyz
rolandojgarcia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1253236199508054016

searchfundaccelerator.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1253244690935267328

primecontentstudios.com
pontida.info
rolandojgarcia.com

# Reference: https://twitter.com/Mesiagh/status/1253420571527770113
# Reference: https://pastebin.com/Qp87MJVB

to4karu.ru
zvednyisvet.ru

# Reference: https://www.virustotal.com/gui/domain/gstat.hamiltoncustomhomesinc.com/relations

gstat.hamiltoncustomhomesinc.com

# Reference: https://twitter.com/p5yb34m/status/1253473594631286785
# Reference: https://twitter.com/p5yb34m/status/1253477856413286400

woofwoofacademy.xyz

# Reference: https://twitter.com/reecdeep/status/1255063841131630598

tramvaineedet.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1255051529146511360
# Reference: https://www.virustotal.com/gui/domain/gstat.dondyablo.com/detection

gstat.dondyablo.com

# Reference: https://twitter.com/reecdeep/status/1255175139093876737

bbfjjf8.com
ireiureoi0dwoi.com
katedesktop64.com
leasurefilletmarrow.com
sunhutburgerzzz.com

# Reference: https://twitter.com/malware_traffic/status/1255267206323154945

siicg8lgadurupkt.com

# Reference: https://twitter.com/reecdeep/status/1255407481758638080

link.sustainableworkplacewellness.com

# Reference: https://twitter.com/malware_traffic/status/1255990764531789825

qut69bf00e.com

# Reference: https://twitter.com/VK_Intel/status/1256652248547045377

barecao.xyz

# Reference: https://twitter.com/Bl4ng3l/status/1257575407525810176

respondcritique.xyz
staging2.lifebiotic.com

# Reference: https://twitter.com/reecdeep/status/1257579411244822529

fellowstock-puree.com
hotjotchi.com
leekscheeks777.com
oaw5ibkcxru.com
snowcraymar.com

# Reference: https://twitter.com/reecdeep/status/1257925401504034816
# Reference: https://twitter.com/abuse_ch/status/1257929586404458496
# Reference: https://bazaar.abuse.ch/sample/476cf8c09a0cd1cfe759430ab40fdedc652833ca2d54de78c5449ea50ebabe7c/

82.118.22.163:9955
gstat.couturefloor.com
gstat.yourceocoach.com
line.starlightgroupllc.com

# Reference: https://app.any.run/tasks/e3d4901b-e3e9-49d2-97d2-3b41909e49d2/

zp9u2sk8nz5.com

# Reference: https://twitter.com/reecdeep/status/1257953208535863296

divorcescheap.xyz
thepieslice.com

# Reference: https://twitter.com/reecdeep/status/1258313559890632704

alisiemental.host
consaltingz.com
marketpalasei.casa

# Reference: https://twitter.com/reecdeep/status/1258293318041112576

ramtool.at

# Reference: https://twitter.com/SBousseaden/status/1259810798161010693

canesalt2tanzania.com
clownmice123.com
dieuwoqpq.com
lettucecharity2012.com
reflora-refraction.com
squidhala.com

# Reference: https://twitter.com/CyberRaiju/status/1260133414851588097
# Reference: https://app.any.run/tasks/89b049a8-d5a5-4691-983a-f39a19a2a350/

ksoniay95ee.info

# Reference: https://twitter.com/reecdeep/status/1260479732493225995
# Reference: https://urlhaus.abuse.ch/url/362018/

betarg.com/cms/cashback/pinkash/wp-content/plugins/loginpage/
voucherdome.com
wuxiyujingxuan.com
hexingmumen.com
fpwoueopwwoq.com
juwoqoqpwieu.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Ursnif-7772130-0)

bplaplanetsurface.com

# Reference: https://app.any.run/tasks/2eacdd4c-b184-4815-a67d-64a37bf0174b/

gstat.getlearningsolutions.com
gstat.peshtigodental.com
gstat.securitiessupportunit.com

# Reference: https://bazaar.abuse.ch/sample/1056a7c5f05db0959b76c0d3b78d31937bc463934a343e0d233c694b0d83db98/

post.positivefocusskills.com

# Reference: https://www.telekom.com/en/blog/group/article/lolsnif-tracking-another-ursnif-based-targeted-campaign-600062
# Reference: https://otx.alienvault.com/pulse/5ec2b0ec5c874fda58db6d02

explik.at
farihon.at
ganikol.at
ioipzet.at
lamanak.at
mobify.at

# Reference: https://twitter.com/reecdeep/status/1263055265995395073

line.farmingtondewdays.com
post.medusaranch.com

# Reference: https://twitter.com/reecdeep/status/1263367418212159488

bespokemerchandises.com
worldwidebars.xyz

# Reference: https://twitter.com/VK_Intel/status/1263498500848979969

addiamentali.org
rezidentialia.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1263511499080941569
# Reference: https://twitter.com/DynamicAnalysis/status/1263520897085976586

g009clvp1l7.com
tauhutxiga.com
monsuperentrepreneur.com
tangocation.com
e4a24fb0e.com
f78efaf43b.com
k4xqhb6u4fo.com

# Reference: https://www.virustotal.com/gui/file/e8d386ebfdf8846bed319fe96fefa8b1613cde6ee6375d3988bca93ee2bd3866/detection

j20d7b.com

# Reference: https://twitter.com/reecdeep/status/1263827163364630528
# Reference: https://pastebin.com/raw/uS6PMrdB

a8xui1akl9gjqucfa.com
c88gpm21qoal18bmk.com
h6e2at7du07f7a2ip.com
m8pwsczg0bbzw48j7.com
nrhlxbt9covscex9b.com
se66ndx04fofu3sqv.com
cot3d.com
zhankai168.com
360yunkang.com
bcp7mbg.com
ke3rrzx.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1264793127593938950

gstat.globaltcms.com

# Reference: https://twitter.com/reecdeep/status/1265204697041862661

consaltinger.com
consulttrus.org.com

# Reference: https://twitter.com/reecdeep/status/1265530996922953729

gstat.ddoborguild.com
line.beibiandmom.com

# Reference: https://twitter.com/reecdeep/status/1265542875921743872

poundie.xyz

# Reference: https://twitter.com/abuse_ch/status/1265611357392646146

37.10.71.211:9955
gstat.peshtigodental.com
gstat.ylonnsalonchicago.com

# Reference: https://twitter.com/reecdeep/status/1265645824861749250

abee1d18255e.com
f3d189430.com
hswawuo7c8axfxw3.com
phartmaster.com
testpb12e12uufepure.com

# Reference: https://twitter.com/p5yb34m/status/1265749526909870080

ft23fpcu5yabw2.com
j5sfioue15kxqs.com
nrs2wjke0t2vz9.com

# Reference: https://twitter.com/VK_Intel/status/1265931934607212544

votboo.xyz

# Reference: https://twitter.com/reecdeep/status/1266040510147411968

lenceria2000.com
wola4ru08w9i7jjpuc.com

# Reference: https://twitter.com/Mesiagh/status/1266427848165736448

edszkas7gimk7v.com

# Reference: https://twitter.com/reecdeep/status/1266285374340399107

sibelikinciel.xyz

# Reference: https://twitter.com/Circuitous__/status/1266086835270356992

s6oo5atdgmtceep8on.com

# Reference: https://twitter.com/luc4m/status/1266054376692441088

line.mbclegacyllc.net

# Reference: https://twitter.com/reecdeep/status/1265965627589656576

gstat.matthewsalemstolper.com

# Reference: https://twitter.com/reecdeep/status/1267328903846207494

onpremisely.xyz

# Reference: https://app.any.run/tasks/5e81cda7-b0fb-4552-b46e-5d40331bfb96/

bizzznez.com
bizzznez.org

# Reference: https://twitter.com/p5yb34m/status/1267971830301601795

babytoydeals.xyz

# Reference: https://twitter.com/reecdeep/status/1268088914969014274

gstat.llbntv.com
line.madvertising.org

# Reference: https://bazaar.abuse.ch/sample/e2c3c4353ccda08c13102fdb6b53f63ac2af6285954de11fa3cfa8b707ae0834/

cfwc-deanzadistrict.org/accounts/accounts.php
susanslewis.xyz

# Reference: https://twitter.com/VK_Intel/status/1269715718502785024

exeupay.xyz

# Reference: https://bazaar.abuse.ch/sample/a0827b06bad13e450aa21407068d1c34d24d8c8441647c3bc7231a507105146e/

yunforworld.xyz

# Reference: https://twitter.com/seguridadyredes/status/1269918727698554880

a-zcorner.com
awh93dhkylps5ulnq-be.com
knockoutlights.com

# Reference: https://twitter.com/reecdeep/status/1270272141754347521
# Reference: https://app.any.run/tasks/c9c518d8-1d3e-4a7e-8574-e082fcf26638/

consaltin.com
consaltin.org
uevtachen.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1270314489511100417

gstat.llbntv.org
gstat.vmf216.com

# Reference: https://twitter.com/reecdeep/status/1270379738184515590

rockyndawn.com
xsiv7v4qzjq6rdmpp.com

# Reference: https://twitter.com/reecdeep/status/1270763108286582784

gofokfha1ww.com
hkdjuilkwwq2t.com
klt9x5q3tj.com
rokifann25s.com

# Reference: https://twitter.com/luc4m/status/1270790333295517696

lkmwdfe.xyz
ygvrfepzz.xyz

# Reference: https://twitter.com/CapeSandbox/status/1270853344731545602

mitial.at

# Reference: https://twitter.com/malware_traffic/status/1270802292451745792

thjfasfdjkf1qjt.com

# Reference: https://twitter.com/reecdeep/status/1271721654654287872

arsis.at

# Reference: https://app.any.run/tasks/6021226c-4f23-4014-9c1b-93dcdb35ef9b/

link.icloudcowboy.com

# Reference: https://bazaar.abuse.ch/sample/b53e42e6ce1bc5fe332920c16fc69a4e6d0eb26ed31fe67149dcb1ec79e401b5/

memberteam.works/templatesb/
vvietnamnews.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1274996544266272771

gstat.peshtigodental.com
gstat.thecrowband.com
line.lifeartphotographers.com

# Reference: https://twitter.com/luc4m/status/1275021211731259395

peshtigodental.com
peshtigodental.net
peshtigodental.eu
peshtigodental.xyz
sloleaks.com
sloleaks.net
sloleaks.eu
sloleaks.xyz
securezal.com
securezal.net
securezal.eu
securezal.xyz
securezal.com
securezal.net
securezal.eu
securezal.xyz
secundato.com
secundato.net
secundato.eu
secundato.xyz
secundato.com
secundato.net
secundato.eu
secundato.xyz
secundamo.com
secundamo.net
secundamo.eu
secundamo.xyz
premiamo.com
premiamo.net
premiamo.eu
premiamo.xyz
premiamo.com
premiamo.net
premiamo.eu
premiamo.xyz
securezzas.com
securezzas.net
securezzas.eu
securezzas.xyz
securezzis.com
securezzis.net
securezzis.eu
securezzis.xyz
securanto.com
securanto.net
securanto.eu
securanto.xyz
securanto.com
securanto.net
securanto.eu
securanto.xyz

# Reference: https://pastebin.com/raw/ULiRjt3H

29degod-soil.com
50kmission.com
76leof-nerve.com
82geod-misery.com
cloptio.com
fast-pacedworld.com
fepz41.com
qqm9lv.com

# Reference: https://twitter.com/reecdeep/status/1276557105860939782

ttcfv.com
ddc17.com
smc-coding.com
restyle-prinner.com
81spdi-tick.com
22wedz-crate.com
48boden-flow.com

# Reference: https://app.any.run/tasks/d87258f6-f4a5-426e-b6b7-addfe1a490e9/

kmoderatordstezya.website
silkavayssstezya.website

# Reference: https://app.any.run/tasks/22bb91d4-a8db-4b23-98e1-8c4f328cedd2/

gstat.securityguardlisting.com
line.ehrlum.com

# Reference: https://urlhaus.abuse.ch/downloads/text_recent/

5u2mr.com
9nag0.com
a9nq0z.com
dy5x1.com
e7xfxb.com
fdhwgm.com
fepz41.com
gr223t.com
gx6995.com
ihgd1u.com
mbzrrt.com
ofxvp.com
qqm9lv.com
u8pmg.com
voaxd.com
w0j3oq.com

# Generic trails

/a.aspx?redir=1&clientUuid=
/bounce.aspx?dx11diag=
/project.aspx?cwdTelemetry=
/%20%20%20%20.php
/2poef1/j.php
/3mBhb0/6VIJ7e.php
/8YrPpA/M6vtj8.php
/alfh/xzrn.php
/C821al/vc2Tmy.php
/caem/tyf.php
/cdjq/4oslx.php
/cmgtkz/cgcjp.php
/colorex/somatrex.php
/curoix/jotask.php
/czwih/fxla.php
/edgron/siloft.php
/f64b/oddg.php
/f64bj/jtrhs.php
/Flux/tst/index.php
/gunshu/lewasy.php
/hdil/kzex.php
/jadykf/btnryr.php
/jatt4/tarl.php
/jTlp8P/3OXkud.php
/iwp01-2ksm/20918201.php
/iwq/wpsk.php
/khogpfyc8n/215z9urlgz.php
/koorsh/soogar.php
/kundru/targen.php
/loq91/10x.php
/minsee/ragaba.php
/mynotescom/renoovohostinglilnuxadvanced.php
/novacms/grassandrocks.php
/nra962sc0/ft2dol9oy.php
/opbrk/yzsautlv.php
/p109/mv.php
/pwoxi444/vpvop.php
/qoie8rg/m1m2m.php
/qtra/ttqr.php
/rgpsl/ie.php
/s9281P/yt1.php
/siu_d16e-2cf/i28_stream.php
/skoex/po2.php
/UbiGaj/doneit.php
/unbbmevd/d76.php
/urvave/cennc.php
/vv55v37kts7et/idq9p9t142vyk.php
/w1kbs7qffwr3g5nn/hz1704i8k8bwhyo1.php
/we20lo85/aio0i32.php
/we20lo85/aio0i32p.php
/wMB03o/Wx9u79.php
/wrong/ragnarock.php
/xap_102b-AZ1/704e.php
/xEMIj66/5RcbXK.php
/xvrr7zok/6x2jrg.php
/zepoli/ironak.php
/215z9urlgz.php
/3OXkud.php
/3retyxo2m.php
/4oslx.php
/5RcbXK.php
/6VIJ7e.php
/6x2jrg.php
/83939-2039.php
/89289_928_1.php
/aio0i32.php
/aio0i32p.php
/btnryr.php
/cecolf.php
/fgoow.php
/ft2dol9oy.php
/hz1704i8k8bwhyo1.php
/huonasdh.php
/idq9p9t142vyk.php
/Jingu.php
/jogptfbuu
/jtrhs.php
/levond.php
/M6vtj8.php
/nerkom.php
/opanskot.php
/pagjfut54.php
/paghgutj44.php
/pagigpy75.php
/pagig84.php
/pagigmu48.php
/paginfo33.php
/paginfo52.php
/paginfo83.php
/pagioiu88.php
/pagkit56.php
/pagkype32.php
/pagnuko56.php
/pagnupo27.php
/pe10pd.php
/renoovohostinglilnuxadvanced.php
/si2s81-19.php
/suoepwxpamxapxlamslxdo.php
/transaction.php2
/traxic.php
/wpapi
/Wx9u79.php
/YhggfB.php
