# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Emotet, Heodo, Geodo

# Reference: https://twitter.com/_lockhum/status/1221213324525867008

66.210.228.178:443
66.210.228.178:80

# Reference: https://twitter.com/_lockhum/status/1221245124707078144

50.252.121.146:85
dvr.petcp.com

# Reference: https://twitter.com/500mk500/status/1221353819059167233

116.247.95.206:443
116.247.95.206:80

# Reference: https://twitter.com/500mk500/status/1221354099058401280

77.230.243.54:75
1c26.dyndns.org

# Reference: https://twitter.com/500mk500/status/1221355282971942914

217.77.171.230:8090

# Reference: https://twitter.com/500mk500/status/1221355851795046400

186.52.202.49:1216
vigilantepadre.dvrdns.org

# Reference: https://twitter.com/500mk500/status/1221359005655805953

201.159.153.38:8080
geracaokids.jflddns.com.br

# Reference: https://twitter.com/500mk500/status/1221360316740775937

190.158.245.105:9022

# Reference: https://twitter.com/_lockhum/status/1221620873779609602

158.255.30.100:443
158.255.30.100:80

# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Emotet#tab=2
# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Spammer:Win32/Cetsiol.A#tab=2
# Reference: http://www.securityhome.eu/malware/malware.php?mal_id=1193064972549a82b0400072.08119525

ajeyftrjqeashgda.mobi
bardubar.com
cryspellingslaveseducation.eu
distrbilko.pw
labamito.ru
likesomessfortelr.eu
mail.ps4hacked.es
naimjax.ru
qwuyegasd3edarq6yu.org
thehappylattersforallpeopleoftheworld.eu
usportrock.ru
www6067ug.sakura.ne.jp

# Reference: https://pastebin.com/csipUv2z

http://regionsnews.net/OEqhU8Lg5
http://barcounterstools.info/gwzel4FlN0
http://latemia.com.br/obrqY699Rj
http://bestofcareer.com/clwPPAOykd
http://reelcreations.ie/KAqmCDJk
http://seaweldci.com/ADR
http://seilanithih.com.kh/Rfg0JO1
http://sunflowerschoolandcollege.com/ibb/papkaa17/OWFktY
http://dealtimer.com/AsIn9
http://abujarealproperties.com/fl
http://zippyrooter.com/lvUg6HFdC
http://puntoyaparteseguros.com/B9P3zyHmix
http://fastinternet.net.au/WDnndUN
http://mebel-m.com.ua/HuvTFu8
http://tomas.datanom.fi/testlab/YHMLRXJ
http://aliu-rdc.org/QwWKYJxM
http://2idiotsandnobusinessplan.com/wC7
http://7naturalessences.com/DFaSvtrS
http://hostmktar.com/mP
http://benimdunyamkres.com/v0vig1G1
http://alpharockgroup.com/HT
http://adminflex.dk/l5TF6w
http://gailong.net/X5AyWfJG
http://shunji.org/logsite/TJaaB
http://binar48.ru/OtTlVIU5
http://tonda.us/nK8Gqwgp8
http://acejapan.net/gTFikCcVIF
http://www.finspangonline.se/qpSw0SD
http://yazilimextra.com/jHQNAQVM9
http://tpms.net.pl/gXJTQL6qMO
http://ysd63.com/xw0jDX
http://exclusiv-residence.ro/IuWn6
http://leizerstamp.ir/zqiQcpE
http://firstchoicetrucks.net/kCV0l
http://olsenelectric.com/zVz4iwC

# Reference: https://www.malware-traffic-analysis.net/2018/08/16/index2.html

theeunload.website
mykeeptake.xyz

# Reference: https://www.virustotal.com/#/domain/bizercise.top

bizercise.top

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Doc.Downloader.Emotet-6878774-0)

uka.me
woelf.in

# Reference: https://twitter.com/Cryptolaemus1/status/1113429409946644480
# Reference: https://pastebin.com/raw/DZd2628u

192.186.96.125:8080
83.110.216.26:8443
189.159.103.149:8080
200.126.225.56:8080
189.190.169.221:7080
104.236.135.119:8080
162.243.125.212:8080
217.13.106.160:7080
5.230.147.179:8080
64.13.225.150:8080
94.76.200.114:8080
212.122.71.196:995
174.93.130.148:8443
181.92.117.141:993
133.242.156.30:7080
91.92.191.134:8080
63.77.201.245:443
69.198.17.7:8080
181.39.51.243:993
27.130.153.101:53
187.189.195.208:8443
174.106.108.31:80
60.49.36.149:50000
70.57.82.196:80
62.75.187.192:8080
95.128.43.213:8080
73.217.113.111:80
87.106.139.101:8080
211.63.71.72:8080
173.255.250.241:443
190.161.186.116:80
178.62.37.188:443
175.100.138.82:22
201.220.152.101:80
208.78.100.202:8080
167.114.210.191:8080
204.184.25.150:143
184.22.6.124:7080
45.33.49.124:443
201.152.34.208:995
85.104.59.244:20
103.12.133.7:8080
203.210.237.200:993
87.106.210.123:80
45.123.3.54:443
173.255.196.209:8080
138.201.140.110:8080
78.186.5.109:443
105.101.6.219:8080
186.4.234.27:443
83.222.124.62:8080
187.198.57.250:7080
147.135.210.39:8080
24.63.218.229:80
50.31.0.160:8080
67.205.149.117:443

# Reference: https://twitter.com/makflwana/status/1085118389633175555

87.207.58.148:20

# Reference: https://twitter.com/pollo290987/status/1114007607352725504

103.12.133.7:8080
104.2.2.153:8080
104.236.135.119:8080
104.236.24.85:443
105.101.6.219:8080
105.225.191.133:80
106.51.237.174:50000
109.104.79.48:8080
109.73.52.242:8080
110.169.107.239:443
114.79.191.12:20
115.254.91.178:7080
115.74.214.134:443
120.63.130.239:465
125.99.106.225:80
133.242.156.30:7080
136.49.87.106:80
138.201.140.110:8080
138.68.139.199:443
139.59.19.157:80
144.76.117.247:8080
147.135.210.39:8080
154.120.228.126:8080
162.243.125.212:8080
165.227.213.173:8080
167.114.210.191:8080
171.101.196.138:80
173.255.196.209:8080
173.255.250.241:443
174.106.108.31:80
174.93.130.148:8443
175.100.138.82:22
176.58.93.123:8080
178.62.37.188:443
179.8.124.11:443
181.118.101.22:8080
181.15.177.100:443
181.16.4.180:80
181.170.252.83:80
181.170.93.38:8080
181.39.51.243:993
181.44.231.127:443
181.56.165.97:53
181.92.117.141:993
182.176.184.81:22
183.82.1.142:7080
184.160.113.4:993
184.22.6.124:7080
184.95.192.237:80
185.191.177.79:143
185.86.148.222:8080
186.139.160.193:8080
186.4.234.27:443
187.153.103.175:443
187.189.195.208:8443
187.189.210.143:80
187.198.57.250:7080
187.228.144.250:143
187.234.36.129:8443
188.51.153.187:993
189.148.145.183:50000
189.150.218.69:8080
189.156.223.10:20
189.159.103.149:8080
189.186.208.24:8443
189.190.169.221:7080
189.208.239.98:443
189.222.167.65:20
189.252.110.239:443
189.252.15.206:443
190.0.32.206:8080
190.104.229.114:8090
190.117.206.153:443
190.117.82.103:443
190.128.26.2:80
190.146.86.180:443
190.15.198.47:80
190.161.186.116:80
190.18.153.249:80
190.18.219.56:443
190.185.241.151:443
190.186.70.146:21
190.230.219.95:20
190.35.109.41:990
190.36.237.47:8443
190.96.118.53:443
190.97.219.241:80
192.155.90.90:7080
192.163.199.254:8080
192.186.96.125:8080
192.228.158.238:443
197.248.67.226:8080
197.88.12.80:53
200.114.142.40:8080
200.125.190.126:8080
200.126.225.56:8080
201.110.165.146:8443
201.138.11.223:8080
201.146.85.239:22
201.152.34.208:995
201.152.64.25:20
201.165.102.49:443
201.170.241.239:8080
201.220.152.101:80
201.236.95.82:80
201.239.154.191:443
201.97.91.217:443
203.210.237.200:993
204.138.46.166:7080
204.184.25.150:143
208.180.246.147:80
208.78.100.202:8080
209.159.244.240:443
210.2.86.72:8080
211.105.238.226:80
211.63.71.72:8080
212.122.71.196:995
212.31.106.90:22
216.221.73.45:443
217.13.106.160:7080
217.165.84.16:7080
217.165.84.98:20
219.94.254.93:8080
23.254.203.51:8080
24.137.254.148:80
24.63.218.229:80
2.50.4.159:443
27.130.153.101:53
37.209.252.121:80
41.227.243.107:80
41.71.19.150:80
43.229.62.186:8080
45.123.3.54:443
45.33.49.124:443
47.202.17.6:80
50.250.136.225:80
50.31.0.160:8080
51.255.50.164:8080
5.230.147.179:8080
5.9.128.163:8080
59.91.30.53:443
60.49.36.149:50000
61.2.56.167:80
62.75.143.100:7080
62.75.187.192:8080
63.77.201.245:443
64.13.225.150:8080
66.115.90.48:80
66.209.69.165:443
67.205.149.117:443
67.206.210.18:80
67.241.81.253:8443
68.191.37.107:80
69.163.33.82:8080
69.198.17.7:8080
70.184.8.94:80
70.57.82.196:80
71.11.157.249:80
72.47.248.48:8080
73.217.113.111:80
74.36.4.206:80
78.186.5.109:443
80.82.62.9:443
81.134.59.36:8080
81.22.137.186:8080
82.226.163.9:80
82.73.220.225:80
83.110.216.26:8443
83.110.80.67:22
83.222.124.62:8080
85.104.184.242:8080
85.104.59.244:20
87.106.139.101:8080
87.106.210.123:80
88.254.240.194:80
89.188.124.145:443
89.211.193.18:80
91.205.215.57:7080
91.92.191.134:8080
92.154.101.154:50000
92.48.118.27:8080
94.250.55.138:443
94.76.200.114:8080
95.128.43.213:8080
95.42.189.34:443
96.64.191.13:80
99.243.127.236:80

# Reference: https://twitter.com/ozuma5119/status/1123474884221382656

http://117.196.47.110/teapot/badge/ringin/merge/

# Reference: https://twitter.com/ozuma5119/status/1127619333444730886

tamsuamy.com
66.84.11.168:8080

# Reference: https://twitter.com/P3pperP0tts/status/1135976656751996928

142.4.198.249:7080
162.243.125.212:8080
170.150.11.245:8080

# Reference: https://twitter.com/bry_campbell/status/1164689134012833792
# Reference: https://pastebin.com/raw/7Kq2e1ik

104.131.11.150:8080
104.131.208.175:8080
104.236.151.95:7080
142.93.88.16:443
144.139.247.220:80
159.89.179.87:7080
162.144.119.216:8080
162.243.125.212:8080
170.150.11.245:8080
176.31.200.130:8080
177.242.214.30:80
187.163.180.243:22
195.242.117.231:8080
216.98.148.156:8080
217.13.106.160:7080
31.12.67.62:7080
45.123.3.54:443
45.32.158.232:7080
46.101.142.115:8080
46.105.131.69:443
64.13.225.150:8080
69.45.19.145:8080
70.32.84.74:8080
75.127.14.170:8080
91.83.93.103:7080

# Reference: https://www.virustotal.com/gui/file/09007a7ee335c0556b4a519596b589f55a0451ac540d5bbfd009f58bd9cdeb69/detection
# Reference: https://app.any.run/tasks/f78c73cb-c3b2-4ea1-a50e-187a3545eb57/

176.113.82.144:443
realty4rent.hk

# Reference: https://app.any.run/tasks/1c298a26-6a84-425f-bc1e-d37438a3ef58/

/guids/xian/ringin/

# Reference: https://twitter.com/MalwareBlueTeam/status/1171447070307188738
# Reference: https://app.any.run/tasks/ad2a8ad2-884e-4971-93bb-628305633af7/

cwbsa.org
greatvacationgiveaways.com
ulukantasarim.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1173526753308020736
# Reference: https://app.any.run/tasks/d488ee5e-8fac-47b1-b60c-56a6e39dbd89/

179.24.118.93:990
190.55.39.215:80
190.55.86.138:8443
/ringin/usbccid/

# Reference: https://twitter.com/reecdeep/status/1173858862467883008

179.12.170.88:8080
/ringin/merge/

# Reference: https://twitter.com/Paladin3161/status/1173758599442468864

alldc.pw
dentalsearchsolutions.com
dywanypers.pl
keqiang.pro
playasrivieramaya.com

# Reference: https://twitter.com/SethKingHi/status/1173825828053872641

139.59.242.76:8080
149.202.153.251:8080
159.69.211.211:7080
181.230.126.152:8090
190.13.146.47:443
190.92.103.7:80
192.241.175.184:8080
203.150.19.63:443
216.154.222.52:7080
69.164.216.124:8080
93.78.205.196:443

# Reference: https://twitter.com/killamjr/status/1173960346572378112

59055.cn
larissalinhares.com.br
robotechcity.com
toptarotist.nl
xinlou.info

# Reference: https://twitter.com/lazyactivist192/status/1173983779981012994
# Reference: https://pastebin.com/ya09DEzC

103.97.95.218:143
104.131.11.150:8080
104.236.246.93:8080
109.104.79.48:8080
109.169.86.13:8080
117.197.124.36:443
123.168.4.66:22
136.243.177.26:8080
138.201.140.110:8080
138.68.106.4:7080
142.44.162.209:8080
144.139.247.220:80
149.202.153.252:8080
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
159.65.241.220:8080
159.65.25.128:8080
162.243.125.212:8080
169.239.182.217:8080
173.212.203.26:8080
175.100.138.82:22
177.246.193.139:20
178.254.6.27:7080
178.62.37.188:443
178.79.161.166:443
178.79.163.131:8080
179.32.19.219:22
179.62.18.56:443
181.143.53.227:21
181.188.149.134:80
181.36.42.205:443
181.81.143.108:80
182.176.106.43:995
182.176.132.213:8090
182.76.6.2:8080
183.82.97.25:80
183.87.87.73:80
185.129.92.210:7080
185.86.148.222:8080
185.94.252.13:443
186.4.172.5:443
186.4.172.5:8080
186.4.194.153:993
186.83.133.253:8080
187.155.233.46:443
187.188.166.192:80
188.166.253.46:8080
189.209.217.49:80
190.1.37.125:443
190.117.206.153:443
190.145.67.134:8090
190.186.203.55:80
190.19.42.131:80
190.200.64.180:7080
190.221.50.210:8080
190.226.44.20:21
190.230.60.129:80
190.53.135.159:21
198.199.106.229:8080
198.199.88.162:8080
200.21.90.6:8080
200.57.102.71:8443
200.58.171.51:80
201.163.74.202:443
201.212.57.109:80
201.250.11.236:50000
203.25.159.3:8080
206.189.98.125:8080
211.63.71.72:8080
212.71.234.16:8080
217.113.27.158:443
217.160.182.191:8080
217.199.175.216:8080
222.214.218.192:8080
23.92.22.225:7080
31.12.67.62:7080
31.172.240.91:8080
37.157.194.134:443
37.208.39.59:7080
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
46.21.105.59:8080
46.29.183.211:8080
5.196.35.138:7080
5.77.13.70:80
59.152.93.46:443
62.210.142.58:8080
62.75.143.100:7080
62.75.187.192:8080
64.13.225.150:8080
75.127.14.170:8080
77.245.101.134:8080
77.55.211.77:8080
78.188.105.159:21
78.24.219.147:8080
79.127.57.42:80
79.143.182.254:8080
80.85.87.122:8080
81.169.140.14:443
85.104.59.244:20
86.42.166.147:80
86.98.25.30:53
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
88.250.223.190:8080
89.188.124.145:443
91.205.215.57:7080
91.205.215.66:8080
91.83.93.103:7080
91.83.93.124:7080
91.92.191.134:8080
92.222.125.16:7080
92.222.216.44:8080
94.205.247.10:80
95.128.43.213:8080

# Reference: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/
# Reference: https://otx.alienvault.com/pulse/5d8a324eb4ec65a6ab67f511

62.75.171.248:7080
cia.com.py

# Reference: https://twitter.com/reecdeep/status/1179310971761901570
# Reference: https://pastebin.com/stDdCGt8

80.240.141.141:7080
/child/free/ringin/

# Reference: https://www.virustotal.com/gui/file/985c26006ec5b38ff8c77239ccd33f1019918282c4cb50e541a58bcf8267d7bd/detection

67.225.229.55:8080

# Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html

109.104.79.48:8080
109.169.86.13:8080
114.79.134.129:443
119.159.150.176:443
119.59.124.163:8080
119.92.51.40:8080
123.168.4.66:22
138.68.106.4:7080
139.5.237.27:443
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
170.84.133.72:7080
170.84.133.72:8443
178.249.187.151:8080
178.79.163.131:8080
179.62.18.56:443
181.123.0.125:80
181.167.53.209:80
181.188.149.134:80
181.230.212.74:80
181.36.42.205:443
183.82.97.25:80
184.69.214.94:20
185.187.198.10:8080
185.86.148.222:8080
186.0.95.172:80
186.83.133.253:8080
187.155.233.46:443
187.188.166.192:80
187.199.158.226:443
187.199.158.226:7080
187.235.239.214:8080
189.166.68.89:443
189.187.141.15:50000
190.1.37.125:443
190.104.253.234:990
190.117.206.153:443
190.158.19.141:80
190.200.64.180:7080
190.221.50.210:8080
190.230.60.129:80
190.230.60.129:8080
190.38.14.52:80
200.21.90.6:8080
200.57.102.71:8443
200.58.171.51:80
201.163.74.202:443
201.184.65.229:80
201.214.74.71:80
203.25.159.3:8080
211.229.116.97:80
212.71.237.140:8080
217.113.27.158:443
217.199.160.224:8080
217.199.175.216:8080
23.92.22.225:7080
46.163.144.228:80
46.21.105.59:8080
46.28.111.142:7080
46.29.183.211:8080
46.41.134.46:8080
46.41.151.103:8080
5.196.35.138:7080
5.77.13.70:80
50.28.51.143:8080
51.15.8.192:8080
62.75.143.100:7080
62.75.160.178:8080
71.244.60.230:7080
71.244.60.231:7080
77.245.101.134:8080
77.55.211.77:8080
79.143.182.254:8080
80.240.141.141:7080
80.85.87.122:8080
81.169.140.14:443
86.42.166.147:80
87.106.77.40:7080
88.250.223.190:8080
89.188.124.145:443
91.205.215.57:7080
91.83.93.124:7080
66.228.32.31:443
198.50.170.27:8080
216.98.148.157:8080
101.187.237.217:20
103.255.150.84:80
103.97.95.218:143
104.131.11.150:8080
104.236.246.93:8080
119.15.153.237:80
136.243.177.26:8080
138.201.140.110:8080
142.44.162.209:8080
144.139.247.220:80
149.167.86.174:990
149.202.153.252:8080
159.65.25.128:8080
162.144.47.94:7080
169.239.182.217:8080
173.212.203.26:8080
177.246.193.139:20
178.254.6.27:7080
178.79.161.166:443
179.32.19.219:22
180.183.112.185:21
181.143.194.138:443
181.143.53.227:21
182.176.106.43:995
182.176.132.213:8090
182.76.6.2:8080
185.142.236.163:443
185.94.252.13:443
186.4.172.5:443
186.4.172.5:8080
186.75.241.230:80
187.144.189.58:50000
188.166.253.46:8080
189.209.217.49:80
190.106.97.230:443
190.108.228.48:990
190.145.67.134:8090
190.18.146.70:80
190.186.203.55:80
190.211.207.11:443
190.226.44.20:21
190.228.72.244:53
190.53.135.159:21
199.19.237.192:80
200.21.90.6:80
200.71.148.138:8080
201.251.43.69:8080
206.189.98.125:8080
211.63.71.72:8080
212.129.24.82:8080
212.71.234.16:8080
217.145.83.44:80
217.160.182.191:8080
222.214.218.192:8080
24.51.106.145:21
27.147.163.188:8080
31.12.67.62:7080
31.172.240.91:8080
37.157.194.134:443
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
47.41.213.2:22
5.196.74.210:8080
62.75.187.192:8080
63.142.253.122:8080
77.237.248.136:8080
78.188.105.159:21
78.24.219.147:8080
80.11.163.139:21
80.11.163.139:443
83.136.245.190:8080
85.104.59.244:20
85.106.1.166:50000
86.98.25.30:53
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
88.247.163.44:80
91.205.215.66:8080
92.222.125.16:7080
92.222.216.44:8080
94.205.247.10:80
95.128.43.213:8080
46.105.131.69:443
176.31.200.130:8080
104.131.58.132:8080
108.179.216.46:8080
110.36.234.146:80
113.52.135.33:7080
115.88.70.226:7080
125.99.61.162:7080
138.197.140.163:8080
139.59.242.76:8080
143.95.101.72:8080
148.240.52.172:80
152.170.220.95:80
162.214.27.219:7080
162.241.232.82:8080
176.58.93.123:80
178.249.187.150:7080
179.62.18.56:443
181.113.229.139:990
181.165.150.211:143
181.230.126.152:8090
181.55.171.237:8080
186.10.16.244:53
186.117.174.26:80
186.29.155.101:50000
186.93.167.147:443
190.117.206.153:443
190.13.146.47:443
190.55.39.215:80
190.55.86.138:8443
190.92.103.7:80
190.96.118.15:443
194.50.163.106:8080
197.211.244.6:443
200.114.134.8:20
201.244.125.210:995
203.150.19.63:443
216.154.222.52:7080
216.70.88.55:8080
41.60.202.26:22
45.33.1.161:8080
46.32.229.152:8080
5.189.148.98:8080
51.38.134.203:8080
70.45.30.28:80
78.109.34.178:443
83.169.33.157:8080
93.78.205.196:443
94.177.253.126:80
178.32.255.133:443
198.46.150.196:7080

# Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html

tamariaclinic.com/blog/po22/
a3infra.com/config.charge/92/
kairod.com/4rvg/fg19/
weifanhao.com/wp-admin/mm6zz6158/
aladilauto.com/wp-admin/o273wu4/
marchekit.com/wp-admin/oaxj1/
matteogiovanetti.com/wp-admin/264/
fntc-test.xcesslogic.com/wp-content/3b7s9209/
m.alahmads.com/wordpress/h5ut582/
ejob.magnusideas.com/cgi-bin/i5834/
otc-manila.com/wp-admin/q2zht7567/
mti.shipindia.com/wp-admin/css/21nd31328/
wisdomabc.com/css/wm8fu9190/
reportingnew.xyz/wordpress/3f0880/
metaphysicalhub.com/bkp_08092019/9nvo876799/
gg4.devs-group.com/amdcwdp/YPRqWcJFaE/
tlbplanning.org/wp-admin/KqrBgDoSq/
eternalsea.cn/qfpka0q/tPeJNBsE/
banglaay.com/wp-includes/VRVWLAbrjy/
shizizmt.com/jr/633mjf4w8_54d4cu-209964833/
aplikasi.bangunrumah-kita.com/b8kee0mj/0m3l_clo7kkcub-76/
altaikawater.com/wp-admin/4jh8s_sxm6m3eec-441/
antoinegimenez.com/css/hUgHbaEf/
auto-moto-ecole-vauban.fr/wp-admin/ww42_lwln3c-1236328628/
avant2017.amsi-formations.com/prog/skzHGQddV/
cheaptrainticket.cogbiz-infotech.com/cgi-bin/9vsx4g6l_p5x29co-43731795/
gsfcloud.com/fir/qx88b0qgfq_tdpfmobexf-881829012/
fabiogutierrez.com.br/loja/bEZYtLkJGj/
gruasasuservicio.com/cgi-bin/YdFmLIEsIB/
itf.palemiya.com/wp-includes/IIswblOCV/
moda.9l.pl/calendar/HugncgqxUR/
sweetmagazine.org/wp-admin/z0jxuhjao_n6me674y8i-3862/
precisieving.com/wp-admin/db090yl5_bwwmv-86392/
ucomechina.com/wp-content/aVMBsBCy/
your-event.es/mailin/OgXcBNiq/
lensakaca21.com/wp-admin/dBfxiIyp/
ithync.net/wp-includes/tyyYyGS/
blog.coopealbaterense.es/wp-admin/dnf3-nl9qg-869655/
lumiinx.eu/inc/prevents/addtosavedlist/nStxFTJB/
lupusvibes.ca/wp-admin/jnmvgio-dsl-6986784805/
cielouvert.fr/syvhqw1/nkch-nzf59az7e-99571/
demo.magerase.co.uk/wp-admin/wKpBbWmF/
accountingtoindia.com/fhsao/txsp1-fcy9gfh-11178860/
diawan.club/wordpress/ZnbSfWu/
lelecars.it/wp-admin/khrufjms-sijs5jz1e3-532825/
notiwebs.xyz/wordpress/vBfQVN/
ocstudio.tv/wp-admin/qWhNBtEM/
dulich.goasiatravel.com/wp-admin/mCXZnnARx/
www.hellotech.io/fivestar/vHYxCPeDd/
hospitalitysource.co.uk/test/lohXuP/
mobasara13.zahidulzibon.com/hyi/iGIuWmPa/
munishjindal.com/wp-content/tIZtULuZv/
cowabungaindustries.com/cgi-bin/hv3g9x-hkzj-9002618725/
sgiff.com/css/ixuc3k-wus7v022j-4995897081/
thesafeplace.net/wp/AsHrwMT/

# Reference: https://twitter.com/BarryShooshooga/status/1182535664643923968

mayurpai.com
mastersjarvis.com
nyc.rekko.com
lagriffeduweb.com
onickdoorsonline.com

# Reference: https://any.run/report/06f1f3ab993e994fe2b14126c50f009854081f55e52e26d5f0e2a325c5c5280f/e304cf8f-c3e5-4c03-a37d-2eb47266e450

offmaxindia.com

# Reference: https://github.com/silence-is-best/c2db#emotet

69.162.169.173:8080

# Reference: https://twitter.com/D3LabIT/status/1182633589764165640
# Reference: https://app.any.run/tasks/e6e252dc-6a94-4e61-ae21-a581beee5114/
# Reference: https://pastebin.com/zKBnkxqq

http://110.36.234.146
http://191.82.16.60
91.83.93.105:8080
110.36.234.146:80
191.82.16.60:80
91.83.93.105:8080
216.98.148.181:8080
68.183.190.199:8080
190.230.60.129:80
183.82.97.25:80
114.79.134.129:443
89.188.124.145:443
178.79.163.131:8080
76.69.29.42:80
87.106.77.40:7080
178.249.187.151:8080
62.75.143.100:7080
201.163.74.202:443
62.75.160.178:8080
181.188.149.134:80
186.0.95.172:80
217.199.160.224:8080
203.25.159.3:8080
189.160.49.234:8443
190.104.253.234:990
71.244.60.230:7080
159.203.204.126:8080
71.244.60.231:7080
142.93.82.57:8080
46.41.151.103:8080
138.68.106.4:7080
5.1.86.195:8080
149.62.173.247:8080
170.84.133.72:7080
190.230.60.129:8080
190.97.30.167:990
190.85.152.186:8080
200.58.171.51:80
51.15.8.192:8080
190.158.19.141:80
91.83.93.124:7080
139.5.237.27:443
123.168.4.66:22
81.169.140.14:443
187.188.166.192:80
212.71.237.140:8080
186.1.41.111:443
77.245.101.134:8080
181.29.101.13:8080
181.44.166.242:80
185.86.148.222:8080
86.42.166.147:80
190.221.50.210:8080
94.183.71.206:7080
181.36.42.205:443
170.84.133.72:8443
68.183.170.114:8080
79.129.0.173:8080
184.69.214.94:20
189.180.243.255:8080
200.57.102.71:8443
109.104.79.48:8080
185.187.198.10:8080
80.85.87.122:8080
181.143.101.18:8080
119.59.124.163:8080
46.163.144.228:80
50.28.51.143:8080
88.250.223.190:8080
190.38.14.52:80
119.159.150.176:443
5.77.13.70:80
200.51.94.251:143
82.196.15.205:8080
201.199.93.30:443
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
189.166.68.89:443
151.80.142.33:80
79.143.182.254:8080
119.92.51.40:8080
46.101.212.195:8080
46.29.183.211:8080
91.205.215.57:7080
190.10.194.42:8080
77.55.211.77:8080
109.169.86.13:8080
190.1.37.125:443

# Reference: https://app.any.run/tasks/a30f1cfa-5088-4993-9435-58e2df1791a9/

181.16.17.210:443
chefchaouen360.com
faithmontessorischools.com
japanesepdf.com

# Reference: https://twitter.com/blackorbird/status/1191185536372920320

46.105.131.68:8080

# Reference: https://medium.com/@vishal_29486/emotet-sep-2019-wk-3-c2i-urls-f3bb8b10e17f

http://95.42.189.34/rtm/child/
http://41.227.243.107/child/report/publish/
http://190.18.153.249/json/
http://189.150.218.69/loadan/
http://104.236.135.119/site/tlb/
http://162.243.125.212/schema/loadan/
http://217.13.106.160/teapot/jit/publish/
http://5.230.147.179/guids/img/
http://64.13.225.150/publish/nsip/
http://95.128.43.213/raster/srvc/publish/
http://187.234.36.129/ringin/
http://37.209.252.121/taskbar/schema/publish/enabled/
http://211.63.71.72/xian/vermont/publish/enabled/
http://174.93.130.148/results/enable/publish/
http://83.110.80.67/site/devices/publish/enabled/
http://50.31.0.160/devices/cookies/publish/enabled/
http://175.100.138.82/enabled/dma/
http://190.128.26.2/attrib/odbc/publish/
http://45.123.3.54/ringin/balloon/publish/enabled/
http://78.186.5.109/raster/codec/publish/
http://69.198.17.7/cookies/
http://50.250.136.225/ban/teapot/
http://24.63.218.229/merge/rtm/
http://217.165.84.98/balloon/acquire/
http://106.51.237.174/entries/raster/
http://167.114.210.191/devices/window/publish/
http://45.33.49.124/attrib/
http://147.135.210.39/cone/
http://94.76.200.114/psec/
http://96.64.191.13/devices/
http://190.161.186.116/guids/
http://201.220.152.101/cone/
http://67.205.149.117/balloon/forced/
http://133.242.156.30/badge/loadan/publish/
http://201.152.64.25/walk/free/publish/enabled/
http://70.57.82.196/scripts/add/publish/
http://138.201.140.110/acquire/
http://201.236.95.82/mult/ringin/publish/enabled/
http://186.4.234.27/codec/sess/publish/
http://114.79.191.12/merge/
http://190.36.237.47/free/chunk/
http://189.252.110.239/tpt/schema/publish/enabled/
http://190.97.219.241/add/
http://92.154.101.154/between/
http://201.170.241.239/cone/iplk/publish/enabled/
http://85.104.59.244/enable/odbc/publish/enabled/
http://103.12.133.7/loadan/balloon/
http://87.106.139.101/devices/health/publish/enabled/
http://183.82.1.142/merge/splash/publish/
http://212.122.71.196/chunk/
http://87.106.210.123/arizona/
http://62.75.187.192/iab/
http://187.189.195.208/psec/scripts/
http://201.146.85.239/sess/merge/
http://83.222.124.62/badge/enabled/
http://173.255.250.241/usbccid/
http://189.222.167.65/srvc/between/
http://173.255.196.209/nsip/entries/publish/enabled/
http://63.77.201.245/pnp/child/
http://178.62.37.188/srvc/guids/publish/
http://208.78.100.202/pdf/
http://91.92.191.134/scripts/
http://95.42.189.34/json/
http://125.99.106.225/forced/loadan/publish/
http://41.227.243.107/merge/
http://47.41.213.2/between/ban/
http://206.189.98.125/child/json/free/
http://200.21.90.6/raster/
http://187.163.222.244/forced/
http://186.4.234.27/devices/window/free/enabled/
http://190.97.219.241/report/enabled/free/
http://87.106.136.232/tlb/usbccid/
http://213.14.166.152/merge/entries/free/
http://125.99.106.226/guids/
http://60.48.253.12/child/
http://187.189.195.208/acquire/guids/free/enabled/
http://92.154.101.154/enabled/report/free/
http://189.209.217.49/child/results/free/enabled/
http://41.220.119.246/child/forced/
http://217.13.106.160/scripts/arizona/
http://188.166.253.46/jit/loadan/free/
http://162.243.125.212/merge/
http://75.127.14.170/guids/xian/
http://159.65.25.128/arizona/ringin/free/enabled/
http://190.72.136.214/site/srvc/
http://50.99.132.7/badge/publish/
http://50.31.0.160/ringin/chunk/free/enabled/
http://31.172.240.91/dma/schema/free/
http://104.236.99.225/teapot/vermont/free/enabled/
http://46.101.142.115/between/prov/free/enabled/
http://222.214.218.136/taskbar/enable/free/
http://201.199.89.223/walk/
http://85.104.59.244/tlb/cookies/
http://190.25.255.98/site/badge/free/
http://190.145.67.134/balloon/cab/
http://216.98.148.156/iab/health/free/
http://45.123.3.54/prov/site/free/enabled/
http://24.139.205.186/raster/teapot/free/enabled/
http://78.186.5.109/devices/walk/
http://136.243.177.26/json/acquire/free/enabled/
http://120.150.236.64/pdf/raster/free/
http://181.189.213.231/cab/window/free/enabled/
http://187.225.213.90/stubs/enabled/free/
http://88.21.212.13/img/
http://190.75.47.24/enabled/
http://178.152.78.149/enabled/cone/
http://39.61.34.254/balloon/guids/free/enabled/
http://182.176.132.213/mult/symbols/free/
http://138.201.140.110/merge/results/free/
http://186.144.64.31/schema/tlb/free/enabled/
http://91.74.62.86/prep/loadan/
http://178.79.161.166/results/free/free/
http://147.135.210.39/ringin/
http://144.139.247.220/symbols/
http://222.214.218.192/schema/srvc/
http://69.45.19.145/merge/publish/
http://201.220.152.101/iplk/chunk/
http://186.4.167.166/scripts/attrib/free/
http://84.241.10.111/taskbar/prov/free/enabled/
http://162.144.119.216/child/
http://142.93.88.16/splash/
http://31.12.67.62/enabled/cookies/free/enabled/
http://91.83.93.103/cone/
http://104.131.208.175/ringin/
http://62.75.187.192/site/balloon/
http://177.242.214.30/symbols/site/
http://211.248.17.209/usbccid/walk/free/enabled/
http://195.242.117.231/cookies/acquire/free/
http://87.106.139.101/entries/merge/free/
http://94.76.200.114/cookies/sym/free/
http://179.32.19.219/publish/
http://200.85.46.122/acquire/entries/free/
http://169.239.182.217/prov/cone/free/enabled/
http://190.25.255.98/enable/taskbar/free/
http://104.131.11.150/srvc/
http://201.238.152.20/iplk/results/free/
http://190.83.191.92/raster/forced/
http://78.24.219.147/symbols/arizona/
http://179.14.2.75/psec/pdf/free/enabled/
http://59.103.164.174/glitch/nsip/free/
http://71.244.60.230/loadan/sess/free/
http://190.128.26.2/nsip/publish/free/
http://182.176.94.236/pdf/iab/free/enabled/
http://87.230.19.21/pnp/schema/
http://175.100.138.82/badge/vermont/
http://117.218.17.6/loadan/prov/
http://91.205.215.66/pdf/enable/free/
http://187.163.180.243/enabled/iplk/free/enabled/
http://211.63.71.72/report/badge/
http://190.25.255.98/usbccid/cab/free/
http://64.13.225.150/xian/health/free/
http://181.129.30.82/enabled/
http://46.105.131.87/glitch/
http://66.84.11.168/cone/teapot/free/enabled/
http://182.176.94.236/acquire/
http://80.1.76.46/acquire/
http://77.56.253.112/psec/
http://212.71.234.16/merge/
http://95.128.43.213/xian/enabled/free/enabled/
http://167.114.210.191/taskbar/between/free/enabled/
http://177.246.193.139/usbccid/glitch/
http://178.62.37.188/publish/child/
http://174.136.14.100/sym/taskbar/free/
http://78.188.7.213/enabled/report/
http://104.236.246.93/cab/results/free/
http://45.33.49.124/acquire/
http://47.41.213.2/acquire/
http://206.189.98.125/psec/
http://200.21.90.6/walk/xian/free/enabled/
http://187.163.222.244/usbccid/
http://186.4.234.27/symbols/
http://190.97.219.241/arizona/ringin/free/enabled/
http://87.106.136.232/loadan/srvc/
http://213.14.166.152/bml/publish/free/
http://125.99.106.226/add/chunk/free/
http://60.48.253.12/raster/schema/free/enabled/
http://187.189.195.208/rtm/attrib/
http://92.154.101.154/iplk/prov/free/enabled/
http://189.209.217.49/walk/enable/
http://41.220.119.246/enabled/iplk/free/
http://217.13.106.160/child/psec/
http://188.166.253.46/json/dma/free/
http://162.243.125.212/report/odbc/free/
http://75.127.14.170/tpt/balloon/free/enabled/
http://159.65.25.128/splash/splash/free/
http://190.72.136.214/forced/pnp/free/
http://50.99.132.7/ban/
http://50.31.0.160/raster/json/free/enabled/
http://31.172.240.91/splash/raster/free/
http://104.236.99.225/free/scripts/free/enabled/
http://46.101.142.115/usbccid/merge/
http://222.214.218.136/jit/enabled/free/enabled/
http://201.199.89.223/arizona/between/
http://85.104.59.244/taskbar/glitch/free/
http://190.25.255.98/iab/taskbar/free/enabled/
http://190.145.67.134/raster/report/free/
http://216.98.148.156/ringin/
http://45.123.3.54/report/forced/
http://24.139.205.186/srvc/
http://78.186.5.109/free/add/
http://136.243.177.26/psec/stubs/
http://120.150.236.64/guids/ringin/free/
http://181.189.213.231/usbccid/
http://187.225.213.90/iab/publish/free/
http://88.21.212.13/symbols/
http://190.75.47.24/arizona/attrib/free/enabled/
http://178.152.78.149/results/prov/free/
http://39.61.34.254/acquire/iplk/free/
http://182.176.132.213/devices/
http://138.201.140.110/sym/
http://186.144.64.31/publish/
http://91.74.62.86/cone/
http://178.79.161.166/arizona/site/free/enabled/
http://147.135.210.39/arizona/tpt/free/enabled/
http://144.139.247.220/scripts/rtm/pdf/enabled/
http://222.214.218.192/psec/
http://69.45.19.145/sym/
http://201.220.152.101/xian/window/pdf/enabled/
http://186.4.167.166/window/enabled/pdf/
http://84.241.10.111/scripts/
http://162.144.119.216/enable/
http://142.93.88.16/attrib/
http://31.12.67.62/child/child/
http://91.83.93.103/symbols/guids/pdf/
http://104.131.208.175/rtm/report/pdf/enabled/

# Reference: https://any.run/report/55dfe66f79cd29e7d145b2ac8737753c5450f635660e66b5776e97cbe8c1a76c/e8aa6541-b117-4e28-9b0a-7e45587b67d9

191.100.24.201:50000
193.34.144.138:8080
74.208.173.91:8080
46.105.131.68:8080
152.169.32.143:8080

# Reference: https://any.run/report/3cf19ad5c06f025712300a4e93219e0faa35475402fae323b4daa4bbe1ba7bef/eebb6b29-c512-4502-96ea-fafedfd21ecb

189.252.102.40:8080

# Reference: https://any.run/report/90fb407e71334f7ca323d9f6537706d54cafed3bf9538799b79b89658ae067ee/b893ddb7-d8ff-4994-8a7a-644851c4fced

85.234.143.94:8080
204.225.249.100:8080
178.249.187.151:8080

# Reference: https://any.run/report/603d002fe4cd0bd24f19036d9885877062233ffb32309c510f10e86ac1bc9f38/b492d8c0-56ed-48ea-b10e-1147c848753b

104.239.175.211:8080
67.225.179.64:8080
183.102.238.69:465

# Reference: https://twitter.com/malware_traffic/status/1196554607658459136
# Reference: https://app.any.run/tasks/1496c35f-f44a-4913-b7de-847a421bdfe1/
# Reference: https://www.virustotal.com/gui/ip-address/144.76.56.36/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.156.35.235/relations

144.76.56.36:8080
65.23.154.17:8080
94.156.35.235:443

# Reference: https://pastebin.com/5iAUEP7J

jameslotz.com/wp-admin/k3s20753/
monitoring.bactrack.com/wp-content/cmdz7/
enegix.com/pytosj2jd/v9s7ze3/
jaafarattar.com/pytosj2jd/2re2j5773/
iruainvestments.com/pytosj2jd/0nc76zs40663/
handbookforfairygodmothers.com/yjlsdsd/k3/
yummybox.uk/wp-admin/7Q/
scrapy999.com/cgi-bin/g1oi/
bunifood.com/pytosj2jd/pazg/
eurobizconsulting.it/cgi-bin/9q6ty/

# Reference: https://app.any.run/tasks/68191492-99f0-464f-bb25-dd4f006c2c64/

http://momo2.test.zinimedia.com/medias/2wgtpu56548/

# Reference: https://app.any.run/tasks/dd109624-8140-4935-a10f-da93f909b3cf/

http://astrametals.com/wp-content/im24279/

# Reference: https://app.any.run/tasks/c1a626cf-c6e1-4405-8893-b45fe2b08323/
# Reference: https://app.any.run/tasks/27f879de-fbd3-4b44-89b3-67955cc78a71/

109.169.86.13:8080
125.99.61.162:7080
142.93.114.137:8080
149.62.173.247:8080
154.120.227.206:8080
159.203.204.126:8080
170.130.31.177:8080
172.104.233.225:8080
178.79.163.131:8080
182.48.194.6:8090
186.23.132.93:990
190.146.131.105:8080
190.195.129.227:8090
190.210.184.138:995
190.97.30.167:990
201.190.133.235:8080
203.25.159.3:8080
212.71.237.140:8080
213.189.36.51:8080
217.199.160.224:8080
50.28.51.143:8080
51.255.165.160:8080
62.75.160.178:8080
68.183.170.114:8080
68.183.190.199:8080
70.32.78.99:8080
77.55.211.77:8080
80.85.87.122:8080
81.213.215.216:50000
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
92.169.250.229:8080
94.183.71.206:7080

# Reference: https://app.any.run/tasks/810d6543-148f-4b1e-8266-b7bf63fb3f18/

209.97.168.52:8080
217.149.241.121:8080
31.47.234.186:8080
31.47.234.186:8080
37.187.2.199:443
46.101.7.140:8080
50.116.86.205:8080
69.64.67.20:8080

# Reference: https://www.virustotal.com/gui/domain/kids-education-support.com/relations

kids-education-support.com

# Reference: https://www.virustotal.com/gui/file/811fa8cd3dfb73070dc5c2f646c3b009944c6b4353cbf72a2355986606b1a7a0/detection

185.189.58.222:5050
92.63.197.59:5050

# Reference: https://pastebin.com/LdXdyCGQ

212.71.234.16:8080
78.47.106.72:8080
165.227.156.155:443
192.241.255.77:8080
181.57.193.14:80
86.22.221.170:80
37.187.2.199:443
179.12.170.148:8080
95.128.43.213:8080
59.103.164.174:80
152.89.236.214:8080
78.24.219.147:8080
190.226.44.20:21
104.236.246.93:8080
190.145.67.134:8090
104.239.175.211:8080
46.105.131.87:80
144.139.247.220:80
83.136.245.190:8080
171.101.153.86:990
190.211.207.11:443
104.131.44.150:8080
189.209.217.49:80
186.4.172.5:443
87.106.136.232:8080
87.106.139.101:8080
94.205.247.10:80
181.143.194.138:443
200.71.148.138:8080
186.4.172.5:20
62.75.187.192:8080
169.239.182.217:8080
92.222.216.44:8080
192.241.220.155:8080
87.230.19.21:8080
80.11.163.139:21
182.176.132.213:8090
31.172.240.91:8080
37.157.194.134:443
31.12.67.62:7080
190.53.135.159:21
191.92.209.110:7080
138.201.140.110:8080
45.33.49.124:443
103.39.131.88:80
167.71.10.37:8080
167.99.105.223:7080
85.104.59.244:20
115.78.95.230:443
186.75.241.230:80
67.225.179.64:8080
181.31.213.158:8080
104.131.11.150:8080
212.129.24.79:8080
217.160.182.191:8080
211.63.71.72:8080
159.65.25.128:8080
173.212.203.26:8080
5.196.74.210:8080
183.102.238.69:465
186.4.172.5:8080
178.79.161.166:443
192.81.213.192:8080
176.31.200.130:8080
178.210.51.222:8080
173.249.47.77:8080
91.205.215.66:8080
149.202.153.252:8080

# Reference: https://twitter.com/tkanalyst/status/1199711428082425857
# Reference: https://app.any.run/tasks/4f792e29-48b8-40ae-9e11-6f29c3ac7204/

104.236.137.72:8080
172.104.233.225:8080

# Reference: https://twitter.com/malware_traffic/status/1199754976748359680

178.63.78.150:8080
192.161.190.171:8080
80.93.48.49:7080

# Reference: https://twitter.com/malware_traffic/status/1199787380477235201

149.202.153.251:8080
222.239.249.166:443
50.63.13.135:8080
80.211.32.88:8080
82.145.43.153:8080
92.119.123.10:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1200047745307951105
# Reference: https://pastebin.com/raw/Sk3z09G0

116.48.142.21:443
12.229.155.122:80
120.150.246.241:80
121.175.14.59:990
125.230.36.147:443
128.65.154.183:443
144.139.56.105:80
164.68.101.171:80
165.228.24.197:80
172.90.70.168:443
177.103.201.23:80
187.144.236.211:443
187.250.92.82:80
190.101.87.170:80
195.244.215.206:80
197.254.221.174:80
2.38.99.79:80
202.226.238.55:80
220.146.36.244:80
41.218.118.66:80
47.187.70.124:443
5.88.182.250:80
72.27.212.209:8080
77.211.249.124:80
77.241.53.234:80
78.15.114.100:80
81.213.145.45:443
85.105.183.228:443
91.73.197.90:80
95.219.199.225:80

# Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/
# Reference: https://www.virustotal.com/gui/ip-address/190.12.119.180/relations

190.12.119.180:443

# Reference: https://twitter.com/Cryptolaemus1/status/1200388377805279232
# Reference: https://pastebin.com/raw/tKXqac1m

101.187.247.29:80
107.2.2.28:80
109.166.89.91:80
110.143.18.92:80
116.48.138.115:80
118.200.218.193:443
118.201.230.249:80
122.11.164.183:80
186.215.101.106:80
187.233.220.93:443
189.180.105.125:443
190.12.119.180:443
195.191.107.67:80
197.90.159.42:80
200.71.193.220:443
201.183.251.100:80
211.218.105.101:80
213.179.105.214:8080
47.50.251.130:80
60.53.3.153:8080
80.21.182.46:80
80.29.54.20:80
83.110.107.243:443
85.130.127.2:80
98.196.49.107:80

# Reference: https://twitter.com/peric0/status/1200535559615201285
# Reference: https://app.any.run/tasks/92158989-24e1-43df-9cc1-958aadacdce8/

31.41.221.148:80
5.63.8.237:443
88.198.60.25:80
95.216.124.146:443
artnkrafts.com
arvinhayat.com
mototorg.com
peruorganiconatural.com
primekala.com

# Reference: https://twitter.com/luc4m/status/1201929340717547520
# Reference: https://pastebin.com/tk8Wj4ya

104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
110.143.18.92:80
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
121.175.14.59:990
125.99.61.162:7080
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
14.160.93.230:80
142.127.57.63:8080
142.93.114.137:8080
144.139.56.105:80
149.62.173.247:8080
154.120.227.206:8080
159.203.204.126:8080
163.172.40.218:7080
172.104.233.225:8080
178.79.163.131:8080
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
181.36.42.205:443
181.61.143.177:80
182.48.194.6:8090
183.82.97.25:80
185.86.148.222:8080
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
189.173.113.67:443
190.102.226.91:80
190.146.131.105:8080
190.17.42.79:80
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
190.38.14.52:80
190.4.50.26:80
190.97.30.167:990
191.103.76.34:443
2.38.99.79:80
200.113.106.18:80
200.123.101.90:80
200.124.225.32:80
200.58.83.179:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
203.130.0.69:80
203.25.159.3:8080
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
213.189.36.51:8080
217.199.160.224:8080
37.132.193.19:8080
45.79.95.107:443
46.101.212.195:8080
46.28.111.142:7080
47.146.42.234:80
47.187.70.124:443
5.196.35.138:7080
50.28.51.143:8080
51.255.165.160:8080
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
77.241.53.234:80
77.55.211.77:8080
80.29.54.20:80
80.85.87.122:8080
81.213.215.216:50000
82.196.15.205:8080
82.8.232.51:80
85.234.143.94:8080
86.42.166.147:80
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
95.179.195.74:80
96.20.84.254:7080
98.196.49.107:80

# Reference: https://app.any.run/tasks/5275f984-a656-41d5-b031-496accf03e4b/

105.227.58.49:80

# Reference: https://pastebin.com/jfsfQ6Cq

1.32.54.12:8080
103.122.75.218:80
103.9.145.19:8080
110.142.161.90:80
113.52.135.33:7080
115.179.91.58:80
119.159.150.176:443
122.11.164.183:80
123.142.37.165:80
124.150.175.129:8080
124.150.175.133:80
138.197.140.163:8080
142.93.87.198:8080
143.95.101.72:8080
152.169.32.143:8080
162.144.46.90:8080
163.172.97.112:8080
172.104.70.207:8080
172.105.213.30:80
172.90.70.168:443
174.57.150.13:8080
176.58.93.123:80
177.103.201.23:80
178.134.1.238:80
181.197.108.171:443
181.44.166.242:80
181.47.235.26:993
182.176.116.139:995
186.215.101.106:80
186.66.224.182:990
187.177.155.123:990
187.233.220.93:443
187.250.92.82:80
188.230.134.205:80
189.225.211.171:443
189.61.200.9:443
190.101.87.170:80
190.161.67.63:80
190.171.135.235:80
190.189.79.73:80
190.5.162.204:80
191.100.24.201:50000
192.161.190.171:8080
192.163.221.191:8080
192.210.217.94:8080
192.241.220.183:8080
193.33.38.208:443
195.191.107.67:80
198.57.217.170:8080
200.71.112.158:53
201.183.251.100:80
201.196.15.79:990
210.111.160.220:80
210.224.65.117:80
211.218.105.101:80
212.112.113.235:80
212.129.14.27:8080
216.75.37.196:8080
221.154.59.110:80
23.253.207.142:8080
24.27.122.202:80
24.28.178.71:80
37.59.24.25:8080
41.218.118.66:80
41.77.74.214:443
45.129.121.222:443
46.105.128.215:8080
46.105.131.68:8080
46.17.6.116:8080
5.189.148.98:8080
50.116.78.109:8080
51.38.134.203:8080
58.93.151.148:80
60.53.3.153:8080
67.171.182.231:80
67.254.196.78:443
69.30.205.162:7080
72.27.212.209:8080
72.69.99.47:80
77.245.12.212:80
78.186.102.195:80
78.46.87.133:8080
81.213.145.45:443
81.82.247.216:80
82.79.244.92:80
83.110.107.243:443
83.156.88.159:80
83.99.211.160:80
85.105.183.228:443
85.109.190.235:443
86.6.123.109:80
89.215.225.15:80
91.117.31.181:80
95.216.207.86:7080
95.216.212.157:8080
98.15.140.226:80

# Reference: https://twitter.com/Jouliok/status/1204348553117798400
# Reference: https://app.any.run/tasks/af64addf-eaec-4936-8ae1-49de48511547/

bigbizyou.fr

# Reference: https://www.virustotal.com/gui/file/d7fa60d982e84f82f1e310801990591ad9d518921d338e0d6045555cd9a55abb/detection

http://12.176.19.218

# Reference: https://twitter.com/luc4m/status/1204102158012100608
# Reference: https://pastebin.com/B5R4ggig

104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
125.99.61.162:7080
130.45.45.31:80
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
14.160.93.230:80
142.127.57.63:8080
142.93.114.137:8080
144.139.56.105:80
144.2.165.179:80
149.135.123.65:80
149.62.173.247:8080
159.203.204.126:8080
163.172.40.218:7080
172.104.233.225:8080
178.79.163.131:8080
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
181.36.42.205:443
181.61.143.177:80
183.82.97.25:80
185.160.212.3:80
185.86.148.222:8080
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
190.102.226.91:80
190.146.131.105:8080
190.17.42.79:80
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
190.38.14.52:80
190.4.50.26:80
190.97.30.167:990
191.103.76.34:443
2.139.158.136:443
2.38.99.79:80
2.44.167.52:80
200.119.11.118:443
200.123.101.90:80
200.124.225.32:80
200.58.83.179:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
202.186.240.165:8080
203.130.0.69:80
203.25.159.3:8080
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
217.199.160.224:8080
37.183.121.32:80
45.50.177.164:80
45.79.95.107:443
46.101.212.195:8080
46.28.111.142:7080
47.146.42.234:80
47.187.70.124:443
5.196.35.138:7080
5.88.27.67:8080
50.28.51.143:8080
51.255.165.160:8080
58.171.181.213:80
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.129.203.162:443
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
77.241.53.234:80
77.55.211.77:8080
79.31.85.103:80
80.29.54.20:80
80.85.87.122:8080
82.196.15.205:8080
82.8.232.51:80
83.165.163.225:80
85.234.143.94:8080
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
93.67.154.252:443
95.179.195.74:80
96.126.121.64:443
96.20.84.254:7080
96.61.113.203:80
98.196.49.107:80

# Reference: https://app.any.run/tasks/3f80a1bc-55d1-444b-9000-327db827ef8a

cigpcl.com
http://85.152.208.146
http://68.174.15.223

# Reference: https://twitter.com/Sentry_23/status/1204371815591817216

162.241.92.219:8080

# Reference: https://twitter.com/luc4m/status/1204453473015586816
# Reference: https://pastebin.com/LPpTsymc

2.44.167.52:80
2.139.158.136:443
5.88.27.67:8080
5.196.35.138:7080
14.160.93.230:80
37.183.121.32:80
45.50.177.164:80
45.79.95.107:443
46.28.111.142:7080
46.101.212.195:8080
47.146.42.234:80
47.187.70.124:443
50.28.51.143:8080
51.255.165.160:8080
58.171.181.213:80
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.129.203.162:443
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
76.221.133.146:80
77.55.211.77:8080
77.241.53.234:80
79.31.85.103:80
80.29.54.20:80
80.85.87.122:8080
82.8.232.51:80
82.196.15.205:8080
83.165.163.225:80
85.234.143.94:8080
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.83.93.124:7080
91.204.163.19:8090
91.205.215.57:7080
93.67.154.252:443
95.179.195.74:80
96.20.84.254:7080
96.61.113.203:80
96.126.121.64:443
98.196.49.107:80
104.33.129.244:80
104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
125.99.61.162:7080
130.45.45.31:80
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
142.93.114.137:8080
142.127.57.63:8080
144.2.165.179:80
144.139.56.105:80
149.62.173.247:8080
149.135.123.65:80
159.203.204.126:8080
163.172.40.218:7080
172.90.70.168:8080
172.104.233.225:8080
178.79.163.131:8080
181.36.42.205:443
181.61.143.177:80
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
183.82.97.25:80
184.184.202.167:443
185.86.148.222:8080
185.160.212.3:80
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
190.4.50.26:80
190.17.42.79:80
190.38.14.52:80
190.97.30.167:990
190.102.226.91:80
190.146.131.105:8080
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
191.103.76.34:443
200.58.83.179:80
200.119.11.118:443
200.123.101.90:80
200.124.225.32:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
202.186.240.165:8080
203.25.159.3:8080
203.130.0.69:80
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
217.199.160.224:8080

# Reference: https://twitter.com/pollo290987/status/1205363829678518273

/fhdr1acb63nl723f_9uy53v64/index.php

# Reference: https://twitter.com/malware_traffic/status/1205171614788313101

96.234.38.186:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1205506348936548353
# Reference: https://pastebin.com/KaWyyr31

1.33.230.137:80
100.14.117.137:80
101.187.134.207:443
101.187.247.29:80
103.86.49.11:8080
104.131.11.150:8080
104.131.44.150:8080
104.236.246.93:8080
104.237.155.168:443
105.227.35.51:80
107.170.24.125:8080
107.2.2.28:80
108.179.206.219:8080
108.191.2.72:80
110.142.38.16:80
110.143.57.109:80
110.143.84.202:80
116.48.142.21:443
12.176.19.218:80
12.229.155.122:80
120.150.246.241:80
128.65.154.183:443
138.59.177.106:443
139.130.241.252:443
144.139.247.220:80
149.202.153.252:8080
159.65.25.128:8080
165.227.156.155:443
165.228.24.197:80
167.114.242.226:8080
167.71.10.37:8080
167.99.105.223:7080
169.239.182.217:8080
173.91.11.142:80
176.106.183.253:8080
176.31.200.130:8080
178.209.71.63:8080
178.210.51.222:8080
179.13.185.19:80
181.57.193.14:80
182.176.132.213:8090
183.102.238.69:465
183.102.238.69:80
186.67.208.78:8080
186.75.241.230:80
188.152.7.140:80
189.209.217.49:80
190.12.119.180:443
190.147.215.53:22
190.220.19.82:443
190.226.44.20:21
190.53.135.159:21
192.241.255.77:8080
195.244.215.206:80
197.254.221.174:80
2.235.190.23:8080
2.38.99.79:80
200.7.243.108:443
201.173.217.124:443
201.184.105.242:443
201.251.133.92:443
206.189.112.148:8080
206.81.10.215:8080
206.81.10.215:80
209.141.54.221:8080
209.97.168.52:8080
210.6.85.121:80
211.63.71.72:8080
212.129.24.79:8080
212.64.171.206:80
217.160.182.191:8080
218.44.21.114:80
24.45.193.161:7080
31.131.182.30:80
31.172.240.91:8080
31.31.77.83:443
37.157.194.134:443
37.59.24.177:8080
45.33.49.124:443
45.51.40.140:80
45.56.88.91:443
46.105.131.87:80
47.156.70.145:80
47.6.15.79:443
47.6.15.79:80
5.196.74.210:8080
5.88.182.250:80
50.116.86.205:8080
58.171.42.66:8080
59.103.164.174:80
61.197.110.214:80
62.75.187.192:8080
64.147.15.138:80
64.53.242.181:8080
66.34.201.20:7080
66.76.63.99:80
67.225.179.64:8080
68.118.26.116:80
70.175.171.251:80
73.11.153.178:8080
73.176.241.255:80
73.214.99.25:80
74.105.102.97:8080
75.80.148.244:80
78.24.219.147:8080
80.21.182.46:80
81.0.63.86:8080
82.155.161.203:80
83.136.245.190:8080
85.72.180.68:80
86.98.156.239:443
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
91.205.215.66:8080
91.73.197.90:80
92.222.216.44:8080
93.147.141.5:80
95.128.43.213:8080
98.24.231.64:80

# Reference: https://twitter.com/VK_Intel/status/1206497909858078720
# Reference: https://www.virustotal.com/gui/file/de8f44a132a0968356621c69413840b6b259e1d8c7c0708cda5e3b62be4eb787/detection

91.121.89.129:8443

# Reference: https://twitter.com/matte_lodi/status/1207575386835607552

http://63.248.198.8
proyectoin.com

# Reference: https://twitter.com/malware_traffic/status/1208205659466092544

24.181.125.62:80

# Reference: https://pastebin.com/4VENH618

1.215.28.101:8080
1.217.126.11:443
1.221.254.82:80
100.14.117.137:80
101.187.134.207:443
101.187.247.29:80
103.108.146.195:80
103.86.49.11:8080
104.131.11.150:8080
104.131.44.150:8080
104.131.58.132:8080
104.137.176.186:80
104.236.137.72:8080
104.236.246.93:8080
105.209.235.113:8080
107.170.24.125:8080
108.179.206.219:8080
108.184.9.44:80
108.191.2.72:80
108.20.69.44:80
109.169.86.13:8080
110.142.161.90:443
110.142.161.90:80
110.142.38.16:80
110.143.84.202:80
110.170.65.146:80
110.2.118.164:80
112.186.195.176:80
112.218.134.227:80
113.190.254.245:80
113.52.135.33:7080
113.61.76.239:80
114.109.179.60:80
114.179.127.48:80
115.179.91.58:80
116.48.142.21:443
118.36.70.245:80
119.59.124.163:8080
12.176.19.218:80
120.150.246.241:80
120.150.247.164:80
120.151.135.224:80
120.51.83.89:443
121.88.5.176:443
122.116.104.238:7080
124.150.175.129:8080
124.150.175.133:80
125.99.61.162:7080
128.65.154.183:443
136.243.250.34:8080
138.122.5.214:8080
138.197.140.163:8080
138.59.177.106:443
138.68.106.4:7080
139.130.241.252:443
139.130.242.43:80
139.162.118.88:8080
139.162.183.41:443
139.59.12.63:8080
14.160.93.230:80
14.161.30.33:443
14.201.35.38:80
142.93.114.137:8080
142.93.87.198:8080
144.139.247.220:80
144.139.56.105:80
144.139.91.187:80
144.217.117.207:8080
149.202.153.252:8080
149.62.173.247:8080
151.237.36.220:80
154.120.227.190:443
156.155.163.232:80
157.7.164.178:8081
158.69.167.246:8080
159.203.204.126:8080
159.65.25.128:8080
159.69.89.130:8080
160.119.153.20:80
160.16.215.66:8080
162.144.46.90:8080
163.172.40.218:7080
163.172.97.112:8080
165.100.148.200:8080
165.227.156.155:443
165.228.195.93:80
167.71.10.37:8080
167.99.105.223:7080
168.235.67.138:8080
168.235.82.183:8080
169.239.182.217:8080
172.104.70.207:8080
173.12.14.133:8080
173.21.26.90:80
173.247.19.238:80
173.66.96.135:80
173.91.11.142:80
174.77.190.137:8080
174.81.132.128:80
175.103.239.50:80
175.114.178.83:443
175.127.140.68:80
176.106.183.253:8080
176.31.200.130:8080
176.58.93.123:80
177.103.159.44:80
177.103.240.93:80
177.144.130.105:443
177.180.115.224:80
177.242.21.126:80
177.34.142.163:80
178.134.1.238:80
178.153.176.124:80
178.210.51.222:8080
178.237.139.83:8080
178.32.255.133:443
178.63.78.150:8080
178.79.163.131:8080
179.13.185.19:80
179.159.198.70:80
179.208.84.218:8080
179.5.118.12:8080
180.33.6.136:443
180.92.239.110:8080
181.10.204.106:80
181.126.70.117:80
181.167.35.84:80
181.196.27.123:80
181.198.203.45:443
181.231.220.232:80
181.36.42.205:443
181.53.29.136:8080
181.61.143.177:80
182.176.116.139:995
182.176.132.213:8090
182.187.137.199:8080
183.101.175.193:80
183.102.238.69:465
183.87.40.21:8080
183.99.239.141:80
184.167.148.162:80
185.144.138.190:80
185.160.212.3:80
185.160.229.26:80
185.192.75.240:443
185.244.167.25:443
185.86.148.222:8080
186.15.83.52:8080
186.177.174.163:80
186.4.172.5:8080
186.67.208.78:8080
186.68.48.204:443
186.75.241.230:80
186.84.173.136:8080
187.188.166.192:8080
187.250.92.82:80
187.54.225.76:80
187.72.47.161:443
188.0.135.237:80
188.135.15.49:80
188.152.7.140:80
188.216.24.204:80
188.218.104.226:80
188.251.213.180:443
189.159.115.178:8080
189.19.81.181:443
189.201.197.98:8080
189.203.177.41:443
189.225.211.171:443
189.26.118.194:80
189.61.200.9:443
190.100.153.162:443
190.115.18.139:8080
190.117.226.104:80
190.12.119.180:443
190.151.5.130:443
190.161.180.184:80
190.161.67.63:80
190.162.159.212:80
190.17.44.48:80
190.17.94.108:443
190.171.135.235:80
190.171.153.139:80
190.186.164.23:80
190.189.224.117:443
190.201.144.85:7080
190.210.184.138:995
190.210.236.139:80
190.219.149.236:80
190.220.19.82:443
190.231.210.35:80
190.231.42.130:80
190.38.152.143:80
190.38.252.45:443
190.47.236.83:80
190.5.162.204:80
190.53.135.159:21
190.55.181.54:443
190.74.246.158:8080
190.93.210.113:80
191.100.24.201:50000
191.103.76.34:443
191.183.21.190:80
192.161.190.171:8080
192.163.221.191:7080
192.210.217.94:8080
192.241.146.84:8080
192.241.220.183:8080
192.241.241.221:443
192.241.255.77:8080
193.33.38.208:443
195.201.56.70:8080
195.244.215.206:80
197.94.32.129:8080
198.199.112.197:8080
198.46.150.196:7080
198.57.217.170:7080
2.235.190.23:8080
2.237.76.249:80
2.38.99.79:80
2.42.173.240:80
2.45.112.134:80
2.47.112.72:80
200.114.167.85:80
200.116.145.225:443
200.119.11.118:443
200.123.183.137:443
200.124.225.32:80
200.21.90.5:443
200.41.121.69:443
200.45.187.90:80
200.55.53.7:80
200.58.83.179:80
200.82.170.231:80
200.82.88.254:80
201.137.247.222:443
201.173.217.124:443
201.183.251.100:80
201.184.105.242:443
201.196.15.79:990
201.213.32.59:80
202.62.39.111:80
203.124.57.50:80
203.130.0.69:80
203.153.216.178:7080
203.160.173.202:80
203.25.159.3:8080
206.189.112.148:8080
206.81.10.215:8080
207.154.204.40:8080
209.141.54.221:8080
209.146.22.34:443
209.97.168.52:8080
210.111.160.220:80
210.171.146.118:80
210.224.65.117:80
210.6.85.121:80
211.42.204.154:80
211.48.165.9:443
211.63.71.72:8080
212.112.113.235:80
212.129.14.27:8080
212.237.50.61:8080
212.253.82.142:443
212.71.237.140:8080
216.251.83.79:80
216.75.37.196:8080
217.12.70.226:80
217.160.182.191:8080
217.181.139.237:443
217.199.160.224:8080
219.75.66.103:80
219.78.255.48:80
220.255.57.31:80
220.78.29.88:80
221.154.59.110:80
223.255.148.134:80
23.253.207.142:8080
24.105.202.216:443
24.181.125.62:80
24.28.178.71:80
24.94.237.248:80
31.172.240.91:8080
31.177.54.196:443
31.31.77.83:443
37.120.185.153:443
37.157.194.134:443
37.187.6.63:8080
37.46.129.215:8080
37.59.24.177:8080
37.59.24.25:8080
37.70.131.107:80
41.111.190.94:80
41.185.29.128:8080
41.60.200.34:80
41.77.74.214:443
42.51.192.231:8080
45.33.49.124:443
45.51.40.140:80
45.79.95.107:443
45.8.136.201:80
46.101.212.195:8080
46.101.7.140:8080
46.105.131.68:8080
46.105.131.87:80
46.17.6.116:8080
46.216.60.138:80
46.28.111.142:7080
46.32.229.152:8080
47.149.28.234:80
47.153.183.211:80
47.156.70.145:80
47.6.15.79:443
47.6.15.79:80
5.154.58.24:80
5.178.245.100:80
5.189.148.98:8080
5.196.35.138:7080
5.196.74.210:8080
5.32.55.214:80
5.88.27.67:8080
50.116.78.109:8080
50.116.86.205:8080
50.28.51.143:8080
51.159.23.217:443
51.255.165.160:8080
51.38.134.203:8080
51.77.113.97:8080
58.162.218.151:80
58.171.38.26:80
58.171.42.66:8080
58.185.224.18:80
59.103.164.174:80
59.120.5.154:80
59.148.227.190:80
59.158.164.66:443
59.8.197.241:80
60.231.217.199:8080
62.138.26.28:8080
62.15.36.103:443
62.75.143.100:7080
62.75.160.178:8080
62.75.187.192:8080
63.248.198.8:80
64.147.15.138:80
64.53.242.181:8080
66.209.97.122:8080
66.229.161.86:443
66.25.34.20:80
66.34.201.20:7080
67.225.179.64:8080
67.254.196.78:443
68.118.26.116:80
68.174.15.223:80
68.183.170.114:8080
68.183.190.199:8080
68.187.160.28:443
69.14.208.221:80
69.163.33.84:8080
69.30.205.162:7080
70.169.53.234:80
70.175.171.251:80
70.46.247.81:80
71.83.82.123:8080
72.27.212.209:8080
72.29.55.174:80
72.51.153.27:80
73.11.153.178:8080
73.214.99.25:80
73.217.39.73:80
73.60.8.210:80
74.105.102.97:8080
74.79.103.55:80
75.127.72.18:8080
75.86.6.174:80
76.164.99.46:80
77.55.211.77:8080
78.186.102.195:80
78.189.165.52:8080
78.189.60.109:443
78.210.132.35:80
78.24.219.147:8080
78.46.87.133:8080
79.159.249.152:80
79.7.114.1:80
79.7.158.208:80
80.11.158.65:8080
81.82.247.216:80
82.146.55.23:7080
82.165.15.188:8080
82.196.15.205:8080
82.27.181.93:80
82.79.244.92:80
82.8.232.51:80
83.156.88.159:80
83.165.78.227:80
83.248.141.198:80
85.100.122.211:80
85.109.190.235:443
85.152.174.56:80
85.152.208.146:80
85.235.219.74:80
85.67.10.190:80
86.42.166.147:80
86.98.156.239:443
87.106.136.232:8080
87.106.139.101:8080
87.106.46.107:8080
87.106.77.40:7080
87.230.19.21:8080
87.9.181.247:80
88.247.26.78:80
88.248.140.80:80
88.249.120.205:80
88.249.181.198:443
89.215.225.15:80
91.117.131.122:80
91.117.159.233:80
91.117.31.181:80
91.117.83.59:80
91.191.206.60:443
91.205.173.150:8080
91.205.215.57:7080
91.205.215.66:443
91.73.197.90:80
91.74.175.46:80
91.83.93.103:443
91.83.93.124:7080
92.16.222.156:80
92.222.216.44:8080
93.144.226.57:80
93.147.141.5:80
94.200.114.162:80
94.200.126.42:80
94.203.236.122:80
95.128.43.213:8080
95.130.37.244:443
95.216.207.86:7080
95.216.212.157:8080
95.9.217.200:8080
96.61.113.203:80
97.120.32.227:80
98.15.140.226:80
98.156.206.153:80
98.178.241.106:80
98.30.113.161:80
99.252.27.6:80

# Reference: https://twitter.com/luc4m/status/1217152651046948864
# Reference: https://pastebin.com/KGF4uy28

104.131.58.132:8080
109.169.86.13:8080
110.142.161.90:443
110.170.65.146:80
113.190.254.245:80
113.61.76.239:80
114.109.179.60:80
118.36.70.245:80
119.59.124.163:8080
120.150.247.164:80
125.99.61.162:7080
138.68.106.4:7080
139.162.118.88:8080
14.160.93.230:80
14.201.35.38:80
142.93.114.137:8080
144.139.56.105:80
149.62.173.247:8080
151.237.36.220:80
151.80.142.33:80
152.231.89.226:80
159.65.241.220:8080
165.228.195.93:80
172.104.169.32:8080
175.114.178.83:443
177.103.159.44:80
177.242.21.126:80
177.34.142.163:80
177.92.14.34:80
178.79.163.131:8080
179.208.84.218:8080
181.10.204.106:80
181.129.96.162:990
181.167.96.215:80
181.231.220.232:80
181.30.61.163:443
181.30.61.163:80
181.36.42.205:443
185.160.212.3:80
185.160.229.26:80
185.86.148.222:8080
185.94.252.12:80
186.15.52.123:80
186.15.83.52:8080
186.68.48.204:443
187.188.166.192:8080
187.54.225.76:80
188.135.15.49:80
189.19.81.181:443
189.201.197.98:8080
189.26.118.194:80
190.100.153.162:443
190.151.5.130:443
190.17.44.48:80
190.186.164.23:80
190.191.82.216:80
190.195.129.227:8090
190.210.184.138:995
190.210.236.139:80
190.219.149.236:80
191.103.76.34:443
191.183.21.190:80
192.241.143.52:8080
192.241.146.84:8080
2.42.173.240:80
2.45.112.134:80
2.47.112.72:80
200.123.183.137:443
200.45.187.90:80
200.55.53.7:80
200.58.83.179:80
201.213.100.141:8080
201.213.32.59:80
202.62.39.111:80
203.130.0.69:80
203.25.159.3:8080
207.154.204.40:8080
212.71.237.140:8080
216.251.83.79:80
217.199.160.224:8080
37.120.185.153:443
37.187.6.63:8080
45.79.95.107:443
45.8.136.201:80
46.101.212.195:8080
46.28.111.142:7080
5.196.35.138:7080
5.88.27.67:8080
50.28.51.143:8080
58.162.218.151:80
58.171.38.26:80
59.120.5.154:80
62.15.36.103:443
62.75.143.100:7080
62.75.160.178:8080
63.248.198.8:80
68.174.15.223:80
68.183.170.114:8080
68.183.190.199:8080
68.187.160.28:443
69.163.33.84:8080
72.29.55.174:80
76.69.26.71:80
77.55.211.77:8080
79.7.114.1:80
79.7.158.208:80
80.11.158.65:8080
81.16.1.45:80
81.213.78.151:443
82.196.15.205:8080
82.8.232.51:80
83.165.78.227:80
85.105.241.192:80
86.123.138.76:80
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
89.211.114.203:80
91.117.159.233:80
91.205.215.57:7080
91.74.175.46:80
93.144.226.57:80
94.176.234.118:443
94.200.126.42:80
96.61.113.203:80
97.120.32.227:80
99.252.27.6:80

# Reference: https://twitter.com/DFNCERT/status/1218190294769971203
# Reference: https://app.any.run/tasks/59210c37-fda8-41a6-8ab1-0b2eee9d2145/

68.172.243.146:80

# Reference: https://pastebin.com/iniJV48S

1.217.126.11:443
1.221.254.82:80
105.209.235.113:8080
106.248.79.174:80
110.142.161.90:80
110.2.118.164:80
112.186.195.176:80
114.179.127.48:80
122.116.104.238:7080
122.176.116.57:443
122.19.63.27:80
124.150.175.133:80
125.209.114.180:443
139.59.12.63:8080
14.161.30.33:443
142.93.87.198:8080
144.139.91.187:80
144.76.56.36:8080
149.202.153.251:8080
154.73.137.131:80
156.155.163.232:80
157.7.164.178:8081
158.69.167.246:8080
160.119.153.20:80
160.226.171.255:443
162.144.46.90:8080
163.172.107.70:8080
176.58.93.123:80
177.103.240.93:80
177.144.130.105:443
178.33.167.120:8080
179.5.118.12:8080
180.16.248.25:80
181.196.27.123:80
181.39.96.86:443
181.53.29.136:8080
182.176.116.139:995
183.82.123.60:443
183.87.40.21:8080
183.91.3.63:80
185.207.57.205:443
186.147.245.204:80
186.223.86.136:443
186.84.173.136:8080
187.177.155.123:990
187.72.47.161:443
188.251.213.180:443
190.17.94.108:443
190.171.153.139:80
190.201.144.85:7080
190.5.162.204:80
190.93.210.113:80
192.210.217.94:8080
192.241.220.183:8080
192.241.241.221:443
195.201.56.70:8080
196.6.119.137:80
197.94.32.129:8080
200.82.88.254:80
201.183.251.100:80
203.124.57.50:80
203.153.216.178:7080
211.20.154.102:80
211.229.116.130:80
212.112.113.235:80
212.129.14.27:8080
216.75.37.196:8080
220.247.70.174:80
23.253.207.142:8080
24.141.12.228:80
24.70.40.15:8080
37.46.129.215:8080
41.215.79.182:80
41.77.74.214:443
42.51.192.231:8080
46.17.6.116:8080
46.32.229.152:8080
5.178.245.100:80
5.196.200.208:8080
50.116.78.109:8080
51.38.134.203:8080
51.77.113.97:8080
58.185.224.18:80
58.92.179.55:443
59.135.126.129:443
60.130.173.117:80
60.152.212.149:80
61.204.119.188:443
61.221.152.140:80
67.254.196.78:443
69.14.208.221:80
70.45.30.28:80
72.27.212.209:8080
75.127.14.170:8080
75.86.6.174:80
76.11.76.47:80
76.185.136.132:80
76.87.58.38:80
77.74.78.80:443
78.101.95.172:80
78.186.102.195:80
78.188.170.128:80
78.189.165.52:8080
78.189.60.109:443
78.210.132.35:80
78.46.87.133:8080
80.211.32.88:8080
81.82.247.216:80
82.146.55.23:7080
82.165.15.188:8080
85.100.122.211:80
85.109.190.235:443
88.225.230.33:80
88.247.53.159:443
88.248.140.80:80
88.249.181.198:443
89.215.225.15:80
91.117.131.122:80
91.117.31.181:80
91.73.169.210:80
91.83.93.103:443
95.130.37.244:443
95.216.207.86:7080
95.9.217.200:8080
98.15.140.226:80
98.178.241.106:80
98.192.74.164:80

# Reference: https://app.any.run/tasks/9056d965-915a-498a-83bc-a750fc0389f2/
# Reference: https://www.virustotal.com/gui/ip-address/98.199.196.197/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.85.143.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.223.215.190/relations

98.199.196.197:80
188.85.143.170:80
195.223.215.190:80
testtaglabel.com/wp-includes/LqYA88863/
xishicanting.com/wp-admin/jIx/

# Reference: https://app.any.run/tasks/881f5580-7cee-4156-bc70-d9592d526345/
# Reference: https://www.virustotal.com/gui/ip-address/113.61.76.239/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.62.245.148/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.242.136.103/relations

salman.vetkare.com/dashboard/ccABOH4/
113.61.76.239:80
68.62.245.148:80
91.242.136.103:80

# Reference: https://twitter.com/Jouliok/status/1219952503032250368
# Reference: https://app.any.run/tasks/4092920b-325b-494e-b00e-edc0b494c2d8/
# Reference: https://www.virustotal.com/gui/ip-address/68.114.229.171/relations
# Reference: https://www.virustotal.com/gui/ip-address/74.101.225.121/relations

68.114.229.171:80
74.101.225.121:80
74.101.225.121:443

# Reference: https://www.virustotal.com/gui/ip-address/72.186.137.156/relations

72.186.137.156:80

# Reference: https://www.virustotal.com/gui/ip-address/66.7.242.50/relations

66.7.242.50:80
66.7.242.50:8080

# Reference: https://twitter.com/gibbersen/status/1220405804106420225

186.177.165.196:443

# Reference: https://www.virustotal.com/gui/ip-address/177.103.157.126/relations

177.103.157.126:80

# Reference: https://app.any.run/tasks/effd2c56-edcc-4ae8-9643-7265de85ceea/
# Reference: https://app.any.run/tasks/8e35de27-f9d8-4d2f-bb83-7cad61d10e69/

70.184.9.39:8080
108.6.140.26:80
207.180.227.229:8080

# Reference: https://pastebin.com/E2VjnVCx

167.71.10.37:8080
37.157.194.134:443
217.199.160.224:8080
192.241.255.77:8080
31.31.77.83:443
108.191.2.72:80
185.160.212.3:80
70.175.171.251:80
67.254.196.78:443
66.34.201.20:7080
37.46.129.215:8080
79.7.114.1:80
110.143.84.202:80
110.2.118.164:80
203.153.216.178:7080
45.8.136.201:80
217.12.70.226:80
190.17.94.108:443
82.165.15.188:8080
165.228.195.93:80
187.188.166.192:8080
181.231.220.232:80
98.156.206.153:80
173.21.26.90:80
200.55.53.7:80
91.117.159.233:80
110.142.161.90:443
173.66.96.135:80
47.153.183.211:80
41.60.200.34:80
98.30.113.161:80
79.159.249.152:80
189.203.177.41:443
190.117.226.104:80
70.169.53.234:80
91.73.169.210:80
200.82.88.254:80
85.105.241.192:80
27.109.153.201:8090
41.215.79.182:80
106.248.79.174:80
77.74.78.80:443
172.104.169.32:8080
91.250.96.22:8080
95.213.236.64:8080
66.7.242.50:8080
72.186.137.156:80
197.89.27.26:8080
115.95.6.218:443
61.204.119.188:443
70.123.95.180:80
201.236.135.104:443
61.37.31.243:80
189.159.112.237:8080
76.104.80.47:80
64.66.6.71:8080
115.65.111.148:443
104.131.44.150:8080
78.24.219.147:8080
92.222.216.44:8080
46.105.131.87:80
182.176.132.213:8090
211.63.71.72:8080
5.196.74.210:8080
104.236.246.93:8080
87.106.139.101:8080
87.106.136.232:8080
190.53.135.159:21
149.202.153.252:8080
62.75.187.192:8080
45.33.49.124:443
95.128.43.213:8080
159.65.25.128:8080
31.172.240.91:8080
201.184.105.242:443
59.103.164.174:80
104.131.11.150:8080
169.239.182.217:8080
217.160.182.191:8080
87.230.19.21:8080
176.58.93.123:80
192.241.220.183:8080
216.75.37.196:8080
95.216.207.86:7080
212.112.113.235:80
157.7.164.178:8081
51.38.134.203:8080
68.183.190.199:8080
178.79.163.131:8080
87.106.77.40:7080
62.75.143.100:7080
62.75.160.178:8080
203.25.159.3:8080
138.68.106.4:7080
149.62.173.247:8080
91.83.93.124:7080
212.71.237.140:8080
181.29.101.13:8080
185.86.148.222:8080
86.42.166.147:80
181.36.42.205:443
68.183.170.114:8080
119.59.124.163:8080
50.28.51.143:8080
82.196.15.205:8080
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
151.80.142.33:80
91.205.215.57:7080
77.55.211.77:8080
109.169.86.13:8080
78.186.5.109:443
190.17.44.48:80
200.58.83.179:80
159.65.241.220:8080
186.15.83.52:8080
64.53.242.181:8080
70.45.30.28:80
149.202.153.251:8080
46.105.131.69:443
46.32.229.152:8080
89.32.150.160:8080
105.247.123.133:8080
41.185.29.128:8080
69.163.33.84:8080
45.79.95.107:443
23.253.207.142:8080
172.104.70.207:8080
201.213.32.59:80
211.229.116.130:80
183.102.238.69:465
142.93.87.198:8080
142.93.114.137:8080
207.154.204.40:8080
190.210.184.138:995
217.160.19.232:8080
187.177.155.123:990
50.116.78.109:8080
78.46.87.133:8080
46.17.6.116:8080
162.144.46.90:8080
212.129.14.27:8080
190.195.129.227:8090
203.130.0.69:80
209.97.168.52:8080
50.116.86.205:8080
182.176.116.139:995
206.189.112.148:8080
206.81.10.215:8080
190.186.164.23:80
186.68.48.204:443
191.103.76.34:443
50.63.13.135:8080
144.139.56.105:80
195.244.215.206:80
120.150.246.241:80
91.73.197.90:80
72.27.212.209:8080
190.12.119.180:443
201.183.251.100:80
190.5.162.204:80
108.179.206.219:8080
69.30.205.162:7080
210.111.160.220:80
192.210.217.94:8080
81.82.247.216:80
82.79.244.92:80
89.215.225.15:80
72.29.55.174:80
188.216.24.204:80
82.8.232.51:80
5.88.27.67:8080
87.106.46.107:8080
110.142.161.90:80
78.186.102.195:80
139.130.241.252:443
58.171.42.66:8080
210.6.85.121:80
201.173.217.124:443
98.15.140.226:80
41.77.74.214:443
91.117.31.181:80
85.109.190.235:443
209.141.54.221:8080
73.11.153.178:8080
68.174.15.223:80
2.42.173.240:80
47.156.70.145:80
175.127.140.68:80
139.59.12.63:8080
185.244.167.25:443
158.69.167.246:8080
42.51.192.231:8080
91.74.175.46:80
139.162.118.88:8080
37.120.185.153:443
192.241.146.84:8080
103.86.49.11:8080
94.200.114.162:80
47.6.15.79:80
47.6.15.79:443
91.117.131.122:80
177.103.240.93:80
179.13.185.19:80
190.220.19.82:443
88.247.26.78:80
82.146.55.23:7080
37.70.131.107:80
51.77.113.97:8080
113.61.76.239:80
80.11.158.65:8080
99.252.27.6:80
58.185.224.18:80
95.9.217.200:8080
85.152.174.56:80
2.237.76.249:80
91.205.215.66:443
69.14.208.221:80
156.155.163.232:80
185.192.75.240:443
190.100.153.162:443
188.135.15.49:80
85.67.10.190:80
177.144.130.105:443
189.19.81.181:443
2.45.112.134:80
195.223.215.190:80
151.237.36.220:80
121.88.5.176:443
160.16.215.66:8080
62.138.26.28:8080
120.151.135.224:80
178.237.139.83:8080
190.93.210.113:80
197.94.32.129:8080
112.186.195.176:80
191.183.21.190:80
175.114.178.83:443
93.144.226.57:80
58.171.38.26:80
37.187.6.63:8080
110.170.65.146:80
24.105.202.216:443
24.94.237.248:80
98.178.241.106:80
190.171.153.139:80
179.5.118.12:8080
177.242.21.126:80
190.210.236.139:80
200.123.183.137:443
202.62.39.111:80
114.109.179.60:80
113.190.254.245:80
181.10.204.106:80
85.100.122.211:80
78.189.165.52:8080
88.248.140.80:80
105.209.235.113:8080
95.130.37.244:443
45.73.157.243:8080
216.251.83.79:80
62.15.36.103:443
58.162.218.151:80
201.213.100.141:8080
14.201.35.38:80
94.200.126.42:80
59.120.5.154:80
79.7.158.208:80
120.150.247.164:80
188.218.104.226:80
200.82.170.231:80
177.103.159.44:80
189.201.197.98:8080
2.47.112.72:80
190.191.82.216:80
190.219.149.236:80
47.180.91.213:80
181.143.126.170:80
186.86.247.171:443
5.32.55.214:80
200.21.90.5:443
181.126.70.117:80
139.130.242.43:80
223.197.185.60:80
88.249.120.205:80
188.0.135.237:80
180.92.239.110:8080
178.153.176.124:80
190.55.181.54:443
200.116.145.225:443
60.231.217.199:8080
209.146.22.34:443
196.6.119.137:80
1.217.126.11:443
1.221.254.82:80
78.210.132.35:80
203.124.57.50:80
75.86.6.174:80
91.83.93.103:443
78.189.60.109:443
122.116.104.238:7080
144.139.91.187:80
181.196.27.123:80
183.87.40.21:8080
195.201.56.70:8080
188.251.213.180:443
192.241.241.221:443
160.119.153.20:80
14.161.30.33:443
187.72.47.161:443
181.30.61.163:80
186.15.52.123:80
81.213.78.151:443
204.225.249.100:7080
185.94.252.12:80
24.164.79.147:8080
190.117.126.169:80
221.165.123.72:80
37.187.72.193:8080
110.36.217.66:8080
190.146.205.227:8080
183.91.3.63:80
183.82.123.60:443
185.207.57.205:443
125.209.114.180:443
154.73.137.131:80
181.39.96.86:443
60.130.173.117:80
163.172.107.70:8080
5.196.200.208:8080
160.226.171.255:443
82.145.43.153:8080
61.221.152.140:80
122.176.116.57:443
75.127.14.170:8080
78.188.170.128:80
152.231.89.226:80
86.123.138.76:80
192.241.143.52:8080
76.69.26.71:80
200.45.187.90:80
181.167.96.215:80
181.129.96.162:990
81.16.1.45:80
94.176.234.118:443
177.239.160.121:80
78.189.180.107:80
201.229.45.222:8080
105.27.155.182:80
205.185.117.108:8080
62.75.141.82:80
186.147.245.204:80
60.152.212.149:80
88.247.53.159:443
70.184.69.146:80
186.177.165.196:443
139.47.135.215:80
129.205.201.163:80
151.231.7.154:80
78.142.114.69:80
24.141.12.228:80
76.11.76.47:80
220.247.70.174:80
24.196.49.98:80
93.147.141.5:443
72.189.57.105:80
73.239.11.159:80
82.152.149.79:80
186.200.205.170:80
68.172.243.146:80
64.40.250.5:80
101.187.134.207:8080
181.13.24.82:80
101.187.197.33:443
178.20.74.212:80
103.97.95.218:80
60.250.78.22:443
118.185.7.132:80
58.92.179.55:443
180.16.248.25:80
186.223.86.136:443
98.199.196.197:80
100.6.23.40:80
200.71.200.4:443
190.114.244.182:443
190.143.39.231:80
90.69.145.210:8080
101.187.237.217:80
98.192.74.164:80
59.135.126.129:443
24.70.40.15:8080
178.33.167.120:8080
144.76.56.36:8080
88.225.230.33:80
153.183.25.24:80
153.137.36.142:80
182.74.249.74:80
68.62.245.148:80
91.242.136.103:80
76.104.80.47:443
74.130.83.133:80
85.105.205.77:8080
87.81.51.125:80
202.175.121.202:8090
176.9.43.37:8080
5.199.130.105:7080
190.131.167.50:80
124.99.167.65:443
68.114.229.171:80
74.101.225.121:443
152.168.248.128:443
211.192.153.224:80
81.214.253.80:443
180.33.71.88:80
175.181.7.188:80
37.211.67.229:80
177.103.157.126:80
203.45.161.179:443
73.125.15.41:80
185.243.92.42:8080
75.114.235.105:80
78.101.70.199:443
42.200.226.58:80
45.55.65.123:8080
99.229.254.209:80
190.63.7.166:8080
81.214.142.115:80
186.138.186.74:443
190.24.243.186:80
175.139.209.3:8080
108.6.140.26:80
70.184.9.39:8080
222.144.13.169:80
189.212.199.126:443
72.176.87.136:80
150.246.246.238:80
202.229.211.95:80

# Reference: https://app.any.run/tasks/d5d42b37-39d3-4c1d-81f0-f6df25ae4bf9/

195.250.143.182:80
rahatsozluk.com

# Reference: https://app.any.run/tasks/78465443-f40b-48eb-a4ba-9189953a96a2/

190.6.193.152:8080
200.69.224.73:80

# Reference: https://app.any.run/tasks/4d39b07f-4ea9-40ed-a379-e29bc6b924c0/

71.197.197.100:80
24.167.122.146:8080

# Reference: https://app.any.run/tasks/fcc29969-14fe-40d0-b556-167453c0d7b1/
# Reference: https://www.virustotal.com/gui/ip-address/71.126.247.90/relations
# Reference: https://www.virustotal.com/gui/ip-address/98.239.119.52/relations

104.236.28.47:8080
71.126.247.90:80
80.86.91.91:8080
98.239.119.52:80

# Reference: https://twitter.com/malwrhunterteam/status/1226219678579777536

193.26.217.243:443
45.79.223.161:443

# Reference: https://www.virustotal.com/gui/domain/movin.cloud/relations

movin.cloud

# Reference: https://twitter.com/VK_Intel/status/1229512005591207936
# Reference: https://www.virustotal.com/gui/file/2dfc4c92635a2a86c8d70dc0931547f183467038dd95c857d374bdcb107a7d6b/detection

machunion.com/kajsdfogijoig

# Reference: https://twitter.com/James_inthe_box/status/1229520603020873728
# Reference: https://app.any.run/tasks/19018714-6f35-4a7b-9aa7-5783f8bc208b/

mappingskills.com/msdlfkbdkfjb

# Reference: https://app.any.run/tasks/e2544e05-649d-4ef4-8490-26d503c0cf69/

72.44.93.233:8080

# Reference: https://otx.alienvault.com/pulse/5e4e6a0d94a95ceef6df9cec
# Reference: https://www.virustotal.com/gui/ip-address/70.187.114.147/relations

70.187.114.147:80
91.205.215.10:7080
91.205.215.10:80
houloul.org
usaa-unlock.net
shabon.co
usaa-unlock.com

# Reference: https://app.any.run/tasks/edb01a6a-5e48-43f3-833a-e2fb000fbc31/

66.209.97.122:8080
174.77.190.137:8080

# Reference: https://twitter.com/seguridadyredes/status/1234215349454876672/photo/1
# Reference: https://www.virustotal.com/gui/ip-address/51.77.113.102/relations

http://51.77.113.102

# Reference: https://twitter.com/Bitterman59/status/1233487861082677249

arcelik.servisimerkezim.com

# Reference: https://www.virustotal.com/gui/file/fa99feb493d26c540fa722f044930534417a92ddb9b3e3b994702416bce27f38/behavior/Dr.Web%20vxCube

monodoze.com/wp-content/SSlWN/
smartelecttronix.com/wp-includes/pHtVW/
puntoprecisoapp.com/ypb/C3p/
puntoprecisoapp.com/fORZa/ypb/C3p/
tomsnyder.net/Factures/ed/
puntoprecisoapp.com/pSgNQ/ypb/C3p/
themauritiustour.com/9fuc5ls/oPkA/
puntoprecisoapp.com/NRXVg/ypb/C3p/
puntoprecisoapp.com/OQWRh/ypb/C3p/

# Reference: https://www.virustotal.com/gui/domain/blueombrehairstyle.site/relations

blueombrehairstyle.site/wp-admin/WTwFtrmTPyVSnESPjOoYOLtaIc

# Reference: https://www.virustotal.com/gui/file/8ef3a86989c9654cd7b0914ab743459ad98702ea960612c66e331f858a791eb0/behavior/Lastline

uccn.bru.ac.th/wp-content/rfaa0u4/

# Reference: https://app.any.run/tasks/db8063d7-b17b-4d40-88f1-9b4212a48a97/
# Reference: https://www.virustotal.com/gui/ip-address/68.202.51.4/relations

http://68.202.51.4

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Dropper.Emotet-7600941-0)
# Reference: https://www.virustotal.com/gui/ip-address/104.32.141.43/relations
# Reference: https://www.virustotal.com/gui/ip-address/181.61.224.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/189.201.197.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/212.174.57.124/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.75.37.196/relations
# Reference: https://www.virustotal.com/gui/ip-address/74.105.51.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.108.158.234/relations

http://104.32.141.43
http://181.61.224.26
http://189.201.197.106
http://216.75.37.196
http://212.174.57.124
http://74.105.51.75
http://89.108.158.234
189.201.197.106:8080
212.174.57.124:8080
74.105.51.75:8080
89.108.158.234:8080

# Reference: https://twitter.com/tosscoinwitcher/status/1237223974750191616

42.115.22.145:80
95.85.22.63:443

# Reference: https://twitter.com/tosscoinwitcher/status/1237067625106030594
# Reference: https://www.virustotal.com/gui/ip-address/104.236.52.89/relations

http://104.236.52.89
104.236.52.89:8080

# Reference: https://twitter.com/tosscoinwitcher/status/1237469398740303873
# Reference: https://twitter.com/tosscoinwitcher/status/1237499336021299202
# Reference: https://www.virustotal.com/gui/ip-address/1.163.163.199/relations
# Reference: https://www.virustotal.com/gui/file/ed58cad9049c6c4af8029a5f4d087857be4306bcc0b4b3739c74f6caf0a458c8/detection

http://1.163.163.199
http://165.255.105.53

# Reference: https://paste.cryptolaemus.com/emotet/2020/03/12/emotet-c2-rsa-update-03-12-20-1.html

1.163.163.199:80
101.187.97.173:80
102.182.145.130:80
102.22.62.71:80
103.205.177.228:443
103.31.232.93:443
103.61.109.13:80
103.97.95.221:80
104.131.103.37:8080
104.131.11.150:443
104.131.41.185:8080
104.236.161.64:8080
104.238.80.237:8080
104.32.141.43:80
105.224.209.135:443
107.184.91.187:80
109.236.109.159:8080
110.145.124.178:443
110.145.77.103:80
110.37.226.196:80
110.44.113.2:8080
111.67.12.221:8080
112.68.240.21:80
113.160.180.109:80
113.160.235.179:8080
113.160.88.86:443
113.161.148.81:80
113.61.66.94:80
115.65.111.148:80
115.75.6.2:443
115.79.195.246:80
116.73.14.186:80
116.90.228.177:80
116.90.229.22:80
117.2.133.44:443
117.7.236.115:80
118.200.116.83:80
118.69.70.109:80
118.69.71.14:80
12.162.84.2:8080
120.150.142.241:80
120.150.76.215:80
120.151.194.117:80
122.116.104.238:8080
124.150.175.133:443
125.63.106.22:80
130.204.245.137:80
132.248.38.158:80
133.208.252.149:80
136.243.205.112:7080
14.141.203.150:80
14.161.6.60:80
143.0.87.101:80
148.102.77.148:80
152.169.32.195:80
152.170.108.99:443
152.170.196.157:443
152.32.78.6:80
153.160.71.129:53
153.174.73.130:80
154.120.227.190:20
154.120.227.190:80
156.67.114.199:80
161.18.233.114:80
162.255.112.157:443
163.53.180.227:80
164.77.130.222:80
164.77.131.165:80
165.255.105.53:80
168.235.67.138:7080
173.66.242.48:80
173.79.107.84:80
177.139.131.143:443
177.144.135.2:80
177.188.121.26:443
177.6.166.4:80
177.66.190.130:80
177.72.13.80:80
178.62.75.204:8080
179.184.65.222:80
179.232.65.117:80
179.5.118.12:80
181.122.172.67:8080
181.13.24.83:443
181.16.18.72:8080
181.164.25.59:80
181.167.53.79:443
181.225.24.251:80
181.230.116.163:80
181.31.211.181:80
181.54.182.135:80
181.56.163.152:80
181.60.247.8:443
181.61.224.26:80
182.71.222.187:80
182.73.199.226:8080
183.131.156.10:7080
183.91.15.80:8080
185.135.109.128:80
185.155.20.82:80
185.160.212.5:80
185.94.252.104:443
185.94.252.27:443
186.10.92.114:80
186.138.210.130:80
186.167.16.242:80
186.189.228.84:80
186.3.185.206:80
186.3.232.68:80
186.33.141.88:80
187.162.250.23:80
187.188.163.98:80
187.212.208.8:8080
187.241.28.114:80
187.51.47.26:80
189.1.185.248:80
189.14.80.194:443
189.220.246.167:80
189.42.145.34:80
190.111.215.3:8080
190.117.226.104:443
190.128.90.22:80
190.13.215.114:80
190.147.137.153:443
190.17.195.202:80
190.190.134.145:80
190.190.26.188:80
190.194.151.145:80
190.2.31.172:80
190.247.9.40:443
190.57.130.142:443
190.79.103.57:80
195.82.165.181:20
197.94.32.129:20
198.211.121.27:8080
198.58.119.85:8080
199.83.161.218:80
200.108.250.176:80
200.116.191.114:80
200.123.150.89:443
200.123.183.137:80
200.41.121.90:80
200.58.180.130:80
200.7.243.109:443
200.85.110.240:8080
201.155.204.151:80
201.17.193.151:443
202.175.121.202:8443
202.52.247.178:80
203.122.18.234:8080
203.153.216.182:7080
210.56.10.58:80
211.184.5.163:443
211.20.154.102:443
212.174.19.87:80
216.132.25.162:80
220.128.125.18:80
220.132.16.114:80
220.210.163.76:80
23.92.16.164:8080
24.196.13.216:80
24.249.73.48:80
31.146.61.34:80
37.139.21.175:8080
37.208.106.146:8080
37.222.74.104:8080
42.200.178.117:80
42.200.191.247:80
45.55.179.121:8080
47.146.123.171:80
47.156.64.4:80
49.204.68.26:20
5.32.84.54:80
5.39.91.110:7080
5.45.108.146:8080
50.35.17.13:80
54.39.177.43:80
54.39.187.202:443
58.177.172.160:80
59.120.74.106:80
59.20.65.102:80
60.142.249.243:80
61.92.159.208:8080
62.84.75.50:80
64.66.6.71:20
68.183.18.169:8080
70.32.115.157:8080
71.10.114.255:80
71.222.157.155:80
72.10.33.195:8080
72.202.237.228:80
72.231.228.196:80
72.47.248.48:7080
74.130.137.231:80
74.208.45.104:8080
75.133.26.185:80
77.69.8.132:7080
77.90.136.129:8080
79.99.107.130:443
81.215.14.128:80
83.169.21.32:7080
87.252.100.28:80
89.19.20.202:443
90.79.26.91:8080
91.219.169.180:80
91.231.166.124:8080
91.236.4.234:443
91.242.138.11:80
93.114.205.169:80
93.123.22.241:80
93.147.157.195:80
93.51.50.171:8080
94.206.82.254:443
94.76.247.61:8080
95.9.95.101:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/03/30/emotet-c2-rsa-update-03-30-20-1.html

104.182.56.131:443
109.73.110.33:80
110.143.8.89:80
110.37.226.196:443
113.160.130.116:8443
113.161.147.51:80
117.4.120.226:8080
118.70.126.251:443
134.19.217.180:80
149.135.10.19:80
168.197.252.178:80
177.0.241.28:80
177.139.128.221:80
177.230.81.0:22
177.73.3.204:80
179.62.26.236:80
180.222.165.169:80
181.164.215.193:80
181.176.191.27:443
181.228.91.247:443
184.57.130.8:80
186.176.228.2:80
186.208.123.210:443
186.80.169.128:80
187.162.248.237:80
188.129.197.149:80
188.251.213.180:8080
189.154.68.123:143
189.160.15.202:465
189.168.169.129:80
189.253.255.142:80
190.147.165.160:465
190.16.142.187:80
190.160.53.126:80
190.181.235.46:80
190.244.125.144:80
190.251.235.239:80
190.47.227.130:443
2.28.113.59:80
2.47.112.152:80
200.126.237.113:80
200.73.228.225:80
201.214.229.79:80
212.156.219.6:8080
213.243.211.114:80
24.179.13.119:80
24.194.252.25:80
37.210.228.23:80
41.169.20.147:80
41.203.62.170:80
45.118.136.92:8080
45.161.242.102:80
46.35.75.225:8080
47.150.248.161:80
49.176.162.90:80
60.117.26.28:80
61.197.37.169:80
67.20.141.76:80
68.115.64.219:80
68.203.213.226:80
73.155.126.84:80
73.176.10.71:80
80.102.134.174:8080
81.169.202.3:443
82.240.207.95:443
84.9.167.76:80
88.247.144.128:80
91.73.223.130:80
95.7.221.205:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/01/emotet-c2-rsa-update-04-01-20-1.html

189.134.47.51:443
101.187.104.105:80
60.53.206.244:80
70.180.44.93:80
221.133.46.86:443
88.244.56.219:80
201.91.28.210:80
46.214.11.172:80
65.24.85.214:80
190.108.228.62:8080
124.150.175.133:8080
170.82.195.50:80

# Reference: https://twitter.com/ScumBots/status/1238427161482211328
# Reference: https://www.virustotal.com/gui/ip-address/77.72.131.69/relations

77.72.131.69:442
77.72.131.69:8080

# Reference: https://twitter.com/sysopfb/status/1245787828300234752
# Reference: https://www.virustotal.com/gui/ip-address/23.95.238.106/relations

http://23.95.238.106

# Reference: https://www.virustotal.com/gui/file/761287c60d47505b6d4bd079b49dd1ce3376217737c3aff8fd3daecdcc618e3f/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/e3b41c0d0834c0d5b121012fe9219529afaed899420d99bd3dba11f2c0a8810b/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01/behavior/Dr.Web%20vxCube

197.87.130.229:8080
216.137.249.154:80
106.243.65.250:443
98.191.228.168:990

# Reference: https://www.virustotal.com/gui/ip-address/118.167.155.233/relations

http://118.167.155.233

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/06/emotet-c2-rsa-update-04-06-20-1.html

152.170.222.65:80
84.79.142.51:8080
94.130.171.231:8080
113.52.123.226:7080
95.180.25.146:80
82.223.70.24:8080
186.188.152.177:80
179.127.59.210:443
91.73.197.186:80
137.25.7.112:8080
181.30.69.50:80
190.229.148.144:80
176.111.60.55:8080
209.151.248.242:8080
142.105.151.124:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/07/emotet-c2-rsa-update-04-07-20-1.html

201.213.100.141:443
87.127.197.7:8080
189.160.234.67:80
201.231.87.82:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/13/emotet-c2-rsa-update-04-13-20-1.html

67.235.68.222:80
110.145.101.66:443
93.147.137.162:80
137.59.187.107:8080
190.161.45.112:80
46.30.175.11:80
152.231.123.2:80
70.48.238.90:80
189.154.128.205:80
170.81.48.2:80
220.213.79.166:443
190.196.143.58:80
60.53.197.6:80
177.38.15.151:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/20/emotet-c2-rsa-update-04-20-20-1.html

68.44.137.144:443
114.145.241.208:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/30/emotet-c2-rsa-update-04-30-20-1.html

196.179.249.218:8080
85.94.81.18:80
193.80.169.64:80
78.12.27.172:80
132.255.227.134:80

# Reference: https://www.virustotal.com/gui/ip-address/103.38.12.139/relations

103.38.12.139:443
103.38.12.139:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/04/emotet-c2-rsa-update-05-04-20-1.html

195.76.232.114:80
85.94.170.73:80
186.188.222.3:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/11/emotet-c2-rsa-update-05-11-20-1.html

103.83.81.141:8080
95.216.118.202:8080
84.21.179.51:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/25/emotet-c2-rsa-update-05-25-20-1.html

162.154.38.103:80
186.226.226.116:80
181.92.244.156:80
41.215.92.157:80
190.47.227.130:80
213.60.96.117:80
79.45.112.220:80
153.133.224.78:80
140.207.113.106:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/01/emotet-c2-rsa-update-06-01-20-1.html

190.163.1.31:8080
190.19.169.69:443
190.144.18.198:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/15/emotet-c2-rsa-update-06-15-20-1.html

121.124.124.40:7080
24.1.189.87:8080
46.105.131.79:8080
186.223.86.132:443
207.255.37.143:80
37.210.166.214:80
75.139.38.211:80
153.126.210.205:7080

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/22/emotet-c2-rsa-update-06-22-20-1.html

190.111.215.4:8080
200.83.209.144:80
80.249.176.206:80
173.91.22.41:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/26/emotet-c2-rsa-update-06-26-20-1.html

46.49.124.53:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/06/emotet-c2-rsa-update-07-06-20-1.html

190.108.228.62:443
190.55.233.156:80
178.153.214.228:80
14.99.112.138:80
203.153.216.189:7080
61.19.246.238:443
41.169.20.147:8090
181.164.110.7:80
88.235.222.255:80
212.51.142.238:8080
91.211.88.52:7080
181.120.79.227:80
93.156.165.186:80
108.48.41.69:80
64.88.202.250:80
190.194.242.254:443
200.55.243.138:8080
217.13.106.14:8080
51.38.201.19:7080
81.2.235.111:8080
110.143.151.194:80
222.214.218.37:4143
139.59.60.244:8080
116.203.32.252:8080
186.250.52.226:8080
219.92.13.25:80
181.230.65.232:80
189.218.165.63:80
79.98.24.39:8080

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/14/emotet-c2-rsa-update-07-14-20-1.html

217.199.160.224:7080
186.70.127.199:8090
137.74.106.111:7080
109.117.53.230:443
109.74.5.95:8080
198.27.69.201:8080
58.153.68.176:80
181.129.96.162:8080
210.165.156.91:80
87.106.231.60:8080
181.134.9.162:80
104.247.221.104:443
95.179.229.244:8080
157.245.99.39:8080

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/20/emotet-c2-rsa-update-07-20-20-1.html

157.7.199.53:8080
124.45.106.173:443
74.207.230.187:8080
201.212.78.182:80

# Reference: https://www.virustotal.com/gui/file/a157a594207a18ada06373850abfce851648ff92ecf590b4539504ccd53c1354/detection

51.68.220.244:8080

# Reference: https://www.virustotal.com/gui/file/7aa1e0b8e78c3e0fd34f19b7398342d98216979a5a1ee19a5b89f83e4ce0fbbf/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/1514389b50f6fb2be1712fa470e2b5c9a7455697bc029ca211f944d8d3907228/detection
# Reference: https://www.virustotal.com/gui/file/dc4fa229a83ac9689fbbe7494d408c0806a769af5008df4ae6975b9e89a0c35f/behavior/Dr.Web%20vxCube

tan-shuai.com/wp-content/9j34284/
raioz.com/img/qngig44/
raybo.net/bemcadd/7307/
avendtla.com/tcuv/pd27/

# Reference: https://twitter.com/58_158_177_102/status/1284138503127699458

109.117.53.230:443
tri-comma.com/wp-admin/MmD/

# Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/

178.210.171.15:443
190.160.53.126:443
212.51.142.238:443

# Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
# Reference: https://app.any.run/tasks/765ea589-8b55-4031-818e-521840513ed2/

http://201.212.78.182
74.207.230.187:8080

# Reference: https://twitter.com/malware_traffic/status/1285664072814538753

124.45.106.173:443
198.144.158.120:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/28/emotet-malware-IoCs_07-28-20.html

190.164.75.175:80
212.231.60.98:80
76.27.179.47:80
70.167.215.250:8080
47.153.182.47:80
187.106.41.99:80
88.217.172.65:443
177.37.81.212:443
24.234.133.205:80
181.143.101.19:8080
177.75.143.112:443
78.189.111.208:443
67.225.201.19:8080
23.111.136.190:8080
181.113.229.139:443
195.14.0.12:8080
71.208.216.10:80
192.95.4.184:8080
201.214.108.231:80
209.182.216.177:443
179.60.229.168:443
95.9.185.228:443
212.156.133.218:80
177.73.0.98:443
83.110.223.58:443
24.43.99.75:80
71.50.31.38:80
191.182.6.118:80
144.139.91.187:443
190.163.31.26:80
189.1.185.98:8080
189.146.1.78:443
191.99.160.58:80
105.209.239.55:80
177.74.228.34:80
190.96.118.251:443
24.157.25.203:80
195.159.28.229:7080

# Reference: https://paste.cryptolaemus.com/emotet/2020/08/31/emotet-malware-IoCs_08-31-20.html

58.171.153.81:80
72.135.200.124:80
190.128.173.10:80
157.245.138.101:7080
194.187.133.160:443
188.2.217.94:80
190.136.179.102:80
95.9.180.128:80
137.119.36.33:80
190.225.150.234:80
178.148.55.236:8080
70.121.172.89:80
94.200.114.161:80
24.148.98.177:80
50.81.3.113:80
67.68.210.95:80
85.109.159.61:443
107.161.30.122:8080
206.15.68.237:443
24.135.1.177:80
2.144.244.204:443
200.114.213.233:8080
186.103.141.250:443
45.182.161.17:80
139.162.108.71:8080
86.98.143.163:80
93.147.212.206:80
174.100.27.229:80
210.1.219.238:80
172.105.78.244:8080
115.78.11.155:80
179.62.238.49:80
118.101.24.148:80
73.213.208.163:80
153.232.188.106:80
173.94.215.84:80
45.173.88.33:80
37.187.100.220:7080
98.109.204.230:80
162.249.220.190:80
219.92.8.17:8080
77.238.212.227:80
190.190.15.20:80
174.45.13.118:80
162.241.242.173:8080
5.79.70.250:8080
209.236.123.42:8080
82.76.111.249:443
87.106.225.180:8080
62.30.7.67:443
222.159.240.58:80
138.97.60.141:7080
190.53.144.120:80
199.203.62.165:80
24.137.76.62:80
216.208.76.186:80
74.109.108.202:80
189.39.32.161:80
220.254.198.228:443
152.169.22.67:80
112.185.64.233:80
197.232.36.108:80
95.216.205.155:8080
185.86.148.68:443
190.190.148.27:8080
174.102.48.180:443
88.217.172.165:8080
89.205.113.80:80
65.36.62.20:80
175.29.183.2:80
81.4.105.175:8080
45.55.82.2:8080
85.66.181.138:80
68.183.233.80:8080
201.235.10.215:80
197.221.158.162:80
190.55.186.229:80
113.203.250.121:443
216.10.40.16:80
181.122.154.240:80
37.70.8.161:80
51.255.40.241:443
198.57.203.63:8080
45.33.77.42:8080
189.2.177.210:443
82.239.200.118:80
181.137.229.1:80
91.121.54.71:8080
60.125.114.64:443
173.81.218.65:80
45.55.36.51:443
67.247.242.247:80
37.52.87.0:80
81.17.93.134:80
68.171.118.7:80
178.250.54.208:8080
103.106.236.83:8080
71.57.180.213:80
120.150.60.189:80
212.174.55.22:443
64.201.88.132:80
213.197.182.158:8080
168.0.97.6:80
174.137.65.18:80
103.80.51.61:8080
187.161.206.24:80
45.16.226.117:443
186.227.146.102:80
189.131.57.131:80
94.23.237.171:443
185.208.226.142:8080
107.5.122.110:80
68.188.112.97:80
159.65.222.75:8080
84.39.182.7:80
177.94.227.143:80
175.139.144.229:8080
110.142.219.51:80
151.236.60.57:8080
139.99.158.11:443

# Reference: https://www.virustotal.com/gui/file/9b5ffb189c00d8a536848736e9cba2d4a71f8fba6f97d11867d677886b4a23e4/detection

http://47.146.117.214

# Reference: https://www.virustotal.com/gui/domain/foroanticorrupcion.sytes.net/relations

foroanticorrupcion.sytes.net

# Reference: https://www.virustotal.com/gui/file/6bdcbed80061d3b58f17759a2b932809c060a9a8b399dc92ee658ec5efd2d000/detection
# Reference: https://www.virustotal.com/gui/domain/deactivate.pw/relations

deactivate.best
deactivate.pw

# Reference: https://twitter.com/malware_traffic/status/1291168989108998146

204.197.146.48:80

# Reference: https://twitter.com/satontonton/status/1291723797528076290
# Reference: https://app.any.run/tasks/eb656a74-c0ba-4811-98e1-38a8cefaa70f/

http://47.146.32.175

# Reference: https://www.virustotal.com/gui/file/50d58ca2623e7fbbe3265bd78640c81fc3cb01a146c5630f656a18fc27e93c5e/detection

185.45.193.62:8080
216.239.32.21:443

# Reference: https://www.virustotal.com/gui/file/62fe71ddde725e4599889009d466a79b0de683d98a8490979b357732c18b79c6/detection

216.239.34.21:443

# Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection

http://24.249.135.121

# Reference: https://www.virustotal.com/gui/file/7c430fa3421e2ea8b9013a4b2d488c721f01245a353a6e93c9f57a99b99a1324/detection

http://198.57.203.63
http://78.189.60.109

# Reference: https://app.any.run/tasks/7e3113be-372a-40f7-9cde-6f32fa94d03a/

http://74.120.55.163

# Reference: https://twitter.com/papa_anniekey/status/1293103714136281095

focus123.mycpanel.rs

# Reference: https://app.any.run/tasks/412a6dce-5520-4e9e-8254-d42c0fff1bd2/

http://95.9.180.128

# Reference: https://app.any.run/tasks/13508623-0e52-4928-b905-46dc7a7ae037/

http://92.24.51.238
139.99.157.213:8080

# Reference: https://pastebin.com/raw/BPTTq6GH

107.185.211.16:80
96.8.113.4:8080
153.126.210.205:7080
47.146.117.214:80
104.131.44.150:8080
169.239.182.217:8080
95.179.229.244:8080
209.182.216.177:443
209.141.54.221:8080
5.196.74.210:8080
72.12.127.184:443
104.131.11.150:443
200.55.243.138:8080
116.203.32.252:8080
142.105.151.124:443
81.2.235.111:8080
74.120.55.163:80
167.86.90.214:8080
87.106.139.101:8080
37.139.21.175:8080
189.212.199.126:443
103.86.49.11:8080
203.153.216.189:7080
181.211.11.242:80
37.187.72.193:8080
41.60.200.34:80
139.130.242.43:80
181.230.116.163:80
109.74.5.95:8080
121.124.124.40:7080
114.146.222.200:80
157.245.99.39:8080
76.27.179.47:80
62.138.26.28:8080
24.43.99.75:80
93.51.50.171:8080
157.147.76.151:80
83.110.223.58:443
46.105.131.79:8080
119.198.40.179:80
79.98.24.39:8080
176.111.60.55:8080
190.160.53.126:80
183.101.175.193:80
104.236.246.93:8080
5.39.91.110:7080
74.208.45.104:8080
24.179.13.119:80
78.24.219.147:8080
50.116.86.205:8080
200.41.121.90:80
190.55.181.54:443
201.173.217.124:443
85.152.162.105:80
137.59.187.107:8080
152.168.248.128:443
95.213.236.64:8080
222.214.218.37:4143
47.146.32.175:80
110.145.77.103:80
70.167.215.250:8080
173.62.217.22:443
47.144.21.12:443
165.165.171.160:8080
62.75.141.82:80
47.153.182.47:80
87.106.136.232:8080
113.160.130.116:8443
185.94.252.104:443
168.235.67.138:7080
91.211.88.52:7080
204.197.146.48:80
180.92.239.110:8080
61.19.246.238:443
139.59.60.244:8080

# Reference: https://app.any.run/tasks/0a4c6780-43d1-4f2d-bc61-e2c74d604fc7/

http://174.102.48.180

# Reference: https://app.any.run/tasks/f8998e16-9781-4289-bd0f-fc346107935c/

http://176.216.226.44

# Reference: https://www.virustotal.com/gui/file/2cc2799a0f649e3f0d8bbfccd7f693a37a5a8def9094ae3f686169513d1d9ea7/detection

159.203.232.29:8080

# Reference: https://pastebin.com/raw/FUr39rYd

109.116.214.124:443
114.173.201.110:80
176.216.226.44:80
177.32.8.85:80
188.83.220.2:443
190.212.140.6:80
192.210.135.126:8080
197.83.232.19:80
201.213.177.139:80
203.117.253.142:80
207.144.103.227:80
212.93.117.170:80
24.233.112.152:80
51.75.33.120:8080
66.61.94.36:80
67.205.85.243:8080
69.30.203.214:8080
83.169.36.251:8080
85.105.140.135:443
88.217.172.164:443
91.222.77.105:80
97.82.79.83:80

# Reference: https://www.virustotal.com/gui/file/97095bd460f1f5204b572cd269f8c3a3e7e73302bcbaac05b3c0b106e2342f47/detection

201.171.150.41:443
219.240.39.215:443
81.198.69.61:80
94.76.247.61:8080

# Reference: https://www.virustotal.com/gui/file/e221dda5e172df72a7b9b605d2ffff5043219a3980adb5102825ee97e75ff423/detection

213.176.36.147:8080

# Reference: https://www.virustotal.com/gui/file/79fe6e1db7b6d43c9d290ccbfcc0d81127d7d366451e5c04c09980ffd352e388/detection

http://47.146.32.175

# Reference: https://www.virustotal.com/gui/file/3813928dd0bac12320f38a077ff89695a08c2b334b3d57fd37130ae2040b3842/detection

http://24.233.112.152

# Reference: https://app.any.run/tasks/ca298aef-0237-4f4c-9d4c-16e9ffa8d995/

http://186.109.104.67

# Reference: https://app.any.run/tasks/33208f2a-b475-4c87-a901-2c5ffc9931a1/

http://45.173.88.33

# Reference: https://app.any.run/tasks/dc65776b-ff73-45ee-89c4-34189aaafe80/

http://182.176.95.147
172.96.190.154:8080

# Reference: https://app.any.run/tasks/4ba4ab9b-664c-4817-b84b-a51f891637af/

http://82.163.245.38

# Reference: https://app.any.run/tasks/91f5641c-18d1-42b1-ba94-57a3aab3241b/

116.202.234.183:8080

# Reference: https://app.any.run/tasks/0b1c53d6-f7a2-4d10-964d-2d416abf2537/

http://162.249.220.190

# Reference: https://www.virustotal.com/gui/file/3eea9f7afe639ed32775963d6fae0261bd31b0927a8d21eb9cbcaadfe7633ae4/detection

poonamjoshi.com

# Reference: https://twitter.com/papa_anniekey/status/1289005683581435904

microclan.com

# Reference: https://app.any.run/tasks/9bc263f3-d30b-466c-9a9f-95121bd5606d/

http://94.49.254.194

# Reference: https://twitter.com/Jan0fficial/status/1297864705504092161

mj-web.dk

# Reference: https://twitter.com/Circuitous__/status/1298324692214919170

smileplz.com

# Reference: https://twitter.com/yungmay0/status/1298374886499508225
# Reference: https://app.any.run/tasks/6f234b9c-35dd-4659-be3c-f6ee6a6b1567/

pelayoacctg.org.ph
quanticaelectronics.com

# Reference: https://app.any.run/tasks/3f4cb411-b57f-4535-bf97-0123144a4081/

http://107.5.122.110
45.55.219.163:443

# Reference: https://app.any.run/tasks/7111f9b9-5357-4a91-850c-3471d257a016/

65.156.53.186:8080

# Reference: https://app.any.run/tasks/191b2189-4ab8-4085-a457-2b1e2aaf3dbc/

71.197.211.156:80

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-25-IOCs-for-Emotet-with-Trickbot.txt

185.81.158.15:8080
grzegorzkucharski.com
karaz-sd.com
king61tours.com

# Reference: https://twitter.com/seguridadyredes/status/1298903561724669952

http://176.10.250.88

# Reference: https://app.any.run/tasks/0c98e26c-ad79-46e3-b603-cd4f36470c69/

http://98.13.75.196

# Reference: https://pastebin.com/raw/QUeZ8m10

112.78.142.170:80
134.209.193.138:443
162.144.42.60:8080
172.91.208.86:80
184.66.18.83:80
188.219.31.12:80
190.96.15.50:80
207.144.103.227:80
212.93.117.170:80
217.199.160.224:8080
24.26.151.3:80
37.205.9.252:7080
54.38.143.245:8080
65.156.53.186:8080
72.167.223.217:8080
73.116.193.136:80
78.189.60.109:443
86.57.216.23:80
91.75.75.46:80
93.51.50.171:8080
98.13.75.196:80

# Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html (# Doc.Downloader.Emotet-9412146-0)

abcofcricket.com
reliancectg.com

# Reference: https://www.virustotal.com/gui/file/b59c25c29ded7dad9f0015a8ae0101c845220fc92ac6e0ecbc1c4ceaed70ac18/detection

http://173.94.215.84

# Reference: https://twitter.com/Cryptolaemus1/status/1300488497376243712

142.44.137.67:443

# Reference: https://app.any.run/tasks/d9a26e5e-6940-4e71-9c3b-670395fcbe7d/

http://210.1.219.238

# Reference: https://www.virustotal.com/gui/file/05d96fd627d3c6cc52fa1932fd991c983589c0c9acabdac750639eb415203d46/detection

5.56.132.177:8080
93.115.23.115:8080

# Reference: https://app.any.run/tasks/95575a4a-0aeb-49ba-8fa3-149302fde1d9/

http://118.2.218.1

# Reference: https://app.any.run/tasks/27d34ee4-c459-4580-8616-e0fc34a7ddff/

tomssteakhouse.com/wp-includes/
/BWQwW/

# Reference: https://app.any.run/tasks/d57d3def-5cb3-443a-a27d-08fdb95276a3/

qstride.com/img/0/
/FrbJX7FPH/
/HxFvQLG60ICjqj/

# Reference: https://app.any.run/tasks/48ffbd45-913c-4998-9830-ed73775f6e3d/

vidriodecoracion.com/wp-admin/
vanbrast.com/bleech/
/CC2BJDZl0/
/x6KkTJVFA/
/4oy05GSOX/

# Reference: https://app.any.run/tasks/c600b9fd-e9ed-476b-9882-2a396f839313/

vuatritue.com/wp-admin/
/2sRxZP6U/

# Reference: https://app.any.run/tasks/44089aba-65fe-4bb7-a42d-2e4fb6ae3861/
# Reference: https://tria.ge/200828-g57747h5fn/behavioral1

sitecgps.com

# Reference: https://twitter.com/James_inthe_box/status/1305445833903546369
# Reference: https://app.any.run/tasks/777df841-2292-45e7-aff2-9e37ac1e1c25/

http://50.91.114.38

# Reference: https://paste.cryptolaemus.com/emotet/2020/09/15/emotet-malware-IoCs_09-15-20.html

36.91.44.183:80
180.26.62.115:443
45.46.37.97:80
182.253.83.234:7080
113.156.82.32:80
185.183.16.47:80
134.209.36.254:8080
79.137.83.50:443
41.212.89.128:80
113.160.248.110:80
82.118.225.196:7080
220.147.247.145:80
41.84.243.145:80
68.69.155.181:80
115.176.16.221:80
126.126.139.26:443
219.94.242.134:8080
195.251.213.56:80
159.65.140.182:80
118.163.97.19:8080
8.4.9.137:8080
92.24.50.153:80
58.27.215.3:8080
111.67.77.202:8080
104.156.59.7:8080
38.88.126.202:8080
202.188.218.82:80
94.23.216.33:80
219.74.18.66:443
50.121.220.50:80
61.92.17.12:80
202.153.220.157:80
185.178.10.77:80
78.47.87.196:8080
190.101.48.116:80
167.71.227.113:8080
216.47.196.104:80
5.189.182.214:8080
110.5.16.198:80
200.120.241.238:80
82.80.155.43:80
190.85.46.52:7080
54.38.143.246:7080
54.37.42.48:8080
220.109.145.69:80
49.243.9.118:80
156.155.166.221:80
51.38.237.230:8080
187.189.66.200:8080
62.210.90.75:443
181.169.34.190:80
50.91.114.38:80
45.177.120.37:8080
167.114.122.37:80
82.225.49.121:80
75.80.124.4:80
189.160.188.97:80
67.121.104.51:20
116.202.10.123:8080
103.229.73.17:8080
124.41.215.226:80
145.239.169.32:7080
103.80.51.122:8080
5.39.79.163:7080
117.247.235.44:80
82.230.1.24:80
162.214.68.171:8080
121.7.127.163:80
144.91.127.82:8080
89.216.122.92:80
145.239.64.167:8081
96.227.52.8:443
45.230.228.26:443
182.227.240.189:443
96.245.123.149:80
213.196.135.145:80
45.79.16.230:7080
74.136.144.133:80
61.197.92.216:80
88.247.58.26:80
113.193.239.51:443
2.144.244.204:80
155.186.0.121:80
78.187.156.31:80
80.200.62.81:20
190.194.12.132:80
138.201.45.2:8080
74.58.215.226:80
77.106.157.34:8080
51.38.124.206:80
139.59.67.118:443
74.134.41.124:80
42.200.107.142:80
51.89.139.219:8081
76.18.16.210:80
181.95.133.104:80
120.51.34.254:80
89.248.250.44:8080
223.133.20.171:80
128.106.187.110:80
119.92.77.17:80
79.133.6.236:8080
185.215.227.107:443
223.17.215.76:80
5.189.178.202:8080
37.210.220.95:80
80.86.81.31:4143
153.177.101.120:443
103.48.68.173:80
220.245.198.194:80
202.166.170.43:80
221.184.46.216:80
140.186.212.146:80
78.249.119.122:80
78.114.175.216:80
120.138.30.150:8080
104.236.168.190:7080
95.215.46.191:8080
94.1.108.190:443
103.133.66.57:443
37.48.84.223:8080
189.150.209.206:80

# Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-09-25.txt

104.131.103.37:8080
104.131.41.185:8080
110.142.219.51:80
111.67.12.221:8080
111.67.77.202:8080
114.158.45.53:80
12.162.84.2:8080
137.74.106.111:7080
138.97.60.141:7080
152.169.22.67:80
155.186.0.121:80
170.81.48.2:80
172.104.169.32:8080
174.113.69.136:80
177.73.0.98:443
177.74.228.34:80
178.250.54.208:8080
181.129.96.162:8080
181.30.61.163:443
184.66.18.83:80
185.178.10.77:80
185.183.16.47:80
185.215.227.107:443
185.94.252.12:80
185.94.252.27:443
186.103.141.250:443
186.70.127.199:8090
187.162.248.237:80
188.135.15.49:80
189.2.177.210:443
190.115.18.139:8080
190.147.137.153:443
190.163.31.26:80
190.190.148.27:8080
190.195.129.227:8090
190.2.31.172:80
190.24.243.186:80
190.6.193.152:8080
191.182.6.118:80
192.241.143.52:8080
192.241.146.84:8080
199.203.62.165:80
2.47.112.152:80
204.225.249.100:7080
209.236.123.42:8080
212.71.237.140:8080
213.197.182.158:8080
216.47.196.104:80
217.13.106.14:8080
217.199.160.224:7080
219.92.13.25:80
220.109.145.69:80
38.88.126.202:8080
45.16.226.117:443
45.161.242.102:80
45.33.77.42:8080
45.46.37.97:80
5.189.178.202:8080
5.196.35.138:7080
50.121.220.50:80
50.28.51.143:8080
51.159.23.217:443
51.255.165.160:8080
51.38.124.206:80
54.37.42.48:8080
61.197.92.216:80
61.92.159.208:8080
64.201.88.132:80
65.36.62.20:80
67.247.242.247:80
68.183.170.114:8080
68.183.190.199:8080
68.69.155.181:80
70.32.115.157:8080
70.32.84.74:8080
72.47.248.48:7080
73.213.208.163:80
74.136.144.133:80
74.58.215.226:80
77.106.157.34:8080
77.238.212.227:80
77.90.136.129:8080
78.249.119.122:80
80.11.164.185:80
82.196.15.205:8080
82.230.1.24:80
82.76.111.249:443
83.169.21.32:7080
87.106.46.107:8080
92.24.50.153:80
94.176.234.118:443
95.9.180.128:80
96.227.52.8:443
96.245.123.149:80
98.13.75.196:80

# Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-10-14.txt

newcarturkiye.com/wp-admin/Sbp/
hbmonte.com/wp-content/wer/
thewakestudio.com/wp-admin/3D/
formedbyme.com/wp-content/3e/
lilianwmina.com/wp-includes/Y/
partners.ripplealpha.com/data/ultimatemember/L/
unitedway.giving.agency/sys-cache/XnT/

# Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html

0931tangfc.com/images/eTrac/vmaYsYjxcGyLiXUd/
arquivopop.com.br/index_htm_files/D9GIZL0JPRV/2ak4jCRkru/
pulseti.com/arq/LLC/nf3Otsnzwl/
s165469.gridserver.com/2e4e/DOC/v4Ni8lfQic188UKvrV/
weblabor.com.br/avisos/lm/qjQdnNiipH2ePqaY8c/
admin.creciendoconelarcoiris.com/contato/Documentation/O3b3OxuKOsHx7hOCuF/
katthus.site/wp-admin/INC/Wg7iIDE77Q9HKsEdjYH6/
redpandazine.com/rjHumTUCZD/attachments/TJwYOgSjOxaFMXTgZk3/
registro.creciendoconelarcoiris.com/lab-supplier/paclm/cigsGO51PCwBR/
thetastrike.club/monitor/Reporting/2xxcosaiQm/
vesinhlinhanh.vn/zybo-z7/public/uXHtKU6YnwmtjAcz/
1stcombs.suffolkscouts.org.uk/cgi-bin/browse/
3000khoahoc.com/data/Scan/6ahj2xzdg1c/q3ky24bjkzcj2r3blfksen3/
account.scopemedia.com/revision/payment/
acropol-eg.com/www.acropol-eg.com/Overview/
ajwaalmosafer.com/sys-cache/lm/pipnq2lw33/
al3akarat.com/sys-cache/INC/qtymdpa/
amrsyd.com.au/cgi-bin/Documentation/x3lwxecjvkp/
amruthacollegeofeducation.com/css/payment/a1zi5536tf7n/eu4lfqyuym37gs/
arian21.com/alfacgiapi/eTrac/omeqgl2aq6hb/
assecon.com.br/novoassecon/INC/n5yi6u/
atelierpinkcity.com/wp-content/7hfl1ur9wt/
beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/
blizloaded.com/wp-admin/network/report/qfepmhl/
cafehomes.vn/wp-content/Documentation/lv46jsk/
caipa.net.cn/docs/
caipa.net.cn/TN/sites/1dvfcd42/dxkp91i027qbecny5eizt0jxz2ucoi/
constructoraalpes.com/owl/Overview/
cplt20live.com/wp-includes/Text/Diff/payment/
creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/
cursoscaballeros.giving.agency/sys-cache/parts_service/mvvm4m3b1c8/
dagostim.com.br/fill/lm/jfb9ag79u/22lfpp5sekowuy8yme1/
ddazzlediamonds.com/advertisel/Documentation/
ecolushlanka.com/wp-admin/swift/c2clivwye63/
edduteayuda.com.co/sys-cache/sites/unw89lh/
f24.victor-studio.com.tw/wp-admin/public/mbvkcbg/
fabdraft.com/wp-admin/INC/5eoc0fadj1j1/
fleshupdate.com/wp-admin/F0xAutoConfig/public/
foodhanoi.net/wp-admin/swift/s70o7ewtgdxr9qar7cpi68oc/
gaialacticos.com/wp-content/payment/
gblcleanercanada.com/homemade-lash/01328/i21wld87/
hanedu.vn/wp-includes/px2fs1/
hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/
imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/
jietuo66.com/wordpress/Overview/q5yx2v/
joininfo.ca/articleprint/paclm/2muql8fi/
lachaloupe.net/wp-admin/OCT/
leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/
leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/\/
lp.app4you.app.br/wp-admin/02/2s0u94athcx7/90jqr1opf/
merkadito.mx/upload/OCT/
nengjiankang.com/wp-admin/payment/bq02xr1fpjor/t4m5sfqj3pcjqze0j69qw1d3imf5lg/
oel-magazin.de/wp-includes/paclm/
passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/
paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/
pelavo.pl/wp-admin/attachments/
phamxuanquynh.com/wp-content/report/nuec7hz/
phaneedepool.com/wp-admin/invoice/
phonestore-telephonie.fr/wp-admin/public/sue67m/
portugal.scyla.com.br/redirect2/FILE/1pc1k1k89mlkp/
premier-h.com/simulate-logistic/OCT/
project-streams.eu/wp-admin/mqkjk8zv/
projects.bigprint.pictures/cgi-bin/public/pzx10o27/0fprs9c/
promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/
qpcpym.com/ErrorFiles/Reporting/60i5dt9zv/
rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/
randradeseguros.com.br/produtos/esp/vyh32iy3g2fa5jcmt9zkqqm/
rossinglish.com/inverter-repair/browse/gwc4o8/
s171184.gridserver.com/poll_success/Overview/
santoferragens.app4you.app.br/wp-admin/swift/
shenji.victor-studio.com.tw/wp-admin/attachments/91q66l6/
sherif-hammad.com/wp-includes/Scan/uwze9ca1t/
shop.scyla.com.br/wp-includes/esp/uqvl95sehq7p7w/
srno.hu/sys-cache/report/sv98lyo4q/4s5045m4kd/
sulematravel.es/wp-includes/paclm/
sunrisejanitorial.ca/assets/statement/
switch2cloud.net/wp-admin/balance/
teesvalleywashrooms.co.uk/ALFA_DATA/report/
thebeauticianofficial.com/sys-cache/paclm/
thedigitalsquad.net/sitemap/attachments/412tmhd4/
thehotelelevate.com/cgi-bin/Documentation/gtfh86im642/lj4zbliyn52t2/
thenewschef.com/wp-content/06fi03s6qe8oi3941c2yh119fzzpk7/
thientam.online/wp-admin/Scan/
tunimatec.com.tn/Document/esp/
upload.3000khoahoc.com/temp/balance/achxpcbh8w0p/j8vw36gerbcsmsy/
upload.thuviendata.com/2020-02/ptpgzydx057y/
vilong.us/sys-cache/balance/u5s3/
w-maassltd.co.uk/sys-cache/LLC/zenx05r/
ffval.hr/wp-content/statement/
womenup.cz/wp-includes/FILE/
xnk.jbzie.com/wp-admin/public/
1stcombs.suffolkscouts.org.uk/cgi-bin/browse/
45gradi.com/awstats-icon/OCT/5isfj61s/
b2bcom.com.br/site/Document/7h7vt4faff/qh1twu66o573mejk/
beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/
bigfesta.app4you.app.br/wp-admin/statement/
biggboss14show.net/wp-includes/paclm/
blizloaded.com/wp-admin/network/report/qfepmhl/
blog.iymazon.com/wp-content/334214278238924/2tu/
chinadarocha.app4you.app.br/wp-admin/Scan/ciqujxfc8e/
columbiasaude.com.br/sys-cache/INC/5r2ics0dgwv1n43zgmrpwbo/
cplt20live.com/wp-includes/Text/Diff/payment/
creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/
ddazzlediamonds.com/advertisel/Documentation/
digitalscholarbd.com/zs/esp/7qar1o17w/
finally-con.com/sys-cache/attachments/mweke849y4y/zc6xt80o6awna5pi5a3ra5mtvi/
gaialacticos.com/wp-content/payment/
hanedu.vn/wp-includes/px2fs1/
hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/
homewatchamelia.com/wp-admin/docs/
hy-api.cn/ceo-retirement/payment/
imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/
informacion.creciendoconelarcoiris.com/wp-content/uploads/payment/qogke1c2uoe4/
j84.me/wp-admin/Reporting/
koreashop24.com/email/Documentation/mfzm49xudxjjikq8kml9c2ta84j6s2/
lachaloupe.net/wp-admin/OCT/
leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/
librosporfavor.com/wp-content/swift/uid5bmt/547jbnw6kkyl6m2f/
liubaozi.cn/wordpress/sites/txbp5jf5wvfa08bt/
longshushu.com/invoice/nw2nk3jpj23/
margaash.us/sys-cache/DOC/0u9thggdtv/1zn69dp08z987/
modelo-delivery.app4you.app.br/wp-admin/yi8alm/
newdimension.co.th/wp-admin/statement/0yun1pqrev1cplh8bqi820fi/
oel-magazin.de/wp-includes/paclm/
passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/
paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/
pelavo.pl/wp-admin/attachments/
phamxuanquynh.com/wp-content/report/nuec7hz/
promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/
rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/
repuscolombia.com/presupuestos/DOC/
resilientfutures.com/wp-content/k290eennf1/
santoferragens.app4you.app.br/wp-admin/swift/
selerakampung.com/wp-admin/Documentation/d8gqui/
skenglish.com/wp-admin/statement/
stevegates.co/free-low/attachments/ruokgkmy6v1uj3/
sulematravel.es/wp-includes/paclm/
tcamexpo.com/wp-content/parts_service/msql9lpdtsv3/
toy-house.pk/sys-cache/DOC/5s5eis2d/69fd5dr6k/
vilong.us/sys-cache/balance/u5s3/
vinhomesq9.vn/sys-cache/492874195037797/
w-maassltd.co.uk/sys-cache/LLC/zenx05r/
webturf263.com/wp-content/eTrac/1zdnklmh9tcx017cd/
lvl.com.br/wp-admin/INC/lr9pldlk3kv/
tianhengdaojituan.com/wp-includes/sites/
zhengtiankai.com/wp-content/public/gblpdj3y0y3a/y6iai/
zirrimarra.eus/wp-content/Documentation/svz0w6/

# Reference: https://twitter.com/Cryptolaemus1/status/1316730653044600833

financiamentointeligente.com/wp-content/Fj/
removepctrojan.com/wp-admin/6/
aahnaturals.net/wp-includes/TX/
sff3d.com/3d/xk/
engineering-2s.com/SS_Paypal/X/
lsmanga.com/migration/FaU/
beta.zoneberry.com/bysyswexecf/x3/

# Reference: https://twitter.com/Cryptolaemus1/status/1316751913774444546
# Reference: https://twitter.com/Cryptolaemus1/status/1316751914328096770

imenbartariran.com/wp-admin/CZ/
duberysunglass.com/img/A/
icilimoges.com/wp-includes/Ym/
trungtamgioithieuvieclamdongnai.com/submit_form/sFO/
events.medialogic.cloud/blazor-preventdefault/r8W/
inspira-psicologia.com/css/F/
sheriaspace.com/wp-admin/R/

# Reference: https://twitter.com/Cryptolaemus1/status/1316759252371988480

happyseedscharity.com/wp-includes/EgjM/
ecolands.info/wp-includes/LZ7O0h/
liguendembo.com/wp-includes/DeAM6hn/
xiaolechen.com/pollinodial/5lTy0/
mallowsvirtualcreatives.com/wp-content/2pw1/
rfcrfc.com/wp-admin/oZ/
bbs.rfcrfc.com/api/V/

# Reference: https://twitter.com/Cryptolaemus1/status/1316779526404427777

jrvservices.com.br/JRV_ANTIGO/d0cNATaKxy/
aqfsistemas.com.br/manufacturerl/hA/
paramythou.gr/wp-includes/jmoG/
foxfire.ph/wp-admin/YQW/
novaes.com.br/files/uZK/
excelenceimoveis.com.br/wp-includes/k/
equipamentosmix.com/10/aK99ApiT/

# Reference: https://twitter.com/bomccss/status/1316998263094996992
# Reference: https://twitter.com/Cryptolaemus1/status/1316992711904399360
# Reference: https://twitter.com/Cryptolaemus1/status/1316985594694766593
# Reference: https://app.any.run/tasks/dfefe288-fc49-4d40-b00a-f517363910bc/

divemed-tech.com/will-a/gjzE/
johndaurizio.com/wp-includes/Uhp4cB5mgN/
bazarkotulpur.com/wp-content/0tu/
geosrt.com/atrabiliary/yfH/
dmtland.com/wp-admin/4k/
zero-finance.com/wp-content/6sa/
myseedology.com/cgi-bin/7GzFsT/
foulgerteam.com/foulgerteam.com/i/
amicusdh.org/coaid/0g/
charlesze.com/content/z0lGKS/
tiktokvapes.com/wp-admin/xL/
blackstonetutors-onlineportal.com/wp-includes/fm/
bachhoanhale.com/wordpress/I/
invaluablearts.com/6sn1f/t/
mycollegecp.com/content/kRL/
tatilburdur.com/scutum/KV/
pgiso.com/wp-admin/mCQ/

# Reference: https://twitter.com/Cryptolaemus1/status/1317042881517977600

divemed-tech.com/will-a/gjzE/
johndaurizio.com/wp-includes/Uhp4cB5mgN/
bazarkotulpur.com/wp-content/0tu/
olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/
studyguidewithlakshmi.com/directory/v982c9VH5c/
pandebaik.com/_vti_bin/Y/
agroproindia.com/cgi-bin/95r09UGlIj/

# Reference: https://twitter.com/Cryptolaemus1/status/1317053813132546048

vuatritue.com/wp-admin/Ux/
shraddhacarrentalindore.com/wp-includes/M/
fortunelabels.com/test/SZ/
p4uclasses.com/wp-content/G/
tanger-soft.com/does-leaving/Kig/
pxid360.com/wp-admin/PN/
childselect.com/cgi-bin/y/

# Reference: https://twitter.com/Cryptolaemus1/status/1317061556958646272

dodungphongtam.com/content/GZ5Mk/
symbiosis-consulting.com/blogs/FVX8XRa/
getquicksafaris.com/wp-content/nJtvlV9ha/
sakhilalleather.com/wp-admin/t7GkPP4/
metodotrcd.com/wp/d/
borjboland.com/wp-admin/pH/
rangpurbarassociation.com/cgi-bin/2BdjrjymS/

# Reference: https://twitter.com/Cryptolaemus1/status/1317082747186434048

safeabortionrx.com/ext/XII/
brightcdr.com/wp-content/LNTELiq/
cavancart.com/staticmap/WR/
homeabortionpillsrx.com/ext/N6SKd/
portal.digitalcompass.com/Styles/deeB/
apidocs.dcdial.com/wp-includes/H/
360www.ca/content/2/

# Reference: https://twitter.com/Cryptolaemus1/status/1317097518711377923

paganwitch.com/wp-admin/0pd/
creationskateboards.com/shred/H/
gtech.thngo58.com/wp-includes/9zo/
dlhagency.com/cgi-bin/8z/
drwalidabdelgaffar.com/dentalia/lL/
rtjandxly.online/wp-content/kir/
bnmintl.com/cgi-bin/Ibu/

# Reference: https://twitter.com/Cryptolaemus1/status/1317112136636731392

iei7.com/wp-admin/5ShKLn/
right2liferx.com/admin/AcgEH/
poppylon.com/wp-admin/E22zho/
personaltrainersindia.com/fonts/Q55X/
eldahwa.com/9th-grade/F2Kw/
meeak.com/wp-admin/lcJ/
prabhatcycles.com/prabhatcycles/U1i7/
housetutor.wasseela.com/x2ekf/tMR/

# Reference: https://twitter.com/Cryptolaemus1/status/1317176477734047745

thehouseofpeace.org/cgi-bin/NZdfyylt/
wayfinancial.ca/wp-content/3H9P2P9qn/
tola.ae/docs/t/
bms-guisborough.co.uk/wp-admin/nIdNw7fA/
ardos.com.br/simulador/hpWciv1B/
andrycarias.com/grupo-desafio.com/EZ2w/
solidrockwesleyan.ca/wp-includes/WeqhX7hE/

# Reference: https://twitter.com/Cryptolaemus1/status/1317227929072533504

storagelookup.com/wp-admin/5pmuuxWKoN/
flowerdeliverypasadena.com/wp-content/J8tPsVAF4/
concrecasa.cl/wp-admin/RUQ87/
atrocity.de/blogs/iRB9/
svi.bo/wp-content/5CX8zlve/
gosbooking.com/wp-admin/ej5/
dummyestudio.com/wp-content/bP/

# Reference: https://twitter.com/Cryptolaemus1/status/1317238025701724160

wiwildcare.org/wp-includes/Ri/
gyandarbar.com/EDU/wBubLrB/
giannaspsychicstudio.com/cgi-bin/AAHr/
berkeywaterfilterplus.com/wp-admin/A/
myanmarlegalservices.com/wp-admin/87M/
bestgunsafety.com/wp-admin/u23zKk2/
mantenanews.com/wp-content/G/
liciousbbl.com/wp-includes/5k8n/

# Reference: https://twitter.com/Cryptolaemus1/status/1317354642494410753

fumigacionesmac.com/wp-includes/je/
excellence4u.com/wp-snapshots/brAvtr/
balancingelephants.com/wp-content/kH/
tahirsylaj.com/error/UpDueJ/
bestoffershop.com/wp-admin/k/
wintekelevators.com/wp-content/xExD/
supplementhouse.net/wp-content/HXLS7K/
solddolls.com/cgi-bin/xwoLV/

# Reference: https://twitter.com/VirITeXplorer/status/1318095610537443328

tahirsylaj.com/error/UpDueJ/
bestoffershop.com/wp-admin/k/
wintekelevators.com/wp-content/xExD/
supplementhouse.net/wp-content/HXLS7K/
solddolls.com/cgi-bin/xwoLV/
fumigacionesmac.com/wp-includes/je/
excellence4u.com/wp-snapshots/brAvtr/
balancingelephants.com/wp-content/kH/

# Reference: https://twitter.com/Cryptolaemus1/status/1318118172285947904

geoportal.rivasciudad.es/wp-includes/MD/
baltische-rundschau.eu/wp-content/uploads/2pj7/
leboutique-store.com/wp/dOs/
bespokebysumitgrover.com/wp-includes/mwYw/
rajania.com/cummins-engine/nPd/
aabeds.com/jtdla2131/Y/
svi.bo/wp-content/NIEP3/
podzalog39.ru/podzalogOLD/n/

# Reference: https://app.any.run/tasks/de25cba4-817b-4931-b20d-95f180fe5c0c/

travelsportrepeat.com/wp-content/0/
wemusthaveit.com/freeze-columns/KQiSFq7/
tuhishair.com/blog/g3H/
entout.co.uk/wp-includes/wdh/
blog.artemisaritim.com/accuracy-of/z/
ad-avenue.net/-/MH6/
wintekelevators.com/avast-premium/S6/

# Reference: https://twitter.com/Cryptolaemus1/status/1318122399079014400

tonolledo.com/docs/R6/
jegsnet.com/wp-content/J/
melrosebeautycenter.com/windows-10/MM/
blog.gadzoom.net/wp-includes/g0/
gtech.thngo58.com/zwift-level/xnH/
hbrpatel.com/wp-content/amT/
indiastartup360.com/wp-admin/Cm/

# Reference: https://twitter.com/abel1ma/status/1318130996332564482
# Reference: https://app.any.run/tasks/12a094d8-1806-4349-a485-8e3ea950f0f6/

tudorinvest.com/wp-admin/rGtnUb5f/
dp-womenbasket.com/wp-admin/Li/
stylefix.co/guillotine-cross/CTRNOQ/

# Reference: https://twitter.com/VirITeXplorer/status/1318138248783450115

ardos.com.br/simulador/bPNx/
drtheurelplasticsurgery.com/generalo/rhrhflv92/
bodyinnovation.co.za/wp-content/2ssHvi/
nomadco.es/wp-admin/MvwVHCG/

# Reference: https://twitter.com/Cryptolaemus1/status/1318189858989420545

stech.com.np/wp-admin/U/
worlddatapro.com/flama-condensed/2fPei5/
bluedemonlodge.com/wp-content/yBvR7Tw/
laindianrestaurants.com/wp-includes/B3pPZIas/
daogou.icu/wp-admin/kyJ4pA/
wisdomapologetics.com/neje-master/KM/
fotomax.fr/cgi-bin/dm/

# Reference: https://twitter.com/Cryptolaemus1/status/1318230428868874243

guarany.net/zefiro/K/
yanlipin.net/wp-admin/Q/
aanshtravels.com/_notes/JLM/
tcamexpo.com/wp-content/c/
easihacks.com/wp-includes/d/
cosyshe.com/wp-includes/A41/
goodpriceshoes.com/wp-includes/0Ko/

# Reference: https://twitter.com/Cryptolaemus1/status/1318269256295981056

onepalate.biz/wp/YuUcpzM/
webdachieu.com/wp-admin/J/
smallbatchliving.com/wp-admin/uccE/
richellemarie.com/wp-admin/xlTWW/
richelleshadoan.com/wp-admin/Ucrkcvp/
holonchile.cl/purelove/Y4/
a2zarchitect.com/wp-admin/LAs0P/
raumfuerneues.eu/error/AuTiH/

# Reference: https://twitter.com/Cryptolaemus1/status/1318286786494402562

yixuecourse.com/wp-includes/wE/
estylohouse.com/pms/application/language/e/
77wins.club/wp-content/4y/
layagroup.net/wp-admin/5h/
zionimmigration.com/scss/bHd/
vivoslotpulsa.com/wp-content/1/
wizzdomhub.com/wp-content/IZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1318425528760750082

vidadohomem.com/wp-content/Eu/
virtual-event-service.com/assets/tW/
mallowsvirtualcreatives.com/llfdsofdsfss/51C/
rovonize.com/email.rovonize.com.rovonize.com/M/
mahfuzur32785.com/identify-the/IM/
africafoodworld.com/wp-admin/WD/
bloglamtinh.com/wp-admin/N/

# Reference: https://twitter.com/Cryptolaemus1/status/1318468646134571009

wodsuit.com/ram-aisin/7r9/
hoobiq.com/cgi-bin/Xyv/
bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/
vat201.com/calculator/itQ/
vikinggg.com/hydrolysis-of/bY/
mohamedsayed.com/wp-admin/Zt/
hostimpel.com/js/q/

# Reference: https://twitter.com/Cryptolaemus1/status/1318469815082881025

rossie.in/wp/6L0U/
envirohubconsulting.co.za/cgi-bin/vI5/
grandages.org.my/office/y6Uz/
dailypharmajobs.com/cgi-bin/CyCdO/
comercialadvance.com/images/MFXxM5Tg/
royalnight.in/wp/lEA2gXXBj/
gymmuscle.tk/wp-content/U8j1Bkh/

# Reference: https://twitter.com/Cryptolaemus1/status/1318644038057287680

salesforcesupports.com/wp-admin/UK4/
sakcampharma.com/wordpress/L8E/
laosonline88.com/old-web-bk/M8B/
quicktowtowing.com/indexing/N2/
tecnolora.com/grup-bo/NWd/
geoffoglemusic.com/wp-admin/Mym/
58yuesao.top/wp-admin/HG/

# Reference: https://twitter.com/Cryptolaemus1/status/1318657897623134209

nursefreedomsystem.com/cgi-bin/eYae/
masterbookpub.com/cgi-bin/H/
247tvad.com/wp-includes/CLwQ/
wearenursesvip.com/wp-includes/ZbcC/
demo.acousticify.net/intune-company/UAONxeh/
hello.congduhoc.com/logstash-mutate/d/
musicrepublicmagazine.com/wp-content/HbW/
littleforbig.com/menuso/5IW5/

# Reference: https://twitter.com/Cryptolaemus1/status/1318666564141502464

keishixx.com/apc/ew5/
zylko.com/wp-admin/SD/
kyleesbirthdaybash.com/wp-includes/Sco/
kbpatinhaus.com/wp-includes/5r/
almaart.ir/wp-ontent/7pp/
premiumnitrilegloves.com/wp-content/7/
mommafi.com/wp-includes/S/

# Reference: https://twitter.com/Cryptolaemus1/status/1318816075820224514

safarsetutours.com/safarsetutours/do75yh/
iimedu.uk/wp-includes/m8YXYxu/
weeklymasterclass.com/wp-includes/ZqsGa/
onetrepreneur.co.uk/test/gQX87a/
commonsenserevisitedbook.com/wp-includes/6BAdVn6/
taabgroup.com/divi-woocommerce/7BHbH/
pruebadario.ecomerciar.com/wp-admin/jSEbK2o/
rebuneae.com/wp-content/EivSc/
allindiacrimepress.com/blogs/media/AO9/
housetutor.wasseela.com/x2ekf/sWv/
avoyrakib.com/wp-admin/28/
kianyadak.com/ik/M/
souryumon-alive.net/VL/
mail.cozyreview.com/Ko8/
econews.treegle.org/how-to/v/
atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/
vinarorganics.com/css/L0vMERYKQD/
adidasyeezy.store/welph/ccrcbr1xFU/
zunan.com.tw/wp-admin/lQ59Q/
vstsample.com/wp-includes/YV/
tuneclick.co.uk/img/eBV/
library.strophicmusic.com/test/VNTHdB7678/

# Reference: https://twitter.com/Cryptolaemus1/status/1318865011683610626

plakatjogja.com/wp-content/X/
vnadevelopers.com/wp-admin/BF/
nursesweekparty.com/wp-includes/bQR/
hodmunha.info/wp-includes/Ce/
novaworlds-muine.com/khudothiaquacity.com/a/
weapontoys.com/wp-content/Ok/
bold-c.com/wp-admin/Ac/

# Reference: https://twitter.com/Cryptolaemus1/status/1318916731914670084

michaelandrewsbakery.com/wp-admin/M/
forsalebyowner247.com/wp-includes/8m/
webgisjambi.com/wp-content/uploads/V5a/
tigerstormtraffic.com/wp-includes/h23/
optimisticdeals.com/wp-content/S/
twogirlscleaning.com/openbayl/KaI/
online2u.biz/ogretmenevi/4Yj/

# Reference: https://twitter.com/Cryptolaemus1/status/1318920275732418566

aspensnowmasswebcam.com/wp-admin/SC6c2o/
ticket1st.com/wp-includes/98Zkfi/
eyebrowandme.com/cgi-bin/3NN/
newsfocus123.com/96kaifa/cc1/
dev.muzigal.com/cron/Mdn/
dehateet.com/wp-admin/Gqg0Ma/
keithdougherty.com/wp-includes/Yen85/
nurseprizes.com/wp-includes/hS/

# Reference: https://twitter.com/Cryptolaemus1/status/1318943116016091136

ecommarket.xyz/uptown/LSm7vXy0v/
pearlcomputers.com.pk/bitcoin-apk/37qD0b/
treeremovalnerds.com/wp-content/7n5ut/
isupportthecause.org/wp-includes/sbCBUzN/
englishmatters.hk/wp-admin/hDcXxqmeD8/
innoovation.com/blogs/sOKc4/
habiganjjournal.com/wp-content/TUQB/

# Reference: https://twitter.com/Cryptolaemus1/status/1318995699904688139

kpfniaga.com/backup/Qv/
ethanstech.com/wp-includes/Z/
fsl.com.mx/wp-admin/2T7Ws/
thecitizensforum.org/cgi-bin/kU/
murari.es/wp-content/h/
xcharliesdevils.com/wp-includes/ysv/
hrinternationalbd.com/selectar/h/
caballerosdesanfernando.es/wp-includes/re8nKUj/

# Reference: https://twitter.com/Cryptolaemus1/status/1318995430852694017

farzadkiasat.com/wp-admin/Eb/
hunmao.net/wp-includes/C/
tallyandfin.com/cgi-bin/P/
gosvish.com/wp-admin/B/
searchhomeusa.com/wp-content/o/
h5yx.vishou.net/css/i/
oleegoli.com/indexing/xS/

# Reference: https://twitter.com/Cryptolaemus1/status/1319019223016943620

sangamapparel.com/wp-content_old/whE/
techarpit.xyz/wp-content/GM/
sarfco.com/wp-content/6YE/
best-browser.top/wp-includes/lL/
alternatul.com/wp-includes/4rS/
rapicampi.com/wp-content/ib/
initiativepropertiesltd.com/home/S7s/

# Reference: https://twitter.com/Cryptolaemus1/status/1319048991175331847

scolarite-fssm.uca.ma/wp-content/uploads/Wmo0C/
autofit.pt/wp-content/jjVLAR/
jinyangsheetmetal.co.kr/wp-content/Kx7IN1cEY/
mindgeniltd.co.uk/indexing/X5bSo/
sinanashkan.com/wp-admin/DkHxvf8KX/
navneetfamilycoach.com/wp-content/IRX/
usasnet.com/wp-includes/6k/
admvero.com.br/eleicao/EJcX/
coolfit.in/wp-content/ivi/
equipamentosmix.com/10/Bjky/
murari.es/wp-content/h/
hrinternationalbd.com/selectar/h/
thestudio-ct.co.uk/events/P3/
kailaasa.ca/wp-admin/zeJssVj/
khudanculongdien.vn/wp-admin/HB/
admvero.com.br/eleicao/EJcX/
coolfit.in/wp-content/ivi/
equipamentosmix.com/10/Bjky/

# Reference: https://twitter.com/Cryptolaemus1/status/1319223065696415745

paasologrp.com/parseopmlo/5/
launch.tactikafacewear.com/wp-content/Uk/
singohotel.com/dashboardl/q/
mymathlabhomework.com/wp-content/o/
dietherbsindia.com/assets/k8oo/
dev-tech.eu/demoshop/P0/
mithraa.co/nMT/
chess-pgn.com/win-raid/l6T5/

# Reference: https://twitter.com/Cryptolaemus1/status/1319180621395132416

swiftlogisticseg.com/wp-admin/jiX/
paikapua.com/a0brac3/Y/
gordon-and-son.com/wp-includes/n/
emmanuelmonastery.org/wp-admin/d/
afriwaste.app/wordpress/N7L/
da-industrial.com/js/A4/
onepalate.biz/wp-content_bak/Bc/

# Reference: https://twitter.com/Cryptolaemus1/status/1319253975863070727

sorbonne-capital.com/wp-admin/G/
zagoradesertcamp.com/templates/u/
chavezrob.com/wp-includes/zkd/
buybacksoft.com/old/5s/
thetechieforu.com/wp-includes/2/
movie-2free.com/cgi-bin/d/
yogeejee.com/wp-includes/b/

# Reference: https://twitter.com/Cryptolaemus1/status/1319262232170139650

paasologrp.com/parseopmlo/5/
launch.tactikafacewear.com/wp-content/Uk/
singohotel.com/dashboardl/q/
mymathlabhomework.com/wp-content/o/
dietherbsindia.com/assets/k8oo/
dev-tech.eu/demoshop/P0/
mithraa.co/nMT/
chess-pgn.com/win-raid/l6T5/

# Reference: https://twitter.com/Cryptolaemus1/status/1319309808814706693

akdparivar.com/css/J/
yudaobath.com/wp-includes/vbayxJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1319320563257573376

jumpingphones.com/wp-admin/W/
gksystemsnamakkal.xyz/wp-content/SsH/
baichoi.tranbaocuong.top/application/h5c/
movie-2free.com/cgi-bin/2wv/
mugiya-pan.com/wp/czH/
topperit.com/demo1/tt/
myfarasan.com/wp-admin/o/

# Reference: https://twitter.com/Cryptolaemus1/status/1319334755096272897

acheterdrogues.com/wp-admin/m/
hcareconcepts.com/cgi-bin/1Pwwxf/
jiafunongye.com/application/NJ3Ta/
amarteargentina.com.ar/wp-admin/GOAvrV/
allcannabismeds.com/unraid-map/xcGN/
caacholidays.com.hk/wp-content/jaayDboQ/
selerakampung.com/wp-admin/AGF5qXG/

# Reference: https://twitter.com/Cryptolaemus1/status/1319377511332139009

primaage.com/wp-admin/is/
uvibrands.com/QIG/
morrobaydrugandgift.com/wp-contentbak/T9M/
autodidactai.com/wp-content/5SF/
cs.vitalero.com/wp-includes/Vf/
arcadia-consult.com/wp-admin/6O/
acheterpermis-deconduire.com/wp-admin/network/vv/

# Reference: https://twitter.com/K_N1kolenko/status/1308335594729332737

jobcapper.com/8.7.19/hrS/
scoomie.com/wp-content/uploads/mxjsB/
blog.workshots.net/bibqcr9/Eki/
hxoptical.net/wp-admin/91C/
adidasnmdfootlocker.com/nc_assets/F/
socylmediapc.es/tools/D7Ogq/
lombardzista.pl/wp-content/r/

# Reference: https://twitter.com/K_N1kolenko/status/1306577455499673602

scrappy.upsproutmedia.com/wp-admin/J/
china-specialist.com/wp-content/YrLG/
upsproutmedia.com/wp-admin/M/
pagearrow.com/wordpress/B/
a.xuezha.cn/lajop/OYdUzf/
blog.saadata.com/cgi-bin/vwz/
zeeamfashion.com/content/rqoL/

# Reference: https://twitter.com/K_N1kolenko/status/1306534090812919808

77yxx.com/b5rh/bZxS/
shahramookht.com/t1k12k7t/8jq/
aciitaly.com/adminer-master/gkI/
codelta.es/images/9S35FR/
burstoutloud.com/PPL/Hf/
targetin.com/Silder-1/naK/
dbestfishing.com.sg/67s/wfe/

# Reference: https://twitter.com/K_N1kolenko/status/1301052109379469313

nnpstv.com/newsletter/hDT/
oneinsix.com/plesk-stat/S76/
villatera.com/cgi-bin/CHy/
party-pix.org/cgi-bin/GVp/
sabineschulte.net/cgi-bin/x/
pautz.org/cgi-bin/uB6/
nobius.org/hutchins/w/

# Reference: https://twitter.com/K_N1kolenko/status/1301043012554895361

ptwmusic.com/thumbs/TN/
refinanz.org/bachelorme_de/I/
prprofile.com/wp-admin/B2/
radiomuziekland.com/contact/f/
rbji.com/rbjfiles/5/
relicatessen.com/index_htm_files/9/
phoenix-internet.com/incontext/QJN/

# Reference: https://twitter.com/K_N1kolenko/status/1291617606567428096

tourgunungkidul.com/js/63/
veranista.com/stats/s/
walescounseling.com/wp-includes/BsDZ7QS/
thecreativecafe.co.uk/gallery/Y/
usadatos.com/chai/ikb/
tanitlak.hu/wp-admin/AkMHk/
wolstenholme.ca/teashop/0B6GAKL/
jerem.com/themes/nu2/
mikebonales.com/blog/In5/
grandsignatureyercaud.com/css/Gp/
hstlive.com/blabs/N/
itcsis.com/docuitc/G/
immortalmodeling.com/dev/blog/SF/
jejach.net/widgets/1E/
rifatenterprise.com/dist/go/0Ay/
priyamcollection.com/vinix/3e/
red-master.com/antiguo/WA/
portalsgn.com.br/corpore/xl/
rentaflight.be/PEAR2_maybe_not_used/H9l5C9Q/
pisi1.unixstorm.org/cgi-bin/LVZW/
purrr.nl/wp-content/Y/
moasocialcoop.com/wp-includes/fd/
monahon.com/classyclutches/W/
mediosmilenium.com/mapa/eWv/
monicaestrazulas.com/2018/Z/
mktink.com/logs/Q8/
murias.com/documents/Fu/
n-brake.com/aspnet_client/G8/
wuvyish.com/wp-content/D9/
energjia.com/oxl/k/
hajveryimpex.com/content/0hW/
aeeec.com/about-us/qE/
blog.8888168.xyz/wp-content/P/
instruments.azurewebsites.net/content/vWy/
larisinaja.com/wp-includes/y/
walcial.com/sys-cache/Fh8vQ/
riovibe.com.br/2009/A/
skytechresources.com.br/erros/JyG5bsH/
cosentinoconsult.com.br/v_s_k3/WZN8FbD/
swapnadevelopers.com/temp/U/
opiscineiro.com.br/wp-snapshots/za4yVt/
studio63productions.com/fonts/Dm7Y/
microcomm-group.com/aspnet_client/open-resource/749h0_a_bgapak3l/
missetiquette.com/img/57ry_v_f04/
rouxweb.com/sea/IOm310/
sallyabbeyarts.com/SALLY_ART_2014/UqN4k/
tedde.nl/photosentinel/r_mcjd_p0vrxje/
webstack.com.au/wp-includes/U890802/

# Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html

175.103.38.146:80
149.202.72.142:7080
51.15.7.145:80
177.129.17.170:443
76.175.162.101:80
188.157.101.114:80
108.46.29.236:80
123.176.25.234:80
51.75.33.127:80
78.186.65.230:80
96.245.227.43:80
46.43.2.95:8080
80.241.255.202:8080
142.112.10.95:20
93.186.197.189:7080
121.7.31.214:80
109.13.179.195:80
153.229.219.1:443
51.15.7.189:80
5.196.108.189:8080
202.29.239.162:443
5.89.33.136:80
203.56.191.129:8080
139.162.60.124:8080
74.135.120.91:80
174.106.122.139:80
113.203.238.130:80
75.143.247.51:80
96.249.236.156:443
85.25.106.204:8080
1.226.84.243:8080
183.77.227.38:80
192.232.229.54:7080
24.232.228.233:80
188.166.220.180:7080
162.144.145.58:8080
213.165.178.214:80
78.188.106.53:443
104.131.123.136:443
46.101.58.37:8080
47.36.140.164:80
202.29.237.113:8080
69.206.132.149:80
174.118.202.24:443
190.96.15.50:443
130.0.132.242:80
200.127.14.97:80
190.188.245.242:80
24.231.51.190:80
190.164.135.81:80
172.104.97.173:8080
185.80.172.199:80
24.43.32.186:80
177.23.7.151:80
216.139.123.119:80
190.190.219.184:80
2.58.16.86:8080
45.239.204.100:80
68.252.26.78:80
71.15.245.148:8080
94.212.52.40:80
218.147.193.146:80
178.211.45.66:8080
192.175.111.217:7080
85.214.26.7:8080
49.50.209.131:80
120.150.218.241:443
60.93.23.51:80
192.175.111.214:8080
72.143.73.234:443
46.105.114.137:8080
121.117.147.153:443
191.191.23.135:80
177.144.130.105:8080
110.142.236.207:80
192.81.38.31:80
35.143.99.174:80
118.33.121.37:80
190.240.194.77:443
125.200.20.233:80
71.72.196.159:80
194.4.58.192:7080
73.55.128.120:80
47.154.85.229:80
138.97.60.140:8080
190.191.171.72:80
103.93.220.182:80
115.79.59.157:80
186.74.215.34:80
169.50.76.149:8080
180.148.4.130:8080
118.243.83.70:80
70.169.17.134:80
42.200.96.63:80
190.192.39.136:80
91.146.156.228:80
118.83.154.64:443
128.92.203.42:80
190.108.228.27:443
139.59.61.215:443
37.187.161.206:8080
116.91.240.96:80
95.85.33.23:8080
202.134.4.210:7080
198.20.228.9:8080
190.117.101.56:80

# Reference: https://twitter.com/malware_traffic/status/1309698130468896768
# Reference: https://app.any.run/tasks/018be08a-518e-449f-b7cc-3bc8b5cd8031/

12.163.208.58:80
87.106.253.248:8080

# Reference: https://app.any.run/tasks/210af0dd-4489-4ba6-88f8-5968ac9f1442/

162.241.41.111:7080
http://49.243.9.11

# Reference: https://www.virustotal.com/gui/file/0b741a6961b690e07f80388faf43fc3af9bd74b99e8f223e00fa0a996c23305e/detection
# Reference: https://www.virustotal.com/gui/file/03caf29484a047db9c68e15e6117f665c59b1cc6ea7cdacba9042f80149861b9/detection

http://51.38.124.206
91.105.94.200:80
binarywebtechsolutions.com
vstbar.com

# Reference: https://twitter.com/illegalFawn/status/1310959162822725638

jigsaw.watch

# Reference: https://www.virustotal.com/gui/domain/xnxxfullhd.com/relations

xnxxfullhd.com

# Reference: https://app.any.run/tasks/7bf64b3b-3039-4610-8500-d9ca772797ec/

http://116.91.240.96

# Reference: https://www.virustotal.com/gui/file/9bb84f9fca28c4f9ac90dda5932d089a835344e112aca645497ee884b56e7644/detection

tagkarma.com
simplatecplc.com
sertecii.com
vvk888.ru
easyneti.com

# Reference: https://www.virustotal.com/gui/file/869f09c1b430433a385b4ec13a90eef4cfe0cba092a46fe71107de2f865bdf0e/detection
# Reference: https://www.virustotal.com/gui/file/07546b78e05a399af4c7b6080391583fc4709c2b8e45f2b82ee98ae5a2807dba/detection

http://185.94.252.3
185.94.252.3:443

# Reference: https://app.any.run/tasks/a7d83cd5-65f8-45a4-a743-4e743697af4f/

http://42.200.96.63

# Reference: https://app.any.run/tasks/a32c3139-6e65-4009-adf6-9bc8be58f007/

http://177.23.7.151

# Reference: https://app.any.run/tasks/6ae91afa-8e93-4768-bf0e-9719c2f29ba3/

162.241.140.129:8080
http://69.206.132.149

# Reference: https://pastebin.com/t8DJ96VL

103.3.63.137:8080
184.180.181.202:80

# Reference: https://app.any.run/tasks/e75d2911-c9c6-4c7e-a6a7-d95e2ddf0c0a/

http://208.180.207.205

# Reference: https://app.any.run/tasks/6bc0ba41-3619-40fc-88c1-dc8ef38ee1f8/

http://2.45.176.233

# Reference: https://app.any.run/tasks/130012c7-b13a-49f8-addd-552744b68c8c/

http://221.147.142.214

# Reference: https://app.any.run/tasks/e6d9c6dc-dd3e-478d-958d-f3762df82a7d/

dodungphongtam.com

# Reference: https://twitter.com/Marco_Ramilli/status/1318135068049670144

167.114.153.111:8080

# Reference: https://twitter.com/malware_traffic/status/1318710455678926848

91.121.87.90:8080

# Reference: https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet
# Reference: https://otx.alienvault.com/pulse/5f8dd264c6e41e9e60cf67c7

http://182.16.26.194
http://23.133.5.144
http://43.249.30.212
00pozrjbpm.xyz
enjinchang.cn
jiyingkou.cn

# Reference: https://twitter.com/VirITeXplorer/status/1320634658833473536

punto-0.org/wp-content/peqlZz/
mahesaku.com/wp-content/AEnN/
1024db.com/wp-admin/Vf/
roofwellness.com/wp-admin/S0/
nurmarkaz.org/wp-content/LL/
wp83.talentsprint.com/wp-content/d0NpZ7/
campflamingo.org/wp-content/QCTr/
fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/

# Reference: https://twitter.com/VirITeXplorer/status/1320645299250122752

inbichngoc.com/wp-admin/S/
ulkucusarkilar.com/networko/wN/
rise-creative.com/cgi-bin/K/
celestinastore.com/old/rB/
ferreteriassolano.com/wp-content/x/
aryacreations.com/wp-includes11/tf/
sinapsisenergia.com/customerl/tE/
madrushdigital.com/wp-admin/OJ5Uu5J/
heankan.bio/js/T8oCHm/
jupitermarinesales.com/wp-content/cache/xLWIP/
lovetraveltoday.com/localisationl/0zwJxNkMRK/
unikaryapools.com/wp/JWUG4n/
akdgroup.co.in/jio/8vSciyhM/
ufak2.com/demo/2hhpCYzwTL/

# Reference: https://twitter.com/Cryptolaemus1/status/1320716324453179394

needhelp.gr/wp-includes/Qlpz/
computerjungle.it/wp-content/N/
polaroidamsterdam.nl/wp-admin/IlDz/
vitrinapyme.com/wp-admin/ws9w/
bopetsupplies.com/tui/b2uMLAj/
maturisampietro.ch/wp-admin/VR/
lixko.com/wp-includes/zrEfpj/
si-batangaspremier.org/wp-admin/Q/

# Reference: https://twitter.com/Cryptolaemus1/status/1320751795015221250

ivytheme.com/wp-admin/LyR/
secuado.com/wp-content/plugins/apikey/6/
passionpastry.com/wp-admin/n/
caglayann.com/wp-admin/Xt1/
crechereviver.org/siteunavailable/3/
logistician.org/wp-admin/aGQ/
m-tash.com/wp-includes/9/

# Reference: https://twitter.com/Cryptolaemus1/status/1320754787554627584

alexdepase.coach/wp-admin/Ic4ZVsh/
amiral.ga/wp-content/cUFTze5/
iebf.org.uk/wp-admin/QF/
onlineapps.com.au/wp-includes/ZROO26A9/
gazeindia.com/wp-content/kOCbnAdSdG/
alarmpistool.com/wp-admin/3dk0z92i4/
factum24.pro/cgi-bin/dYNq4D/

# Reference: https://twitter.com/Cryptolaemus1/status/1320784947842568193

360digest.beyondb-school.com/wp-content/07A/
nhatcuong.xyz/wp-content/Szx94QD/
braceyourself.us/wp-admin/J/
carl99a.com/cgi-bin/P1IwSg/
seitaiken.net/wp-admin/Qz9B/
arpe-samois.fr/wp-content/eQCw/
fitthemes.com/wordpress-5.3.2/O/
nakanoyoi5.com/wp-admin/GfPlB/

# Reference: https://twitter.com/Cryptolaemus1/status/1320801741408030720

campflamingo.org/wp-content/QCTr/
fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/

# Reference: https://twitter.com/Cryptolaemus1/status/1320821381106442241

preilurd.com/wp-admin/N/
twistan.com/wp-content/pxj/
beliloba.com/cgi-bin/1t/
jabalmubarak.com/wp-includes/mq/
xxxporn.futbol/wp-includes/vC/
vietnamdigitalmarketing.org/wp-includes/qd/
haule.net/wp-content/JAJ/

# Reference: https://www.virustotal.com/gui/file/143248cab06613908c20d4532e2ea212fa672788ea83cf4cac123499fe56f576/detection

172.86.186.21:8080
177.107.79.214:8080
59.148.253.194:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1320972542270734337

homewatchamelia.com/wp-admin/MQxjrRU/
pottershousedurban.co.za/cgi-bin/109J/
toorak.ie/wp-includes/aT/
theginlibrary.de/wp-includes/ma/
coeurclaudelien.fbcars.net/cgi-bin/tJt0Sqg/
mamac.top/wp-admin/GWQACP/
jwskincare.vn/setupconfigo/pF6g/
9s2s.com/wp-admin/XKowb/

# Reference: https://twitter.com/Cryptolaemus1/status/1321046903619047424

yourprivatelife.com/wp-admin/sq/
firsattrade.com/wp-content/pI/
ashiq.xyz/wp-content/qX/
aryabhattahighschool.com/wp-includes/C1x/
angelsandfriends.com/wp-includes/d31/
dmccainlaw.com/wp-content/3/
tvcableinternetdeal.com/wp-content/cu/

# Reference: https://twitter.com/Cryptolaemus1/status/1321045770880065536

royalempresshair.com/wp-content/upgrade/Ete/
kbppp.ilmci.com/wp-includes/z/
tiplabor.com/images/Du1/
0377hhd.com/cgi-bin/q/
sorbonne-capital.com/wp-admin/Jip/
dijitalklinik.com/wp-admin/LYq/
qualitymathtutors.com/wp-content/GfE/

# Reference: https://twitter.com/Cryptolaemus1/status/1320974739733700608

mevaconyeu.vn/forgottenl/lBjZjuaWO/
babyg-vietnam.vn/wp-content/cuBO2E7bE/
wikibricolage.com/wp-admin/R/
innhanmachcm.com/wp-admin/IB32/
apyarlovers.com/wp-admin/eAiaD/
pilanjau-berau.desa.id/wp-admin/t/
madivarealty.com/wp-includes/XulnC6a/

# Reference: https://twitter.com/Cryptolaemus1/status/1321054328916975618

noorpurefood.com/wp-content/eyH9I/
amorepooh.com/wp-content/themes/twentyseventeen/G3RZxc/
hatele.net/wp-admin/N/
promaxgh.com/wp-content/uploads/f/
pikama.us/wp-includes/BBW/
shaishavchildrights.org/wp-content/L4bRiZo/
maradrugstore.com/old/n/
lilianaoliveira.com/office-365/m1MRNr/

# Reference: https://twitter.com/Cryptolaemus1/status/1321216463697596416

josejuanarroyo.com/antithetical-bulblet/l/
movie-2free.com/cgi-bin/s/
buckzy.net/wp-admin/zF/
suksiriestate.com/cgi-bin/xjz/
gk725.com/breadbox/mlu/
datawyse.net/Ccl/5W/
ppzo.top/wp-admin/o1/

# Reference: https://twitter.com/Cryptolaemus1/status/1321122347865280513

904y.com/how-to/A6/
acredales.com/thank_you/U0u9Z/
adinterix.com/laybuy-investors/9Ab6/
angiathinh.com/autotoxication/Iue/
bahamianrelief.org/VpHo/ey/
biharbhumibazar.com/wp-admin/D/
bridgestoworkapp.com/wp-content/c1/
car4libya.com/cgi-bin/sDBhPqx/
cidoresearch.com/wp-content/Cb5afhZDr6/
ciucurencutl.ro/wp-admin/WhcybcaN/
daeg.su/wp-content/iYH/
dartzeel.com/wp-content/yf/
datablockssolutions.com/rgit/kd6/
dieteticienne-tiffany.com/wp-includes/rGJaLg5/
dotasarim.com/wp-admin/Dyz/
edirnereklamajansi.com/wp-includes/dN/
fit.develab.mx/wp-admin/sjai4FA/
florumgroups.net/mysite/C0NYBd/
gibraltarsalesgroup.com/public/qdI/
jiehost.com/wp-admin/6ZFh6A/
meshzs.com/wp-includes/E/
mobis-autoloan.com/wp-content/YvqoBse/
mueindustries.com/wp-admin/D/
odmova.pl/retranslate/OqLdry/
ostranderandassociates.com/var/thpY/
pacificfe.com/shadow-health/nQ/
personalizedjigsaws.com/replace_img/qG6D9T/
queensport.nl/accp/dz/
ruiermi.com/wp-admin/jmb/
scw8.net/wp-content/1MkWc/
servitekifix.com/wp-admin/C/
socialplaymedia.com/wp-content/Czj/
stabri-thailand.org/cgi-bin/1GKI/
terasrumahkayu.com/wp-admin/dHeLE/
thietkequangcaothanhhoa.com/phosphoryl/UJwwiQu/
uxnew.com/old/9/
weeklyoutfits.com/how-much/zw2z/
yoga.gift/content/nc/

# Reference: https://twitter.com/malware_traffic/status/1321182175916679168

91.121.200.35:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1321406330595401728

nanettecook.org/wp-admin/x/
scalarmonitoring.com/wp-admin/js/widgets/S0A/
fourseasonsjsc.com/wp-admin/hzu9vvt/
ningyangseo.com/wp-admin/am/
rapidcarwash.net/wp-content/nO6U/
coolchacult.com/wp-includes/i/
anpbodysculpting.com/wp-content/themes/twentytwenty/c/
lamajesteindustries.com/wp-content/DRTujMR/

# Reference: https://twitter.com/Cryptolaemus1/status/1321413462229196807

panoramafe.com/slabbing/bBkdFoF96m/
enolil-loo.com/agillawood/CZafm/
394509.com/biogenesis/ab/
oluwatomiwa.com/mail.oluwatomiwa.com/T/
mansa.com.vn/myographist/zRf6yPRec/
asianprosource.com/verb/rdB6m/
khangnguyen.store/wp-includes/theme-compat/eSIyT/

# Reference: https://twitter.com/Cryptolaemus1/status/1321427295320629248

anizonehealthcare.com/wp-includes/I/
mthealthcare.net/wp-admin/h/
mynesnetwork.com/cgi-bin/Iw/
asahalpha.com/wp-snapshots/tmp/7/
greenlandlion.com/wp-content/zny/
vidamelhor.online/wp-includes/uy/
sobresaude.space/wp-includes/J/

# Reference: https://www.virustotal.com/gui/file/b281c158288b59d60949f1d15c53d7f47e507b2db6e015043d464daaf10f952f/detection

http://88.153.35.32

# Reference: https://twitter.com/Cryptolaemus1/status/1321453607758254080

leapmom.com/ukeol/c/
csgcargo.com/wp-content/d/
greenleafnaturalfarms.com/cgi-bin/h/
rucloset.com/gon/4/
pachiba.com/blogs/7/
betsdotbahisgiris.com/cgi-bin/I/
rawmeditations.com/wp-content/r/

# Reference: https://twitter.com/abel1ma/status/1321728085520117762
# Reference: https://app.any.run/tasks/d5fd0b9c-9fff-4953-b886-20b2b711262f/

152.32.75.74:443
demowebsite6.club/wp-admin/wKm1/
jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/
visionmedia.vn/wp-includes/bjkuZ9LtT/

# Reference: https://twitter.com/Cryptolaemus1/status/1321705613492146176

visionmedia.vn/wp-includes/bjkuZ9LtT/
demowebsite6.club/wp-admin/wKm1/
itgallery.com.bd/backup/7/
jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/
airrlist.com/wp-includes/VBG/
ppinds.in/fonts/NnaS2zf/
yadanaraung.com/wp-content/zWNM/

# Reference: https://twitter.com/Cryptolaemus1/status/1321672520391680000

eclatcollection.com/kohler-14resa/YpUuby/
ismlm.xyz/wp-admin/P/
corsiwebonline.it/wp-content/yQqe7/
conclassdigital.com/wp-content/thTgRn/
jtech.com.vn/wp-includes/IhSNuI/
hijoaajakakhabar.com/cgi-bin/cHoz/
magicwandcompany.net/wp-includes/bRVTJyc/
saladrepublic.in/cgi-bin/WmRD/

# Reference: https://twitter.com/Cryptolaemus1/status/1321755092098441216

dishtvweb.com/cgi-bin/xnAWwP/
bindhyabasinitemple.com/wp-includes/f8U8g/
radiolevi.ro/wp-content/vDbB/
kartsms.com/wp/s/
blog.opospalia.eu/wp-admin/k/
paridhiyadav.com/wp-content/hc/
socalvending.com/wp-content/8z/
makkinouz-groupe.com/wp-includes/q/

# Reference: https://twitter.com/Cryptolaemus1/status/1321802724971843584

enjoymylifecheryl.com/wp-includes/FPNxoUiCz3/
homewatchamelia.com/wp-admin/qmK/
seramporemunicipality.org/replacement-vin/Ql4R/
imperfectdream.com/wp-content/xb2csjPW6/
mayxaycafe.net/wp-includes/UxdWFzYQj/
420extracts.ca/cgi-bin/Ecv/
casinopalacett.com/wp-admin/voZDArg/

# Reference: https://twitter.com/Cryptolaemus1/status/1321778299379634177

innhanmachn.com/wp-admin/sA/
shomalhouse.com/wp-includes/ID3/IDz/
blog.martyrolnick.com/wp-admin/Spq/
frajamomadrid.com/wp-content/g/
pesquisacred.com/vmware-unlocker/daC/
medhempfarm.com/wp-admin/Lb/
ienglishabc.com/cow/2BB/

# Reference: https://twitter.com/Cryptolaemus1/status/1321838206040637440

tinytowntees.com/wp-content/TV/
0377hhd.com/cgi-bin/ru/
easytigershop.com/wp-includes/css/GxWFH/M/
paisocial.org/wp-includes/X9D/
primecigarettes.com/wp-content/7/
evexiahk.com/wp-content/u2x/
bathroomnerds.com/wp-content/e/

# Reference: https://twitter.com/Cryptolaemus1/status/1321894855019298816

attenstyle.com/wp-admin/pB/
ningyangseo.com/wp-admin/8l/
mrveggy.com/erros/4/
aischoolofindia.com/wp-content/KFn/
vitrinapyme.com/wp-content/Jw/
trassierramotor.com/photo-gender/oz2/
codavatar.com/wp-content/MiU/

# Reference: https://twitter.com/Cryptolaemus1/status/1321933654478757901

supportessays.com/wp-admin/iuz/
royalempresshair.com/wp-content/upgrade/Fj/
acredales.com/thank_you/d/
mail.bursaevdenevenakliyat.link/jelab/YSS/
180clubrealestate.com/wp-includes/0go/
albertoordonez.com/coinpot-faucet/vo8/
techofbeauty.com/cgi-bin/o0/

# Reference: https://twitter.com/Cryptolaemus1/status/1321931581741817859

foryoulady.com/wp-admin/H3Tu5s/
flem-cartoons.fr/wp-includes/Gogzje/
blog.19850120.xyz/wp-admin/VOfoZiU/
capellaevents.com/val-images/mD2zBip/
amirthafoundation.com/wp-admin/0KetV/
busyafnutrition.com.au/wp-admin/A83yfME/
sploong.net/cgi-bin/JsbuL5/
sygnalizujemy.pl/wp-admin/yj/

# Reference: https://twitter.com/Cryptolaemus1/status/1322054843247300608

vidadohomem.com/wp-content/v/
ecobaratocanaria.com/wp-admin/eR/
uxnew.com/old/89i/
tz004.com/ad_files/a0/
removepctrojan.com/wp-admin/b/
mycollegecp.com/content/jA/
legalempowermentindia.com/cgi-bin/Qs/

# Reference: https://unit42.paloaltonetworks.com/domain-parking/
# Reference: https://urlhaus.abuse.ch/url/494116/

valleymedicalandsurgicalclinic.com/ujftb/statement/wr7hoba7i9hz/

# Reference: https://www.virustotal.com/gui/file/66254770f3aa819dbb3dd005d6f8318bc29852bcb0ef77f6a251803dcdbca8ad/detection

http://190.162.215.233
http://190.164.104.62
http://201.241.127.190
http://37.179.204.33
107.170.146.252:8080
154.91.33.137:443
173.212.214.235:7080
61.33.119.226:443
72.186.136.247:443

# Reference: https://twitter.com/neutrify/status/1321804354907705344

betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/
rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/
innhanmachn.com/wp-admin/sA/
shomalhouse.com/wp-includes/ID3/IDz/
blog.martyrolnick.com/wp-admin/Spq/
frajamomadrid.com/wp-content/g/
pesquisacred.com/vmware-unlocker/daC/
medhempfarm.com/wp-admin/Lb/
ienglishabc.com/cow/2BB/

# Reference: https://paste.cryptolaemus.com/emotet/2020/10/29/emotet-malware-IoCs_10-29-20.html

117.2.139.117:443
2.58.16.89:8080
85.246.78.192:80
129.232.220.11:8080
100.37.240.62:80
73.100.19.104:80
183.176.82.231:80
202.134.4.216:8080
168.197.45.36:80
49.3.224.99:8080
189.34.181.88:80
58.94.58.13:80
190.164.104.62:80
213.52.74.198:80
181.120.29.49:80
134.209.144.106:443
78.90.78.210:80
101.187.81.254:80
109.190.35.249:80
201.171.244.130:80
201.241.127.190:80
77.78.196.173:443
81.215.230.173:443
190.29.166.0:80
2.82.75.215:80
85.105.111.166:80
66.76.12.94:8080
64.207.182.168:8080
209.141.54.221:7080
118.69.11.81:7080
172.86.188.251:8080
200.24.255.23:80
188.226.165.170:8080
109.206.139.119:80
24.133.106.23:80
193.251.77.110:80
51.89.199.141:8080
109.99.146.210:8080
102.182.93.220:80
181.58.181.9:80
62.171.142.179:8080
37.179.145.105:80
172.193.79.237:80
201.71.228.86:80
37.183.81.217:80
159.203.16.11:8080
41.185.28.84:8080
103.13.224.53:80
67.170.250.203:443
5.2.246.108:80
177.130.51.198:80
192.198.91.138:443
186.189.249.2:80
200.59.6.174:80
5.2.164.75:80
74.214.230.200:80
153.204.122.254:80
201.49.239.200:443
202.134.4.211:8080
192.175.111.212:7080
109.116.245.80:80
186.193.229.123:80
188.251.213.180:80
87.230.25.43:8080
60.249.78.226:8080
190.162.215.233:80
50.245.107.73:443
60.108.128.186:80
59.125.219.109:443
188.80.27.54:80
190.64.88.186:443
201.163.74.203:80
80.227.52.78:80
83.103.179.156:80
109.242.153.9:80
61.76.222.210:80
197.221.227.78:80
181.61.182.143:80
115.94.207.99:443
68.115.186.26:80
24.230.141.169:80
173.173.254.105:80
194.190.67.75:80
78.206.229.130:80
178.254.36.182:8080
94.23.62.116:8080
190.45.24.210:80
176.113.52.6:443
217.123.207.149:80
217.20.166.178:7080
5.12.246.155:80
190.180.65.104:80
200.243.153.66:80
2.45.176.233:80
179.222.115.170:80
181.123.6.86:80
119.59.116.21:8080
189.223.16.99:80
95.76.142.243:80
89.121.205.18:80
24.178.90.49:80
190.101.156.139:80
182.208.30.18:443
120.72.18.91:80
138.68.87.218:443
98.103.204.12:443
109.101.137.162:8080
24.135.69.146:80
187.162.250.23:443
70.39.251.94:8080
202.141.243.254:443
41.76.213.144:8080
190.92.122.226:80
123.142.37.166:80
74.40.205.197:443
189.123.103.233:80
79.118.74.90:80
119.228.75.211:80
172.105.13.66:443
95.9.5.93:80
169.1.39.242:80
88.153.35.32:80
187.193.221.143:80
190.202.229.74:80
186.70.56.94:443
27.114.9.93:80
173.63.222.65:80
110.37.224.243:80
37.179.204.33:80
82.76.52.155:80
103.236.179.162:80
181.59.59.54:80
94.230.70.6:80

# Reference: https://twitter.com/Cryptolaemus1/status/1322103743584833537

kharazmischl.com/w/okz/
help-m2c.eccang.com/pseovck27kr/n/
myfarasan.com/sitepage/z/
chengmikeji.com/dertouqua/Ocm/
enews.enkj.com/wordpress/bd/
ecobaratocanaria.com/wp-admin/ms/
cimsjr.com/hospital/4q/
akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/

# Reference: https://twitter.com/Cryptolaemus1/status/1322096259281358848

pipesplumbingltd.com/DB/Yg2rsTn/
annabphotography.co.uk/wp-includes/WdHO/
childselect.com/cgi-bin/BSA/
movie-2free.com/cgi-bin/F/
sachcodoc.net/wp-admin/pOyZDC/
aramisconstruct.ro/wp-admin/Hpbd6/
manweikeji.com/wp-content/X/
farmapleland.com/wp-content/F/

# Reference: https://twitter.com/Cryptolaemus1/status/1322181156377415680

dotasarim.com/wp-admin/AYO/
servitekifix.com/wp-admin/nBJ/
dieteticienne-tiffany.com/wp-includes/p/
moralaree.com/journal/R/
mobis-autoloan.com/wp-content/76/
footballstep.com/cgi-bin/A/
naturalwaterresources.com/wp-content/XjR/

# Reference: https://twitter.com/Cryptolaemus1/status/1322176462150078465

da-industrial.com/js/9IdLP/
daprofesional.com/data4/hWgWjTV/
dagranitegiare.com/wp-admin/tV/
outspokenvisions.com/wp-includes/aWoM/
mobsouk.com/wp-includes/UY30R/
biglaughs.org/smallpotatoes/Y/
ngllogistics.africa/adminer/W3mkB/

# Reference: https://twitter.com/Cryptolaemus1/status/1322249061362208769

inbichngoc.com/wp-admin/K/
angiathinh.com/autotoxication/96F/
meshzs.com/wp-includes/p6/
dartzeel.com/wp-content/jHy/
zhidong.store/wp-content/BDY/
australaqua.com/wp-content/xIt/
nurmarkaz.org/designl/u/

# Reference: https://twitter.com/malware_traffic/status/1322292869584035841
# Reference: https://app.any.run/tasks/22ebd2c7-0e8d-4966-885a-e592345cf173/

45.230.228.36:443

# Reference: https://twitter.com/neutrify/status/1322326661858250752

dotasarim.com/wp-admin/AYO/
servitekifix.com/wp-admin/nBJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1323297480843403264

201.184.105.242:443
74.75.104.224:80
78.125.252.112:80

# Reference: https://twitter.com/Cryptolaemus1/status/1323356134233747461

105.184.126.15:80
154.127.113.242:80
5.2.182.7:80

# Reference: https://www.virustotal.com/gui/file/04fe8553d197a8433ea9c11a17806fefa6b8da562dc8e68aecf5899a433d16c3/detection

http://80.227.52.78
167.71.13.58:8080
195.201.128.184:8080

# Reference: https://twitter.com/neutrify/status/1324839425340309504

pipesplumbingltd.com/DB/Yg2rsTn/
annabphotography.co.uk/p-includes/WdHO/
childselect.com/cgi-bin/BSA/
movie-2free.com/cgi-bin/F/
sachcodoc.net/p-admin/pOyZDC/
aramisconstruct.ro/p-admin/Hpbd6/
manweikeji.com/p-content/X/
farmapleland.com/p-content/F/

# Reference: https://www.virustotal.com/gui/file/6e7b92af945eb2de94528ce9dc2e5c2e28af3363f6726c75c2bbfb0f8d2ca2fe/detection

61.142.176.23:30339
1e62p84873.51mypc.cn

# Reference: https://www.virustotal.com/gui/file/5167022959e19b004ebe4b82604ffbe83ece55964953c50cd539647a44a3d3b5/detection

83.35.213.87:7080

# Reference: https://twitter.com/JCyberSec_/status/1331933717678460929

hotwell.at

# Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf

0377hhd.com/cgi-bin/q/
0377hhd.com/cgi-bin/ru/
360www.ca/content/2/
4pmedia.vn/wp-admin/docs/w7Dp3kbsjwHYVp3xIzjY/
9c4i.cn/flightsearch/DOC/ZZofE663toMZcR/
aahnaturals.net/wp-includes/TX/
adidasyeezy.store/welph/m/
admvero.com.br/eleicao/EJcX/
africafoodworld.com/wp-admin/WD/
afriwaste.app/wordpress/N7L/
agily.fr/wp-content/INC/HYZgOObWGv0Dd0YS/
agriseason.africa/wp-includes/Juv/
agroproindia.com/cgi-bin/95r09UGlIj/paasologrp.com/parseopmlo/5/
aguemiimoveis.com/bond-market/73a/upcloudweb.com/content/a/
airrlist.com/wp-includes/VBG/
akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/
allindiacrimepress.com
allindiacrimepress.com/blogs/media/AO9/
amerifencewichita.com/indexing/4ZIF1OB9W2GK/Wvw5WKvUFnBFpOpJQG/
amicusdh.org/coaid/0g/
anjia-ceramics.com/aliner-camper/K/
annabphotography.co.uk/p-includes/WdHO/
apidocs.dcdial.com/wp-includes/H/
aramisconstruct.ro/p-admin/Hpbd6/
aryacreations.com/wp-includes11/tf/
avoyrakib.com/wp-admin/28/
avozdecamacari.com/home/000~ROOT~000/dev/shm/E/
bachhoanhale.com/wordpress/I/
bathroomnerds.com/wp-content/e/
bazarkotulpur.com/wp-content/0tu/
beta.zoneberry.com/bysyswexecf/x3/
betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/
bharatlearningsolutions.com/content/MNd/
bigprint.pictures/cgi-bin/o/
blackstonetutors-onlineportal.com/wp-includes/fm/
blog.martyrolnick.com/wp-admin/Spq/
bloglamtinh.com/wp-admin/N/
bnmintl.com/cgi-bin/Ibu/
bold-c.com/wp-admin/Ac/
bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/
brasilcacambas.com.br/
breedenandsilver.com/wp-content/ix6/
brightcdr.com/wp-content/LNTELiq/
buesink.com/Pics-shower/ScE/
buybacksoft.com/old/5s/
bvlserramenti.net/wp-content/35280569593/kjLpBnrK6kLEgZ3/
calculafacturaluz.com/sys-cache/9W/
cavancart.com/staticmap/WR/
cearacultural.com.br/admin/itkfdUik4/
cefaly.club/themes/lA/
celestinastore.com/old/rB/
charlesze.com/content/z0lGKS/
chavezrob.com/wp-includes/zkd/
chemicalbusiness.com.br/wp-admin/sites/WJAKzmqhFV7fRahBTc/
chengmikeji.com/dertouqua/Ocm/
chengmikeji.com/wp-includes/sk/
chess-pgn.com/win-raid/l6T5/
childselect.com/cgi-bin/BSA/
childselect.com/cgi-bin/a/
childselect.com/cgi-bin/y/
cimsjr.com/hospital/4q/
comercialadvance.com/images/MFXxM5Tg/
converdrive.cl/administrative-assistant/onME1zxPMS/
coolfit.in/wp-content/ivi/
cplt20live.com/wp-includes/ae/
creationskateboards.com/shred/H/
criee-des-saveurs.com/wp-admin/public/STMm3p0jJDUqkWV/
da-industrial.com/js/A4/
daga88.com/reviewl/Tj0Ntc
dailypharmajobs.com/cgi-bin/CyCdO/
datawyse.net
ddazzlediamonds.com/advertisel/m/
demowebsite6.club/wp-admin/wKm1/
dev-tech.eu/demoshop/P0/
dieteticienne-tiffany.com/wp-includes/p/
dietherbsindia.com/assets/k8oo/
dijitalklinik.com/wp-admin/LYq/
divemed-tech.com/will-a/gjzE/
dlhagency.com/cgi-bin/8z/
dmtland.com/wp-admin/4k/
dotasarim.com/wp-admin/AYO/servitekifix.com/wp-admin/nBJ/
drwalidabdelgaffar.com/dentalia/lL/
duberysunglass.com/img/A/
e-machine.com.br/mailer/BjCInTq6b/
easytigershop.com/wp-includes/css/GxWFH/M/
ecobaratocanaria.com/wp-admin/eR/
ecobaratocanaria.com/wp-admin/ms/
ecommarket.xyz/uptown/LSm7vXy0v/
econews.treegle.org
econews.treegle.org/how-to/2V/
edgeclothingmcr.com/indexing/c9/
eldahwa.com/9th-grade/F2Kw/
electronicsvibes.com/wp-includes/4N/
emmanuelmonastery.org/wp-admin/d/
emroozmarket.com/wp-content/2y/
enews.enkj.com/wordpress/bd/
engineering-2s.com/SS_Paypal/X/
englishmatters.hk/wp-admin/hDcXxqmeD8/
envirohubconsulting.co.za/cgi-bin/vI5/
eos-promo.com/hk-sgp/Tg4/
equipamentosmix.com/10/Bjky/
esse-outdoor.com/wp-admin/G6EJGCZE7MV/nHfGSKQ46euUGl/
events.medialogic.cloud/blazor-preventdefault/r8W/
evexiahk.com/wp-content/u2x/
evisualsoft-001-site3.atempurl.com/wp-content/C7/
exploreneuro.com/ps4-controller/w/
farmapleland.com/p-content/F/
ferreteriassolano.com/wp-content/x/
financiamentointeligente.com/wp-content/Fj/
finkarma.in/wp-admin/parts_service/VAdFw9JJj4DcC85StkyL/
florinconsultancy.com/wp-content/1/
footballstep.com/cgi-bin/A/
forsalebyowner247.com/wp-includes/8m/
fortunelabels.com/test/SZ/
foulgerteam.com/foulgerteam.com/i/
frajamomadrid.com/wp-content/g/
genyomalhas.com.br
geosrt.com/atrabiliary/yfH/
giacimenti.wine
givingthanksdaily.com/5Q/
goldenyemen.com/wp-admin/INC/RUoRW1W0oDKQg/
gordon-and-son.com/wp-includes/n/
grandages.org.my/office/y6Uz/
greensync.com.br
gtech.thngo58.com/wp-includes/9zo/
gymmuscle.tk/wp-content/U8j1Bkh/
habiganjjournal.com/wp-content/TUQB/
hashilife.com/sitepage/GY/
help-m2c.eccang.com/pseovck27kr/n/
hodmunha.info/wp-includes/Ce/
homeabortionpillsrx.com/ext/N6SKd/
hoobiq.com/cgi-bin/Xyv/
hostimpel.com/js/q/
hottco.com/stats/lX/
housetutor.wasseela.com
housetutor.wasseela.com/x2ekf/sWv/
housetutor.wasseela.com/x2ekf/tMR/
hrinternationalbd.com/selectar/h/
humanresourceslifeline.com/wp-content/Documentation/jMe4PpvS9x4QO8N6a1/
huwo.xyz/message/u/
icilimoges.com/wp-includes/Ym/
ictmisericordia.org/cgi-bin/c/
iei7.com/wp-admin/5ShKLn/
ienglishabc.com/cow/2BB/
imenbartariran.com/wp-admin/CZ/
inbichngoc.com/wp-admin/S/
infoquick.co.uk/business_card/RANADek/
inmobiliariaconfiaviv.com/wp-content/eTrac/BadR1jgkpBK/
innhanmachn.com/wp-admin/sA/
innhanmacquanaogiare.com/wp-includes/Jh1/
innoovation.com/blogs/sOKc4/
inspira-psicologia.com/css/F/
invaluablearts.com/6sn1f/t/mycollegecp.com/content/kRL/
inventorelectronica.com/wp-admin/M/
iq51.com/wp-admin/tBO/
isupportthecause.org/wp-includes/sbCBUzN/
itaalabama.org/wp-admin/LLC/433O2ew51Qg/
itgallery.com.bd/backup/7/
jespersen.org/carter/J/
jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/
johndaurizio.com/wp-includes/Uhp4cB5mgN/
jorgecoronel.com/webmaster/kYH/
kailaasa.ca/wp-admin/zeJssVj/
kbppp.ilmci.com/wp-includes/z/
kharazmischl.com/w/okz/
khudanculongdien.vn/wp-admin/HB/
kianyadak.com
kianyadak.com/ik/M/
krais.co.il/wp-admin/b/
ladsbarbearia.com/wp-content/PI/
launch.tactikafacewear.com/wp-content/Uk/
legalempowermentindia.com/cgi-bin/Qs/
libidgel.edtsantos.com/attachments/tovx4Z21Z0vnneKNz/
lifegear.store/wp-admin/RsMLwQ/
lingbaojuan.com/cache/TSkvly/
lsmanga.com/migration/FaU/
luofox.com
lylydressforless.com/wp-admin/ffV/99fabrics.com/wp-content/dGq/
mahfuzur32785.com/identify-the/IM/
mail.cozyreview.com/
mail.cozyreview.com/Ko8/econews.treegle.org/how-to/v/
mail.maxjalost.de/ogretmenevi/parts_service/atv5vHbwJLs/
mallowsvirtualcreatives.com/llfdsofdsfss/51C/
manweikeji.com/p-content/X/
mauriciosinjuicio.com/zoom-meeting/r/
mea.kaisariani.gr/tmp/eTrac/Wrinfk9rgr/
medhempfarm.com/wp-admin/Lb/
meeak.com/wp-admin/lcJ/
mentoringcue.com/cgi-bin/wRA/
methilinfotech.com/maliga/th/
michaelandrewsbakery.com/wp-admin/M/
mithraa.co/nMT/
mobis-autoloan.com/wp-content/76/
mohamedfouad84.cf/wp-admin/esp/6F6ZbRmOSh3Y/
mohamedsayed.com/wp-admin/Zt/
monicasharma.info/reviewl/i/
moralaree.com/journal/R/
movie-2free.com/cgi-bin/F/
movie-2free.com/cgi-bin/d/
mrveggy.com/erros/PO/
mycollegecp.com/content/jA/
myfarasan.com/sitepage/z/
mymathlabhomework.com/wp-content/o/
myseedology.com/cgi-bin/7GzFsT/
naturalwaterresources.com/wp-content/XjR/
novaworlds-muine.com/khudothiaquacity.com/a/
nucleokardecistalace.org.br/wp-includes/nHEnWi/
nursesweekparty.com/wp-includes/bQR/
nxyykj.com/wp-includes/public/fsjkKDRASoYBv/
olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/
onepalate.biz/wp-content_bak/Bc/
online2u.biz/ogretmenevi/4Yj/
onlinedatabasesolutions.com/cgi-bin/Documentation/nn7GTEoQPlnkrDJOVDgq/
optimisticdeals.com/wp-content/S/
ortodonciatafur.com/cgi-bin/Ntl3kiFM/
p4uclasses.com/wp-content/G/
paganwitch.com/wp-admin/0pd/
paikapua.com/a0brac3/Y/
paisocial.org/wp-includes/X9D/
pandebaik.com/_vti_bin/Y/
pearlcomputers.com.pk/bitcoin-apk/37qD0b/
personaltrainersindia.com/fonts/Q55X/
peruvianmister.com/wp-admin/browse/xHOyYgbYmWzNrIW2/
pesquisacred.com/vmware-unlocker/daC/
pgiso.com/wp-admin/mCQ/
pipesplumbingltd.com/DB/Yg2rsTn/
plakatjogja.com/wp-content/X/
poppylon.com/wp-admin/E22zho/
portal.digitalcompass.com/Styles/deeB/
portesobertes.proven.cat/wp-content/Overview/Ql24rtGdmlwBBY7I/
ppinds.in/fonts/NnaS2zf/
prabhatcycles.com/prabhatcycles/U1i7/
primecigarettes.com/wp-content/7/
prospershow.com/wp-content/I/
pxid360.com/wp-admin/PN/
qualitymathtutors.com/wp-content/GfE/
quicktowtowing.com/wp-content/mu-plugins/uMM/
raissamaison.com/wp-includes/EENf/
rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/
removepctrojan.com/wp-admin/6/
removepctrojan.com/wp-admin/b/
riandutra.com/img/YX1/
right2liferx.com/admin/AcgEH/
rise-creative.com/cgi-bin/K/
rossie.in/wp/6L0U/
rovonize.com/email.rovonize.com.rovonize.com/M/
royalempresshair.com/wp-content/upgrade/Ete/
royalnight.in/wp/lEA2gXXBj/
rtjandxly.online/wp-content/kir/
rylh.vip/abeka-9th/d9/
sachcodoc.net/p-admin/pOyZDC/
safeabortionrx.com/ext/XII/
sanayate.com/wp-includes/hd/
sff3d.com/3d/xk/
sheriaspace.com/wp-admin/R/
shomalhouse.com/wp-includes/ID3/IDz/
shraddhacarrentalindore.com/wp-includes/M/
sinapsisenergia.com/customerl/tE/
singohotel.com/dashboardl/q/
sistaqui.com/wp-content/l2/
skysatservices.co.uk/cgi-bin/parts_service/O8xj3TSqVNo6OVs/
sorbonne-capital.com/wp-admin/G/
sorbonne-capital.com/wp-admin/Jip/
souryumon-alive.net
souryumon-alive.net/VL/
speedypush.com/wp-includes/6/
statusquobrand.com/1/HS/
studyguidewithlakshmi.com/directory/v982c9VH5c/
supplementhouse.net/
swiftlogisticseg.com/wp-admin/jiX/
syracusecoffee.com/customer/jf/
tanger-soft.com/does-leaving/Kig/
tasagodigital.com/sitepage/iEK/
tatilburdur.com/scutum/KV/
tesson.in/tesson/Pages/OiqPrYbxxPz/
thepremiumplace.com/wp-content/5/
thestudio-ct.co.uk/events/P3/
thetechieforu.com/wp-includes/2/
theusacommunity.com/wp-content/WH/
tigerstormtraffic.com/wp-includes/h23/
tiktokvapes.com/wp-admin/xL/
timsonntag.com/cgi-bin/g/
tinytowntees.com/wp-content/TV/
tiplabor.com/images/Du1/
titanfurniture.store/wp-admin/paclm/vU6iaHwTjD/
treeremovalnerds.com/wp-content/7n5ut/
trungtamgioithieuvieclamdongnai.com/submit_form/sFO/
trungtammtc.com/wp-admin/LP/
twogirlscleaning.com/openbayl/KaI/
tz004.com/ad_files/a0/
udaysolopiano.com/wp-content/J/
ulkucusarkilar.com/networko/wN/
usasnet.com/forgottenl/gkT/
uxnew.com/old/89i/
vat201.com/calculator/itQ/
vidadohomem.com/wp-content/Eu/
vidadohomem.com/wp-content/v/
vikinggg.com/hydrolysis-of/bY/
virtual-event-service.com/assets/tW/
visionmedia.vn/wp-includes/bjkuZ9LtT/
vnadevelopers.com/wp-admin/BF/
vuatritue.com/wp-admin/Ux/
weapontoys.com/wp-content/Ok/
webgisjambi.com/wp-content/uploads/V5a/
widewebit.com/wp-admin/DOC/uDEzzms8hT/
wodsuit.com/ram-aisin/7r9/
yadanaraung.com/wp-content/zWNM/
yogeejee.com/wp-includes/b/
zagoradesertcamp.com/templates/u/
zero-finance.com/wp-content/6sa/
ziaonlinetutor.com/wp-content/a/

# Reference: https://twitter.com/VirITeXplorer/status/1340965185952092160
# Reference: https://twitter.com/Cryptolaemus1/status/1341014410119303168
# Reference: https://twitter.com/bomccss/status/1340967391602216960
# Reference: https://twitter.com/reecdeep/status/1340984037402419202
# Reference: https://twitter.com/bomccss/status/1341000147115786242
# Reference: https://twitter.com/Cryptolaemus1/status/1341093468991610881
# Reference: https://pastebin.com/sBJkarSY
# Reference: https://app.any.run/tasks/94605ec6-f1cc-4fcb-8089-411f2e4bc12a/

accordiblehr.com/wp-admin/HdzyEn/
aeropilates.cl/wp-content/Service/
aktuel.marduk.kim/dooxi-fuel-hf09b/Logs/
alshuwail.com/cgi-bin/5/
amartaka.net/az-artifacts-kqlgo/I/
aramisconstruct.ro/wp-admin/uX/
ardenneweb.com/765779o900/re/
assecon.com.br/novoassecon/diagnostics/
azraktours.com/wp-content/NWF9jC/
bekape.co.id/_notes/SIGNUP/
biglaughs.org/smallpotatoes/rRwRzc/
blog.vishou.net/admin/font/
braam.com.br/c/oaA7YWWX/
brand360.vn/bljgz/93U/
cearacultural.com.br/admin/Sys/
cheetahridge.mediadevstaging.com/c/B/
comunicacaovertical.com.br/agencia/MtX/
countsquare.com/standardservices/mnR4/
elemsindikat.com.mk/shadow-vip-2pxdt/Pyh/
enableinfosolutions.com/old/q2V/
fi.bonitastores.com/n/WUGoZ/
friendsofchrist10.com/streamlabs-obs-rarso/SIGNUP/
genzmag.com/ratings/VQ8n/
goldcoastoffice365.com/temp/X/
goldilockstraining.com/wp-includes/bftt/
guojiazui.com/b/y0QnnWbk/
heaventoearth.com/360views/xu/
helionspharmaceutical.com/wp-admin/oXJB/
infosisconsultancy.com/wp-includes/d60/
iog.com.cn/css/Sys/
jarodcharity.org/wp-includes/9ocR/
jeffdahlke.com/css/bg4n3/
josegene.com/theme/gU8/
jpkiselavoda.mk/advertising/Pl1SS/
ko-racingshop.com/account-eu/Y6W/
lixko.com/wp-includes/VGX/
mateusz1infa.5v.pl/titan-structures-dotzt/Rl555/
megasolucoesti.com/R9KDq0O8w/Microsoft.NET/
mobgroup.com.br/wp-content/font/
mrveggy.com/erros/s0/
musickidsprogram.com/wp-includes/2huOL/
nguyenphuchn.com/wp-content/iN/
norailya.com/vendor/1j/
palladium.tdmcdev.co.za/nsw-gold-h4ld3/2d/
parakkunnathtemple.com/bckup/7SDAvi/
paulscomputing.com/CraigsMagicSquare/H/
pellesbar.co.il/wp-content/microsoft/
phasdesign.com/wordpress/MSInfo/
pos-egypt.com/wp-content/xTr/
preparateparaloquevenga.com/predisi-tgl-jlpml/jjvCL/
qualcommmedia.com/wp-includes-old/m4/
resuco.net/wp-content/uploads/2020/12/S0K/
riandutra.com/img/dRWJ5aN5/
schooldz.co/wp-content/v/
siamimplement.co.th/images/System32/
snjwellers.com/wp-includes/esttW/
swallow.tdmcdev.co.za/accident-on-wh7ag/x/
talkischeap.co.za/4-pin-iscru/t7k/
themesgiant.net/wp-content/microsoft/
themoviebazar.com/2007-bmw/Help/
thoitrangtrungnienkim.vn/wife-AND/Help/
unikaryapools.com/wp/Speech/
vilajansen.com.br/loja_old_1/System32/
vod.vishou.net/data/6hCNth/
whytech.info/wp-includes/HceUxFK/
zebaorganics.com/wp-admin/en-US/

# Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf

115.165.3.213:80
123.216.134.52:80
89.2.145.86:80
186.32.90.103:443
27.73.70.219:8080
104.131.103.128:443
85.96.199.93:80
147.91.184.91:80
70.116.143.84:80
118.2.218.1:80
66.65.136.14:80
97.107.135.148:8080
181.126.74.180:80
174.102.48.180:80
153.220.182.49:80
115.135.158.13:80
24.249.135.121:80
180.23.53.200:80
2.84.135.163:80
179.15.102.2:80
41.40.125.237:443
65.111.120.223:80
85.25.207.108:8080
105.185.152.15:80
38.18.235.242:80
51.254.140.91:7080
209.143.35.232:80
85.75.49.113:80
116.202.23.3:8080
94.96.60.191:80
194.166.147.143:80
186.222.250.115:8080
2.85.9.41:8080
187.207.207.16:80
191.97.154.2:80
91.83.93.99:7080
209.54.13.14:80
181.56.32.36:80
186.20.52.237:80
164.160.45.41:8080
14.241.182.160:80
61.118.67.173:80
5.189.168.53:8080
94.49.254.194:80
2.84.12.98:80
51.75.163.68:7080
189.194.58.119:80
221.147.142.214:80
85.59.136.180:8080
67.241.24.163:8080
200.116.93.61:80
70.180.43.7:80
72.10.36.104:8080
64.183.73.122:80
94.102.209.63:7080
93.151.186.85:80
201.213.156.176:80
24.232.36.99:80
2.58.16.85:7080
91.213.106.100:8080
181.169.235.7:80
223.135.30.189:80
186.109.152.201:80
181.80.129.181:80
109.190.249.106:80
188.40.170.197:80
181.114.114.203:80
181.126.54.234:80
78.101.224.151:80
195.7.12.8:80
169.1.211.133:80
202.4.57.96:80
86.123.55.0:80
182.176.95.147:80
85.214.28.226:8080
41.106.96.12:80
76.121.199.225:80
220.106.127.191:443
104.251.33.179:80
173.212.197.71:8080
82.78.179.117:443
109.169.12.78:80
202.4.58.197:80
82.163.245.38:80
192.187.99.90:8080
209.126.6.222:8080
192.158.216.73:80
178.128.14.92:8080
62.108.54.22:8080
38.111.46.46:8080
67.10.155.92:80
24.135.198.218:80
189.35.44.221:80
5.9.227.244:8080
159.203.116.47:8080
153.92.4.96:8080
190.212.133.239:443
92.23.34.86:80
155.186.9.160:80
60.108.144.104:443
66.228.49.173:8080
46.22.116.163:7080
51.75.33.122:80
105.213.67.88:80
75.188.96.231:80
185.33.0.233:80
197.245.25.228:80
173.68.199.157:80
197.249.6.179:443
187.49.206.134:80
97.104.107.190:80
212.198.71.39:80
181.74.0.251:80
76.171.227.238:80
81.129.198.57:80
179.191.239.255:80
190.117.79.209:80
98.174.164.72:80
187.64.128.197:80
178.238.232.46:443
94.206.45.18:80
175.143.12.123:8080
173.249.6.108:443
105.186.233.33:80
118.110.236.121:8080
202.5.47.71:80
180.21.3.52:80
203.205.28.68:80
199.101.86.142:8080
74.219.172.26:80
108.26.231.214:80
219.75.128.166:80
67.163.161.107:80
89.186.91.200:443
5.196.108.185:8080
99.224.14.125:80
202.22.141.45:80
27.7.14.122:80
45.33.35.74:8080
208.180.207.205:80
153.164.70.236:80
101.50.232.218:80
178.87.171.199:80
80.87.201.221:7080
104.131.92.244:8080
195.181.215.65:4143
185.63.32.149:80
95.85.151.205:80
111.89.241.139:80
153.163.83.106:80
185.232.182.218:80
73.84.105.76:80
1.54.67.22:80
118.7.227.42:443
96.126.101.6:8080
51.38.50.144:8080
145.236.8.174:80
188.166.25.84:8080
76.168.54.203:80
118.70.15.19:8080
213.181.91.224:80
123.51.47.18:80
119.106.216.84:80
72.249.144.95:8080
2.36.95.106:80
116.125.120.88:443
176.9.93.82:7080
5.153.250.14:8080
93.20.157.143:80
87.98.218.33:7080
104.193.103.61:80
92.24.51.238:80
182.187.139.200:8080
94.124.59.22:8080
149.202.5.139:443
190.151.5.131:443

# Reference: https://pastebin.com/raw/Di0gDrDC

74.128.121.17:80
190.114.254.163:8080
81.213.175.132:80
113.163.216.135:80
58.1.242.115:80
200.111.198.76:80
103.229.72.197:8080
181.165.68.127:80
79.118.72.250:80
195.159.28.244:8080
45.230.45.171:443
37.247.101.241:8080
45.4.32.50:80
190.147.84.191:443
172.245.248.239:8080
27.78.27.110:443
168.121.4.238:80
110.145.11.73:80
5.2.212.254:80
80.15.100.37:80
24.69.65.8:8080
172.125.40.123:80
191.223.36.170:80
72.188.173.74:80
177.254.134.180:80
69.159.11.38:443
136.244.110.184:8080
185.201.9.197:8080
178.62.254.156:8080
186.222.53.247:8080
163.53.204.180:443
47.144.21.37:80
50.246.154.69:80
208.74.26.234:80
180.232.111.30:80
152.170.205.73:80
192.232.229.53:4143
161.0.153.60:80
111.67.12.222:8080
201.127.11.90:8080
188.225.32.231:7080
93.148.247.169:80
108.21.72.56:443
45.184.103.73:80
181.171.209.241:443
70.32.89.105:8080
203.160.167.243:80
1.234.65.61:80
110.39.160.38:443
177.85.167.10:80
115.79.119.206:443
190.146.92.48:80
202.79.24.136:443
144.217.7.207:7080
190.251.216.100:80
51.89.36.180:443
172.104.46.84:8080
110.39.162.2:443
189.191.59.232:443
190.18.184.113:80
122.201.23.45:443
186.146.13.184:443
182.73.7.59:8080
186.146.229.172:80
24.245.65.66:80

# Reference: https://app.any.run/tasks/1a576ee4-6e2c-4bda-abd2-f240731f6066/

45.33.54.74:443
209.141.41.136:8080
104.236.246.93:8080

# Reference: https://app.any.run/tasks/4c47eb6e-9649-41a2-a405-4cd10a4a25dc/

http://197.87.160.216
laserhuayna.com

# Reference: https://www.virustotal.com/gui/file/551910c092733b7324c377351583667a6389e76f8e36f1ee73c82d354f970cbc/detection

50.116.111.59:8080
countsquare.com/standardservices/mnR4/
infosisconsultancy.com/wp-includes/d60/
jpkiselavoda.mk/advertising/Pl1SS/
ko-racingshop.com/account-eu/Y6W/
yourdrugsassist.com

# Reference: https://twitter.com/Cryptolaemus1/status/1341364879782010883

aciparis.com/content/Cs/
alsaudiacuttingmaster.com/anticalculous/LA/
alshuwail.com/cgi-bin/5/
amyzeng.net/content/mgms/
anjumanclick.com/q/kvM/
aramisconstruct.ro/wp-admin/uX/
atom.lk/wp-content/DL/
bellevueairductcleaning.com/wp-admin/zK/
bienhoacitysq.com/wp-content/xYp/
brand360.vn/bljgz/93U/
dagranitegiare.com/wp-admin/jCH/
datnenduanbd.com/public_html/Dezl7/
dive-hoian.com/_file-manager/sO/
drakoranime.com/wp-admin/rN/
dreamwithdell.com/wp-includes/pX/
duocnhanhoa.com/wp-admin/J5JbVEY/
dupuisacademy.com/projects/media/v/
ecomdemo2.ogsdev.net/wp-content/zWWB/
expeditionquest.com/X/
football-eg.com/web_map/n/
game.vlexor.com/links14/WUSs/
geoffoglemusic.com/wp-admin/x/
greaudstudio.com/docs/FGn/
hbprivileged.com/cgi-bin/kcggF/
imkol.hk/photo_search/3kc/
johnhaydenwrites.com/track_url/P/
koreankidsedu.com/wp-content/2cQTh/
lavenderkart.com/blogs/nZP5c/
legion.com.pk/__MACOSX/pT3h/
localaffordableroofer.com/ralphs-receipt-f2uhf/qTT5DC/
luxuryavenew.com/wp-admin/RIl1/
mundoahorronline.com/wordpress/2S1/
nahlasolimandesigns.com/nahla3/d/
penambahberatbadan.info/r/pXPKwJ/
pinkista.net/wp-includes/B/
pox23.io/wp-content/I/
sageartisan.com/wp-content/1KsvR/
sancydubai.com/setupconfigo/R9/
sanolifescence.com/cgi-bin/E/
suriagrofresh.com/serevers/MVDjI/
talktalkenglish.vn/database/v/
thaithienson.net/wp-admin/EksZXO/
thienloc.org/data-sgp-kgfig/AaK/
venuspowerbd.com/wp-includes/bLm/
vietnhabienhoa.com/wordpress/QUTy/
wellnursesmartnurse.co.za/wp-admin/HFdox/
yellomosquito.com/wp-includes/w/
zenithcampus.com/l/yQ/
zhongshixingchuang.com/wp-admin/OTm/

# Reference: https://www.virustotal.com/gui/file/07954a3e04bf45308251fa489e56c8b119621131ec4617553fc17ae1e98e051b/detection

4kbutsho.xyz
chiangmainightsafari.com/wp-admin/lrPiggcI/
freeresellerserver.com
jiohosting.xyz

# Reference: https://www.virustotal.com/gui/file/dc3f7f19ed2df8acaa0e1a78da4a9a796e88eed1ee2528983c4327eeeed3a619/behavior

inter-mvietnam.com/wp-content/nxcrv2/
qa-home.com/dlkc3/f0x0011/

# Reference: https://twitter.com/Cryptolaemus1/status/1343627325607469057
# Reference: https://twitter.com/Cryptolaemus1/status/1343660665140084744
# Reference: https://twitter.com/Cryptolaemus1/status/1343665050423353345
# Reference: https://twitter.com/Cryptolaemus1/status/1343678997339766784
# Reference: https://twitter.com/Cryptolaemus1/status/1343697973176389633
# Reference: https://twitter.com/Cryptolaemus1/status/1343822792505102336
# Reference: https://twitter.com/Cryptolaemus1/status/1343845723348021249

http://206.189.146.42/wp-admin/F0xAutoConfig/XR9/
aaskuu.com/ALFA_DATA/97Z/
alabamaballdrop.com/wp-includes/kef1U/
alsaudiacuttingmaster.com/afterpiece/cH/
andeanreach.com//MSInfo/
batdongsanvip.com.vn/wp-content/jHkl/
beidou.run/Acoemeti/VGX/
bharattimeslive.com/wp-content/Jm2pO/
cashyinvestment.org/wp-content/IH/
coastlinepoolspa.com/wp-content/S88uK/
codsambal.com/wp-admin/6NEEEtf/
dr-yasser.com/wordpress/JNS/
dupuisacademy.com/projects/media/Me6bB/
gacetaeditorial.com/p/TYkn/
gjorgji.com/1v1lol-unblocked/JRuP/
harmonimedia.com/wp-content/uploads/Zol/
helionspharmaceutical.com/wp-admin/Yg/
hmhaliyikama.com/site_map/SpeechEngines/
kolerkar.com/wp-snapshots/aRfdr7HT1/
lainiotisllc.com/postauth/7XhB/
lnfch.com/wp-includes/quC/
memoria.od.ua/wp-admin/GbLB2/
modernortodonti.com/thankyou1/QE5y6jiy/
mumglobal.com/content/Z/
nahlasolimandesigns.com/wp-admin/0HHK7/
ncap.lbatechnologies.com/media/6iQ/
norailya.com/drupal/Stationery/
onevoice.co.in/best-selling-wcc/d3/
paroissesaintabraham.com/wp-admin/H/
penambahberatbadan.info/x/inf/
phasdesign.com/wordpress/G/
praticideas.net/wp-content/inf/
qualcommmedia.com/wp-includes-old/rW1/
savedahorses.org/wp-content/xH/
scope-sci.org/kahoot-bot-tj6t0/22/
secretmassageclub.co.uk/wp-includes/inf/
sevensteel.com.tr/wp-content/syi4964/
siitav.net/cuim/data/2/
sistempark.net/wp-includes/7AP/
theo.digital/wp-admin/E/
tillmoon.lt/wp-includes/P/
tools.apecsoft.asia/application/O/
tudatosmarketing.hu/wp-includes/EWiggLh/
turbo-services.com/C:/hE1eMB/
worldcologistics.co.za/wp-includes/BVO1P/
xiaowo.ltd/wp-content/g/

# Reference: https://twitter.com/malware_traffic/status/1343630789683118081

190.210.246.253:80
46.101.230.194:443
karsonhomecare.com/wp-includes/Yo/

# Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720

freejobalertcom.xyz/wp-admin/858/
jarininternational.com/wp-includes/k8buV/
juju.jebcom.de/errordocs/I0K/
lapcare.com/wp-content/o2BwO/
multitools.gr/wp-content/zo/
sinclair-electrical.com/wp-includes/LmhG/
vissermalin.com/wp-content/vQ5/

# Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720

achutamanasa.com/garmin-pro-fei8o/mW/
fmcav.com/images/7FV4Nd/
geoffoglemusic.com/wp-admin/7C11oAC/
geosrt.com/aqqhwdap/l0/
johnloveskim.com/a/Tff/
removepctrojan.com/wp-admin/ak0chH/
theprajinshee.com/otherfiles/wAFP/

# Reference: https://twitter.com/Cryptolaemus1/status/1343954297512468482

alrlawsv.com/explain-functions-kuubxdu/4LAy/
arefhasan.com/wp-admin/z/
bidwincash.com/wp-admin/8NUY/
messenger-courier.com/content/Service/
psishops.com/wp-admin/MSInfo/
redmanns-way.com/jeff-intervention-txqikkf/Engines/

# Reference: https://twitter.com/Cryptolaemus1/status/1343972777041272833

91damimi.com/wp-admin/V/
athenaat.com/content/MSInfo/
fraud.bpcbankingtech.com/wp-content/Logs/
nichimanabi.com/wp-content/en-US/
shop.schlachtstall.de/wp-content/microsoft/
sturing.info/thumbnails/Engines/

# Reference: https://twitter.com/Cryptolaemus1/status/1343911941140606977

cahyaproperty.bbtbatam.com/mhD/
coshou.com/wp-admin/EM/
depannage-vehicule-maroc.com/wp-admin/c/
dieuhoaxanh.vn/wp-admin/a/
familylifetruth.com/cgi-bin/PPq7/
techworldo.com/cgi-bin/gcZ/
todoensaludips.com/wp-includes/9/

# Reference: https://twitter.com/Cryptolaemus1/status/1344019961803628545

dynamicsteels.com/can-you-lpy7p/MaJIcT/
lixko.com/wp-includes/LEq9VJd/
members.nlbformula.com/cgi-bin/vazlwkU/
srishtiherbs.com/jms/bq8/
surfboarddigital.com/carol-stream-i7lsj/8e/
unikaryapools.com/wp/ysFiRq1
zhongshixingchuang.com/wp-admin/N2X3/

# Reference: https://twitter.com/Cryptolaemus1/status/1344025733874782208

adnlight.com/v/Q/
nicoblogroms.com/wp-includes/IZj/
shortnr.xyz/wp-content/zBgK/
taylordbackups.com/wp-includes/Dfp/
thexanhmy.com/chCounter/t/
valenciancountry.com/wp-includes/kppS/
vicharemasala.com/wp-admin/1pXep/

# Reference: https://twitter.com/Cryptolaemus1/status/1344032119996248064

fundglobally.org/googleLib/7on/
heartssetfree.org/9c950e/tw/
kiralikbahissitesii.com/wp-admin/A/
mt4-ea.vip/sys-cache/bAAN/
paulscomputing.com/CraigsMagicSquare/csrJgJZ/
talentztech.com/histioid/X3/
tecshop.website/wp-includes/kZK/

# Reference: https://twitter.com/Cryptolaemus1/status/1344034210823208962

amarguwahati.com/wp-includes/bx7PZR/
dorotheesausset.com/wp-content/Sys/
events.ileafconnects.com/cgi-bin/System_32/
looksociety.org/membership-mail/bb0EIUyTb/
muahangvietmy.com/wp-admin/css/colors/light/Help/
thedesirelife.com/wp-content/Microsoft.NET/

# Reference: https://twitter.com/SecSome/status/1344041101871755276
# Reference: https://app.any.run/tasks/c67ce985-eaae-41d9-9a4c-4af5cfe12906/

http://191.112.178.60
http://24.231.88.85
ongpassoapasso.com.br/r/1IYaxeIKDTISrYMpRRWckdwE7/

# Reference: https://twitter.com/Cryptolaemus1/status/1344182362486222848

appliancebuddy.in/wp-includes/m7R/
rogerbaulenas.com/j/Z96X/
rossdom32.ru/t/wSF/
sasksseed.mymonolith.com/wp-admin/xb/
taradhuay.com/c/4/
thetradepad.co.uk/test/w/
vidular.es/wp-content/K3zbi/

# Reference: https://twitter.com/Cryptolaemus1/status/1344190890898821121

atprofessional.org/wp-content/O6Vey/
iut-bethune.univ-artois.fr/benefits-of-hhnzoet/T/
mypostletter.com/wp-admin/G3/
skyeconsultoria.com.br/wp-admin/co/
talentvalue.com/wp-admin/DEoUM/
trueapparels.com/a/4k/
xportfreight.com/wp-content/c/

# Reference: https://twitter.com/Cryptolaemus1/status/1344200712851509248

astrologiaexistencial.com/l/L/
bandarabbad.com/wp-admin/Lo5kEa/
bereketsutesisatcisi.com/wp-content/xhGs43c/
myphamjapan.com/dup-installer/db/
ngrehab.biz/wp-includes/TCWeeN/
sahla-ad.com/wp-content/a/
swiftlogisticseg.com/wp-admin/VE9h0jj/

# Reference: https://twitter.com/Cryptolaemus1/status/1344205847778488320

artas.biz/c/System/
ausutra.com/wp-admin/Logs/
institutmestres.com/wp-includes/n7Fl9WDm/
noithatcongnghieptantien.com/wp-content/Fonts/
sislog.es/wp-admin/MSInfo/
spmkomputer.com/kasir/diagnostics/

# Reference: https://twitter.com/Cryptolaemus1/status/1344226198252093441

alkamefood.com/y/P/
goldenboyatl.com/img/Ls0/
pom-poo.hk/wp-admin/EFo4q/
shopchailo.com/wp-content/bsQN/
studentloananalyzer.com/wp-admin/2aPL/
vasumadhi.com/cgi-bin/L1DCI/
veertua.com/wp-content/HE/

# Reference: https://twitter.com/Cryptolaemus1/status/1344273969067794432

blogs.g2gtechnologies.com/blogs/v/
insvat.com/wp-admin/Dw/
littleindiadirectory.com/l/TOYuT/
pattayastore.com/visio-network-1hmpp/j5/
rsimadinah.com/wp-content/16qT/
sureoptimize.com/well-known/QsEs/
tenmoney.business/wp-content/nhW/

# Reference: https://twitter.com/Cryptolaemus1/status/1344354848876220416

ellinismos1922.gr/log/c99FG/
linkejet.com.br/cgi-bin/UQ/
mediatorstewart.com/service-msc/3zZLr/
nuocmambamuoi.vn/wp-admin/Ty/
wi360.com/wp-content/u/
wolffsachs.com/wp-content/UKZw/
ycspreview.com/shubham/h7qna/

# Reference: https://twitter.com/K_N1kolenko/status/1344588192117305344

catchpoolshetlands.co.uk/border-design-fjk/ohTJ/
demondkapjesman.nl/cgi-bin/4EbMS/
freelancero.nl/wp-content/3r2/
homegym.vn/stillicide/z/
malerei-wiesner.de/wp-includes/2ww4/
sbninspections.com/wp-content/Y71zQ/
wcpaherrin.net/q/jg/

# Reference: https://twitter.com/K_N1kolenko/status/1344598909453283329

http://18.179.187.145/licenses/Sys/
luoyb.com/wp-includes/rUhBVqXWAV/
malaysianscoop.com/img/MSInfo/
office.horussolution.com/files/Help/
somatone.atakdev.com/plesk-stat/Stationery/
uk-bet.com/wp-content/Media/

# Reference: https://twitter.com/malware_traffic/status/1344329625162407937

89.163.210.141:8080

# Reference: https://twitter.com/abel1ma/status/1344416924382285824

gadgetscs.com/y/LRaS1Fw/
trytuc.com/well-known/Triedit/

# Reference: https://twitter.com/Cryptolaemus1/status/1346138696769302529

admintk.com/wp-admin/L/
etkindedektiflik.com/pcie-speed/Engines/
freelancerwebdesignerhyderabad.com/cgi-bin/S/
hintup.com.br/wp-content/dE/
holonchile.cl/cgi-bin/font/
indemnity360.com/nsw-highways-yqgdk/Sys/
mikegeerinck.com/c/YYsa/
norailya.com/drupal/n0uJoiR/
praticideas.net/wp-content/en-US/
stmarouns.nsw.edu.au/paypal/b8G/
ummahstars.com/app_old_may_2018/assets/Help/
wm.mcdevelop.net/content/6F2gd/

# Reference: https://twitter.com/Cryptolaemus1/status/1346191933329313797

anakhita.com/wordpress/Pt/
etbnaman.com/wp-admin/V0Sv/
ezdesigns.net/ALFA_DATA/h/
labasedespatriotes.net/wp-content/tGjE/
menol.eu/wp/mT/
spovahealth.com/z/Vb/
youyouwj.com/b/HW/

# Reference: https://twitter.com/Cryptolaemus1/status/1346198468918976514

dayimachine.com/automator-mouse-xoq9e/aY9/
doctorww.com/22-hp-ak4yp/LRWLZ2/
elaheanahita.org/a/sbzLscs/
ibelieveonline.org/wp-content/FvSP7/
mt4-ea.vip/sys-cache/62y7sA/
ultimatesoftwarenet.com/wp-content/6rXDH9/
whytech.info/wp-includes/oa/

# Reference: https://twitter.com/Cryptolaemus1/status/1346234313843613702

assecon.com.br/novosite/0fgb09/
blog.luozhou.xyz/wp-includes/en-US/
greensync.com.br/bloqueio/SIGNUP/
helionspharmaceutical.com/wp-admin/Fonts/
moraniz.co.il/wp-content/inf/
salas.co.uk/phyllis/Systems/

# Reference: https://twitter.com/Cryptolaemus1/status/1346241673446248450

app.e-paylinks.com/cgi-bin/GBbzq/
benzatine.com/wp-admin/vafW4/
bikemyday.se/wp-includes/gxz9/
cdhrsom.org/wp-admin/Z/
smartgrocerysl.com/content/dLM/
thekays.ca/wp-includes/h/
thinkbrief.cn/wp-includes/i/

# Reference: https://app.any.run/tasks/e05cfe35-fac0-41c5-aa2a-475d7af96998/

http://125.0.215.60

# Reference: https://twitter.com/bomccss/status/1346362798482227200

givingthanksdaily.com/qlE/VeF/
petafilm.com/wp-admin/4m/

# Reference: https://twitter.com/Cryptolaemus1/status/1346415035204177923

img.oipeirates.pro/wp-includes/inf/
mojwear.de/wp-includes/x907s3BY/
nicoblogroms.com/reviews-of-rcbim/QBaTch/
omnitech.asia/pressthisl/System32/
taradhuay.com/c/vrODk/
teelekded.com/cgi-bin/Services/

# Reference: https://twitter.com/Cryptolaemus1/status/1346430545174142977

comunicacaovertical.com.br/agencia/D0sJl/
datawyse.net/5VGI0/
fathekarim.com/images/jiC/
radioclype.scola.ac-paris.fr/wp-admin/js/widgets/6S
transfersuvan.com/wp-admin/1114R/
trumpcommunity.com/usa-no-uykjh/wcS/
upafrique.com/cgi-bin/iFmg/

# Reference: https://twitter.com/Cryptolaemus1/status/1346436857257574400

campusexpo.org/department-of-odhmmkd/95eXZY/
khanhhoahomnay.net/wordpress/CGMC/
sgurztac.wtchevalier.com/wp-content/YzZ6YZ/
shop.elemenslide.com/wp-content/n/
sofsuite.com/wp-includes/2jm3nIk/
veterinariadrpopui.com/content/5f18Q/
wpsapk.com/wp-admin/v/

# Reference: https://twitter.com/neutrify/status/1346468155879612429

fnjbq.com/wp-includes/rlR/
sakhisuhaninarijeevika.com/wp-includes/CvGUjvE/
somanap.com/wp-admin/P/
wap.zhonglisc.com/wp-includes/QryCB/
zieflix.teleskopstore.com/cgi-bin/Gt3S/

# Reference: https://twitter.com/Cryptolaemus1/status/1346490798142083074

ancorals.com/aminophenol/Stationery/
eco-mykolaiv.info/f/debug/
ehteknology.com/wp-includes/en-US/
imedu.org/u/cV/
omarisouza.com/cgi-bin/Systems/
smartintelligentsolutions.com/content/microsoft/

# Reference: https://twitter.com/Cryptolaemus1/status/1346536935989391362

astrologiaexistencial.com/l/4bm8/
dirgantaratuba.com/cgi-bin/PX4K/
mail.ninosindigochile.cl/1989-gmc-oq21w/ZVTCY/
mirvalgroup.com/wp-includes/FOeYo/
unimedunihealth.com/wp-includes/E/
walkerswebshop.com/images/O7/
wp.gensoukyou.org/souzinv_old/1a/

# Reference: https://twitter.com/Cryptolaemus1/status/1346556090050375680

789hosteley.com/content/NZrE/
exitocorp.com/content/0ygHR/
hss.mamoni.info/content/b/
kongjiantang.com/s/It1c/
phonghoinghi.com/wp-admin/TkBD/
theloveiskindnetwork.com/wp-includes/V/
ushomestyle.com/wp-content/gfhX/

# Reference: https://twitter.com/BushidoToken/status/1346440874759172096

inspired-automotive.co.uk/wp-content.BAK_2020-05-13/w1XXLqtnEj7nijbg1qOGmIDzwcRH/

# Reference: https://paste.cryptolaemus.com/emotet/2021/01/04/emotet-malware-IoCs_01-04-21.html

165.22.246.219:8080
49.205.182.134:80
167.71.4.0:8080
190.162.232.138:80
203.157.152.9:7080
95.76.153.115:80
90.160.138.175:80
178.152.87.96:80
186.147.237.3:8080
173.249.20.233:443
110.172.180.180:8080
186.96.170.61:80
85.247.144.202:80
125.0.215.60:80
89.106.251.163:80
24.231.88.85:80
197.211.245.21:80
97.120.3.198:80
172.193.14.201:80
88.247.30.64:80
190.136.176.89:80
162.144.212.120:8080
167.71.148.58:443
5.83.32.101:80
78.189.148.42:80
103.124.152.221:80
70.183.211.3:80
31.27.59.105:80
82.48.39.246:80
82.208.146.142:7080
113.161.176.235:80
181.124.51.88:80
154.0.8.2:443
191.241.233.198:80
78.188.225.105:80
211.215.18.93:8080
189.34.18.252:8080
70.92.118.112:80
139.5.101.203:80
75.188.107.174:80
173.70.61.180:80
75.177.207.146:80
66.57.108.14:443
190.247.139.101:80
93.146.48.84:80
74.222.117.42:80
189.211.214.19:443
201.212.201.127:8080
201.143.224.27:80
24.230.124.78:80
180.52.66.193:80
188.165.214.98:8080
47.150.238.196:80
98.109.133.80:80
84.5.104.93:80
138.197.99.250:8080
157.245.145.87:443
152.170.79.100:80
114.158.126.84:80
167.99.105.11:8080
181.136.190.86:80
2.80.112.146:80
201.75.62.86:80
93.149.120.214:80
84.232.252.202:443
5.2.136.90:80
75.109.111.18:80
59.21.235.119:80
201.193.160.196:80
157.245.123.197:8080

# Reference: https://www.virustotal.com/gui/file/d0e180cf891b1138e9fa24f47885ec8e9b936a2c1f757f868e7063baf2f27e02/detection

http://54.36.185.63

# Reference: https://www.virustotal.com/gui/file/9271631901e43b43d23922acec11166070e3ef673ef6e60e1c0fb9eafca14a16/detection

etkindedektiflik.com
mantaspesadas.com
newtabletmall.com
ozonerenovaters.co.za
sezard.com
zakariabek.com

# Reference: https://twitter.com/Cryptolaemus1/status/1349016166916911107

capturetheaction.com.au/wp-includes/Yjp/
mmo.martinpollock.co.uk/a/SQSGg/
mybusinessevent.com/tiki-install/e/
shulovbaazar.com/c/bcL6/
thenetworker.ca/comment/8N4/
trayonlinegh.com/cgi-bin/HBPR/
uhk.cncranes.com/ErrorPages/3/

# Reference: https://twitter.com/Cryptolaemus1/status/1349059123753742337

agricampeggiocortecomotto.it/wp-admin/s7p1/
avadnansahin.com/wp-includes/w/
hellas-darmstadt.de/cgi-bin/ZSoo/
remediis.com/t/gm2X/
riparazioni-radiotv.com/softaculous/DZz/
solicon.us/allam-cycle-1c4gn/f5z/
starlingtechs.com/GNM/

# Reference: https://twitter.com/Cryptolaemus1/status/1349088418442186758

abdindash.xyz/b/Yonhx/
altcomconstruction.com/wp-includes/or7/
baselinealameda.com/j/uoB/
cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
craku.tech/h/iXbreOs/
nicoblogroms.com/c/V9w0b5/
taradhuay.com/d/oT5uG/

# Reference: https://twitter.com/malware_traffic/status/1349100952649953283

http://161.49.84.2
angel2gether.de/BlutEngel/SpeechEngines/

# Reference: https://twitter.com/Cryptolaemus1/status/1349295458607394817

3d.unicorp.site/js/A1ew/
3d.unicorp.site/js/GzVpMLaH/
christinewalker.org/wp-admin/Xt9SNHtExU/
huzurdugunsalonu.com/wp-content/Speech/
personal.unicorp.site/lang/System_32/
tmsvinhphuc.com/wp-content/SpeechEngines/

# Reference: https://twitter.com/VirITeXplorer/status/1349316114636017664

ancorals.com/aminophenol/Stationery/
eco-mykolaiv.info/f/debug/
ehteknology.com/wp-includes/en-US/
imedu.org/u/cV/
omarisouza.com/cgi-bin/Systems/
smartintelligentsolutions.com/content/microsoft/

# Reference: https://twitter.com/Cryptolaemus1/status/1349344528214466561

aryasamajmandirkanpur.com/cgi-bin/VcJK/
equipamentosmix.com/1/TRM/
lapiramideopticas.com/tesla-powerwall-ok3h2/kmJ/
lezz-etci.com/wp-content/mXxP/
music.mnahid.com/wp-admin/kCGrt8/
transfersuvan.com/wp-admin/yhUw0GU/
vedavacademy.com/wp-admin/7BHbH/

# Reference: https://twitter.com/Cryptolaemus1/status/1349365544185696259

abbc.tv/wp-content/Triedit/
asafina.co/wp-content/G3GLLO/
bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
globalruraldevelopmentagency.co.za/cgi-bin/inf/
larissarobles.com/wp-admin/SIGNUP/
trioconcuerda.es/cgi-bin/Services/

# Reference: https://twitter.com/Cryptolaemus1/status/1349368462397878272

cs.lcxxny.com/wp-includes/E3U8nn/
datawyse.net/0X3QY/
givingthanksdaily.com/CP/
ketorecipesfit.com/wp-admin/afanv/
makiyazhdoma.ru/blocked/tgEeW8M/
mertelofis.com/wp-content/As0/
trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/

# Reference: https://www.virustotal.com/gui/file/6a493e8b5ff18bfa985491dff440f85ab81458e502477a4163d174b2f068d2a0/detection

http://50.116.111.59

# Reference: https://twitter.com/Cryptolaemus1/status/1349434485213958148

adres-ug.ru/wp-admin/IItD/
ats-tx.com/old/f1X/
avanttipisos.com.br/catalogo-virtual/U/
bhar.com.br/elementos/MQfB/
mpeakecreations.co.za/cgi-bin/vVk1rw/
smkbudiagung.com/wp-content/VoPg04/
theraven.pk/overwolf-r6-vdace/UH4fL/

# Reference: https://www.virustotal.com/gui/file/5914d2b73a12434f181aecde03e27c755c5b3d9d87827381a5ac6cc6d1eeb72b/detection

http://194.36.190.41

# Reference: https://www.virustotal.com/gui/file/b09074b0d262c73c66430e4e968ebee0cb946881c69d7b7fd8bc9130a1731482/detection

californiaasa.com/californiaasa.com/8t/
dakarbuzz.net/css/CyKg/
djraisor.com/error/w7G3/
kharazmischl.com/w/
prestokitchens.com/recurringo/fRe/
viralbrown.com/e3c0ngfjc/N/

# Reference: https://otx.alienvault.com/pulse/600427f0c6a16dad430cdf71

taskok.com
uudama.com
uudati.com
uuwise.com

# Reference: https://www.virustotal.com/gui/file/885241694043444e59ddc1473d1d76cf05868569e8afe89d72757ca3178a006e/detection

akybron.hu/wordpress/Triedit/
holonchile.cl/cgi-bin/System32/
members.nlbformula.com/cgi-bin/Microsoft.NET/
c210109.itourlife.top
top-grandwinners.life

# Reference: https://tria.ge/210120-dx7gmz813a

calledtochange.org/CalledtoChange/8huSOd/
hbprivileged.com/cgi-bin/Qg/
mrveggy.com/wp-admin/n/
norailya.com/drupal/retAl/
riandutra.com/email/AfhE8z0/
teelekded.com/cgi-bin/LPo/
ummahstars.com/app_old_may_2018/assets/wDL8x/

# Reference: https://twitter.com/Cryptolaemus1/status/1351848817621139456

avz-pr.com/wp-includes/hJ/
cawada.com/wp-content/7httphttpUz0/
hilmagym.com/alden-s-ylxyau/Rljs3s/
sundargarhmirror.com/wp-content/sRu7KK/
surveycanada.xyz/wp-content/0sDDTy/
ultimatesoftwarenet.com/wp-content/upB/
yurdumaku.com/blogs/zQAwwA/

# Reference: https://twitter.com/Cryptolaemus1/status/1351849334443307010

edge-tech.uk/flacon/61RO7/
gmthearingsolution.com/cgi-bin/lrZkqL/
istanbulhaliyikamacim.com/content/I9Ogfopdi7/
ordertaker.jakagroup.com/2f77k7i6/E/
solicwebaps.azurewebsites.net/allam-cycle-1c4gn/KLBX/
taradhuay.com/d/It4Iwlo/

# Reference: https://twitter.com/Cryptolaemus1/status/1351849087428079617

achutamanasa.com/media/Te/
cashyinvestment.org/wp-content/21dIZ/
infoquick.co.uk/assets/h/
merkadito.mx/upload/6/
oftalmovilaplana.com/wp-includes/wfKu/
opticaquilin.cl/wp-includes/FFueL/
vilajansen.com.br/loja_old_1/p/

# Reference: https://twitter.com/Cryptolaemus1/status/1351863522184097794

buyitnowtoday.net/wp-admin/KI0K/
canadabrightway.com/wp-admin/n3
cometarabian.com/wp-includes/zFY6U/
convictionfitness.webdmcsolutions.com/wp-admin/gUb/
hbprivileged.com/cgi-bin/Qg/
intellisavvy.com/wp-admin/dRaG2H/
ketoresetme.com/wp-content/Rk4rz/
mrveggy.com/wp-admin/n/
perrasmoore.ca/wp-admin/rM6HK
re2me.xyz/opt/Ds/
senbiaojita.com/wp-admin/iDlsc/
starkmotorracing.com/unhairer/nzFKm/
stormhansen.com/2556460492/if/
teelekded.com/cgi-bin/LPo/
thelambertagency.com/staging/Vo/
theo.digital/wp-admin/Zyl2/
trainwithconviction.com/wp-admin/y
trainwithconviction.webdmcsolutions.com/wp-admin/rEEEU
ummhttpstars.com/app_old_may_2018/assets/wDL8x/
upinsmokebatonrouge.com/var/Ux1V/
vassanaservices.com/TEST/V3/

# Reference: https://twitter.com/Cryptolaemus1/status/1351885794164822017

perrasmoore.ca/wp-admin/rM6HK/

# Reference: https://www.virustotal.com/gui/file/7a60e4259e05ae1b9f2879df13341ca27217d4aa9bbb542397ad1a96fa1dd581/detection
# Reference: https://www.virustotal.com/gui/file/19ef1edfd5cbfb556945f30eddf23f1f707ec9de5959167e0863c0abf201f12b/detection

145.249.106.34:80

# Reference: https://tria.ge/210120-5ah1kwq3l6

115.21.224.117:80
12.175.220.98:80
162.241.204.233:8080
180.222.161.85:80
190.103.228.24:80
190.251.200.206:80
69.49.88.46:80
75.113.193.72:80
78.182.254.231:80

# Reference: https://twitter.com/Cryptolaemus1/status/1351923396083257344
# Reference: https://app.any.run/tasks/b2f93211-2c05-4062-a53b-968ab80dcd8c/

apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
artistascitizen.com/wp-content/Bx3cr6/
careercoachconnection.com/tenderometer/4K/
happycheftv.com/wp-admin/z6uGcbY/
ombchardin.com/archive/V/
tacademicos.com/content/JbF68i/
zhongsijiacheng.com/wp-content/jn5/

# Reference: https://twitter.com/bomccss/status/1351835536390975490

ordertaker.jakagroup.com/2f77k7i6/E/

# Reference: https://twitter.com/Cryptolaemus1/status/1351950866811645955

abyssos.eu/wp-content/p/
bambathamobileloans.co.za/cgi-bin/X/
blog.tqdesign.vn/banner/uW/
buarf.com/vcds-throttle-w4z41/pqqn/
gieoduyen.vn/css/PxmtB/
vataas.com/3325390551/5W/

# Reference: https://twitter.com/Cryptolaemus1/status/1351994772433625088

abdo-alyemeni.com/wp-admin/seG6/
bardiastore.com/wp-admin/A1283/
dryaquelingrdo.com/wp-content/SI/
fabulousstylz.net/248152296/TpI/
giteslacolombiere.com/wp-admin/FV/
oxycode.net/wp-admin/x/
trendmoversdubai.com/cgi-bin/B73/

# Reference: https://twitter.com/Cryptolaemus1/status/1351992254177681410

cirteklink.com/F0xAutoConfig/1Zb4/
covisiononeness.org/new/F9v/
lionrockbatteries.com/wp-snapshots/C/
nimbledesign.miami/wp-admin/C/
oshiscafe.com/wp-admin/5Dm/
schmuckfeder.net/reference/ubpV/
xunhong.net/sys-cache/D0/

# Reference: https://twitter.com/Cryptolaemus1/status/1352006666263420928

academiaprogreso.com/cgi-bin/Z5/
casinos-hub.com/s/ZQhDyLF/
deoditas.com/n/FUEyoG/
mts2019-002-site9.gtempurl.com/wp-content/E/
newtop.one/responsives/z/
ocean4gamers.com/wp-content/GAuYf/
yahyalisayam.com/sys-cache/tAsw/

# Reference: https://twitter.com/K_N1kolenko/status/1352155154003480576

aqnym.top/wp-login/9ZvtYaLyhg/
bestcartdeal.com/wp-content/U12BbGPx2v/
chenqiaorong007.com/wp-content/inh1Q4eFMT/
hredoybangladesh.com/3948708181/l7/
qingniatouzi.com/wp-includes/Z4TFME0/
washcolsc.com/wp-admin/gRIWZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1352199988084944896

bikemyday.se/wp-includes/FdM/
bookkeepingdoctor.co.uk/s/1EU/
deshbangla71news.com/wp-content/5M/
lubdeco.com/rocketlike/1IqoSgDG/
peritidiparte.org/administrator/XSboAD33/
vallerconstrutora.com.br/wp-content/uploads/vDIi0eYzz/

# Reference: https://pastebin.com/raw/aStRxhMw

143.0.85.206:7080
181.10.46.92:80
2.58.16.88:8080
200.75.39.254:80
201.185.69.28:443
206.189.232.2:8080
83.144.109.70:80
91.233.197.70:80
93.146.143.191:80
93.149.120.214:80
94.176.234.118:443
95.76.153.115:80

# Reference: https://urlhaus.abuse.ch/url/973026/

nhipcauytevietnhat.com/efficiency-all-iuehb/BJug3jyhuyilWhCQs3YksSaqQW7tpyvmYpb91wTZdbluIo1EKoPE5VrBbcx8zHDAR9YT/

# Reference: https://twitter.com/Cryptolaemus1/status/1352559200271028227
# Reference: https://twitter.com/Cryptolaemus1/status/1352559411135467527

cashstreamfinancial.com/wp-admin/23/
e-medglobal.com/wp-content/ludqf/
ecobaby.es/assets/MZIHkwyre/
elsadinc.com/wp-content/B/
inhaustyle.com/wp-admin/7OtP5/
jlzs.kuamn.com/a/B3Snr8A/
jolifm.com/new/5hkc3/
o7therapy.com/egyptian-comedy-hiiro/As0/
signinsolution.com/wp-content/Vr0/
technologydistilled.com/a-nurse-ss8d9/z/
wangke9.com/wp-includes/dCmiSx8y/
wp01.devanshp.com/sys-cache/8vejbVDx/
wz760.com/wp-admin/b/

# Reference: https://twitter.com/Cryptolaemus1/status/1352558882867081219
# Reference: https://twitter.com/VirITeXplorer/status/1352557164158738433

91yudao.com/wp-admin/KKHt1/
fifacoinsbox.com/wp-content/7gYt/
laymancoder.com/rustic-decor-1gbad/Us/
rbdck.com/wp-content/uploads/sucuri/lewfK/
seamart.info/alfacgiapi/q92A/
uagritech.com/cgi-bin/a5G/
yourcleanersurfaces.com/four-monks-acasz/O2my/

# Reference: https://twitter.com/Cryptolaemus1/status/1352581752385122310

admin.toppermaterial.com/js/jGcwS/
fultonandassociates.com/administrator/IUHeit/
notebook03.com/templates/G2Ay/
pcsaha.com/wp-content/fG1tM/
rosvt.com/img/9h1Q/
skver.net/benjamin-moore-xha9o/t/
zippywaytest.toppermaterial.com/wp-admin/wwbJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1352595532074643463

alugrama.com.mx/t/2/
armakonarms.com/wp-includes/fz/
bbjugueteria.com/s6kscx/Z/
bimception.com/wp-admin/sHy5t/
coworkingplus.es/wp-admin/FxmME/
homecass.com/wp-content/iF/
silkonbusiness.matrixinfotechsolution.com/js/q26/

# Reference: https://twitter.com/Cryptolaemus1/status/1352631537007734790

fab5associates.com/include/scIM/
ie-best.com/msm8909-custom-bgts5/eos6t3H/
iebest.online/1997-chevy-aiz00/RFrTE68/
iebest.org/hoefler-bold-zify4/ia/
originpart.com/wp-content/acStl/
singleworld-online.com/img/DeeAt/
slowdtech.net/shop/wLZ4yw/

# Reference: https://twitter.com/Cryptolaemus1/status/1352643524404117505

e-wdesign.eu/wood-stove-x7iww/R1SMs1v/
micronews.eu/crankshaft-pulley-i5aio/Tlp/
ofert-al.com/wp-content/t9hVViBde/
relatedgrouptest.com/OurTime/culeTFa3v/
schmuckfedern.info/reference/0HlBBg8/
transal.eu/netgear-wifi-qzvv4/1j7XZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1352700749164269568

boomarketer.com/wp-content/6/
crooks-taylor.com/1676470973/1/
lvnskin.com/h/IB/
nadysa.com/wp-content/Almet/
rabiei.fun/eidl-reconsideration-bs3lu/feoOiAO/
rex.tasmiragroup.com/wp-includes/un6G/
whitetheme.xyz/wp-content/q8H/

# Reference: https://twitter.com/Cryptolaemus1/status/1352724228106280960

bhaktivrind.com/cgi-bin/JBbb8/
cab.mykfn.com/admin/X/
cambiasuhistoria.growlab.es/wp-content/hGhY2/
gocphongthe.com/wp-content/lMMC/
ie-best.net/online-timer-kvhxz/ilXL/
letscompareonline.com/de.letscompareonline.com/wYd/
vanddnabhargave.com/asset/W9o/

# Reference: https://twitter.com/Cryptolaemus1/status/1353666901780688900

aecotimes.com/wp-admin/44Z/
de.letscompareonline.com/cgi-bin/ztEE/
escalierconsulting.com/wp-includes/I/
haumaguerraevoceoalvo.com.br/wp-includes/0Hm/
paulomarciotrp.com/z/y/
rakikuma.com/cgi-bin/K/
snjyp.com/wp-content/Nz/1/

# Reference: https://twitter.com/Cryptolaemus1/status/1353658459376517121

3musketeersent.net/wp-includes/TUgD/
dashudance.com/thinkphp/dgs7Jm9/
jeevanlic.com/wp-content/r8M/
leopardcranes.com/zynq-linux-yaayf/w/
mmrincs.com/eternal-duelist-9cuqv/jxGQj/
shannared.com/content/lhALeS/
skilmu.com/wp-admin/hQVlB8b/

# Reference: https://twitter.com/Cryptolaemus1/status/1353642498288201728

e-wdesign.eu/wp-content/bn1IgDejh/
jflmktg.wpcomstaging.com/wp-content/AK/
linhkienmaytinh.tctedu.com/wp-snapshots/VzJM/
nightlifemumbai.club/x/0wBD3/
shop.nowfal.dev/wp-includes/RlMObf2j0/
traumfrauen-ukraine.de/bin/JyeS/

# Reference: https://twitter.com/sugimu_sec/status/1354337747037679619

80.158.59.174:8080
80.158.43.136:80
80.158.3.161:443
80.158.51.209:8080
80.158.35.51:80
80.158.63.78:443
80.158.53.167:80
80.158.62.194:443

# Reference: https://www.virustotal.com/gui/file/d2fa81e487727af7c92cb170cfd73dcd9c600c4599cfe59c8021744c075064ee/detection

190.182.161.7:8080

# Reference: https://otx.alienvault.com/indicator/file/9fddb3ab17c46feb665101b7893f793f2b3465f5eac30bd4d442b52a8d60448b/

alptitude.com/wp-admin/2ygiz6a0574/
dev.petracapital.com/shared/web/f794/
healthylivingclinique.com/yzvd2ss/nj9ro6k881/
staging.thenaturallifestyles.com/wnty/98c971/

# Reference: https://tria.ge/201025-mn36398aqs/static1

111.119.233.65:80
144.139.158.155:80
187.131.128.238:50000
190.79.228.89:443
220.241.38.226:50000
41.75.135.93:7080
42.190.4.92:443
45.56.79.249:443
60.52.64.122:80
79.127.57.43:80
94.177.183.28:8080
94.67.21.187:8080

# Reference: https://www.virustotal.com/gui/file/835d0910a541696111ecf4588e19a2c361e1ed6a61d2b680e1dd1cfcd85b4da9/detection

arya-co.com/wp-includes/lIaWADd/
literadiocebu.com/vhvjt/aycx52bqm330139/
pizzaherbs.com.pk/pjqbq/XnPgtdPPN/
solution.seeedstudio.com/tag/FNLFibbOyHa/

# Reference: https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/
# Reference: https://otx.alienvault.com/pulse/6047a64d3c6de8ce39c5f1fb

abrillofurniture.com/bph-nclex-wygq4/a7nBfhs/
allcannabismeds.com/unraid-map/ZZm6/
ezi-pos.com/categoryl/x/
giannaspsychicstudio.com/cgi-bin/PP/
ienglishabc.com/cow/JH/
etkindedektiflik.com/pcie-speed/U/
vstsample.com/wp-includes/7eXeI/

# Reference: https://www.virustotal.com/gui/file/05e10f7bf1687cc7187961aa5140c2b29a054a9142bdf9b8b8a54a6fbfc63f38/detection

http://70.121.172.89

# Reference: https://unit42.paloaltonetworks.com/emotet-command-and-control/

ienglishabc.com/cow/JH/

# Reference: https://www.virustotal.com/gui/file/338d8d3ff0894ad4411b7eca2723d06a70f560488f00e690ed7ad33e67f9ad47/detection
# Reference: https://www.virustotal.com/gui/file/14aad54e4accb6acc45ee5bdf965c406fac1b53ba6600961135b9567d03b224d/detection

217.160.169.110:8080
51.255.203.164:8080

# Reference: https://www.virustotal.com/gui/file/6b33c0213605687c080ebef68e2ae366e3d35f90cb1bf80ad4506ad738284806/detection

http://84.232.229.24

# Reference: https://www.virustotal.com/gui/file/9873dc0ef3a6233e91cb4112f96e68495354a35341ebe8108f87e80a97084306/detection

duolife-partner.com/wp-content/pE/
givingthanksdaily.com/web/VK/
ifarmer.com.br/__MACOSX/2w4/
tskgear.com/wp-content/uploads/2017/Fo/
uniteddatabase.net/wp-admin/tf/
testlibreria.ddns.net

# Reference: https://www.virustotal.com/gui/file/5bc7d79f0a8067ecc206d34cad5432b343af707f332326b947460129d36d9c73/detection
# Reference: https://www.virustotal.com/gui/file/d148cd4df3bc4807b5e7d2dffc7659ca926ed4674d4fab4da5b305f63d19748d/detection

djsrecord.com
impipower.com
inkayniperutours.com
lastfrontierstrekking.com
mitraship.com
vesiyiannissimopoulos.com
vysimopoulos.com
watchnshirt.com

# Reference: https://unit42.paloaltonetworks.com/c2-traffic/

/a51azs1nbhzmu5m/
/a5msy52s4i4uuac7dm/
/e6qj08nos8kh/
/o7rhpr2xi05tkkp/
/p0f6wimb1tcqvn0/
/r1s4dvgwanu1ov8qku/
/a5msy52s4i4uuac7dm/pzudacb2/a51azs1nbhzmu5m/p0f6wimb1tcqvn0/
/r1s4dvgwanu1ov8qku/e6qj08nos8kh/o7rhpr2xi05tkkp/

# Reference: https://www.virustotal.com/gui/file/befffcacdf0a332761313f820c7527c9e18afb0b2b96871fa3ae6cdb78a1710c/detection

3cgfx.com
antbear.de
praxislumpp.de
reken-bhf.d
zlc-aa.org
/nbrZnq/
/nwbBJRnf/
/shFvxAVCx/

# Reference: https://www.virustotal.com/gui/file/3deae7749040610c9cbb202e382427a1f25a78a2522039b47243f39d117bbe2a/detection

coronadotx.com
djkuhni.ru
finnessemedia.com
oilmotor.com.ua
/9jrQva/
/dg8G4r7/
/VG0BJc48/

# Generic trails

/ringin/
/meecpy20181/
/s_w6_h2gc/
/o_wle6_cyuobdkxwm/
/3vzc_oj94_q3v42ns4nb/
/4ots_c9x_ty/
/cx8yyu/
/ofoJX/
/vXl0kcy/
/56mt6s8/SiP/
/db9my/2yh3wsv3w8/
/dovij7lgjd/
/info/Qmy4/
/otul6pg/eyhG/
/twitter-api/a_fx/
/private/hWJAF4yBv7/
/wordpress/VKj/
/wordpress_e/xh/
/wp-admin/7mRmsM/
/wp-admin/AYO/
/wp-admin/nBJ/
/wp-content/AKgD/
/wp-content/Ds_G/
/wp-content/ehiZ/
/wp-content/o_qO/
/wp-content/ZhG/
