# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/
# Reference: https://www.virustotal.com/gui/file/347687813e6c14e190fa3545f088555b241bc63bb1a5796d672747a7303d276b/detection

madh0use8.no-ip.org
madh0use8.no-ip.org.ovh.net

# Reference: https://www.virustotal.com/en/domain/vajityu.club/information/

vajityu.club

# Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx

aepahphahv.co.vu
aisohcaehi.co.vu
anothertembr.cf
anothertembr.ga
anothertembr.gq
anothertembr.ml
chughaiquu.co.vu
eewujoopai.co.vu
faeceedaba.co.vu
iewohpotae.co.vu
kladara.ml
meicashala.co.vu
rooniebohl.co.vu
sheibohchu.co.vu
sootateiso.co.vu
xooseishoh.co.vu

# Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/

facetwop.ru
rulething.ru
montirose.com

# Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100

server2.bjdnxbgp3.ru
bogerando.ru

# Misc (incidents)

devomchart.com
getmyhouse.net
ginbig.com
moksaduqqovlof.net
observatorystarsoh.net
runningwayforsun.net
locatedforporternok.net
addressbooklocater.net
alarg53.ddns.net
kiliposturgy22.no-ip.biz
beatyourmeatwhileweeat.com
qibrasob.ru
zibravopl.ru
forgiveme.workisboring.com
75ulqnwb.ru
i7gd9ultgx.ru
v99ay4wuo.ru
gd14hp0u6x.ru
qsqjeuno53.ru

# Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/

lightsmokesky.net
segateslondo.ru
devomchart.com
lemotgraph.com
wittersphere.net
monitmock.su
monitnear.ru
zapoio.com
napalmstories.su
jabberstorm.su
photohubchart.com
thoughtdog.net

# Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/

wanmeishua.com

# Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl

alsblueshelpt.nl

# Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/
# Reference: https://cymon.io/46.166.165.114

46.166.165.114
committeedub.com
09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link
cekmakasabasa.com
0oers58juxhcm7e.aze.link
yadakbloghesaplar.link
aze.link
fsafakfskane.net
cclamarablog.xyz
cutecatworldhappy.website

# Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/
# Reference: https://cymon.io/181.174.164.3

adobeflashplayernew.com
adobeflashplayernew.org
adobeplayerdownload.com
adobeuploadplayer.com
adobeflashplaayer.com
flashplayeerupdate.com
adobeupdateplayer.com
adobeupdateplayeer.com
adobeupdateflash11.com
update-flash-player.org
adobeflashupdate.org
updateflashplayer11.com
alarkamaravaas.pw
lin.kim
cutecatworldhappy.website
abaza.ninja
shoppet.net
aze.link
q0a2wqepvhz8ame.aze.link
samaravablog.pw
weightloss-secrets-revealed.net
gomen.ninja

# Reference: https://www.snort.org/rule_docs/1-30285

palauone.com

# Reference: https://marc.info/?l=emerging-sigs&m=135207116130028

whatandwhyeh.com
manymanyd.com
traindiscover.com

# Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617

bktwenty.com
adbullion.com
sleeveblouse.com

# Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951

meherdelam.com
fordulak.com
germerand.com

# Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/

meherdelam.com
royalbankofcanadahelp.com
dns8.ffv3.ru
dns9.ffv3.ru
royalbankservicescheck.com

# Reference: http://www.urlvoid.com/scan/recenthosts.ru/

recenthosts.ru

# Reference: https://www.siteadvisor.com/sites/intelcorpsg.com

intelcorpsg.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx

cyber7.bit

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx

fionades.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx

cgi.dubkill.com

# Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120

fina.online

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

blooping.ovh.net
salako.net

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

himynameisnoah.su
ichockealotkrug.com
idontlikeitwhenyoudoit.ru
iliketopunchnoah.com
justreggitifyouknowit.ru
karnevallizdageil.com
merhabaslm.su
wheniseeyourdedows.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

joaosgk03.sytes.net
spectrun2008.no-ip.org

# Reference: https://twitter.com/ps66uk/status/1037866649435729921

widewiderangers.fun

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section)

http://122.14.210.142
http://198.46.86.224
http://43.230.143.219
americasculturalstudies.net
danhbaviet.com
kegodanang.com
sevbizleadservices.com
siyaghasourccing.com
vhecha.com
www970234.com

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0)

amniyatgostariranian.ir

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0)

ducklife.ddns.net
homersides.duckdns.org
wandersongay.ddns.net

# Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html

2bunny.com

# Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/

vv338.com

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

laserjetpro.com

# Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680

manapowermta.us

# Reference: https://twitter.com/jonaha92/status/1045344161690505217

11m.online

# Reference: https://twitter.com/blu3_team/status/1046054098884349953

images.laofamilymerce.com

# Reference: https://twitter.com/blu3_team/status/1037854618477383681

tub.gotomental.com
/bin/page/hpsrv.tmp

# Reference: https://twitter.com/blu3_team/status/1033356637543825408

nhatbao.chatpacific.com

# Reference: https://twitter.com/blu3_team/status/1030263686001246210

v2.buydiamond.hk

# Reference: https://twitter.com/blu3_team/status/993121509643378688

fb-dn.net/disrt/
ap12.ms-update-server.net

# Reference: https://twitter.com/blu3_team/status/981659638776115200

unnews.freetcp.com

# Reference: https://twitter.com/blu3_team/status/971351907095711745

baoin.baotintu.com:8001

# Reference: https://twitter.com/blu3_team/status/968588888867393536

news.voteandreahorwath.com
/polar-beer/election2018/info.html

# Reference: https://twitter.com/blu3_team/status/964324749106130944

zero-emissioncar.org

# Reference: https://twitter.com/blu3_team/status/958573054052978688

weather.gbaycruise.com

# Reference: https://twitter.com/blu3_team/status/956144807554043906

teredo-update.com

# Reference: https://twitter.com/blu3_team/status/951759637816205312

chrome.softupdate.xyz

# Reference: https://twitter.com/blu3_team/status/951658055858622464

mktnplace.com:81

# Reference: https://twitter.com/blu3_team/status/950126294137819136

thestar.live

# Reference: https://twitter.com/blu3_team/status/950124083332689920

newmysticvision.com

# Reference: https://twitter.com/FewAtoms/status/1045358651307962369

lse-my.asia

# Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376

firefox-addons.com

# Reference: https://twitter.com/James_inthe_box/status/1046844087469391872

kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz

# Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648

docs.herobo.com/in/
docs.herobo.com/mr/

# Reference: https://twitter.com/FewAtoms/status/1047533778665660425

americanxdrive.gq

# Reference: https://twitter.com/FewAtoms/status/1047514168105082881

uchservers.ga

# Reference: https://twitter.com/virqdroid/status/1047419271662505985

bibonado.com

# Reference: https://pastebin.com/AasLyArF

monochromestr.site
motiondev.com.br
studio2321.com

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

alangudiagroindia.com

# Reference: https://twitter.com/dvk01uk/status/1047797297835397121

tokovio.com
/kfjvbdrlq

# Reference: https://twitter.com/ScumBots/status/1035348180903321601

23ace.site

# Reference: https://twitter.com/avman1995/status/1047354322974064640

yoacafpshlcz.de

# Reference: https://twitter.com/Dashowl/status/1047924040026001409

noipppl-online.com

# Reference: https://twitter.com/James_inthe_box/status/1047907038582304768

alsafeeradvt.com/m/

# Reference: https://twitter.com/nullcookies/status/1048030992320143360

h2hphotography.com

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

faktura24.ml
przelewy24.tk

# Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888
# Reference: https://pastebin.com/raw/fLf15eVp

1drivemail.ml
aghightile.ml
atlasglb.tk
bengusi.ga
britwind.tk
capt.ga
cmfgen.cf
cpseeds.ml
dajjuooltd.ga
foodpro.cf
generationgrowth.ml
illumin8blinds.ml
inmailadmin.cf
inmailadmin.ga
inmailadmin.gq
inmailadmin.ml
inmailadmin.tk
onedrivemail.cf
onedrivemail.ga
onedrivemail.gq
onedrivemail.ml
onedrivemail.tk
onmailadmin.cf
onmailadmin.ga
onmailadmin.gq
onmailadmin.ml
onmailadmin.tk
italamp.tk
itc-co.cf
kooshkan.ml
kwangshin-co.tk
nsewyainc.ml
potoflogz.tk
premiumchemical.ga
pseaways.tk
pvtechuae.cf
rathot.ml
ritter.gq
rivonka.ga
royalgroup.ga
safetexgroup.tk
salturchltd.ga
sebbeninternational.ml
sense-eng.ml
sercer.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
utehaltd.tk
veritasoverseas.ga
vip163.cf
yuan-fa.tk

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0)

q0fpkblizxfe1l.com

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Win.Malware.Razy-6703914-0)

extreme33.dns1.us
mdformo.ddns.net
mdformo1.ddns.net

# Reference: https://twitter.com/ViriBack/status/950478648150282240

0m0.in

# Reference: https://twitter.com/FewAtoms/status/1048982479783309314

capt.ga
italamp.tk
nsewyainc.ml
sense-eng.ml
sercer.tk

# Reference: https://twitter.com/FewAtoms/status/1048978792931368960

britwind.tk
dajjuooltd.ga
illumin8blinds.ml
kooshkan.ml
potoflogz.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
veritasoverseas.ga
vip163.cf

# Reference: https://twitter.com/James_inthe_box/status/1049445992808890369

viswavsp.com/newworld/

# Reference: https://twitter.com/malware_traffic/status/1049407739619880961

23.249.161.109/extrum/

# Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264

readyteam.org

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

guarana.pw
marryjane.club
names34.top
safi.co.za

# Reference: https://twitter.com/nullcookies/status/1050907886392623104

dirajrakhbhae.com

# Reference: https://twitter.com/FewAtoms/status/1050457033810558976

akznqw.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448

wemusthammer.com

# Reference: https://twitter.com/FewAtoms/status/1051099620020035585

msmapparelsourcing.com/directory/
msmapparelsourcing.com/wp-admin/users/

# Reference: https://twitter.com/nullcookies/status/1051321548634804226 

ghrelokamkaj.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560

globamachines.com

# Reference: https://twitter.com/FewAtoms/status/1050802529498525697

plus1interactive.com/bots/

# Reference: https://twitter.com/olihough86/status/1050722705740304384

wheelnet.ca

# Reference: https://twitter.com/ximo2006/status/1050331166597758976

93.174.93.149:21

# Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service

hard-grooves.com
hellonwheelsthemovie.com
miamirecyclecenters.com

# Reference: https://twitter.com/nullcookies/status/1051244629704740865

daduhinnawmaz.com

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

datingittlive.info

# Reference: https://twitter.com/nullcookies/status/1030243288677277696

mayorel.website

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

osdsoft.com

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

faktura24.cf
przelewy24.ml

# Reference: https://twitter.com/MaelSecurity/status/1051900926078922753

adobe-reader.site

# Reference: https://twitter.com/avman1995/status/1052023584187719680

elektroklinika.pl/wp-content/languages/plugins/includes/

# Reference: https://twitter.com/ulexec/status/1051959861964169217

alprazolam.rip

# Reference: https://twitter.com/nullcookies/status/1052339217056129026

grafmx.com

# Reference: https://twitter.com/olihough86/status/1052607058883870720

yootbe.org

# Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329

holisticxox.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

cuezo.tk

# Reference: https://twitter.com/avman1995/status/1052879462449274880

ondasolution.ga

# Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382
# Reference: https://pastebin.com/raw/v7XN8dZS

alfredbusinessltd.flu.cc
citytrading.usa.cc

# Reference: https://twitter.com/FewAtoms/status/1053365757197860864

hnmseminar.aamraresources.com/dotcom/

# Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360

loggerz.xyz

# Reference: https://twitter.com/ViriBack/status/971430374919122944

acctspayable.com

# Reference: https://twitter.com/executemalware/status/999034066258284545

theipgenerators.com

# Reference: https://twitter.com/malware_traffic/status/1053494383708844032
# Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html

2019bracket.com
2069brackets.com
activenavy.com
adomesticworld.com
allpurplehandling.com
anilmoni.com
answermanagementgroup.com
antinomics.com
bluestarpaymentsolutions.com
boobfanclub.com
borderlands3.com
brickell100.com
bubsware.com
cactopelli.com
careercoachingbusiness.com
cclawsuit.com
cgunited.com
crosspeenpress.com
crystalhotel.com
dehionsgbes.com
dmknott.com
docswitch.com
expertsjourney.com
farminginthefloodplain.com
geziyurdu.com
gloria-glowfish.com
gnosmij.com
gokceozagar.com
greatwp.com
ieltsonlinetest.com
indiangirlsnude.com
indicasativas.com
inmotionframework.com
internationalboardingandpetservicesassociation.com
intimateimagery.com
iptechnologysolutions.com
iscanhome.com

# Reference: https://twitter.com/ps66uk/status/1053632722667794433

dWUJncxxb.sh-master02.com
qixjd277g3621166.impressoxpz97367.com

# Reference: https://twitter.com/DissectMalware/status/1042276512886599680

exxxwrtw1111111.kloudghtlp.com

# Reference: https://twitter.com/ni_fi_70/status/1053207719291879424

84.38.130.139/pk/office/

# Reference: https://twitter.com/xxdesmus/status/1053440011289280512

123.249.71.250:666
89.34.237.210/ikahedbts/

# Reference: https://twitter.com/nullcookies/status/1054185582467993600

daxiu678.com
lianyebo1.com

# Reference: https://twitter.com/FewAtoms/status/1054419759511547904

guideofgeorgia.org/doc/

# Reference: https://twitter.com/FewAtoms/status/1054762247405424642

nabato.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

davidharvill.org
hotkine.com
informanetwork.com
invasivespecies.us
lookper.eu
maleass.eu
schwerdt.org

# Reference: https://twitter.com/KorbenD_Intel/status/1054857588695683072

6cameronr.ga

# Reference: https://twitter.com/FewAtoms/status/1055149939456688133

linetrepanier.com/wp-data/

# Reference: https://twitter.com/avman1995/status/1055360237484552192

ponti-int.com/a/

# Reference: https://twitter.com/yvesago/status/1055362284569145344

84.38.130.139/pk/office/

# Reference: https://twitter.com/FewAtoms/status/1055477161577115648

192.3.162.102/out/

# Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network
# Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6

officesales2.com

# Reference: https://blog.en.elevenpaths.com/2019/01/chrome-extension-card-cybersecurity.html

fbsgang.info

# Reference: https://ti.360.net/blog/articles/upgrades-in-winrar-exploit-with-social-engineering-and-encryption/

manage-shope.com
local-update.com
conloap.linkin.tw

# Reference: https://twitter.com/blu3_team/status/1053669632438099970
# Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802

pus.inter.cloudns.cc

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

bite-me.wz.cz
jma-go.jp
mountainhigh.at
racemodel.at
thunderbolt-price.com
sungmap.at

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/

chadikaysora.com
lt99.ddns.net
http://35.227.52.26

# Reference: https://twitter.com/ScumBots/status/1094811119154356224

gxbjugb.xyz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Autoit-6877140-0)
# Reference: https://www.virustotal.com/#/file/028914f9d3455b44d9186d218874047530a367cb1d20cbc7d9b047a42faf1774/detection

kuangdl.com

# Reference: https://www.virustotal.com/#/url/0d8185a9bf6eb842a7e07758882d86a33f090d7572efd61d1b296382c2af4a7a/detection

j0mla.sytes.net

# Reference: https://news.drweb.com/show/?i=12955&c=23&lng=en&p=0
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/Trojan.Click3.27430
# Reference: https://app.any.run/tasks/0a0be637-4950-4727-bfaa-8eaa05563262

barmash.ru
dnsip.ru
dns-free.com

# Reference: https://twitter.com/ScumBots/status/1105495431864303616

flowerstick.net

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html

mokoaehaeihgiaheih.ru

# Reference: https://twitter.com/James_inthe_box/status/1106551689132138497

llkty.gq

# Reference: https://twitter.com/James_inthe_box/status/1105124840501989378

dsmbil.ml

# Reference: https://www.virustotal.com/#/domain/cloudnetwork.kz
# Reference: https://twitter.com/James_inthe_box/status/1101548458090016768

cloudnetwork.kz

# Reference: https://twitter.com/bad_packets/status/1104313051166068737

methaddict.xyz

# Reference: https://twitter.com/VK_Intel/status/1044631042454249473

mintsbox.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1107662516824535041

xqzuua1594.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1107932063209017344

/gr.mpwq

# Reference: https://twitter.com/James_inthe_box/status/1107977083123204102

brokenway.cf

# Reference: https://twitter.com/James_inthe_box/status/1108085222317289473

goldchainsblue.com
validcc.ch

# Reference: https://twitter.com/ActorExpose/status/1108113213164523521

vocational-age.000webhostapp.com

# Reference: https://twitter.com/dvk01uk/status/1108204451309981697

alta-brasiil.com

# Reference: https://twitter.com/dvk01uk/status/1106429454736388096

fast4elev.gq

# Reference: https://twitter.com/dvk01uk/status/1105718483118108672

remenelectricals.com

# Reference: https://twitter.com/dvk01uk/status/1105736132908720128

morningfresh.ga

# Reference: https://twitter.com/dvk01uk/status/1105819049831862278

chemisoli.com

# Reference: https://twitter.com/dvk01uk/status/1105437702999166976

goodlord.cf

# Reference: https://twitter.com/dvk01uk/status/1103507380892061696

evaglobal.eu

# Reference: https://twitter.com/dvk01uk/status/1103259569013305344

mamaknowyourname.gq

# Reference: https://twitter.com/dvk01uk/status/1103257149508075520

modexcommunications.eu

# Reference: https://twitter.com/dvk01uk/status/1102820682713522176

ruga.africa

# Reference: https://twitter.com/dvk01uk/status/1099697529409671168

maheshshukla.com

# Reference: https://twitter.com/dvk01uk/status/1098244837374070786

findouttheway.gq

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

etruht.ml

# Reference: https://twitter.com/dvk01uk/status/1093734309947719680

etruht.ga

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

tanerm.ug

# Reference: https://twitter.com/dvk01uk/status/1096445096306921472

xvirginieyylj.city

# Reference: https://twitter.com/dvk01uk/status/1095633303758127104

joshdghd.cf

# Reference: https://twitter.com/dvk01uk/status/1094924981971107840

geepaulcast.com

# Reference: https://twitter.com/dvk01uk/status/1092780337434947584

lightmusic.cocomet-china.com

# Reference: https://twitter.com/dvk01uk/status/1092685964743503872

imtooltest.com

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

sulphurrnills.com

# Reference: https://twitter.com/dvk01uk/status/1088391308849434629

pornhouse.mobi

# Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf

bhrserviceaps.dk

# Reference: https://twitter.com/pollo290987/status/1108393592605863940

brothersjoy.nl

# Reference: https://twitter.com/fletchsec/status/1108144401530978304

86818.prohoster.biz

# Reference: https://twitter.com/killamjr/status/1108455343816916992

quiltyfabricsorders.xyz

# Reference: https://twitter.com/nao_sec/status/1108388558539087873

dogfunnyviedeos.xyz

# Reference: https://twitter.com/JayTHL/status/1108402913938935808

mansoura.co
root-mrx.tk

# Reference: https://twitter.com/Racco42/status/1107351502878842880

angel-aristizabal.com.co

# Reference: https://twitter.com/Racco42/status/1106547527334154240

thinknik.ca

# Reference: https://twitter.com/Racco42/status/1106225615705948167

ministere-elshaddai.org

# Reference: https://twitter.com/Racco42/status/1106201029127880704

tiemokodoumbia.com

# Reference: https://twitter.com/Racco42/status/1105504898525917184

mincare.vn
sharegroup.info

# Reference: https://twitter.com/Racco42/status/1102896181011795969

wearewhatwesay.com

# Reference: https://twitter.com/Racco42/status/1102869794502705152

fm.radio.googlemenow.org

# Reference: https://twitter.com/Racco42/status/1102590512228388866

handbuiltapps.com
luxdecor.co.il

# Reference: https://twitter.com/Racco42/status/1101142170663354370

loh-tech.com

# Reference: https://twitter.com/Racco42/status/1100855213668421632

oppws.cn
skity.hk

# Reference: https://twitter.com/Racco42/status/1100733716995944448

aviatorssm.bit

# Reference: https://twitter.com/Racco42/status/1098979285443006465

burcutekstil.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1108668614742368261

mkatarina7094maybelle.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1108683102187110400
# Reference: https://app.any.run/tasks/7d5fcd3a-9d57-45f4-8616-f867ee76f765

nuovilod.icu
wwikrrtt.info

# Reference: https://twitter.com/malwrhunterteam/status/1108689191326625794

bigassbabyart.com

# Reference: https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/

gxxservice.com
infestexe.com
xigncodeservice.com

# Reference: https://twitter.com/anyrun_app/status/1108695731530055680
# Reference: https://app.any.run/tasks/f9c9b7ed-ac6b-454f-86c6-8bbc7c3b8d1f

n48lxj5097.email
wyideegb.city

# Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168

brandin.nu
servicemanager.icu

# Reference: https://twitter.com/luc4m/status/1103952276132192256

splitbiin.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1100698122563567616

mi88karine.company

# Reference: https://twitter.com/avman1995/status/1094181713121558529

fpetraardella.band

# Reference: https://twitter.com/benkow_/status/1088009157733683200

uni-full.com

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

tollzwork.ru

# Reference: https://twitter.com/CryptoInsane/status/1074048007912464389

ooxxzzvv.com

# Reference: https://twitter.com/Racco42/status/1067027684906151936

pdf\-compare\.(site|space)

# Reference: https://twitter.com/benkow_/status/1057977911607783425

osxmacservice.com

# Reference: https://twitter.com/Racco42/status/1040144285453180928

emailerservo.science

# Reference: https://twitter.com/James_inthe_box/status/1108727176038236166

fnutdue.ru

# Reference: https://twitter.com/dvk01uk/status/1108706531636326400

lovliygtyu.ml

# Reference: https://twitter.com/dvk01uk/status/1108745052686307328

hytexxi.xyz

# Reference: https://twitter.com/pollo290987/status/1108755025604591622

tarhona-libya.com

# Reference: https://twitter.com/Jan0fficial/status/988318117532176384

mlhxyz.ml

# Reference: https://twitter.com/fumik0_/status/973504037999075329

win-dows.net

# Reference: https://twitter.com/dvk01uk/status/1109045863664533504

zentacher3.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1109085932949590018

u1a2zlzeuya.company

# Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480

nitb.pk-gov.org

# Reference: https://app.any.run/tasks/7dff8b86-1cff-4d38-9264-aa5a217eca0e

interruption.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1109089319871004673

r414525xw.band

# Reference: https://app.any.run/tasks/b853927b-ff78-4744-81db-789e8592bda2

realdealhouse.eu

# Reference: https://twitter.com/casual_malware/status/1107101098714656768

elec-tb.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1106579701290672129

abhicoupon.com

# Reference: https://twitter.com/JaromirHorejsi/status/1105806463468036096

awdmiami.com

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

freedomate.ga

# Reference: https://twitter.com/ViriBack/status/1093994913249853440

cocomet-china.com
naceco.com
qai-abb.com

# Reference: https://twitter.com/nullcookies/status/1029173962595598336

appgosecurity.com

# Reference: https://twitter.com/FewAtoms/status/1109119034082103298

shannai.us

# Reference: https://twitter.com/James_inthe_box/status/1109120289604931584

zjnewdan.us

# Reference: https://twitter.com/ClearskySec/status/1001833343581900800

stcinet.com
stcnet.ddns.net

# Reference: https://twitter.com/guelfoweb/status/1109103783571795970

mit-gov-it.icu

# Reference: https://twitter.com/Racco42/status/1109591919561187330

alph.staroundi.com

# Reference: https://twitter.com/FewAtoms/status/1109773299985379329

ruih.co.uk

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

oteam.io

# Reference: https://twitter.com/James_inthe_box/status/1079727395161104384

amsi.co.za

# Reference: https://twitter.com/James_inthe_box/status/1109832439700971520
# Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e

a-7763.com
davidich.life
domekan.ru
doshimotai.ru
kifge43.ru
/MatherFuckerAv.dll

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

gmltdprocrop.com

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

mulenrooj.adygeya.su

# Reference: https://twitter.com/avman1995/status/1090972632261029891

monstercartune.club

# Reference: https://twitter.com/dms1899/status/1070382435148447745

ph0en1x.tk

# Reference: https://twitter.com/avman1995/status/1035723902612324352

botsphere.biz

# Reference: https://twitter.com/Racco42/status/1110098645263810561

bzios.info

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-10-22: Ukrainian telcos fake domains on servers with Metasploit and Cobalt Strike)

24tv.agency
2mdns.org
a-msedge.org
ads1-msn.com
ads1-msn.net
akadns-ms.net
api-p001-1drv.com
apostrophe-news.biz
appex-bing.net
appex-bing.org
bigmir.email
blob-weather.com
cdn-onenote.net
censornews.org
client-googledns.com
cnn-metanews.biz
compatexchange-cloudapp.com
corpext-datamart.net
delometaua.biz
diagnostics-support-microsoft.net
diagnostics-support.com
dns-msftncsi.com
eizvestia-news.org
espreso.today
feedback-google.net
feedback-google.org
feedback-windows.com
feedback-windows.org
foxnewsmeta.biz
fwdcdn.org
gateway-telemetry.net
gateway-telemetry.org
gazetaua-news.org
gismeteo.city
img-s-msn-com-akamaized.net
interfax-globalnews.com
ipv4-microsoft.net
ipv4-microsoft.org
ipv6-google.net
ipv6-google.org
ipv6-microsoft.org
kyivstar-ip.com
ls2web-redmond-corp.com
microsoft-com-nsatc.org
microsoft-metaservices.com
microsoft-nsatc.org
ms-akadns.org
news-liga.net
newska-uanews.biz
nod-update.org
ns0-ukrpack.net
ns0-volia.net
ns1-datagroup.com
ns1-datagroup.org
ns1-volia.net
ns2-datagroup.com
ns2-datagroup.org
ns2-ukrtel.com
ns3-datagroup.org
ns4-datagroup.org
obozrevatel-news.com
officeclient-microsoft.com
paypal-com1.com
paypal-com2.com
pppoe-infocom.com
pppoe-kyivstar.com
pppoe-ukrtel.com
preview-msn.org
redir-metaservices.com
redir-metaservices.org
reports-telemetry-microsoft.com
rian-ua.org
sandbox-cloudapp.com
sandbox-cloudapp.org
search-msn.net
search-msn.org
secure-telemetry.net
secure-telemetry.org
securenod32.com
segodnya-news.org
services-glbdns2.com
services-glbdns2.org
services-google.org
serving-sys-windows.net
serving-windows.net
social-msn.net
social-msn.org
ssw-live.org
statototalitario.com
support-cloudapp.net
support-microsoft.biz
telecommand-microsoft.net
telecommand-microsoft.org
telegraf-news.biz
telemetry-akadns.org
uatimes-meta.biz
ubr-news.org
ui-skype.net
ukrfreshnews.com
unian-search.com
urs-microsoft.net
watson-microsoft.org
win-msecnd.com
win-msecnd.org
win10-telemetry.net

# Reference: https://twitter.com/James_inthe_box/status/1056920457218125826

mypanell.online

# Reference: https://twitter.com/Racco42/status/1029986121286074369

atcproje.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1110147918995091457
# Reference: https://app.any.run/tasks/8e80d6b5-507a-40ab-98bd-2dfd73d313ab

klub046.co

# Reference: https://twitter.com/Racco42/status/1110160140962066432

zaczvk.pl

# Reference: https://twitter.com/Racco42/status/1110170198005436417
# Reference: https://app.any.run/tasks/30775d98-c3a7-4de0-b4e1-5ae6db7fece9

space.bajamelide.ch

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

zabenkot.top

# Reference: https://twitter.com/angel11VR/status/1109075153114279936
# Reference: https://app.any.run/tasks/37b99bb8-a81b-4298-bc78-b19ecc0adb0f

185.25.50.168:4444

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

89.105.202.62:1080

# Reference: https://twitter.com/James_inthe_box/status/1110196027338817538

erimbil.ml

# Reference: https://twitter.com/ScumBots/status/1110265736029712384

safetimes.biz

# Reference: https://twitter.com/ScumBots/status/1110265564428226565

wite.biz

# Reference: https://twitter.com/ScumBots/status/1110265483264167939

s3rpfish.biz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Autoit-6897734-0)

charlesprofile.website

# Reference: https://twitter.com/Racco42/status/1110450502087725057

kozol.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1110470611137114112

fubuy60w.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1110533916279128071

24forejungl.site

# Reference: https://twitter.com/James_inthe_box/status/1110563590950445056

lattempted.pw

# Reference: https://twitter.com/James_inthe_box/status/1110560151977623552

conamylups.com

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/avman1995/status/951077991966064640

itgpll.com

# Reference: https://twitter.com/ViriBack/status/950469147976257536

m3ss4g3rtesla.com

# Reference: https://twitter.com/ViriBack/status/950354442917990400

dominica2.com

# Reference: https://twitter.com/cocaman/status/909339498445705216

iemnnyanmar.com

# Reference: https://twitter.com/58_158_177_102/status/1110814561500708864

onbraker.com
podertan.com

# Reference: https://twitter.com/Racco42/status/1110844776075706368

zolik.info

# Reference: https://twitter.com/ClearskySec/status/1110941180106366976

/D2_de2o@sp0/

# Reference: https://twitter.com/ClearskySec/status/1062026777604820994

disw.top
jobk.info
ktis.club
kotb.top
lupx.info

# Reference: https://twitter.com/Racco42/status/1111189949712420864

armasglass.com

# Reference: https://twitter.com/dvk01uk/status/1111218416227102720

babamaturu.cf

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1111223066137448449

bambamdumer.ml
kodjdsjsdjf.tk
lookatmenaaaa.tk

# Reference: https://twitter.com/ps66uk/status/1111309717664604162

poperjffd.gq
zentacher.cf

# Reference: https://otx.alienvault.com/pulse/5c9d13987ec3ed127b3175a5

crypt24.in
clean.crypt24.in
zani.streghettaincucina.com
midgnighcrypt.com
yinhbygrm.com
4uland.com
favoritfile.in
img.martatovaglieri.com

# Reference: https://twitter.com/James_inthe_box/status/1111371723092299776

edjsqvg.ua

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/JayTHL/status/1111497469937045504

brynn.ink

# Reference: https://twitter.com/DissectMalware/status/1111511953061621760

onbraker.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623245965545473

justpony.xyz
warezpony.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623824695611392

myloki.icu

# Reference: https://twitter.com/ViriBack/status/1111646690233192449

pamthasion.pw

# Reference: https://twitter.com/Racco42/status/1111651759276072961

zerio.info

# Reference: https://twitter.com/James_inthe_box/status/1111666754604789760

recordsforsmssent.xyz

# Reference: https://twitter.com/ViriBack/status/1067995331810549760

oceanicproducts.eu
jesseworld.eu
modexdeals.xyz
modecloudserver.eu

# Reference: https://twitter.com/ekamioka/status/1111658931624001540

nanowopsite.club

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-16: New Order PO)

/buchi/i/fred.php

# Reference: https://twitter.com/ViriBack/status/971430374919122944

carolp1.xyz

# Reference: https://twitter.com/malware_traffic/status/1111049259305046016

ultimateyahoo.top

# Reference: https://twitter.com/jfslowik/status/1112010565742788609

download-updates-comp.com
get-updates-ms.com

# Reference: https://twitter.com/benkow_/status/1112046921303113729

gcleaner.info

# Reference: https://twitter.com/ps66uk/status/1112172657729044480

00399a4.netsolhost.com

# Reference: https://twitter.com/Racco42/status/1112623595459612673

zesis.info

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

not-my-guilty.com
onlinedattingforlife.info
russkistandart.info

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

datingforllives.info

# Reference: https://twitter.com/malwrhunterteam/status/1112969094322683904

danhuaile.net

# Reference: https://twitter.com/packet_Wire/status/1112802915650027520

ordernow.cf

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
rivier.at

# Reference: https://twitter.com/KorbenD_Intel/status/1113151983030943744

vilamax.home.pl
# Reference: https://twitter.com/James_inthe_box/status/1113114356714168321

bluewales.ml
worldatdoor.in

# Reference: https://twitter.com/albertzsigovits/status/1113096573284728839

powellpablooo.myjino.ru
fnsss77.ru
darbl.icu

# Reference: https://twitter.com/illegalFawn/status/1113336529433374721

4fallingstar.info
esurf.info
childrensliving.com

# Reference: https://twitter.com/malware_traffic/status/1113586907655680001

tytalrecoverysolutions.com
zakromanoff.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113747351405985792

bobbobb1z.com

# Reference: https://twitter.com/dvk01uk/status/1094130931596701696

liqurestore.cf

# Reference: https://twitter.com/benkow_/status/1090564148184924160

dfgdfgghjghfshfgh.ru

# Reference: https://twitter.com/JayTHL/status/1036810959644438528

dvpont.com
itwsaelants.com
kmnnl.com
tekinkgroup.com

# Reference: https://twitter.com/James_inthe_box/status/1113888371204472832

smart.cloudnetwork.kz
nicru.supermicrotransapi.ru
mel.cloudcontentsmak.com
js.securetopdevelopment.kz
secure.jsc0nten1maker.com
secure.jscontentmaker.kz
tel.jsapisettings.kz

# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
top.sineadholly.com

# Reference: https://twitter.com/K_N1kolenko/status/1113818032248430593

waorveled.com
hegutceper.ru
dintroprula.ru

# Reference: https://twitter.com/takerk734/status/1113851637292920832

artdefensive.com

# Reference: https://twitter.com/takerk734/status/1113852021579206658

ceaningthe.com
hosttrade.ru
letsdoitquick.site

# Reference: https://twitter.com/Racco42/status/1114080917402861568

pasios.info

# Reference: https://www.bromium.com/mapping-malware-distribution-network/
# Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58

l-jaxx.com
monkeyinferno.net

# Reference: https://twitter.com/smica83/status/1114099330628096000

echuhnova.digital

# Reference: https://twitter.com/smica83/status/1114101564648689664

daidaowu.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1114103736731951104

vip-163.cc

# Reference: https://twitter.com/Bank_Security/status/1114122727080771585

g53lois51bruce.company

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

11totalzaelooop11.club

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Autoit-6919193-0)

jfnutts.com
jamesxx.dynu.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Vobfus-6919817-0)

backdates[0-9]{1,2}\.(com|net)

# Reference: https://imgur.com/a/8mFGk
# Reference: https://otx.alienvault.com/pulse/5a49115f93199b171b90a212

conectionapis.com

# Reference: https://twitter.com/JayTHL/status/1115077956781715456
# Reference: https://pastebin.com/raw/HggkKKVu

awazpeople25.com.pl
awazpeople25.net.pl
awazpeople25.pl
awazpeople25.waw.pl
e-helpingcenterxg.pl
egalleryimagesas.pl
ehelpingcentervh.pl
estoremkg.pl
everificationaccountls.pl
galleryimagesas.com.pl
galleryimagesas.net.pl
galleryimagesas.pl
galleryimagesas.waw.pl
helpingcentervh.com.pl
helpingcentervh.net.pl
helpingcentervh.pl
helpingcentervh.waw.pl
helpingcenterxg.com.pl
helpingcenterxg.net.pl
helpingcenterxg.pl
helpingcenterxg.waw.pl
hypemediahdy.com.pl
hypemediahdy.net.pl
hypemediahdy.pl
hypemediahdy.waw.pl
i-awazpeople25.pl
i-mzenjdfu.pl
ihypemediahdy.pl
make-upvalleyusastoread.pl
mzenjdfu.com.pl
mzenjdfu.pl
mzenjdfu.waw.pl
storemkg.com.pl
storemkg.net.pl
storemkg.pl
storemkg.waw.pl
verificationaccountls.com.pl
verificationaccountls.net.pl
verificationaccountls.pl
verificationaccountls.waw.pl

# Reference: https://twitter.com/smica83/status/1115174343288545280

etechnocrat.us

# Reference: https://twitter.com/Racco42/status/1115216282670989313

hallos.info

# Reference: https://twitter.com/MisterCh0c/status/1115001122673102848

yolodice.icu

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

vapeegy.com

# Reference: https://twitter.com/Racco42/status/1115259915877146625

e-mailupgrade.com

# Reference: https://twitter.com/malwrhunterteam/status/1115289020421025792

bestpage1.com

# Reference: https://twitter.com/BroadAnalysis/status/731653488443305985

khamsanphukhoa.com.vn

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

gingerandcoblog.com

# Reference: https://twitter.com/illegalFawn/status/1115537607256150016

logger-keyz.tk

# Reference: https://twitter.com/Artilllerie/status/1115556048243437568

subby.xyz

# Reference: https://twitter.com/James_inthe_box/status/1115591879586795521

hot-mail.online

# Reference: https://twitter.com/slayersecurity/status/1115599512758697984

bobbobb1z.com

# Reference: https://twitter.com/pollo290987/status/1115613838689341440

nicholaspring.xyz

# Reference: https://twitter.com/slayersecurity/status/1115902366686031878

klis.icu
notz.icu
qgb.us
shortener.icu
shortit.icu
zvb.us

# Reference: https://twitter.com/JAMESWT_MHT/status/1115926996582830081

nemelyu871.info
s1591e46.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1115928599792640000

instant-payments.ru

# Reference: https://twitter.com/makflwana/status/1115953092090941440

vman23.com

# Reference: https://twitter.com/x42x5a/status/1115980225127571456

freelim.cf

# Reference: https://app.any.run/tasks/34e6fb84-9c9f-4839-8c08-a2db34280b72

younglybae.tk

# Reference: https://twitter.com/KorbenD_Intel/status/1115987185206013953

b02aee36.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1116302275335475201

a.uchi.moe

# Reference: https://twitter.com/tkanalyst/status/1116370690444124160

adpop.xyz

# Reference: https://twitter.com/58_158_177_102/status/1116608652985585670

aupa.xyz
azedizayn.com
aussiescanners.com
fumicolcali.com
sundarbonit.com

# Reference: https://twitter.com/Racco42/status/1116787155710500866

yassra.com

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://www.virustotal.com/gui/domain/appboxlive.host/relations

appboxlive.host

# Reference: https://twitter.com/JAMESWT_MHT/status/1095672902232477697

cytotan.xyz
fatando.pw
srv18427.microhost.com.pl

# Reference: https://twitter.com/devnullek/status/1073159905480183808

favbaby.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

ahgsuy3829.top
best-remit.com
hybypi.xyz
nerdcommunity.top
reballancefreestyle.win

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

chebersto.com
chelkibot.com
jejefolso.com
kalambint.com
karachark.com
kerukiron.com
kurtillon.com
markrelso.com
nintedrer.com
reregaton.com

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

arabicdessert.co
prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

badbigbearr.com
bearbigger.top
beargrizzler.win
dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

lowashemterle.top
yfyke.xyz

# Reference: https://twitter.com/x42x5a/status/1117697750886428672

ahsantiago.pt

# Reference: https://twitter.com/dvk01uk/status/1117752424331190273

licenses-renewal.com

# Reference: https://twitter.com/killamjr/status/1117776513288503296
# Reference: https://www.virustotal.com/gui/domain/netlux.in/relations
# Reference: https://www.virustotal.com/gui/domain/vitalmania.eu/relations

netlux.in
vitalmania.eu

# Reference: https://twitter.com/FewAtoms/status/952884418733072384

gg.usdipc.com

# Reference: https://twitter.com/DynamicAnalysis/status/1117833770332303365

ridihaagroup.com

# Reference: https://twitter.com/FewAtoms/status/1117824449670209536

annaviyar.com

# Reference: https://twitter.com/malware_traffic/status/1117811800395767808

shahkara.com.tr

# Reference: https://twitter.com/HONKONE_K/status/1118035160362913792

new2019.mine.nu

# Reference: https://twitter.com/JAMESWT_MHT/status/1118102912549433345

fineiksus.com

# Reference: https://cofense.com/latest-software-functionality-abuse-url-internet-shortcut-files-abused-deliver-malware/

buyviagraoverthecounterusabb.net

# Reference: https://twitter.com/James_inthe_box/status/1118146373361078272

tshukwasolar.com

# Reference: https://twitter.com/Racco42/status/1118476901876674561

vreau-relatie.eu

# Reference: https://twitter.com/FewAtoms/status/1118588045312368641

http://188.209.52.180

# Reference: https://twitter.com/FewAtoms/status/1118893063219372034

krosnovunderground.se

# Reference: https://twitter.com/ViriBack/status/1119019674006687744

deuor.info/index.php

# Reference: https://twitter.com/ActorExpose/status/1118914631609794561

kulsofttech.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

plenoils.com
sharedrive.top
alkzonobel.com
web2prox.com
webxpo.us
office.webxpo.us
sunny-displays.com
modernizingforeignassistance.net

# Reference: https://twitter.com/malware_traffic/status/1119021844416405504

sunmeter.eu

# Reference: https://twitter.com/ViriBack/status/1119592527106072576

http://185.79.156.15

# Reference: https://twitter.com/James_inthe_box/status/1119758368858468352

gbchb.com

# Reference: https://twitter.com/pancak3lullz/status/1117825748583243776

esko7.cf

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

benelll.com

# Reference: https://twitter.com/pancak3lullz/status/1085189158866378754

liftocean.us

# Reference: https://twitter.com/The_d0c_T0R/status/1120184484312354816

bbkac.com

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

get.extra-files.com

# Reference: https://twitter.com/malwrhunterteam/status/1120969169233690624

187.ip-54-36-162.eu

# Reference: https://twitter.com/devnullek/status/1120708504619290624

news-medias.ru

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

icbegypt.com

# Reference: https://twitter.com/makflwana/status/1121063810289238018

newfield-us.info

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

alspi.cf

# Reference: https://twitter.com/smii_mondher/status/962702751762468866

centropesquisabit.com.br

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

baldorclip.icu

# Reference: https://twitter.com/malwrhunterteam/status/1121095736299597824

geraldgore.com/news/

# Reference: https://twitter.com/malware_traffic/status/1121097028426194944

iblservicosonline.com

# Reference: https://twitter.com/MisterCh0c/status/1121125682032119808

noda-8879.cf

# Reference: https://twitter.com/malware_traffic/status/1061039473448734722

po0o0o0o.com

# Reference: https://twitter.com/coldshell/status/936173677854580736
# Reference: https://pastebin.com/9JfkQ1FX 

accessyouraudience.com
alucmuhendislik.com
awholeblueworld.com
bit-chasers.com
datenhaus.info
hexacam.com
mh-service.ru

# Reference: https://twitter.com/coldshell/status/936588497216995328
# Reference: https://pastebin.com/LRTA7NSn

basedow-bilder.de
centralbaptistchurchnj.org
highlandfamily.org
motifahsap.com
pdj.co.id
pragmaticinquiry.org
schwellenwertdaten.de
shamanic-extracts.biz
team-bobcat.org
troyriser.com

# Reference: https://twitter.com/coldshell/status/894908561855307776
# Reference: https://pastebin.com/dZXyvmvL

adelaidemotorshow.com.au
apositive.be
autoecoleathena.com
autoecoleboisdesroches.com
autoecoledufrene.com
beansviolins.com
cipemiliaromagna.cateterismo.it
firstonetelecom.com
fly2.com.tw
harristeavn.com
heathrowestudios.com
hydronetinfo.com
melting-potes.com
microsom.com
modemagazine.net
new.intranet.wem.fr
patrickreeves.com
potamitis.gr
rosascomendador.com
scoot-mail.net
sixty-six.org
telesolutionsconsultants.com
trombositting.org

# Reference: https://twitter.com/tmmalanalyst/status/891998398462566400

luczki.pl

# Reference: https://twitter.com/x42x5a/status/1121702655464751104

payeer-coin.icu

# Reference: https://twitter.com/FewAtoms/status/1121751424096845831

http://216.170.120.137

# Reference: https://twitter.com/JAMESWT_MHT/status/1121755894511960064
# Reference: https://app.any.run/tasks/c18ca904-42a7-4cda-89ca-8960f38ff406

gcleaner.info
melbettyge.top
refpagdcmr.top
salosvodkoi.ru

# Reference: https://twitter.com/FewAtoms/status/1121780178676527104
# Reference: https://twitter.com/FewAtoms/status/1121096964869959682

http://80.82.66.58

# Reference: https://twitter.com/neonprimetime/status/1121800377727426561

hlggregoriazl.xyz

# Reference: https://twitter.com/QuaestioQuestio/status/1121777747834155012

gatiropimonita.website
updateservice.work

# Reference: https://twitter.com/x42x5a/status/1122096731800375296

fin18.org

# Reference: https://twitter.com/slayersecurity/status/1122137824076148736

basaso.mobi
dpyfo.mobi
enchanted.mobi
ghtc.mobi
hfik.mobi
mobisad.mobi
nefal.mobi
nkdyo.xyz
professional.mobi
rhggy.mobi

# Reference: https://twitter.com/DbgShell/status/1121583280145543168

http://84.200.43.124

# Reference: https://twitter.com/jpcert_ac/status/1121701529847603202

officecrack.gi2.cc

# Reference: https://twitter.com/ViriBack/status/1122527363772887044

90551.prohoster.biz

# Reference: https://twitter.com/hexlax/status/988881472403763200

untorsnot.in

# Reference: https://twitter.com/0x13fdb33f/status/1122544651628576768
# Reference: https://www.kernelmode.info/forum/viewtopic.php?p=32871
# Reference: https://otx.alienvault.com/pulse/5cc6ca1e69cc6cfee80974a7

fusu.icu
keke.icu
letask.me
luru.icu
qoqo.icu
susu.icu
zqfgy.app

# Reference: https://twitter.com/dvk01uk/status/1122803607269773312

findrew.gq

# Reference: https://twitter.com/makflwana/status/1122818381856555010

http://91.243.83.154

# Reference: https://twitter.com/James_inthe_box/status/1122861244023656453

anticcolonial.cf

# Reference: https://twitter.com/x42x5a/status/1122863171222560768

h-drums.cf

# Reference: https://twitter.com/dvk01uk/status/1122702052482846720

ayakkokulari.com

# Reference: https://twitter.com/ScumBots/status/1122874459432599555

s0ft3r.ru

# Reference: https://twitter.com/Racco42/status/1122966809924329472

iceslyt.ru

# Reference: https://twitter.com/Sm0k10/status/1123018192228626443

quo75fbm.club

# Reference: https://twitter.com/dave_daves/status/1123143230852358145

mail-tools.info

# Reference: https://twitter.com/JaromirHorejsi/status/1095328020028628992

nim3.xyz

# Reference: https://twitter.com/FewAtoms/status/1123154922562678784

http://23.249.163.113

# Reference: https://twitter.com/avman1995/status/1035033720489734145

kangnaterayna.com

# Reference: https://twitter.com/x42x5a/status/1123191255679291392

sellingproducts.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123209767135141889

cliniquevoyage.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123214806251646977
# Reference: https://www.virustotal.com/gui/domain/digital-studio.org/details
# Reference: https://app.any.run/tasks/27874df0-5ed8-469e-8a53-0741bb8fca58

digital-studio.org

# Reference: https://twitter.com/x42x5a/status/1123250026883497985

lovemepls.com

# Reference: https://twitter.com/malwrhunterteam/status/1123262864029040641

nathanklebe.com

# Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

http://188.166.74.218
http://45.55.211.79

# Reference: https://twitter.com/makflwana/status/1123465749027225600

http://5.188.231.210

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

auzonet.net

# Reference: https://twitter.com/FewAtoms/status/1123563237084024832

http://155.138.134.133

# Reference: https://twitter.com/ScumBots/status/1122705081953132549

bitwhites.top

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834

frameupds.info

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976

hbr0.icu

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

teleduck.de
zaremedspa.com

# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

individualkipitera.site
individualkipitera24.site
intimorg.xyz
prostitutkivoronezha24.bid
prostitutkiyaroslavlya76.men
prostitutkisoy.com
prostitutki-adlera.xyz
prostitutki-sterlitamaka.xyz
prostitutki-vologdy.xyz
prostitutki-tomska.xyz
prostitutkisochi24.xyz
prostitutki-magnitogorska.xyz
prostitutki-tveri.xyz
prostitutki-kaliningrada.xyz
prostitutki.soy
prostitutkimoskvy.surf
prostitutkiyaroslavlya.xyz
prostitutki-surguta.xyz
prostitutki-izhevska.xyz
prostitutki-permi.xyz
prostitutkikazani.xyz
prostitutkikrasnoyarska.xyz
prostitutkiomska.xyz
prostitutkirostova.xyz
prostitutkiufy.xyz
prostitutkivoronezha.xyz
prostitutki-arhangelska.xyz
prostitutki-biyska.xyz
prostitutki-taganroga.xyz
prostitutki-tambova.xyz
prostitutkipitera.soy
prostitutkivologdy.win

# Reference: https://twitter.com/JayTHL/status/1123591741347704832

92.222.151.63:36437

# Reference: https://twitter.com/JayTHL/status/1123829087913508865

leon-l-atkinson.club

# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

vman23.com

# Reference: https://otx.alienvault.com/pulse/5ccab2b0769cdc85663c84b9

747f9d59.ngrok.io

# Reference: https://twitter.com/x42x5a/status/1123914216665174016
# Reference: https://twitter.com/JAMESWT_MHT/status/1126420676427096065

ccleaner.host
ccleaner.top

# Reference: https://twitter.com/Racco42/status/1123953925831446529

41.231.120.138:7700
http://4more5.67.14.61

# Reference: https://twitter.com/Racco42/status/1123974086970019840

fjlryd.com

# Reference: https://twitter.com/drok3r/status/1124018831444385794

http://185.79.156.23

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

a-7763.com

# Reference: https://twitter.com/SickPeaSec/status/1124078107617574912

http://42.51.65.7

# Reference: https://www.virustotal.com/gui/domain/heheda.tk/relations

heheda.tk

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Tovkater-6956309-0)

dicier.ru
triobol.ru
walforder.ru

# Reference: https://twitter.com/TheMan___TheMan/status/1124526444955295744

http://3.14.6.4

# Reference: https://twitter.com/slayersecurity/status/1124605083554078720

ckssplcom.ga

# Reference: https://twitter.com/FewAtoms/status/1124624471548149761

megaklik.top

# Reference: https://twitter.com/James_inthe_box/status/1124634464447950848

hamriadhurai1.com

# Reference: https://twitter.com/James_inthe_box/status/1124648077627838465

http://106.13.96.196

# Reference: https://twitter.com/VK_Intel/status/1124826957764603905

ghostru.biz

# Reference: https://twitter.com/ViriBack/status/1125145578638389248

umc-tech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (#Win.Malware.Shadowbrokers-6958490-0)
# Reference: https://www.virustotal.com/gui/domain/sex.kuai-go.com/relations

teetah.com
thmqyo.com
iadaef.com
yvyqyr.com
yyhhwt.com
yoiupy.com
abvyoh.com
evoyci.com
nzooyn.com
niulzo.com
meadgz.com
yxpwly.com
cberyk.com
xuvvie.com
nfgesv.com
rjodmz.com
ygjuju.com
iauany.com
zopkpn.com
ubnuov.com
kroqzu.com
uxmaie.com

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1125358634979012613

polaroil.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1125388900862767105

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/pmelson/status/1125070087218659330

anyconnect.stream
bigip.stream
fortiweb.download
kaspersky.science
microtik.stream
owa365.bid
symanteclive.download
windowsdefender.win

# Reference: https://twitter.com/angel11VR/status/1125765188370731009
# Reference: https://app.any.run/tasks/8bee6450-d92c-4a21-8b8e-6dbec1e777e5

joeing2.duckdns.org

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

neperepahano.top

# Reference: https://twitter.com/Jan0fficial/status/1093123191504031746

scanjet.tk

# Reference: https://twitter.com/P3pperP0tts/status/979416398932905985

mdolk.ru

# Reference: https://twitter.com/P3pperP0tts/status/980426489802960897

ponysolution.tk

# Reference: https://twitter.com/x0rz/status/763396946371436544

andmabi.com
redidfe.ru
undwohed.ru

# Reference: https://twitter.com/hexlax/status/740548297723678720

cussocarve.net

# Reference: https://twitter.com/hexlax/status/777967707601895424

tortonrcommt.pw

# Reference: https://twitter.com/hexlax/status/905947662595366913

detrogoldenmayer.com

# Reference: https://twitter.com/teoseller/status/674601023076462596

beamtech-tw.com

# Reference: https://twitter.com/teoseller/status/790919712909697024

zjibingfeng.com

# Reference: https://twitter.com/hexlax/status/803324541858627584

ru-id21387192837.com

# Reference: https://twitter.com/bomccss/status/1125902307030265856

donersonma.com

# Reference: https://twitter.com/executemalware/status/1125818675519459328

58.218.66.168:32221

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

samuelkerns.com

# Reference: https://www.virustotal.com/gui/ip-address/90.103.111.117/relations

iamahackeur.servehttp.com
jesuisunhackeur.servehttp.com

# Reference: https://twitter.com/051R15/status/984704059109093382

jcgloball.org

# Reference: https://twitter.com/dvk01uk/status/1126064949212721152

carlostevez.ga
carlostevez.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1126109441651245057
# Reference: https://app.any.run/tasks/004e0cf9-8b5c-41eb-a7af-d048dcb80608

green.nogel.tech
safa.205dundas.com
ssw.138front.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/

link.fivetier.com

# Reference: https://twitter.com/MisterCh0c/status/1126214464334979074

ftp://computernewb.ml

# Reference: https://twitter.com/VirITeXplorer/status/1126382269646741505

zuisarch.top

# Reference: https://twitter.com/x42x5a/status/1126402234676404225

abscete.info
fopstudios.com

# Reference: https://twitter.com/x42x5a/status/1126395015566102528

bluedahab.ga

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

effe-erre.es
sigaingegneria.com

# Reference: https://twitter.com/JayTHL/status/1126254567568695301

fuckchriscollingsworth.com

# Reference: https://twitter.com/DissectMalware/status/1126384963497205762

http://51.89.0.134

# Reference: https://otx.alienvault.com/pulse/5cd3f89df12b501c477a6fba

vision2030.cf
vision2030.tk

# Reference: https://twitter.com/malwrhunterteam/status/1126438072047099905
# Reference: https://twitter.com/malwrhunterteam/status/1126443181879459842
# Reference: https://twitter.com/malwrhunterteam/status/1126450000425361408

abidefr.com
ambertut.com
profile.sandoct.com
sagdao.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126435324530503680

binnatto.de
megaklik.top
uzocoms.eu
venzatechi.online

# Reference: https://twitter.com/ActorExpose/status/1126448541637984256

can25.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126476203253280773

ezeada.site

# Reference: https://twitter.com/James_inthe_box/status/1126487574317490179

aotiahua.com

# Reference: https://twitter.com/James_inthe_box/status/1126590019269840896

farmfit.ru

# Reference: https://twitter.com/dvk01uk/status/1126726101055574016

xzhch.ml

# Reference: https://app.any.run/tasks/b9d22ade-b917-421b-a117-e514d56fefd5
# Reference: https://www.virustotal.com/gui/domain/ndtst.com/details

ndtst.com

# Reference: https://twitter.com/dvk01uk/status/1121281997643636736
# Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf

nxgenbiz.us

# Reference: https://twitter.com/dvk01uk/status/1118559250471628800

terryhill.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1126803185753047040

gcleaner.info

# Reference: https://twitter.com/malwrhunterteam/status/1126808002986639361

rapport.lcto.lu

# Reference: https://twitter.com/x42x5a/status/1126832160936214529

soksanhotels.com

# Reference: https://twitter.com/dave_daves/status/1126840642485784576

mecharniser.com

# Reference: https://twitter.com/James_inthe_box/status/1126846840060571648

vasinvestment.tk

# Reference: https://twitter.com/ViriBack/status/1126992620310470656

iujoaqstqiywertgpu.club

# Reference: https://twitter.com/ViriBack/status/1127224259837878273

phumyhunggiatot.com

# Reference: https://twitter.com/daphiel/status/1123927542149328896

blanki-shabloni24.ru
icq.chatovod.info
medialeaks.icu
superjob.icu
women-history.me

# Reference: https://twitter.com/malware_traffic/status/810966197881671680
# Reference: http://malware-traffic-analysis.net/2016/12/19/index.html

talhanterbutres.top
srugbah.com

# Reference: https://twitter.com/pancak3lullz/status/1022845906041929728

asterixenergy.in

# Reference: https://twitter.com/pancak3lullz/status/746337709774430208

camera-test.hi2.ro
summerr554fox.su

# Reference: https://twitter.com/FewAtoms/status/1127531654019334144

222.187.238.16:2020

# Reference: https://twitter.com/ActorExpose/status/1127565211832135681

webarconet.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1127927901725306881

rabbitscafenyc.com
rerplan.tk
ttreface.tk

# Reference: https://twitter.com/malware_traffic/status/1128019457966735360

dhlexpress.club

# Reference: https://twitter.com/ActorExpose/status/1128018026673131521

double-minded-elect.000webhostapp.com

# Reference: https://twitter.com/ActorExpose/status/1128004155673542657

ryselis.xyz

# Reference: https://twitter.com/ActorExpose/status/1128017378518892544

aquilesarocaltda.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1128214459334500353

sonofgraceoffice.website

# Reference: https://twitter.com/dvk01uk/status/1128239904402694144

modipond.gq

# Reference: https://twitter.com/dvk01uk/status/1128286894553489408

terryhill.top

# Reference: https://twitter.com/JayTHL/status/1128405725888307200

maketheswitch.ca

# Reference: https://twitter.com/58_158_177_102/status/1128310206327283713

mondayis.info

# Reference: https://twitter.com/virusbtn/status/1128556881079930881

ezinebachelor.top

# Reference: https://twitter.com/ViriBack/status/1128828811796242433

187.ip-54-36-162.eu

# Reference: https://twitter.com/Racco42/status/1128955163023171584

myscs.ca

# Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232

ybtvmt.info

# Reference: https://twitter.com/x42x5a/status/1128995801286492162

tandf.xyz

# Reference: https://twitter.com/pancak3lullz/status/1129392247924035584

brsystem1000k33.com

# Reference: https://twitter.com/James_inthe_box/status/1129452679250321408

officeboss.xyz

# Reference: https://app.any.run/tasks/4a96e0a9-8b6a-46ac-8e31-5d7d6a417720/

asnkar.me

# Reference: https://twitter.com/dave_daves/status/1129401061696036864

http://13.58.74.46

# Reference: https://twitter.com/James_inthe_box/status/1129514888148086784

botonbot.net
ruit.live

# Reference: https://twitter.com/malware_traffic/status/1129758980585283584

alimstores.com

# Reference: https://twitter.com/Jouliok/status/1129662977664274432

microsoft-products.com
228276216.net

# Reference: https://twitter.com/ActorExpose/status/1130119521770102791

thenewsystemsetup.online

# Reference: https://www.virustotal.com/gui/url/a23b74470167c11d15f0ece4f0859c10f411a21f895836a7df383a87ce857930/detection

android-fanatics.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130401062710648832
# Reference: https://app.any.run/tasks/e4f79fa5-1908-4791-8e49-bd966a4ff139/

maso.at

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclick.live

# Reference: https://twitter.com/dave_daves/status/1130465690740232193

gdres.tk

# Reference: https://twitter.com/FewAtoms/status/1130496077759746050

mnsoorysoemsystems.com

# Reference: https://twitter.com/James_inthe_box/status/1130541505356095488
# Reference: https://pastebin.com/LFHR1XX1

absentselection.icu
chargement-pro.icu
commande.icu
commandeapp.icu
commandehq.icu
commandehub.icu
commandelabs.icu
continentaltourist.icu
document-joint.icu
documentpro.icu
emaillabs.icu
emailly.icu
opencommande.icu
proapp.icu
prohq.icu
standardpopulation.icu

# Reference: https://twitter.com/ActorExpose/status/1130199745287413760

mywegsite.com

# Reference: https://twitter.com/dvk01uk/status/1130735131793207296

handuruz.cf
handuruz.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304

office365-cloud5.com
office365-cloud5.space

# Reference: https://twitter.com/ViriBack/status/1130814960517427201

carsitxal.tk

# Reference: https://twitter.com/James_inthe_box/status/1130882574853632002

http://82.221.139.139

# Reference: https://twitter.com/ViriBack/status/1131000954613108737

http://54.37.141.202

# Reference: https://twitter.com/FewAtoms/status/1131234678550220805

faqshub.xyz

# Reference: https://twitter.com/ViriBack/status/1131318550759641088

lucid44.xyz

# Reference: https://twitter.com/ViriBack/status/1131542334850699264

modestworld.top

# Reference: https://twitter.com/James_inthe_box/status/1131717489824428032
# Reference: https://www.virustotal.com/gui/domain/baihes.com/relations
# Reference: https://www.virustotal.com/gui/domain/coipip.com/relations

baihes.com
coipip.com

# Reference: https://twitter.com/blackorbird/status/1131790385884278784

asia-kunsthandwea1-online.com
kkrudy.com

# Reference: https://twitter.com/x42x5a/status/1131822281452380160
# Reference: https://twitter.com/James_inthe_box/status/1131855420073496576

airliness.info
donaldcity.club
nevernews.club

# Reference: https://twitter.com/James_inthe_box/status/1131927201496961024

tryfast-v52.cf

# Reference: https://twitter.com/FewAtoms/status/1131961073219899394

http://82.221.139.139
eyeseepotential.com

# Reference: https://twitter.com/Racco42/status/1132056583293329408

eurogov.pw

# Reference: https://twitter.com/BroadAnalysis/status/880488094277009408

batbetorzen.com

# Reference: https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/

51.255.101.144:4444
twitter.com-users.info

# Reference: https://twitter.com/HONKONE_K/status/1132892192719101952

naiei-aldiel.16mb.com

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclicks.live

# Reference: https://twitter.com/JAMESWT_MHT/status/1133024098542604288

ethchain.live

# Reference: https://twitter.com/x42x5a/status/1133025211606077440

ethmoney.live
ethcrypto.live
ethpromo.live
ethmoney.club
ethmoney.club

# Reference: https://twitter.com/jorgemieres/status/1133052016568274950

vbtz.cf

# Reference: https://twitter.com/FewAtoms/status/1133059049887604737

vaddesobhanadri.com

# Reference: https://twitter.com/cybsecbot/status/1133275353349316610

gettyimages-okta.com
harpercollins-okta.com
login-hulu.com
dropbox-apps.com
webmail-premierpr.com

# Reference: https://twitter.com/dvk01uk/status/1133294737006518272

oliver-khan.tk

# Reference: https://twitter.com/HONKONE_K/status/1133205335877885952

ip1.qqww.eu

# Reference: https://twitter.com/Racco42/status/1133330864216133632

secureserverftp.xyz

# Reference: https://twitter.com/ActorExpose/status/1133339071630204928

ntexplorerlite.com

# Reference: https://twitter.com/MalwarePatrol/status/1133417154009870337

banner.poker.williamhill.com

# Reference: https://twitter.com/MalwarePatrol/status/1133054765573844993

attachments.goapk.com

# Reference: https://twitter.com/MalwarePatrol/status/1132692376848281600

img2.img.9xiu.com

# Reference: https://twitter.com/tkanalyst/status/1133505361145556993

makemoneyeasy.live

# Reference: https://app.any.run/tasks/324f1dc9-5cce-42b4-bec0-f572b37bedfa/

kentona.su

# Reference: https://twitter.com/raby_mr/status/1133347073154097153
# Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
# Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/ip-address/185.142.97.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.182.200.111/relations

185.142.97.228:65233
217.182.200.111:21
217.182.200.111:35046
217.182.200.111:35579
217.182.200.111:35829
217.182.200.111:35348
http://217.182.200.111

# Reference: https://twitter.com/SickPeaSec/status/1133660498023501824

129.204.248.16:65534

# Reference: https://twitter.com/JAMESWT_MHT/status/1133701006238375937

anmcousa.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1133691719348830208

bobbyworld.top

# Reference: https://twitter.com/P3pperP0tts/status/1133897358402564096

http://193.32.161.77

# Reference: https://twitter.com/dvk01uk/status/1133950202233200640

amanihackz.com

# Reference: https://twitter.com/SoulRage6/status/1133994359987277831

http://84.38.135.164

# Reference: https://twitter.com/JAMESWT_MHT/status/1134050405430808577
# Reference: https://app.any.run/tasks/f1a352c4-1174-41bb-809f-ab4ed0b6be7c/

redinqtongvlftadf.xyz

# Reference: https://twitter.com/MalwarePatrol/status/1134141928541446146

tripdownload.com

# Reference: https://twitter.com/FewAtoms/status/1134146787953000449

moonday-v54.tk

# Reference: https://twitter.com/SickPeaSec/status/1134180182544093186

190.37.209.37:3569

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

sj81helmer.top

# Reference: https://twitter.com/BleepinComputer/status/1134227276101554176

up-date.to

# Reference: https://twitter.com/VK_Intel/status/1134606562180382720

li888-183.members.linode.com

# Reference: https://www.virustotal.com/gui/domain/swtest.ru/relations

[a-z0-9]{10}\.temp\.swtest\.ru

# Reference: https://twitter.com/ViriBack/status/1134912329597050880

sm.rooderoofing.com.au

# Reference: https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360/

big-partynew.ru

# Reference: https://twitter.com/MalwarePatrol/status/1135410287992025088

www8.piaodown.com

# Reference: https://twitter.com/securiteoff/status/740562516699447296
# Reference: https://www.virustotal.com/gui/domain/lasersteam178.ru/relations

lasersteam178.ru

# Reference: https://twitter.com/pancak3lullz/status/748146742571372544
# Reference: https://www.virustotal.com/gui/domain/19891108.info/relations

19891108.info

# Reference: https://twitter.com/Jouliok/status/1135293849314693126

http://82.221.139.139

# Reference: https://twitter.com/dms1899/status/1135693930492829696

proapp.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1135825545038401536

ar-energyservice.com

# Reference: https://www.virustotal.com/gui/domain/yourdocument.biz/relations

yourdocument.biz

# Reference: https://twitter.com/eComscan/status/1136181192796061697

dns-forwarding.com

# Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dnsedc.com

# Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dellnewsup.net

# Reference: https://twitter.com/0xrb/status/1135869164239769601 (# root domain)

yiffgallery.xyz

# Reference: https://www.virustotal.com/gui/domain/sportsnewsa.net/relations

sportsnewsa.net

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/

bazar.services
ds38.test-hf.su

# Reference: https://twitter.com/James_inthe_box/status/1136631137571237888

mysecrethope.com

# Reference: https://twitter.com/benkow_/status/1136623836936495104

china-hql.com

# Reference: https://twitter.com/FewAtoms/status/1136672182967439361

yonghonqfurniture.com

# Reference: https://twitter.com/malware_traffic/status/1136682537005305858

flash2019.xyz

# Reference: https://twitter.com/ViriBack/status/1136695799818215424

cvbt.ml

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

http://209.141.46.175
http://54.36.218.96

# Reference: https://twitter.com/KorbenD_Intel/status/1136765613412671488

ddl7.data.hu

# Reference: https://twitter.com/dave_daves/status/1137001089088315392

http://212.73.150.157

# Reference: https://twitter.com/VK_Intel/status/1137003147887566848

gstestat.com

# Reference: https://twitter.com/MalwarePatrol/status/1137041033609584640

vilamax.home.pl

# Reference: https://twitter.com/James_inthe_box/status/1137067993739943937

http://45.76.37.123
melirossa-shop.xyz
zipmatchpost.net

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

regwide.club
streetsave.club

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

keuhne-negal.com

# Reference: https://www.virustotal.com/gui/domain/panasocin.com/relations

panasocin.com

# Reference: https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
# Reference: https://www.virustotal.com/gui/ip-address/176.103.48.228/relations

http://176.103.48.228
baranevents.com
baranweddings.com
ctifsouteni.icu
etapportert.icu
ffrirbesoin.icu
hrhuae.com
ielassocier.icu
ourmazdcompany.net
samaste.net
sarahelizabethjewelry.com

# Reference: https://twitter.com/P3pperP0tts/status/1138360072168509440
# Reference: https://twitter.com/P3pperP0tts/status/1138373736187518977
# Reference: https://app.any.run/tasks/d9984618-81f4-48e5-883e-ee5591d73483/

qxyl.date
148.70.57.37:878
148.70.57.37:3

# Reference: https://twitter.com/P3pperP0tts/status/1138352249007222784
# Reference: https://twitter.com/P3pperP0tts/status/1140603446921433090

47.112.130.235:258
47.112.130.235:280

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

http://176.105.252.168

# Reference: https://otx.alienvault.com/pulse/5cff9b9b7a111ab1f15d7819
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/

139.180.199.167:1012
45.32.28.187:1012

# Reference: https://twitter.com/James_inthe_box/status/1138440424765288454
# Reference: https://www.virustotal.com/gui/domain/hognoob.se/relations

hognoob.se
fid.hognoob.se
haq.hognoob.se
pxi.hognoob.se
pxx.hognoob.se
uio.hognoob.se
q1a.hognoob.se
upa1.hognoob.se
upa2.hognoob.se

# Reference: https://twitter.com/FewAtoms/status/1138477829434351624

2be431d7.ngrok.io
niggalife.5gbfree.com
sheddy.5gbfree.com

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

46fordhamavenue-camberwell.com
haveahealthy.life
homepage-iclouds.com

# Reference: https://twitter.com/bomccss/status/1138620211140030464

elievarsen.ru

# Reference: https://twitter.com/HarioMenkel/status/1138725169323790336

bluecornerblog.xyz

# Reference: https://www.virustotal.com/gui/ip-address/121.41.39.145/relations

121.41.39.145:7149
http://121.41.39.145

# Reference: https://twitter.com/James_inthe_box/status/1138930135548157952

http://5.206.226.15

# Reference: https://twitter.com/FewAtoms/status/1139177275977555970

sripipat.com

# Reference: https://twitter.com/James_inthe_box/status/1139206166385348613

138.68.16.227:8080

# Reference: https://twitter.com/yvesago/status/1139209832014274562

fujielectric.cf

# Reference: https://twitter.com/P3pperP0tts/status/1139277669575659529

182.254.220.148:88

# Reference: https://twitter.com/gorimpthon/status/1139351204540977152
# Reference: https://app.any.run/tasks/51d14dec-d0de-4718-b5f1-3ae489013df9/

185.106.122.120:80
185.140.248.17:80

# Reference: https://twitter.com/58_158_177_102/status/1139369225863065602

185.164.72.213:80

# Reference: https://twitter.com/dave_daves/status/1139509798926467073
# Reference: https://twitter.com/FewAtoms/status/1139608798119768065

adl-groups.com
deluxerubber.com
greatmischiefdesign.com

# Reference: https://twitter.com/MalwarePatrol/status/1139758944224731141

a0310625.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1139841634655277056

check511.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1140333563319128064

222.186.172.44:9

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

785sou.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1140525091110998017

mondaydrem.ru

# Reference: https://twitter.com/x42x5a/status/1140530422172045312

storage.alfaeducation.mk

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568
# Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/

sventiskai.lt
45.67.14.157:80

# Reference: https://twitter.com/nullcookies/status/1140780769914302467

belllflight.com

# Reference: https://twitter.com/VirITeXplorer/status/1140875655955079168

btta.xyz

# Reference: https://twitter.com/papa_anniekey/status/1140825590632570880

blogmason.mixh.jp

# Reference: https://twitter.com/luc4m/status/1140928778799124482

http://185.230.161.116

# Reference: https://twitter.com/malware_traffic/status/1141083006574178304

tor2net.com

# Reference: https://twitter.com/58_158_177_102/status/1141226169720815616

bibicity.ru

# Reference: https://twitter.com/James_inthe_box/status/1141326136212766720

http://185.158.248.80

# Reference: https://twitter.com/James_inthe_box/status/1141429831688605697

joeing.duckdns.org

# Reference: https://twitter.com/SecurityGuyPhil/status/1141466335592869888
# Reference: https://twitter.com/ItsReallyNick/status/1141517097991835648
# Reference: https://otx.alienvault.com/pulse/5d0aeb6260c8332e03da9063

89.34.111.113:443
185.49.69.210:80

# Reference: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

http://185.162.131.92
http://185.49.71.101

# Reference: https://twitter.com/P3pperP0tts/status/1141611364953337856

94.191.94.149:8080

# Reference: https://twitter.com/P3pperP0tts/status/1141961999796113408
# Reference: https://twitter.com/FewAtoms/status/1144567670555254787

103.45.174.46:81
103.45.174.46:8080

# Reference: https://twitter.com/James_inthe_box/status/1142005711808765952

jplymell.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

crypy.top

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
# Reference: https://www.virustotal.com/gui/ip-address/45.67.14.179/relations

http://45.67.14.179

# Reference: https://twitter.com/peterkruse/status/1141993808105811968

proyectobasevirtual.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142065672387792896

makemoneyeasywith.me

# Reference: https://twitter.com/James_inthe_box/status/1140768910465101824

aeg.tmc.mybluehost.me

# Reference: https://twitter.com/FewAtoms/status/1142143526165073920

http://185.82.200.189

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Zusy-6995723-0)

brureservtestot.cc
qytufpscigbb.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Trojan.Shiz-6994953-0)
# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Packed.Shiz-7945013-0)

cilupakuquk.eu
cilynitiseg.eu
cinazetybiq.eu
ciqehefitij.eu
dikuvizigiz.eu
fodavibusim.eu
foxofewuteq.eu
gaherobusit.eu
gahoqohofib.eu
ganazywutes.eu
ganovowuqur.eu
jenupydaces.eu
kemimojitir.eu
keraborigin.eu
kerijudacyj.eu
lygowunezep.eu
lykemujebeq.eu
lyruterodiq.eu
lyvoguraxeh.eu
magofetequb.eu
masafytunux.eu
nojepofyren.eu
norumikemem.eu
novacofebyz.eu
nozapekidis.eu
pumumagojef.eu
pupucuvymup.eu
qeburuvenij.eu
qegefavipev.eu
qeguxylevus.eu
qekusagigyz.eu
qeqotogemet.eu
qexusulakiq.eu
ryciqavuqav.eu
rytahagemeg.eu
tufamugevih.eu
tunarivutop.eu
tunupegirec.eu
tupazivenom.eu
tuwypagupeb.eu
vocupotusyz.eu
vopycyfutoc.eu
xubifaremin.eu
xuboninogyt.eu
xudevunymex.eu
xukafinezeg.eu
xuxetiryqem.eu

# Reference: https://twitter.com/P3pperP0tts/status/1142248371631140867

http://149.202.29.67

# Reference: https://twitter.com/executemalware/status/1141882448063737857

blogmason.mixh.jp

# Reference: https://twitter.com/DissectMalware/status/1142979828339150850

aesculapius.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1143142047987195904

baidu.wookhost.me

# Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/

mechanicaltools.club

# Reference: https://twitter.com/killamjr/status/1110889738653913089

valdez.pw

# Reference: http://vxcube.com/tools/domain/mailsa-qau.com/relate_iocs

153-66-11-33.com
154-65-22-26.com
154-65-22-29.com
154-66-11-33.com
154-66-21-29.com
154-66-21-30.com
154-66-21-33.com
154-66-22-29.com
anima-sana.cz
askdrthomas.com
beetfeetlife.bit
btoaspa.xyz
canadianposcorp.com
chaibuckz.com
checkmyurls.com
cognitionclassroom.com
dual-it.com
fastandup.co.in
fin-plcukltd.com
gracesandoval.com
id-19190249012904912904190249129490219049129419.pro
intecwi.org
internettenparakazanma.org
istanbulside.net
ivanajankovic.com
jointings.org
kitcross.ca
llkty.gq
masee.info
mcnconstruction.net
mincoindia.com
onlinemail.kz
ox2ybk1nf4muo3.net
pekip-und-mehr.de
pilarrakyat.com
propertiesfirst.com
rencontres-idf.fr
sewardsfollybarandgrill.net
shawneklassen.com
theevanescense.com
tiltangeomatics.tk
trafficartspace.com
unlaca.info
unlaca.net
unlaca.org

# Reference: https://twitter.com/killamjr/status/1143498263892582402

deserv.ie/gunie/

# Reference: https://twitter.com/JAMESWT_MHT/status/1143514933646245889

up-dates.to
svarog-jez.com

# Reference: https://www.lacework.com/cve-2019-3396-poc-deep-dive/
# Reference: https://otx.alienvault.com/pulse/5d12356ce0b0b1db4062231e

http://37.44.212.223
51.15.56.161:201
68.183.164.16:2121
jukesbrxd.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1143539589849767936

selly.duckdns.org

# Reference: https://twitter.com/OttoScav/status/1143567557649154048

birthdayeventdxb.com
cscuniversal.com

# Reference: https://twitter.com/malware_traffic/status/1143624752956940288

kooovaqas.biz
naaleazas.net
rogojaob.info
vaxeiayas.mobi
oltaeazas.mobi
amlivaias.us
ijcaiatas.name
ufayubja.me

# Reference: https://twitter.com/luc4m/status/1143808322430218241

aeg.tmc.mybluehost.me/xx/

# Reference: https://twitter.com/MalwarePatrol/status/1140664914417205249

cloud.xenoris.fr

# Reference: https://twitter.com/neonprimetime/status/1116754139281805317

eventricity.biz

# Reference: https://twitter.com/FewAtoms/status/1144223806195716098

mikejesse.top

# Reference: https://twitter.com/h4ckak/status/1144173749056315392

http://217.163.23.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1144238644460433408

qwerty123456.space

# Reference: https://twitter.com/sniko_/status/1144454852698705924

digidick.xyz

# Reference: https://twitter.com/x42x5a/status/1144554536809435136

42.51.194.10:81

# Reference: https://twitter.com/x42x5a/status/1144559810123370496

http://114.118.80.241
114.118.80.241:8081

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

natchotuy.com

# Reference: https://twitter.com/FewAtoms/status/1144636921437655041

http://123.207.143.211

# Reference: https://twitter.com/The_d0c_T0R/status/1144640214293520385

http://47.95.252.24

# Reference: https://twitter.com/malware_traffic/status/1144726582596186120
# Reference: https://www.malware-traffic-analysis.net/2019/06/28/index.html
# Reference: https://twitter.com/malware_traffic/status/1144027142696656896

thetechhaus.com
ntri.triplegconsults.com
green.mattingsolutions.co
ruscacademy.in

# Reference: https://twitter.com/Bank_Security/status/1115131039511396352
# Reference: https://www.malware-traffic-analysis.net/2019/04/05/index.html
# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
snap.cr-acad.com
static.spillpalletonline.com
tops.sineadholly.com

# Reference: https://twitter.com/Paladin3161/status/1144641457992556546

119.188.250.55:8080

# Reference: https://twitter.com/dineshdina04/status/1008621004896198657
# Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/

111.73.46.110:2233

# Reference: https://twitter.com/ViriBack/status/970443789234929664

cajo.com.au

# Reference: https://twitter.com/TelecomixSyria/status/301863376395587584
# Reference: https://www.virustotal.com/gui/domain/syrian-martyrs.com/details

syrian-martyrs.com

# Reference: https://twitter.com/ViriBack/status/1145040024297181186

mimiplace.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/rarog/c2_w_timestamps.csv (# root domains)

0100.name
111orion.xyz
1gq.ru
4spirin.pw
5max.xyz
7bog.ru
abibletit.ru
accbmosol.com
admina.xyz
adminbtc.ru
albertsrun.xyz
badboy.pw
banddos.ru
bcjsoinlsidun3.eu
bdwiki.ru
bfvvsdfvjbvcdg.pw
billionaireboys.pw
bitcoin.lisx.ru
bitoklg.ru
bizmailcon.ru
bjkdfhbvvr.pw
bldimablog.xyz
bnknw.pw
bsdfbsadjfb.pw
bsdfksbdfj.pw
bsdfvsh.pw
btc-db.com
btchash777.ru
btcminergate.ru
bvjhsdvbfjsd.pw
centralfargo.com
checkingsite.site
checkmeout.ru
chvpobidno.com
cryptongram.org
cryptopoly.pw
csgotrade.vip
csobik.xyz
dcr048dd.ru
dedpanel.xyz
def397.pw
dfgsfdkj3jk4h5.ru
dfsfgsdfg.pw
digital-game.ru
dismay.pw
doomed.cf
dratuti.info
drujbanu.pw
enable.pw
enigma-top.bid
euirterhgt.pw
f1eriya.pw
fl-god.pw
games-revi.ru
getdownload4812.ru
ghjdthrf.tk
googleanalistics7431.ru
gopanel.ru
gslll.ru
hfyljv.ru
highwrite.ru
hjbkfwejhkfbj2334f.pw
hjdskyewljfdn.pw
hlebb.pw
how-to-how.club
hsnqy2no.host
ibsmoney.ru
igogos.ga
incor.xyz
itemsbet.com
itsmydomain.xyz
jackblack.pw
jisec.xyz
kdjsnbfgkjdf.pw
kefirsports.xyz
kevyank.ru
kiras.kz
kolokolchik.info
kopilka.io
kwam.gdn
land-seo.ru
lkasdjfklhngn.pw
m234.xyz
macadmin.xyz
mainivent.xyz
malmine.ru
maxpinezzz.ru
microtrend.xyz
min2rarllsknfoeihe.ru
minerarog.xyz
minergood.ru
minerhash.pw
minetbot.online
money-exchanger.info
mousehous.gdn
moy-mayner.ru
mrgap.pw
mybblog.xyz
mynebo7.xyz
mysuperprojectnumone.xyz
nbvnfuyjft567uygvhgfc.pw
nebuchadnezzar.xyz
newmine.ru
norfest1x.win
o4kobati.xyz
odmenarmi9z.site
plastileen.pw
poiwebm.ru
rand0msh1tm1n3r.xyz
rar740.xyz
rarog-cobetchik.ru
raznospower.ru
realbarbos.life
realtek.website
recheckmail24.ru
rikimaru7.pw
rrealstats.ru
rublikzarabotok.com
sadating.xyz
sanya330.pro
sdbfhjbsdfjh.pw
sdfbdsfjhkbgdf.pw
sdfvbshgdvf.pw
shilo.ml
soft-portal.kz
spaceman07.ru
spiridus.pw
staglion.pro
stingtek.com
sychost.com
system-analyse.win
tapblackmoney.pw
tiberious.xyz
torprojectonioncheck.com
tyha84.info
ugrym.pw
vergames.ru
webbserfer.ru
wilhost.com
wolframalpha.pw
wwqrwwwreewrqwer.xyz
xgames.su
xyw.space
zerstoren.pro
zloki.pw

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations

11fhfh.com
11xhxh.com
11xjxj.com
123dmdm.com
123fhfh.com
123hyhy.com
123jjyy.com
123kbkb.com
123xhxh.com
123xjxj.com
123xmxm.com
123xxbb.com
123yybb.com
22ctct.com
22fhfh.com
22hyhy.com
33dmdm.com
33jjyy.com
33xjxj.com
33xxaa.com
44ctct.com
44dmdm.com
44fhfh.com
44jjyy.com
44qxqx.com
44xhxh.com
44xjxj.com
44xmxm.com
44xxaa.com
44xxpp.com
520dmdm.com
520fhfh.com
520qxqx.com
520ssbb.com
520xhxh.com
520xjxj.com
520xmxm.com
55dmdm.com
55fhfh.com
55jjyy.com
55qxqx.com
55sdsd.com
55xhxh.com
55xjxj.com
55xxaa.com
55xxpp.com
628ai.com
6688cdn.com
66bbmm.com
66dmdm.com
66fhfh.com
66hyhy.com
66jjyy.com
66qxqx.com
66xhxh.com
66xjxj.com
66xxaa.com
66xxpp.com
6ctct.com
77dmdm.com
77hyhy.com
77xhxh.com
77xxaa.com
7ctct.com
7ufuf.com
888dmdm.com
888fhfh.com
888hbhb.com
888kbkb.com
888mbmb.com
888xhxh.com
888xjxj.com
888xmxm.com
88cscs.com
88ctct.com
88dmdm.com
88fhfh.com
88jjyy.com
88mkmk.com
88xhxh.com
88xjxj.com
88xxpp.com
890ai.com
898ai.com
999dmdm.com
999fhfh.com
999kbkb.com
999xhxh.com
999xjxj.com
999xmxm.com
99bbmm.com
99dmdm.com
99fhfh.com
99jjyy.com
99ppss.com
99xhxh.com
99xjxj.com
99xxpp.com
avav99.com
bcbc11.com
bcbc22.com
btbt33.com
btbt44.com
btbt77.com
didi22.com
gbgb11.com
gbgb66.com
mbmb55.com
mbmb99.com
nbnb33.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations

5444666.com
lh590.com
lh65.com
lh660.com
lh993.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.105/relations

1122sb.com
1188sb.com
629k.com
yh558877.com

# Reference: https://twitter.com/FewAtoms/status/1145357973579083778

securefilesdatas23678842nk.cf

# Reference: https://app.any.run/tasks/8df63024-05d4-4d67-bea9-ecdb1b9884a7/

nixtin.us

# Reference: https://twitter.com/ViriBack/status/1145366573898747905

http://190.97.166.189

# Reference: https://twitter.com/JayTHL/status/1145425745315008516

flavorizedjuice.de

# Reference: https://twitter.com/0bfusCat/status/1145269019374698496

http://31.207.34.129

# Reference: https://twitter.com/luc4m/status/1145650430476783617

http://23.249.167.147

# Reference: https://twitter.com/malware_traffic/status/1145793372126416897

http://31.184.252.188
cellfom.com
chungfamily.us

# Reference: https://twitter.com/david_jursa/status/1146014269940609025

beahero4u.com

# Reference: https://twitter.com/ps66uk/status/1146090626498347009

holahospice.org
john1715.com

# Reference: https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (# CVE-2017-11774)
# Reference: https://twitter.com/obiwanblee/status/1146152208976584704
# Reference: https://otx.alienvault.com/pulse/5d1bb4b9a3f21fdc4d509f47

customermgmt.net

# Reference: https://twitter.com/James_inthe_box/status/1146183202467303424

xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/community

rainbowtrade.net

# Reference: https://twitter.com/James_inthe_box/status/1146446614367576065

bonus-ssl.com

# Reference: https://twitter.com/malware_traffic/status/1146503887215636480

cohen-nicoleau.com
mkzd.ru

# Reference: https://twitter.com/alex_lanstein/status/1146073296502501376

http://185.222.58.151

# Reference: https://twitter.com/killamjr/status/1146521318503964678

equipmnts.com

# Reference: https://www.virustotal.com/gui/domain/alcatelupd.xyz/relations

alcatelupd.xyz

# Reference: https://www.virustotal.com/gui/domain/symcorp.xyz/relations

symcorp.xyz

# Reference: https://twitter.com/FewAtoms/status/1146804894785056768

http://35.230.88.182

# Reference: https://twitter.com/James_inthe_box/status/1146896227000209408

http://92.119.113.32
xzshadows13.icu

# Reference: https://twitter.com/anyrun_app/status/1147040289300910080

ciber1250.gleeze.com

# Reference: https://twitter.com/VK_Intel/status/1147276748331081728
# Reference: https://www.virustotal.com/gui/domain/jsc0nten1maker.com/details

jsc0nten1maker.com

# Reference: https://twitter.com/benkow_/status/1147443642728103936

trading-secrets1.ru

# Reference: https://twitter.com/FewAtoms/status/1147484142218752002

janavenanciomakeup.com.br

# Reference: https://twitter.com/P3pperP0tts/status/1147540932490719233

58.218.66.92:1990
xdzzt.cn

# Reference: https://twitter.com/pancak3lullz/status/748521146321035264

htver.com

# Reference: https://twitter.com/FewAtoms/status/953966104887676928

gaming4life.org

# Reference: https://twitter.com/p5yb34m/status/1147269466293592064

servicess.online

# Reference: https://twitter.com/FewAtoms/status/1147829136146219009

bizimedebiyatimiz.com

# Reference: https://www.virustotal.com/gui/domain/metoristrontgui.info/relations

metoristrontgui.info

# Reference: https://www.virustotal.com/gui/domain/forstraus.co/relations

forstraus.co

# Reference: https://twitter.com/seguridadyredes/status/1054112048559329282

printnow.club

# Reference: https://twitter.com/P3pperP0tts/status/1148122871883030528

http://118.89.185.104
111.231.142.229:9921

# Reference: https://twitter.com/david_jursa/status/1148199946618732544
# Reference: https://app.any.run/tasks/839a2d29-1bf5-4d54-bd12-e179f9d1154f/

104.203.92.254:8080

# Reference: https://twitter.com/vigilantbeluga/status/1148118035581960193

expressdatings.info
herasimaonline.biz
ohso.site

# Reference: https://twitter.com/jeromesegura/status/1006616151118397440

feelingsdi.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912

fpayyhh.com

# Reference: https://twitter.com/malware_traffic/status/1148330383634812933

sgbzw12y.club
hlilaf44erick.xyz
kherthax0yua.info

# Reference: https://twitter.com/JayTHL/status/1118595885208866819
# Reference: https://twitter.com/JayTHL/status/1118650213084872705

helplog[0-9]{3,4}\.(ml|ga|gq|tk|cf)

# Reference: https://twitter.com/FewAtoms/status/1148623685412110336

creativecompetitionawards.gq

# Reference: https://twitter.com/x42x5a/status/1148603527444480000

obichereu.website

# Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632

111.30.107.131:228

# Reference: https://twitter.com/James_inthe_box/status/1148598156109799425

http://34.214.24.187

# Reference: https://twitter.com/James_inthe_box/status/1148652274727575558

apertona.com

# Reference: https://twitter.com/benkow_/status/1128639735960875010

abovethecrowd.site

# Reference: https://twitter.com/benkow_/status/1148658101463203841

ubercoupon.site

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/
# Reference: https://www.virustotal.com/gui/ip-address/195.154.255.174/relations

http://194.109.206.212
http://195.154.255.174
http://46.165.250.224
http://162.247.74.200
http://178.17.171.78
http://188.138.88.42
http://204.85.191.9
http://23.129.64.207
http://91.203.146.126

# Reference: https://twitter.com/Ledtech3/status/1148883757094645760

http://5.56.133.137

# Reference: https://twitter.com/mrmolley/status/1149120144305729536

177.37.79.206:3000
http://35.193.98.140
http://78.201.31.9

# Reference: https://twitter.com/1ZRR4H/status/1149282913751617536
# Reference: https://www.virustotal.com/gui/ip-address/91.209.70.21/relations

accesso-cupo-de-tarjeta-cl.cf
accesso-cupo-de-tarjeta-cl.gq
activacion-aumento-tarjeta-cl.cf
activacion-aumento-tarjeta-cl.gq
active-cupo-de-2-millones-avance-cl.cf
active-cupo-de-2-millones-avance-cl.gq
active-cupo-de-avances-cl.cf
active-cupo-de-avances-cl.gq
aprobacion-cupo-web-cl.cf
aprobacion-cupo-web-cl.gq
aprobado-cupo-de-avance-cl.cf
aprobado-cupo-de-avance-cl.gq
aumento-activo.cf
aumento-activo.gq
aumento-aprobado.cf
aumento-aprobado.gq
aumento-cupo-aprobacion-cl.cf
aumento-cupo-diferido-cl.cf
aumento-cupo-diferido-cl.gq
aumento-para-clientes.cf
aumento-servicios.cf
aumento-servicios.gq
aumento-validacion-cupo-de-avance-en-tarjeta-cl.cf
aumento-validacion-cupo-de-avance-en-tarjeta-cl.gq
aumento-verificado-de-tarjeta-cl.cf
aumento-web-activado.cf
aumento-web-activado.gq
avance-activo-en-cuotas-cl.cf
avance-aprobado-cl.cf
avance-aprobado-cl.gq
avance-cupo-diferido-cl.cf
avance-cupo-diferido-cl.gq
avance-cupo-diferido-personas-cl.cf
avance-cupo-diferido-personas-cl.gq
avance-cupo-informacion-cl.cf
avance-cupo-informacion-cl.gq
avance-cupo-simulador-web.cf
avance-cupo-simulador-web.gq
avance-de-aumento-cl.cf
avance-de-aumento-cl.gq
avance-de-confimacion-web-cl.cf
avance-de-confimacion-web-cl.gq
avance-de-cupo-en-linea-personal-cl.cf
avance-de-cupo-en-linea-personal-cl.gq
avance-en-linea-diferido-web-cl.cf
avance-en-linea-diferido-web-cl.gq
avance-en-linea-verificado-cl.cf
avance-en-linea-verificado-cl.gq
avance-en-linea-web-simulador-cl.cf
avance-en-linea-web-simulador-cl.gq
avance-online-cl.cf
avance-online-cl.gq
avance-personas-cuotas-diferido-cl.cf
avance-personas-cuotas-diferido-cl.gq
avance-solicitud-cupo.cf
avance-solicitud-cupo.gq
avance-web-activo-simulador-cl.cf
avance-web-aprobado-cl.cf
avance-web-aprobado-cl.gq
avance-web-confirmacion-cl.cf
avance-web-confirmacion-cl.gq
avance-web-servicios-cl.cf
avance-web-servicios-cl.gq
avances-cuotas-diferido-promo-cl.cf
avances-cuotas-diferido-promo-cl.gq
avances-online-asignado-cl.cf
avances-online-asignado-cl.gq
consulta-activacion-de-avance-cl.cf
consulta-activacion-de-avance-cl.gq
cupo-avance-credito-en-linea-cl.cf
cupo-avance-credito-en-linea-cl.gq
cupo-avance-online-cl.cf
cupo-avance-online-cl.gq
cupo-de-avance-online-cl.cf
cupo-de-avance-online-cl.gq
cupo-disponible-avance-cl.cf
cupo-disponible-avance-cl.gq
cupo-financiado-cl.cf
cupo-financiado-cl.gq
cupo-prestamo-cl.cf
cupo-prestamo-cl.gq
cupo-tarjeta-activo-cl.cf
cupo-tarjeta-activo-cl.gq
cupo-tarjeta-aumento.cf
cupo-tarjeta-aumento.gq
cupo-tarjeta-cuotas-diferido-cl.cf
cupo-tarjeta-cuotas-diferido-cl.gq
cupo-tarjeta-linea-de-credito-cl.cf
cupo-tarjeta-linea-de-credito-cl.gq
cupo-web-avance-cl.cf
cupo-web-avance-cl.gq
cupo-web-para-avance-cl.cf
cupo-web-para-avance-cl.gq
incremento-avance-en-tarjeta-cl.cf
incremento-avance-en-tarjeta-cl.gq
ingreso-cupo-de-tarjeta-cl.cf
ingreso-para-avance-cl.cf
ingreso-para-avance-cl.gq
ingreso-verificacion-cupo-de-avance-cl.cf
ingreso-verificacion-cupo-de-avance-cl.gq
ingreso-verificacion-de-avance-cl.cf
ingreso-verificacion-de-avance-cl.gq
login-avance-incremento-web-cl.cf
login-avance-incremento-web-cl.gq
login-web-avances-cl.cf
login-web-avances-cl.gq
obten-cupo-enlinea-cl.cf
obten-cupo-enlinea-cl.ga
obten-cupo-enlinea-cl.gq
obten-cupo-enlinea.cf
obten-cupo-enlinea.ga
obten-cupo-enlinea.gq
obten-validacion-cupo-web.cf
obten-validacion-cupo-web.gq
obtener-avance.cf
obtener-avance.ga
obtener-avance.gq
portal-avances-de-cupo-cl.cf
portal-avances-de-cupo-cl.gq
portal-para-avance-activado-cl.cf
portal-para-avance-activado-cl.gq
registro-de-avance-cl.cf
registro-de-avance-cl.gq
revision-cupo-tarjeta.cf
revision-cupo-tarjeta.gq
servicio-de-avance-cl.cf
servicio-de-avance-cl.gq
servicio-web-activacion-avance-cl.cf
servicio-web-activacion-avance-cl.gq
solicitud-avance-cupo-en-linea-cl.cf
solicitud-avance-cupo-en-linea-cl.gq
solicitud-cupo-de-avance-personal-cl.cf
solicitud-cupo-de-avance-personal-cl.gq
validacion-aumento-cupo.cf
validacion-aumento-cupo.gq
validacion-incremento.cf
validacion-incremento.gq
verificacion-de-aumento.cf
verificacion-de-aumento.gq
verificacion-de-avance-cl.cf
verificacion-de-avance-cl.gq
web-avance-de-tarjeta-cl.cf
web-avance-en-linea-cl.cf
web-avance-en-linea-cl.gq
web-avance-para-personas-scotia-cl.cf
web-avance-para-personas-scotia-cl.gq
www-aumento-de-avance-cl.cf
www-aumento-de-avance-cl.gq
www-avances-online-cl.cf
www-avances-online-cl.gq
www-login-retiro-de-avance-web-cl.cf
www-login-retiro-de-avance-web-cl.gq

# Reference: https://twitter.com/coderippers/status/1149312700205416448

vman22.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1149574068435218432

dgkhj.ru
fdghfghdfghjhgjkgfgjh234569.ru
hjkg456hfg.ru

# Reference: https://twitter.com/Paladin3161/status/1149456134622863360
# Reference: https://www.virustotal.com/gui/file/a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8/detection

aol.vready.cn
v2api.v6.cn
118.25.165.228:443
134.175.107.117:80

# Reference: https://twitter.com/1ZRR4H/status/1121146391127044096

http://163.172.84.54

# Reference: https://twitter.com/James_inthe_box/status/1149640703082815489
# Reference: https://app.any.run/tasks/9bb12825-d6d8-4c82-9491-c6a460196bad/

43.254.217.67:443

# Reference: https://twitter.com/KorbenD_Intel/status/1146463851526938625

http://34.68.116.148

# Reference: https://twitter.com/stvemillertime/status/1142593479966691333

http://45.32.89.133

# Reference: https://www.virustotal.com/gui/domain/pre23sence.club/relations

pre23sence.club

# Reference: https://twitter.com/RedDrip7/status/1145877272945025029

http://43.254.217.67

# Reference: https://twitter.com/killamjr/status/1150218238573404160

pictureviewerpro.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1150378625268666370

218.61.16.142:886

# Reference: https://twitter.com/P3pperP0tts/status/1150389146185342976
# Reference: https://app.any.run/tasks/d9edfd31-3526-4a6e-9657-0037a9c3ec43/
# Reference: https://twitter.com/James_inthe_box/status/1150402589449568257

82.202.221.61:4015
justdoits.pw
russianbase.ru

# Reference: https://twitter.com/P3pperP0tts/status/1150419408197693442
# Reference: https://app.any.run/tasks/bd7ea7cd-d94f-4e21-b809-864653ae59e7/

dircon88.bit
185.126.200.39:4000
185.126.200.39:4158

# Reference: https://twitter.com/JAMESWT_MHT/status/1150688427307929600

balances.duckdns.org

# Reference: https://twitter.com/nao_sec/status/1149273164058222592
# Reference: https://app.any.run/tasks/b2f81922-c7cf-4974-8a02-570ac3f440c1/

http://45.12.215.157

# Reference: https://twitter.com/James_inthe_box/status/1150794193494630401

mis.us

# Reference: https://twitter.com/James_inthe_box/status/1059087094612602881

jobs.samref.com.sa

# Reference: https://twitter.com/malware_traffic/status/856924240158896128

chaggma.com
hurtmehard.net

# Reference: https://twitter.com/Zerophage1337/status/854883694905098241

red.5efinance.net.in

# Reference: https://twitter.com/tmmalanalyst/status/796650651631505408

http://151.248.116.32
o61ulk.top

# Reference: https://twitter.com/BroadAnalysis/status/796379886738874368

di8dzlz.top
whitaker-detail.com

# Reference: https://twitter.com/oppimaniac/status/1151113181751906304

zerodayv3startedexploitpcwithexcelgreat.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

http://5.56.133.137

# Reference: https://twitter.com/James_inthe_box/status/1151222412890927104

icf-fx.kz

# Reference: https://twitter.com/FewAtoms/status/1151220766337167360

jessecom.top

# Reference: https://twitter.com/jeromesegura/status/1148289957716344832

http://213.227.154.121
azera.club

# Reference: https://twitter.com/dvk01uk/status/1151351846411390976

mrjbiz.top

# Reference: https://twitter.com/sugimu_sec/status/1151463058138525696

woeiuyfgowe.xyz

# Reference: https://twitter.com/fletchsec/status/1151553862110720006

danmaxexpress.com

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

4wereareyou.icu

# Reference: https://twitter.com/ViriBack/status/1151644173302456320

http://5.252.192.117

# Reference: https://twitter.com/ViriBack/status/1151642872778776581

http://172.86.120.238

# Reference: https://twitter.com/anyrun_app/status/1151747662011674624

charest-orthophonie.ca

# Reference: https://twitter.com/reecdeep/status/1151756075407945729

onholyland.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
# Reference: https://otx.alienvault.com/pulse/5d30c84b82e46bd810cb4957

http://37.252.15.241
http://89.105.198.28
http://185.202.174.44
http://199.189.108.71

# Reference: https://twitter.com/FewAtoms/status/1152182269454499840

baladefarms-com.ga
baladefarms.ga

# Reference: https://twitter.com/x42x5a/status/1152203190898778112

sxhts-group.com

# Reference: https://twitter.com/HerbieZimmerman/status/1152207191962767360

f72f7994.green.mattingsolutions.co

# Reference: https://twitter.com/Paladin3161/status/1151809951762964480

zhujb.cn

# Reference: https://twitter.com/P3pperP0tts/status/1152231737583271936

103.118.221.190:38888
111.6.76.54:959

# Reference: https://twitter.com/P3pperP0tts/status/1152538885974634496

granportale.com.br

# Reference: https://twitter.com/SBousseaden/status/1152532262589800448

78sh68279.atspace.eu

# Reference: https://twitter.com/DGAFeedAlerts/status/1151931732725293060
# Reference: https://www.virustotal.com/gui/ip-address/63.251.106.22/relations

404mobi.com
51ginkgo.com
adqwozlzb.info
aszzfjwuzngkao.com
brokenpiano.ru
ceuflaxurxy.info
down.heheelibom.com
gatherreceive.net
haprtwfitgylgiivvcaunvealzqcfq.com
heheelibom.com
kibertuz.site
m8374.net
nzizemese.info
oymjiasojevof.com
plsskq.com
ponka.biz
qicswtcvvxnmv.info
sernak.xyz
sr57mj1bcvng4yqf2y41cep8d5.com
storyhave.net
system-internals.com
systembooster.info
thisborn.net
tpyntpcnxwvsjqow.com
windows-pcrepair.com
xrjlmyhds.info

# Reference: https://twitter.com/FewAtoms/status/1152611531890331648

climapro-africa.com

# Reference: https://twitter.com/Xylit0l/status/1152980561943760896

wwkkss.com

# Reference: https://twitter.com/bad_packets/status/1153089384884736000

silynigr.xyz

# Reference: https://twitter.com/reecdeep/status/1153248954911514625

karysmarie.me

# Reference: https://twitter.com/P3pperP0tts/status/1153257218780909568

enc-tech.com

# Reference: https://twitter.com/James_inthe_box/status/1153385401278771201

novocontador.club
thenewsystemsetup.online

# Reference: https://twitter.com/FewAtoms/status/1153714739324829696

adityebirla.com

# Reference: https://twitter.com/JayTHL/status/1153744085737512962

africanmobilenetworks.com
cxgtgdf.com
forteol.com
onwamay.in

# Reference: https://twitter.com/killamjr/status/1153760441056845824

100puntos.com

# Reference: https://twitter.com/gorimpthon/status/1153476585736925184

dellbankyzaj.com

# Reference: https://twitter.com/James_inthe_box/status/1154036514600308737

fomoportugal.com

# Reference: https://twitter.com/FewAtoms/status/1154065536596107264

http://185.62.189.153
comforitgreel.ml
jbssa.one

# Reference: https://twitter.com/luc4m/status/1154390964045254656

rgalldmn.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1155093166841892864

alldayever231.su

# Reference: https://twitter.com/DissectMalware/status/1069507395448184833

cxvbilladsoi-legal.1gb.ru
dttmasterpropriv.ml

# Reference: https://www.virustotal.com/gui/ip-address/173.231.184.61/relations

http://173.231.184.61

# Reference: https://twitter.com/FewAtoms/status/1155496035461947392

u700222964.hostingerapp.com

# Reference: https://twitter.com/MisterCh0c/status/1155725091214372864

tjcyint.ml
razorcrypter.com
systemswift.group
oymmadencilik.com.tr

# Reference: https://twitter.com/Racco42/status/1155790202306211841

http://23.81.246.28

# Reference: https://twitter.com/stvemillertime/status/1155896477195091971

s2lol.com

# Reference: https://twitter.com/James_inthe_box/status/1155845641949442048

serverstresstestgood.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

robertogowin.com

# Reference: https://twitter.com/Artilllerie/status/1155851644262920199

protest-01262505.ga

# Reference: https://twitter.com/ninoseki/status/1156110479028133889

fatmazpharmc.com

# Reference: https://twitter.com/p5yb34m/status/1155956248681930755

modexcommunications.eu

# Reference: https://twitter.com/FewAtoms/status/1156156572747390977

creativecompetitionawards.ga

# Reference: https://twitter.com/p5yb34m/status/1156420680725831680

anthasoft.mx

# Reference: https://twitter.com/pulsedive/status/1156474611015528448

103.243.26.251:8988

# Reference: https://www.virustotal.com/gui/domain/rigneda.ru/relations
# Reference: https://www.virustotal.com/gui/file/4466e9258c00ecb4783001c678af6da8682fac36e5dd542a59f28a29245e5efa/detection

kuitrafes.ru  # Note: found on infected machine
rigneda.ru

# Reference: https://www.virustotal.com/gui/file/27e68e5e547860a9312d751381127ac85e89eeb40d74fa04aa4ca7fbc5498e51/detection

green5news.org

# Reference: https://twitter.com/malware_traffic/status/1157037634167984128

81.171.31.247:4567

# Reference: https://twitter.com/P3pperP0tts/status/1157196635207847938

kmxxw8.com

# Reference: https://twitter.com/alex_lanstein/status/1157261034521939968

122.114.173.174:3306

# Reference: https://twitter.com/James_inthe_box/status/1157406598769213440

zywuqcxtmqtz.000webhostapp.com

# Reference: https://twitter.com/Paladin3161/status/1157425240948920321
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

legion17.icu
vidardeep4.icu

# Reference: https://twitter.com/bad_packets/status/1157720176487329792

fxxxxxxk.me

# Reference: https://twitter.com/fatihsirinnnn/status/1158440148696293376

http://23.95.212.108

# Reference: https://twitter.com/ps66uk/status/1158456891623792647

http://149.202.110.2

# Reference: https://twitter.com/DynamicAnalysis/status/1158406596533338118

fomoportugal.com

# Reference: https://twitter.com/James_inthe_box/status/1158484189685010432

http://165.22.201.28

# Reference: https://twitter.com/P3pperP0tts/status/1158666213960179712

198.44.228.10:665

# Reference: https://twitter.com/Racco42/status/1158729618389643264

gsm-security-solutions.com

# Reference: https://twitter.com/wwp96/status/1158716438598836224

aspsensewiretransfergoogle.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1158812093786857475

http://23.82.128.23

# Reference: https://twitter.com/425A_/status/1158824075676069889
# Reference: https://twitter.com/JayTHL/status/1158839203884650499
# Reference: https://www.virustotal.com/gui/ip-address/94.237.40.127/relations

1dct.ru
3dface-nn.ru
4pplus.ru
aleksvip.ru
alienss.ru
anson-lkz.ru
ariosgroup.ru
aurora-mind.ru
balakhonov-yuriy.ru
bet-club.ru
business-in.ru
child-time.ru
clean24world.ru
csgo-fun.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
downloadjimm.ru
e-engenering.ru
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
favoritklg.ru
films-smotret-online.ru
flashsgame.ru
foleco.ru
fondafon.ru
fso29.ru
gocpro.ru
grozovoy-pereval.ru
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
hochu-shoping.ru
invest-alliance.ru
irkomp.ru
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
jotdesks.ru
kartofelmoptom.ru
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kopenbar.ru
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
krugosvet-ap.ru
ksmxnerqs.com
lenobl-primorsk.ru
leorex-super.ru
lifeofbeer.ru
limo69.ru
lizoblyudnichat.ru
mix-zarabotok.ru
nazarovdesign.ru
okovci.ru
oleg-boyko.ru
parustaxi.ru
plaksa-bdsm.ru
prazd-pack.ru
protest22.ru
pu97.ru
rabotasuper.ru
retro-cinema.ru
richelle-mead.ru
rock2.ru
rosmedpravo.ru
rostov-shops.ru
rulezzwarez.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
salon-na-domu.ru
sam-go.ru
shooting-portal.ru
soft-arhiv.ru
spstav.ru
srf48.ru
srkbelayareka.ru
storeprint.ru
story-toy.ru
strekozafitness.ru
stroydvor-kanev.ru
sunkom.ru
super-boost.ru
svet-lustra.ru
ta4ila.ru
tancemaster.ru
tatnadzor.ru
trialanet.ru
triumf18.ru
tvoyabezopasnost.ru
tvz2.ru
ukspravedlivost.ru
ulitka-plitka.ru
valchenco.ru
vedyshiy-na-svadby.ru
vip-xost.ru
visiohelp.ru
vorkutasport.ru
vradujnom.ru
vs-clab.ru
vseorake.ru
waple.ru
warabase.ru
web2kochanova.ru
webpartizan.ru
winx-clubs.ru
withmychild.ru
wmspb.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
bikton43.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
ksmxnerqs.com
lizoblyudnichat.ru
richelle-mead.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
sam-go.ru
spstav.ru
web2kochanova.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
xvehpuabh.icu
yourub.ru
yzbobdl.space
zaimable.ru
zentrstroy.ru

# Reference: https://twitter.com/FewAtoms/status/1159155277695819776

dhlexpressdeliver.com

# Reference: https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis.html

http://154.222.140.49

# Reference: https://twitter.com/DynamicAnalysis/status/1159564232469417988

karlvilles.com

# Reference: https://twitter.com/FewAtoms/status/1159490383350587392
# Reference: https://twitter.com/KorbenD_Intel/status/1163929665230299137
# Reference: https://www.virustotal.com/gui/file/e7b190ae876b10d0a216b8475eec078990da4ea07020b0e8a1d8b55b3baa1e4e/detection

u700222964.hostingerapp.com

# Reference: https://twitter.com/FewAtoms/status/1159482237513064449

http://13.67.107.73

# Reference: https://twitter.com/FewAtoms/status/1159473273870196736

http://13.75.76.78

# Reference: https://twitter.com/nao_sec/status/1159484498569863169

fasttransfer-trafficads.xyz

# Reference: https://twitter.com/Timele9527/status/1159673642332016640

fateh.aba.ae

# Reference: https://twitter.com/James_inthe_box/status/1159834709209128961

master712.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

lnkexploit.com

# Reference: https://twitter.com/James_inthe_box/status/1159861664960749569

beastmas.club

# Reference: https://twitter.com/James_inthe_box/status/1159916671055757312

http://40.117.61.41
americanaspromocoes.ga

# Reference: https://twitter.com/James_inthe_box/status/1160150821830418432

3prokladkaeu.com
setseta.com

# Reference: https://twitter.com/FewAtoms/status/1160195673054015488

rubthemoneybear.xyz

# Reference: https://twitter.com/FewAtoms/status/1160543075372032006

sevenj.club

# Reference: https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat
# Reference: https://otx.alienvault.com/pulse/5d517a359da59958f72dc6c8

aeconex.com

# Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations

americanexpresscardconfirmationsystemservice.com
americanexpressesitz.com
americanexpressfeedback.com
associatedbnking.com
badaprutus.pw
biboressurection.info
blaerck.xyz
bozem.co
carolambasola.co
carrefour-moncompte.info
chaseonlinebusinesssolution.com
chaseonlinei.com
chaseonlinenotifier.com
chasesonliines.com
chasessonline.com
cloudresemblao.top
co-operative-bank.com
contributionsthroughy.net
csh0p.ru
dranidepod.org
flowjob.top
formasnetoyvnastrchine.com
garizzlas.top
hudsonenorincludes.com
igjqwnedjgqwnqwemnta.net
instant-payments.ru
jumpinghouse.org
kerbitsallor.us
kunden-contact-5126351253252.icu
kunden-contact-6478585764.top
landoftools.ru
manfam.co
moikopoli.com
mymoneywallets.com
nettubex.top
paysell.org
pooiukjadnqwdjnqasdne.com
portfos.org
postedecretosecure.info
posteitalianedecreto.top
posteitalianesicurezzadecreto.info
potomuchtosrazuskazaleb.com
quickbooks-intuits.com
scottfranch.org
siruksazon.us
thefreshstuffs.org
thefreshstuffs.ru
thefreshstuffs.to
tiamos.co
toperdona.com
topwarenhub.top
trading-secrets.ru
try2swipe.ws
tuyngsdnfwefwef.com
ukmarket.su
usaa-communication.com
usaa-urgentrequest.com
usaacominetentproofproofingeventactioninitevent.com
usaadbfeedback.com
usaamemberservices1.com
usaamembersupports.com
vaslbntr.ru
verificadeidatipostali.com
verify-konto-326351323.icu
wellsfargosz.com
withadvertisingthe.net
zxciuniqhweizsds.com

# Reference: https://twitter.com/malware_traffic/status/1160988600391086081

http://107.173.90.141

# Reference: https://www.virustotal.com/gui/domain/orderbox-dns.com/details
# Reference: https://app.any.run/tasks/68c8f400-eba5-4d6c-b1f1-8b07d4c014a4/
# Reference: https://www.virustotal.com/gui/file/17901948c9c9f2f0d47f66bbac70592a7740d181f5404bf57c075ed6fa165b67/detection
# Reference: https://www.virustotal.com/gui/ip-address/176.119.29.14/relations

http://176.119.29.14
bbouble.xyz
mtcunlocker.info

# Reference: https://twitter.com/stoerchl/status/1161159995217653761

zerosugaraddonexploit.duckdns.org

# Reference: https://twitter.com/p5yb34m/status/1161323938313457665

dk-rc.com/js/

# Reference: https://twitter.com/FewAtoms/status/1161981277815410688

asdklgb.ga
forconfirmation.gq
xingyang-glove.com

# Reference: https://twitter.com/chen_erlich/status/1162009562674843649
# Reference: https://www.virustotal.com/gui/ip-address/185.99.133.219/relations

http://185.99.133.219
earphorialofts.net
urbanholidaylo.net
wrigleychicago.org

# Reference: https://twitter.com/_jsoo_/status/1162039650791198720

a.ycwave.cn

# Reference: https://twitter.com/w3ndige/status/1162331454233370624
# Reference: https://app.any.run/tasks/c374d548-02b0-4419-9551-d8800388af42/

http://23.106.215.95
114.221.16.192:443
154.149.31.37:443
64.77.134.20:443

# Reference: https://twitter.com/killamjr/status/1162360718395658240

http://195.123.243.210

# Reference: https://twitter.com/FewAtoms/status/1162667333573390337

http://156.238.3.105
59.188.255.217:6320

# Reference: https://twitter.com/0xrb/status/1162955576927670272
# Reference: https://www.virustotal.com/gui/ip-address/216.224.181.16/relations

99bcare.com
apacbizpartner.com
apacsfsolutions.com
apactechbiz.com
asiapacsolution.com
b2janitorial.com
bitmailpost.com
bizventuresgroup.com
bizvertical.com
bpsservices.org
bpswired.com
bsnprotocol.com
cbxsystematics.com
cliquedasia.com
comcleanserv.com
connexionweb.net
csbizsolution.com
csbprofile.com
cstechnology.org
directitsolutions.com
enterpriselevelsolutions.com
expressstrategy.net
file-keeps.com
firstclassit.net
fluxserveasia.com
globalitbuilder.com
great-tec.com
idealprospecting.com
infotechsoln.com
innovationtech-asia.com
insidesalesinc.com
intellibiz.net
istglobal.net
it-salesmktg.com
kickstartsalesforce.com
knitgeek.com
lamultispecialty.com
mail-bounce.com
medassistforte.com
medsolutionscare.com
merchadvisors.com
multichannelmktg.com
realtech-international.com
rhipecloud.com
secureditgroup.net
sf-apac.com
softbizsoln.com
softitcare.net
softstreams.com
softtechenterprise.com
technocloudxpert.com
techpacific-international.com
tecnevo.com
tecqna.com
thebusinessdrift.com
thesoftwareenterprise.com
thewisesoln.com
thunderlinkz.com
tradespecialistgroup.com
ultimateintelligence.net
universalitbiz.com
vitrexa.com
wallstreetguru.info
worldsfinestservice.com
xpresstrategy.net
zenbitsolution.com
zenithnetworxs.com

# Reference: https://twitter.com/FewAtoms/status/1163043154628624385
# Reference: https://www.virustotal.com/gui/file/94543f02145c8cbc924fe6a4229b16f3b1d2988c6db4b66df5cd766322982f93/detection
# Reference: https://www.virustotal.com/gui/file/5e505f7876fbde8e323f698982f189b12be25569113a2426d6f6f8dda0e7d8be/detection
# Reference: https://www.virustotal.com/gui/file/300ece5931709d15dfd9a5ddce2f69ec6aa7466277a0a0edba134375bf2c20be/detection
# Reference: https://www.virustotal.com/gui/file/4ed245f6ae78a3a39543d865c0660c5dab39bcee18ee1abb212d8a3893e6584a/detection

http://193.112.160.173
193.112.160.173:33221
193.112.160.173:55421

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

sexshops.site
sreex.info
sygicstyle.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163565834343632897
# Reference: https://app.any.run/tasks/04a0a774-dd16-43bd-a966-2a35ca66fe70/
# Reference: https://pastebin.com/Lv0KAQ0k

dogware.pw
cy91219.tmweb.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1163736730371022848

nainyet.casa

# Reference: https://twitter.com/gorimpthon/status/1163616173860122624

evaglobal.eu

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

http://194.58.38.50
http://194.58.58.70

# Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/James_inthe_box/status/1163880851236462592

bulehero2019.club
kingminer.club
oiwcvbnc2e.stream

# Reference: https://twitter.com/WarlordLestat/status/1164118573872271360

malikom.xyz
mrtcom.space
rainit.xyz
sauronn.host
sidom.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1164140106095177731
# Reference: https://app.any.run/tasks/0c5278c0-d505-4873-b612-9318dbbc2733/

101legit.com
legitville.com
moskaumoskau.com
savemax.store

# Reference: https://twitter.com/n0p1shing/status/1164150184517033986

akudobia.com

# Reference: https://twitter.com/VK_Intel/status/1164194019930497025

vregbqeg.com

# Reference: https://twitter.com/dms1899/status/1164699178527842304

dngerpppsa.xyz

# Reference: https://twitter.com/bad_packets/status/1165041748772438016

fuckingmy.life

# Reference: https://twitter.com/JAMESWT_MHT/status/1165942869359759361

xyskyewhitedevilexploitgreat.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166243679058694145

statexadver3552mn12.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1166252297124552704

collinsserver.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1166278659629408257
# Reference: https://app.any.run/tasks/acaedaa7-fbe2-4139-b190-edaebc601c08/

http://45.76.113.195

# Reference: https://twitter.com/FewAtoms/status/1166319332051128320

http://161.202.40.99

# Reference: https://twitter.com/malware_traffic/status/1166114783676051456

statexadver3552mn12.club

# Reference: https://twitter.com/DynamicAnalysis/status/1166433211548913668

filebase.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166491923911184385

owak-kmyt.ru
pdofan.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1166721502579974146

curly-bar-8ce5.myloaders.workers.dev
young-bonus-b8e4.myloaders.workers.dev

# Reference: https://twitter.com/James_inthe_box/status/1166683407943794688

chernovik55.ru

# Reference: https://twitter.com/P3pperP0tts/status/1166782653623918592

brizy5.ru

# Reference: https://app.any.run/tasks/b79f8f2f-d8d9-4f39-ad9c-4feae85babdf/

mailadvert19.world

# Reference: https://twitter.com/FewAtoms/status/1167070059010953218

background.pt

# Reference: https://twitter.com/bad_packets/status/1167336978041303040

stresser.cc

# Reference: https://twitter.com/JAMESWT_MHT/status/1167443194033901568

i03kf0g2bd9papdx.com

# Reference: https://twitter.com/JayTHL/status/1167666533260304385

azuremoonentertainment.mobi

# Reference: https://twitter.com/nao_sec/status/1167797188363055105 (CVE-2018-15982)
# Reference: https://app.any.run/tasks/49618924-ee31-4ed7-9669-17e0816f59a4/

http://82.146.59.230
gw.brownsine.com

# Reference: https://twitter.com/P3pperP0tts/status/1167890224644362241

k1ristri.ru

# Reference: https://twitter.com/FewAtoms/status/1168131803560984577

accoun2-sign1-secur-ace324490748.com

# Reference: https://www.virustotal.com/gui/file/7d48a6706013036266dbcd44aa7528d9e9331de0e9214b564255b96b5767b282/detection

absetup5.icu

# Reference: https://twitter.com/Paladin3161/status/1168863588015935488

sebains.kozow.com

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

farnbrands.com

# Reference: https://twitter.com/JayTHL/status/1169000377120935941

rdmapperels.com

# Reference: https://twitter.com/angel11VR/status/1169155232447762437

ukr1.net

# Reference: https://twitter.com/malware_traffic/status/1169312743956066305

http://45.142.212.25
dersed.com

# Reference: https://twitter.com/FewAtoms/status/1169333693325946880

macvin.5gbfree.com

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

fomoportugal.com

# Reference: https://twitter.com/malware_traffic/status/1169358788748615680

http://179.43.169.43
wyyjacky.club

# Reference: https://twitter.com/P3pperP0tts/status/1169642311942397954

brizy5.ru
ho3fty.ru
j990981.ru
seraph15.ru
valerana44.ru
ww2rai.ru

# Reference: https://twitter.com/malwrhunterteam/status/1169638468647096321

http://10.103.2.247

# Reference: https://twitter.com/JayTHL/status/1169688507700457472

waymahikatudor.com

# Reference: https://twitter.com/blackorbird/status/1169859337709207552

http://220.158.216.134

# Reference: https://www.virustotal.com/gui/domain/tomx.xyz/relations

tomx.xyz

# Reference: https://twitter.com/SecSome/status/1169972222439690241
# Reference: https://app.any.run/tasks/21339218-b4fd-4084-95d5-5c42fed4c71d/

204.152.219.82:9008
jobmalawi.com

# Reference: https://twitter.com/Zerophage1337/status/1007645365133246464

http://199.192.19.133
http://91.210.104.247

# Reference: https://twitter.com/FewAtoms/status/1170323745195663360

aagaeyarintz.com

# Reference: https://twitter.com/James_inthe_box/status/1170641393875742720
# Reference: https://www.virustotal.com/gui/domain/educationaltools.info/relations

educationaltools.info

# Reference: https://twitter.com/tkanalyst/status/1170688633172443139
# Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/

digimonex.host
mailadvert917dx.world
umbr.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1170726870519824384

pp-back.info

# Reference: https://twitter.com/ViriBack/status/1170731470039789568

fiscalia.ga

# Reference: https://twitter.com/FewAtoms/status/1171076098244919297

http://23.106.124.142

# Reference: https://app.any.run/tasks/1765b64a-78f0-4360-afaf-6ba886a6d72f/

http://195.123.242.175

# Reference: https://twitter.com/tkanalyst/status/1171572121648033792

starserver715km.world

# Reference: https://twitter.com/reecdeep/status/1171365416180080640

bobbychiz.top

# Reference: https://twitter.com/trungduc751995/status/1171693318117281793
# Reference: https://otx.alienvault.com/pulse/5d78e9388461b273c265778e

http://35.224.233.140

# Reference: https://twitter.com/killamjr/status/1171849775911772165

globalpaymentportal.co

# Reference: https://twitter.com/sugimu_sec/status/1172058813177851904

aliiydr.xyz

# Reference: https://twitter.com/gigafio/status/1172102628546924545

alhaji.top

# Reference: https://twitter.com/Paladin3161/status/1171954425780289542

qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1172122495652155392

mewahgroup.pw

# Reference: https://twitter.com/rpsanch/status/1172548993177522176
# Reference: https://app.any.run/tasks/f24e56fa-c8b8-4b7d-99b0-2975e04429fa/
# Reference: https://otx.alienvault.com/pulse/5d921f7a6ff5154cba005284

213.252.246.80:448
213.252.246.80:80
213.252.246.80:8888
8933-16423.bacloud.info
mtcareers.myftp.org
mantechcareers.serveftp.com
ngcareers.myvnc.com
northropgrumman.sytes.net

# Reference: https://www.virustotal.com/gui/domain/lalitmumbai.net/relations
# Reference: https://app.any.run/tasks/086e4aa9-1ece-441a-a5c3-eb8879d26e2e/

lalitmumbai.net

# Reference: https://twitter.com/jeFF0Falltrades/status/1173300902242988032
# Reference: https://otx.alienvault.com/pulse/5d7f50c9b115a641c04aacd6

dapoerwedding.com

# Reference: https://twitter.com/Racco42/status/1173547031979278336

fomoportugal.com

# Reference: https://twitter.com/struppigel/status/1173883825333706752
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/
# Reference: https://documents.trendmicro.com/assets/Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C&C.pdf
# Reference: https://www.virustotal.com/gui/file/f8bf2120bdec3da240bf4a56760ee42d045e42ec4ae1d261774ff13fc2cb7cc0/detection

http://95.179.168.23
http://144.202.19.31
diangovcomuiscia.com
eltiempocomco.com
medicosempresa.com

# Reference: https://twitter.com/FewAtoms/status/1173982410951839745

http://185.250.240.84

# Reference: https://twitter.com/reecdeep/status/1174270764461244417

indta.co.id

# Reference: https://twitter.com/wwp96/status/1174311496639221760

this-a22.tk

# Reference: https://twitter.com/James_inthe_box/status/1174336699112906752

hushpan.icu

# Reference: https://twitter.com/FewAtoms/status/1174350146768965636

http://34.87.96.249

# Reference: https://twitter.com/blackorbird/status/1174894127378358272

http://141.98.213.198

# Reference: https://twitter.com/DbgShell/status/1174997242425565185

xozidazatibotiko.ddns.net

# Reference: https://twitter.com/JayTHL/status/1175248668502437888

discribechnl.com
menukndimilo.com
raatphailihai.com

# Reference: https://app.any.run/tasks/ce52b6fb-5444-4d4d-9071-aa4a3d4d0f52/

http://185.206.212.65

# Reference: https://twitter.com/illegalFawn/status/1176077657311764480

sicurezzaonline.info

# Reference: https://twitter.com/luc4m/status/1176045112469725184

http://216.170.126.139

# Reference: https://twitter.com/P3pperP0tts/status/1176831679106826240

systemgooglegooglegooglegooglegooglegoole.warzonedns.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048

redmoscow.info

# Reference: https://twitter.com/h4ckak/status/1112953627478351874
# Reference: https://app.any.run/tasks/72dd9d2e-5d7d-412a-830b-d2bd59f98760/
# Reference: https://www.virustotal.com/gui/file/f99cb5b099030834f84c5053b1610e911727673767dd9a6a938a13f1da9d6a33/detection

88.80.144.9:9987
exchangeser.com

# Reference: https://twitter.com/FewAtoms/status/1177940330655543302

202.168.151.38:3880

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496

whoil.club

# Reference: https://twitter.com/Edgespot_io/status/1069690604198682624

34.227.171.221:8080

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html

cindysonam.org

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

kiskakisska.xyz
xyxyxoooo.com

# Reference: https://twitter.com/0xFrost/status/1179128508817260545
# Reference: https://app.any.run/tasks/c08c12cc-4a9f-44f4-9aa7-ef11900a8bc8/

wirelord.us

# Reference: https://twitter.com/tkanalyst/status/1179174693963587584
# Reference: https://app.any.run/tasks/a2ef7bde-fc71-4f7e-9246-1af8f16b5e6b/

crasyhost.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-08-14-microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253/microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253.csv

missaruba.aw

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-05-04-drive-by-downloads-attack-adobe-zero-day-flaw/drive-by-downloads-attack-adobe-zero-day-flaw.csv

jeentern.dyndns.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-12-14-inside-adobe-reader-zero-day-exploit-cve-2011-2462/inside-adobe-reader-zero-day-exploit-cve-2011-2462.csv
# Reference: https://www.virustotal.com/gui/file/c6072e6446c1641d35e1e471adf4ce533f0615a0365168728bcefe4df2d213ff/detection

prettylikeher.com

# Reference: https://twitter.com/James_inthe_box/status/1180128778229444608
# Reference: https://twitter.com/P3pperP0tts/status/1180141309685837825

corpcougar.com
corpcougar.in

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-03-rtf-attack-takes-advantage-of-multiple-exploits/rtf-attack-takes-advantage-of-multiple-exploits.csv

aulbbiwslxpvvphxnjij.biz
invoice-accounts.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2015/2015-05-18-malware-spreads-facebook-tag-scam/malware-spreads-facebook-tag-scam.csv

exusers.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-02-hackers-bypassed-adobe-flash-protection-mechanism/hackers-bypassed-adobe-flash-protection-mechanism.csv

korea-tax.info

# Reference: https://twitter.com/YttriumSec/status/1180101251855343616

http://115.159.87.251

# Reference: https://twitter.com/FewAtoms/status/1180819300476755969

http://34.87.19.73

# Reference: https://twitter.com/jishuzhain/status/1181201933714911232

103.99.2.65:1010

# Reference: https://twitter.com/ecarlesi/status/1181522701195849728

downloadtg4.website

# Reference: https://twitter.com/P3pperP0tts/status/1181547444837986304

http://43.255.241.160

# Reference: https://twitter.com/JAMESWT_MHT/status/1181616566024183809

http://209.141.42.23

# Reference: https://twitter.com/0xFrost/status/1182037064344322053

5571875.info

# Reference: https://twitter.com/P3pperP0tts/status/1182225501387141120

http://31.44.184.123
goji-actives.net

# Reference: https://twitter.com/benkow_/status/1182604054742085632

wisecleaner.cleaning

# Reference: https://twitter.com/JAMESWT_MHT/status/1182613351425368066
# Reference: https://app.any.run/tasks/14b5c38b-0d39-4c99-9934-998491019487/
# Reference: https://www.virustotal.com/gui/domain/taskhostw.com/relations

taskhostw.com

# Reference: https://twitter.com/James_inthe_box/status/1182703889012813824

http://198.23.202.49

# Reference: https://twitter.com/P3pperP0tts/status/1182968741283454977

madnik.beget.tech

# Reference: https://twitter.com/ViriBack/status/1183098116263858176

taxjustice-usa.org

# Reference: https://twitter.com/ViriBack/status/1183157722348433413

gayaju.com

# Reference: https://www.virustotal.com/gui/domain/paletoxyz.com/relations

paletoxyz.com

# Reference: https://twitter.com/ecarlesi/status/1183415444612485120

inationnetwork.xyz

# Reference: https://twitter.com/w3ndige/status/1171159313865465856

http://108.62.118.233

# Reference: https://twitter.com/w3ndige/status/1168437823193669632

posqit.net

# Reference: https://www.virustotal.com/gui/domain/accessheler.com/relations

accessheler.com

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

http://45.114.8.161

# Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/

http://167.114.95.127

# Reference: https://twitter.com/ffforward/status/1184379075642773505

show-qo13.tk

# Reference: https://twitter.com/P3pperP0tts/status/1184405805648564226

qisqholden.com

# Reference: https://twitter.com/tkanalyst/status/1184825216033099777

185.193.26.154:14596
186.4.254.199:18941
vwxqv.xyz

# Reference: https://twitter.com/tkanalyst/status/1188778602306818048

173.26.52.16:13821
202.91.248.237:17613
hxfiqz.dynu.net

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

fbigov.website

# Reference: https://twitter.com/FewAtoms/status/1185249656235843588

afrimarinecharter.com

# Reference: https://twitter.com/JayTHL/status/1185303303892033536

thekukuaproject.com

# Reference: https://twitter.com/FewAtoms/status/1185980535497207808

collierymines.com

# Reference: https://twitter.com/albertzsigovits/status/1186255610163187714

logover.su

# Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html
# Reference: https://otx.alienvault.com/pulse/5dadb6fad17367c025d25421

abcxyz.stream

# Reference: https://twitter.com/James_inthe_box/status/1186363546155663360

0b8a67f7.ngrok.io

# Reference: https://twitter.com/wwp96/status/1186365682520338434

granuphos-tn.com

# Reference: https://twitter.com/smica83/status/1186520175467810817
# Reference: https://www.virustotal.com/gui/domain/taamgol.com/relations

taamgol.com

# Reference: https://twitter.com/wwp96/status/1186637571876630529

46.183.220.10:1010

# Reference: https://twitter.com/JAMESWT_MHT/status/1186641478996639745

cloudown.icu

# Reference: https://app.any.run/tasks/83bf663d-6020-4186-970e-3c50b842510c/

newandupdates1234.blogspot.com

# Reference: https://twitter.com/FewAtoms/status/1186676588013899776

http://151.80.8.7

# Reference: https://twitter.com/ANeilan/status/1186847142113173504

diporpef.com

# Reference: https://twitter.com/j_rom_/status/1184880435219849218

amz-syndication.com

# Reference: https://twitter.com/fatihsirinnnn/status/1186938514845380608

acmestoolsmfg.com

# Reference: https://twitter.com/P3pperP0tts/status/1186988588656934913

tourscentralasian.com

# Reference: https://twitter.com/wwp96/status/1187023690636152832

romanceobsessed.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187296372833357825

http://5.188.9.33

# Reference: https://twitter.com/dms1899/status/1187270160220147712

modexcourier.eu

# Reference: https://www.virustotal.com/gui/ip-address/161.117.41.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/161.117.8.4/relations

abs-glt.com
akinsab.ru
app-comercialex.top
aucklandcustom-nz.com
avgsupport.info
bkam.tech
capeplcinc.com.ua
casmagnat.rocks
clinefr12.com
clotiahs.info
cremeroloe.com
doosamnt.com
dotmpegjdj.com
echaintool.info
efore.info
esetsupport.info
famoosonutt.com
fueda.info
gidnik.com
gihf2.com
gracetime.tech
grindtreue.online
grindtruex.online
gunmak-com.tk
higomanga.info
jajar.ru
jer23.com
jobttast.com
kaburto.info
knt73.com
kord23.com
mikeservers.eu
modcloudserver.eu
modexcommunications.eu
nestp11.com
niiqata-power.com
offsolo-gbb.tech
oker1.com
oldendroff.com
pache22.com
paramountemporium.vip
peaches19.com
posqit.net
priv112.com
qoqip.com
quecik.com
rnuganbank.com
roumines.com
saturatix.top
siiigroup.com
smart-net.rocks
sun-clear.net
sylvaclouds.eu
torresansrl-it.com
tr0nsf01.org
tr30nfs01.com
tsep13.com
tyler14.com
uloego.info
vcmcompanys.com
vinaprio.com
wgeise4.com
xinblasta.us
yuxinproteins.com
zhchlt.com

# Reference: https://twitter.com/petrovic082/status/1187762565969043457
# Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/

neroolive.org

# Reference: https://www.virustotal.com/gui/domain/aklianfa.com/relations

aklianfa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1188005690130026498

http://193.26.217.230

# Reference: https://twitter.com/DissectMalware/status/1006784787854581760

111.73.46.110:7717

# Reference: https://twitter.com/InQuest/status/1188373526622941186

lritck.tk

# Reference: https://twitter.com/JayTHL/status/1188801316417687552

http://37.1.219.172

# Reference: https://app.any.run/tasks/24cc7183-7345-46f6-b26e-1e173d9c98a9/

d1c56b05.ngrok.io

# Reference: https://twitter.com/JAMESWT_MHT/status/1188856141633261570

blockchainblogger.club

# Reference: https://twitter.com/FewAtoms/status/1188858041686466561

enkaypastri.com

# Reference: https://twitter.com/DrStache_/status/1188917585540276224

torishima-qa.com

# Reference: https://twitter.com/david_jursa/status/1189155057834647552

thekokokoupd.online

# Reference: https://app.any.run/tasks/4c6e0f94-e147-47ca-9467-c3864047439f/

lkdff.com

# Reference: https://twitter.com/wwp96/status/1189236233613889538

frenddizoni.org

# Reference: https://twitter.com/OttoScav/status/1189220259842187264

213.152.160.146:1010

# Reference: https://app.any.run/tasks/986f65f5-5208-4133-b9af-c993edcc1e34/

http://199.195.254.187

# Reference: https://twitter.com/James_inthe_box/status/1189287512684019714

oz-dn.org

# Reference: https://twitter.com/w3ndige/status/1189301536691752960

http://74.118.138.167

# Reference: https://twitter.com/ViriBack/status/1189329887074619395

arbistars.com

# Reference: https://twitter.com/wwp96/status/1189536892322304002

uzojesse.top

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://185.193.125.135

# Reference: https://twitter.com/killamjr/status/1189717599040528386

esascom.com

# Reference: https://twitter.com/InvertedLina/status/1189940700311379968

amana-agro.com

# Reference: https://www.virustotal.com/gui/ip-address/23.227.207.137/relations

http://23.227.207.137

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667

http://107.181.175.118
http://149.154.67.19

# Reference: https://twitter.com/unmaskparasites/status/1184973893225865222

dropboxfiles.net
mydropboxfiles.com

# Reference: https://twitter.com/killamjr/status/1190087811803815936

http://51.89.163 174

# Reference: ttps://twitter.com/pmelson/status/1190419506620981248

azuredatabox.azureedge.net

# Reference: https://pastebin.com/29uSdMAk

chinalarnpbase.com

# Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577
# Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26

5.100.251.106:443
5.100.251.106:80

# Reference: https://app.any.run/tasks/2be23d42-242b-47bc-8d0f-76a5b80e7a4b/

1xv4.com

# Reference: https://app.any.run/tasks/e15b03be-14d2-49c0-b6c1-04249d0783f1/
# Reference: https://www.virustotal.com/gui/domain/stroytrest19.by/details

stroytrest19.by

# Reference: https://twitter.com/tkanalyst/status/1190975614766833664
# Reference: https://otx.alienvault.com/pulse/5dc1a88e1cf7281dc5c4ed5b

http://107.167.244.67
http://138.68.15.227
http://198.199.104.8
blockchainblog.club

# Reference: https://twitter.com/wwp96/status/1191013406175830017

racetech.club

# Reference: https://twitter.com/ViriBack/status/1062544747062050817

web-bancadigitalbod.com

# Reference: https://twitter.com/ViriBack/status/989663475445190656

pf-pv.xyz

# Reference: https://twitter.com/fumik0_/status/968070745766154240

updatecenter.ru

# Reference: https://twitter.com/FewAtoms/status/1191349702920474625

http://35.247.253.206

# Reference: https://www.reddit.com/r/sysadmin/comments/aswr03/anyone_identify_this_miner_or_malware/
# Reference: https://app.any.run/tasks/daddea03-d06c-42ce-a539-516b5173467f

185.112.156.92:8092
http://173.247.239.186

# Reference: https://app.any.run/tasks/02fc860e-cb3b-4ed4-84c5-95ee52d7e96a/

http://45.147.229.149

# Reference: https://twitter.com/w3ndige/status/1191752055012122625

mostfirstandnow.site

# Reference: https://twitter.com/FewAtoms/status/1191751916570763264

mjnalha.ml

# Reference: https://www.virustotal.com/gui/ip-address/185.212.128.189/relations

http://185.212.128.189

# Reference: https://twitter.com/QW5kcmV3/status/1191441479467708417
# Reference: https://otx.alienvault.com/pulse/5dc190575e635818231a16d9

ms-audit-server.club
ms-dll-com.info
ms-dll-service.site

# Reference: https://twitter.com/wwp96/status/1191754793737428993

http://66.154.103.133

# Reference: https://twitter.com/tccontre18/status/1191638837136633856
# Reference: https://app.any.run/tasks/dc833ad4-508a-42eb-9bc2-cef42a558e89/

http://47.240.70.20
47.240.70.20:8080

# Reference: https://twitter.com/P3pperP0tts/status/1191862832360501249

http://192.3.247.119

# Reference: https://twitter.com/killamjr/status/1191923979549921280

admin-578472.serveo.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1192034769011388417

http://78.47.36.215

# Reference: https://twitter.com/wwp96/status/1192102384819933185

megatraffik.com

# Reference: https://twitter.com/pancak3lullz/status/1192132907277733889

http://162.218.210.202

# Reference: https://twitter.com/FewAtoms/status/1192129351871082496

http://185.102.122.2

# Reference: https://twitter.com/KorbenD_Intel/status/1192147546086498311

http://47.102.114.62

# Reference: https://twitter.com/lazyactivist192/status/1192458664407392256

http://185.12.29.38

# Reference: https://twitter.com/dave_daves/status/1192472618261254145
# Reference: https://app.any.run/tasks/74221158-9b70-43ab-9a59-df368ff001ed/

http://18.229.155.115
socios20199.webcindario.com

# Reference: https://twitter.com/ccxsaber/status/1191916749630783489
# Reference: https://otx.alienvault.com/pulse/5dc4b4c2bada09c6a58dd516

http://192.119.111.4

# Reference: https://twitter.com/coderippers/status/1192746152514469888

phltimberwarehouse.co.uk

# Reference: https://twitter.com/killamjr/status/1192788604508131333

http://181.143.146.58

# Reference: https://twitter.com/FewAtoms/status/1192847054130831360

soldi.duckdns.org

# Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef/

og-funds.net

# Reference: https://twitter.com/rpsanch/status/1181455677920829440

plazatiles.sytes.net

# Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/

exe-3.icu

# Reference: https://twitter.com/mszustak/status/1159824933171544064

hobby-l0bby.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/domain/proyectobasevirtualcol.com/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.33.68.255/relations

proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://zerophagemalware.com/2018/01/23/maldoc-rtf-drop-loda-logger/
# Reference: https://www.virustotal.com/gui/domain/humiconfort.com/relations

humiconfort.com

# Reference: https://twitter.com/malware_traffic/status/988589136163622912

plumberspro.us

# Reference: https://twitter.com/HSAFTeam/status/1189557108498485248

http://111.90.150.133
filabella.ga

# Reference: https://twitter.com/James_inthe_box/status/1193539893000986624

35.247.208.129:4748

# Reference: https://community.rsa.com/community/products/netwitness/blog/2018/01/12/malspam-delivers-njrat-1-11-2018
# Reference: https://www.virustotal.com/gui/ip-address/162.144.63.238/relations

eagleepcisocks.com

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

vjro.biacap.com

# Reference: https://twitter.com/wwp96/status/1193942503864651776

zinkobeauty.com

# Reference: https://twitter.com/jcarndt/status/1194305779634970625

office365.firewall-gateway.net

# Reference: https://twitter.com/James_inthe_box/status/1194358787513077766
# Reference: https://www.virustotal.com/gui/file/fcdf29266f3508bd91d2446f20a73a811f53e27ad1f3e9c1f822458f1f30b5c9/detection
# Reference: https://twitter.com/James_inthe_box/status/1194367229879472129

bitbucket.org/anatoliisaharoff/rep/downloads/

# Reference: https://twitter.com/KorbenD_Intel/status/1194361467660836864

http://217.73.62.206

# Reference: https://twitter.com/w3ndige/status/1194889495868592130

dubem.top

# Reference: https://twitter.com/Rmy_Reserve/status/1194944079076835333
# Reference: https://app.any.run/tasks/bca1d42d-ea10-4a7b-b98c-4d645ba1e204/
# Reference: https://www.virustotal.com/gui/domain/n-trip.com/relations

n-trip.com

# Reference: https://twitter.com/pmelson/status/1195009552921616386
# Reference: https://www.virustotal.com/gui/domain/008ex.com/relations

008ex.com
bill.008ex.com
download.008ex.com
jan.008ex.com
slay.008ex.com

# Reference: https://twitter.com/ItsReallyNick/status/1195233697630445569

d1lkxepo6u8zf.cloudfront.net

# Reference: https://twitter.com/FewAtoms/status/1195313326500327424

alg0sec.com

# Reference: https://app.any.run/tasks/b7103ff0-18bb-431e-8175-f1274a17de18

andrewharmon.x10host.com

# Reference: https://www.virustotal.com/gui/file/2b2697a0a26e746b6dd27d3aee7b126f6b72a09d8bf52961203a849b043d8fbd/relations

longvoyages.com

# Reference: https://twitter.com/KorbenD_Intel/status/1195341394132525056

http://35.181.60.96

# Reference: https://app.any.run/tasks/8da10f37-1e46-4c71-88bb-e72c40c99e24/

harmonyfacility.com

# Reference: https://www.virustotal.com/gui/file/5a9deafa8e6837307213369aa2e64287fa1bedd3dd2b4e9c6c2f7f44629f8a35/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.217.1.190/relations

apkauto.xyz
every1sad.club

# Reference: https://twitter.com/FewAtoms/status/1195727132112150529

sktinds.com

# Reference: https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/

nb.ruisgood.ru
pc.5b6b7b.ru

# Reference: https://www.virustotal.com/gui/ip-address/23.249.165.218/relations

http://23.249.165.218

# Reference: https://app.any.run/tasks/10beb62e-cbee-4661-90b1-5a3d4509da3a/
# Reference: https://twitter.com/JayTHL/status/1195824602498437128

ocean-v.com/wp-content/1.txt
ocean-v.com/wp-content/1.exe

# Reference: https://twitter.com/benkow_/status/1196016846841012224
# Reference: https://www.virustotal.com/gui/file/2d6e42c8aed0b6e23d809d8010e9bc72f0eb59aa1249b97c10f8f15097c4a777/detection

donkixota.com
loodd01.xyz
loodd02.xyz
prioritywireless.club

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

kfaxyl.com

# Reference: https://twitter.com/FewAtoms/status/1196079049157808128

realgauthier.com

# Reference: https://twitter.com/_re_fox/status/1196122304138399745

vulpss.net/696969crpty/

# Reference: https://twitter.com/SoulRage6/status/1196392449318494209

mac-mmanuel.com

# Reference: https://twitter.com/FewAtoms/status/1196453357008957440

http://13.54.13.60

# Reference: https://twitter.com/KanbeWorks/status/1196639129812881408

http://54.36.139.1

# Reference: https://twitter.com/ANeilan/status/1196748994728333313

feguhkejwfkgwvfjhkbevcgh.cf

# Reference: https://twitter.com/trotsky57271861/status/1196765541014224896

kitchenraja.in

# Reference: https://twitter.com/FewAtoms/status/1197921095250300928

http://217.73.60.123

# Reference: https://twitter.com/James_inthe_box/status/1197917197324058624

http://23.254.228.211

# Reference: https://twitter.com/FewAtoms/status/1198574338036969474

uloab.com

# Reference: https://twitter.com/H_Miser/status/1198907447534067712

dlfact.club

# Reference: https://twitter.com/FewAtoms/status/1199015111794536455

yakusgewe.xyz

# Reference: https://twitter.com/wwp96/status/1199000890541256704

milliemefford.com

# Reference: https://twitter.com/wwp96/status/1199056486460207106
# Reference: https://app.any.run/tasks/25229a32-2a2b-4bd3-b1ca-046fafb192f5/

http://193.70.124.48

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

skjhjl.xyz

# Reference: https://twitter.com/FewAtoms/status/1199331943348867072

new-year-packages.com

# Reference: https://twitter.com/wwp96/status/1199412245857484813

http://45.137.22.59

# Reference: https://twitter.com/Jouliok/status/1199582844751941635

gsa.co.in/work/

# Reference: https://www.virustotal.com/gui/ip-address/54.202.202.94/relations

http://54.202.202.94

# Reference: https://app.any.run/tasks/112fd54b-a113-4484-88db-b59b26dce809/

tfortytimes.com

# Reference: https://twitter.com/FewAtoms/status/1200079922959699968

ihs-usa.com/doocs/

# Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/
# Reference: https://www.virustotal.com/gui/ip-address/182.50.135.88/relations

http://182.50.135.88

# Reference: https://twitter.com/VK_Intel/status/1200706216256843776
# Reference: https://www.virustotal.com/gui/file/dbd1d88ea93e26a4a52dd4180a5f2eb461822e3f5a2dcc0e61a5fc31d8c77f75/detection

141.193.6.84

# Reference: https://www.virustotal.com/gui/file/2de81be5ccb948ebadfbf8f469bb3ea749d23a33a203267ef78b07b496da8052/detection

http://185.61.138.111

# Reference: https://www.virustotal.com/gui/file/377cb36c07f059e3e46752e56a9fcf79aa673d453272edaa30a2fa83ecbf5780/detection

http://185.62.188.169

# Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection

http://66.154.103.133

# Reference: https://twitter.com/smii_mondher/status/1201820356694163457
# Reference: https://www.virustotal.com/gui/ip-address/83.136.106.208/relations

http://83.136.106.208

# Reference: https://twitter.com/cyber__sloth/status/1202274774342406144

http://89.40.12.19

# Reference: https://twitter.com/killamjr/status/1202386355378098177
# Reference: https://app.any.run/tasks/a5aa519c-9739-4096-8549-6f5af5af3290/
# Reference: https://app.any.run/tasks/b480973a-0b99-46ad-9a74-6fab20fc206e/

http://198.23.202.33
http://64.188.27.121

# Reference: https://twitter.com/ViriBack/status/1202767892518883329

panel222.info

# Reference: https://twitter.com/VK_Intel/status/1202844659908825088
# Reference: https://www.virustotal.com/gui/file/18501a9284b2160d17a9ec5f6fcfdc094e036b7d8c7b84594351129472ac925c/detection

176.122.130.199:8080

# Reference: https://twitter.com/malwrhunterteam/status/1202919436912603137

http://217.8.117.61

# Reference: https://twitter.com/ecarlesi/status/1202360981449531392

audanmon.com

# Reference: https://twitter.com/notajungman/status/1203034991858466817

worldwidetechsecurity.com

# Reference: https://twitter.com/GrujaRS/status/1203413394642161664

http://185.222.202.218

# Reference: https://twitter.com/GrujaRS/status/1197290398810542081

manage-invoices.info

# Reference: https://app.any.run/tasks/927fdec0-3dd3-4da8-8e4e-3fd632c5589f/

iphm.info

# Reference: https://twitter.com/VK_Intel/status/1203941934869438464
# Reference: https://www.virustotal.com/gui/file/10d46ea95b9168c93f05fe617c83763dcd734c69efd454512a46c9f225712119/detection

7.24.136.88

# Reference: https://pastebin.com/63w4JXts

meitao886.com

# Reference: https://twitter.com/James_inthe_box/status/1204063774933581824

http://141.255.164.13
http://146.185.195.20

# Reference: https://twitter.com/wwp96/status/1204112610096009218

globalfbdnsaddressgoogle.duckdns.org

# Reference: https://www.virustotal.com/gui/file/30b3e5e0f5fe6b2209d8bf77f36794faf7aa99989016e2cefea820ef1f507d4f/detection

http://216.170.126.11

# Reference: https://twitter.com/cyber__sloth/status/1204366146389958656

http://5.255.63.12

# Reference: https://www.virustotal.com/gui/ip-address/89.35.178.104/relations

http://89.35.178.104

# Reference: https://twitter.com/JAMESWT_MHT/status/1204410470574125058

http://34.217.107.238

# Reference: https://twitter.com/silascutler/status/1204422133780242434

http://205.185.115.72

# Reference: https://twitter.com/midnight_comms/status/1204429816956620807

205.185.115.72:9801

# Reference: https://app.any.run/tasks/18af3b1c-d5b4-4727-a06e-8c2aa9d2daac/

http://192.236.155.17

# Reference: https://twitter.com/James_inthe_box/status/1205177628623130624

xmr-services.tk

# Reference: https://www.virustotal.com/gui/file/a98b22bb93491a53434640c0f89cac49c12de89fea28c5f84caaccd7961f1b06/detection

white-hita-3339.but.jp

# Reference: https://twitter.com/KorbenD_Intel/status/1205620725526208513

drmarciavila.com.br

# Reference: https://twitter.com/0xFrost/status/1116608057268527105

toothless28.pw

# Reference: https://www.virustotal.com/gui/ip-address/94.73.32.235/relations

http://94.73.32.235

# Reference: https://www.virustotal.com/gui/domain/greatmischiefdesign.com/relations

greatmischiefdesign.com

# Reference: https://twitter.com/malwrhunterteam/status/1205942062610141185

http://45.128.133.37

# Reference: https://www.virustotal.com/gui/domain/urbanvillager.xyz/relations

urbanvillager.xyz

# Reference: https://twitter.com/Rmy_Reserve/status/1206596674920972288

newcontest.xyz

# Reference: https://twitter.com/VK_Intel/status/1206643330488184832
# Reference: https://www.virustotal.com/gui/file/570768d139c2ed7f75c792746a13247dea897baac575b8faf62452d37399aab0/detection

47.107.136.247:8080

# Reference: https://twitter.com/wwp96/status/1206662163869380608

l500c.com

# Reference: https://twitter.com/FewAtoms/status/1206986920036896769

http://133.18.202.74

# Reference: https://twitter.com/mal_share/status/1206691868639141888

http://161.246.67.165

# Reference: https://twitter.com/James_inthe_box/status/1206952335764795392

masabikpanel.top

# Reference: https://www.virustotal.com/gui/file/6929d2d74fa9846394f03ba2639480b920cb614fff4698316507237161c9600e/detection

185.147.15.13:443

# Reference: https://twitter.com/david_jursa/status/1207631642988298240

mainsourceoffreeupdate.best

# Reference: https://twitter.com/SaudiDFIR/status/1207621069227614208
# Reference: https://app.any.run/tasks/bb422434-c9c8-4e89-bf95-7e44b9f0bf98/

lizen-pierre.be

# Reference: https://twitter.com/James_inthe_box/status/1207678562712637441

bhraman.org

# Reference: https://twitter.com/James_inthe_box/status/1207379438179999747 (# mailerbot)

http://185.174.173.152
/rkeurewvfgo4/cmd.php

# Reference: https://app.any.run/tasks/157ab2e2-f469-415d-9288-f7fe304704d7/

http://80.93.182.219

# Reference: https://www.virustotal.com/gui/ip-address/45.142.213.167/relations

http://45.142.213.167
45.142.213.167:443

# Reference: https://twitter.com/Jesse_V_Burke/status/1207878795430109186

185.122.59.78:443

# Reference: https://twitter.com/VK_Intel/status/1208340410331996160
# Reference: https://www.virustotal.com/gui/ip-address/101.132.43.162/relations

http://101.132.43.162

# Reference: https://twitter.com/prsecurity_/status/1208950830918860800
# Reference: https://www.virustotal.com/gui/ip-address/176.99.11.209/relations

176.99.11.209:80
176.99.11.209:443
5025026.ru
avito.cm
avito.vg
deffender.website
drunk-ac.ru
engineer-s.ru
exploits.pro
getsees.website
gryphs.ru
lapaz.ru
legenda.casa
money-match.ru
muhosransk.site
mymoneycontrol.site
photobattle.ru
popyti.com
securepay.cm
strastimardasti.club
telegrambillionaire.top
tinkoff.llc
yourluck.pro
yourluck.xyz

# Reference: https://twitter.com/nao_sec/status/1209090544711815169

krostaur.com

# Reference: https://twitter.com/James_inthe_box/status/1209150941661810690

http://185.216.35.21

# Reference: https://twitter.com/malware_traffic/status/1209638262970748929
# Reference: https://www.virustotal.com/gui/ip-address/45.72.3.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.174.12.130/details

45.72.3.132:80
45.72.3.132:443
79.174.12.130:80
alertactivityonaccwellslockedacconholdwf.host
alertkaccountwellsblockedverifyidacconholdwf.host
alertnoticealertlockedwellsaccessblockedacconholdwf.host
alertnoticealertwellsaccblockedacconholdcheckwf.host
alertonlinebankaccesswellsblockedacconholdwf.host
alertsecuritybrokenaccesswellsblockedacconholdwf.host

# Reference: https://www.virustotal.com/gui/ip-address/5.149.248.134/relations

http://5.149.248.134

# Reference: https://twitter.com/tkanalyst/status/1209829485643612160

earlyace55.com
infocarnames.ru

# Reference: https://twitter.com/James_inthe_box/status/1209833422832558081

imaginemix.ru

# Reference: https://twitter.com/killamjr/status/1210215114407735296

armantraders.net

# Reference: https://www.virustotal.com/gui/ip-address/37.46.135.58/relations

momo33333.fvds.ru

# Reference: https://twitter.com/FewAtoms/status/1210646032780070914

http://94.158.245.73

# Reference: https://www.virustotal.com/gui/file/c04548d4218739cba4b320b75c8cc58f8cc1d18996226344b892e0140e273798/detection

http://52.47.207.162
52.47.207.162:82

# Reference: https://www.virustotal.com/gui/file/946e6abf72126a942cfb63916e6ec2e2b597a6c7beba04d76c4213a0e51ce97d/detection

3.17.202.129:80
35aad9f7.ngrok.io

# Reference: https://www.virustotal.com/gui/file/db58265db4c657a02cc16ae7efc62f288c97af3b6734b3a891f7bcf105eff802/detection

18.223.41.243:443
3.14.212.173:443
f9e7020b.ngrok.io

# Reference: https://www.virustotal.com/gui/file/a3dcc3c8b03f6c5602c95b83864c69d8f0255b44a62f16cc79a22c963dbcf870/detection

3.17.202.129:443
af721e3a.ngrok.io

# Reference: https://www.virustotal.com/gui/file/38f55a06ce1abdbba07acb14aaca0fd7f8f5cfa017f9ae6519455cc35f36efdb/detection

18.188.14.65:443
1d9f0a85.ngrok.io

# Reference: https://www.virustotal.com/gui/file/4d4bd13f171d0a9fd7a71285bd90cacd4b2f00a15cbf374af0937cbafffb7674/detection

3.17.202.129:22

# Reference: https://www.virustotal.com/gui/domain/capeturk.com/relations

capeturk.com

# Reference: https://www.virustotal.com/gui/domain/goldenshoponline.us/relations

goldenshoponline.us

# Reference: https://app.any.run/tasks/76423975-6bd1-48f0-9758-89ceb126bf48/

lifesuporte.site

# Reference: https://twitter.com/FewAtoms/status/1211992847643238400

http://133.18.201.42

# Reference: https://www.virustotal.com/gui/file/80fe44438b4d25301a09e6b14a8e746980d858191319e8970617b7ffb7cb29de/detection

193.161.193.99:443
193.161.193.99:80

# Reference: https://twitter.com/malwrhunterteam/status/1212337904892207106
# Reference: https://www.virustotal.com/gui/ip-address/119.3.232.159/relations

119.3.232.159

# Reference: https://twitter.com/ps66uk/status/1212730450432679936

newyearddnsaddressupdatelink.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1210343558705795074

http://66.85.173.6

# Reference: http://plok1.blogspot.com/2018/02/a-new-spreader-with-mimikatz.html
# Reference: https://www.virustotal.com/gui/domain/kishi73.com.br/relations

kishi73.com.br

# Reference: https://twitter.com/Jouliok/status/1212682749452148736
# Reference: https://www.virustotal.com/gui/ip-address/100.43.136.34/relations

100.43.136.34:1717
100.43.136.34:80

# Reference: https://www.virustotal.com/gui/file/a260de9672842bfc45f9335a7d405b64d53815d7d1b8ec8f3e0768c422e73a30/detection

http://194.36.191.245

# Reference: https://twitter.com/pancak3lullz/status/1212781520483758083

http://133.18.169.9

# Reference: https://www.virustotal.com/gui/file/6291a9f4ac7dbb741f317c61b7f60bb5d9bc064abeb47e66292ededbfcb38966/detection

http://185.234.218.210

# Reference: https://www.virustotal.com/gui/file/14843438836afd53d256e4e71b57365ba2e7fd3a9631c377fe6e5a0aca3e45a1/detection

sweethome11.tk

# Reference: https://www.virustotal.com/gui/file/e0b416bd9da9580632cf8b56021a7f132f3f305a52e1facde9243df1dd7aaaf8/detection

werfcdxv.ru

# Reference: https://www.virustotal.com/gui/file/85f350b9d26c0a7c79558237ececfaa2c3472b2fe5ade88c0147eb3ec38fc991/detection

solex.duckdns.org
systic.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4e94d2474092220738319eece43e0c959a34339ab0871ccbd620f0366b4faf5c/detection

ecstay.website

# Reference: https://www.virustotal.com/gui/domain/sergiormo.duckdns.org/relations

sergiormo.duckdns.org

# Reference: https://app.any.run/tasks/1c4d20f3-d267-4176-9a2b-1a35656aa4c6/

recoverydata.merehosting.com

# Reference: https://twitter.com/JayTHL/status/1213530066065526784

lokigoblinoppd.com
simnlpedezir.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969

http://23.227.207.185

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

pinkpanda.pw

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

bc2rymcehnrb.gq
zpu5mahtuq3t.tk

# Reference: https://twitter.com/securitydoggo/status/1214185262160457728

maxtraders.net

# Reference: https://twitter.com/James_inthe_box/status/1214176338040410112

davespack.top

# Reference: https://twitter.com/FewAtoms/status/1214258688980062208

l500c.com

# Reference: https://twitter.com/SecSome/status/1214606873665650688

dyessar.buzz

# Reference: https://www.virustotal.com/gui/file/27b2c05614676616e8e3b62658c6dabd603ab8e4d135a9384871166998753f42/detection

portofino.ug

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1215267911666950145

http://3.84.5.126

# Reference: https://twitter.com/reecdeep/status/1215666445264224256

buzztrends.club

# Reference: https://twitter.com/malwrhunterteam/status/1215689657880662018
# Reference: https://twitter.com/James_inthe_box/status/1215706026302824449

http://178.128.215.46

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://www.virustotal.com/gui/domain/bobbitopedia.com/relations

bobbitopedia.com

# Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/

dsi-info.fr

# Reference: https://twitter.com/FewAtoms/status/1216753032504975362

aaagpsovot.com

# Reference: https://twitter.com/malware_traffic/status/1216882597789360134

cheklre4.xyz

# Reference: https://twitter.com/dave_daves/status/1217021709498363904

uptodateread.ddns.net

# Reference: https://twitter.com/reecdeep/status/1217101781563584513

http://185.159.82.39

# Reference: https://twitter.com/James_inthe_box/status/1217123673502445573

http://45.77.173.124

# Reference: https://twitter.com/3XS0/status/1217144032591257600

alldayever231.su

# Reference: https://app.any.run/tasks/35c35367-58e4-46bc-ac62-4052ce7689ed/

http://191.239.243.112

# Reference: https://twitter.com/James_inthe_box/status/1217481969581219840 

youaernedit.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1217739290270191616

interpremier1998.ru

# Reference: https://twitter.com/James_inthe_box/status/1217781646717419520

mellle.com

# Reference: https://twitter.com/malware_traffic/status/1217791790423650304

turnkeycre.com

# Reference: https://twitter.com/securitydoggo/status/1217802812769349633

fajr.com

# Reference: https://twitter.com/nao_sec/status/1217834630612647946
# Reference: https://app.any.run/tasks/c5f307eb-4389-4713-83a4-67ee331409f9/

easy-web-weight-loss.com

# Reference: https://twitter.com/unmaskparasites/status/1217866836324339713

http://45.83.122.65

# Reference: https://www.virustotal.com/gui/file/e92ba8c91051a2491c7b0c7a6310a3381734c11e54045e687c1591e2d757d8ab/detection

http://144.217.83.43
http://5.206.225.104

# Reference: https://www.virustotal.com/gui/ip-address/5.2.70.145/relations

http://5.2.70.145

# Reference: https://app.any.run/tasks/e9d670ed-e84c-4bf6-8fa2-2b1b7310d827/

down.onefast.cc
mprrpt.hjkl45678.xyz
cltrpt.vbnm34567.xyz
8xxjezfm.slt.cdntip.com
zhaobin.byc.580.bydj2019.com
byd.580.bydj2019.com
yun3.6fenkj.com

# Reference: https://www.virustotal.com/gui/file/e6e69be7d884b4bde7505593a450153a67c51eab8e46a75419e2610edf947076/detection

185.38.151.11:80
fl4shg4m35.com

# Reference: https://intezer.com/blog-linux-rekoobe-operating-with-new-undetected-malware-samples
# Reference: https://otx.alienvault.com/pulse/5e25cfbcd7e22ce9b7d4ea71
# Reference: https://www.virustotal.com/gui/domain/bitscan.win/relations

bitscan.win

# Reference: https://twitter.com/Jouliok/status/1219337071405477890

buildyourownbotnet.com

# Reference: https://twitter.com/wwp96/status/1219363482031861760

achpanel.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1219555398266605568

alphaputin.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1219848952239050754

mobile-lot.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1219906163875221504/photo/1

http://46.183.218.248

# Reference: https://www.virustotal.com/gui/domain/fd6fq54s6df541q23sdxfg.eu/relations

fd6fq54s6df541q23sdxfg.eu

# Reference: https://www.virustotal.com/gui/domain/fflyy.su/relations

fflyy.su

# Reference: https://www.virustotal.com/gui/domain/emedtutor.com/relations

emedtutor.com

# Reference: https://app.any.run/tasks/50c91d01-3e7b-40b3-a6e2-2ada1de3c2b9/

alphaenergyeng.com

# Reference: https://www.exposedbotnets.com/2012/08/bbqcto-irc-botnets-hosted-by-france.html

bb.qc.to

# Reference: https://www.exposedbotnets.com/2013/04/x01bkr2biz-snk-asper-mod-irc-botne.html

x01bkr2.biz
zr0x1b9.biz
xkzykxb.biz
xeyaz.biz

# Reference: https://www.exposedbotnets.com/2013/05/srv5su-snk-asper-mod-irc-botnet-hosted.html

srv5.su
srv50.su

# Reference: https://www.exposedbotnets.com/2013/03/x1x4x0su-snk-asper-mod-irc-botne.html

x1x4x0.su

# Reference: https://www.malekal.com/bossabotv2-another-linux-backdoor-irc/

ircqfrum.com
ka3ek.com
nadnadzzz.info
srv5050.co
saudicool.org
x01bkr2.biz
zerx-virus.biz
lebanonbt.info

# Reference: https://www.exposedbotnets.com/2018/07/bticoinsumonero-miner.html

bticoin.su

# Reference: https://www.exposedbotnets.com/2017/10/bullguard09wm01toinjectordsce-hosted-in.html

bullguard09.wm01.to

# Reference: https://www.virustotal.com/gui/ip-address/5.182.211.76/relations

5.182.211.76:80

# Reference: https://www.virustotal.com/gui/ip-address/185.251.39.251/relations

185.251.39.251:80

# Reference: https://www.virustotal.com/gui/ip-address/46.173.219.17/relations

46.173.219.17:80

# Reference: https://app.any.run/tasks/a3d578ef-0492-4ec2-b640-de38ab8eed74/

askarindo.or.id/js/

# Reference: https://twitter.com/James_inthe_box/status/1220818460235583489

alwasl-syria.com

# Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection

http://216.83.52.40
http://45.139.236.14
silvergeoa.com

# Reference: https://www.virustotal.com/gui/file/1eb6c25406ed155d70cc2e5df02f6327458ac48542e1d633532e444ac6f97065/detection

http://109.169.89.117

# Reference: https://www.virustotal.com/gui/file/706d442630e1505c69f1ccd33e74ae87a5a228cea5dd3de1337f38157e1915c3/detection

http://23.92.211.212

# Reference: https://twitter.com/Rmy_Reserve/status/1221030155088318466

cnamel.com

# Reference: https://www.virustotal.com/gui/domain/lanjayn.ga/relations

lanjayn.ga

# Reference: https://twitter.com/JohnLaTwC/status/1221111943387209730
# Reference: https://www.virustotal.com/gui/domain/insurance-statistics.com/relations

insurance-statistics.com

# Reference: https://www.virustotal.com/gui/domain/morganjeff.com/relations

morganjeff.com

# Reference: https://www.virustotal.com/gui/domain/sasill.com/relations

sasill.com

# Reference: https://www.virustotal.com/gui/file/b4161c6001b0e97db2f134f8bb9095ee809b47c8e1a2ed5021d081838b33d5cb/detection

unitedwebpay.co

# Reference: https://www.virustotal.com/gui/file/918c1f5862dd56d81876b83d2846eaac2c64ac00004e3b4ccae48a2ead77088c/detection

ancrout.info

# Reference: https://twitter.com/SBousseaden/status/1221562146573758472
# Reference: https://app.any.run/tasks/2f64ab4f-b405-4462-830c-03cbdf475216/
# Reference: https://www.virustotal.com/gui/ip-address/87.57.141.215/relations
# Reference: https://www.virustotal.com/gui/file/082eff8046385cb9233ddd792d4e118c9834a8a11cf4d980b4279ec5aeb53968/detection
# Reference: https://www.virustotal.com/gui/file/aaa246dfe7122fcb872ec5298b9fd53aa50486bfb4107db70c1fbfca112218c4/detection
# Reference: https://www.virustotal.com/gui/file/f26ecee1261cb0732b0b84bc4802c3828a57c53906c1c6d283675e28f097b515/detection
# Reference: https://www.virustotal.com/gui/file/994bdaa56ca8652f249cfae35d6726edfcd324fe8524144e06bf3b6e542f00d9/detection

87.57.141.215:443
87.57.141.215:80
mine.fortipower.com

# Reference: https://www.virustotal.com/gui/ip-address/198.46.190.14/relations

198.46.190.14:80

# Reference: https://www.virustotal.com/gui/ip-address/193.26.217.230/relations

193.26.217.230:80

# Reference: https://twitter.com/JayTHL/status/1221880058995970049

5.45.71.32:443
5.45.71.32:80

# Reference: https://twitter.com/wwp96/status/1221889989346320385
# Reference: https://www.virustotal.com/gui/ip-address/142.93.64.230/relations

142.93.64.230:443
belflax.pt
eclipsagr.site
ordernow.site
transferorder.xyz
webbelflax.pt
webeclipsagr.site
webordernow.site
webtransferorder.xyz
webwestfieldindustries.tk
webwetrans.xyz
westfieldindustries.tk
wetrans.xyz

# Reference: https://app.any.run/tasks/23fa0ea9-a950-48d1-9134-7f4ef49eadc6/

0.le4net00.net
0.weathdata.nu

# Reference: https://twitter.com/benkow_/status/1221862063888314368
# Reference: https://www.virustotal.com/gui/domain/exee.space/relations

exee.space

# Reference: https://twitter.com/FewAtoms/status/1222240268944125954

metaseed.duckdns.org

# Reference: https://twitter.com/unmaskparasites/status/1222248365666250755

hypanis.ru

# Reference: https://www.virustotal.com/gui/ip-address/209.141.59.245/relations

209.141.59.245:80

# Reference: https://www.virustotal.com/gui/domain/flkjnoijoljoioli21.top/relations

flkjnoijoljoioli21.top

# Reference: https://www.virustotal.com/gui/domain/dafadeewewwzzzz.website/relations

dafadeewewwzzzz.website

# Reference: https://twitter.com/SBousseaden/status/1222465015975948289
# Reference: https://app.any.run/tasks/b63ec8f5-70a6-4379-97e9-acbe3ce5ecde/
# Reference: https://app.any.run/tasks/4c404a75-4caf-430b-a901-c18bc8fb0824/

104.28.1.134:2087
172.86.75.211:80
dentalmatrix.net

# Reference: https://twitter.com/laskow26/status/1222332258092105729

sophosdefence.com

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.153/relations

dark-team.pw

# Reference: https://www.virustotal.com/gui/file/2377a5c17179b5284b7abb170fbdb900d98dfd72131dd4e37438c8688074c378/detection

fateh-news.my-firewall.org

# Reference: https://www.virustotal.com/gui/ip-address/3.112.246.37/relations

3.112.246.37:80

# Reference: https://twitter.com/phishunt_io/status/1222960636780597249
# Reference: https://www.virustotal.com/gui/domain/amazongifts.org/relations

amazongifts.org

# Reference: https://twitter.com/benkow_/status/1223234991678787584

greyrockland.com
spineyes.club

# Reference: https://twitter.com/DynamicAnalysis/status/1223303076100169730

seobrooke.com

# Reference: https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9
# Reference: https://otx.alienvault.com/pulse/5e35b7da3cd07e55edf22c8c

cdn-line.kz
crewtyxz.biz
faxtoweb.org
gcdn.kz
gstatic.kz
hotmail.org.kz
maildomain.kz
msf.org.kz
nexfail.com
office.com.kz
oneppdatemicro.com
outlook.kz
regsvr32.kz
webfax.org
yahoo.org.kz

# Reference: https://twitter.com/SBousseaden/status/1221834746084368385
# Reference: https://app.any.run/tasks/4a40a89c-bddd-4df8-993e-5732d8a52133/
# Reference: https://www.virustotal.com/gui/domain/securelogonweb.com/relations
# Reference: https://www.virustotal.com/gui/file/a8abcfde1a8d2eb3008e346c68ab4486c402e8d4dcd8d17e56787fa1c52e616b/detection

securelogonweb.com

# Reference: https://twitter.com/FewAtoms/status/1224372841786855425

http://13.234.231.211
http://178.218.222.185
http://www.pedrojorge.pt/cypher/

# Reference: https://twitter.com/OttoScav/status/1224359600352301056
# Reference: https://www.virustotal.com/gui/file/42fe3715f6197416ff34c99a0fbcf5a8fe4757c3080a4518f2ac54e94a05251c/detection

194.36.188.132:443

# Reference: https://twitter.com/James_inthe_box/status/1224398473065189376

evalogs.top

# Reference: https://twitter.com/ScumBots/status/1224442375088435200

46.28.205.87:80

# Reference: https://www.virustotal.com/gui/ip-address/199.19.226.33/relations

199.19.226.33:80

# Reference: https://twitter.com/ScumBots/status/1224527205759438850

iexploreservice.com

# Reference: https://twitter.com/ScumBots/status/1224529580444221440

40.114.116.10:80

# Reference: https://twitter.com/wwp96/status/1224382200218603521

impulsefittness.info

# Reference: https://app.any.run/tasks/1f6ecf5b-ce20-430e-b319-e4a695fab823/

merkez.tk

# Reference: https://twitter.com/Rmy_Reserve/status/1224878446565683201
# Reference: https://www.virustotal.com/gui/ip-address/172.86.75.211/relations
# Reference: https://app.any.run/tasks/1362c931-b93e-41c1-8497-4a7132ce7459/

172.86.75.211:80
dentalmatrix.net

# Reference: https://twitter.com/FewAtoms/status/1225072383087841281

palmiericurtains.com

# Reference: https://twitter.com/JayTHL/status/1225117583898218496

aluminum.dyndns.dk
maios12.dyndns.dk

# Reference: https://app.any.run/tasks/36f61504-d0ce-4bfe-be53-3f4a21817677/

185.253.99.100:80
185.51.203.211:80

# Reference: https://twitter.com/FewAtoms/status/1226175723775258624

45.141.86.18:80

# Reference: https://twitter.com/ViriBack/status/1226223550387933184

pentestblog.xyz

# Reference: https://www.virustotal.com/gui/domain/niggacumyafacenet.xyz/relations

niggacumyafacenet.xyz

# Reference: https://twitter.com/K_N1kolenko/status/1226769404274335744

104.211.165.111:1942

# Reference: https://www.virustotal.com/gui/file/a1b4597019f73f54d3981468c9bbe0ca1e144f06bda349d8baa2f607d90f4fb1/detection
# Reference: https://www.virustotal.com/gui/file/8c6cc35529e440cbccb7e33019d7a0ccea0db9f30d2035cad4e66a0d47341b79/detection
# Reference: https://www.virustotal.com/gui/ip-address/77.83.172.136/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.158.113.232/relations

185.158.113.232:7777
77.83.172.136:7777
kiras.hk
manip2.hk
bgpaio75egqvqigekt5bqfppzgth72r22f7vhm6xolzqd6ohroxs7pqd.onion
jr2jjfxgklthlxh63cz3ajdvh7cj6boz3c3fbhriklk7yip4ce4vzsyd.onion
rcjndzwubq5zbay5xoqk4dnc23gr4ifseqqsmbw5soogye6yysc7nkyd.onion
uovyniuak3w4d3yzs4z4hfgx2qa6l2u6cx4wqsje4pmnmygc6vfddwqd.onion

# Reference: https://twitter.com/ANeilan/status/1226957261697843200

dotcfmkc.cf

# Reference: https://twitter.com/ANeilan/status/1226943927430848512

cdfolkme.cf

# Reference: https://twitter.com/ANeilan/status/1226941630722322434

adnmya.tk

# Reference: https://twitter.com/Arkbird_SOLG/status/1226977494215077888

marcuskirol.online

# Reference: https://twitter.com/reecdeep/status/1227158430013677569

185.195.237.17:80

# Reference: https://github.com/stamparm/maltrail/pull/6726#issuecomment-585133462

185.27.134.11:21
ftpupload.net

# Reference: http://cybercrime-tracker.net/index.php?search=Stealer (as seen on 2018-09-01)

alessa-kw.com
alrayyanplastics.com
ambliglobal.nut.cc
annapoliscrabtownphotos.com
bclm-es.info
binousgroup.nut.cc
bitgetglobal.club
briiskgroup.com
cliten.microdoctor.com.br
cyberfreakz.cf
deffanogroup.co.id
emiretas.com
gazeboindonesia.com
gg.net.co
goldenalhaji.com
gpt.sa.com
gruopcor.com
gtneifnsyrf.tk
handsomelaw.id
hectords.us
ieejotex.com
imsa.com.au
iykepc.com
jasonetworks.com
kantanka.com
kiiey.ga
kindomstar.com
kwe-za.com
l2cc9521.justinstalledpanel.com
lacasonadelcartero.cl
lwis.cf
mahgoubsons.ml
owenscorming.com
owerri.usa.cc
richweva.com
ronjustthetrebho.net
sellychukwu.ru
sentrinonline.com
sepprod.com
spearsrnfq.net
stealerpanel.usa.cc
toddstretinc.com
trafficxx.com
u19982p14980.web0119.zxcs.nl
u19982p14983.web0119.zxcs.nl
untorsnot.in
wahuiilopi.club
webapp-mpp2.com
work.chukzenter.tk

# Reference: https://twitter.com/petrovic082/status/1145373440230273024
# Reference: https://pastebin.com/SCsbLU1n

theridgeatdanbury.com/wp-admin/network/server/login.php

# Reference: https://twitter.com/serhack_/status/1147795722215022592

electrumportal.com

# Reference: https://bitcointalk.org/index.php?topic=5133490.0 (Russian)

btc-electrum.com
btcelectrum.org
downloadelectrum.com
downloadelectrum.org
eiectrum.net
electrum.bz
electrumapp.org
electrumapps.com
electrumbase.com
electrumbase.net
electrumbase.org
electrumbitcoin.org
electrumbtc.org
electrumbuild.com
electrumcircle.com
electrumclient.org
electrumcore.com
electrumcore.net
electrumdownload.com
electrumdownload.org
electrume.com
electrume.org
electrumfix.com
electrumget.com
electrumget.com 
electrumhub.com
electrumnet.com
electrumofficial.com
electrumopen.org
electrumpgrade.com
electrumsafe.org
electrumsite.com
electrumsource.org
electrumstart.org
electrumtxn.com
electrumupdate.com
electrumupgrade.com
electrumupgrade.org
electrumware.com
electrumware.org
electrumweb.net
getelectrum.com
getelectrum.live
getelectrum.org
goelectrum.com
myelectrum.org
electro1wallet.info
electrodwallet.info
digi-wallet.info
jotubhsbn.website
zpvuvcf.xyz

# Reference: https://twitter.com/0xFrost/status/1188458586453745664
# Reference: https://pastebin.com/JDecBDpM

btc-electrum.net
btcelectrum.com
electrum-btc.net
electrum.ink
electrum.media
electrum.tools
electrum.zone
electrumapp.info
electrumapps.info
electrumball.com
electrumbase.online
electrumbase.sh
electrumbin.com
electrumbit.net
electrumbitcoin.club
electrumbitcoin.co
electrumbitcoin.info
electrumblocks.com
electrumboard.com
electrumbtc.info
electrumbtc.live
electrumbtc.me
electrumcoin.com
electrumeasy.net
electrumfiles.com
electrumflow.com
electruminstall.info
electruminstall.org
electrumpack.com
electrumpack.net
electrumpack.org
electrumpass.com
electrumpatch.com
electrumpath.com
electrumpath.org
electrumpin.com
electrumportal.net
electrumportal.org
electrumsecure.com
electrumserver.info
electrumset.com
electrumsite.org
electrumstar.com
electrumtech.me

# Reference: https://twitter.com/andsyn1/status/1271513659718668288

xn--elctrum-u8a.com

# Reference: https://twitter.com/Racco42/status/1148877632412487682
# Reference: https://app.any.run/tasks/698e5d3b-7080-4e00-a827-aabb132a8821/

/PostaSatanas.php

# Reference: https://twitter.com/ItsReallyNick/status/1150058573671665665
# Reference: https://www.virustotal.com/gui/file/5fb6d259f04a202d9d73110b568370a0eabbc24ce08d8416a85c2e718b7b8721/detection

52.90.226.47:443

# Reference: https://twitter.com/James_inthe_box/status/1159202555961851904

sd346.zzz.com.ua

# Reference: https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/ (# C2 section)

my.gobiox.com
login3.kimbrelelectric.com

# Reference: https://twitter.com/sniko_/status/1165293103655333888

wwwelectrum.org

# Reference: https://twitter.com/P3pperP0tts/status/1166493391263358976

rtsdyfucgj.temp.swtest.ru

# Reference: https://twitter.com/PRODAFT/status/1154016659868409856

undergrounddynamics.site

# Reference: https://twitter.com/VK_Intel/status/1171782155581689858

66.42.76.46:21

# Reference: https://twitter.com/sS55752750/status/1173668868784644105

s2.abcvg.ovh

# Reference: https://twitter.com/JAMESWT_MHT/status/1177109960309858304
# Reference: https://app.any.run/tasks/947e97aa-fb67-4856-bcc7-297b4d14c9cd/

http://112.175.138.213

# Reference: https://twitter.com/JAMESWT_MHT/status/1182597039105941504

nfe-fazenda.myftp.org

# Reference: https://twitter.com/James_inthe_box/status/1184519173268897792

9f249.f249724.96.lt

# Reference: https://twitter.com/iocsvault/status/1176144857284395009

jaster24h.biz
tviewer.ga

# Reference: https://twitter.com/James_inthe_box/status/1187689326353600512

luckykey.tk

# Reference: https://twitter.com/angel11VR/status/1189135390655078402

212.47.208.135:21

# Reference: https://twitter.com/unmaskparasites/status/1190016192511131655
# Reference: https://www.virustotal.com/gui/domain/saleforyou.org/details

1.saleforyou.org/tong/pa/newpw/pass.php
bingstyle.com/tong/pa/pass.php

# Reference: https://twitter.com/cyber__sloth/status/1182395650752892928
# Reference: https://www.virustotal.com/gui/file/7e3a8eda2a3c53b4e169db8b11d344c0308ede32884b18b2f225baf8bcb30aa5/detection

195.50.7.214:43231

# Reference: https://twitter.com/darienhuss/status/1192736459167588353 (# Cyber Agent)
# Reference: https://www.virustotal.com/gui/file/04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30/detection
# Reference: http://benkow.cc/wp_prezo.pdf

chrome-update-center.com
geolocation-sys.com

# Reference: https://twitter.com/GlaCiuS_/status/1192772160881868801
# Reference: https://www.virustotal.com/gui/file/ebddf88ffdf3cea966a66aa7337e5fdf7e2579db486521a869e7c12c40bb1916/detection

gregoirius2015.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1168894993160974336
# Reference: https://app.any.run/tasks/d2b6177d-e257-49ce-bc82-e1dc31321c64/
# Reference: https://www.virustotal.com/gui/file/a0f75184426976dfe0603507b99f87ce63ad79a5af10de935439576f0c48f47f/detection

gamebooster.pro
lokicode.had.su

# Reference: https://twitter.com/DbgShell/status/1197996130585460737

4aeoewr91oas1.anomalix.ml
lka177m3agc.37xia484cnd499x.ga
wa5to7naa1.a01mt584zk32sw1.ml

# Reference: https://twitter.com/JayTHL/status/1199021248417861632

45.137.151.95:21

# Reference: https://twitter.com/i/status/1199127438435012608

finabisope.xyz
happysitesworld.xyz
timenotbesea.xyz

# Reference: https://twitter.com/James_inthe_box/status/1200431694307684352
# Reference: https://www.virustotal.com/gui/file/00a1237e8faa646219744517b24cb4c8ebdbaa10d62e2b56fc25dffca832583c/detection

18.220.85.117:27000

# Reference: https://twitter.com/pancak3lullz/status/748631479144452096

ctr1p.com

# Reference: https://www.virustotal.com/gui/file/c180f56cf3d571352a7ea36c968000d61e543347d64a063bf2dcac26b1afe5df/detection

gf1433.f3322.net

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204447068321964032
# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204503912092446730
# Reference: https://www.virustotal.com/gui/file/1da250bbb5fbbe268ca2b919a8c2621237a1debda5bb42492b640b8e4f178818/detection

5.188.9.24:9171

# Reference: https://twitter.com/James_inthe_box/status/1204606741947666433
# Reference: https://app.any.run/tasks/768e34db-2ef1-41ed-ad8d-30a9ac7f35a4/

browserlootar.xtreme-apis.top

# Reference: https://twitter.com/MBThreatIntel/status/1208135822261637120

193.35.50.253:443
193.35.50.253:80
cardspay.xyz
interpaykabinet.cf
interpaykabinet.ga
interpaykabinet.gq
interpaykabinet.ml
interpaykabinet.tk
interpayoffice.cf
interpayoffice.ga
interpayoffice.gq
interpayoffice.ml
interpayoffice.tk
kibermansuladu.cf
kibermansuladu.ga
kibermansuladu.gq
kibermansuladu.ml
kibermansuladu.tk
luckipasdretop.cf
luckipasdretop.ga
luckipasdretop.gq
luckipasdretop.ml
luckipasdretop.tk
offensepayinter.cf
offensepayinter.ga
offensepayinter.gq
offensepayinter.ml
offensepayinter.tk
paycards.xyz
pireulwiterykam.cf
pireulwiterykam.ga
pireulwiterykam.gq
pireulwiterykam.ml
pireulwiterykam.tk
zaemaropiteds.cf
zaemaropiteds.ga
zaemaropiteds.gq
zaemaropiteds.ml
zaemaropiteds.tk

# Reference: https://twitter.com/MBThreatIntel/status/1213201167838089216
# Reference: https://www.virustotal.com/gui/ip-address/193.35.50.250/relations

193.35.50.250:443
193.35.50.250:80
paygooloffice.cf
paygooloffice.ga
paygooloffice.gq
paygooloffice.ml
paygooloffice.tk
paygoolofficearabi.cf
paygoolofficearabi.ga
paygoolofficearabi.gq
paygoolofficearabi.ml
paygoolofficearabi.tk

# Reference: https://www.virustotal.com/gui/ip-address/193.35.50.252/relations

193.35.50.252:443
193.35.50.252:80
arabianpayclub.cf
arabianpayclub.ga
arabianpayclub.gq
arabianpayclub.ml
arabianpayclub.tk
freepayinterkom.cf
freepayinterkom.ga
freepayinterkom.gq
freepayinterkom.ml
freepayinterkom.tk
interkomarabipay.cf
interkomarabipay.ga
interkomarabipay.gq
interkomarabipay.ml
interkomarabipay.tk
payarabionmany.cf
payarabionmany.ga
payarabionmany.gq
payarabionmany.ml
payarabionmany.tk

# Reference: https://twitter.com/unmaskparasites/status/1214266385003495424

http://200.63.40.60

# Reference: https://www.virustotal.com/gui/file/3c154dc2e1eaab82e28934368e05e125787d748b27f90d4dea2265fbde1f6997/detection

179.180.82.144:80

# Reference: https://www.virustotal.com/gui/file/3eea2a5d7d5b692179500b8c6e6edb40454538fd8593bc6d4be042c744af0b1e/detection

185.140.53.134:443

# Reference: https://www.virustotal.com/gui/file/1a49dc441d93c44de5fe946e14f8f06464680cf9d9e537fb36d3535003a1a1b1/detection

95.182.122.184:80

# Reference: https://twitter.com/reecdeep/status/1220256702722977793
# Reference: https://app.any.run/tasks/45fa3d27-2f55-44de-914c-f93af54234c9/

toratoratora.altervista.org

# Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection

installsilver.com
confirmssystems.com
passwordkernel.online
123321123.fun
myprintscreen.com
budison-oklarly.com
termscenter.com
cleand8yv0m6g.top
newbook-t.info

# Reference: https://www.virustotal.com/gui/domain/pix-fix.net/relations

pix-fix.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.225.32/relations

ddtupdate1.top
ddtupdate4.top
legion17.com
mypandacleaner.info
rrudate1.top
rrudate2.top
slupdate1.top
slupdate2.top
slupdate3.top
ssdupdate1.top
ssdupdate2.top
ssdupdate3.top
statistics-pro.best

# Reference: https://www.virustotal.com/gui/ip-address/52.59.77.115/relations

http://52.59.77.115

# Reference: https://twitter.com/ni_fi_70/status/1227561744702283776

deadrick-812.tk

# Reference: https://app.any.run/tasks/9190151a-739e-41c0-b89d-71bf74414ab4/

googlechromeupdate.ga
googlechromeupdate.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1227982693889183744
# Reference: https://app.any.run/tasks/967c009c-cfaa-411f-b804-69bc23bb5814/

13.72.105.98:443
13.72.105.98:80

# Reference: https://www.virustotal.com/gui/file/267c20b0295420c2638bd6b6087ab7e82f1e10341a8a957a3c28c69fd3bf2890/detection

docxuploads.com

# Reference: https://www.virustotal.com/gui/ip-address/23.224.179.28/relations

o076un.com
sggl1527.top
sggl6527.top
dlytw.com

# Reference: https://www.virustotal.com/gui/file/c64a96098559189d85c0e59c4a45740db8cae250520beeff1ff5556e211850d8/detection

23.224.179.28:8008

# Reference: https://www.virustotal.com/gui/file/7be2ec6b3b8190f56c62d44e98b7a8e8fb9404b381d53ddadd43fde622b08206/detection

23.224.179.28:7788

# Reference: https://www.virustotal.com/gui/file/0a94d90a3b91b117741ca0dd37ab14828a59a10c71b27be803480be7d2542ea2/detection

23.224.179.28:8888

# Reference: https://www.virustotal.com/gui/file/2d694ba25af171e61a2cb9b5a8b9588e0c149e691ded7796542ba97449a0b4cb/detection

23.224.179.28:9666

# Reference: https://www.virustotal.com/gui/file/b8d7a2d94c30947e7983961d490143bce7ae677a126320a14457cd96d47f7cbf/detection

23.224.179.28:4131

# Reference: https://www.virustotal.com/gui/file/4181e87462a5913e73f09cdf61a464718a15d17df519ee25dd05f1bd9c93cf97/detection

23.224.179.28:8552

# Reference: https://www.virustotal.com/gui/file/2daad3f8ac834067c85ea75889b388e381f25fab6c2c5c988dfd84c63956842d/detection

23.224.179.28:8180

# Reference: https://www.virustotal.com/gui/file/94c758666acc50035e0028cfcd26d669e6e8fb11ffbd384802b90b5e07b094f2/detection

23.224.179.28:9888

# Reference: https://twitter.com/ps66uk/status/1228268374649659392
# Reference: https://app.any.run/tasks/9be4f8eb-e828-4ca5-ba76-6f8db7f1627a/

107.189.7.176:80

# Reference: https://www.virustotal.com/gui/domain/breda.vanhiele.nl/relations

breda.vanhiele.nl

# Reference: https://www.virustotal.com/gui/domain/linkomember.info/relations

linkomember.info

# Reference: https://urlhaus.abuse.ch/url/314830/
# Reference: https://www.virustotal.com/gui/ip-address/111.90.149.246/relations

111.90.149.246:80

# Reference: https://twitter.com/ScumBots/status/1229284924450123776
# Reference: https://www.virustotal.com/gui/file/beec8fc6ea45f0862fa13107b05a4d92cc2fc3c6f1c0c23fd2f04c3d3988c8c1/detection

62.108.37.42:1013

# Reference: https://twitter.com/vikas891/status/1229360459830087680

jomamba.best

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

aisioy.xyz

# Reference: https://twitter.com/reecdeep/status/1229390645355261953

joeing.rapiddns.ru

# Reference: https://www.virustotal.com/gui/domain/bhatner.com/detection

bhatner.com

# Reference: https://www.virustotal.com/gui/domain/store.nvprivateoffice.com/relations

store.nvprivateoffice.com

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155

69.87.219.49:80

# Reference: https://twitter.com/Bl4ng3l/status/1229687760279293952

gali.keipta.us

# Reference: https://twitter.com/James_inthe_box/status/1229509229267972097
# Reference: https://app.any.run/tasks/6fc45ad8-8993-4fc6-8e60-c437d66593e3/

ba97b047bd6aa1e4f76f84fd6ec96bd8.gq

# Reference: https://app.any.run/tasks/a12db284-e0a7-4834-bc94-21debc6ea72b/

rifat02.info

# Reference: https://app.any.run/tasks/3440bfb4-736c-4a27-8f63-ea82988bbd67/

rifat01.info

# Reference: https://twitter.com/wwp96/status/1229838934563225600
# Reference: https://app.any.run/tasks/4e12a96e-3a18-45a8-8965-8ee6bd3fbb77/

http://34.253.184.43

# Reference: https://twitter.com/Jouliok/status/1230009062810628097

worldatdoor.in

# Reference: https://twitter.com/DynamicAnalysis/status/1230171498670886924

gm-adv.com

# Reference: https://twitter.com/FewAtoms/status/1230168466142978053

mi.ceceliansanders.us

# Reference: https://app.any.run/tasks/e6427a49-7a93-451a-9342-27948f7a0cef/

http://syncode.com.br/forum.php?xmapnawaykkfc=3748139090763247
http://redfinance.pl/forum.php?xmapnawaykkfc=14678699031243286
http://spaxman.com/forum.php?xmapnawaykkfc=586795938240767

# Reference: https://app.any.run/tasks/f4ebed77-6d4c-40fb-a73c-37cae62ca33e/

78.42.70.24:2214

# Reference: https://twitter.com/KorbenD_Intel/status/1230504991191793664

youalmost.gotdns.com

# Reference: https://twitter.com/wwp96/status/1230504598852526080

111.90.146.27:80

# Reference: https://twitter.com/baberpervez2/status/1230606469101477902
# Reference: https://www.virustotal.com/gui/ip-address/185.158.249.22/relations

185.158.249.22:80

# Reference: https://app.any.run/tasks/8ed48f9c-38b7-4f70-bd1a-3bb44a403122/

0x0.best
yaprostopopitalsyaoboitietosrannoeav.club

# Reference: https://twitter.com/D3LabIT/status/1230756245511917570

zekelliott.com/ams/amsweb.php

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.64/relations
# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection

217.8.117.64:80
217.8.117.64:443
185.224.128.41:80

# Reference: https://twitter.com/FewAtoms/status/1231201262944882688

bt-design.org

# Reference: https://twitter.com/James_inthe_box/status/1231247315672809473
# Reference: https://www.virustotal.com/gui/file/3b701eac4e3a73aec109120c97102c17edf88a20d1883dd5eef6db60d52b8d92/detection
# Reference: https://app.any.run/tasks/844d5358-bf5d-4a4a-89b2-d3bf06df79e3/

cloud-security.ggpht.ml
ggpht.ml

# Reference: https://twitter.com/FewAtoms/status/1231994766398717954

13.95.31.136:80

# Reference: https://twitter.com/FewAtoms/status/1232274564262105088

1579850.xyz

# Reference: https://twitter.com/wwp96/status/1232326236636090370

185.112.250.168:80

# Reference: https://twitter.com/FewAtoms/status/1232358875472461829

portermedicals.com

# Reference: https://app.any.run/tasks/92f686b8-9cdf-4070-ae98-96cfd34a78ef/

alaziz.in

# Reference: https://twitter.com/DynamicAnalysis/status/1232426353766563840

docxuploads.com
pacieinco.com

# Reference: https://app.any.run/tasks/34e48272-ccf9-4ace-805d-6cedfce263b5/

mitelcelfact-spain.com

# Reference: https://twitter.com/James_inthe_box/status/1232764239321845760

ironbigpanel.com

# Reference: https://twitter.com/MBThreatIntel/status/1232828557040029696

http://92.63.197.190

# Reference: https://twitter.com/ScumBots/status/1233042331072421892

firsttus.com

# Reference: https://twitter.com/0xAmit/status/1224369244797796352
# Reference: https://www.virustotal.com/gui/domain/serralheriacic.com.br/relations

serralheriacic.com.br

# Reference: https://twitter.com/DynamicAnalysis/status/1233209872889602048

http://8.3.29.166

# Reference: https://app.any.run/tasks/ae89227d-182e-46c6-8dea-dc4275eb859c/

jumpingjetz.net

# Reference: https://twitter.com/KorbenD_Intel/status/1233498740914294784

http://13.92.226.218

# Reference: https://www.virustotal.com/gui/domain/cureprm.com/relations

cureprm.com

# Reference: https://twitter.com/dave_daves/status/1119185135646195712

hijaiyh.net

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

mx.neperepahano.top

# Reference: https://twitter.com/stecar792/status/1034858782990512128

wasabbybomba.space

# Reference: https://twitter.com/de_aviation/status/1125099666218078218

mozilla.theworkpc.com

# Reference: https://twitter.com/illegalFawn/status/1177557065742594048

illegalfawn.com

# Reference: https://twitter.com/MisterCh0c/status/1154056708806848515

g.icab.pk

# Reference: https://twitter.com/phishunt_io/status/1234095925246689280

userauth-appleid.ddns.net

# Reference: https://twitter.com/jorgemieres/status/1233964775748636673

a-d.me

# Reference: https://twitter.com/Vishnyak0v/status/1234457104347430915

http://92.119.160.145
/gate4e56d5415700.php

# Reference: https://www.virustotal.com/gui/domain/dynamicrosoft.com/relations

dynamicrosoft.com

# Reference: https://www.virustotal.com/gui/domain/hokage.ru/relations

hokage.ru

# Reference: https://twitter.com/malwrhunterteam/status/1233666708616941570

omegaeyehospital.com

# Reference: https://twitter.com/FewAtoms/status/1234893577362210825

http://109.169.89.118

# Reference: https://twitter.com/KorbenD_Intel/status/1234931931168542723

http://78.128.92.24

# Reference: https://twitter.com/malwrhunterteam/status/1235179767604924416

alphastore.store

# Reference: https://twitter.com/KorbenD_Intel/status/1235256882048073728

http://109.201.143.181

# Reference: https://twitter.com/baberpervez2/status/1235253914724962309

bigtrading.ga
edauto.ga

# Reference: https://www.virustotal.com/gui/domain/workshop002.duckdns.org/relations

workshop002.duckdns.org

# Reference: https://pastebin.com/uveiJed9

gm-adv.com

# Reference: https://www.virustotal.com/gui/domain/umeed.app/relations

umeed.app

# Reference: https://twitter.com/GlaCiuS_/status/1234991709223735296

http://217.8.117.76

# Reference: https://ddanchev.blogspot.com/2019/09/massive-portfolio-of-apt-advanced.html  (Note: removed trails already appearing in other files)

amana1.duckdns.org
casinonono.ddns.net
daisy101.ddns.net
ezelogs.ddns.net
glendyling.ddns.net
gujulio.duckdns.org
hykedscams.ddns.net
jaaav.ddns.net
koutafa.ddns.net
ldouab.ddns.net
lilop.ddns.net
mogofockerdu94.chickenkiller.com
oryano.ddns.net
probityjrat5.duckdns.org
projecttestingforedu.chickenkiller.com
ramadan.mywire.org
servicepcinfo.myddns.rocks
stanley10.linkpc.net
sugesu.ddns.net
thefuturisus.ddns.net
trasatlis.sytes.net
xfxf.ddns.net
yurmaufat.ddns.net
abbaass313.hopto.org
an.droidsuper.su
android.no-ip.org
droidcraftismelmao.ddns.net
droidjack.hopto.org
droidjack1.sytes.net
ehsanmaali.ddns.net
hacker-81.no-ip.biz
haker-2119.ddns.net
jackdroid.systes.net
jnkey.ddns.net
opt91.ddns.net
pplweb.pplmotorhomes.com
ratforandroid.ddns.net
s.leas.im
test.pagez.kr
usa.myftp.biz

# Reference: https://www.virustotal.com/gui/domain/quiet-goto-7536.penne.jp/relations

quiet-goto-7536.penne.jp

# Reference: https://twitter.com/KorbenD_Intel/status/1235313936091746305

http://111.90.149.212

# Reference: https://twitter.com/wwp96/status/1235587667393269767

hmmrr.com

# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/
# Reference: https://www.virustotal.com/gui/domain/alrazi-pharrna.com/relations

alrazi-pharrna.com

# Reference: https://twitter.com/killamjr/status/1235727868040077312

http://216.189.145.11

# Reference: https://twitter.com/Artilllerie/status/1235879088944033792

seekersme.com

# Reference: https://twitter.com/ps66uk/status/1235959155980210178

18655.aqq.ru

# Reference: https://twitter.com/James_inthe_box/status/1236318055203889158
# Reference: https://www.virustotal.com/gui/domain/casaconceitoltda.info/relations

casaconceitoltda.info

# Reference: https://www.virustotal.com/gui/ip-address/117.78.50.197/relations

http://117.78.50.197

# Reference: https://www.virustotal.com/gui/ip-address/112.74.75.143/relations

http://112.74.75.143

# Reference: https://www.virustotal.com/gui/ip-address/210.222.25.223/relations

http://210.222.25.223

# Reference: https://www.virustotal.com/gui/ip-address/113.214.1.34/relations

http://113.214.1.34

# Reference: https://www.virustotal.com/gui/ip-address/37.72.171.98/relations

http://37.72.171.98

# Reference: https://twitter.com/0xCARNAGE/status/1236650024601374720

bigtrading.ga

# Reference: https://twitter.com/Jouliok/status/1236904231568846849

http://155.94.185.68

# Reference: https://twitter.com/JayTHL/status/1237025355212431361

dubriah.com

# Reference: https://twitter.com/VK_Intel/status/1237039891365625856

http://45.11.181.17

# Reference: https://twitter.com/malware_traffic/status/1237070035841175562
# Reference: https://app.any.run/tasks/b799a194-ff60-465f-b781-2914d50d3696/

posqit.net

# Reference: https://twitter.com/malware_traffic/status/1237109406288011264

http://64.110.24.130

# Reference: https://www.virustotal.com/gui/domain/trufco.com/relations

trufco.com

# Reference: https://www.virustotal.com/gui/domain/limos-us.com/relations

limos-us.com

# Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/

27.124.43.55:8000

# Reference: https://twitter.com/James_inthe_box/status/1237362183828209666

sercon.com.mx

# Reference: https://twitter.com/JayTHL/status/1237384903181897729

hindold.com

# Reference: https://twitter.com/JayTHL/status/1237398536687362048

sulainul.com

# Reference: https://twitter.com/wwp96/status/1237796218773831680

cutox.info
lolel.best
omalll.com

# Reference: https://twitter.com/HeavyMetalAdmin/status/1237380963564498944

uzoclouds.eu

# Reference: https://twitter.com/AdAstra247/status/1230131129216380928

iopaos.dyndns.dk

# Reference: https://twitter.com/FewAtoms/status/1237432289451298822

http://51.81.29.60

# Reference: https://twitter.com/JayTHL/status/1237422040052875269

abctvlive.ru
adrakwalichae.com
cyanobac.com
frekishalm.com
joekelpanel.com
khitlinphoto.ru
kindleedxded.ru
lahkaycentz.com
lhawarlaw.com
live-en-us.ml
lowcostpower.ru
minmindough.com
muabancaoocwnet.ru
noreplyinfo-office.com
onedrivenoreply.com
pinkeyesaure.com
prairietruckx.ru
rlabinsahab.com
savedbyangelsworg.ru
swanbleck.com
tilsmiangotha.com
tutijae.com
vitaminepowed.ru
wpsitebuilder.ru
yanarascla.com
yepi2eco.ru
yetehoga.com
zalmips.com
zucikni.com

# Reference: https://twitter.com/FewAtoms/status/1237798224221667328

gdrintl.com

# Reference: https://twitter.com/IntezerLabs/status/1238090332639842304

jave.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1238102354320166912

http://93.65.162.134

# Reference: https://twitter.com/malwrhunterteam/status/1238113568442265602

trynda.xyz

# Reference: https://twitter.com/JayTHL/status/1238182874223910915

vonty.best

# Reference: https://www.virustotal.com/gui/domain/pulid.net/relations

pulid.net

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/more-excel-4-0-macro-malspam-campaigns/
# Reference: https://otx.alienvault.com/pulse/5e6a65de61606ee5b177c86f

paypeted.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1238421963347054594
# Reference: https://www.virustotal.com/gui/file/ca1641bb37075d73a357e454753ab038962d04b7465ac32c4b5675eb2cffff92/detection

w1750996.ferozo.com/content/archivos/tarjetas/server.php

# Reference: https://twitter.com/James_inthe_box/status/1238606200154886144

maildrive.icu

# Reference: https://twitter.com/FewAtoms/status/1238821505171107840

arkallsaintsacademy.com

# Reference: https://www.virustotal.com/gui/file/d81122f9d8a55ac1a0b607e321520df3dad2d69959acc99d2ee4e17219cbe4f5/detection

http://185.94.191.35

# Reference: https://twitter.com/FewAtoms/status/1239179323266957314

symriseltd.com

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

http://216.170.123.111

# Reference: https://twitter.com/bad_packets/status/1239693959330287616

ero.bckl.ir

# Reference: https://twitter.com/reecdeep/status/1239843956424409089

fibare.com

# Reference: https://www.virustotal.com/gui/domain/brupas.com/relations

brupas.com

# Reference: https://twitter.com/casual_malware/status/1239760321021128706

http://94.242.59.225

# Reference: https://twitter.com/Bl4ng3l/status/1240188476789788672

http://209.141.54.161

# Reference: https://twitter.com/malwrhunterteam/status/1240195163265421312

omecanism2.sslblindado.com

# Reference: https://www.virustotal.com/gui/file/eb88393fc02fdab866b43176c03eb1fc27073c62033a7a51fcdd9f79fcb8882c/detection

transvale.sslblindado.com

# Reference: https://twitter.com/nmatte90/status/1240231606297788416

c0vidupdate.xyz

# Reference: https://twitter.com/ViriBack/status/1240249046280912896
# Reference: https://app.any.run/tasks/473692f1-73e5-4996-a1b3-2a497938cc58/

http://95.181.178.156

# Reference: https://www.virustotal.com/gui/file/602e17d3aada73b0be2bd791237b3bc4340980d9e14b53dbf6d437e69738afb1/detection

http://103.102.44.83

# Reference: https://app.any.run/tasks/dcd48517-ad5f-4f16-a6d0-8d12463ee3a2/

lxj.vvn.mybluehost.me

# Reference: https://app.any.run/tasks/5279381c-b255-482a-ae64-02ed6177bc12/

savannahhoney.co.ke/wp-content/uploads/

# Reference: https://github.com/silence-is-best/c2db#unknowns

103.136.43.131:9998
185.222.202.29:9998
nicholaspring.xyz
smartwaay.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.101.200.87/relations

http://95.101.200.87

# Reference: https://twitter.com/ScumBots/status/1240677572612104192

thesawmeinrew.net

# Reference: https://otx.alienvault.com/pulse/5e72b54ff5ee7b31653e7192

cdn-01.anonfiles.com
cdn-13.anonfiles.com
darkload.cf

# Reference: https://www.virustotal.com/gui/file/fa5f120243a4f0569df10aa04e6581a38ac28a8d07c059aeb80424cf982b6a0b/detection

braincarney.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1240935138537676800
# Reference: https://twitter.com/pancak3lullz/status/1240983894461231104

corona-virus2019.us
coronavirus2019.us

# Reference: https://twitter.com/malwrhunterteam/status/1240996072425652224

http://185.242.104.197

# Reference: https://twitter.com/malware_traffic/status/1241072162750029825
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.70/relations

http://37.1.212.70

# Reference: https://twitter.com/malwrhunterteam/status/1241106612737228800

redeturismbrasil.com/marco/

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0313-0320.html (# Win.Worm.Barys-7617456-0)

altincopps.com
l33t-milf.info
tuntu.info
tut0r1allsvu.info
x01bkr2.biz
xsaudix.net
yeh7292ahyssozananan.com

# Reference: https://twitter.com/malwrhunterteam/status/1241328902343188481
# Reference: https://twitter.com/malwrhunterteam/status/1241332425491468288
# Reference: https://www.virustotal.com/gui/ip-address/68.183.199.205/relations

aguiws.com
ajisanjoseairport.com
ajisjc.com
arizonastatekwos.com
haduhabankaemasalahteh.com
haduhayawaemasalahteh.com
jalanbebekjos.com
r2techsystems.com
youngllpcnbstrs.com

# Reference: https://twitter.com/FewAtoms/status/1241813291460067329

http://77.73.70.28

# Reference: https://www.virustotal.com/gui/file/e60b0b0e57ca395709aeae6016e39f4114c84272e32cf040f5d972372f212f08/detection

youtube4kprod.xyz

# Reference: https://www.virustotal.com/gui/domain/duleal.com/detection

duleal.com

# Reference: https://www.virustotal.com/gui/ip-address/46.105.155.114/relations

http://46.105.155.114

# Reference: https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/
# Reference: https://app.any.run/tasks/ce33bea3-9f2d-4507-ae43-2a96bb814bc5/

http://5.199.143.127

# Reference: https://app.any.run/tasks/e89173e6-eabc-44f5-899a-69945b914773/

newmarchess.com

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

http://64.44.57.65

# Reference: https://www.virustotal.com/gui/domain/blockchainglobal.cf/relations

blockchainglobal.cf

# Reference: https://twitter.com/KorbenD_Intel/status/1242571675738071040

http://35.192.198.16

# Reference: https://www.virustotal.com/gui/file/683844d7a032bb668c23f85020338451f43f4d9a19885d246459fd5f2e6b64d2/detection

skyxdata.ddns.net

# Reference: https://twitter.com/CyberCapta1n/status/1242865927185674245

la42.website
masry-corona.com

# Reference: https://twitter.com/jorgemieres/status/1242906665395027976

mwrc.ca/a/

# Reference: https://www.virustotal.com/gui/domain/m0bile.net/relations

m0bile.net

# Reference: https://twitter.com/bryceabdo/status/1243168325443690500

amdchecker.com
comwoman.com
developmasters.com
newservicehelper.com
powerlifterr.com
servicemonsterr.com
superservicee.com

# Reference: https://twitter.com/VK_Intel/status/1243230686858878981

wizardside.club

# Reference: https://www.virustotal.com/gui/domain/ikdarkhawast.com/relations

ikdarkhawast.com

# Reference: https://www.virustotal.com/gui/domain/ashkokatroma.com/relations

ashkokatroma.com

# Reference: https://twitter.com/KorbenD_Intel/status/1243231484212736000

vigilanciaepdemiologica.com

# Reference: https://twitter.com/FewAtoms/status/1243579932590161930

http://185.242.104.78

# Reference: https://twitter.com/FewAtoms/status/1243583843942182915

http://45.88.110.171

# Reference: https://www.virustotal.com/gui/domain/deadnig.ga/detection

deadnig.ga

# Reference: https://www.virustotal.com/gui/ip-address/193.135.12.22/relations

awaken1337.xyz
digicert-global-root.site

# Reference: https://www.virustotal.com/gui/domain/panellogs.ml/relations

panellogs.ml

# Reference: https://www.virustotal.com/gui/domain/api-dns1-e.xyz/relations

api-dns1-e.xyz

# Reference: https://www.virustotal.com/gui/domain/api-oberonapps.org/relations

api-oberonapps.org

# Reference: https://www.virustotal.com/gui/file/d57fbab9b0c261a448af29172f31458491c97942d07bcb562b263306560a132d/detection

81.61.77.92:9898

# Reference: https://twitter.com/Jouliok/status/1244494861362962441

asgardia.cl

# Reference: https://twitter.com/malwrhunterteam/status/1244616242641735681

pay4ever.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1244684201653415940
# Reference: https://www.virustotal.com/gui/domain/ws09ku66vbu31pka.tk/relations

ws09ku66vbu31pka.tk

# Reference: https://twitter.com/JayTHL/status/1245245851661983746

friendsacrossthepasefika.buzz

# Reference: https://blog.cloudmark.com/2020/03/27/covid-19-sms-spam-attacks-shift-from-panic-to-stimulus/
# Reference: https://otx.alienvault.com/pulse/5e821ee9f9dc1acdaaef68b8

aircovid19virus.com
clearcovid19virus.com
coronabreath.com
covidflix19.xyz
covidflix20.xyz

# Reference: https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-target-cdc-who
# Reference: https://otx.alienvault.com/pulse/5e8242f59b8b637793daf071

cdchealth.org

# Reference: https://twitter.com/FewAtoms/status/1245337912889262085

jotunireq.com

# Reference: https://twitter.com/FewAtoms/status/1245693287140413440

boken-jjne0.tk

# Reference: https://twitter.com/FewAtoms/status/1245695682385715200

centrehotel.vn/js/

# Reference: https://twitter.com/w3ndige/status/1245783409781362688

ococococ.xyz

# Reference: https://twitter.com/yvesago/status/1245588527380717573

expertswebservices.com

# Reference: https://twitter.com/KorbenD_Intel/status/1245104618213748737

http://185.208.211.67

# Reference: https://twitter.com/FewAtoms/status/1246423618474647552

parasvijay.com/wp-includes/css/dist/list-reusable-blocks/dir/

# Reference: https://www.virustotal.com/gui/domain/dr-cold.com/relations

dr-cold.com/wp-content/uploads/2019/11/1223/
dr-cold.com/wp-content/uploads/2019/11/12261/

# Reference: https://twitter.com/FewAtoms/status/1246789609192816640

birthdaytrend.top

# Reference: https://twitter.com/VK_Intel/status/1239934124212785154
# Reference: https://www.virustotal.com/gui/file/81003dc976fa06b15142d1b0541e0f60adf295a06a188f81e9458b32970a8a87/detection
# Reference: https://www.virustotal.com/gui/ip-address/31.44.184.50/relations

http://31.44.184.50

# Reference: https://twitter.com/James_inthe_box/status/1233128596165685248

munesdon.top

# Reference: https://twitter.com/bryceabdo/status/1247550103205875717

orange-vpn.com
orangeyouglad.xyz

# Reference: https://app.any.run/tasks/d30d1c49-05e8-4767-ade8-66a3204f8821/

microsoft-hohm.space

# Reference: https://app.any.run/tasks/c4aa1b6e-a92c-4a19-a5c0-b644bd415374/

quickmaildrive.com

# Reference: https://twitter.com/JayTHL/status/1247971248291880962

medicacademic.com/aza/

# Reference: https://twitter.com/pancak3lullz/status/1247985242092326920

hallmarkherbals.com

# Reference: https://twitter.com/MBThreatIntel/status/1248412024305897475
# Reference: https://www.virustotal.com/gui/ip-address/198.12.66.107/relations

http://198.12.66.107

# Reference: https://www.virustotal.com/gui/file/b9626de5d7262ab3985c0a064e3855f7a40fb9a6a941a29f55c2cb67df503fcf/detection

http://45.95.168.62

# Reference: https://app.any.run/tasks/eb87c335-fe94-477f-b6e5-01e75b74673e/

gulf-builders.com

# Reference: https://app.any.run/tasks/3ebea34f-7c85-41e5-983e-810ac1f43ab1/

http://193.168.3.93

# Reference: https://www.virustotal.com/gui/ip-address/74.208.13.22/relations

http://74.208.13.22

# Reference: https://twitter.com/JAMESWT_MHT/status/1249641912136617984
# Reference: https://www.virustotal.com/gui/domain/1podcast.best/relations

1podcast.best

# Reference: https://twitter.com/FewAtoms/status/1250412878781431810

bovientix.com

# Reference: https://twitter.com/bryceabdo/status/1250420225008259072

at-2.com
f-db.info

# Reference: https://twitter.com/stecar792/status/1250845389340774400

http://217.8.117.60

# Reference: https://twitter.com/YouMayBeHacked/status/1251161689812131841

igrejayhwh.com/wo/

# Reference: https://twitter.com/ydklijnsma/status/1251166858797101057

fileserveravast.com

# Reference: https://twitter.com/fr0s7_/status/1251445876398194690

mitsui-jyuku.mixh.jp/uploads/

# Reference: https://twitter.com/FewAtoms/status/1251574078965723136

mindrey.co/docu/

# Reference: https://twitter.com/malwrhunterteam/status/1251562811257507841

coronavirusmaps.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1251824300539219970
# Reference: https://www.virustotal.com/gui/domain/fasttads.com/relations
# Reference: https://www.virustotal.com/gui/domain/updateplayer.to/relations
# Reference: https://twitter.com/Arkbird_SOLG/status/1251827928134045696

fasttads.com
updateplayer.to
/pixel/install/?e=
/pixel/log/?e=
/pixel/update/?e=

# Reference: https://twitter.com/ReBensk/status/1252200857753382912

riversouthhomes.com/wp-includes/SimplePie/Net/

# Reference: https://twitter.com/FewAtoms/status/1252232647339720705

http://162.213.255.176

# Reference: https://twitter.com/James_inthe_box/status/1252249689811857408

http://167.114.85.125

# Reference: https://twitter.com/cyber__sloth/status/1252879669558312960

13pope.com/wrd/

# Reference: https://www.virustotal.com/gui/domain/gbud.webd.pl/relations

gbud.webd.pl

# Reference: https://twitter.com/MBThreatIntel/status/1253088809677320192

martner.com/sym/

# Reference: https://app.any.run/tasks/bd29f951-1fe7-4ce8-b26a-c440121d6fac/

wsdyanaekppyinitalymedicalconsultant3.duckdns.org

# Reference: https://www.virustotal.com/gui/domain/toliku.com/relations

toliku.com

# Reference: https://twitter.com/p5yb34m/status/1253473594631286785

apbfiber.com/openme/

# Reference: https://twitter.com/JayTHL/status/1253891233296060416

alkalabs.cf

# Reference: https://twitter.com/malwrhunterteam/status/1253984108109324288

http://117.50.106.161

# Reference: https://twitter.com/nao_sec/status/1254023052100120582
# Reference: https://app.any.run/tasks/d9f04401-83b4-4a83-8880-e82750d8b030/
# Reference: https://www.virustotal.com/gui/domain/yourfuturewin.online/relations

yourfuturewin.online
/grhcwZ?source=
/T33sBb?source=
/tpQpXh?source=

# Reference: https://www.virustotal.com/gui/ip-address/185.234.218.68/relations

http://185.234.218.68

# Reference: https://www.virustotal.com/gui/file/78ed52fd5cdeeeccaf079c7fd7c90ed7dc99664310c75e8829163546b2ce83cb/detection

http://185.242.104.98

# Reference: https://twitter.com/Jouliok/status/1254707467570774017

anjelo-directhelp.de/fotos/

# Reference: https://twitter.com/jstrosch/status/1254787385587572736

ttkplc.com/office/

# Reference: https://twitter.com/KorbenD_Intel/status/1254920769731063808

http://23.96.112.43

# Reference: https://twitter.com/KorbenD_Intel/status/1254912377130110977
# Reference: https://www.virustotal.com/gui/domain/properrty.co/relations

properrty.co/files/

# Reference: https://twitter.com/benkow_/status/1255423719037702144

http://213.226.100.140

# Reference: https://twitter.com/baberpervez2/status/1255581708189085696
# Reference: https://www.virustotal.com/gui/domain/dongiln.co/relations

dongiln.co

# Reference: https://app.any.run/tasks/7f13ba75-4ae3-4a33-8a0a-ac5a659b9c12/

http://84.38.134.120

# Reference: https://twitter.com/bry_campbell/status/1255786478480822272

http://45.147.228.245

# Reference: https://www.virustotal.com/gui/domain/elievarsen.ru/relations

elievarsen.ru

# Reference: https://www.virustotal.com/gui/domain/gobigonbig.info/relations

gobigonbig.info

# Reference: https://twitter.com/James_inthe_box/status/1255856345175044096

rockersdolphin.co.za

# Reference: https://twitter.com/KorbenD_Intel/status/1255979526925869056
# Reference: https://www.virustotal.com/gui/ip-address/185.22.153.166/relations

ajzconsulting.pw
kokoshi.website

# Reference: https://twitter.com/KorbenD_Intel/status/1255970615372079104

http://185.227.82.72

# Reference: https://twitter.com/bryceabdo/status/1256256516430143488
# Reference: https://www.virustotal.com/gui/ip-address/93.190.138.35/relations

http://93.190.138.35
93.190.138.35:8080
popeyesbox.org

# Reference: https://twitter.com/malwrhunterteam/status/1256263426441125888
# Reference: https://www.virustotal.com/gui/domain/9sg.me/relations

9sg.me

# Reference: https://twitter.com/bit_dam/status/1256311982992633862

maringareservas.com.br

# Reference: https://www.virustotal.com/gui/file/72663c3c01ba82e498550d5b6710f02353adb277903f5b588e49a847f6040e05/detection

hlde1.online

# Reference: https://www.virustotal.com/gui/file/44c3366e1c09d45096ae06709cf7edcc66e088c6f35b465f3fbfb2d81eb9460d/detection

149.248.37.246:10000
fasterpdfdashboard.top
/api/anonymous/cookie/post

# Reference: https://www.virustotal.com/gui/file/ec71cafeba96b9e9b15e9dd917a5d90ad0888dcea7d329d6ab00e66f69c503a9/detection

66.42.100.151:10000
bhtaifvu.com
easyzipperlab.site
luckyoneday01.top
fohgo.bhtaifvu.com

# Reference: https://twitter.com/petrovic082/status/1256537423166791680

http://63.250.42.34/~bulght/

# Reference: https://twitter.com/JayTHL/status/1256668154383785986

http://45.9.148.123

# Reference: https://twitter.com/jorgemieres/status/1255243161099735046

273625612.netxi.in

# Reference: https://www.virustotal.com/gui/domain/prepaidgift.co/relations

prepaidgift.co

# Reference: https://twitter.com/jstrosch/status/1256705024241086464

ozz.su

# Reference: https://twitter.com/petrovic082/status/1256861192481538049

invoice7mukszq9nbpa7online.ru

# Reference: https://twitter.com/James_inthe_box/status/1256929937178517505

invoice9kat5ggmml0c6online.ru

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/google.nov.su/relations

google.nov.su

# Reference: https://twitter.com/3xp0rtblog/status/1257189013699657728
# Reference: https://app.any.run/tasks/ef44292d-3b2e-4571-8b68-fb49c1db1b1a/

geroipanel.site

# Reference: https://twitter.com/malwrhunterteam/status/1257264743775076353
# Reference: https://twitter.com/malwrhunterteam/status/1258281482805796865
# Reference: https://twitter.com/malwrhunterteam/status/1258663175806992384
# Reference: https://twitter.com/malwrhunterteam/status/1259724745907613696
# Reference: https://twitter.com/malwrhunterteam/status/1260812454294061057

kremlin-malwrhunterteam.info
nitro-malwrhunterteams.com
screw-malwrhunterteam.com
skidware-malwrhunterteams.com
putin-malwrhunterteams.com

# Reference: https://twitter.com/500mk500/status/1257300194984509444
# Reference: https://www.virustotal.com/gui/file/a3fb31d5f00d84fe35edb1e43acfa64a6d77fca443d49e67e6728cd33373bd29/detection
# Reference: https://app.any.run/tasks/de4c7c53-60c9-4f0d-9920-ff756532a28d/

http://185.183.76.32/Oq8d

# Reference: https://app.any.run/tasks/6a77f6f2-50fb-4a3e-ad20-e0bdd2ba7031/

http://185.141.27.131

# Reference: https://twitter.com/petrovic082/status/1257373903292432387

mitonegbh.xyz

# Reference: https://app.any.run/tasks/6a448b87-5f8a-493b-927c-09439f8e652a/

http://205.185.122.246

# Reference: https://twitter.com/bryceabdo/status/1257407631368519681

dl-microsoft.com
kaspernsky.com

# Reference: https://twitter.com/pmelson/status/1257474730703101959

56ed6ae9.ngrok.io

# Reference: https://urlhaus.abuse.ch/browse.php?search=web.lavishsupplystore.com

lavishsupplystore.com

# Reference: https://twitter.com/petrovic082/status/1257665271831113728

adamtcarruthers.com/sb/img/

# Reference: https://twitter.com/FewAtoms/status/1257685823711055875

adamtcarruthers.com/bottest/node_modules/files/

# Reference: https://twitter.com/felixaime/status/1257699061488070656
# Reference: https://www.virustotal.com/gui/domain/coramap.site/relations

coramap.sit

# Reference: https://twitter.com/KorbenD_Intel/status/1257792636292698112
# Reference: https://www.virustotal.com/gui/ip-address/183.131.80.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/207.246.106.233/relations
# Reference: https://www.virustotal.com/gui/ip-address/58.49.59.139/relations

http://183.131.80.72
http://207.246.106.233
http://58.49.59.139
183.131.80.72:16950
207.246.106.233:17470
58.49.59.139:13187

# Reference: https://twitter.com/ReBensk/status/1257902089411256321

linktodown.com

# Reference: https://twitter.com/PRODAFT/status/1257957444887744512
# Reference: https://www.virustotal.com/gui/ip-address/193.187.173.112/relations
# Reference: https://www.virustotal.com/gui/file/6d3a2dd3bd042a0484ba076f7ae7de39fb39d3aa7decc1809266c7e9b36dbb5a/detection

http://193.187.173.112

# Reference: https://twitter.com/FewAtoms/status/1258097048257265666

pocketfsa.com/m/

# Reference: https://twitter.com/James_inthe_box/status/1258099799066243072

medlinee.com

# Reference: https://twitter.com/James_inthe_box/status/1258117201610944514
# Reference: https://www.virustotal.com/gui/domain/rititi.com/relations

rititi.com

# Reference: https://twitter.com/ScumBots/status/1258145657514332161

freepics.bezatraud.me

# Reference: https://twitter.com/ScumBots/status/1258148818404679681

cloud.falconoasisdubai.com

# Reference: https://twitter.com/ReBensk/status/1258349048903266304

c9f44961.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1258390247341043712

ec2.amazzed.top

# Reference: https://twitter.com/KorbenD_Intel/status/1258508684159619073

colovilla.top

# Reference: https://twitter.com/KorbenD_Intel/status/1258514599436902401

http://5.206.224.216

# Reference: https://twitter.com/Circuitous__/status/1258467178141138944
# Reference: https://twitter.com/tkanalyst/status/1258744515977854977

theclinicabarros.com/a.jpg
theclinicabarros.com/ab.jpg

# Reference: https://www.virustotal.com/gui/file/259596170a1e0fb6e75d30cef5258005f1a2ddf7330baac54bab65e92310a750/detection

websolution.vipwell.org

# Reference: https://twitter.com/petrovic082/status/1259039290505519105

http://77.73.69.137

# Reference: https://twitter.com/FewAtoms/status/1258753855426306049

alphauniforms.ae/collinxx/
alphauniforms.ae/huss/
alphauniforms.ae/wetransfers/

# Reference: https://twitter.com/malwrhunterteam/status/1259208656819798017

outletdemakeup.ro

# Reference: https://twitter.com/petrovic082/status/1259446499353620480

http://40.89.185.52

# Reference: https://www.virustotal.com/gui/file/f1e753cf6e66c7ced7ac61aa4bc6646d8f772cec9ed513ae8bfc056cb4070ba3/detection

ad-repack.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1259916041431343104

http://94.158.245.25

# Reference: https://twitter.com/petrovic082/status/1260202592195543040

gossip-candy.stars.bz

# Reference: https://twitter.com/petrovic082/status/1260204809644277766
# Reference: https://twitter.com/petrovic082/status/1260205055866699776

aarontveit.net/doc/
aarontveit.net/zy/

# Reference: https://twitter.com/James_inthe_box/status/1260356146335899648

temp.news

# Reference: https://twitter.com/FewAtoms/status/1260610055151509504

http://37.59.90.90

# Reference: https://twitter.com/KorbenD_Intel/status/1260714876525256707

159.65.133.180:81

# Reference: https://twitter.com/executemalware/status/1260947413474381824

orlandovoicestudio.com/new/

# Reference: https://twitter.com/FewAtoms/status/1260979618716225536

http://194.26.29.128
id-929734532482.com

# Reference: https://twitter.com/abuse_ch/status/1261191304182206464

polaaadetadf.org

# Reference: https://twitter.com/KorbenD_Intel/status/1261369088229720065

http://79.124.8.122

# Reference: https://twitter.com/JAMESWT_MHT/status/1261484589035458560
# Reference: https://app.any.run/tasks/41685b2e-fa5b-444a-8948-8580e0c49ef4/

lightning.dns-cloud.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1261702858216558592
# Reference: https://app.any.run/tasks/44eac201-23e0-42cc-ae03-189ae1e9c430/

apkelites10.com

# Reference: https://twitter.com/malwrhunterteam/status/1262278709752578050

members.westnet.com.au/~marioncraig/

# Reference: https://app.any.run/tasks/efb52b8d-464c-4378-959f-0a4c12016dc7/

rough-grass-45e9.poecdjusb.workers.dev

# Reference: https://twitter.com/ScumBots/status/1262695833629274114

holy-shit.ubuntu.workers.dev

# Reference: https://twitter.com/FewAtoms/status/1262775320001814529

skdwre-mhteam.best

# Reference: https://twitter.com/KorbenD_Intel/status/1262859931717234689

http://185.62.188.26

# Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/

http://35.198.146.176
http://64.225.73.172
http://185.236.231.222
pirscupper.club
regapi.gamigo.com

# Reference: https://twitter.com/Vishnyak0v/status/1263110496347140098

strongapt.ga
strongapt.life

# Reference: https://twitter.com/James_inthe_box/status/1263179511123685376

pagamentos.rensz.com.br/craftbrew/

# Reference: https://twitter.com/petrovic082/status/1263413662569594880

ideaomar.net

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1263284829027786752

the-moondelight.96.lt

# Reference: https://twitter.com/yusaerguven/status/1263470947706773504

vpn-dragon.com

# Reference: https://twitter.com/FewAtoms/status/1263510144819908610

learnteachweb.ru/ikt/filter/algebra/tests/test/

# Reference: https://twitter.com/w3ndige/status/1263515049978626049
# Reference: https://app.any.run/tasks/91b1966a-7d29-44fc-834e-3666fbd0367a/

tani-klucz.pl/2/

# Reference: https://twitter.com/petrovic082/status/1263768808105402369

http://45.141.86.137

# Reference: https://twitter.com/James_inthe_box/status/1263863548418994178

wikiapply.ir

# Reference: https://twitter.com/malwrhunterteam/status/1263772532194205696
# Reference: https://twitter.com/VK_Intel/status/1264191430068711426
# Reference: https://www.virustotal.com/gui/file/f8cbdb2369a642d07a944f6fea135bc6c6755dbcf3e984b3f170b03d586ce053/detection

39.104.67.122:453

# Reference: https://twitter.com/petrovic082/status/1264193721836408833

tayga.mx/wp-content/themes/twentytwenty/assets/fonts/

# Reference: https://www.virustotal.com/gui/file/3d3351726f3b5cd848ad58cabcc33c9dcd1c601cc1664f197f10b8b1adf7038b/detection

tavukkement.tk

# Reference: https://www.virustotal.com/gui/domain/kiss58.org/relations

kiss58.org

# Reference: https://app.any.run/tasks/3a99ae00-8cdc-43fc-b0d0-cfef5c5fc65b/

craghoppers.icu

# Reference: https://twitter.com/FewAtoms/status/1264929672166506497

conveyancing.pro/wp-admin/js/widget/

# Reference: https://twitter.com/JAMESWT_MHT/status/1264828072001495041

fofl.it

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

http://185.205.209.166

# Reference: https://twitter.com/James_inthe_box/status/1265390063203975168

http://185.177.59.184

# Reference: https://twitter.com/ScumBots/status/1265610032487563264

striker.work

# Reference: https://twitter.com/nao_sec/status/1266773287733825537
# Reference: https://app.any.run/tasks/6ed3b407-889f-4165-bd04-4a9f73b46dee/

crypt.guru

# Reference: https://twitter.com/_re_fox/status/1266917702435835904

goodhk.azurewebsites.net

# Reference: https://www.virustotal.com/gui/file/cbcbf58f7d5df41edaef663f74519ce633d326de0705ab22dee43fe6726e956a/detection

kiglskfws.serveminecraft.net

# Reference: https://twitter.com/reecdeep/status/1267328903846207494

http://45.76.126.209
http://45.77.50.112

# Reference: https://twitter.com/p5yb34m/status/1267971830301601795
# Reference: https://pastebin.com/hbCT919x

westuatrans.com/storage/

# Reference: https://twitter.com/James_inthe_box/status/1268190189794426880

manguifajas.com/admin/

# Reference: https://www.virustotal.com/gui/domain/anyeddos.com/relations

anyeddos.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1268837262516727809
# Reference: https://app.any.run/tasks/fbce704e-e748-4898-b36a-0cab2ecd5105/

freekzvideo.cloud

# Reference: https://twitter.com/jstrosch/status/1268961202778116096

thugesh.cf

# Reference: https://twitter.com/jcarndt/status/1268585900969283585

hizmetotomotiv.com

# Reference: https://app.any.run/tasks/2b9c3175-8d4c-4030-8ba7-0ec2b6591dc6/

mainwhile.com

# Reference: https://twitter.com/nao_sec/status/1269422460362870784

http://192.241.208.221

# Reference: https://www.virustotal.com/gui/file/c38e150306fbbe4ea692c3f4b76dcd39d8ebdd97d58dcdad7d70b8be88d79278/detection (# Aliases: disbuk, socelars)
# Reference: https://twitter.com/MBThreatIntel/status/1280960714773983232

channelinfo.pw
infokscents.com
y101ad34452096.xyz

# Reference: https://www.virustotal.com/gui/ip-address/155.138.226.36/relations

channelinfo.pw
downcleardown.xyz
exeinfo.pw
goodvisit.pw
jsxjbxx.pw
nextinfo.pw
sjjscenter.pw
smartpdfreader.com
wbinstall.pw

# Reference: https://twitter.com/abuse_ch/status/1269863589382369282

bluechippropertyexperts.com/autorenew/

# Reference: https://twitter.com/reecdeep/status/1269911390141190144
# Reference: https://www.virustotal.com/gui/domain/szn.services/relations

szn.services

# Reference: https://twitter.com/James_inthe_box/status/1270007086978486272

transgear.in/ssc/

# Reference: https://twitter.com/FewAtoms/status/1270030123480289281

boasteel.us

# Reference: https://twitter.com/FewAtoms/status/1270038201533632514

eurostudiescy.com/putttty/

# Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection

majia.pw

# Reference: https://twitter.com/yusaerguven/status/1269373995197042688

irsupd.com

# Reference: https://twitter.com/FewAtoms/status/1270765647182663681

http://5.152.203.117

# Reference: https://twitter.com/FewAtoms/status/1270754951380205569

ivobrandao.com/wp-admin/maint/files/
ivobrandao.com/wp-admin/includes/files/
ivobrandao.com/wp-admin/images/files/

# Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618

social-turnips.xyz

# Reference: https://app.any.run/tasks/bbf298e2-3f58-4702-80ff-eb0b742f5a6a/

http://176.57.208.130

# Reference: https://twitter.com/bad_packets/status/1271568773867204608

http://107.189.11.170

# Reference: https://twitter.com/FewAtoms/status/1272132057901273091

http://43.229.151.135

# Reference: https://www.virustotal.com/gui/file/acb6fe32500a2a116c9a56bc4cc897ecad4d38839cd73d09b5904d7ebe29d047/detection

webewr.com

# Reference: https://twitter.com/1ZRR4H/status/1272311078148550656
# Reference: https://app.any.run/tasks/f95e4b61-946c-45c2-91dd-3bbbcacd56cf/

small-business-solutions.biz

# Reference: https://twitter.com/ScumBots/status/1272445067232530433

microsoft.dtgsiam.pw

# Reference: https://twitter.com/malware_traffic/status/1272973262788734977

pops.works/manahet/

# Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/

office-service-secs.com

# Reference: https://twitter.com/James_inthe_box/status/1273271196298080258

asmreekasounds.com/upfiles/up_down/

# Reference: https://twitter.com/benkow_/status/1273205562122153984
# Reference: https://www.virustotal.com/gui/domain/covidbase.info/detection
# Reference: https://www.virustotal.com/gui/file/0d98e0007c97324e37dbaceadd478378b1e803ade4bac2e2642603d2ed709b9e/detection

covidbase.info
faithohp2pohm1einee5.youtubecom.watch

# Reference: https://twitter.com/mz_malhunt/status/1272844728950652928
# Reference: https://twitter.com/p5yb34m/status/1273415760052805632
# Reference: https://twitter.com/FewAtoms/status/1273664376470462464

microtechnology.hk/fidex/
microtechnology.hk/wapdast/

# Reference: https://twitter.com/jstrosch/status/1273077060303454209

gpt.alarmasystems.ru/wp-content/themes/twentysixteen/inc/

# Reference: https://twitter.com/reecdeep/status/1273576796735377408

playthefinancialgame.com/createfoldernow/

# Reference: https://twitter.com/JAMESWT_MHT/status/1273922229865234433
# Reference: https://app.any.run/tasks/21a85887-bcb6-4733-b3fa-17137886052e/

http://137.74.137.211
http://45.125.66.95

# Reference: https://twitter.com/reecdeep/status/1273935123910713346

http://45.139.236.5

# Reference: https://twitter.com/jstrosch/status/1274009131603472385

omeubebexxs.org/storage/app/files/

# Reference: https://www.virustotal.com/gui/domain/admindepartment.ir/detection

admindepartment.ir

# Reference: https://twitter.com/JAMESWT_MHT/status/1275338252531249152

office-services-sec.com

# Reference: https://pastebin.com/5QKdKvZH

http://80.76.42.107
real-chat.website

# Reference: https://twitter.com/cyber__sloth/status/1275339899789553666

89.248.168.197:443

# Reference: https://twitter.com/RobbieWhite98/status/1275781443063623680

aravindweb.in/my_files/others/

# Reference: https://twitter.com/James_inthe_box/status/1275831258216411136

http://37.49.230.204

# Reference: https://twitter.com/_re_fox/status/1275887920910610432

aquacare2.com

# Reference: https://twitter.com/James_inthe_box/status/1275914690627899392
# Reference: https://twitter.com/ThreatHive/status/1275918481800617984
# Reference: https://app.any.run/tasks/d40e13a1-f17a-449c-8ac4-a7fd947f986b/

charjackyum.com
electroncador.com
gemmiparalyzed.com
jaglamorous.com
judicialance.com
neighborhoodlumish.com
podestablished.com
spontaneousance.com
spoolopedia.com
temptationone.com

# Reference: https://app.any.run/tasks/764bc39b-9b3d-4e12-a7e6-4f1f905e7891/

ahjuric.si/Code.txt
office-service-tech.info

# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Reference: https://www.virustotal.com/gui/file/4c9a53b3cc66aef4e9e58e84bc2a873ce2e1ae8a39ac44323aae5c5ac5f443cd/detection

144.202.98.198:8443

# Reference: https://www.virustotal.com/gui/file/65fa0b682baabead9786a6b7d540af673155d32394424e64c77e0ccd509567ae/detection

45.77.249.92:443

# Reference: https://www.virustotal.com/gui/ip-address/81.16.141.208/relations

http://81.16.141.208

# Reference: https://app.any.run/tasks/8473c16b-cbb5-4885-a48b-8952654d5031/

blackl1vesmatter.org

# Reference: https://twitter.com/BlackonIntel/status/1276166654980956161

http://202.146.222.249

# Reference: https://twitter.com/BlackonIntel/status/1276399848586014720

http://47.112.99.43

# Reference: https://twitter.com/BlackonIntel/status/1276398237868408834

http://194.87.18.147

# Reference: https://twitter.com/FewAtoms/status/1276582665366441984

lont.co.in

# Reference: https://www.virustotal.com/gui/domain/akhbarrecords.com/detection

akhbarrecords.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

0022a601.pphost.net
children.ru.com

# Reference: https://twitter.com/p5yb34m/status/1277003721893834752

http://88.119.174.241

# Reference: https://www.virustotal.com/gui/domain/valencaagora.com.br/relations

valencaagora.com.br

# Reference: https://www.virustotal.com/gui/file/2430b443aa2f97bf06ce3a60d328c379bf8f0df540dbb68523eff1f23cb254af/detection

184.168.221.59:444
50.63.202.34:444
haoqing.me

# Reference: https://bazaar.abuse.ch/sample/de5648abf555a4574df8ebf2d2b75dde4ea73639662ae62bf62a109a54f14fd4/

http://170.130.55.135

# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.91/detection

http://101.99.90.91

# Reference: https://twitter.com/reecdeep/status/1277510958647250945
# Reference: https://app.any.run/tasks/1077f681-1dce-4232-a044-1d31f7b56a5f/

itsmeyourfriendhi.ga

# Reference: https://twitter.com/malware_traffic/status/1277619624243314688

feedingyourhealth.com/oprawilson/

# Reference: https://app.any.run/tasks/5142bb13-4b23-49fa-9312-175979c96ab4/

lotusabloom.com

# Reference: https://twitter.com/bryceabdo/status/1277762546414620674

microsoft-ml.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1277866602634059777

http://198.144.176.137

# Reference: https://app.any.run/tasks/031b55bd-61ec-400f-af64-21ac5b79e367/

838495sd.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1280123075946844162

83848has.duckdns.org

# Reference: https://twitter.com/FewAtoms/status/1280174155955154944

members.westnet.com.au/~perthglory81/

# Reference: https://twitter.com/RobbieWhite98/status/1280518052560412675

excelofficeonline.com

# Reference: https://twitter.com/Dr_N0b0dyh/status/1280820643899101185

greattastesmb.ca/wp-content/plugins/duplicator/files/

# Reference: https://www.virustotal.com/gui/domain/seedwellresources.xyz/relations

seedwellresources.xyz

# Reference: https://twitter.com/InQuest/status/1280938328494346241

cattelenitalia.icu

# Reference: https://twitter.com/James_inthe_box/status/1280893749099290624
# Reference: https://app.any.run/tasks/39bc7028-ac54-433f-b776-4a715bdd4906/

162.244.81.87:443

# Reference: https://twitter.com/MaelSecurity/status/1281258899652456448

altechsolutions.sg

# Reference: https://app.any.run/tasks/3b8c15b9-9846-4aec-a414-5014faeebfaf/

http://45.32.111.52

# Reference: https://twitter.com/Dr_N0b0dyh/status/1281563732963885056

comawhimplet.com

# Reference: https://twitter.com/Dr_N0b0dyh/status/1281592784407990273

our20203.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1281706762165350400
# Reference: https://gist.github.com/silence-is-best/a64b6f1c78ca5307d00d766c36b3d2e3

real-ed14.myjino.ru
z96774t7.beget.tech

# Reference: https://www.virustotal.com/gui/file/a5d8bd3aea834c9bc0fb8b0a4853e75eeae28f0581cc0c90ca53dfc57128eb43/detection

mschatting.r-e.kr

# Reference: https://twitter.com/James_inthe_box/status/1282690108605427712

z.zz.ht

# Reference: https://www.virustotal.com/gui/file/67d8e4f765313db72ae56b971dd875d20156bc4effb974641b1562b8a40d41da/detection

a0443179.xsph.ru

# Reference: https://www.virusradar.com/en/Win32_TrojanClicker.Clidak.A/description
# Reference: https://www.virustotal.com/gui/file/980ef75a800eba45c7cb64b4c1bcc61a3b0cdf92854c24dbf1ea0f3fe4cad944/detection
# Reference: https://www.virustotal.com/gui/ip-address/65.254.51.42/relations

http://65.254.51.42
dhj.serveftp.com
phk.serveblog.net

# Reference: https://twitter.com/cyber__sloth/status/1282967458727559173

141.98.213.151:443

# Reference: https://twitter.com/James_inthe_box/status/1283030572604874752

anythingbilliest.com

# Reference: https://twitter.com/KorbenD_Intel/status/1282805567661019136

http://5.206.224.211

# Reference: https://twitter.com/James_inthe_box/status/1283032087298072576

bloomcareltd.co.uk/wp-content/uploads/2020/06/files/

# Reference: https://www.virustotal.com/gui/ip-address/81.177.141.11/relations
# Reference: https://www.virustotal.com/gui/domain/frefou.ru/relations
# Reference: https://www.virustotal.com/gui/domain/tokyofunkowildvaley.ru/detection
# Reference: https://www.virustotal.com/gui/file/ba8d3d5d0d4b0d2178ea3ed1ff72e49ac8f6b608aac2718c6cf9904390dbeb80/detection

81.177.141.11:443
chokun.ru
frefou.ru
tokyofunkowildvaley.ru

# Reference: https://twitter.com/luc4m/status/1283438173020803072

offthewall.top

# Reference: https://twitter.com/_re_fox/status/1283486522981974017
# Reference: https://www.virustotal.com/gui/ip-address/185.172.110.210/relations

http://185.172.110.210

# Reference: https://www.virustotal.com/gui/file/14a0b3003b983e26096094b066c6488b21850f7d379244492affa602655b9d94/detection

dueuekekdd833234.publicvm.com

# Reference: https://app.any.run/tasks/09e4db88-e007-45df-b7b7-9d485249d0a3/

185.99.2.49:443
185.99.2.49:80
45.148.120.142:443
45.148.120.142:80
78.108.216.13:443
78.108.216.13:80

# Reference: https://www.virustotal.com/gui/domain/ntro.fr/detection

ntro.fr

# Reference: https://twitter.com/pancak3lullz/status/1283791016588451842

http://198.46.198.118

# Reference: https://twitter.com/Bl4ng3l/status/1283853966795780097

http://51.77.225.87

# Reference: https://twitter.com/jcarndt/status/1283799735065862144

http://185.14.31.56

# Reference: https://twitter.com/Dr_N0b0dyh/status/1284155801813372930

insightout-me.com/backup/

# Reference: https://www.virustotal.com/gui/domain/ramukakaonline.com/relations
# Reference: https://www.virustotal.com/gui/domain/shubhinfoways.com/relations
# Reference: https://www.virustotal.com/gui/file/475d81dda1f6fd4e8fe7038d406b874519986a94832a51fbafafe023dd5c5ad2/detection

ramukakaonline.com
test2.cxyw.net
shubhinfoways.com
sustainableandorganicgarments.com

# Reference: https://www.virustotal.com/gui/file/ced32aa25118e81a5b12ad187f9372239eb440327f96f5c28a6ca7dd483b38a7/detection

a0454147.xsph.ru

# Reference: https://pastebin.com/Hc73BzJT

francehayon.fr

# Reference: https://www.virustotal.com/gui/ip-address/185.11.167.190/detection

http://185.11.167.190

# Reference: https://app.any.run/tasks/49ebad37-e6e0-4e82-9a1f-3d88e1c90a4e/

madibarohilala.ddnsgeek.com

# Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/

salesforce-ibmcloud.kozow.com
speedfinance-cloud.gleeze.com

# Reference: https://twitter.com/James_inthe_box/status/1285294414475087872

thirdchidet.com

# Reference: https://www.virustotal.com/gui/file/5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef/detection

http://124.160.126.238

# Reference: https://www.virustotal.com/gui/domain/22ssh.com/detection

22ssh.com

# Reference: https://www.virustotal.com/gui/file/5d05b5938fc802c4e22f5b85cbf5b332297cc63800f2eb0fb4e667035587a6af/detection

361com.com

# Reference: https://www.virustotal.com/gui/file/7456e451f3c209fda2c5dd276acbb84e6c6055c48c28773396c87355c027ec4f/detection

4i7i.com

# Reference: https://twitter.com/InQuest/status/1285686606276562946

allmedicalpro.com

# Reference: https://twitter.com/jorgemieres/status/1285681527666483200
# Reference: https://twitter.com/jorgemieres/status/1284213293712838657

stationery.best
stationery.link

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

office-supply.top

# Reference: https://twitter.com/malwrhunterteam/status/1285910669238382592
# Reference: https://twitter.com/bryceabdo/status/1285925420890824706
# Reference: https://otx.alienvault.com/pulse/5f187f5e30e61988f5d51a52

facbeookloggin.com
facebokloggin.com
faecbooklogin.com
fireeyee.com
kasparksy.com
microsotflogin.com

# Reference: https://twitter.com/emirca_/status/1286037814380044294
# Reference: https://www.virustotal.com/gui/file/a4aa745edd8032f8fa45ca76262dcf218322ee4e715addea5bb6545ba2e229a9/detection

http://70.37.67.191
briendmaster.duckdns.org
bustvch.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1286268666431123456

penir.net

# Reference: https://www.virustotal.com/gui/file/d72133df3fee1d91fcab0adb532459b6c0044e7f8b4ca542fa3f6ae470b42be1/detection

http://185.146.157.171

# Reference: https://www.virustotal.com/gui/file/dacce09fd5829213606cef3f45d5bc43d4522183e54422eb4a5c7a404c69a6c2/detection

rodik2020m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/44f3eb01406921d5605933abce49e5fe04cfe6a73f3fcb7380dc99765043ea2a/detection

cheff2019m.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/cacd507c94ebe53ab72ec0ca9352069e09f8b8dcfba64abd2054f227ad16e0b2/detection

testedpo11.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/4bf6ec0d9ab95d7d7d4e1e7453a83ed731c9188fbe6d007834025f00791cdcb9/detection

jlauka2018.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/752a2b36c51e70a340394df673dba33a6e4731629b1e624f9246030d80fa3003/detection

a0429276.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6dfef2827cf2495c6b638e3c1b35809b7d8126ea6cbb931e6b06285ccf1f8bba/detection

141.8.192.31:41991

# Reference: https://www.virustotal.com/gui/file/41dcb2cb400c656826db00e368c5ddc4d254d69d5d9ab0cd6a63fd68bba2fb5f/detection

a0439723.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b9024622a0e5c982db8b533e6c3a736d65d5c02bf01b4ff15d3fd770f4632443/detection

a0439698.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e6af686fbb16722033095116708e650d4dc8094069d2047291e7fb374cc5edc1/detection

a0438890.xsph.ru

# Reference: https://www.virustotal.com/gui/file/b1ce6bb28fac9c93b1eec761dfcabcc7f37ea3ef8ef9fd388f42cb41ba2d8dc0/detection

a0439294.xsph.ru

# Reference: https://www.virustotal.com/gui/file/02a8462c5578ac09bd2c6657167a5103b0e91ad759b05f6d63e415b47cbcdcfb/detection

a0440066.xsph.ru

# Reference: https://twitter.com/KorbenD_Intel/status/1286767861348753409

http://88.150.221.122

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/lockscreen-ransomware-phishing-leads-to-google-play-card-scam/
# Reference: https://otx.alienvault.com/pulse/5f1b43526f61f735c9560f23

whoawareness.com

# Reference: https://twitter.com/FewAtoms/status/1287010471283953665

class.britishonline.co/admin/user/
class.britishonline.co/tag/tests/

# Reference: https://twitter.com/malwrhunterteam/status/1287094489149059073

cannoninstrument.co
ecowasloan.com

# Reference: https://www.virustotal.com/gui/domain/payeermine.com/relations

payeermine.com

# Reference: https://www.virustotal.com/gui/file/98917be41e446698aaf1dcb464bfc27ca686c56e2636e2801e6e8c46929e5f71/detection

office-files.pw

# Reference: https://www.virustotal.com/gui/file/65002536a1187a53bc90956d2b73079d4319b3ca6ad3150f02394efcf64e56bd/detection

onlinesnotes.top
usamailnet.top

# Reference: # Reference: https://www.virustotal.com/gui/ip-address/47.241.145.99/relations

office-supply.top

# Reference: https://twitter.com/FewAtoms/status/1288527091936497666

royerconseil-finances.ch/js/tiny_mce/temp/

# Reference: https://twitter.com/IronNetTR/status/1288506810748538892

8hebrew.website

# Reference: https://www.virustotal.com/gui/file/c63401a07c3e4c8d8658413c437c7c77d7b7543f8f5a6227b524ed06bf4fcc21/detection

auxmalishoes.ga

# Reference: https://www.virustotal.com/gui/file/dd77e1f820bd2a57c943f806f628e803708652142e6b691ae3495a39d9a297d2/detection

ecoshore.ga

# Reference: https://twitter.com/malware_traffic/status/1288968378951106560

marketingstrategiesinc.com/eblast/

# Reference: https://twitter.com/KorbenD_Intel/status/1289274346561708032

http://40.125.65.33

# Reference: https://twitter.com/jaimeblascob/status/1289649571463798784
# Reference: https://github.com/stamparm/maltrail/pull/10155/commits/a7f67c994a26b0191f07af4f29e089fa5c471891
# Reference: https://www.virustotal.com/gui/file/4c6a7aabb3a1d45a0d1cc7d2251178521737f5b34c1c9c477665e81c539addc9/detection

http://63.250.34.191

# Reference: https://twitter.com/0bfusCat/status/1247497286051139584

http://5.231.144.2

# Reference: https://twitter.com/0bfusCat/status/1181529470475362304
# Reference: https://app.any.run/tasks/f6d7cc92-3215-4103-baeb-eb424016f885/

http://3.86.56.191

# Reference: https://www.virustotal.com/gui/file/a38216166e363d752f37bdf0419d2e2694279beab8df66d40f56c679563e7a4f/detection

http://185.173.26.156

# Reference: https://www.virustotal.com/gui/domain/becommodal.com/detection

becommodal.com

# Reference: https://app.any.run/tasks/6bcce7b0-611d-4d44-865d-7ca0765f9bff/

epyorke.edu.bz

# Reference: https://app.any.run/tasks/27f1e600-b8fc-4c18-a6f0-b35799393cdc/
# Reference: https://www.virustotal.com/gui/file/6f8fcaac6fd0664838ccfe07924cf97af5056b3868aaaf8fd12560c3a9e8ac41/detection

fugitdeacasa.ro

# Reference: https://twitter.com/VK_Intel/status/1291649978574741509
# Reference: https://www.virustotal.com/gui/file/d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1/detection

103.103.130.120:8888

# Reference: https://www.virustotal.com/gui/file/504f8f447c30f65aa2b327e856c246269eb7586eead1a158b19dfc71d24989ac/detection

http://122.51.171.161
http://198.71.233.197

# Reference: https://www.virustotal.com/gui/file/9b55ac5adb1d3b28f19a6dd755071a0ee815c5bd633d3c8065d038fd9b5142e0/detection

crackpoint.xyz

# Reference: https://www.virustotal.com/gui/file/11871e6ef76854545dde5d56a380f7de9e65dcd59209026649d1430f8a6444f8/detection

http://113.160.165.75

# Reference: https://twitter.com/_re_fox/status/1292831232368271362
# Reference: https://app.any.run/tasks/a8411930-8d61-4e8a-84ef-945ccbbec943/

022802bcfcb3dbcd1a224f29537f6ac0.host

# Reference: https://twitter.com/James_inthe_box/status/1292824016827199489

sandiegoseaworldtickets.com/baba/

# Reference: https://twitter.com/James_inthe_box/status/1291360398294175744

evolutionpublicidad.com/wp-admin/js/bgn/

# Reference: https://twitter.com/KorbenD_Intel/status/1292902929586728960

http://106.53.29.114

# Reference: https://twitter.com/ANeilan/status/1292939552085233664
# Reference: https://www.virustotal.com/gui/ip-address/217.182.54.208/relations

kalihost.ml
kalihost.tk

# Reference: https://twitter.com/reecdeep/status/1293089692418822145

fswaeste.co.uk

# Reference: https://unit42.paloaltonetworks.com/script-based-malware/

crypterfile.com

# Reference: https://www.virustotal.com/gui/file/1e316de8fb7ffb3f0e77c754207aa3b5ea96e82b631b79bbe3be0ab77c077511/detection

http://167.99.221.195

# Reference: https://twitter.com/jorgemieres/status/1293231216301408258

jmmstore.ae

# Reference: https://www.virustotal.com/gui/file/cc4fc1e56d9fc9c525fd6a1880dc806f26b1c5022f60e30de4e974f06d1e85e9/detection
# Reference: https://www.virustotal.com/gui/file/f3ebeeeba13c82daef9731a5f3e8dbe535e963f83e531918ba1a8904b094d3b8/detection

http://176.121.14.231
176.121.14.231:443

# Reference: https://twitter.com/malwrhunterteam/status/1293916383491710979
# Reference: https://www.virustotal.com/gui/ip-address/80.82.67.190/relations

http://80.82.67.190
80.82.67.190:443
quikview-update.com

# Reference: https://twitter.com/abuse_ch/status/1294160873259438083

http://185.172.110.214

# Reference: https://twitter.com/h2jazi/status/1294086706447220737
# Reference: https://www.virustotal.com/gui/file/7d5cf8d69b31ace472fc28e57f4b5dcd7fa0ba5c0107b6fc89d921ae7687fc60/detection

funpet.uk

# Reference: https://www.virustotal.com/gui/file/b8243f7f5b2200dd1b76005d430b4bcdfdaffffb2115dba344fceb7f0c8fd4b1/detection

bazhar.site

# Reference: https://twitter.com/reecdeep/status/1294282579718406148
# Reference: https://app.any.run/tasks/940319f1-4184-49f8-aa22-9b761e480458/

http://176.96.238.127
176.96.238.128:443

# Reference: https://twitter.com/theDark3d/status/1294668801804468225

fedexmanager.com

# Reference: https://www.virustotal.com/gui/domain/skyht.cf/relations

skyht.cf

# Reference: https://www.virustotal.com/gui/file/ceb511a06d37b33b7891b152a4386c27f06abdea66a6ed6edbfc6af307e9ef34/detection

update-prog.com

# Reference: https://twitter.com/angel11VR/status/1295662209729781760

privatnidoktoricacak.com/Q9.jpg

# Reference: https://www.virustotal.com/gui/file/209cff063a1c0e90c2ae817a39860cf93c804a1e67ebd000eaa11c5431799be6/detection
# Reference: https://www.virustotal.com/gui/file/7d51151b82ffb39df5a11c7cb49703dce78d499452946464e42327dcc4355f19/detection
# Reference: https://www.virustotal.com/gui/file/0687165c7a9b105319ada7d1ea051a4852a5b2f32c81a322e6af98d0db9d9257/detection

iwithu.ru

# Reference: https://www.virustotal.com/gui/file/c07ee098c29a441865ec85b7fe00855a4ad4fed128511f0ab1fa48ee11d42c83/detection

tokugava.top

# Reference: https://twitter.com/James_inthe_box/status/1295889244662059011

a50625ja.beget.tech

# Reference: https://www.virustotal.com/gui/domain/winnpxx.info/relations

winnpxx.info

# Reference: https://www.virustotal.com/gui/domain/winnpxxx.ru/relations

winnpxxx.ru

# Reference: https://www.virustotal.com/gui/file/897e1dc64f7632acdf64f0efa052b2deffda66e500bdb663087a5a5b44ad7291/detection

a0349318.xsph.ru

# Reference: https://www.virustotal.com/gui/file/cc92c164b525956380a944af0c50d89236b92bdfd50bcf9533a4e31793207132/detection

http://195.123.241.51

# Reference: https://www.virustotal.com/gui/file/ba0e3a2b8390285537e5b47a1d45ad3731347c0f95298797e580b82d1f10f9cc/detection

simplex.team

# Reference: https://twitter.com/ItsReallyNick/status/1098415667756351489
# Reference: https://www.virustotal.com/gui/file/7248db253aaf79a6092ac429596bab9928b1b0383b7a33141ca72817adb8f30b/detection

http://5.206.225.246

# Reference: https://www.virustotal.com/gui/file/238c5ccb8b85f196df27bacd94d7f46609ffe108685dff924cc308f97dde8b78/detection

tsunami.hopto.org

# Reference: https://www.virustotal.com/gui/file/b742903e8923a24f0afe84f82a01b1034185fa8c803750cb6d878e4dcac802ef/detection

project98.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ec631602280b59f5818fccc2e3f3a28fed3f9cb69c28703e0d6f20757e65813/detection
# Reference: https://www.virustotal.com/gui/file/80745b342289d766b3534502bc03da11a2df77faf58a4e1c2e11ae6923f3cdea/detection
# Reference: https://www.virustotal.com/gui/file/f339e7112e5a4484387c4d09d59564d6bf418900da14aaee4025b27139e3c5af/detection

198.54.115.141:443
ethereumcashpr0.com

# Reference: https://www.virustotal.com/gui/domain/securedownload2.duckdns.org/relations

securedownload2.duckdns.org

# Reference: https://twitter.com/InQuest/status/1297920171936567297

http://45.32.112.92

# Reference: https://twitter.com/bryceabdo/status/1297930380549464068

http://62.108.35.95
162.244.80.177:8443

# Reference: https://twitter.com/VirITeXplorer/status/1298199149985312769

http://51.255.155.2

# Reference: https://twitter.com/KorbenD_Intel/status/1298414421455147009

laopermanentmission-jakarta.gov.la/pxy/

# Reference: https://twitter.com/Dr_N0b0dyh/status/1299007006737653762

btcxchange.online

# Reference: https://www.virustotal.com/gui/file/a02d30733cb3a332d01c4bf973cf10fd01215df0e6294b6db62c0766ddc8fd38/detection

gufjan855.p-t.hk

# Reference: https://twitter.com/James_inthe_box/status/1299458240812445696

nakkufoodsafetyconsults.org/bkb/

# Reference: https://www.virustotal.com/gui/file/a089d77a6beadc16977f5683238a7f4d327697ad92a9e4b904ea9472e833f121/detection

hfexpres.net

# Reference: https://twitter.com/threatinsight/status/1298350560190529538
# Reference: https://www.virustotal.com/gui/domain/tagsmarkt.com/detection

tagsmarkt.com

# Reference: https://twitter.com/James_inthe_box/status/1300406357753917440

cama.it

# Reference: https://twitter.com/p5yb34m/status/1300507364911542272

http://62.108.35.164

# Reference: https://twitter.com/p5yb34m/status/1300547270547369984

http://62.108.35.26

# Reference: https://twitter.com/theDark3d/status/1300665267031355392

sunleafvacations.com

# Reference: https://www.virustotal.com/gui/file/1c3d30d7637b1a6fb648b1cf1de6c7a8375337327cd243f87d525c109554db7d/detection

http://193.56.29.251

# Reference: https://twitter.com/reecdeep/status/1301137977331060736

thezencon.com

# Reference: https://www.virustotal.com/gui/file/d359b6152b5e1077ebcb76adccc7acdb517cc94db18b750a526d27468f8cd9d9/detection

ebayapp.tk

# Reference: https://twitter.com/JAMESWT_MHT/status/1301456108058533888

poliziadistato.club

# Reference: https://www.virustotal.com/gui/file/86b6d966cce450b27df34968190ef979f05da76d7ef5eb9af26ced602dc0ab65/detection
# Reference: https://app.any.run/tasks/e27317be-db62-4822-bbcf-4751bf8cc8a2/

elanstudio.hu
googlchrm.online

# Reference: https://app.any.run/tasks/31076788-db3b-4caa-89de-105c3e389aef/

http://130.204.52.112
4de6fdfe.ts.ctmay.club
4de6fdfe.win.ctmay.club

# Reference: https://www.virustotal.com/gui/file/863432a075e8d97467ee4c88f7c66f2c687a5c5a4cbd7602315ca30859f001a0/detection

123pcloud.com

# Reference: https://www.virustotal.com/gui/file/6909b629652ab36b09bfd7e3229a6eafe1591c0d6f18b2004a094216ee97ece4/detection

infikuje.freevnn.com

# Reference: https://twitter.com/jstrosch/status/1301718677419700224

oficina24.online

# Reference: https://www.virustotal.com/gui/file/35e01a26ed27259c14fac961c16ab5457d49f93c5e5fb05e9cdbff6a21242e7d/detection

http://193.38.55.92
deliverynice.club

# Reference: https://www.virustotal.com/gui/domain/fedex-tracking.press/detection

fedex-tracking.press

# Reference: https://www.virustotal.com/gui/file/ec8a885e2a0e087a6b7b244bcf8bf9034ebc8c5ac48cd78981f119040d153b2d/detection

shoolman.ca/config.dll

# Reference: https://twitter.com/InQuest/status/1301899838666289155

bestbuywindow.com

# Reference: https://twitter.com/ViriBack/status/1302412584000401414

http://162.255.117.6

# Reference: https://twitter.com/lawwait/status/1301408767351894016

seguridadactive.eastus.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/domain/n77568zi.beget.tech/relations

n77568zi.beget.tech

# Reference: https://twitter.com/ANeilan/status/1302966150108712961

erktay-71.ga

# Reference: https://twitter.com/theDark3d/status/1303091496816697345

reg4718182-com.preview-domain.com

# Reference: https://www.virustotal.com/gui/file/7663660c3b41d3ec9f8b34ee013a9994851b0bff483ea92a702e08dc9bd86770/detection

nvidia.pcriot.com

# Reference: https://www.virustotal.com/gui/file/d697907fc8f52925819becd089578023988c5dd7c7a92512b83c2467b9693477/detection

ciuj.ir
gooddns.ir

# Reference: https://www.virustotal.com/gui/file/de99657582ac0f366bb07b95055b1afd1f4967bba5c44f08ca6d6620f5744941/detection

cryptotabs.ru

# Reference: https://twitter.com/James_inthe_box/status/1304056838200070150

dinosaurdiscovery.co.nz/css/

# Reference: https://www.virustotal.com/gui/file/094ae61b55cd43858e4e2177a16d7154e4c44728a3904681a03b9f30b446312e/detection

http://31.28.24.137

# Reference: https://twitter.com/InQuest/status/1304170972363325445
# Reference: https://www.virustotal.com/gui/file/0cf7372d368892af52c430238573396bfd3e628bf53079f5463b57673f1c785e/detection

koomj.ru
tugunhey.ru

# Reference: https://www.virustotal.com/gui/file/3e986ef03b637b87981831279985a0d85f171b65adbc86cb292a64ac10e42ac9/detection

babsitef.com

# Reference: https://www.virustotal.com/gui/file/932deabfadc89bf8041ed4badf09785cf71ebc1a9959ae156b8c157dbd4b8d1d/detection

nusumu.ga
nusumu.wtf

# Reference: https://twitter.com/JaromirHorejsi/status/1101065746090807297

colompna-youm.ga

# Reference: https://twitter.com/jorgemieres/status/1304138405719298052

notafade.top

# Reference: https://www.virustotal.com/gui/file/558d74af3a97c63780a28a949407c0d7849a2c5fdb766368f4ed7059e413cd00/detection

sttsts.ru

# Reference: https://twitter.com/ReBensk/status/1305531443922247680

42seminare.de

# Reference: https://twitter.com/jorgemieres/status/1305502984336543744

linkedliqht.com

# Reference: https://www.virustotal.com/gui/ip-address/193.37.212.6/relations

http://193.37.212.6

# Reference: https://www.virustotal.com/gui/domain/fantasticvilla.xyz/relations

fantasticvilla.xyz

# Reference: https://twitter.com/Dashowl/status/1307027849719754752

cdn-41111111217-ms-telemetry.net
cdn-4111111217-ms-telemetry.net

# Reference: https://www.virustotal.com/gui/file/c6e6ca2ddc2c1941bf6285f3ba6aefa2e906ce90b23b02e9d6718b36db8ad243/detection

trustedhealthgroup.com

# Reference: https://twitter.com/_re_fox/status/1306964495101722636
# Reference: https://www.virustotal.com/gui/file/dff9e0c81264c85b435e4e10db0ac6ae03c05e58b4ce852406cef81d964ea605/detection

huimeng.live

# Reference: https://twitter.com/malwrhunterteam/status/1310512869394526208
# Reference: https://twitter.com/malwrhunterteam/status/1310515180539908096
# Reference: https://www.virustotal.com/gui/file/375830ba011b666133bd43d01e337aee492db575623263b6a771e68be8955e67/detection

185.224.168.130:3563
185.224.168.130:80
telegram-vip.com

# Reference: https://twitter.com/jorgemieres/status/1310572969861754881
# Reference: https://www.virustotal.com/gui/file/70a6f31fa41581e00a0f1e7f95377f48e3a859a8b80096b913b9035c8c6a4628/detection

http://60.169.77.137
666.myddns.me

# Reference: https://www.virustotal.com/gui/file/f0da35c0d68e20d63d70d48fdab09702709b2809a3c2b3782143235abe956abe/detection

mamaxa.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1311054656341266432

kh5vf9vv.com

# Reference: https://twitter.com/James_inthe_box/status/1311297127386021888

officestore.co.id

# Reference: https://www.virustotal.com/gui/file/83ed45abd2fefc68d1f5fbabbdf566a90f66f76108a315964a30030a14c243b6/detection

http://94.156.174.7

# Reference: https://twitter.com/jstrosch/status/1311359445021134848

104.161.77.84:444

# Reference: https://twitter.com/jfslowik/status/1311691210088542208

office-pulgin.com

# Reference: https://twitter.com/IronNetTR/status/1311752801844895746

westrasde.com

# Reference: https://twitter.com/jorgemieres/status/1304130606222188544

http://103.141.138.133

# Reference: https://twitter.com/FewAtoms/status/1312073100473884677

http://103.125.191.229
http://103.140.251.164
http://103.141.138.130
http://103.141.138.131
http://13.211.173.236

# Reference: https://www.virustotal.com/gui/file/0d06226fdab0976e9d78cc8dc20888f098037815feaa355de99d28bbb9a5d9d9/detection

http://108.170.55.202

# Reference: https://www.virustotal.com/gui/file/9ecc42201beb37c82c61e6f7cc41914b8b5eaa0fb19b90f3b3c9dfa9f91406a0/detection

teelam9.com

# Reference: https://www.virustotal.com/gui/file/ab63a3d0b9a8ca47c8012ba18b8e47466547b8755761abf6a78d49e9bd093000/detection

tracebizcomplex.com

# Reference: https://www.virustotal.com/gui/file/bc21b8ead78c175ec04e618cb1266d022686e33a8197ff110b32ef283ef187af/detection

espera-de.com

# Reference: https://www.virustotal.com/gui/file/f7402c16ad79a761c3870e7be5cb9970c7f15d1f135d7c5da1b6188509d5afc7/detection

algreno.com

# Reference: https://www.virustotal.com/gui/file/da1cb6e49f53ec9338d99436ab398decf38d301adae3a5c897dd5dc7179a0aaf/detection

108.170.55.202:55704
108.170.55.202:55889
kpatelbyes.com

# Reference: https://www.virustotal.com/gui/file/aa891ab053d1fa4f3df767cc44e4ca6b783151279d6267dd40c5e8ef4ee3dd0f/detection

powerlogs.top

# Reference: https://www.virustotal.com/gui/file/7a77a40eb9667194f4d936933970ca798c191636fb57e988afb3cfeb768b2e19/detection

uwadiuto.com

# Reference: https://www.virustotal.com/gui/file/4bea14f68342a4007d1d1ddc28bb110f7ac2788619eca97742c2ef35b7c9bb08/detection

nws-cn.in

# Reference: https://www.virustotal.com/gui/file/ba08544bdd05340e7579d144a51cd39cea176fefc83a1110f7664becb69ec43f/detection

nwheilcopter.com

# Reference: https://twitter.com/IronNetTR/status/1312119323389960193

gov-live-cases-update.xyz

# Reference: https://www.virustotal.com/gui/file/9c79b09774aba468bd3cd6a73830bfec78011d68565f57bbd73a798dfc26e22d/detection

podsden.com
victoryrespect.com

# Reference: https://www.virustotal.com/gui/file/b7e3c86a346b49b2eadc4bceb1348270e690568a113a0ecc461c99f58ed61a56/detection

only-humans.xyz

# Reference: https://www.virustotal.com/gui/file/eebf62940926ad91f7bbf4e127b8e1d75f404536ef25e8ef12f84ace96b6526d/detection

qualitycontrols.mx

# Reference: https://www.virustotal.com/gui/file/f9a2ff01e3964dd922d47caed20ac0bfa39f5d1f96fd8f3003f68236acd738d9/detection

avpabcefjil.com
krasnojarski.com

# Reference: https://www.virustotal.com/gui/file/f76fca83e19560fbacc25d9e7475c9aec15cc4490bcda636cd0c514b59ea1c1c/detection

81.38.132.197:3502
83.39.116.30:3502
83.47.188.96:3502
543874163.ddns.net

# Reference: https://twitter.com/win32kid/status/1312550937047625729
# Reference: https://app.any.run/tasks/2ec6942e-b688-4590-a9bc-34942d13ff57/
# Reference: https://www.virustotal.com/gui/file/b3455d9d3bf50da0762a0d2aa57f4041af76b86024376af1a07b774bb7166ffc/detection

httpz.tech
lyric-library.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1313023627177193472

http://45.79.237.92

# Reference: https://www.virustotal.com/gui/file/62cbbf68eb9555bca069893a3daa6621aaf7b43604fd511cc11c5fe038ed9845/detection
# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.39/detection

donsinout.info
invcloud.info

# Reference: https://twitter.com/James_inthe_box/status/1313173649642332162

nitrixserver.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313448219964252163
# Reference: https://www.virustotal.com/gui/file/fd68aa2465ae2f9753474773b36d50804cffdf541c851d4ef42b2ae77f701b9a/detection
# Reference: https://www.virustotal.com/gui/file/dd2b8ca97ba5a68e3ea5819e9292a5ff8d43a2a33056eb1f755f5c2c5a63947f/detection
# Reference: https://www.virustotal.com/gui/file/d104b823ce5e390c264f36b9727b58d0a4602dc6ddae305d01dbff24de5560ec/detection
# Reference: https://www.virustotal.com/gui/file/7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f/detection

amvotech.com/wp-admin/images/wpcloud.php

# Reference: https://twitter.com/FewAtoms/status/1313513688972828674

altcbs.com

# Reference: https://twitter.com/malwrhunterteam/status/1314121888772259845
# Reference: https://www.virustotal.com/gui/file/e8002fbc4bd5e57fd317fb99e3bb2bc8965e94761e37757aed51f3f21486c0ad/detection

verifiedad.website

# Reference: https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns
# Reference: https://otx.alienvault.com/pulse/5f7df280cd3c95f0aad5a1fb

http://198.12.66.108
italake.com/assets/css/0022.exe

# Reference: https://twitter.com/KorbenD_Intel/status/1314251628959076353

sorwatheltd.rw

# Reference: https://www.virustotal.com/gui/ip-address/162.0.235.138/relations

punneli.com

# Reference: https://twitter.com/James_inthe_box/status/1314677701538508800
# Reference: https://www.virustotal.com/gui/domain/helmut01.tech017.net.in/relations

helmut01.tech017.net.in

# Reference: https://www.virustotal.com/gui/file/51054b5f32ba02c12a8e141f5b522d1457785f9f17d04ba25aeb6f0627525545/detection

http://193.53.126.217

# Reference: https://www.virustotal.com/gui/file/3fa9dfafba34b885683809041fd908bc7495e09a2b5cd8d1c2059b1204709d00/detection

http://91.198.220.225

# Reference: https://twitter.com/_re_fox/status/1314972578231070720

http://103.133.139.17

# Reference: https://www.virustotal.com/gui/file/d4f2e466297be77e0f8efee83099f3e782877a1cba72c292cfd93d07f760dd5a/detection

asc6.kozow.com
clockdoplannow.hopto.org
egreetcards942.servehttp.com

# Reference: https://www.virustotal.com/gui/domain/conf1g.com/detection

conf1g.com

# Reference: https://twitter.com/_re_fox/status/1315467764656726017
# Reference: https://www.virustotal.com/gui/file/9d216202b7718a9a8b99ead16685790283992c1f41981c1b862762abda17b4cd/detection
# Reference: https://www.virustotal.com/gui/file/36b8af9e7eade60304cce874c383c6c68f37ea4fa69fcf36095f993b69c8786f/detection

80.255.3.67:80
resolverequest.live

# Reference: https://twitter.com/k3yp0d/status/1315599772502364161
# Reference: https://www.virustotal.com/gui/file/8e0f6621c094066b2a0e5cf36c156a26366e72cfae3eb8b145d691b6f225e1b5/detection
# Reference: https://www.virustotal.com/gui/file/fa115fb6499783cabc60f6b0b893a5b622ba45e6f85fa02de5e6af1a547dbb4b/detection
# Reference: https://app.any.run/tasks/5843b866-5082-4d2b-aec0-2803017d727d/

ceeskophishingcampaignAPT1337.com

# Reference: https://www.virustotal.com/gui/file/9ea05b312e68099c4adf672f151b4c7a1a97017ddb5762b165c873dd2789a099/detection

69.170.237.82:20
jejakdesa.com

# Reference: https://twitter.com/neonprimetime/status/1315767665244483586
# Reference: https://app.any.run/tasks/68a58306-6eec-4773-9bfc-cde1407a5d43/
# Reference: https://www.virustotal.com/gui/file/45b6fb787435620e362685fbc8d323b07810b6fc8188e8fe22b8d0427b56332e/detection

http://64.188.21.219

# Reference: https://www.virustotal.com/gui/file/838a8c1b12270b248fd13d1f110998a79ee9442d19fb3f3562dfe734d7033367/detection

millsmiltinon.com

# Reference: https://twitter.com/KorbenD_Intel/status/1315764616044048386

groups.us.to

# Reference: https://www.virustotal.com/gui/domain/org-help.com/detection

org-help.com

# Reference: https://www.virustotal.com/gui/domain/gd-sirve.com/detection
# Reference: https://www.virustotal.com/gui/file/572a24faa8570e3669a2b67aa7600865e9b5538ce8294c6e9557fee659592e9b/detection

gd-sirve.com

# Reference: https://twitter.com/jstrosch/status/1315993559359684608

elit.com.mx/xls/

# Reference: https://www.virustotal.com/gui/file/57f0fc9a3aee0bc95dd54a22ce66bdf850b3ba28498e57cfe5f28a95bae3faaf/detection

http://31.42.186.166

# Reference: https://www.virustotal.com/gui/file/e23cdad77fa6de90822e92ae19f17abc833bb38685b415f5813d280fa1a6a590/detection

http://107.173.219.56

# Reference: https://www.virustotal.com/gui/file/8813f733b2fdebca664bd770f002cee35a1c8670a7af78c24bd764185fcf81b7/detection

http://94.156.189.248

# Reference: https://app.any.run/tasks/7e41dd5c-ac10-4032-81f5-034c985f26d6/

http://101.99.91.165

# Reference: https://www.virustotal.com/gui/file/b451b884612f400dca31813c295539306ae32b86b558e64e39b07f881bfbe3a4/detection

http://178.62.19.66

# Reference: https://twitter.com/FewAtoms/status/1316438791280832513

mscni.org

# Reference: https://www.virustotal.com/gui/file/231e243eb10755413f784acf5cfd793bdd4e88f0898a342c0c6c30a527548d8d/detection

http://5.39.221.49

# Reference: https://www.virustotal.com/gui/file/8258ff36cc4bf39ce407adee123e866c8880ee0153cb3497a493c769aac19757/detection

http://185.212.131.241

# Reference: https://www.virustotal.com/gui/file/2eb1dea1a8d085d871ae834fee4864079371c3c7c199336319ed8cf291e2623e/detection

http://109.230.217.13
http://109.230.246.66

# Reference: https://www.virustotal.com/gui/file/6705824b8c2fc43fd8e6c8999b638c39ea11a79e8614e75b8b1f9451a93e005b/detection

littlegreenhands.org

# Reference: https://twitter.com/Marco_Ramilli/status/1317074873064239108
# Reference: https://twitter.com/James_inthe_box/status/1317088059641319424

alternasaludspa.com/1/
melonco.com/1/

# Reference: https://www.virustotal.com/gui/file/c0a7dfca7eda9d3f170e318428984c17b9737d4e53c291a227f97863ea30827e/detection

salesgroup.top

# Reference: https://www.virustotal.com/gui/file/34d1451c8ac71d3eb9582092492d4b50a4202b962d8a7cff5cce9c93823aec5d/detection

http://217.8.117.77

# Reference: https://twitter.com/malwrhunterteam/status/1317504898309697541

cmtdevwp.com

# Reference: https://www.virustotal.com/gui/file/1964db2e767cbecc8aedad70f84974da81e88c9ce47210abd6c115cfbaa80222/detection

vds2018.space

# Reference: https://www.virustotal.com/gui/domain/zi-chem.co/relations

zi-chem.co

# Reference: https://twitter.com/James_inthe_box/status/1318923060762701824

escas-lk.com

# Reference: https://twitter.com/malwrhunterteam/status/1318900812094066693

http://5.34.178.103

# Reference: https://www.virustotal.com/gui/file/f50b95b06989cbfd7009c6e5638f9636d9b19218952e14b874488f036338fe33/detection

yassinebolard.tk

# Reference: https://twitter.com/malwrhunterteam/status/1319218507154939905
# Reference: https://www.virustotal.com/gui/file/67418cd16e3b672ab0759bb72c2e056da27c433b16dc1a29c13b55f68204e1c6/detection

com-net.site
modal-agency.info

# Reference: https://twitter.com/malwrhunterteam/status/1319351207350181888

file-downloads.club

# Reference: https://twitter.com/malwrhunterteam/status/1319640676850671616

fjetsam.com

# Reference: https://www.virustotal.com/gui/file/cf1927ab098bdaace7eabc39ae410f39e47433a993ef602eb59dee5923bef042/detection
# Reference: https://www.virustotal.com/gui/file/e7baae3067f928b48fbfc5ff6101d8ae15e17021b03d2c45a0cc147a181ef79b/detection

09.justcounter.com
bighyip-monitor.com
brazauskas.info

# Reference: https://ideone.com/CYMY4

http://115.68.2.15
http://116.127.121.27
http://117.21.224.2
07tqqwem.ru
0uon.com
0up.ir
0uw.ru
1140.co.kr
1.153.cc
1-box.ru
1.cramssdeleviesor.co.cc
1.duote.net
12.duote.org

# Reference: https://twitter.com/ninoseki/status/1320190516466569217/photo/2

ssddtg.icu
toterh.pw

# Reference: https://twitter.com/FewAtoms/status/1320356668367114241

http://145.239.35.192

# Reference: https://www.virustotal.com/gui/file/5a7c4c3e157d060b2fde02428557b1ba0c3d7c96181ead704ccc7a19bfc51582/detection

updateadober.viewdns.net

# Reference: https://www.virustotal.com/gui/file/58089bdd548b2f5075e5baab7dc7045d62561d811d9cb2f27e0c4defcb34e1ed/detection

http://66.70.188.115

# Reference: https://twitter.com/FewAtoms/status/1320791439610122245

redesuperpops.com.br/kalidoc/
redesuperpops.com.br/spike/
redesuperpops.com.br/trends/

# Reference: https://twitter.com/InQuest/status/1321043053218566146

http://216.170.114.73

# Reference: https://twitter.com/InQuest/status/1321062576063762433

http://192.3.152.134

# Reference: https://twitter.com/InQuest/status/1321114421347913729

http://23.249.162.110

# Reference: https://twitter.com/InQuest/status/1321414392630620160

http://107.173.219.115

# Reference: https://twitter.com/InQuest/status/1321354871749156866
# Reference: https://www.virustotal.com/gui/domain/duracom.ga/relations

duracom.ga

# Reference: https://www.virustotal.com/gui/domain/dimaopdb.beget.tech/relations

dimaopdb.beget.tech

# Reference: https://twitter.com/FewAtoms/status/1321171900438032385

http://45.141.84.184

# Reference: https://twitter.com/FewAtoms/status/1321180474283380741

http://209.141.35.239

# Reference: https://twitter.com/malware_traffic/status/1321182175916679168

http://69.30.232.138

# Reference: https://twitter.com/InQuest/status/1321447024227737601

http://216.170.114.73

# Reference: https://twitter.com/InQuest/status/1321443374273056769

http://216.170.126.109

# Reference: https://twitter.com/InQuest/status/1321529831318761473

http://75.127.1.211

# Reference: https://twitter.com/InQuest/status/1321574093204979714

http://78.128.92.94

# Reference: https://twitter.com/InQuest/status/1321735654318002183

http://192.3.141.134

# Reference: https://twitter.com/InQuest/status/1321887102716596231

http://103.125.191.123

# Reference: https://twitter.com/InQuest/status/1321947723977936897

http://75.127.1.211

# Reference: https://twitter.com/InQuest/status/1333423214807146502

http://104.37.172.209

# Reference: https://twitter.com/InQuest/status/1326887249024331776

http://198.23.213.25

# Reference: https://twitter.com/InQuest/status/1328147418941157379

http://198.12.84.47

# Reference: https://twitter.com/InQuest/status/1333763922747416585

http://216.170.114.70

# Reference: https://twitter.com/InQuest/status/1333075764414177286

http://216.170.126.121

# Reference: https://twitter.com/InQuest/status/1333517270270812161

http://149.3.170.144

# Reference: https://twitter.com/InQuest/status/1330593315855740934

fancy-yoron-0802.boyfriend.jp

# Reference: https://twitter.com/sarebour/status/1315625320976994304
# Reference: https://www.virustotal.com/gui/domain/bunkhouseventure.com/relations

bunkhouseventure.com

# Reference: https://www.virustotal.com/gui/ip-address/72.21.81.240/relations

72.21.81.240:80

# Reference: https://twitter.com/smica83/status/1321716870584672261

http://46.183.222.25

# Reference: https://twitter.com/_re_fox/status/1321922917496737795

judax.live

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Chepvil-A/detailed-analysis.aspx

http://109.94.220.52

# Reference: https://www.virustotal.com/gui/ip-address/23.223.200.195/relations

23.223.200.195:80

# Reference: https://www.virustotal.com/gui/file/d0d031cd3950c39950b082192a532c1ed2415ba01f33495113e611c08c8e9305/detection

kozbot.xyz

# Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html

lopiax.us

# Reference: https://www.virustotal.com/gui/file/91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f/detection

http://91.92.128.201
ptc-latam.com

# Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection

http://185.172.110.201

# Reference: https://www.virustotal.com/gui/domain/microsoft-shop.com/relations

microsoft-shop.com

# Reference: https://twitter.com/malwrhunterteam/status/1323947874602897408
# Reference: # Reference: https://www.virustotal.com/gui/file/2d649a5a2ac07b53053c66c8007b939818629b757ff25a5d2bfa0b0f0c063857/detection

flash-plays.com

# Reference: https://www.virustotal.com/gui/domain/flsah.com.cm/detection

flsah.com.cm

# Reference: https://twitter.com/KorbenD_Intel/status/1323654449252872192

tethercloud.net

# Reference: https://twitter.com/MBThreatIntel/status/1323671059090993153

http://103.153.79.195

# Reference: https://www.virustotal.com/gui/file/3c18438a9fc9aec1ce0e6d2be9f6f676424b4f8ffd844ac2d1a90b32a5bf0098/detection

chrandinc.com

# Reference: https://www.virustotal.com/gui/file/cca24cf66321e5b2f63bb52b5183e9cc437bf1b59d5f34043307dbd3ab02ae62/detection

americanspecialtyinsurancegroup.com

# Reference: https://www.virustotal.com/gui/domain/micorsoft.cc/relations

micorsoft.cc

# Reference: https://www.virustotal.com/gui/file/9693bcea91bc27b23f55193e3836711b53f0436ff7b6de48a50825d817e75f29/detection

ultimatenutritiononline.com/good/

# Reference: https://twitter.com/KorbenD_Intel/status/1324491660848365568

http://34.91.240.51

# Reference: https://www.virustotal.com/gui/file/b5d95d5b099d97bb34b67c04edd6e58626d49eb0c234b71c58f06d6169741f39/detection

offices-cloud.com

# Reference: https://www.virustotal.com/gui/domain/microsoftupa.com/relations

microsoftupa.com

# Reference: https://twitter.com/InQuest/status/1324795639885111302
# Reference: https://labs.inquest.net/dfi/sha256/abac16a4ab770d5802686e27c3e13c62f26c1ddea5e8339f1f4e1b4d5d6600f7

kaf-public.s3-eu-west-1.amazonaws.com

# Reference: https://twitter.com/ffforward/status/1324779832333488128

swalgrave.com

# Reference: https://www.virustotal.com/gui/file/ca20e6d6fc14a5a1b07747c95d04fa6fa593fbeda1be5b0eb84495d60fc59e01/detection

cp87128.tmweb.ru

# Reference: https://www.virustotal.com/gui/domain/soloforminlink.org/detection

soloforminlink.org

# Reference: https://twitter.com/bad_packets/status/1325141763514798080
# Reference: https://www.virustotal.com/gui/file/69b7dfad97f3d224b75c511ea64f87cf635139b7db818d7a92ce2015a95b8519/detection

217.8.117.137:80

# Reference: https://www.virustotal.com/gui/file/2b50151658c526e8d5dd1eb2ccc989ead663b4c07792c903f0259a1cc9255959/detection

472924.selcdn.ru

# Reference: https://www.virustotal.com/gui/file/533de57e0c74febc1a0ea781136511f2b4c03d6bf689919c97da0e03704fc2e9/detection

mir.7jp.cn

# Reference: https://www.virustotal.com/gui/file/eb9b9b5796b62c2b3006a221536629ab3cfc525c0261e7555ad5a686c47024e7/detection

stresser.services

# Reference: https://twitter.com/_re_fox/status/1325809653100539904

http://45.77.191.82

# Reference: https://twitter.com/James_inthe_box/status/1325809800068804609

zepham.com/file/

# Reference: https://www.virustotal.com/gui/file/f0135e7183050d119c2fdc82d6b3fe712a169ba0b74b6d689064e480214a33f3/detection

specialtyaltruistic.com

# Reference: https://www.virustotal.com/gui/file/6499b3ecff1d79dbab7cccc698a1062f0f297031d02996a5f1bebf992653a18d/detection
# Reference: https://app.any.run/tasks/c7095708-8135-48a1-8260-39f2de2401fc/

http://151.80.220.125

# Reference: https://app.any.run/tasks/77f8bb6c-f055-4405-9438-c608ba947ebb/

tennysondonehue.com

# Reference: https://www.virustotal.com/gui/ip-address/104.207.140.218/relations
# Reference: https://www.virustotal.com/gui/file/0906273884fdd14dfc89eea5c252fd46d5fcd000692e4af7e258048b5588b4d0/detection

us-system3.com
us-system89.com

# Reference: https://twitter.com/FewAtoms/status/1326222282075811840

hechiceriadeamoryprosperidadisrael.com/imagenes/amarres/

# Reference: https://twitter.com/InQuest/status/1326258921833684992

msdn-updates.azureedge.net

# Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection
# Reference: https://www.virustotal.com/gui/file/71c9ae337a763e6df591080e34b439b7c927b3ef49315e10a04a91c30b5d98e4/detection

ffdownload.online
fffdownload.xyz
freeprivacytools.ru
privacytoolsfree.site
stat-srv.network
truckscales.com

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

diqp.top
wihumanld.com

# Reference: https://www.virustotal.com/gui/file/eead77418d69043a8a2aff74fff2292890bca6d6cd26140800f1041f87867452/detection

cjrmps.com
fddnice.pw
zxfc.pw

# Reference: https://urlhaus.abuse.ch/host/cape-eye.co.za/

cape-eye.co.za

# Reference: https://twitter.com/wwp96/status/1335680464993079297
# Reference: https://app.any.run/tasks/e72c08a0-1cb1-4691-b30c-5e94ee3d3802/
# Reference: https://www.virustotal.com/gui/file/d5ace9c31d5e44b58f4c73f014caec047fac79f4d5a44a9c3e20153c5e8045be/detection

acetaldehydetoxicity.com/wordpress/chromium.exe
web24host.com/a/a/www//1.jpg
web24host.com/a/a/www//2.jpg
web24host.com/a/a/www//3.jpg
web24host.com/a/a/www//4.jpg
web24host.com/a/a/www//5.jpg
web24host.com/a/a/www//6.jpg
web24host.com/a/a/www//7.jpg
web24host.com/a/a/www//main.php

# Reference: https://www.virustotal.com/gui/file/33a7196538a17da13cc67b31162c14d0f3f473816b98f75f01709eda2b1464a7/detection

playwithme.emailonlinemoney.com

# Reference: https://www.virustotal.com/gui/file/d0056dc81acbc4ea4fa63420e780f58beba75a1d5ad1111e3194689f9d241120/detection

e8.ssigu.ru
tb6fo.jumevty.ru

# Reference: https://www.virustotal.com/gui/file/d0ef59cdc766a5abb2c652273bcd713aaf660c6631154f78c1fc028934ebd083/detection

2menu.mx/a1/

# Reference: https://www.virustotal.com/gui/domain/rsl-t-mobile.com/detection

rsl-t-mobile.com

# Reference: https://twitter.com/malwrhunterteam/status/1326798766293331970

http://45.141.84.182

# Reference: https://www.virustotal.com/gui/domain/sparepartiran.com/relations

sparepartiran.com/js/

# Reference: https://www.virustotal.com/gui/ip-address/111.90.149.233/relations

http://111.90.149.233

# Reference: https://www.virustotal.com/gui/ip-address/216.244.73.139/relations

http://216.244.73.139

# Reference: https://www.virustotal.com/gui/file/f768df4d6a625f578a6ebb65f34ee6cb1279e28111f4dc5ba525827e8d9851cc/detection

http://192.3.31.220

# Reference: https://urlhaus.abuse.ch/browse/tag/AveMariaRAT/

http://5.196.207.55

# Reference: https://twitter.com/FewAtoms/status/1326935534971785216

indiaohc.com/file/

# Reference: https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/
# Reference: https://otx.alienvault.com/pulse/5fad78631749dbff71a31f55
# Reference: https://www.virustotal.com/gui/ip-address/178.128.242.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.92.222.223/relations
# Reference: https://www.virustotal.com/gui/file/58bb90f11070a114442c4fa1cbbccefadcdf954510ae2b8d91c9b22b1a8a42d5/detection

http://95.142.39.135

# Reference: https://twitter.com/jstrosch/status/1326934666209873920

elvbs.store

# Reference: https://twitter.com/JAMESWT_MHT/status/1327198617560559618

http://45.138.72.84

# Reference: https://www.virustotal.com/gui/domain/cinemoolper.club/detection

cinemoolper.club

# Reference: https://twitter.com/FewAtoms/status/1327638169500741637

tastelaspices.com/ccss/

# Reference: https://www.virustotal.com/gui/domain/globalvehicleimports.com/relations

globalvehicleimports.com

# Reference: https://twitter.com/wwp96/status/1327892015468732416

dannexgh.com

# Reference: https://www.virustotal.com/gui/file/b072c748e685183ae8265058fde6a93675029cc776130ce6eac047f13850de53/detection
# Reference: https://www.virustotal.com/gui/file/d2f165674c38a737e83d2adeb8db6f200fba190afee7b8db49e37c39b3aa80d6/detection

markalsf.ru
markalsk.ru

# Reference: https://www.virustotal.com/gui/file/b4ebbd4b3e5cb4427726ea3988d317ed086cd0a9a7e3febb24954047c31909fc/detection

qwertzx.ru
qwerkkc.ru
qd34gf23.ru
qwerty12346.ru
qd34g34ewdfsf23.ru

# Reference: https://www.virustotal.com/gui/file/b11768cc2dee45a7d27a461de847066a3eea60892cbd53c1bff2e419ef17a347/detection

marcapinyo.ru

# Reference: https://twitter.com/wwp96/status/1327906357484392450
# Reference: https://www.virustotal.com/gui/file/d49fb51090347e5f2138a026b9a995e4d40ffee20ad0773c225c1b0e2043d104/detection

http://45.153.243.122
pool090.telepuzz.net
bestzip.space
ismypanel.host
nvidsame.com
suomenen.com

# Reference: https://twitter.com/wwp96/status/1327924803681079297

alc-ao.com

# Reference: https://twitter.com/wwp96/status/1327921450280488960
# Reference: https://app.any.run/tasks/f31e4792-5a26-47db-a6d0-03c3c8b16cd9/

frgtmexiredirieofjhwdssda.australiaeast.cloudapp.azure.com

# Reference: https://app.any.run/tasks/4240f9e5-1c31-4958-9f74-fc5256e669be/

n9vm.gotdns.ch

# Reference: https://twitter.com/wwp96/status/1328087453392130052

http://45.129.2.137

# Reference: https://twitter.com/wwp96/status/1328090086693629955

liokhgtas.shop

# Reference: https://www.virustotal.com/gui/file/776fd5585c4cae16f60f83e92b0c5b84c3796c3e269975794cb3258b1580163f/detection

kakaxa.xyz

# Reference: https://twitter.com/jstrosch/status/1328176684638539779

http://198.23.212.166

# Reference: https://twitter.com/wwp96/status/1328308638470066177

sparepartiran.com/js/

# Reference: https://twitter.com/wwp96/status/1328321984397185028

http://35.180.137.10
bals.gq

# Reference: https://twitter.com/malwrhunterteam/status/1328322570928746496

http://172.104.63.157

# Reference: https://twitter.com/wwp96/status/1328325861456699394

http://185.239.242.76

# Reference: https://twitter.com/wwp96/status/1328339029021118465
# Reference: https://app.any.run/tasks/27a07edd-459f-47d7-895b-30be0fa69ccb/
# Reference: https://app.any.run/tasks/ecc90db0-667c-4848-a3a7-42763f7de0bd/

setupdnsbase.cc

# Reference: https://twitter.com/_re_fox/status/1328363231870660608
# Reference: https://app.any.run/tasks/dec8ba07-aa92-4525-95cd-d4d62cc164e5/
# Reference: https://www.virustotal.com/gui/file/d5b652683b2859e650181b0c488c2cd84565ff01fd09dc811fc0b0166e32882a/detection
# Reference: https://www.virustotal.com/gui/file/002d97585e2ea7b8c76a60bc576edc0d418b4b0847a011ff2c75615ab359eec6/detection

logins.online
updateld.xyz

# Reference: https://twitter.com/wwp96/status/1328368970932645896

http://88.218.16.144

# Reference: https://twitter.com/jorgemieres/status/1328395087383064576

stoplyingme.com

# Reference: https://twitter.com/Unit42_Intel/status/1328425382140387328
# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-11-16-Cobalt-Strike-IOCs.txt

99promo.com

# Reference: https://www.virustotal.com/gui/file/761ebbde90121cde57d219520adb891f0156862e4105e1fa2c81b6896ee80267/detection

mofsetbay.ga

# Reference: https://twitter.com/InQuest/status/1328606836677808128

sitesimobisis.com.br

# Reference: https://www.virustotal.com/gui/domain/dnsfordomains.ru/detection

dnsfordomains.ru

# Reference: https://twitter.com/InQuest/status/1328767271632822274

piratesmoker.com

# Reference: https://twitter.com/wwp96/status/1328857237452972032

http://185.239.242.117

# Reference: https://app.any.run/tasks/80903179-908a-4199-bc89-d3f1390a0bd3/

http://151.80.8.30

# Reference: https://www.virustotal.com/gui/ip-address/70.37.102.40/relations

http://70.37.102.40

# Reference: https://twitter.com/jstrosch/status/1329484445750013952
# Reference: https://www.virustotal.com/gui/domain/dllth.com/relations

dllth.com

# Reference: https://www.virustotal.com/gui/domain/mangero.ga/relations
# Reference: https://www.virustotal.com/gui/file/8b1fa0eb55cc733422402c4f0c8553b35d12c6223994014c7d1526b3f42d9dbd/detection

mangero.ga

# Reference: https://www.virustotal.com/gui/file/82b2e983181018e2f465f94ccc98f5eba6b1bcc05e995acd73581e0752901816/detection

monetization.business

# Reference: https://www.virustotal.com/gui/file/a3b724cb276a5554831a05c1a6bfe6117dcfc64f2156222a432a73a4433b4758/detection

u4p9wo4kgybo.top

# Reference: https://twitter.com/petrovic082/status/1331555043024236544
# Reference: https://twitter.com/petrovic082/status/1331555667891679235

neverstdywalkachinese2loneinlifekstfnp.ydns.eu
plugstdytransportationalexpertsystpqb.ydns.eu

# Reference: https://twitter.com/malwrhunterteam/status/1329854744429531143

http://52.30.22.138

# Reference: https://twitter.com/wwp96/status/1329958820865576967

http://198.23.212.152

# Reference: https://twitter.com/wwp96/status/1329982578846294022

http://192.236.178.121

# Reference: https://www.virustotal.com/gui/file/9bfa6dab8f626aae79e70d378eb393c96f3e247c7c4f6919b59167390cb8527c/detection

http://188.165.56.102

# Reference: https://twitter.com/wwp96/status/1330326379041320960

http://194.147.115.117

# Reference: https://twitter.com/bad_packets/status/1330346587126632451

http://134.209.114.117
http://134.209.119.215
http://134.209.208.60

# Reference: https://twitter.com/ebotpoloskun/status/1279805930163576832

opera.tools

# Reference: https://twitter.com/fr0s7_/status/1330828461196382215

45.138.172.81:443

# Reference: https://twitter.com/ffforward/status/1330909939607416840

wheresharrison.com

# Reference: https://twitter.com/InQuest/status/1330810385834909701

d3727mhevtk2n4.cloudfront.net

# Reference: https://twitter.com/Circuitous__/status/1330897299011203072

pars-science.ir

# Reference: https://twitter.com/neonprimetime/status/1330905903562940427

madarjaaatresearchers.blogspot.com

# Reference: https://www.virustotal.com/gui/domain/vicend.com/relations

vicend.com

# Reference: https://twitter.com/Racco42/status/1331002300295471111

productmusics.com/ru53332
thebabsite.com

# Reference: https://www.virustotal.com/gui/file/47560bd7409f20782c6948159602e6427cb1a67e93a7f30ca040cce0445325ca/detection

arvidarena.com

# Reference: https://twitter.com/James_inthe_box/status/1331333447684485120

creditcollectionglobal.co

# Reference: https://www.virustotal.com/gui/ip-address/192.3.141.160/relations

http://192.3.141.160

# Reference: https://twitter.com/MBThreatIntel/status/1331324319482318850

http://104.236.3.116

# Reference: https://twitter.com/malware_traffic/status/1331634103591063552

wheredidmarkmakehismoney.com

# Reference: https://twitter.com/malwrhunterteam/status/1331681023730528256

http://195.3.146.180

# Reference: https://www.virustotal.com/gui/file/a037c15659d91a7555fbd0ec17978c26f7974ea66909c8732629c4a1ec961f14/detection
# Reference: https://twitter.com/0xrb/status/1333957965443842049

205.185.116.78:21
http://205.185.116.78

# Reference: https://www.virustotal.com/gui/domain/servjces.com/relations

servjces.com

# Reference: https://twitter.com/_re_fox/status/1332003798156455936
# Reference: https://www.virustotal.com/gui/file/5190a88dbb595012f2266d9d9a9988bd3d6223cb2283c0807eb13c1e8188bb97/detection

hotfixssearch.com

# Reference: https://www.virustotal.com/gui/file/b858e24eac464afd49d6bf782557f946b03e5e97431a1987b09b0203b5636c97/detection

productsdetails.online
prozipper.s3.eu-central-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/8cad0b2ebf1e7cb466414a1110a01cb41292dbbe51cd9eeac8a54934bafef850/detection

pool090.telepuzz.net
salebooks.xyz

# Reference: https://twitter.com/FewAtoms/status/1332710068421324802
# Reference: https://www.virustotal.com/gui/domain/lgcreditdemo.qnotice.com/detection

lgcreditdemo.qnotice.com

# Reference: https://www.virustotal.com/gui/file/4b2870072af939ead1f2d9288b2375d7b4b162added4598336129661a5840494/detection
# Reference: https://hybrid-analysis.com/sample/af52141206b33929b062784f02d56dd188d5d975f49ea17a5cc81824cdfda845

ahlehup.club
chanchandomain.club
office2010.000webhostapp.com
windowservices9999.000webhostapp.com

# Reference: https://twitter.com/jorgemieres/status/1333417189005799424

bananafish.hopto.org

# Reference: https://twitter.com/jorgemieres/status/1333450508066021381

aogmphregion.org.za

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/

http://46.166.129.235
cq08462.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

semantrus.pw

# Reference: https://twitter.com/malwrhunterteam/status/1333499691674329093

holisticgroup.com.pk

# Reference: https://twitter.com/p5yb34m/status/1333553861617885184

starlitebaby.com

# Reference: https://twitter.com/petrovic082/status/1333753970523779073

hml02.tompingescha.info

# Reference: https://twitter.com/InQuest/status/1333774375452020739

http://149.3.170.235

# Reference: https://www.virustotal.com/gui/ip-address/198.23.212.224/relations

http://198.23.212.224

# Reference: https://www.virustotal.com/gui/file/293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8/detection

canadiantourismroundtable.com

# Reference: https://www.virustotal.com/gui/file/d4b942eb004074adceefa560c30e0a239f5884016ea4fcb981b673099faae31f/detection

wesleydonehue.org

# Reference: https://www.virustotal.com/gui/domain/sertificatkey.com/detection

sertificatkey.com

# Reference: https://www.virustotal.com/gui/domain/update--microsoft.com/detection

update--microsoft.com

# Reference: https://www.virustotal.com/gui/file/87bd17f1e3fd93a6a38896c2a3442b51ccb26715ed411484d77d082cffb1af6e/detection

41ku.cn

# Reference: https://www.virustotal.com/gui/domain/dsa5as.xyz/relations

dsa5as.xyz

# Reference: https://www.virustotal.com/gui/domain/2012yearleft.com/detection

2012yearleft.com

# Reference: https://www.virustotal.com/gui/file/16ce4c75d5a67446000f5859610153e68d0fb2ac248370ee858c693147121ddd/detection

/xccddhttps

# Reference: https://otx.alienvault.com/pulse/5fcb77747ed85445c567eef4

0x21.in

# Reference: https://twitter.com/FewAtoms/status/1335205379416920066

alimar.com.ar/wp-admin/css/files/
alimar.com.ar/wp-admin/js/cat/
alimar.com.ar/wp-admin/js/dev/

# Reference: https://twitter.com/wwp96/status/1335670395157032963
# Reference: https://app.any.run/tasks/5c601d8b-4496-4086-bdcc-f395cc23ada5/

http://142.202.205.28
portuproject.com/distribution/

# Reference: https://twitter.com/wwp96/status/1335674912539897858

http://3.1.221.201

# Reference: https://twitter.com/wwp96/status/1335676464247738375

http://185.172.110.230
http://193.239.147.76

# Reference: https://twitter.com/wwp96/status/1335689190705664001

up.av86.ru

# Reference: https://twitter.com/wwp96/status/1335692396730986500
# Reference: https://app.any.run/tasks/24327b69-4727-4093-8418-3cc8a8080df4/

ddy7itsuemb9i.cloudfront.net

# Reference: https://twitter.com/h2jazi/status/1335723656236904448

http://193.239.147.76
religonclothes.com

# Reference: https://twitter.com/ffforward/status/1335965749681250314

myrilullimolullilomotmoti.blogspot.com

# Reference: https://twitter.com/InQuest/status/1335991456427880450

defencedrod.in

# Reference: https://twitter.com/wwp96/status/1336040234572713984

kalamiksndyonlinedeliverystoreservsnfqm.ydns.eu

# Reference: https://twitter.com/wwp96/status/1336042331385032704

shgshgsndynationalobjindustrialatsngpx.ydns.eu

# Reference: https://twitter.com/wwp96/status/1336046329387212805

tuandat-vn.com

# Reference: https://twitter.com/wwp96/status/1336043695553048578

http://75.127.1.225

# Reference: https://www.virustotal.com/gui/ip-address/107.155.162.25/relations

http://107.155.162.25

# Reference: https://twitter.com/wwp96/status/1336340777681756160

tradestarintl.com

# Reference: https://twitter.com/wwp96/status/1336342382619598853

http://192.3.152.237

# Reference: https://twitter.com/wwp96/status/1336487441214091265

cedeko.ml

# Reference: https://twitter.com/wwp96/status/1336489964343791617

actemviro.com

# Reference: https://twitter.com/wwp96/status/1336833150618652674

http://192.3.146.194

# Reference: https://twitter.com/wwp96/status/1336830110050160640

http://111.90.149.229
http://216.170.126.123

# Reference: https://twitter.com/pancak3lullz/status/1166107213540331523
# Reference: https://app.any.run/tasks/7dff3403-2769-4edc-9452-d7b9745c67ab/

psix.tk
minercoinbox.com

# Reference: https://www.virustotal.com/gui/file/0c3fcc6d9ada66b51fae4890b3c9c5b886bf275a61c78ff3771a02989494ca3e/detection

http://182.254.229.239

# Reference: https://twitter.com/InQuest/status/1336991741237489665

checkinglist.xyz

# Reference: https://www.virustotal.com/gui/ip-address/13.66.50.148/relations

http://13.66.50.148

# Reference: https://www.virustotal.com/gui/ip-address/51.195.53.27/relations

http://51.195.53.27

# Reference: https://twitter.com/FewAtoms/status/1337476320310284288

validserver.com

# Reference: https://tria.ge/201209-rn3xfe8h6x/behavioral1

12.ossmarcial.com

# Reference: https://twitter.com/wwp96/status/1337526249531568129
# Reference: https://www.virustotal.com/gui/domain/m9b4s2.site/relations
# Reference: https://www.virustotal.com/gui/file/51bfce0f95eead416c84e32bef67a407390a1f4147673d7970e9348c6ac4d123/detection

a1711cf.com
m9b4s2.site

# Reference: https://www.virustotal.com/gui/file/992cf8ed168eed107c9cc982aa393c9505f0ff09f47020aa10491953fcfc10a8/detection

lucian0lu1.freeheberg.org

# Reference: https://www.virustotal.com/gui/file/1303a2d7876790af2cc196a816df2261506b157605006e603246b58f09408888/detection

http://148.72.155.40

# Reference: https://twitter.com/wwp96/status/1338464902936207361

http://198.46.132.130

# Reference: https://twitter.com/wwp96/status/1338460606983237638

onedrive.linkpc.net

# Reference: https://twitter.com/InQuest/status/1338544013679407107

http://3.133.107.218

# Reference: https://twitter.com/Circuitous__/status/1338593685383024640

captafill.xyz

# Reference: https://www.virustotal.com/gui/file/ca58a15c71c9af1e6df2ab08787e83b0b457366cec67325532cef64613585d9f/detection

citygame.xyz
hostas8.cf
ickyud.pw

# Reference: https://www.virustotal.com/gui/domain/777cd.info/relations

777cd.info

# Reference: https://twitter.com/wwp96/status/1338890758011621381

http://149.3.170.53

# Reference: https://twitter.com/wwp96/status/1338891457634201600

http://88.119.170.242

# Reference: https://twitter.com/wwp96/status/1338890044346601473

http://88.119.171.197

# Reference: https://twitter.com/wwp96/status/1338891948443185154

rogatech.cf

# Reference: https://twitter.com/wwp96/status/1338897626100617219

http://75.127.1.225

# Reference: https://twitter.com/wwp96/status/1338896638534971396

esquinerosaguilarlerma.com

# Reference: https://twitter.com/wwp96/status/1338894502023585796

mkontakt.az

# Reference: https://twitter.com/jstrosch/status/1338535056567115781

http://18.197.62.51/webdav/

# Reference: https://twitter.com/ffforward/status/1339129811810324483

zoomba619.blogspot.com

# Reference: https://app.any.run/tasks/6b24ab8c-1626-41e1-aa32-39e96fd266d5/

lineagehusband.com/vomvom/ 

# Reference: https://twitter.com/wwp96/status/1339310314786058241

storeafh.com/cc/

# Reference: https://twitter.com/wwp96/status/1339309952083644416

http://54.169.136.76

# Reference: https://twitter.com/wwp96/status/1339311917337370625

wwwwwwwwwwwwwwwwwwwwww.000webhostapp.com

# Reference: https://twitter.com/wwp96/status/1339312596621660167

gulshanti.com

# Reference: https://twitter.com/wwp96/status/1339310657087418368

http://149.3.170.55

# Reference: https://app.any.run/tasks/26522454-b349-42db-9cbe-230b37a3c836/

girlisbad.com

# Reference: https://twitter.com/K_N1kolenko/status/1339470245812170753

berlitz.co.rs/jay/

# Reference: https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
# Reference: https://twitter.com/Bank_Security/status/1339532785489481729
# Reference: https://pastebin.com/gRwiJH5U

http://199.192.29.202
http://2.56.215.97
http://5.39.223.162
http://93.115.23.48
http://94.103.94.186

# Reference: https://www.virustotal.com/gui/file/34115f39a2b1db6239b2ff6d982ae78b275f061ddfcb0ff71117f154225021ef/detection

http://103.68.251.31

# Reference: https://www.virustotal.com/gui/file/a28682ec43abaca0920ab4362392170aa3f6881c09026ccec0f8ded0814a8615/detection

103.68.251.31:443

# Reference: https://twitter.com/Jirehlov/status/1337736389199187970
# Reference: https://www.virustotal.com/gui/file/f13e31ec576bb65350a0bc5e357f4f6755bb2169e035774f63db00fa9a293552/detection
# Reference: https://www.virustotal.com/gui/file/98246ce552da2a37b6b54cc34365c566e319799d9efabef3109d0143a6b13155/detection

103.242.135.138:8426
103.242.135.138:85
http://103.242.135.138

# Reference: https://www.virustotal.com/gui/file/c963869cee95668064ebe88b1cdd6fb0a71da04fa1e397320c6ba862e4a035f1/detection

nik1002.myftp.org

# Reference: https://www.virustotal.com/gui/file/40448a4c3c2fb6587b2b68735fab1137fd677d63e3e9806e4b619d0b9f4f38da/detection

http://198.23.207.5

# Reference: https://www.virustotal.com/gui/file/c3d0c76d8f14f098528be4d1bacdafd4ef566fd10599656363bd9e5dea082200/detection

kdfaty-71.cf

# Reference: https://twitter.com/Abjuri5t/status/1296602545511641088
# Reference: https://www.virustotal.com/gui/domain/managed.oss-cn-beijing.aliyuncs.com/detection

managed.oss-cn-beijing.aliyuncs.com

# Reference: https://www.virustotal.com/gui/ip-address/13.231.151.34/relations

http://13.231.151.34

# Reference: https://twitter.com/Abjuri5t/status/1296602546333720577

chinese2onlyywalkaloneinlifevwsdy17nfa.duckdns.org
latox.ro

# Reference: https://twitter.com/FewAtoms/status/1339961860448276482

http://37.46.150.60

# Reference: https://twitter.com/InQuest/status/1340008788607307778

pickleballreducer.com

# Reference: https://twitter.com/dubstard/status/1340573308530683906

cryberpunk.download

# Reference: https://twitter.com/InQuest/status/1340843122679574528

bb.realestateprivateportfolio.com/img/

# Reference: https://twitter.com/mdmck10/status/1340737115815030785

http://91.241.60.117

# Reference: https://twitter.com/reecdeep/status/1340956488416817152

http://192.227.129.4

# Reference: https://www.virustotal.com/gui/file/50c7c0dce8af82cf62d98e6d8ea3de29bc70969e6614f59c785f2d07c9c7b37b/detection

2ogo.com

# Reference: https://twitter.com/malwrhunterteam/status/1341045175196540929
# Reference: https://www.virustotal.com/gui/domain/google-api-tools.com/relations
# Reference: https://github.com/stamparm/maltrail/pull/13189/commits/507c2880cba1b25816f2b1c0a89b0b2cdc5e5d1b (# Note: Generic detection for root domain)

google-api-tools.com

# Reference: https://www.virustotal.com/gui/file/801a53e427a2c4a33c12a11a1fe78b86461d63efdebb66b1296b0579828ae2c4/detection

222.186.58.168:88

# Reference: https://twitter.com/wwp96/status/1341024457016692736
# Reference: https://app.any.run/tasks/a7a5fc2a-3c22-4c0c-ac75-4947e2de67e7/

http://45.15.143.142

# Reference: https://www.virustotal.com/gui/file/62f94ecca43ed5ba6fad04f5224fbfe0d205b7bc157d347d30023d4383d4d920/detection

sexglam.ru

# Reference: https://www.virustotal.com/gui/file/911b4b3f78de7bad2c9950e8a805cf4bfe9ca58fed213961de61ebd8f92f81ba/detection

19216801.usite.pro

# Reference: https://twitter.com/makflwana/status/1267443715515092993

blaackjack.com

# Reference: https://twitter.com/SolutionsXnotes/status/1173228101850894342

/exploit.c

# Reference: https://twitter.com/makflwana/status/1160545539982647296

http://92.63.104.190

# Reference: https://www.virustotal.com/gui/domain/i.assmio.com/relations

i.assmio.com

# Reference: https://www.virustotal.com/gui/file/3d93f6a19c997ea7b797c2780f529966b5024628c90c87c653b86fa2086098dd/detection

http://81.69.250.97

# Reference: https://isc.sans.edu/diary/26922
# Reference: https://www.virustotal.com/gui/file/3f4ce9fcbe40c1f445aa844e4561346e9ff1cb812a6d8937387a31be7fb88592/detection

http://23.98.155.192

# Reference: https://www.virustotal.com/gui/file/785c2845af631f33fda47b5a0fe5ccb338389b15e028e1ae7fa418d991e2c38f/detection

http://185.186.247.114

# Reference: https://www.virustotal.com/gui/ip-address/140.82.59.108/relations

http://140.82.59.108

# Reference: https://www.virustotal.com/gui/domain/dbjustping.com/relations

dbjustping.com

# Reference: https://www.virustotal.com/gui/file/0f2023858e10724e1d81ebbfeffdef833fcebc3d607854b231cedf71c584e054/detection

http://173.212.222.11
http://178.33.109.235
http://195.88.208.196
http://37.1.199.202

# Reference: https://www.virustotal.com/gui/domain/access-accounts1.com/detection

access-accounts1.com

# Reference: https://www.virustotal.com/gui/file/b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2/detection

http://185.212.130.98

# Reference: https://twitter.com/r3dbU7z/status/1343477277762473989

149.28.70.34:8010

# Reference: https://www.virustotal.com/gui/file/d6d17e18c0f4b031ee76cf75aab7fda9d5b2ca56e1a6c7cf0449832da5846cac/detection

excelcryptocurrency.com

# Reference: https://www.virustotal.com/gui/file/b88f19f533c66e10b6dace4cff1291c048c896ab3a1d2223ace4bb5dcc8b6b60/detection

digitalcurrencyexchane.com

# Reference: https://twitter.com/mdmck10/status/1344031510161207308
# Reference: https://www.virustotal.com/gui/ip-address/91.241.60.119/relations

http://91.241.60.119

# Reference: https://www.virustotal.com/gui/domain/servlce.store/relations
# Reference: https://github.com/stamparm/maltrail/pull/13382/commits/e3caf1c2584a3ec123fdcc3d29915d063bd1a4d4

servlce.store

# Reference: https://www.virustotal.com/gui/domain/facebook8abc.com/relations

facebook8abc.com

# Reference: https://www.virustotal.com/gui/file/cd889a03ea69d14e772e1f0996dedf7fd18cc927de21d40785f5942320e35cd1/detection

http://149.248.6.193

# Reference: # Reference: https://otx.alienvault.com/pulse/5ff06173bf924de2d1a2d2ca
# Reference: https://www.virustotal.com/gui/domain/95hack.cn/relations

95hack.cn

# Reference: https://twitter.com/reecdeep/status/1345411411829260289

ultimcontents.com

# Reference: https://www.virustotal.com/gui/domain/apobypass.com/detection

apobypass.com

# Reference: https://twitter.com/n0p1shing/status/1345338929931825152
# Reference: https://app.any.run/tasks/85f16e5e-2a34-4519-95e3-ccc3308c1f41/

org-2fa.link
org-2fa.org

# Reference: https://www.virustotal.com/gui/ip-address/103.125.191.69/relations

antoinesauvagesqcomcomantoinesauvagesqcomcom.ydns.eu
bennergdfeeaueewwecomssfwbennergdfeeaueewwecomssfw.ydns.eu
dgfiydfdhfjfjfrdgkjttiigifjfjgdehkgdrjcr.ydns.eu
dhprasetyocontinenteightbizdhprasetyocontinenteightbiz.ydns.eu
ehdjhgesydfgsswertdfehkshkslrnjlwneoedss.ydns.eu
ethaisheksanegeusaheeeuahsnedhausenahsyel.ydns.eu
gbisz44qi75kw2ygbisz44qi75kw2ygbisz44qi75kw2ygbisz44qi75kw2y.ydns.eu
twitterlevelsecuritycheckingforwordfiletransferthroughfirewalls.ydns.eu

# Reference: https://twitter.com/reecdeep/status/1346123602547122176

lancosi928.tech

# Reference: https://www.virustotal.com/gui/file/2074ad2dc62a398d62ab1f91d446ca269a4bc1cb5cbd5a677904afbf2d3685e0/detection

trustpilot-scam.com

# Reference: https://twitter.com/malwrhunterteam/status/1346038126263865345
# Reference: https://www.virustotal.com/gui/file/9d09788543b16ee59c469199cb0ef78891d8c66981169f0a6720fda8d4eeff9a/detection

spyinfo.ir

# Reference: https://www.virustotal.com/gui/file/112121c5d7507c7d4fc60949a878cc5e8be7142ea619b7eb870935e67da8046e/detection

kontrolcum.blogspot.com
kontrolcum.blogspot.fr
myjs.me

# Reference: https://www.virustotal.com/gui/file/071d91e67c42811d96d15a4a6dff740cc5d704ca352d9bc03778a2a6abd552f4/detection

rosgaz.pw

# Reference: https://www.virustotal.com/gui/file/e73603c1b24b0962c8bf90b28fcce0b9966c5047b0464a06f506181b142cad5f/detection

foyd.fulba.com

# Reference: https://www.virustotal.com/gui/domain/mannylawfirm.no-ip.biz/detection

mannylawfirm.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/34jkldfs.no-ip.biz/detection

34jkldfs.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/directxex.com/relations

directxex.com

# Reference: https://www.virustotal.com/gui/domain/directxex.net/relations

directxex.net

# Reference: https://twitter.com/r3dbU7z/status/1346566617614979073

http://45.78.65.155

# Reference: https://twitter.com/InQuest/status/1346741373014323205
# Reference: https://twitter.com/ShadowChasing1/status/1346747278279643137
# Reference: https://www.virustotal.com/gui/file/b9b5a9fa0ad7f802899e82e103a6c2c699c09390b1a79ae2b357cacc68f1ca8e/detection

user-assist.site

# Reference: https://www.virustotal.com/gui/file/68d9579fe9d947b15ed590ef5379ead4a16be340391927c8694f30fee9d3c796/detection

outlookcalendar.accesscam.org

# Reference: https://twitter.com/banxen/status/1347059388477960193

onedrive.serveblog.net

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60
# Reference: https://vulners.com/rst/RST:39486282-EB03-3581-9D54-457C2B361DE6

divinestresser.com
divinestresser.info

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60

advwebs.com
bassfredes.cl
hola.besaba.com

# Reference: https://twitter.com/Dr_N0b0dyh/status/1347144725871079425

firenzelavori.lt

# Reference: https://twitter.com/_re_fox/status/1347195124887990276

lib2.md.chula.ac.th/files/

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Ransomware)

dweferfh.trickip.net
mvdalleghenyriver.info
neverbasrmm.com
obession.co.ua

# Reference: https://www.virustotal.com/gui/file/a31deefacf153cf77b115e15cc2904418c9d2cc7f690fc8033dfc9c64dd63ee4/detection

http://94.156.174.121

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Stealer)

babysitter.gen.tr
cast345.webege.com
concordiaeefde.nl
coolnewhairstyles.com
cousintins.net84.net
felixrankin.comlu.com
konterk.com
lmage1.com
msf-supernova.net78.net
uniteti.net
update-silo.com
wiknlon.comlu.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Unknown)

404.mysyncdns.com
alsancakgaming.com
arya-foundation.de
avssync3357.com
bluefile.biz
bluegrassboardwalk.com
brmasteragoravai.com.br
cache.bsqlserver.com
casamentoatualizado.com
catracasepinos.com
cleopatra-ugra.ru
clientescadastrados.inf.br
clockpunchposition.com
comporationssoulll.com
cuxheaveninvestmentltd.com
czonainsit4e.com
data-fold.org
datascrambler.org
decisiondock.com
dnshkjashkd111.ru
down.enumstate.co.kr
drdigitalmd.com
escolagarbi.com
f1rst.name
fcserbiaunited.com
fredkcdekj.me
healthwealthandlifestyle.net
inessa-sweet.ru
ivehtxenoe.ru
jaycees.co.uk
jeannedarc33.fr
juatubatransparente.org
kuept.biz
lausina.org
leakdetecta.com
lecturehearball.com
lion46.ru
lojinha-deroupas.com.br
lux.lv
maschinen.be
mob6d.com
mydear.name
neease.com
netcomlist.com
npp-mehzavod.ru
odontobras.com.br
posterminalworld.la
pubbers.ru
pwikalsel.org
s17.37to.ru
sailcoalition.org
semimonster.net
ss77.37to.ru
surfband.info
theedgeman.co.za
toto39.zz.mu
twink-img.cf
webplayproduct.com
winhelp.25u.com
wireandwoods.ru
wrstecnologia.16mb.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# vbv grabber)

injected.cc

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# az7/az7v2)

brigadiramoon170.com
combonicer300.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# carbon grabber)

alliedmindstorm.com
azfarsaffron.com
cambraine.eu
chipet01.tk
eurotsl.com
financesmanager.tk
frostite.biz
grabbah.biz
icewire.info
masterminder.in
microsoftntdll.com
rasakltd.biz
rcheli.fh.net.nz
sheried.com
staboiobo.tk
tatuajesudaka.com.ar
turkeyfunds.org
virontonic.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# dendroid)

aaictlogistics.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# exodus)

ursu.hol.es

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# grid)

onetimes27s.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# jolly roger)
# Reference: https://www.virustotal.com/gui/file/6cb4102b551dd0c4be7677afb44d45a470643569f60356d479f30ad89f549528/detection
# Reference: https://www.virustotal.com/gui/file/30c1db5380e3d0eabbbc98743f383efdb81f5fc5e57cd0b33d966183fe02bb09/detection
# Reference: https://www.virustotal.com/gui/file/1561602f741e66c11f6983e2d8bba0ae02f83254c417829e6ec76a209d7940ed/detection

miluashikguer.ru
veisturbharbo.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# solar)
# Reference: https://www.virustotal.com/gui/file/8967dcaa77c6fa973e98d90e59ad0537ccf3e707641d4713067c4fb94345eb99/detection
# Reference: https://www.virustotal.com/gui/file/cd7820a08e7c82332ad4af643dd5fd76ddf7477792bea55f371969297655a7a9/detection

beriwiwo.info
dimoninfosys.org.in
glavimar.com
h63302.srv4.test-hf.ru
icewire.info
joker11.funpic.de
kasvatus.org
kvsvalves.com
mylondon.hc0.me
mysoul.olympe.in
solar.olympe.in
travelagentinbangkok.com
viewbot4lyfe.info
warface-aim.7jn.ru
wildnativebulbs.co.uk

# Reference: https://www.virustotal.com/gui/domain/fasunshi.com/relations

fasunshi.com

# Reference: https://www.threatcrowd.org/domain.php?domain=autoimagehosting.info
# Reference: https://www.virustotal.com/gui/domain/autoimagehosting.info/detection

autoimagehosting.info

# Reference: https://twitter.com/jorgemieres/status/1347251993304305665

doggofallingwater.000webhostapp.com
nk125srv.000webhostapp.com

# Reference: https://twitter.com/jstrosch/status/1347225282290319361
# Reference: https://www.virustotal.com/gui/domain/file.discountmonumentcenter.com/detection

file.discountmonumentcenter.com

# Reference: https://twitter.com/r3dbU7z/status/1347527548977242116
# Reference: https://www.virustotal.com/gui/file/22cda3e68d6e09d3ba14b57b336dfc73c39d8dc86986aed3f90761da2cbc1637/detection

185.193.126.229:4430
185.193.126.229:81

# Reference: https://www.virustotal.com/gui/domain/leatherbond.top/relations

leatherbond.top

# Reference: https://www.virustotal.com/gui/file/c86ceb78c8aa8ecb5e96f7d44a8c593ef2c310102189366d4c0d35e80c0115c9/detection

skincrawling.top

# Reference: https://twitter.com/malwrhunterteam/status/1347995679419990017

hosting001.online

# Reference: https://twitter.com/r3dbU7z/status/1348015427541151745
# Reference: https://www.virustotal.com/gui/file/f7a8d3fb89711f208f281c267ed8dd647cda207ecb514d37892b56a0ddafbe9a/relations

180.215.224.150:8800
211.23.167.155:8800

# Reference: https://www.virustotal.com/gui/file/0ef5cfcbaa05ba4beffc96127de3eb89ab2eb98bc5c8ee336dd2290391481e70/detection

crypto-server-download.xyz
crypto-server-download11.xyz
crypto-server-download48.xyz

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-01-08-IOCs-from-Ave-Maria-RAT.txt
# Reference: https://www.virustotal.com/gui/domain/lankarecipes.com/detection

lankarecipes.com

# Reference: https://twitter.com/Jirehlov/status/1347855866473533442

http://124.132.153.147

# Reference: https://twitter.com/ANeilan/status/1348361310279503879
# Reference: https://www.virustotal.com/gui/file/a41e9786e52fb3009f9c3322bca19e600a7f46689f36893a0564e382555fe4c6/detection

payment.unior.club

# Reference: https://www.virustotal.com/gui/domain/abbtv.xyz/detection

abbtv.xyz

# Reference: https://www.virustotal.com/gui/domain/mmakd.xyz/relations

mmakd.xyz

# Reference: https://www.virustotal.com/gui/file/8bbd83f12f7804f61406c18fe7d6636a339bb165e641297d1f6cf9233adb5060/detection

http://107.150.57.11
http://46.8.196.121
103.39.210.144:808
120.55.57.162:7890
154.8.232.200:4199
219.150.218.154:808
222.186.20.19:7777
222.187.239.147:23113
222.187.253.62:23001
39.98.228.46:2653
47.116.10.26:6663
61.150.60.243:6666
61.150.60.243:7777

# Reference: https://www.virustotal.com/gui/ip-address/47.52.143.174/relations

http://47.52.143.174

# Reference: https://twitter.com/Timele9527/status/1348520495935746051

cdndownload.buzz

# Reference: https://twitter.com/FewAtoms/status/1348676914681155586

http://217.12.208.14

# Reference: https://www.virustotal.com/gui/file/9b415dfdaf6474e998fc50015cad5d6934a3a04d142faa738154c259549617a9/detection
# Reference: https://www.virustotal.com/gui/file/a8b69953479d28ee656a49ce845a537de65a3f0979f3a0ed8f942c98f4904bfe/detection
# Reference: https://www.virustotal.com/gui/file/4f4bbf2e00eff20888ab3894cddd0162a9bc8b6b5f298a38ef2c954902018ca0/detection

http://23.224.244.121
http://23.224.244.5
http://79.143.52.19
steam6.top
steam7.top
steamli.top

# Reference: https://www.virustotal.com/gui/file/eaa14ff5cdf3ec428bd1b0c2689272996741a4c93f3c1289934057c3c5cafc78/behavior/VMRay

xpackmx.com

# Reference: https://www.virustotal.com/gui/file/4db81f8f21f532139ba706ae5fb908432a1e3e15aaecd04341e57fb93f3ef20f/detection

http://46.17.98.51

# Reference: https://www.virustotal.com/gui/file/3be32a006912e45ce426ae829b8bbc6c752e3e07de138aaab40da0744e3b51ad/detection

aitlsbh.com
dreamtrips.cheap
fasterpdfinstall.xyz
fasterpdfreader.xyz
gvkufab.com
test-offer.best

# Reference: https://www.virustotal.com/gui/file/a6264de41b4d2ad578a3ec5e082b621dcbf3b716e9bbe86f66682d785c7fc476/detection

http://45.140.146.29

# Reference: https://www.virustotal.com/gui/file/54be747b380c5749630578aa34579ae6492ee28471facc97d8da0555510d0f46/detection

vu505cluster.com

# Reference: https://www.virustotal.com/gui/file/c4275b08193c896015c7bcda2a4e0d940331b0806c6b32a68e32acbf78988075/detection
# Reference: https://www.virustotal.com/gui/file/55d904b83f04acb4118df9b2bd3ebbd44b9553b0aabcfff7b68d674ddb6052cc/detection
# Reference: https://www.virustotal.com/gui/file/9c699791059e57ac887086c0673d47d1a81c587b2c16585c8e80d1a831857feb/detection

vqvm656stem.com

# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.32/relations
# Reference: https://www.virustotal.com/gui/file/36915aa4b4269e31b0ade1b4cb6df4c4edcd1554ecd5e886a0926e9437d676cd/detection
# Reference: https://www.virustotal.com/gui/file/992dc59ba7124aae9761d280deed3ec381be7c1379538722687a40573a48f470/detection

jih465flash.com
xwfluid5.com

# Reference: https://twitter.com/jstrosch/status/1349014099074691073

http://185.81.157.186

# Reference: https://www.virustotal.com/gui/file/f54ee6761ddbc05ab6245ee2afb2cc725ab60c9d3f32836709c4973b565d60f2/detection

testedpo14.temp.swtest.ru

# Reference: https://twitter.com/Circuitous__/status/1349388642704306182

computer-compare.com

# Reference: https://twitter.com/ffforward/status/1349380856926887939
# Reference: https://www.virustotal.com/gui/file/288fdf9c64da0251107df7f1c3283f328279ad581710a9cf71f67e53b0b1684d/detection

anabolicsteroidsbuy.info

# Reference: https://twitter.com/ffforward/status/1349740103711690755

allanabolicsteam.net

# Reference: https://twitter.com/FewAtoms/status/1349413756938412034

palettas.pe/docs/

# Reference: https://twitter.com/jorgemieres/status/1349410241218293760

http://18.195.87.136

# Reference: https://twitter.com/jorgemieres/status/1349408300006318081

http://198.23.207.63

# Reference: https://twitter.com/IronNetTR/status/1349830343105384451

aaavanca.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1349999369727188992

cronogare.it/backoffice/

# Reference: https://www.virustotal.com/gui/file/647d6ecbbe14fb46a87ae8bab37f55e9983232f484bb2b3ee94ed47834f5c437/detection
# Reference: https://www.virustotal.com/gui/domain/c541f5d439a359.xyz/detection

c541f5d439a359.xyz

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/infolooks.org/relations

infolooks.org

# Reference: https://www.virustotal.com/gui/domain/24131192124.com/relations
# Reference: https://www.virustotal.com/gui/file/408e3af5590c712608c452b01b6eadea1f444dacbf080aac22e96b24a6e1696e/detection

24131192124.com

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/cantvenlinea.biz/detection

cantvenlinea.biz

# Reference: https://www.virustotal.com/gui/domain/handjobheats.com/detection

handjobheats.com

# Reference: https://www.virustotal.com/gui/file/02131c8c30c6852ea1094661960d8cd697e014c2327582b9bbfc8440100d08ef/detection

http://198.61.176.52
diamondhostess.hu

# Reference: https://www.virustotal.com/gui/domain/rekurigo.com/detection

rekurigo.com

# Reference: https://www.virustotal.com/gui/domain/ohtheigh.cc/detection

ohtheigh.cc

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

allamericanservices.name
cinnamyn.com
commandcenteral.info
elitemarketingworld.net
enemydont.net
givemefilesnow.info
msnsolution.nicaze.net
myharlemshake.info
rsakillerforever.name
saltsecond.net
scari-elegante.ro
sellsmall.net
silobiancer.com
southblood.net
stylefun.info
twinkcam.net
wheelreply.net

# Reference: https://www.virustotal.com/gui/file/e08fa2a4784d4a0382715aaf43974f39ad70148dc9526d2beef7bb7736c4f413/community

http://67.23.226.179

# Reference: https://www.virustotal.com/gui/file/40e52901b36981803ed70fdb38a78537aa03658ecd8b17c9797f92b7b135d955/detection

http://95.216.86.40

# Reference: https://www.virustotal.com/gui/file/b6a2ce88e1d3934095418787dddd851a4d5cd073cbcba575d5c7d707f612610e/behavior
# Reference: https://mreza.bug.hr/upozorenje-iz-nacionalnog-cert-a/

dalitecnoimagen.cl

# Reference: https://www.virustotal.com/gui/file/94378919a54c15a4600c728d4833ae00888b91cf15460789a475220875d7b804/detection

alaminbank.com
prism-photo.com/private/

# Reference: https://twitter.com/malware_traffic/status/1351631078549811203
# Reference: https://www.virustotal.com/gui/file/18cf2e39efca29316e84dab1be885a77c600c40d6bb65cd016b6de9d3fd0a6da/detection

alumaicelodges.com

# Reference: https://twitter.com/jorgemieres/status/1351522552733118466

stdyunitedkesokostri.dns.navy

# Reference: https://twitter.com/jorgemieres/status/1351525948999524353

chthreemndyrecantict.dns.navy

# Reference: https://twitter.com/r3dbU7z/status/1351651516806033415

http://106.12.103.181

# Reference: https://www.virustotal.com/gui/file/23d44019cd825eb28cafa67427f3588bd758f3cccca4db02e5e7fb151c1c8d2c/detection

biggames.club
dealbigdata.com
souffity.com

# Reference: https://twitter.com/jstrosch/status/1351927504739721217

cornelluniversityblog.com/docxx/

# Reference: https://twitter.com/jstrosch/status/1351925534582845441

k-t.icu

# Reference: https://www.virustotal.com/gui/file/864d4f206e8dc5ece44c26f9b8718c1bfa6d28ea46db724aac90b56c8412da5e/detection

fed58f43246844b18d00fb0177352546.download

# Reference: https://twitter.com/FewAtoms/status/1352324221964320768

tunedinblog.com/wp-includes/

# Reference: https://labs.k7computing.com/?p=21489
# Reference: https://otx.alienvault.com/pulse/6009baded35a4f4b25a2ab13

ultracams12.club

# Reference: https://twitter.com/James_inthe_box/status/1352351718172839939

http://207.148.110.29

# Reference: https://app.any.run/tasks/def4f45c-39c6-469f-9175-c32a858788a6/

toteteca.com/qzkiodlofm/

# Reference: https://twitter.com/James_inthe_box/status/1352628742137339904

ampcserver.fun

# Reference: https://twitter.com/jstrosch/status/1352394044593344515

http://209.250.243.243

# Reference: https://twitter.com/FewAtoms/status/1352663042677469185

http://91.219.61.224

# Reference: https://twitter.com/FewAtoms/status/1352684696963076096

minishop.in

# Reference: https://www.virustotal.com/gui/file/2455e7923f03a13f4ecd1c5f4fedbd9095745387581474bb00a824db014d3c5a/detection

http://185.87.48.255

# Reference: https://www.virustotal.com/gui/file/ed7605a922982e18877fd8c0624880b836ebc1ab190634a07a3cd7c397e856d0/detection

23.113.62.37:5050
bopper.myftp.biz

# Reference: https://twitter.com/malwrhunterteam/status/1353614069970956289

testing001.online

# Reference: https://www.virustotal.com/gui/domain/noabuseshere.top/relations

noabuseshere.top

# Reference: https://www.virustotal.com/gui/domain/radrile.xyz/detection

radrile.xyz

# Reference: https://www.virustotal.com/gui/domain/infoforip.ru/relations

infoforip.ru

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

http://185.215.113.77

# Reference: https://www.virustotal.com/gui/domain/oldhorse.info/relations

oldhorse.info

# Reference: https://www.virustotal.com/gui/domain/properrty.co/relations

properrty.co

# Reference: https://www.virustotal.com/gui/domain/anonfriendz.club/relations

anonfriendz.club

# Reference: https://twitter.com/James_inthe_box/status/1354089522192027650

workedgames.com

# Reference: https://www.virustotal.com/gui/domain/br0vvnn.io/detection

br0vvnn.io

# Reference: https://twitter.com/jorgemieres/status/1354149316781338627

racoonestlehomia.myq-see.com

# Reference: https://twitter.com/phage_nz/status/1354282467344011267

http://23.227.207.253

# Reference: https://www.virustotal.com/gui/domain/9dd.fun/detection

9dd.fun

# Reference: https://www.virustotal.com/gui/domain/skiascripts.xyz/relations

skiascripts.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1355168209360605184
# Reference: https://www.virustotal.com/gui/file/5a099571b1ff22edbe4621c60def5d597a644771a02f5c179c73596d33efb8ff/detection

terminist-journal.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a0dd2634f6aa14f23b98f638cd0c20968e958da8e871b2998c729d727cef96a9/detection

f0507215.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/host-serv.xyz/detection

host-serv.xyz

# Reference: https://www.virustotal.com/gui/domain/axofiles.xyz/detection

axofiles.xyz

# Reference: https://www.virustotal.com/gui/file/baec9d73487e85c2bdd78b6ae43abaa6a7fec4b969d92b14427e8aca0510a24b/detection

http://206.189.10.3

# Reference: https://twitter.com/InQuest/status/1355189037800296448

averagetry.com

# Reference: https://twitter.com/ps66uk/status/1355324203935952906

maponlinedata.com

# Reference: https://app.any.run/tasks/9f3895b5-6ae1-4ac1-b829-b50202985e3d/

http://108.61.166.11

# Reference: https://twitter.com/James_inthe_box/status/1354805574009929728

raybals.com

# Reference: https://www.virustotal.com/gui/file/766f508d50681caad9a701739c6bd674f4d9a927fb456fbb31bb51339dc0a299/detection

f0471847.xsph.ru
fooolllmmmink.cf
free-fililink.cf
frhhjjkililink.cf
frmnbcccclilink.cf

# Reference: https://www.virustotal.com/gui/file/6267a0f2ff1e405781beb5dcc13edf5758b442a4ee3f2016c86fecd62d688984/detection

a0147726.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7349a38e86e15451fd5824ad6c7cbb4e3f0c8a64b6c6ff87c37e8aeb44749291/detection

a0015919.xsph.ru

# Reference: https://www.virustotal.com/gui/file/62ce555d314f8a9fdfc98c301956a5e25a131f81683e9d2ef4feef6069c199c6/detection

a0152338.xsph.ru

# Reference: https://www.virustotal.com/gui/file/84ff0210b2a3dd67d3820f82f7097ae76675135f024079f63fb9f3d94cf1d874/detection

a0015919.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0e0c098b2a80d96f20fe4e2c62340c0ed75c2824dcaae29101d6d18deb7b56b3/detection

vanhook.re.xsph.ru

# Reference: https://www.virustotal.com/gui/file/955ac138813f479f8967543a81a061ec6c7f59f03631e8b411b5fa43ff4e6841/detection

f0174408.xsph.ru

# Reference: https://www.virustotal.com/gui/file/65ef93a98ea402a80db39265b41d5b88d673cd11f777bca94c2f1c7efc167c02/detection

a0088485.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e9ad54075ca514fbe5588b0d236bf655c136ba436867b9c2a8bd1938254b6203/detection

f0468736.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1355510402696810496

91.208.245.201:443
oooooooooo.ga

# Reference: https://www.virustotal.com/gui/domain/uufjffff.com/detection

uufjffff.com

# Reference: https://www.virustotal.com/gui/domain/ujkhhss.com/detection

ujkhhss.com

# Reference: https://www.virustotal.com/gui/file/b6fb5968697e26a6830c75ec264b0ed8f5f9adc95539331312b22635ce450342/detection

http://107.191.60.7
http://86.106.181.170
http://192.145.37.92
http://193.38.55.126

# Reference: https://www.virustotal.com/gui/domain/sinkhole.dynu.net/relations

sinkhole.dynu.net

# Reference: https://www.virustotal.com/gui/file/48dd0ff9cbcca03ff1457c3077fbba54d7f1d149a486810ae0ab5e8258dd6334/detection

ct-fr.icu
rohingyaedu.com
vipmerchantclub.com

# Reference: https://www.virustotal.com/gui/file/9fad915c3704ffb4cfb5e04759eab8249d12e95614d9aecc51d15f459e42d6ae/detection

almanamatyping.com

# Reference: https://www.virustotal.com/gui/file/49f0000f0f1f3369ae15766abc375a209fdddd10b5393c3cb046095f0673d077/detection

314809.linkpc.net

# Reference: https://www.virustotal.com/gui/domain/lifamyminaylio.linkpc.net/detection

lifamyminaylio.linkpc.net

# Reference: https://www.virustotal.com/gui/file/6be15d873eae741bd6ffcc3ca63b4c63663b6dc56309a3a71fd31f4ba2503d06/detection

f0491970.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1355907013344157701

http://193.239.147.32

# Reference: https://twitter.com/James_inthe_box/status/1356280129433976833

http://213.252.244.176

# Reference: https://twitter.com/malwrhunterteam/status/1356609023903207425

http://185.96.204.96

# Reference: https://www.virustotal.com/gui/file/d23a96b27a385fec7eef04f0b312feda253e24275c160d8cc38c2b1c39e9c5b1/detection

f0507215.xsph.ru

# Reference: https://twitter.com/James_inthe_box/status/1356619450892443648

http://3.34.179.142

# Reference: https://twitter.com/FewAtoms/status/1357021854859481088

globalteamacademy.com/epl/

# Reference: https://twitter.com/malware_traffic/status/1357058816580403202

uzelkapi.com/de/getappsr.php

# Reference: https://twitter.com/felixaime/status/1357266579197747202

telegram-desktop.org

# Reference: https://app.any.run/tasks/ba7cf487-6808-46e0-b158-ef0ad557f564/
# Reference: https://www.virustotal.com/gui/file/c7549861d8f422becc0778bdf16abc1942f86980db9e5400da33e6b571c9d132/detection
# Reference: https://www.virustotal.com/gui/file/a66300ce5da480b81f3eda678599ac02f61745f674e6aa4ecd5ac833414b2b6d/detection

http://149.248.58.116/GruntHTTP.exe
http://149.248.58.116/en-us/docs.html
http://149.248.58.116/en-us/index.html
188.138.125.235:8001
candy.fairuse.org
help.mm.my

# Reference: https://twitter.com/InQuest/status/1357315169228054528

thephotographersworkflow.com

# Reference: https://www.virustotal.com/gui/domain/waiiiu.myftp.biz/detection

waiiiu.myftp.biz

# Reference: https://twitter.com/malwrhunterteam/status/1357336725299687431
# Reference: https://www.virustotal.com/gui/file/3ef56060c529149b8f12a7a6e3f5ac8aa1ae62b75f440e4bb7bce54090995002/detection

zapptelecom.ro/virusi/

# Reference: https://twitter.com/reecdeep/status/1357614966505938946

richelon.in/NewEx/

# Reference: https://twitter.com/petrovic082/status/1357635267209949186

http://185.215.150.204

# Reference: https://twitter.com/r3dbU7z/status/1357647150008717312

http://212.83.46.50

# Reference: https://www.virustotal.com/gui/domain/megaproxy.no-ip.biz/detection

megaproxy.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/iclox.no-ip.biz/detection

iclox.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/ozdmbn.no-ip.biz/detection

ozdmbn.no-ip.biz

# Reference: https://twitter.com/FewAtoms/status/1358124211244388352

http://91.214.124.206

# Reference: https://app.any.run/tasks/0f3512db-f11b-4695-b8c2-1df1132541c9/

f0511508.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1358821174365536257

callonenergy.com

# Reference: https://www.virustotal.com/gui/file/8132e2f1329ecad662612d43f8ad59efb63be955f142846da59b03c937c5d47d/detection
# Reference: https://www.virustotal.com/gui/file/6a6644a4916a1ba1b7853e4a8caad85ce15fe5221d26be6ef64145cbf90554c4/detection

blockfweb.xyz
cryptobstar.xyz
moneyohome.xyz

# Reference: https://www.virustotal.com/gui/file/c0e1d62205f83706500559e74a4f8d151cade697ada9147339e1b558c1256152/behavior/Dr.Web%20vxCube

jdcaip88.com

# Reference: https://twitter.com/FewAtoms/status/1359179536177520642

morrislibraryconsulting.com/favicam/

# Reference: https://twitter.com/FewAtoms/status/1359576193931108353

hosting1.nl.hostsailor.com/~frostdel/miratechs.ml/
hosting1.nl.hostsailor.com/~frostdel/file/
miratechs.ml

# Reference: https://twitter.com/malware_traffic/status/1359585588240875529

backupez.com

# Reference: https://urlhaus.abuse.ch/url/987877/

devharry.cc

# Reference: https://www.virustotal.com/gui/domain/ayehosting.online/detection

ayehosting.online

# Reference: https://www.virustotal.com/gui/ip-address/91.241.60.117/detection

http://91.241.60.117

# Reference: https://www.virustotal.com/gui/ip-address/91.241.60.119/detection

http://91.241.60.119

# Reference: https://twitter.com/James_inthe_box/status/1359606553251205123
# Reference: https://twitter.com/James_inthe_box/status/1359981854351233024

sec-doc-w.com
secure-doc-reader.com

# Reference: https://twitter.com/jstrosch/status/1359745151263010816

catuexpress.com/vendor/psy/psysh/.phan/346789/

# Reference: https://twitter.com/mz_malhunt/status/1359845176496119815

tunedinblog.com/wp-includes/

# Reference: https://twitter.com/jorgemieres/status/1359948105819512837

tienesganas.com

# Reference: https://www.virustotal.com/gui/file/6441fa3baa187ec779d0a82c5ed64c432f0b919587ea9cfd5cf178cfd2525296/detection

exceldoggy.ddns.net

# Reference: https://twitter.com/r3dbU7z/status/1360099550770397186

154.222.26.86:8080

# Reference: https://twitter.com/r3dbU7z/status/1360088958315675650

35.180.24.224:8800

# Reference: https://twitter.com/FewAtoms/status/1360300953031868423

homefindersolutions.com/wp-includes/js/tinymce/themes/inlite/

# Reference: https://www.virustotal.com/gui/file/052bd14bbab4e77bd52086a405b30e8bfa210e6820549cb69217333e32184a28/detection

kaceg.system-ns.org

# Reference: https://www.virustotal.com/gui/file/fc90bce036ffeae2b9903efbd20738b66e62c1893db65f088896821f3bfc536a/detection

dynacom.system-ns.org

# Reference: https://twitter.com/jnzzzzzzzz/status/1360952141838483460

http://49.247.133.43

# Reference: https://www.virustotal.com/gui/domain/gatsoed9.beget.tech/relations

gatsoed9.beget.tech

# Reference: https://www.virustotal.com/gui/file/d0824c901433756206ef5f12dcef99d3f79c72b1fe39752431088ab501eacfb4/detection

a0148155.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1361362640837181442

http://103.124.106.203

# Reference: https://twitter.com/ffforward/status/1361387603405250570

http://45.153.203.54

# Reference: https://twitter.com/jorgemieres/status/1362047793825742857

bingoroll2.net

# Reference: https://twitter.com/K_N1kolenko/status/1362335530554392577

tuckermolybdenum.com

# Reference: https://twitter.com/r3dbU7z/status/1362325016411598850
# Reference: https://twitter.com/0xrb/status/1362383360614535173

http://209.141.40.190
http://212.114.52.24

# Reference: https://twitter.com/FewAtoms/status/1362460537544712192

http://65.0.55.192

# Reference: https://twitter.com/r3dbU7z/status/1362470073500336136

65.207.115.215:81

# Reference: https://twitter.com/InQuest/status/1362523760264413184

http://5.39.217.221

# Reference: https://www.virustotal.com/gui/file/1b21f8241014259f89da2bf1f1ed762f58ddfb965abd1081ca7a6c3b85a3bb73/detection

http://91.212.150.4

# Reference: https://www.virustotal.com/gui/domain/baiden00.ru/detection

baiden00.ru

# Reference: https://twitter.com/InQuest/status/1362997336058789891

http://202.182.97.102

# Reference: https://www.virustotal.com/gui/file/ee8242140b95b142635d71a6875f117a037750f944eca2593a2b333d0880c5c6/detection

http://39.100.119.17
http://39.97.238.208

# Reference: https://www.virustotal.com/gui/file/b76e941ca7f16828d6c0b3ecd44cde7b56b9b3a73d590396e8917e773c4e872a/detection

123.129.162.4:92

# Reference: https://twitter.com/FewAtoms/status/1363158398364233736

http://54.238.74.62

# Reference: https://twitter.com/jfslowik/status/1363261947622264832

covidappcolumbia.co

# Reference: https://www.virustotal.com/gui/file/9e081e12740f807d5b60f13ecb8c1a5d8ec6c287caf28438291bd75450eed207/detection

astatech-cn.com

# Reference: https://twitter.com/BushidoToken/status/1363179073514713091

bulletin-covid-19-21.gr8.com

# Reference: https://twitter.com/whitehoodie4/status/1363815950915674114
# Reference: https://www.virustotal.com/gui/ip-address/185.56.81.52/detection

http://185.56.81.52

# Reference: https://twitter.com/ANeilan/status/1364092577759301633
# Reference: https://www.virustotal.com/gui/ip-address/91.234.99.251/relations

http://3.21.80.19/index.php
onedrivedocumentserver.tk
onedrivedocumentserver1.tk
onedrivedocumentserver2.tk
sharedocumentlogino.tk
sharedocumentlogino1.tk
sharedocumentlogino10.tk
sharedocumentlogino11.tk
sharedocumentlogino12.tk
sharedocumentlogino13.tk
sharedocumentlogino14.tk
sharedocumentlogino15.tk
sharedocumentlogino16.tk
sharedocumentlogino2.tk
sharedocumentlogino3.tk
sharedocumentlogino4.tk
sharedocumentlogino5.tk
sharedocumentlogino6.tk
sharedocumentlogino7.tk
sharedocumentlogino8.tk
sharedocumentlogino9.tk
sharepointdocumentloginnnn.tk
wqueiuqiwyeiuqhej.tk

# Reference: https://twitter.com/wwp96/status/1364234421755400195

http://51.103.136.92

# Reference: https://twitter.com/wwp96/status/1364236730853908484

sn0w.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1364270785041477638

http://173.234.25.78

# Reference: https://twitter.com/TeamDreier/status/1364290892681670662
# Reference: https://www.virustotal.com/gui/domain/gcleaner.pro/detection

gcleaner.pro

# Reference: https://twitter.com/FewAtoms/status/1364301935344508929

http://35.158.240.78

# Reference: https://twitter.com/executemalware/status/1364373989049524226

bearcatpumps.com.cn/css/

# Reference: https://twitter.com/jorgemieres/status/1364597773547503619

http://198.46.132.132

# Reference: https://twitter.com/jorgemieres/status/1364605915689811976

http://35.158.240.78

# Reference: https://twitter.com/wwp96/status/1364610565977632774

angeloberger.com.br/foz/

# Reference: https://twitter.com/wwp96/status/1364615685368930312

http://192.227.228.31

# Reference: https://twitter.com/reecdeep/status/1364619740665290754

http://139.162.190.64

# Reference: https://twitter.com/jorgemieres/status/1364595653012250626

igbrusureweb.com

# Reference: https://www.virustotal.com/gui/file/b2d39601b105baa7c00f67c4bf44005efa090acbab06566f2f06be092d9b9934/behavior/Rising%20MOVES
# Reference: https://www.virustotal.com/gui/file/9d0713a2a2b239fa186e0efde12fa7ceb6c87f8bdda62f69de0b1f60c6c07062/behavior/QiAnXin%20RedDrip

free-documents-hosting.com

# Reference: https://twitter.com/mz_malhunt/status/1364903491559247874

lawsoncontractingco.com/feb/

# Reference: https://twitter.com/wwp96/status/1365401963974828033
# Reference: https://app.any.run/tasks/e54e94c6-88cd-48dd-928f-370b5f504725/

http://134.119.186.216

# Reference: https://twitter.com/malwrhunterteam/status/1365409338194620423

domen2domen.xyz

# Reference: https://www.virustotal.com/gui/file/913bcc1d12ea2bc1bcda2e597a309cbf5dc0b5ed120d0522e8b4dc6e6a4bc36f/detection

208.100.26.242:5658
52eva.top

# Reference: https://twitter.com/petrovic082/status/1365595109547507712

http://103.212.180.246

# Reference: https://www.virustotal.com/gui/file/559b4e5c518601cfad167c4097a54c4e19664f591828c316281c929f6933ea3e/detection

http://209.99.64.76

# Reference: https://twitter.com/petrovic082/status/1366304689839628288

graficamos.cl/spurs/

# Reference: https://twitter.com/wwp96/status/1366427647023144963
# Reference: https://app.any.run/tasks/dd0eaf44-a938-483a-9321-562dde3f5e6d/

http://144.202.41.66

# Reference: https://twitter.com/wwp96/status/1366431371904835587

landing.yetiapp.ec/ID3/

# Reference: https://twitter.com/wwp96/status/1366435448751607812

telmed.cl/Img/

# Reference: https://twitter.com/InQuest/status/1366607930263560203

markets.kintengra.com

# Reference: https://twitter.com/wwp96/status/1366840097719652359

hk-chemlab.com/plugin/

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

dream.pics

# Reference: https://twitter.com/petrovic082/status/1367038533421195264

http://5.206.227.81

# Reference: https://www.virustotal.com/gui/domain/ns-plugin.site/relations

ns-plugin.site

# Reference: https://www.virustotal.com/gui/file/a39101be3baa880542bb0df63a7fec181abf8faa1f90070fe81e96ef07d9e205/detection

dvr-zone1.accesscam.org
reverse-zonev1.3utilities.com

# Reference: https://www.virustotal.com/gui/file/0114db489995c0362d5dfde14f62aee3a2610db147e72ac3c77b1bcc270ef5f5/detection

freefud.inf3rn0.com

# Reference: https://twitter.com/InQuest/status/1367241459225747464

docs.healthmade.org

# Reference: https://twitter.com/ViriBack/status/1367289094817128454

yertuit.club

# Reference: https://twitter.com/InQuest/status/1367380952482279425

10feeds.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1367397951237160964

http://195.123.219.72

# Reference: https://twitter.com/reecdeep/status/1367445802096984064

http://91.235.129.235

# Reference: https://twitter.com/pmmkowalczyk/status/1367509082349912064

jsw.co.id/system2/

# Reference: https://twitter.com/pmmkowalczyk/status/1367503173200543747

http://46.21.153.231

# Reference: https://twitter.com/FewAtoms/status/1367540093569945602

covid19vaccine.hopto.org

# Reference: https://www.virustotal.com/gui/file/a29b3da91b4ebfe9d0874b9b18e3f8b41cc33a79baf488b3255770e8fb4778b0/detection

f0439583.xsph.ru

# Reference: https://www.virustotal.com/gui/file/5f9956be22d0e2627be47340fc391d919bed1b319d5a0203a28423eb523bed1b/detection

f0492922.xsph.ru

# Reference: https://www.virustotal.com/gui/file/8484a7a2ead6abc20fae7bb2db2714fa0e9f5544dd1484e2774a472d4bae35e7/detection

f0429164.xsph.ru

# Reference: https://twitter.com/petrovic082/status/1368147317413584900

http://91.200.103.83

# Reference: https://twitter.com/petrovic082/status/1368148843645304835

http://46.21.153.231

# Reference: https://www.virustotal.com/gui/file/ee2998f27a6937faa8662e072b45019d4b28d0e38a3f8c370e4c264f06e98710/detection

f0481686.xsph.ru

# Reference: https://www.virustotal.com/gui/file/2b5926f4aeff3e664d8e208e4269ae3219bd5640cb5322fd40a853421f91c552/detection

f0491418.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e75604af8e04d83a554b66fd24829c8973b68d2ec2d675135f487a599df26f73/detection

f0516527.xsph.ru

# Reference: https://www.virustotal.com/gui/file/eb73f9e527176f06ca1c1b8c9f02d2b1e66506fd4837c7ea6b3379061d0a96d0/detection

f0508564.xsph.ru

# Reference: https://twitter.com/reecdeep/status/1367089557884272649

http://195.54.162.59

# Reference: https://www.virustotal.com/gui/domain/shalala.niex.cc/relations
# Reference: https://www.virustotal.com/gui/file/6668d533afe1260195b5caae022b47e9ae9e0f39646e9be080298f07729ba533/detection

shalala.niex.cc

# Reference: https://www.virustotal.com/gui/file/2fed583d8acb67f3ea8523379d5cd7ba6ec0f627fb373a0e1f41af680437c3b2/detection

bbrecords.niex.cc

# Reference: https://www.virustotal.com/gui/file/b71d86990c45dc4e7d8c62f931d0e247b563145f7498803a05b788ca412ee3de/detection

t0mvps.niex.cc

# Reference: https://www.virustotal.com/gui/file/34a18ae9d2aa24dd390b8f03a21acce66583e090ee91f7351240aa825924039f/detection

waresustems.com

# Reference: https://www.virustotal.com/gui/file/9cac4d7af506a1d90ed922ad72bec2353c51fdb8137c80e8cad13d155d5b5671/detection

exportdocs.biz

# Reference: https://www.virustotal.com/gui/file/e8d16e82fb23285e6c1ae22dc3a40b1a42d897f124b18983c8710cc8c689c7b6/detection

iaieqqo.review

# Reference: https://twitter.com/r3dbU7z/status/1368893677658124290

http://194.5.159.236

# Reference: https://www.virustotal.com/gui/file/45404167e89a4e85efb1b916509bc33e1d28347597051926fd18bbc33a1e350a/detection

http://185.153.199.102

# Reference: https://app.any.run/tasks/7cc67c66-3091-4dce-8487-c0eb4494baea/
# Reference: https://www.virustotal.com/gui/ip-address/188.127.254.61/relations
# Reference: https://www.virustotal.com/gui/domain/apemailer.us/relations

http://188.127.254.61
apemailer.us

# Reference: https://www.virustotal.com/gui/domain/moneygain.work/relations

moneygain.work

# Reference: https://twitter.com/James_inthe_box/status/1368936190523502597

hygroscopicprecious.com/universe/

# Reference: https://www.virustotal.com/gui/domain/gogorv.net/relations

gogorv.net

# Reference: https://twitter.com/Circuitous__/status/1368982200214052866
# Reference: https://www.virustotal.com/gui/file/8540a9063411b6ec84acf96272080eb539ab49df9159b879d98e7321344656c8/detection

gettraff.ru
qadedela.com
bonponon.com

# Reference: https://twitter.com/FewAtoms/status/1368989249832423432

dialectindulge.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369234426765471749

http://91.212.150.195

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281

yual.top

# Reference: https://twitter.com/wwp96/status/1369329418297094157

maiseficiencia.pt/who/

# Reference: https://twitter.com/wwp96/status/1369336755405590529

http://188.166.162.201

# Reference: https://twitter.com/wwp96/status/1369331837907140615

http://23.20.114.125

# Reference: https://twitter.com/p5yb34m/status/1369372927024594944

digitizedental.co.uk/apps/

# Reference: https://twitter.com/jstrosch/status/1369460970720989189
# Reference: https://app.any.run/tasks/4c84dfe9-fdc0-4a13-95d9-da2012fb2bbc/

aslambek.eu
edgethefoundation.com
osrsport.com
samsung-drivers.xyz
thehealthandwellbeingclub.com

# Reference: https://twitter.com/wwp96/status/1369450095889022983

http://95.214.235.237

# Reference: https://twitter.com/wwp96/status/1369682619571572741

modellgroups.net/js/

# Reference: https://twitter.com/pmmkowalczyk/status/1369746549593538574

http://192.3.152.166

# Reference: https://twitter.com/pmmkowalczyk/status/1369748045097820162

http://15.165.235.203

# Reference: https://www.virustotal.com/gui/file/481a1337d57ab58484b994d1ce328393d72450115d278680fe72ee55b619f190/detection
# Reference: https://www.virustotal.com/gui/file/5930d23ef2ea7ae8808d3b935e160f067316b690bae27d2b60d9c13078928462/detection
# Reference: https://www.virustotal.com/gui/file/efe60e5c5fe261c1df4aae53d334151445fe27ea2302d78306bc3b4750fee43f/detection

http://160.20.147.241

# Reference: https://www.virustotal.com/gui/file/a009bc840d74f5f7b450689e57aaba942cc8e474a4970f1d01ce38f3148163e5/detection
# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.200/relations

1eaf.pw
1faf.pw
2efs.pw
2qua.pw
3kvm.pw
3uag.pw
4igk.pw
4jaa.pw
5aef.pw
5hhftrw.pw
5ofj.pw
6asg.pw
6nbmytr.pw
6ydj.pw
7dfj.pw
7wjg.pw
8eus.pw
8qyu.pw
8yyngf.pw
9awi.pw
9ytrhgf.pw
hhytew.pw
mouni11.xyz
note866.pw
note8876.pw
pytopm.pw

# Reference: https://www.virustotal.com/gui/file/56265c1e88f67141d18bfa504aa9ae6f236ff20ef2caf832aeb2a2f2d90e6b63/detection

cache.hjjse33.com
static.tweerwy.com
yzxjgr.com

# Reference: https://twitter.com/FewAtoms/status/1370046170005975043

supernova-hostdns.us

# Reference: https://www.virustotal.com/gui/domain/embrodownscience.su/detection
# Reference: https://www.virustotal.com/gui/file/07dc515aadbd1a62cc510b9e2eea6297ba626119648419f9fe8f410a50e2779b/detection

embrodownscience.su

# Reference: https://www.virustotal.com/gui/file/30f90c90c5bbfc6dce289c827a9abb79bc5681de6214b99a0b1713352cde2110/detection

cloud-reserve.info

# Reference: https://www.virustotal.com/gui/file/250d5bc5b5e13353b807c36324de664552d16189ec55b97adde5c73251a883a7/detection
# Reference: https://www.virustotal.com/gui/file/28a6826608ef18619c05ad28161993203c19ec0009a86399ca0b17680de9c6f1/detection

http://74.118.138.254

# Reference: https://twitter.com/wwp96/status/1370612166152323077

216.83.57.228:7979
guduo.ga

# Reference: https://twitter.com/nao_sec/status/1370665043906285570

pornohdmovie.com

# Reference: https://www.virustotal.com/gui/file/518f03c42bd9c51cda4f62f45e31d00e6903a0553fa684a85931d7b304639d99/detection

api.jwhss.com
update.jwhss.com

# Reference: https://twitter.com/r3dbU7z/status/1370839780678848514

http://5.102.153.140

# Reference: https://twitter.com/pmmkowalczyk/status/1370800929558118405

http://80.92.206.135

# Reference: https://www.virustotal.com/gui/ip-address/79.170.44.8/relations

http://79.170.44.8

# Reference: https://twitter.com/FewAtoms/status/1371094459476230151

lms.login2.in

# Reference: https://www.virustotal.com/gui/file/426b1d295991feb03744d5cd55219ad8f0333b5129b3e5d14e6aa74ff44a0a46/detection

psnm4n1.multiservers.com

# Reference: https://twitter.com/Circuitous__/status/1371528262934003716
# Reference: https://www.virustotal.com/gui/file/eacb9ecbd9fdbba1b27c48a03f7196c2d855cd6f46d49a5f667e14fac2699a33/detection

ggtraff.ru

# Reference: https://twitter.com/r3dbU7z/status/1371586139887386634

http://175.45.176.10

# Reference: https://twitter.com/wwp96/status/1371823839278211073

http://23.95.122.47

# Reference: https://twitter.com/pmmkowalczyk/status/1371918253874933760

mamax.tk

# Reference: https://www.virustotal.com/gui/file/84854be4ee8490d0496cb37b2adf670af9ae6ee388a0e7e0e709d54a99127bf0/detection

jenergy.tw

# Reference: https://twitter.com/reecdeep/status/1372177891564347394

http://198.23.174.104

# Reference: https://twitter.com/InQuest/status/1372266749761101830

http://107.175.1.172

# Reference: https://twitter.com/InQuest/status/1372444606231687169

service-7pxel2bo-1304343953.gz.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/f85fbb731863de50e90906c29c3e6497cf049aa0b500f43ea4a22af10d321ef9/detection

http://198.23.207.46

# Reference: https://twitter.com/pmmkowalczyk/status/1372900492918018056

http://198.46.201.76

# Reference: https://app.any.run/tasks/7168f23b-c1f1-40fa-8dea-132020b2bc17/

http://195.181.240.2

# Reference: https://twitter.com/FewAtoms/status/1372604516609224708

eurex.ps

# Reference: https://twitter.com/fr0s7_/status/1373404924105666561

http://139.162.156.129

# Reference: https://twitter.com/InQuest/status/1373513106635231232

http://95.181.164.43

# Reference: https://twitter.com/FewAtoms/status/1373646415847641091

towme.services

# Reference: https://twitter.com/JAMESWT_MHT/status/1373876583065391105

frtyhyyttrtrreee.xyz

# Reference: https://twitter.com/wwp96/status/1374082815902507011

roshan.academy/ImE/

# Reference: https://twitter.com/wwp96/status/1374083446121893891

tridayacipta.com/images/

# Reference: https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis-3/
# Reference: https://www.virustotal.com/gui/file/5baa2022391d6339bcf49c28b85cc75373c9492d8b4a85796255e854e9dbe1a9/detection

http://178.62.226.184

# Reference: https://twitter.com/xuy1202/status/1374694429911523333
# Reference: https://twitter.com/xuy1202/status/1377880725395939328
# Reference: https://www.virustotal.com/gui/file/764248595c14a9d1559aa5ef5b904f69affb345b702a32a9b76f05811838cd42/detection

http://51.158.24.25
http://51.158.24.255

# Reference: https://twitter.com/Finch39487976/status/1375414044706869251
# Reference: https://app.any.run/tasks/48cad164-704d-459b-ae32-6be7365a23bd/

http://54.211.166.69

# Reference: https://twitter.com/Finch39487976/status/1375418869280612353
# Reference: https://app.any.run/tasks/70e46132-fee5-450d-85eb-98c73828c002/

http://13.56.11.148

# Reference: https://twitter.com/FewAtoms/status/1374431632699002884

travelwadi.com

# Reference: https://twitter.com/wwp96/status/1374523517593550862

http://54.253.194.14

# Reference: https://twitter.com/wwp96/status/1376544197847711746

http://193.164.7.118

# Reference: https://twitter.com/InQuest/status/1376921178980376577

http://13.234.19.200

# Reference: https://twitter.com/InQuest/status/1377118039221489671

http://168.138.137.235

# Reference: https://twitter.com/wwp96/status/1377648526306459651

http://141.105.65.94

# Reference: https://twitter.com/FewAtoms/status/1377652225661562881

ioabc.wif.com.br

# Reference: https://twitter.com/Helen03113766/status/1377437061884608518

45.125.56.80:81

# Reference: https://twitter.com/wwp96/status/1377648191198351367

http://198.23.251.121

# Reference: https://twitter.com/ShadowChasing1/status/1377912675867394049

londonkids.in/echoolz/assets/css/front/

# Reference: https://www.virustotal.com/gui/ip-address/85.10.254.98/relations

http://85.10.254.98

# Reference: https://twitter.com/fr0s7_/status/1377994875426193413
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.225/relations
# Reference: https://www.virustotal.com/gui/file/8fdbf5d103b20082f4cb62d8e9f20149278a8729d69352825b1147156d153a8c/detection
# Reference: https://www.virustotal.com/gui/file/be60617a580845169a1588f46ea44bcb323aea2d0825471a5f531690f1af99dc/detection

dreshiguard.com
pikantojuice.com

# Reference: https://www.virustotal.com/gui/domain/sediliny.info/detection

sediliny.info

# Reference: https://twitter.com/r3dbU7z/status/1379302191148720130

nicelister.net

# Reference: https://www.virustotal.com/gui/ip-address/194.37.97.172/relations

http://194.37.97.172

# Reference: https://twitter.com/FewAtoms/status/1379479833470713870

investigation-bureau.com/cry/

# Reference: https://twitter.com/jstrosch/status/1379797439125725188

solarparkcleaning.co.uk/js/

# Reference: https://twitter.com/jstrosch/status/1379801245741801480

loadbytes.tn

# Reference: https://twitter.com/FewAtoms/status/1379865782847438849

khmerosja.net/wp-check/

# Reference: https://twitter.com/jorgemieres/status/1379811433530150914

work-desk.aysinturpoglucelik.com

# Reference: https://twitter.com/jstrosch/status/1379994923286466565
# Reference: https://www.virustotal.com/gui/domain/greataccesstoserver.com/detection

greataccesstoserver.com

# Reference: https://tria.ge/210408-9h7wsybb7e

http://23.95.122.24

# Reference: https://twitter.com/ps66uk/status/1379822498880106499

http://193.142.146.25

# Reference: https://www.virustotal.com/gui/file/b68f7a0dde3eb7ed27495775c905006ab97deaca14ed50d645695ef6bbb3beef/detection
# Reference: https://www.virustotal.com/gui/file/daaff25db167319205da44fc2fea86f248b364a964e327b7a7b3a51a8c2f2706/detection

el-muchachos14.com
labsclub.com
teter.info

# Reference: https://twitter.com/jorgemieres/status/1380172488148140033

http://65.0.168.152

# Reference: https://www.virustotal.com/gui/file/192f2b24417da60d8d7d44bed6d1b025412e3b60fbce63b6566d4988bd3eb41e/detection

siwirnes.top

# Reference: https://twitter.com/FewAtoms/status/1380228295220953092

pazpus.com

# Reference: https://www.virustotal.com/gui/file/5586f246927b7919970e70167c06dc30bc8bff1aaaf129f1462e5ced0e4fa666/detection

funny-sell.tk

# Reference: https://www.virustotal.com/gui/file/3ca73186b0be18c4514061b5e5b2f8ffb2078d5613a5ee605589556cb092ca44/detection

tboy4real.tk

# Reference: https://www.virustotal.com/gui/domain/officesharefile.online/detection
# Reference: https://app.any.run/tasks/6bf48fb9-cd69-4153-8975-7a945972d59d/

officesharefile.online

# Reference: https://twitter.com/reecdeep/status/1380479709016948740

http://45.134.225.191

# Reference: https://twitter.com/TeamDreier/status/1380504862044082177

sogecoenergy.com/ol/

# Reference: https://www.virustotal.com/gui/file/791cd98386ab2342e846c58e711748bbb345e3dc36bc8ca8f39f6fc0ddae1507/detection
# Reference: https://www.virustotal.com/gui/file/483a1f54011dbe1635f0a6eaf8129c8b77557137ca640c494ddb97b138f03555/detection

msnunion.com
tyl123.cn

# Reference: https://twitter.com/FewAtoms/status/1380929258181263370

http://34.126.93.163

# Reference: https://twitter.com/James_inthe_box/status/1380877954050220041
# Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-masquerades-privacy-tool
# Reference: https://otx.alienvault.com/pulse/60df0c7c5e03d145c6a38652

http://45.144.225.71
diragame.com
gensoterman.com
jaishomo.info
privacmytools.site
privacytools.xyz
privacytoolsforyou.site

# Reference: https://twitter.com/FewAtoms/status/1381254863946973185

216.83.57.208:7979

# Reference: https://www.virustotal.com/gui/file/05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c/detection

http://23.92.213.108

# Reference: https://www.virustotal.com/gui/domain/up.harajgulf.com/relations

up.harajgulf.com

# Reference: https://twitter.com/r3dbU7z/status/1381517028817825795
# Reference: https://www.virustotal.com/gui/url/026ec2ee22c5b8a04806a13701238e971565cd80d9ca10a0be85c80f4222fa9e/details

http://39.107.141.48

# Reference: https://twitter.com/angel11VR/status/1381568772419563527

gosloto.site

# Reference: https://www.virustotal.com/gui/file/461eeadbe118b5ad64a62f2991a8bd66bdcd3dd1808cd7070871e7cc02effad7/detection

1924.site

# Reference: https://www.virustotal.com/gui/file/2b15ade9de6fb993149f27c802bb5bc95ad3fc1ca5f2e86622a044cf3541a70d/detection

2330.site

# Reference: https://www.virustotal.com/gui/ip-address/195.128.123.215/relations

2055.site

# Reference: https://www.virustotal.com/gui/file/a4b705baac8bb2c0d2bc111eae9735fb8586d6d1dab050f3c89fb12589470969/detection

1020.site

# Reference: https://twitter.com/fr0s7_/status/1381581992236552194
# Reference: https://www.virustotal.com/gui/file/3770e4df4fcc545d5107f43db58e1819a4609e55cc5103ac7973f6987e288431/detection

channel.sulekca.com

# Reference: https://twitter.com/FewAtoms/status/1381662701458456579

http://3.82.54.111

# Reference: https://twitter.com/ANeilan/status/1381973168731082752

joinclubhousepc.com

# Reference: https://twitter.com/FewAtoms/status/1381990355831230468

http://45.77.9.151

# Reference: https://twitter.com/FewAtoms/status/1382040219944419330

http://23.95.122.25

# Reference: https://twitter.com/r3dbU7z/status/1382237585586724867

http://54.212.20.151

# Reference: https://twitter.com/InQuest/status/1382213665181556738

http://107.173.219.80

# Reference: https://twitter.com/jstrosch/status/1382181770548760580

http://172.245.45.28

# Reference: https://www.virustotal.com/gui/file/29230c04b677b8f77e1d6bbb2f91ace810200ef376a9944b0390add92695f0ee/detection

8.142.58.112:777

# Reference: https://twitter.com/ps66uk/status/1382274063658258440

http://178.17.171.144

# Reference: https://www.virustotal.com/gui/file/7c8cf1e3ec35a6f604699f6481f3463e9ae19c93b8efd861b914c8260304d314/detection

4host.publicvm.com/api/cscript

# Reference: https://www.virustotal.com/gui/file/18f64293b812ba5aac625afc9ad734bb8f024831f310db422c68bced7149e3d6/detection

202.107.193.243:8899
202.107.193.245:9528

# Reference: https://twitter.com/jorgemieres/status/1382418405790208000

http://45.15.143.191

# Reference: https://www.virustotal.com/gui/file/4d072fa8e79d41ce3a27c7a8815cef92be52af61e5326f956ad8adaf4b7ebf6f/detection

http://185.20.185.59
http://80.92.204.19

# Reference: https://www.virustotal.com/gui/file/7b167ccd1690fc404cfb513ee00c39f968183d93d08c22f4d7c58fb1f3b4607d/detection

http://45.15.143.191

# Reference: https://www.virustotal.com/gui/file/800371d8be5bcfb345c06c988c8734749549dc1f09d680639067478386c42f29/detection

aretywer.xyz
d0wnl0ads.online
hacking101.net
mytoolsprivacy.site

# Reference: https://www.virustotal.com/gui/domain/ekkggr3.com/relations

ekkggr3.com

# Reference: https://www.virustotal.com/gui/file/5fceec9f222e808dcb49156ddf40fd0f6bdbe5a3c2640ab1e7cda3f83d634e1d/detection

http://188.93.233.59
prooffers2021.website
wertuest.xyz

# Reference: https://twitter.com/sS55752750/status/1382683900355481606
# Reference: https://www.virustotal.com/gui/file/719211e8563cf31595583c892efbfb027e2f54b47ed813fc31963ec51de17191/detection

116.204.171.211:8000
216.118.225.86:7231
58.221.58.222:88
vvage.com

# Reference: https://twitter.com/InQuest/status/1382892951093850112

files-quotecheck.xyz

# Reference: https://twitter.com/r3dbU7z/status/1382937649053372417

frostycitadel.xyz

# Reference: https://twitter.com/InQuest/status/1384149565587148809

user-privacy-center.com

# Reference: https://www.virustotal.com/gui/domain/zytrox.tk/relations

zytrox.tk

# Reference: https://twitter.com/fr0s7_/status/1384822059801395200

http://192.3.26.118

# Reference: https://twitter.com/malwrhunterteam/status/1384859846823055366

http://121.5.160.231

# Reference: https://twitter.com/olihough86/status/1384438320902688768

ehs.co.zw/veron/

# Reference: https://twitter.com/MBThreatIntel/status/1384959606414323722

house118.ir/benito/

# Reference: https://twitter.com/jstrosch/status/1385075429090881537

yarpa.lt

# Reference: https://twitter.com/jstrosch/status/1385079891444387852

quickbooks.thormobilemanagement.com

# Reference: https://twitter.com/InQuest/status/1385288396235550721

armyscheme.sytes.net

# Reference: https://www.virustotal.com/gui/file/8353b59b3461307224e06d006f8c5f5526c5827345bc8771f240c923d661b825/detection

8pines.com

# Reference: https://www.virustotal.com/gui/file/3ed8f6b0602f48e61fff27383480d49a6a4a2646fed9859b4e98b4f0d41176ec/detection
# Reference: https://www.virustotal.com/gui/file/b2a57daff9ec815df6862f028d0f915812f94b7257d23bbba249a9dbb87247a6/detection
# Reference: https://www.virustotal.com/gui/file/babd9e7325f8ef744460df079f3f6046ca2c5c2cd07c38abc57dcab447d05cb8/detection

x4z9arb.cn

# Reference: https://www.virustotal.com/gui/domain/cyberx2013.no-ip.org/detection

cyberx2013.no-ip.org

# Reference: https://twitter.com/InQuest/status/1385579880612515848

lidamtour.com/masivo/

# Reference: https://twitter.com/wwp96/status/1385597373905137666

http://107.172.130.145

# Reference: https://twitter.com/TheDFIRReport/status/1384282544695177221

http://192.210.163.201

# Reference: https://twitter.com/petrovic082/status/1386632406245982210

windowcafe.biz/momo/

# Reference: https://twitter.com/petrovic082/status/1386657143126994949

theportcitynews.com/vc/

# Reference: https://twitter.com/petrovic082/status/1386693270659551235

pressivoire.com/tests/

# Reference: https://twitter.com/dimitribest/status/1386750996597166084

temp.lanka.com.uy

# Reference: https://www.virustotal.com/gui/file/e62d5d03c66c9d4bfef592850e8e0589d3fe4bf81b582627d53fd9666eab4499/detection

dekhan.info

# Reference: https://twitter.com/jorgemieres/status/1387050353191911435

http://192.227.228.85

# Reference: https://twitter.com/FewAtoms/status/1387093531668459521

http://159.69.142.67

# Reference: https://twitter.com/ShadowChasing1/status/1387695113179074564

1000018.xyz

# Reference: https://twitter.com/h2jazi/status/1387194935607185416

1000020.xyz

# Reference: https://twitter.com/ReBensk/status/1387298655028146183
# Reference: https://twitter.com/ReBensk/status/1387306767202209792
# Reference: https://www.virustotal.com/gui/file/34bec3b2747ed7531993c73f04968c56e79f05f3b26b91cad256c9bbd5cf1beb/detection

bitcoingen.store

# Reference: https://twitter.com/petrovic082/status/1387331622811443205

http://198.23.207.82

# Reference: https://twitter.com/petrovic082/status/1387332418894434304

http://185.63.189.50

# Reference: https://twitter.com/petrovic082/status/1387405545494171649

arcencieldeco.com.tn/admin/

# Reference: https://twitter.com/InQuest/status/1387443172448645120

http://107.173.191.48

# Reference: https://www.virustotal.com/gui/file/f23c26eb4c2ae048c113f2405b1fb91e04dc74b73a572df60b1b95d3ca1ccb57/detection

jajoyeninigerialimited.com

# Reference: https://www.virustotal.com/gui/file/e0bec90953771bef51cee8a33c728adf712a29d827264bdf9d14ca3e8a51329d/detection

sjgue.com

# Reference: https://www.virustotal.com/gui/file/5982816b4d99252efb5efd18b01e890da58a3e0cbd29b911c749315070cfe278/detection

alkhashen.com
depisce.com

# Reference: https://twitter.com/FewAtoms/status/1387445813404741635

firas.alifares.org

# Reference: https://twitter.com/FewAtoms/status/1387476103850250246

http://40.117.139.198

# Reference: https://twitter.com/petrovic082/status/1387492851110514692

monnimonitorcloudfiles.mangospot.net

# Reference: https://www.virustotal.com/gui/file/3afac9ffd706efde8a68fbe78653b97fa5b5f2d815e00e05a4dd26cc3ceb9d64/detection

scaladevelopments.scaladevco.com

# Reference: https://twitter.com/InQuest/status/1387630316345561092

nta.hopto.org

# Reference: https://twitter.com/ShadowChasing1/status/1387695115922116610

coronavirus5g.site

# Reference: https://twitter.com/petrovic082/status/1387737072052711427

exoticafurniture.com.np

# Reference: https://twitter.com/petrovic082/status/1387735021730115593

swissprocesstointernail.mangospot.net

# Reference: https://twitter.com/petrovic082/status/1387761020983136257

fpctool.xyz

# Reference: https://twitter.com/jorgemieres/status/1387766567178493962

http://107.173.191.48

# Reference: https://www.virustotal.com/gui/file/c38063f954b8073f8f432599552612668b1f4657521a2e384e6c9c29a03d3579/detection

http://157.55.173.72

# Reference: https://twitter.com/xuy1202/status/1388153194644074505

lexusbiscuit.com/cgi-bn/

# Reference: https://twitter.com/petrovic082/status/1388181844949078021

http://198.46.132.163

# Reference: https://twitter.com/petrovic082/status/1388181339745263617

arcencieldeco.com.tn/admin/

# Reference: https://twitter.com/petrovic082/status/1388180784448688132

ecomtrader.com/wp-includes/

# Reference: https://www.virustotal.com/gui/file/1057445e544bf78e5995a15bf36c7dca71b4310c05df784c9c0bebc468f094d1/detection
# Reference: https://www.virustotal.com/gui/file/39c647277a5c66496efaa54879a7d83aeeecb96b0dc185a676150c27ddd21a3c/detection

zola.store

# Reference: https://app.any.run/tasks/f2034ead-e587-4eac-a992-9a59409ab127/
# Reference: https://www.virustotal.com/gui/file/4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c/detection

nyc002.hawkhost.com

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt
# Reference: https://www.virustotal.com/gui/domain/kimorazcinfolap.com/detection

kimorazcinfolap.com

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

ddoser2.ohost.de

# Reference: https://www.virustotal.com/gui/domain/korrrrrrnnnnqlmdzhnz.edns.biz/relations

korrrrrrnnnnqlmdzhnz.edns.biz

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

crucifixbotnet.servegame.com
grabber.vv.si

# Reference: https://www.virustotal.com/gui/domain/hitlerloco.xtrweb.com/relations

hitlerloco.xtrweb.com

# Reference: https://www.virustotal.com/gui/file/dbc996923312dc1ce38e6c5ed65cd79bc08b82a80b7ee8fa87f54940af27a3da/detection

ddosit.us

# Reference: https://www.virustotal.com/gui/file/a49f23aac652d63d1529338a12b3ba424d0b4eab637af8ffa7d9e557fb441a37/detection

http://5.61.35.129

# Reference: https://twitter.com/TheDFIRReport/status/1389181495898693633

http://172.82.179.170

# Reference: https://twitter.com/InQuest/status/1389204746414796800

will.kasraz.com

# Reference: https://twitter.com/ShadowChasing1/status/1389371024668463105

Servidorprueba.forensict.repl.co

# Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html
# Reference: https://www.virustotal.com/gui/domain/adobe-air.com/relations

adobe-air.com

# Reference: https://twitter.com/FewAtoms/status/1389222584030437379

cando--china.net

# Reference: https://www.virustotal.com/gui/file/145c59fb52e782845dea2a90ad13d1484f6e9e1f8659fae1cd44ffc46255e4b5/detection

ierinapu.xyz
riftrebirth.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/802111bc7cf96b0c67c6925337aa4ef7f9ce28852f376909c4a56373cb6200ea/detection

hhtool.ddns.net

# Reference: https://twitter.com/Circuitous__/status/1389640638107471880

crophysi.ru
gimoguvi.ru

# Reference: https://twitter.com/InQuest/status/1389685307612729344

evamari.gr/eim/

# Reference: https://twitter.com/jfslowik/status/1387535189165838336
# Reference: https://twitter.com/ESETresearch/status/1388225090744164356

anydesk.s3-us-west-1.amazonaws.com
anydeskstat.com
zoomstatistic.com
clamspit.com
domohop.com
zgnuo.com

# Reference: https://twitter.com/James_inthe_box/status/1389927787495002118

madagascar-green-island-discovery.com/Img/

# Reference: https://twitter.com/malwrhunterteam/status/1390210483676921858
# Reference: https://twitter.com/ffforward/status/1390217998187773954

secure3d-update.com

# Reference: https://twitter.com/petrovic082/status/1390277301196238849

worldhealthday.esiloc.com/doc/

# Reference: https://twitter.com/jorgemieres/status/1390304120104390658

http://45.138.157.144

# Reference: https://twitter.com/executemalware/status/1390331263043739648
# Reference: https://pastebin.com/PLCTxpAT

http://192.119.171.206

# Reference: https://twitter.com/malware_traffic/status/1390373738084982786

http://54.185.172.76

# Reference: https://twitter.com/petrovic082/status/1390586216802889731

farm-finn.com/admin/

# Reference: https://twitter.com/petrovic082/status/1390589091503353857

47.104.153.31:7088

# Reference: https://www.virustotal.com/gui/domain/limesfile.com/relations

limesfile.com

# Reference: https://www.virustotal.com/gui/domain/global-sc-ltd.com/detection

global-sc-ltd.com

# Reference: https://www.virustotal.com/gui/domain/post-back-url.com/relations

post-back-url.com

# Reference: https://www.virustotal.com/gui/file/51929c3ab26fb6ad702929f577ff118dbe2b7f37d054740cc5697a278b01d125/detection

getmyinfodistribute.me
pretendwag.info
integral.hacking101.net

# Reference: https://www.virustotal.com/gui/file/15c900dc2ff9453f92b025567e89bdb716ae304c2cd561ae65fcee45dd7b0922/detection

htagzdownload.pw
wmbi4jr7hvonline.xyz

# Reference: https://www.virustotal.com/gui/file/14e7fdec6624ba60bfee6bf686060db46ad0052075664935fe69be63fb3ab467/detection

1eaf.pw

# Reference: https://www.virustotal.com/gui/file/6cae92665b23b4bccccd25fad925b745ad83e700b1775a6cabae079b5741accd/detection

uaalgee33.com

# Reference: https://www.virustotal.com/gui/domain/static.tweerwy.com/detection

tweerwy.com
static.tweerwy.com

# Reference: https://www.virustotal.com/gui/file/a204a5703b2b783d6d70f05704cf0c750d0c3d18c8501fde4de61984a5161f97/detection

zandogia.com

# Reference: https://twitter.com/K_N1kolenko/status/1391273433221279746

194.36.171.43:6969

# Reference: https://www.virustotal.com/gui/file/5f66d7ed7f8a35d92d53e0fc82c3f01c37cfc108d3f5da1a0016430c77e23303/detection

coursebro.pw
downkzvideo1.xyz
imaginepic.xyz

# Reference: https://www.virustotal.com/gui/domain/downkzvideo2.xyz/detection

downkzvideo2.xyz

# Reference: https://www.virustotal.com/gui/file/16bb9009629972f1ae07205be70309c381ef43e7ed7bbe786f9a3cf8ef45d85a/detection

http://112.64.218.40
http://140.206.225.232
http://47.92.39.6

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

sportucc.com
yufjgg.com
kkjgg.yufjgg.com

# Reference: https://www.virustotal.com/gui/file/74f184e51ece45c56e58a55f7c5c97286bac05db2c39842924af0c6d2593e71e/detection

kupijeftino.rs/s/

# Reference: https://www.virustotal.com/gui/domain/rainbirds.ac.ug/detection

rainbirds.ac.ug

# Reference: https://www.virustotal.com/gui/file/1be388f74d98754a616ec3265cf9dc7cf94383759fc0ed88eeff1267ad4efa16/detection

jpnnybacj.ug
myhostiger.ug
ventillos.ug
vjvcnbhscv.ru

# Reference: https://www.threatweb.com/access/Malware-URLs-High_Confidence_BL.txt
# Reference: https://www.virustotal.com/gui/domain/lookdesign.club/relations

lookdesign.club

# Reference: https://www.virustotal.com/gui/file/e4ed9fe31c2b19bafff204e41af9f99afafcfa0aca8c07ecdc840e5c92f4b10d/detection

lookdesign.best

# Reference: https://www.threatweb.com/access/Malware-URLs-High_Confidence_BL.txt

api-246.org

# Reference: https://www.virustotal.com/gui/file/c68fb88bcb80085c910d55c1314d43e60890d0769b9b17589cc21ff93d2b87aa/detection

navltas.me

# Reference: https://twitter.com/MBThreatIntel/status/1391798716399562758

http://31.210.20.6

# Reference: https://www.virustotal.com/gui/file/017d66a7e703fe76a2c02e4df9d88633eab4fcef0f678b8e596720df0099eb20/detection

occurrent-fatigues.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b296aaa167b19184295abc6bb32378cee4cba81a8c089ea46d6bc8eed7502e4c/detection

cloudstroageofofficedocumenttransfer.mangospot.net

# Reference: https://twitter.com/petrovic082/status/1392041842158575619

http://192.3.22.5

# Reference: https://twitter.com/petrovic082/status/1392041345263538177

http://91.218.113.67

# Reference: https://twitter.com/petrovic082/status/1392486409978662912

nyc008.hawkhost.com

# Reference: https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
# Reference: https://otx.alienvault.com/pulse/609c0ee81a709f9d805ce108

http://185.117.119.87

# Reference: https://twitter.com/James_inthe_box/status/1392839902593634313

seychelless.ml

# Reference: https://twitter.com/ShadowChasing1/status/1392991935443324928
# Reference: https://twitter.com/ShadowChasing1/status/1392991937502728192

facextrade.com.br/wp-imcludes/
facextrade.com.br/z.mp3
facextrade.com.br/0C.txt
facextrade.com.br/0A.txt
facextrade.com.br/0B.txt

# Reference: https://www.virustotal.com/gui/domain/u11035265mw.ha004.t.justns.ru/relations

u11035265mw.ha004.t.justns.ru

# Reference: https://www.virustotal.com/gui/file/dbfc0f6a14532b867334b38aa4789fe1da4267c72955f89e00811392df0bd42a/detection

http://178.47.141.153

# Reference: https://twitter.com/_jnzer0/status/1393134068091457538

quickbooks.thormobilemanagement.com

# Reference: https://www.virustotal.com/gui/file/7c18130345c95d1cd852af2bbf0fad2d72d4097725dbd334f1d0ab66720c43c6/detection

http://179.43.140.185

# Reference: https://twitter.com/FewAtoms/status/1393241964334698497

http://3.36.53.50

# Reference: https://twitter.com/ShadowChasing1/status/1393478997829324800

ikiranastore.com/images/files/ist/doc/

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.84/relations
# Reference: https://www.virustotal.com/gui/file/ec78fea23781fa418517d0f7772f8658889f6f6cd8026821c5c835ad82415480/detection

ddm1.ru
ddm2.ru
ddm3.ru
ijb1.ru
ijb2.ru
ijb3.ru
nlemmy.ru
nlenny.ru
nlenny1.ru
ruz2.ru

# Reference: https://twitter.com/MaelSecurity/status/1393868340121280512

datenbank.mobi

# Reference: https://twitter.com/jorgemieres/status/1394377578857877505

http://94.26.248.58

# Reference: https://twitter.com/jorgemieres/status/1394662863940292612

www-visaprepaid-verification.duckdns.org

# Reference: https://twitter.com/FewAtoms/status/1394723737166045187

oauth-gateway.com

# Reference: https://www.virustotal.com/gui/domain/lax007.hawkhost.com/relations

lax007.hawkhost.com

# Reference: https://www.virustotal.com/gui/file/d989f29a71e4537d7e7376c0612ff8bc28aa1db949493512a2f5e50bca4975b8/detection

scrypto.store

# Reference: https://twitter.com/Circuitous__/status/1395759480462249984

http://103.156.91.50

# Reference: https://twitter.com/petrovic082/status/1396798551838109702

http://54.179.110.114

# Reference: https://twitter.com/petrovic082/status/1396798934065025025

http://172.245.79.122

# Reference: https://twitter.com/FewAtoms/status/1396436948940693506

elmerfloyd.com/ru/

# Reference: https://twitter.com/InQuest/status/1396851520843436037

http://192.3.122.177

# Reference: https://www.virustotal.com/gui/file/53b7637945616f51b0ffa4de5c35685b87b2039473ebc4f69a1fb581c6236d19/detection

http://188.244.63.241

# Reference: https://twitter.com/FewAtoms/status/1397258383837835270

http://45.133.1.53

# Reference: https://twitter.com/dark0pcodes/status/1397937746992320521

http://176.57.68.60

# Reference: https://www.virustotal.com/gui/domain/umber-mistrials.000webhostapp.com/detection

umber-mistrials.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/40cf12da9f451816254ab4fcad6b987596b1696b23ae3b50f0d65e5982841947/detection

versuspa.host

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

download-serv-314432.xyz

# Reference: https://www.virustotal.com/gui/ip-address/2.56.154.227/relations

http://2.56.154.227

# Reference: https://www.virustotal.com/gui/file/269191362c407df28b23e56b6a68758cb112f9bb7582e064e7f7e5a41367c710/detection

http://212.192.241.136
bandshoo.info

# Reference: https://www.virustotal.com/gui/domain/bryexhsg.xyz/relations

bryexhsg.xyz

# Reference: https://www.virustotal.com/gui/domain/sandokan66.no-ip.info/detection

sandokan66.no-ip.info

# Reference: https://twitter.com/fr0s7_/status/1399060365460312069
# Reference: https://app.any.run/tasks/45342b20-2471-49e7-953f-09d27e1a3169/

chajoh92.dreamhosters.com

# Reference: https://twitter.com/InQuest/status/1399223226459426816

http://103.133.106.72

# Reference: https://www.virustotal.com/gui/file/a47861eb94370a48bc6b4d99117b88c991fb199e300bd0cc24aa812c0ea2b3cb/detection

http://46.21.153.209

# Reference: https://twitter.com/InQuest/status/1399336733817384961

http://79.110.52.186

# Reference: https://twitter.com/ShadowChasing1/status/1399641815737716744
# Reference: https://www.virustotal.com/gui/file/33bb84af45d19fc1240892df44ee58146ac395674c41d6402fd42219e47a4b67/detection

cs1j.com

# Reference: https://twitter.com/tosscoinwitcher/status/1399800310365704193

http://95.142.39.142

# Reference: https://twitter.com/InQuest/status/1399757603589210115

http://37.120.206.70

# Reference: https://twitter.com/FewAtoms/status/1399780057451843586

http://13.212.176.2

# Reference: https://twitter.com/ActorExpose/status/1399859014197035011

iqbuddys.com

# Reference: https://twitter.com/James_inthe_box/status/1400097345539166211

http://149.28.255.25

# Reference: https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/
# Reference: https://otx.alienvault.com/pulse/60b8a178a6e813e88be3181b

http://191.252.219.71

# Reference: https://www.virustotal.com/gui/file/319dbb7e2f87b527ad4eba361a14fff5488105c39c04895eafc24399c62698fd/detection

83.166.247.185:443

# Reference: https://twitter.com/reecdeep/status/1400481387258552326

http://5.181.80.126

# Reference: https://twitter.com/FewAtoms/status/1400875352034009093

http://23.95.122.53

# Reference: https://twitter.com/FewAtoms/status/1400894965413298185

http://54.199.172.253

# Reference: https://twitter.com/InQuest/status/1401752373362561029

http://103.140.251.225

# Reference: https://twitter.com/InQuest/status/1401811163847999488

http://172.245.119.81

# Reference: https://twitter.com/jorgemieres/status/1401914199337484293

http://3.36.53.56

# Reference: https://twitter.com/InQuest/status/1402491028783915009

kabaka.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1402528954263670784

help-service.support

# Reference: https://twitter.com/fr0s7_/status/1402394083331559431
# Reference: https://www.virustotal.com/gui/file/1939d9fdcf831dc4cac001ba193669c75a336258bc99a1775471554229e4a69b/detection

azure-drive.com
download.azure-drive.com
protect.azure-drive.com

# Reference: https://www.virustotal.com/gui/file/a6a1b66e1d7d31bfa37a6a591b30469b71c25a431096a9fc60bd072d7e9b1889/detection

http://185.215.113.57

# Reference: https://www.virustotal.com/gui/file/d9f7cafec1b6f3d60c478035d5d24cd93ffe8732c2fc8495dd88c7786014444a/detection

http://146.0.77.92

# Reference: https://twitter.com/malwrhunterteam/status/1403356371966435335

http://154.212.112.90

# Reference: https://twitter.com/r3dbU7z/status/1403399105142009864
# Reference: https://www.virustotal.com/gui/domain/rootkitsys.duckdns.org/relations

rootkitsys.duckdns.org

# Reference: https://twitter.com/bbeyzaasahinn/status/1403065333389406208

http://103.125.191.125

# Reference: https://www.virustotal.com/gui/file/288b416cd72d953a85995bf4abfec1487483362fd06270326e46f53a29cd8357/detection

xxcss.mooo.com

# Reference: https://twitter.com/FewAtoms/status/1404085512663617540

http://136.144.41.133

# Reference: https://twitter.com/reecdeep/status/1404695309599580161
# Reference: https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895/

http://107.173.219.35

# Reference: https://www.virustotal.com/gui/file/a5101c0cb5d2e776785489f46d08e3c7e0f40004f5bbf872f03a2953360be6ee/detection

http://158.247.226.251

# Reference: https://twitter.com/FewAtoms/status/1404521303684616205

cor-tips.com

# Reference: https://www.virustotal.com/gui/domain/uaalgee33.com/relations

uaalgee33.com

# Reference: https://www.virustotal.com/gui/file/23ddb2789f556f68703104ef775449b74ab121e10f3c491253250f4ea3228e0a/detection

1oivviovidwopopin.info
samegresites.live

# Reference: https://twitter.com/alex_lanstein/status/1404809014370881540

http://1.14.61.188

# Reference: https://twitter.com/alex_lanstein/status/1404888867635933188

http://198.12.107.38

# Reference: https://www.virustotal.com/gui/file/789e58502db7458fefcde8f8f920dfbf9299461146828ddba1b57d191b07e9c9/detection

http://176.111.174.89

# Reference: https://twitter.com/1ZRR4H/status/1405640356478259201

http://188.119.113.80

# Reference: https://twitter.com/FewAtoms/status/1405608473304383497

http://136.144.41.133

# Reference: https://twitter.com/FewAtoms/status/1405605102715654149

http://195.133.40.148

# Reference: https://twitter.com/FewAtoms/status/1405938115878047750

expotuxpan.com/ERqIdpqqhZTTVzgn/

# Reference: https://twitter.com/petrovic082/status/1404722427259719682

http://122.114.198.100

# Reference: https://twitter.com/petrovic082/status/1404723335188070401

http://103.155.82.236

# Reference: https://twitter.com/petrovic082/status/1404722924452524036

http://146.70.20.207

# Reference: https://twitter.com/petrovic082/status/1404724234111365124

http://107.173.219.35

# Reference: https://www.virustotal.com/gui/file/2fceade07a4a28f5da6cfefb7117f7094d872b9f4ef713feb84f82525fcb15bb/detection

http://146.0.72.84

# Reference: https://www.virustotal.com/gui/file/782d45c66a3e812bf2a92337b7f6e3475eeec76f71b77d950ed92aff42fdaf87/detection

practiceartist.com

# Reference: https://www.virustotal.com/gui/file/4d5eefab900c634a2e481693be52b62aa195ffcd30952f010b7f9a1e6f024218/detection

taylorddos.no-ip.info

# Reference: https://twitter.com/ActorExpose/status/1406664112243982336

gdrfa.online

# Reference: https://twitter.com/FewAtoms/status/1406967672110305280

wh890850.ispot.cc

# Reference: https://twitter.com/petrovic082/status/1406971631784824836

http://192.3.141.146

# Reference: https://twitter.com/petrovic082/status/1406975300274114562

http://3.112.233.112

# Reference: https://www.virustotal.com/gui/file/bf9693d652143154404e9038f1648d9322b6e324387a0bc516b644e5c113a857/detection

6kf.me

# Reference: https://twitter.com/petrovic082/status/1407102524478431233

broadtechnomat.in

# Reference: https://www.virustotal.com/gui/file/68aab4d5d6d862bbf77cf836e80ea486a14ae11bc32cec46291a32834dd15045/detection

http://136.144.41.152
http://185.20.227.194
beginnis.info

# Reference: https://twitter.com/InQuest/status/1407817820679847937

updatewin32.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1408064073963429900

http://52.142.42.230

# Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection

http://185.212.129.54

# Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection

apiinformationsec.com
cloudcontentsmak.com
cloudnetwork.kz
contentmakersbyakamai.ru
jsapisettings.kz
jsc0nten1maker.com
securetopdevelopment.kz
supermicrotransapi.ru
js.securetopdevelopment.kz
mel.cloudcontentsmak.com
nicru.supermicrotransapi.ru
noone.contentmakersbyakamai.ru
secure.jsc0nten1maker.com
tel.jsapisettings.kz
smart.cloudnetwork.kz
static.apiinformationsec.com

# Reference: https://twitter.com/FewAtoms/status/1408142253722308608

vivazenergia.com.br/img/

# Reference: https://www.virustotal.com/gui/domain/s7flyradar.com/detection

s7flyradar.com

# Reference: https://twitter.com/FewAtoms/status/1408479849195397121

http://198.12.91.160

# Reference: https://twitter.com/petrovic082/status/1408739967493361666

http://198.12.110.183

# Reference: https://twitter.com/FewAtoms/status/1408472851879956490

docuserver1.com

# Reference: https://twitter.com/FewAtoms/status/1408477403001856001

http://172.245.119.78

# Reference: https://twitter.com/petrovic082/status/1408503220389953536

http://89.40.14.62

# Reference: https://www.virustotal.com/gui/file/c91c110be85dea89dc873531eac8df2b0faa4fb6c5041416b873fdab7b15c45a/detection

http://136.144.41.71

# Reference: https://www.virustotal.com/gui/file/926a3380c1a5a6964f08450d09074cb62e4d78c8f2fac51fee65b0f2aafd18c8/detection

wotsapp.net

# Reference: https://www.virustotal.com/gui/file/f5380da161d45e09115bf0eb392b979db161ec710294352e5cf10d78469aa5a9/detection

cromdownload.com

# Reference: https://www.virustotal.com/gui/file/dc8c2d326143ff4334a7bdbafcb821ee9a525eb3248e676e4940baab8d0626a9/detection

hgastation.com

# Reference: https://twitter.com/ffforward/status/1409240342533181442

usergtarca.com

# Reference: https://twitter.com/alex_lanstein/status/1409503787803451395

ach-edi.xyz

# Reference: https://twitter.com/pmmkowalczyk/status/1409830494158704641

http://103.89.90.94

# Reference: https://twitter.com/wwp96/status/1409916270720471040

sottb.com

# Reference: https://twitter.com/wwp96/status/1410328605389905923

http://103.194.104.94

# Reference: https://www.virustotal.com/gui/domain/ccmd.website/relations

ccmd.website

# Reference: https://twitter.com/fr0s7_/status/1410253336390033409
# Reference: https://www.virustotal.com/gui/domain/ourfirm.com/detection

ourfirm.com

# Reference: https://twitter.com/InQuest/status/1410597489636347916

http://172.245.27.25

# Reference: https://twitter.com/malwrhunterteam/status/1410601147761528842

etherbonus.net

# Reference: https://twitter.com/wwp96/status/1410613354037534725

http://103.145.253.94

# Reference: https://twitter.com/ESETresearch/status/1410864752948043778
# Reference: https://twitter.com/ESETresearch/status/1410864779229548546
# Reference: https://www.virustotal.com/gui/file/0bff46518b35ddfe37f4a7820286aab829d81f1480d9eeca5aaedc9ceda6724f/detection
# Reference: https://www.virustotal.com/gui/file/be97d7ae3b2d876f027d99d8d61dbca92513f4975336c2ebc26cf8a0839b67b6/detection

micosoft.ga

# Reference: https://twitter.com/wwp96/status/1411210042834051072

grntexpresscourier.com/File/

# Generic

/-..-/
/.-.......................-/
/.-....................................................-....................................-/
/...-.-.-....................................--/
/...-.-.-.-.-.........................-----------------/
/..-.-.-.-.-.-.-.-.-.-.-._---------_-------_-------....-.-/
/.----------------------.------------------------------.-/
/-................................................................................-/
/-..-/......dot
/......dot
/................................................................................dot
/...............dot
/................wbk
/5555-meter.deb
/5555-shell.deb
/aaaaaaaaaaa.dll
/ccccccccccc.dll
/freeeeeeeee.dll
/avbypass.txt
/b64_shellcode.txt
/backd00r.exe
/01BypassAV.exe
/bypassav-1.exe
/bypass.exe
/bypass.txt
/Bypass%20AV.exe
/Bypass%20AV2.exe
/BypassAV.exe
/bypassav-1.exe
/bypassav_2.exe
/bypassav_360.exe
/Bypass32.exe
/BypassAV.txt
/BypassUAC.exe
/bypassvalue.exe
/bypassvalue.txt
/CjojMi1rBOPnILx.exe
/direct/MAPE_Form.dotm
/Doc1.doc
/Doc1.dot
/Doc1.dotm
/hack.exe
/hkcmd/document.doc
/hkcmd/vbc.exe
/GruntHTTP.exe
/Rat/Domain.txt
/webmailed/updates.exe
/newratexploitlink
/BOTNET_HOST/
/bypass_20210428_0905/
/payload.exe
/payload.txt
/revshell.bin
/revshell.exe
/SharpBypassUAC.exe
/shellcode_1.jpg
/shellcode
/shellcode.exe
/shell.exe
/plugins/keylogger.p
/plugins/keylogger.php
/wwww/ees.doc
/loader.plg
/pws.plg
/jbitchsucks
/xhack.exe
/botupdate
/getbotinjects
/getkeyloggers
/testbypass.exe
/Token_Stealer.bat
/FormGrabber/
/HistoryStealer/
/Rat/Realrat/
/Realrat/
/Stealer/
/stealer_php/
/.steal/
/WalletSteal.bin
/loader/injection.dll
/wp-imcludes/
