# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bokbot, icedid

# Reference: https://otx.alienvault.com/pulse/5fb042c8c8bc52fd36438c9d
# Reference: https://github.com/JR0driguezB/malware_configs/tree/master/IcedID

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html

efoijowufjaowudawd.com

# Reference: https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/

lik0sa1.com
nejokexulang.example.com
payfinance.net

# Reference: https://www.crowdstrike.com/blog/bokbots-man-in-the-browser-overview/
# Reference: https://otx.alienvault.com/pulse/5c99fb543acc7f5eb0e7e933

acquistic.space
ambusted.space
coultra.space
exhausines.space
exterine.space
haractice.space
hospirit.com
overein.space
parchick.space
portened.space
resurround.pw
segregory.com
stocracy.space
stradition.space
subsquire.com
tybalties.com
ugrigo.space
waharactic.com
yorubal.space

# Reference: https://twitter.com/James_inthe_box/status/1110564181021908993

mathedro.com

# Reference: https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/

zonefb.com

# Reference: https://twitter.com/malware_traffic/status/1123458651434434563

marakusta.at
saudienter.pw

# Reference: https://twitter.com/CapeSandbox/status/1123605348466741249
# Reference: https://cape.contextis.com/analysis/70719/

forsynanchyv.com
hipponexunam.org

# Reference: https://twitter.com/CapeSandbox/status/1121084063903821824
# Reference: https://cape.contextis.com/analysis/68966/

arguerns.top
extenterms.top
minental.top

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

37.59.68.215:443
goodinzone.at
mozambiquest.pw

# Reference: https://twitter.com/James_inthe_box/status/1136950895986429954

albarthurst.pro
hipponexunam.org

# Reference: https://twitter.com/malware_traffic/status/1147303805115162624

germakhya.xyz

# Reference: https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-two.html

albarthurst.pro
carlsbadenomise.top
chardiop.club
ethracial.pw
exchangests.xyz
forsynanchyv.com
goodinzone.at
hipponexunam.org
hydrylater.online
mechangerous.space
mozambiquest.pw
parenessed.icu
ransmittend.club
saudienter.pw
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/takerk734/status/1135955547310632960
# Reference: https://app.any.run/tasks/13d6d9f9-7033-4ce7-9ad4-76591f15274c/

http://195.123.234.12
http://95.213.217.139
http://54.36.218.96
185.143.145.90:443
maidcafeyoyo.fun
simbaooshi.space
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163512836930199552
# Reference: https://pastebin.com/rcwZmSu0

bumpsitting.pro
diplomainter.pro
duffered.pro
existination.pro
hahashow67.bit
pitfields.pro

# Reference: https://twitter.com/SoulRage6/status/1168171341998149637

casternsinc.com
casternsblog.com

# Reference: https://github.com/silence-is-best/c2db#icedid

memphase.com

# Reference: https://twitter.com/SoulRage6/status/1184141516534702081
# Reference: https://www.virustotal.com/gui/file/6f72987e323aa2d0a81c74e45851b62c1f415f703be20afb662748bc709f9361/detection
# Reference: https://twitter.com/JasonMilletary/status/1184201998381522944
# Reference: https://pastebin.com/vnwHadJk
# Reference: https://twitter.com/JasonMilletary/status/1190286207751733248
# Reference: https://pastebin.com/cz2HePMS

amongolia.com
bavariousltc.com
bhagavana.com
biorexis.top
builtitute.com
contrmved.com
corposted.com
coujtried.com
demonike.com
demonsoon.com
dioneras.top
eurobable.com
founddhog.com
honolfogy.com
jjanuatu.com
leonopic.top
lionerat.top
magnwnce.com
mastroga.top
memphase.com
molinaro.top
nopelrod.top
pidronog.top
piloresi.top
presifered.com
sacrecope.com
semistor.top
sheaffic.com
sheaffic.net
sheaffic.nl
sheaffic.org
tadpoleonilc.com
tidesore.top
wentinueqhcr.com
whyeelong.com

# Reference: https://twitter.com/OttoScav/status/1186356752406724609

gfthwards.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1187390560384049155

gfthwards.com
gfthwards.eu
piloresi.top
presifered.com

# Reference: https://twitter.com/wwp96/status/1189244489472319489

kbtseafood.com

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667
# Reference: https://www.virustotal.com/gui/ip-address/217.182.188.118/relations

217.182.188.118:443
demonsoon.com
emperimen.com
magnwnce.com
moreogramlfgt.com
orsement.net
orsement.org
resultiplrt.com

# Reference: https://twitter.com/malware_traffic/status/1068570263732789248

govenian.host
suprecien.host

# Reference: https://twitter.com/malware_traffic/status/1068281897346838528

freshwallet.at
labadegmc.com
listmyfloor.com
modelssohn.website

# Reference: https://twitter.com/pollo290987/status/996471190221983746

3200bpm.com
autozpolisy.pl
tagamol.com

# Reference: https://twitter.com/JR0driguezB/status/978937668921970688
# Reference: https://github.com/JR0driguezB/malware_configs/blob/master/IcedID/C2.txt

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://twitter.com/Paladin3161/status/1156867967260303360

bumpsitting.pro
heinless.pro
mainly.pro

# Reference: https://twitter.com/Paladin3161/status/1156632752260648960

diplomainter.pro
existination.pro
forsynanchyv.com
stalitic.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1194631881007910921

aginia.net
aginia.top
leonopic.top
nopelrod.top
sacrecope.com
telected.xyz

# Reference: https://twitter.com/stecar792/status/1194745611377135616
# Reference: https://pastebin.com/FhbU27vC
# Reference: https://pastebin.com/if2VpJJg

bhagavana.com
eurobable.com
leonopic.top
lionerat.top
memphase.com
mirkolkdb.com
mirkolkdb.eu
mirkolkdb.net
mirkolkdb.nl
nopelrod.top
pidronog.top
sacrecope.com
semistor.top
tadpoleonilc.com
telected.com
telected.eu
telected.in
telected.net
telected.nl
telected.one
telected.org
telected.tel
telected.top
telected.xyz
wentinueqhcr.com
whyeelong.com

# Reference: https://twitter.com/JasonMilletary/status/1177323562425815049
# Reference: https://pastebin.com/XF980VrW

bhagavana.com
biorexis.top
centrash.com
duffice.com
eurobable.com
fallium.com
gioredoh.top
kenoted.com
leonopic.top
lionerat.top
mamerona.top
mastroga.top
memphase.com
molinaro.top
nopelrod.top
pidronog.top
samioner.top
scatholics.com
semistor.top
tidesore.top
uniresio.top
vulcate.com

# Reference: https://twitter.com/JasonMilletary/status/1176934514414759936

genepbisulphite.nl
yavagumchewer.com

# Reference: https://twitter.com/JasonMilletary/status/1174026442100940800

eonopic.top
ionerat.top
ioredoh.top
mamerona.top
olinaro.top
samioner.top
uniresio.top

# Reference: https://www.f5.com/labs/articles/threat-intelligence/de-icing-icedid--decompression-and-decryption-methods-explained-?

ygrenevresed.fun

# Reference: https://twitter.com/CapeSandbox/status/1168607522795790337
# Reference: https://twitter.com/SoulRage6/status/1168171341998149637

casternsblog.com
casternsclub.com
casternsinc.com
casternssite.com
rankrns.com
staterns.com
webcasterns.com

# Reference: https://twitter.com/JasonMilletary/status/1197209873294999553
# Reference: https://pastebin.com/964KsuMx

bhagavana.com
dioleg.top
eurobable.com
fioure.top
goidiom.top
guiertr.top
hiolne.top
leonopic.top
lionerat.top
memphase.com
mirkolkdb.com
mirkolkdb.eu
mirkolkdb.net
mirkolkdb.nl
monerto.top
nopelrod.top
pidronog.top
riopwe.top
sacrecope.com
semistor.top
tadpoleonilc.com
tierton.top
tyuerse.top
wentinueqhcr.com
whyeelong.com
ziones.top

# Reference: https://twitter.com/JasonMilletary/status/1197541828402143233

37.48.83.137:80
37.48.83.137:443

# Reference: https://twitter.com/JasonMilletary/status/1197593565863518208
# Reference: https://app.any.run/tasks/30cb7b07-6cff-4ff0-88eb-e69c6d60397a/

berrydom.top

# Reference: https://twitter.com/Kostastsale/status/1199604381751988225
# Reference: https://app.any.run/tasks/b3f60bc6-c821-4921-b4e4-221e32b2d7e7/
# Reference: https://app.any.run/tasks/6e5996c2-81b1-45ac-bdd0-3ec9517608ce/

astenitral.club
desreona.top
gerrredona.top
nedisona.top

# Reference: https://any.run/malware-trends/icedid (Note: as seen on 2019-12-04)

dirosad.top
jikolis.top
monerto.top
ziones.top
tierton.top
ddos.dnsnb8.net
semistor.top
guiertr.top
tyuerse.top
thuocnam.tk
desreona.top
nedireob.top
gerrredona.top
nameseorin.top

# Reference: https://pastebin.com/ErESEBNy

herrasei.top

# Reference: https://twitter.com/killamjr/status/1203183444127354880
# Reference: https://www.virustotal.com/gui/domain/colonisfg.com/relations
# Reference: https://www.virustotal.com/gui/file/5cfbcfac6faea9055f9c7bebc1974aac0ec445f4d08900100b5a3a389ec02610/detection

colonisfg.com
derilopa.top
dezaredo.top
gerontos.top
netionax.top
seniorex.top

# Reference: https://twitter.com/luc4m/status/1204861411010207744

certifacto.com
beaderza.top
gertuko.top
hiperdom.top
modestog.top
nonedore.top

# Reference: https://twitter.com/malware_traffic/status/1208205022925860865

b99vxjju.com
jlb81hdvernon.com
v60yuuu1415.com

# Reference: https://app.any.run/tasks/5e1ba7ba-4a11-44d0-a80b-ea188041fd76/
# Reference: https://pastebin.com/higQqzwD

arkanacarszoom.pro
arkanacarszoom.red
arkanaways.pro
arkanaways.red
baberdon.top
bavariousltc.com
bavidopa.top
beaderza.top
berrydom.top
bilopans.top
biodeser.top
bladisuka.red
brekatrinado.red
carensod.top
certifacto.com
colonisfg.com
containerfirearms.com
copiresd.top
coridef.top
cowspidzu.pro
demandary.com
desreona.top
dioledoe.top
dioleg.top
dirosad.top
elabortin.com
exceptionalsanta.pro
fanisder.top
fidonau.top
fioure.top
foxitone.top
geropil.top
gertuko.top
giretona.top
golitope.top
goredoma.top
goresoin.top
herdomo.top
hiolne.top
hiperdom.top
hironmen.com
hovernor.com
jikolis.top
kololokoip.red
korendor.top
kuskusnamnam.icu
loperdon.top
manyloaddss.red
maredosa.top
maxikolo.top
modestog.top
monerto.top
moreogramlfgt.com
muratinue.com
nedisona.top
newyeardocs.pro
newyearfreaks.pro
nikolopu.top
nonedore.top
owspidzu.pro
piterdos.top
redilok.top
renaultarkana.pro
renaultarkana.red
resultiplrt.com
riopwe.top
rubonder.top
santaclausdriver.red
serkolo.top
sionerde.top
sisipiciliko.pro
skachkiiloady.pro
stata.link
succine.com
systemory.com
thrushmore.com
tierton.top
transityfade.pro
transityfade.top
viderson.top
vilokilofilo.pro
viterex.top
voperdom.top
xyuvuugadali.info
xyuvuugadali.pro
ziones.top

# Reference: https://pastebin.com/VniAbG5k

ecowis.com
exceptionalsanta.red
fmjstorage.com
happysantacows.red

# Reference: https://twitter.com/SoulRage6/status/1215259274055704577

letsgotopluto.best
plutomylove.monster
plutoisaplanet.best
plutomylove.monster
plutusforpluto.best
saveplutoplanet.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1215260222832463873
# Reference: https://app.any.run/tasks/47590dc6-e93a-49e9-b053-974230cf8d3c/

hillenincopenhagen.best
willenhillen.xyz

# Reference: https://app.any.run/tasks/36d30924-4064-4288-a4e3-bc3ea44bda3e/

venusplanet.best

# Reference: https://twitter.com/JasonMilletary/status/1227975671282118657
# Reference: https://pastebin.com/kVWnJkaC

4success8.pro
creativedevelopment.xyz
developme.best
fridgehealth.best
geminichair.xyz
imreherzog.xyz
kinuplayer.info
langlawer.pro
nasafridge.xyz
spacecable.best
starofporn.xyz
thefeelingsapple.xyz

# Reference: https://twitter.com/Paladin3161/status/1228359000359501824
# Reference: https://pastebin.com/GUGbsQxE

appleparkca.best
bigbonmax.best
firedoggy.xyz
laroshelle.best
stamptowns.best
stsseriesdilemma.xyz

# Reference: https://twitter.com/James_inthe_box/status/1228452446978002944

applethecompany.best
bulbulmeni.best

# Reference: https://app.any.run/tasks/e7fb661a-6968-4367-9cd4-2077419a702d/

jagerteam.top
bibliophil.club
happyhunters.pw
bibliophil.pw

# Reference: https://twitter.com/malware_traffic/status/1243645177245380610
# Reference: https://www.malware-traffic-analysis.net/2020/03/27/index.html
# Reference: https://app.any.run/tasks/16c7bbfb-1c6a-40be-a625-bf8bc870354b
# Reference: https://app.any.run/tasks/9f2e532c-24d9-42d5-9be2-7ce9a8920980

conceptinteriors.ae
karantino.xyz
pravizzillo.club
projectfatty.club

# Reference: https://sysopfb.github.io/malware,/icedid/2020/04/28/IcedIDs-updated-photoloader.html
# Reference: https://app.any.run/tasks/d092cd7a-3e1c-479f-93e0-6494e464f44e/

hxxp://45.147.231.107
customscripts.us
hinkaly.club
karantino.xyz
zajjizev.club

# Reference: https://twitter.com/malware_traffic/status/1256297802948399104

ghefgekil.club
obratapres.pw
smallhole.club
severeconditions.xyz

# Reference: https://twitter.com/James_inthe_box/status/1257418677760282624

knockaddress.xyz

# Reference: https://pastebin.com/vCfWusnR

lokolojazz.club

# Reference: https://twitter.com/SBousseaden/status/1258564579463921665
# Reference: https://app.any.run/tasks/c98c5585-ad28-4744-8156-476efa30674e/

turtlesfun.fun

# Reference: https://twitter.com/James_inthe_box/status/1262856956613554176

connuwedro.xyz

# Reference: https://bazaar.abuse.ch/sample/837f40c12fc476d81d0741da2ab0bc0ee5c9857fe9623f2dfa33fb9f9d20f6ce/

bividilli.xyz

# Reference: https://app.any.run/tasks/6b57fda7-dd83-44c9-a8d0-3befecb7c4c6/
# Reference: https://bazaar.abuse.ch/sample/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec
# Reference: https://www.virustotal.com/gui/file/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec/detection

cryptocrio.pw
cryptocrio.top

# Reference: https://twitter.com/abuse_ch/status/1265989591628238848

3chickens.pw

# Reference: https://pastebin.com/bUzE4Df6

fordthunderbirth.site
gotofresno.xyz
luxcarlegend.top
nicebirththunder.cloud
poloturtles.top
robertogunez.xyz
totheocean.pw

# Reference: https://twitter.com/James_inthe_box/status/1268985862173257728

porkon3stuff.top

# Reference: https://twitter.com/Artilllerie/status/1270013362194219008

makindra.xyz
pohindra.best
prostokilo.top

# Reference: https://twitter.com/malware_traffic/status/1270158384738770951

trythisrandom.top
ziddat.com/registration.doc

# Reference: https://twitter.com/malware_traffic/status/1271588921168867329

musicapuntocero.com
wloppyload.top

# Reference: https://github.com/f0wl/deICEr/blob/master/README.md

boldidiotruss.xyz
nizaoplov.xyz
153ishak.best
ilu21plane.xyz

# Reference: https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware
# Reference: https://pastebin.com/Sz16iU57

2pillsofhunderts.pw
30miles.xyz
3chickens.pw
3glanzepages.top
antivarevare.club
antivarevare.pw
bavadivaclub.club
beradocolon.top
bividilli.xyz
bluekit.pw
bonwes.bid
bredretre.uno
carpetkisa.xyz
carztesla.xyz
chumocarz.club
citytrallbus.xyz
colocarantino.xyz
connuwedro.xyz
cosacasa.top
costacolonel.club
costamustero.pw
coucarachiz.top
cozyappt.club
crossbones.email
cryptocrio.pw
cryptocrio.top
cucumberz99.club
dayafterthe.xyz
dezisenkor.club
docccutime.xyz
emergencytoolz.pw
extraordinarycurc.club
fekilopol.xyz
feminization.xyz
fidelliware.pw
filacolonel.site
filacolonel.xyz
filteroggy.pw
fishmak.pw
flighfinder.xyz
flightslots.online
forwardnogi.pw
fredoferodo.top
frenchfries8.top
fullplainefares.club
gerenada.club
ghefgekil.club
gigakolors.club
glassyradua.xyz
goodcolonell.xyz
goodservers.top
groggypirogy.top
herekeder.best
hinkaly.club
instarobotics.club
karantino.xyz
kassadesada.top
knockaddress.xyz
knockdomain.xyz
loacorecoder.club
lokolojazz.club
menosmeno.best
millogorillo.top
nadalia.top
northdestrickt.top
oggytarakan.club
oggythecoucca.xyz
polymorphis.top
pravizzillo.club
pravizzillo.email
presserdresser.best
pyramide33.pw
pythonfinder.top
safebanktest.top
seguridadcolonel.club
sharedocar.xyz
siffersniffer.best
silkycow.pw
smallhole.club
stuffed8tomatoes.club
svaerossi.pw
testermeisterz.top
tourdayly.top
tryfreder.xyz
trythisone2.best
uxozhuki.pw
vereseptem.pw
vodkahater.xyz
withoutemblems.top
yahzdaje2.website
zajjizev.club

# Reference: https://twitter.com/ffforward/status/1275364648091557889
# Reference: https://app.any.run/tasks/f4945f71-1327-43d4-b948-326bcc730033/

khaliel.com/load/
loadthird.casa

# Reference: https://twitter.com/abuse_ch/status/1275526243404972034
# Reference: https://bazaar.abuse.ch/sample/921138bc2b28d01a51e6673c6e61ba3237592d08875180e0b3749d8e47fdfd6d/

germana-arad.ro/tds.php
redbrookconservatories.com/wp-content/themes/genesis/tds.php

# Reference: https://twitter.com/abuse_ch/status/1278373790054076417

ldrbasketball.net

# Reference: https://twitter.com/baberpervez2/status/1279177216249733120

lotusabloom.com

# Reference: https://twitter.com/James_inthe_box/status/1282793500325498881
# Reference: https://app.any.run/tasks/0a4d263a-75d7-4e10-8129-4b260141ebcf/

neptuneloadz.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1283450384061800453
# Reference: https://www.virustotal.com/gui/domain/ldrglobal.casa/relations
# Reference: https://www.virustotal.com/gui/ip-address/104.248.62.43/relations

ldrglobal.casa
ldrgreecehome.casa

# Reference: https://pastebin.com/raw/DZNj1XQ6

circleoccupy.best
ldrtango.casa
mramoritto.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1285210383557558273
# Reference: https://www.virustotal.com/gui/ip-address/157.230.17.102/relations

loadberlin.casa
loadprague.casa

# Reference: https://www.virustotal.com/gui/file/502268717d5b2e7c70d800f09daaebb861d0c05baf66f96f698215107bcf82d3/detection
# Reference: https://www.virustotal.com/gui/file/4794fc23f8b61badab67099a5f31ab20a1864a061fabd89d60695c5cefe2a29b/detection

citytrallbus.xyz
cluebullet.best
conspiracylegal.xyz
freekolobanga.top
kolobanga.press
mannycoder.top

# Reference: https://twitter.com/malware_traffic/status/1285669899696775175
# Reference: https://www.virustotal.com/gui/ip-address/178.128.195.34/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.105.198.105/relations

againstrocket.top
androsandro.top
blmfuck.best
blmfuck.top
changewinds.top
fegmetozza.top
helicopterstarted.top
italyvenice.top
newwildtuna.top
overthewater.top
plainlanded.top
shopunderwater.top
venicefood.best
venicefood.top
loaderprototype.casa

# Reference: https://app.any.run/tasks/d52f66be-14f1-47fc-ad3b-77c89c0e2b77/

loadhnichar.co

# Reference: https://pastebin.com/raw/bfTG05My
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.122/relations

betafrosner.best
foztrotalphatester.xyz
gigaholliver.top
iskuliokilo.pw
loadkanoe.casa
passiopersio.top

# Reference: https://pastebin.com/a5rqv7c7

ldrfoxtrot.casa
ldrvals.casa
loadproto.co

# Reference: https://pastebin.com/NvzmauW1

ldrgopak.casa
loadbudapest.casa

# Reference: https://github.com/tsale/Kostas_Yara-Rules/blob/master/Malware/IcedID_loader.yar

requiregreen.com

# Reference: https://twitter.com/0bfusCat/status/1243213416837402624

monoplanebis.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.174.65.224/relations

banconchle.live
blackbullhorns.pro
blackcowlegs.best
boldidiotruss.xyz
bullhorns.xyz
bullyhorn.xyz
cargoship.top
cargovan.top
colocalzz.xyz
daretohaveyours.xyz
freeclubcargo.club
freeshippingto.top
hornybull.best
landoffarming.xyz
landstorages.best
nizaoplov.xyz
propanballoon.club
propanballoon.pw
propanballoon.top
selectedship.top
servantstat.best
shalomgashish.best
shalomisrael.xyz
shalomshabatt.best
shishashalom.pro
sizhinpin.best
spinnertrousers.best
sportspotlandfarm.xyz
trustedcommand.top
venomnewsite.club
verticalzz.pro

# Reference: https://www.virustotal.com/gui/file/79723cbc2234e26aae3111b8c7b6711da68a46d01e5808598a1492e49c331f60/detection

mexicanfoodinmiami.pro
exceptionalsanta.pro
happysantacows.red

# Reference: https://twitter.com/0bfusCat/status/1209421391910645760

santaclausdriver.pro

# Reference: https://twitter.com/0bfusCat/status/1059084917756301318
# Reference: https://www.virustotal.com/gui/file/199351acf7947ed415f6b4ed0049757fba0b0111aed1cfc20030efebe5af5005/detection

alldo.club
office365.bit
specialnan.date

# Reference: https://twitter.com/reecdeep/status/1290260109260595200
# Reference: https://app.any.run/tasks/dbf04eb6-35c7-4a8c-b311-67f6ffc1b54f/

ldrflippo.co

# Reference: https://twitter.com/p5yb34m/status/1290408585273344001
# Reference: https://www.virustotal.com/gui/ip-address/134.209.191.228/relations
# Reference: https://www.virustotal.com/gui/file/677fd9bc5ee34b4e171897fc07082a7fa14854d2f881cd62a23cb0c2181fa240/detection

ldrneptuno.net
loadagent.casa
loaderclass3.casa

# Reference: https://twitter.com/James_inthe_box/status/1290773214520434690
# Reference: https://tccontre.blogspot.com/2020/08/learning-from-iceid-loader-including.html
# Reference: https://app.any.run/tasks/b4beb108-60c8-4ae5-8f7b-4f21ffa5da7a/

loadfreeman.casa

# Reference: https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+IcedID+Bokbot/26438/
# Reference: https://otx.alienvault.com/pulse/5f2d7028f25fbdc6daa1b016
# Reference: https://www.virustotal.com/gui/ip-address/94.100.18.58/relations

31goalsyaher.co
atalantaclub.co
juveperdhue.top
leaderfreeder.co
northkorisla.co
qazyaquanauti.co

# Reference: https://twitter.com/reecdeep/status/1292828204445696001
# Reference: https://app.any.run/tasks/59666532-c5e3-4080-9266-7812f337a104/

nothingtodo.co

# Reference: # Reference: https://twitter.com/p5yb34m/status/1292886770246225920

soldkorean.top

# Reference: https://pastebin.com/raw/Ye7MrSqV
# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.145/relations

debuggerhelper.top
discsnooker.best
felliohreffer.co
jallioradio.co
youmecube.top

# Reference: https://twitter.com/0bfusCat/status/1293218539684401154
# Reference: https://www.virustotal.com/gui/ip-address/159.203.184.41/relations
# Reference: https://www.virustotal.com/gui/file/d99c8340e0a0c65212465e36ea184e48b16136ccda77dcf2b2a0865b154f70c6/detection

accentio.online
boxeschannel.co
dassentrio.top
ulanudeo.online
zalkipamat.top

# Reference: https://twitter.com/reecdeep/status/1295399848569712642
# Reference: https://app.any.run/tasks/26ef48a4-c45b-48f3-8a63-c5b02f7467b4/
# Reference: https://www.virustotal.com/gui/ip-address/134.122.73.8/relations

loadlisboa.casa
loadofficer.casa

# Reference: https://pastebin.com/raw/4tgby2qV
# Reference: https://www.virustotal.com/gui/file/9ba8f41f73a563796c021dbe89d3bd9a8d3a2d0226425e43efc271536f5f376b/detection
# Reference: https://www.virustotal.com/gui/ip-address/165.227.41.66/relations

loadrome.directory
crypnotes.co
ghererrafleur.co
helindraold.co
hwakiraklir.top
mahindranew.co
staerfraer.co

# Reference: https://twitter.com/reecdeep/status/1295727323052945411
# Reference: https://app.any.run/tasks/c33bd52b-f56e-486f-9b7f-55ac112e8554/

firstava.top
fourthava.club
secava.best

# Reference: https://twitter.com/Unit42_Intel/status/1296500515065536515
# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-18-TA551-IOCs-for-IcedID.txt

apparatto.top
babafirst.top
babafourth.club
cheapoilz.best
mintrillion.club
musorru.top
rolifo23.top
thirdava.cyou

# Reference: https://twitter.com/reecdeep/status/1296809596351283200
# Reference: https://www.virustotal.com/gui/ip-address/138.197.137.215/relations

ballsinluza.co
ferhalirish.co
ldralfa.casa
ldrbeta.casa
ldrcharlie.casa
lifregal.co
snookermaster.co
spplohh.co
trazzhres.best
truckycustom.pw

# Reference: https://twitter.com/reecdeep/status/1300432198135418880
# Reference: https://twitter.com/reecdeep/status/1301159068279746561
# Reference: https://app.any.run/tasks/f3c7a321-bead-4914-b780-bd9e1dca32a2/
# Reference: https://app.any.run/tasks/f312482a-bf13-4f05-ac58-9bf0a91ef132/
# Reference: https://www.virustotal.com/gui/ip-address/64.227.95.68/relations

classified.best
customrecustom.top
deskofreserve.top
dissdoorg.top
explodevices.top
huhunadekil.top
ldrtugi.casa
niggpigs.best
piggyniga.pw
programmelexc.club
singleperson.pw
terminpolg.top

# Reference: https://www.virustotal.com/gui/file/2a9fe9fdc49ae22a691d027f721bab70a430136559b2207b528e905c390343f6/detection

195.69.187.86:443
93.189.149.176:443
ignorepairs.pro

# Reference: https://pastebin.com/QSqT99xJ

albarthurst.pro
ambiguing.net
anothese.xyz
answerved.net
bandstreat.pro
berlingbowman.pro
bugandonesis.club
camishniacing.pw
carlsbadenomise.top
centrastroyer.club
charactic.pro
chardiop.club
consequencycle.pw
contempty.club
demandymedes.xyz
dorentmeofts.com
egainvisit.pw
ettestinbalt.com
exchangests.xyz
forsynanchyv.com
germakhya.xyz
goodinzone.at
harbournal.club
hipponexunam.org
hornformance.pro
hydrylater.online
ichthererbob.org
ignorepairs.pro
importional.com
maiowforecto.org
massentern.pw
mechangerous.space
meiyardionsa.org
minoriticipal.pw
monkeyflowed.pro
mozambiquest.pw
murderinal.pro
parenessed.icu
ransmittend.club
rolescene.xyz
runethern.pro
seconominist.com
seeminism.pw
stimateurs.club
summerch.xyz
talogue.pw
teautotaillhurneg.org
therlanding.xyz
thracial.pw
thussailled.pw
tracroadsmendisan.org
tradication.pw
wagenstead.xyz
writtee.pro

# Reference: https://twitter.com/p5yb34m/status/1303408866483290112
# Reference: https://twitter.com/p5yb34m/status/1304108801860071424
# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.92/relations

eurisiuri.top
kilogoncha.casa
ldflipper.casa
ldfolkland.casa
ldklippers.casa
loadbejing.casa
loadgermy.casa
loadlondon.casa
loadnewjersey.casa
loadperventin.casa
loadseoul.casa
loadxiniang.casa
repofinlsnd.casa
sleepymaxer.cyou
vbikdemokk.casa
vloppiloker.cyou
zasudaproteet.casa

# Reference: https://twitter.com/reecdeep/status/1304051067093692422
# Reference: https://twitter.com/reecdeep/status/1304071658521669632
# Reference: https://app.any.run/tasks/c0d6f2fb-ad34-4ce8-9a87-ee2c9ac94055/
# Reference: https://app.any.run/tasks/0db6cb2f-b477-4e8a-8b7e-a7911fcfc8f0/
# Reference: https://www.virustotal.com/gui/ip-address/159.65.137.90/relations
# Reference: https://twitter.com/reecdeep/status/1305523915054354433
# Reference: https://app.any.run/tasks/2c48723a-6803-4f9d-a330-63d546408b9d/

9dayscitadel.co
biglosses.top
ldleadflip.top
ldrfatty.casa
ldrglass.casa
ldrplastic.casa
loadbiofill.casa
loadbooker.casa
loadhooker.casa
loadnavycomp.casa
loadspanny.casa
roofallkilo.co
waysoflibis.best

# Reference: https://www.virustotal.com/gui/ip-address/51.210.73.176/relations

fikilederes.club
ldjersey.casa
ldrapollo.casa
ldrglass.casa
ldrinsertion.casa
ldrpanel.casa
ldrporollon.casa
loaderooker.casa
loadflooker.casa
loadfrooker.casa
loadgooker.casa
loadsite2.casa
loadsite4.casa
pussiageorge.cyou
starterdewakilo.best

# Reference: https://pastebin.com/Z4kWrhSF

10hesadety.pw
85vumbut.best
asnerkifa.cyou
aspellino.cyou
bcertyuo.cyou
gastellino.top
hurmaniut.cyou
matrossinio.xyz
povoliporillio.xyz
zopenret.top

# Reference: https://twitter.com/malware_traffic/status/1304507387957608450
# Reference: https://pastebin.com/bRT1y6rv
# Reference: https://www.virustotal.com/gui/ip-address/68.183.47.194/relations
# Reference: https://www.virustotal.com/gui/ip-address/164.90.153.241/relations

budagent.cyou
castrovillage.cyou
daswerbworse.best
delegatoz.xyz
jheckler.top
malgs.best
patriwifecis.cyou
saqerisation.best
tatarovers.best
tizersincluded.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/134.122.55.164/relations

77hertykol.club
90nesokret.top
astrafrodo.asia
bcertyou.cyou
bettercontact.co
downdomino.click
examoplerevo.pw
ldrdropper.casa
ldrpaperkoz.casa
ldrpitcher.casa
ldrruble.casa
ldrshekel.casa
ldrstar.casa
ldruniverse.casa
loadgo2.casa
loadro3.casa
loadwe4.casa
trapotorio.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.158/relations

circleoccupy.best
corporotto.top
mramoritto.top
papuanewguinew.club
portivitto.top
slizilinno.top

# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.223/relations

loadwarsaw.casa

# Reference: https://www.virustotal.com/gui/ip-address/79.141.171.183/relations

allpikoloserdzwe.cyou
gaagachelo.cyou
obnaprimezert.cyou
odnovoennbundes.cyou
sipmptomsledy.top
sprbumazna.club
uragapediculez.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-20-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/161.35.148.20/relations

ldrplutos.casa
loaderoverlord.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-31-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/165.22.120.138/relations

ldrpolka.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-03-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/161.35.207.41/relations

houssio45.co
littlehomies.cyou
radicaltreppo.co
transferhouse.cyou
twoloftscats.cyou

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/89.105.198.114/relations

atombody.best
blholove.best
blholove.co
coverbeacon.top
cutbroken.club
lostinbush.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-20-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/104.131.13.31/relations

ldrfewa.casa
ldrgeo.casa
ldrnuri.casa
ldrpopi.casa

# Reference: https://www.virustotal.com/gui/ip-address/159.203.35.240/relations

gugafirst.top
gugasecond.cyou
ldrfohill.casa
womindo.co

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-27-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/89.105.194.231/relations

chinadedoing.best
feretraidsouth.cyou
musiciange.club
pommiopeo.cyou
rightsaqua.cyou

# Reference: https://www.virustotal.com/gui/ip-address/128.199.121.86/relations

balancesheets.pw
destroyerspussan.top
stryjerefer.buzz
swedenstats.best
tank50.top
xixoloadr.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-28-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/67.205.166.105/relations

dluizz.top
ldrloki.casa
nothingtodo.co
shammunani.top
situator.best
sleepstops.club

# Reference: https://www.virustotal.com/gui/ip-address/185.147.15.25/relations

kajakracer.top
sequoejak.club
statuator.pw
swedenstats.best
withmar.club

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-01-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/167.71.229.185/relations

gigacouckarach.xyz
ldrulmio.casa
piggyniga.top

# Reference: https://www.virustotal.com/gui/ip-address/159.89.226.226/relations

dissdoorg.top
explodevices.top
trazzhres.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-08-TA551-IOCs-for-IcedID.txt

loudnavycomp.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-17-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/142.93.218.110/relations

astedolo.asia
ldrcantimo.casa
ldrearth.casa
ldrkrona.casa
ldrmercury.casa
ldrpanel.casa
ldrpeso.casa
ldrphound.casa
ldrporollon.casa
ldrspace.casa
ldrsuede.casa
ldrvenus.casa
vragafraga.beer
wertigohol.click

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-21-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/134.122.101.157/relations

10hesadety.pw
85vumbut.best
bcertyuo.cyou
doremifasol.online
likofedo.club

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-23-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/206.81.11.50/relations

andronicakopianz.top
assfingerz.club
droidattac.cyou
geraldiconews.cyou
spacerevodron.pw

# Reference: https://www.virustotal.com/gui/ip-address/46.101.10.119/relations

antologymaster.pw
headtroller.pw
lokopotio.pw
smavellpolia.cyou

# Reference: https://www.malware-traffic-analysis.net/2020/10/06/index.html
# Reference: https://www.virustotal.com/gui/ip-address/161.35.111.71/detection
# Reference: https://www.virustotal.com/gui/ip-address/91.235.116.132/relations
# Reference: https://www.virustotal.com/gui/file/58708f4f20813442260ac0983ad6edb8666c4173606debef497d546bec2b1a2a/detection

america2020.cyou
donmekyrm.top
figatrummpper.cyou
fikilederes.club
firstava.top
flathommy.top
holubicoklire.top
huliosmall.cyou
huntinglon.com
islandfighters.top
ldraccumuu.fit
ldrautos.fit
ldrcalifa.click
ldreuro.casa
ldrforce.click
ldrjersey.beer
ldrpeset.casa
loadbmw.click
loadgiga.click
loadmercedes.beer
loadpascal.asia
loadwater.casa
lobechess.cyou
placestostart.club
realparallel.top
rufepuksuka.cyou
sepneretyiu.cyou
softcornerz47.top
uzhokpidarok.cyou

# Reference: https://twitter.com/malware_traffic/status/1313952618948030464
# Reference: https://pastebin.com/raw/Dv6edvut
# Reference: https://www.virustotal.com/gui/ip-address/178.62.243.45/relations

donmekrym.top
grablihuiz.cyou
holubicoklire.top
obnulenush.cyou
sepneretyiu.cyou

# Reference: https://isc.sans.edu/diary/rss/26674
# Reference: https://www.virustotal.com/gui/ip-address/134.209.25.122/relations

huntysmally.top
jazzcity.top
ldrdifference.casa
ldrright.beer
loadfelicio.fit
loadmarcello.beer
smalleryurta.club
whiskeybravo.xyz

# Reference: https://www.virustotal.com/gui/ip-address/143.110.176.28/relations

minishtab.cyou
novemberdejudge.cyou
sryvplanrespublican.cyou
suddekaster.best
xoxofuck.cyou

# Reference: https://www.virustotal.com/gui/ip-address/104.131.38.173/relations

ldrengineer.casa
ldrk50.casa
sadawerty.link

# Reference: https://twitter.com/malware_traffic/status/1317238281554317313
# Reference: https://www.malware-traffic-analysis.net/2020/10/16/index.html

engisilo.best
likoncar.cyou
phauballistic.club
skrepamulan.cyou
weaponreich.pw

# Reference: https://www.virustotal.com/gui/ip-address/206.189.179.174/relations

japansoldat.asia
kommyplete.cyou
loadcuhel.beer
loadhelico.asia
rusoldat.click
smallplaces.shop
spaceprogramm.cloud
spehanemzu.top
zomboboxer.top

# Reference: https://www.virustotal.com/gui/ip-address/46.101.0.125/relations

americansoldat.link
anklavartefact.cyou
greerknees.top
ideaofplet.club
isolatedglobus.top
kleeslikreff.top
konzsered.best
ldrleft.asia
loadbombardier.beer
loadcessna.asia
loaddyna.fit
loadnelliko.click
ostiriozhio.top
qapoloki.cyou
seaforrest.asia
startcapital.top
vernerfonbraun.pw
voairtaxetion.xyz
wasserherehiller.club

# Reference: https://www.virustotal.com/gui/ip-address/159.65.114.23/relations

8mopazuredolit.best
couretplodaserq.cyou
familyfromforrest.club
fihokiliopo.pw
filopipilo.top
millogorillo.pw
mishagrisha.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-10-19-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/68.183.125.188/relations

awemvngktyl.club
cowsmilky.top
defthebest.club
entroerdogany.pw
fishechi3.pw
fourblaizers.xyz
gigamazers.club
isolatedglubus.top
kolopoedre.best
kracherregimme.pw
luxcarlegend.club
pizzaeaters.top
posipako.top
reraspomonob.cyou
simpliefire.best
touchification.pw

# Reference: https://twitter.com/malware_traffic/status/1321211578113511425
# Reference: https://pastebin.com/raw/Szm0xFwr
# Reference: https://www.virustotal.com/gui/ip-address/188.166.82.172/relations

34ortiz.pw
bowlinglocombina.pw
careerquaterb.pw
dpvtrans.cyou
finulipor.pw
fodsijjire.cyou
hdfouter.pw
inforesuaremedown.club
maseratipirosh.top
mosquitollio.pw
nesutrebbe.pw
noviewnorussia.club
rivercoockinh.cyou
tsalkshower.cyou
tyrek87.cyou
wassilerepiom.top

# Reference: https://twitter.com/58_158_177_102/status/1321583599485820928
# Reference: https://twitter.com/58_158_177_102/status/1323420403277033472
# Reference: https://app.any.run/tasks/4e842de4-2dee-4f8c-ab25-d52a0c7bc4c0/
# Reference: https://app.any.run/tasks/2bbc6d3e-f0ca-42cd-8cac-f3af5296eea5/
# Reference: https://app.any.run/tasks/dbc926f6-eb68-43af-9a55-bc307b781754/
# Reference: https://app.any.run/tasks/deebf118-abe7-4ea5-9e33-81bce557d426/
# Reference: https://app.any.run/tasks/f64b9924-6022-428e-a0d7-4bd8ed3a3f01/
# Reference: https://app.any.run/tasks/8beff69c-0c5c-4ea2-9205-8b7ca7ade6f7/
# Reference: https://www.virustotal.com/gui/ip-address/167.99.248.130/relations

argentinocapuccho.cyou
covercinemo.club
detecvasquez.cyou
hobburussye.top
klopperflitter.cyou
konzsered.best
likrodetective.best
loaddyna.fit
loadhighertop.fit
loadrescuerer.casa
loadtwomoretimes.fit
ostiriozhio.top
papararazzi.cyou
redicilious.online
rekreations.cyou
voairtaxetion.xyz
zarubanonce.top

# Reference: https://twitter.com/MBThreatIntel/status/1321963911365586944
# Reference: https://www.virustotal.com/gui/ip-address/188.166.103.231/relations
# Reference: https://www.virustotal.com/gui/file/4d3c594e119e5137a2baafc1174d57b08f7b8bbd8e9116331abf8063837c0222/detection

anthekarabach.top
heredeire.xyz
loadpillar.casa
newbieshanna.pw
vesaporedik.club
zenit20112020.top

# Reference: https://twitter.com/malware_traffic/status/1323766476541775874
# Reference: https://pastebin.com/kHXmMhQQ
# Reference: https://www.virustotal.com/gui/ip-address/104.248.90.150/relations

0349ssss.cyou
3422jelle.best
9485pele.cyou
blokaddio.top
defeodallio.cyou
grekilioliplane.best
nawserty8.club
pelefootball40.best
quaddroporrte4.top
rewetiolo.xyz

# Reference: https://www.virustotal.com/gui/ip-address/46.101.7.77/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.245.106.220/relations

alotthinlayers.best
gridplates8.pw
loadatlantic.fit
loadhonda.asia
loadricky.fit
loadrover.beer
loadsite2.casa

# Reference: https://twitter.com/malware_traffic/status/1326680201208717315
# Reference: https://www.virustotal.com/gui/ip-address/143.110.191.95/relations

2018starnpz.cyou
2solovushka8.cyou
aerofighters.co
angarakolessi.top
anyactions.best
armanepozy.top
armennewerria.top
aslokodebillo.best
astrapresa.top
aswepori.club
awelipo7.club
awertyutilo.pw
balkimraklire.cyou
belowragi.pw
beradocolon.top
besoputinnioputa.cyou
bigconsequences.top
bomberfiller.cyou
budaberlin44.top
bulutuso.club
casadekilo.best
cderete.pw
ckkpuliopo.best
closeroads.cyou
conretullio.best
consistan.xyz
coshmaputuxuylo.xyz
dasikloti.club
daysarecommitee.top
ddekilocasa.top
defencesystem.xyz
defreind.best
deliveryeating.best
derivoclition.club
dilibobiol.top
dosyllitu.top
durkapsycho.best
eastzrada.club
fcbarca.top
fdelopoh.club
federesursy.best
fekoliture.cyou
fellazillio.co
ferekilocasa.pw
findscrinder.pw
firstpartmotor.cyou
fodsijjire.cyou
footbalgoalkeeper.club
footballillemarcelle.best
freekolobanga.top
freemonter.top
geliopeople.cyou
gelipeterria.cyou
gettokolo.club
ghosternew.casa
gigikilo.xyz
gliokisser.best
glovercasa.club
goblinsdown.top
goloploroto.best
hdfouter.pw
hilloritopo.club
hongkonger.best
hzlkfb.xyz
jacksonwennik.pw
jare4.pw
jeteame.press
jijikolo.uno
kileder8.cyou
klopoprigozh.best
kolobanga.press
ledasopiret.best
lezasopedrill.cyou
likercasserio.top
likoncar.cyou
malselsilo.pw
maseratipirosh.top
moldovsky.club
moldovsky.top
moneocurva.top
motordotor.cyou
multiplecities.co
nekillosa.co
nithingmore.top
northvietnam.top
nothingknown.co
novoport16045.best
nullnadum.cyou
oldeney.xyz
operswagner.club
panrights.pw
parrondon.xyz
passsmennelio.top
phauballistic.club
pipulosha.cyou
piska.win
plainia.xyz
polisyl.top
postsovok.cyou
prevampion.icu
rankaraoh.xyz
rasolpewsitr.club
recidiver.best
rerozvi.best
reshitixa.cyou
retainthecolour.co
revorevonove.pw
rurulukashi.pw
sanoradad.club
sillivilkous.top
skisliz.club
sositezaporebrik.top
stilstol.pw
stopfurusputo.cyou
swerlillio.co
tarabarov.online
transmissons.pw
trebletta.top
trolliroses.cyou
tyrek87.cyou
ultimatulebe.cyou
unodostres.top
uppernapitki.club
uralshuja.club
velocarsderev.co
vergilliostar.top
vesaporedik.club
villedasilpo.best
visiondesicion.casa
werikiloty.best
whiterange.top
winthebrit.pw
zaborder.pw
zedebobo.top

# Reference: https://www.virustotal.com/gui/ip-address/198.211.99.24/relations

12demuslims.top
aslokodebillo.best
besoputinnioputa.cyou
compactmuslimsdeport.pw
experrementummo.pw
jacksonwennik.pw
nomoremigration.cyou
timerdisclaimer.pw

# Reference: https://twitter.com/58_158_177_102/status/1329591778635235328
# Reference: https://twitter.com/58_158_177_102/status/1329591782519177218
# Reference: https://app.any.run/tasks/9a6231ad-313a-4dff-a22a-e087f99edbb4/
# Reference: https://app.any.run/tasks/383862d8-66f5-4de9-b013-1d99f8bde04f/
# Reference: https://www.virustotal.com/gui/ip-address/143.110.185.84/relations

deretter.club
futuduramatios.best
kamastos.cyou
kennethinstitute.xyz
lowbudget.top
marinesnotarmy7.cyou
rasolpewsitr.club
suitecasecourt.cyou
sweetporto.cyou
zoperawekil8.top

# Reference: https://twitter.com/reecdeep/status/1329761384842792961
# Reference: https://app.any.run/tasks/89819e81-b694-42d2-9cd1-fa0b8e6bd9c8/
# Reference: https://www.virustotal.com/gui/ip-address/159.89.6.165/relations

4tankers8.cyou
aweragiprooslk.cyou
formerglommer.best
linedefragmentatiom.best
psycotrest33.cyou
revopilte3.club
transferblog.top

# Reference: https://twitter.com/malware_traffic/status/1329934246249697280
# Reference: https://www.malware-traffic-analysis.net/2020/11/20/index.html
# Reference: https://www.virustotal.com/gui/ip-address/165.232.104.85/relations

agrivcultureintegra.club
coupper3.cyou
desinforma.cyou
emoposawe.cyou
okrufedikol29.club
plumbum44.cyou
realisationdelimitation.top
store4famly.xyz

# Reference: https://www.virustotal.com/gui/ip-address/161.35.152.178/relations
# Reference: https://www.virustotal.com/gui/file/26101626e9e57de6271161f6929922bdc46ba4c71a98161cebf4e3199b82e58d/detection

bolopedasrty.club
desatopillo.best
klopperflitter.cyou
m103tank.cyou
minerdorf.top
shermannlow.best
/laband162/main.php

# Reference: https://twitter.com/malware_traffic/status/1331259415022825473
# Reference: https://pastebin.com/BR3dZTNU
# Reference: https://www.virustotal.com/gui/ip-address/68.183.54.143/relations

9seeallcars.best
afromadness.club
astroglippers.club
billeriubin.club
crypetecranch.best
dawessigriggio.pw
dnaislatoler.pw
egedemaer.cyou
fuckingkremlin.pw
grabberputinoyd.best
initiativeuntimed.cyou
lawofthechanges.cyou
noagreforisla.pw
nonormsinsla.pw
oligophreneoligarchi.club
oxxoboats.top
pochkapechenka.cyou
proissvollio.club
reraspomonob.cyou

# Reference: https://www.virustotal.com/gui/ip-address/167.71.224.39/relations

0349ssss.cyou
100thdollars.cyou
1911drink.best
49vodysf.club
54asplane.top
9485pele.cyou
aretulopetega.cloud
asertuyo.pw
asskniferd.best
avilablehelp.top
colombosuede.club
colosssueded.top
decorunbelieveble.best
delokijio.pw
desertpw.pw
driverapmassive.pw
durablad.shop
evroparlamiko.cyou
falsivikirigizy.pw
fihokiliopo.pw
fufuarmenja.xyz
golddisco.top
gromhitputi.cyou
hotelindivire.cyou
jajaelecto.club
june85.cyou
kniferbellir.cyou
kultimulti.top
laskiopowert56.club
layerfatfek.club
miamia.club
millogorillo.pw
mishagrisha.top
netochstatic.club
olloterponeik.pw
pareomedeo.club
pelefootball40.best
propellerregis.top
rarejawelleryz.cyou
refakolun.best
ruwedolki.pw
selekilleque.best
servepeolor.top
shakerdrinker.top
stubbornbilo.xyz
supremecourt.cyou
tatataryk.pw
wasserwoman.top
wertigoterrio.online
wheelssp.top
yorkykukri24.top

# Reference: https://twitter.com/malware_traffic/status/1331720027188441088
# Reference: https://pastebin.com/raw/43E0C8w3
# Reference: https://www.virustotal.com/gui/ip-address/68.183.89.248/relations

aslopoer45.cyou
bonvemrt.cyou
desloporty8.top
ujkiol45.cyou
vopilo49.best

# Reference: https://www.virustotal.com/gui/ip-address/64.227.88.71/relations

21pointsframe.cyou
acci54.cyou
casaderassa.cyou
defillionew.cyou
fikolopore.cyou
froplays.top
winasession.cyou

# Reference: https://www.virustotal.com/gui/ip-address/37.252.1.57/relations

basebusebise.red
bseballpro.pro
countrylandlords.info
geroiconnect.info
kostafootball.info
kostanards.red
selefromeconnect.pro
simpletransit.red
successkali.red

# Reference: https://www.virustotal.com/gui/file/e5f928160acd53a19b7de681b32b61fb36e1a7b13e9e8c1f3b5be66bc36496b3/detection

embassyecuador.ca
executiveteams.biz
maelloussa.red
malumaricky.info
mekillomelloussa.info
raeggyricky.pro

# Reference: https://www.virustotal.com/gui/ip-address/188.127.227.76/relations

arkanacarszoom.pro
arkanacarszoom.red
arkanaways.pro
arkanaways.red
bezzuhikali.info
custommegane.info
indianfoodinmiami.pro
kalistands.info
kasialinia.info
koreanfoodinmiami.pro
kostaboxing.pro
kostacardsplayer.pro
landiscloudlord.red
landlordscloud.pro
malayanfoodinmiami.pro
meganrenaultforjoe.red
mexicanfoodinmiami.pro
renaultarkana.pro
renaultarkana.red
russianfoodinmiami.pro
serejitykaty.pro
sisipiciliko.pro
thaifoodinmiami.pro

# Reference: https://twitter.com/malware_traffic/status/1333485185841713157
# Reference: https://pastebin.com/x9iiCjGH
# Reference: https://www.virustotal.com/gui/ip-address/167.71.138.137/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.135.82.225/detection

1952warrior.xyz
8mopazuredolit.best
allthemeanings.top
asderator.cyou
azomorinno.best
crysys70th.cyou
fewboys.cyou
folopotress.top
heavytankmarines.best
kamastos.cyou
m41tank.best
marinesnotarmy7.cyou
middletankbattalion.club
morenthechief.xyz
oldaquafrsh.cyou
outgrade.club
rotapetek.cyou
symplyfireteller.best
t34tank.club
tatarinanaboskuto.cyou
woodenbruus.cyou

# Reference: https://www.virustotal.com/gui/ip-address/206.189.56.140/relations

8andmack.cyou
moviecastle.club
philadelphiagirl.top
rockercastle.best
wendi4kcash.top

# Reference: https://twitter.com/malware_traffic/status/1337471320339177475
# Reference: https://twitter.com/reecdeep/status/1337458646754729986
# Reference: https://app.any.run/tasks/6749761d-4922-4b3f-be99-609aae866aeb/
# Reference: https://app.any.run/tasks/95e1dda9-37a1-460e-9e46-e53d45194211/
# Reference: https://www.virustotal.com/gui/ip-address/188.166.88.45/relations

14katok.cyou
aluditos.top
awertino.xyz
berringheavy.best
cosmokosmo.best
djordanobruno.best
eastpomeranija.top
energydefrost.top
firstpetja.top
fislatriller.best
franciscointelle.club
glicolikop.best
holeretopolo.club
kastrillobromwich.cyou
killwaterkolonn.cyou
lockdowngunni.club
millipillio.best
milliship.top
modulbelongs.club
neasdutr55.top
neferetiti.top
pedezrkken.xyz
pilotflights.club
portugalloindostan.top
proorbital.best
razunimorep.online
retechnolodgy.top
rpoznahu.top
terpepillio.casa
tsarabsolutely.top

# Reference: https://www.virustotal.com/gui/ip-address/5.149.254.27/relations

fiscalclub.top
ottepel.biz
reshailam.biz
t3476.top
vollhafer.top

# Reference: https://www.virustotal.com/gui/ip-address/185.38.185.103/relations

chainoftheapril.cyou
localallcases.xyz
lukapedrilla.cyou
unproffesional.club
xilophones.best

# Reference: https://otx.alienvault.com/pulse/5fcf6bf143bf8362603727ec
# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.101/relations

80frontluzkher.xyz
bruzilovv.top
heavyselfartillery.best
killicher.best
kolotiloher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/139.59.101.19/relations

aviaaero.pw
likishino.pw
missigloves.best
orsibataan.pw
phillifighters.cyou

# Reference: https://www.malware-traffic-analysis.net/2020/12/11/index.html
# Reference: https://www.virustotal.com/gui/ip-address/161.35.57.202/relations

autohoffer.club
dorogaway.best
joelubber.shop
marcingranio.cyou
marzingranocny.top

# Reference: https://twitter.com/infosecfu/status/1337486196193243137
# Reference: https://app.any.run/tasks/edf32891-5b39-4673-9a25-e575c14a5aac/

manusderci.top
/weqre779/index.php

# Reference: https://www.virustotal.com/gui/domain/romelonda.top/relations
# Reference: https://www.virustotal.com/gui/file/68729a7f6faed84d68f85eeb04058d9f53271f30edc3c6585276e05f4f11ccaf/detection
# Reference: https://www.virustotal.com/gui/file/b112abf8ea2013cf70b5e32f0ac30a9aa938ddb3d3e3a71403afbb94a6a52ba5/detection

romelonda.top
/koreto937/index.php

# Reference: https://www.virustotal.com/gui/ip-address/178.62.242.234/relations

16centurys.cyou
balanseer.top
dastoperasder.cyou
duellolineup.top
fulofutobrille.top
newfleet.best
oldesttrjapka.cyou
oldmanner.cyou
portoweapon.club
rusishipbuilder.cyou

# Reference: https://twitter.com/infosecfu/status/1339238803475718147

perosink.top
zapachastillo.best
/kolpe100/index.php
/kolpe100/main.php

# Reference: https://www.virustotal.com/gui/ip-address/178.62.217.217/relations

10thevoliko.best
cameraoshkosh.cyou
heweruty.club
loadaroma.casa
vesaporedik.club

# Reference: https://www.virustotal.com/gui/ip-address/188.166.126.25/relations

chinadopiller.cyou
defliportor.cyou
dewallerion.club
januarydiscoverry.cyou
premierre.cyou
satiscropertio.cyou
tajkillo.best
worldofcdor.best

# Reference: https://www.virustotal.com/gui/ip-address/91.235.116.134/relations
# Reference: https://www.virustotal.com/gui/file/69d0511d19b40f86ccc004a5172b9b1d0978dbd2cba47800f0e690a0a9a074e5/detection

addyourplanet.pw
balticgrindex.top
balticpagesyellow.best
balticpagesyellow.top
baltpeople.top
besitxavier.best
bestspacer.pw
buygrindex.top
habanadash.top
hispanuredesk.pw
mermateria.cyou
moonwalkerz.pw
morganholes.cyou
nazifestivo.best
vellifilliok.best
vermaxt.top
vilnusgrindex.best
vilnusgrindex.top
williher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.170/relations

20yearsofhappy.top
2posutiu.top
3rasstrium.top
4closium.top
balticpagesyellow.best
balticpagesyellow.top
britford.top
bundesplumber.pw
chinalapsha.top
comherehlopp.best
deactivationlima.pw
dereferederefrost.pw
finderway.pw
firebrighter.club
fitterglitter.best
flightrewards.best
floppysyncty.best
forfillo.top
gigakiloframe.club
grrjeibneder.top
hidethetrooper.top
historyfireclose.online
ididallthis.best
kremlinpidar.pw
lokihiliilo.pw
patrium5.top
physicaldissapear.xyz
pilafirefighter.top
qwebrester.club
seattingiron.club
seculitura.top
severade.casa
sittingbytes.pw
sittingbytes.top
smokebreather.best
sportunism.xyz
tastition.icu
teoreticaldanger.pw
thesisted.icu
thoughout.icu
thyrstypup.best
topolanger.best
tyreprize.best
uxanlabchina.top
wassaby.cyou
weneedmiracle.club

# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.55/relations

alforitn.pw
asertigo.best
asrehillo.best
delkiolllo.club
ferejillo.top
inonumax.pw
planeplan.top
removember.icu
zarinnader.pw

# Reference: https://www.virustotal.com/gui/ip-address/188.119.149.77/relations

bluebook.pw
caserelation.top
demondedemon.cyou
deretopol.top
dogawaydered.top
flipperauto.top
followthemusic.top
glasssmoothest.best
gokaserilo.pw
hallfinaleuro.cyou
helopoderurban.pw
hillitrumper.cyou
inocontacts.top
istredestre.cyou
kylerdog.cyou
makeallbetter.top
march44redflag.top
maynotneed.top
molliksawer.cyou
okliogiokol.online
proig748vybo.cyou
rezultatexit.best
rossafloor.top
servethe.cyou
shiopwarrior.club
udarrihroup.top
uneslokutaz.top
unofighter.top
voiliwerty.best
wakeupearly.club

# Reference: https://www.virustotal.com/gui/ip-address/134.209.182.58/relations

bloadypupper.best
puppybloder.pw

# Reference: https://www.virustotal.com/gui/ip-address/161.35.10.43/relations

brillianto.pw
dramboldorritto.top
goulittioma.top
onixxyto.top
postifitto.top

# Reference: https://www.virustotal.com/gui/ip-address/68.183.147.106/relations

balticgrindex.best
filomante.top
grafomante.top
grepotufe.top
homelandjapan.top
hreopofreopo.top
japanmiduej.top
judgessur.top
myxel.best
myxel.top
pyxel.pw
pyxel.top
rigagrindex.club
rigagrindex.top
sedorozza.top
wedikolitures.top
weliomanter.best
weliomanter.top

# Reference: https://www.virustotal.com/gui/ip-address/165.22.27.128/relations

neffritto.top

# Reference: https://www.virustotal.com/gui/ip-address/159.65.117.225/relations

48greedstrocks.best
60stepsofhonor.club
andropsoshyls.top
asformeded.best
chinamania.cyou
controllerdoppler.club
countrysinger.club
crespofootball.best
disgerdefer.club
dominotopper.top
draggerbreather.top
flemmingyogan.top
icehockeyplayer.best
loadcaramboll.top
loadpool.top
loadsnooker.top
lovemesong.cyou
minutemanner.cyou
neverminded.club
playedwilliams.cyou
plockerdocker.top
prokladvpsder.cyou
protorilla.best
rebuilder.cyou
respondishot.cyou
shotofframe.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.156/relations

boatergrip.top
carduirtitor.top
equipmentkess.top
felixheater.top
footlegger.cyou
gigafilliopot.pw
gilotriatior.top
halfkilo.uno
hereandnow.uno
heroimonroy.xyz
kissavorob.best
klopolopo.co
kompozitt.club
lagunaway.top
miracleisnearby.pw
mostuiretitor.top
planeplan.pw
planoftheplane.best
pullhimoutrightnow.top
rebondianer.top
responsekesson.top
shitdownout.top
sorryworry.pw
spacefutures.club
tangodelfuma.club
tangodelfuma.top
thurstygrep.club
vosshodo.best
watercityv.top
williher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.203/relations

45hlopokk.cyou
75meterspenny.best
agreemanrajon.top
analogrostter.cyou
asnuternou.top
aspertilo.pw
astrogonk.top
bennansouth.best
boltwinelter.top
caloporedeiuy.top
chinaamer.co
closeddoors.pw
confliccto.cyou
coopergordon.top
dasaewqaz.pw
destroycruiser.cyou
dewardsdom.top
doprorayny.best
efficientsys.cyou
eishtoss.best
ekipueqe.best
englishjill.top
factoryoccupied.pw
faloppoitu.best
fifthorange.uno
fluckservlet.cyou
gasopenuty.cyou
grabberuno.top
greattemple.cyou
greedyserver.cyou
gregoryhaskey.top
harderpytok.cyou
headcaliber.top
hillerfloppy.best
hongcontrol.best
hrenuevo.top
huilojilo.pw
instadomain.top
integrproject.pw
internalchanges.cyou
kinginoffrance.best
kirewefere.club
kissmobo8.top
krachemore.cyou
lieinthecourt.xyz
litiernode.cyou
longnerrion.cyou
lunat.top
mihabrexa.top
newskrefake.top
niiloporef.top
notoseeing.top
oppponaval.pw
plantstopped.top
politicosite.top
quantummilio.cyou
racerasismus.website
rumeokilobravo.top
saintplaces.top
sellehopolo.cyou
semiofficial.pw
shepperdhlino.top
shopunderwater.club
sincotul.top
socialexpert.top
startluna.club
strangekidnapping.cyou
stratergoicour.club
threefili.cyou
tuksvata.cyou
whiteclub.uno
zipperpocket.cyou

# Reference: https://www.virustotal.com/gui/ip-address/128.199.46.99/relations

250krmilvod.xyz
dnatamdere.top
filopipilo.top
kravynolu.cyou
lostciviliz.top
mustangleverage.top
nikushotomo.cyou
reerwheels.top
singlepizza.club
vladygoofy.top

# Reference: https://www.virustotal.com/gui/ip-address/209.97.178.88/relations

344povja.cyou
docotorre.pw
ecodeberzew.best
eurospirtus.pw
kilokubok.best
klopwedir.pw
longprjob.xyz
modellomatematico.pw
novemberpanda.pw
profitdolores.cyou
shmellioretry.pw
spiritusprom.cyou
stationoxxy.club
valueimporto.xyz

# Reference: https://www.virustotal.com/gui/ip-address/68.183.92.152/relations

damagedhelicopter.top
destrickthelio.top
niggazilla.best
niggazilla.top
vtaplanes.top

# Reference: https://www.virustotal.com/gui/ip-address/64.227.48.220/relations

2001williams.best
defreabral.top
ldfranny.top
ldnails.casa
ldrsitting.casa
ldwikita.casa
loadgranny.top
loadhorit.casa
olleggiomuch.cyou
pollogreffi.cyou
sewellia.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.201/relations

100ranhut.casa
12herruio.cyou
areadati.site
assficioklo.cyou
dewellerfive.top
grabberderekilo.cyou
hulioferere.cyou
hunlokiol.best
koliokilio.cyou
lukapidarillo.club
oppokandida88.top
paratraxer.cyou
poloplayerrin.cyou
poreadse.cyou
qafewillian.cyou
qwellerz.cyou
redavenue.pw
redstreet.pw
rewrite.best
selicawand.cyou
susiporo.top
utochkafes.cyou
vemenadra.cyou
vilnovlada.top
wasalerfourth.top
wenjalutto.cyou

# Reference: https://www.virustotal.com/gui/ip-address/142.93.192.37/relations

carantinium.top
jaredetiuo.top
kaiffero.top
kvazideruptura.top
rfparasha.top

# Reference: https://www.virustotal.com/gui/ip-address/128.199.1.118/relations

docktorthird.top
rooferfirst.top
troopersecond.top

# Reference: https://www.virustotal.com/gui/ip-address/161.35.15.124/relations

1208272020.club
daswerty.uno
folokihuradio.top
gibbelspidar.top
kloppertrainer.top
niochem.cyou
patokolsti.cyou
pechedesilla.top
pooltrap.cyou
rebuild.best
redraw.best
saliopok.cyou
sdarrinutulopo.club
suxirakili.top
tesfrentu.club
tixoluka.top

# Reference: https://www.virustotal.com/gui/ip-address/178.62.41.69/relations

asdeliocarlo.uno
australiatrible.best
australiatrible.top
bremenmusician.best
chinatrible.best
chinatrible.top
genry50years.top
motorscollege.top
racerflawer.top
racinghills.top

# Reference: https://www.virustotal.com/gui/ip-address/161.35.29.30/relations

killerturbo.top

# Reference: https://www.virustotal.com/gui/ip-address/5.39.222.254/relations

antiquepariss.top
fresnoviews.top

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.104/relations

fortunefish.best
millitower.co
ollorett.cyou
pzawert.best
sillimotor.co

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.204/relations

centralliniom.best
dictatnotwin.cyou
idolszillo.club
inrinterest.cyou
mountlunnar.top
naryty.top
nylonwhell.xyz
pillermarket.club
steelmoker.xyz
suverenguardia.pw
varetoukolit.club
wheelformforsu.top

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.247/relations
# Reference: https://www.virustotal.com/gui/file/41d94230aaaff4d4b14233efaf0f106bff0519ac0c5420bf46d3210c33cb3e27/detection
# Reference: https://www.virustotal.com/gui/file/644ce7b8b00378237f12523c452bd0177390d43dc392bf6f679e49dfcfb4338f/detection

glostercrabs.top
placeishidden.best
speedyarmyjp.top
tunahunters.top
westportmorsby.best

# Reference: https://www.virustotal.com/gui/ip-address/94.100.18.53/relations

placeishidden.top

# Reference: https://www.virustotal.com/gui/ip-address/194.187.249.152/relations

allthereal.top

# Reference: https://www.virustotal.com/gui/ip-address/45.147.230.95/relations

applewrangler.club
asberperger.cyou
aswerger.club
awerymotor.co
cucumberproto.cyou
dedalikar.club
devidedsnooze.co
fasseipolot.cyou
fillerdriver.co
fillerwinner.best
fishofgloster.pw
fleightfreight.best
fourgoun.co
freebilliard.best
gegeluza.xyz
gigamonkey.top
greatwheelsdiscs.cyou
hillerfderec.best
howwescottish.co
hrefferlikol.cyou
inetcable.top
jeepwrangler.cyou
joasoosda.club
kliolkiol.best
klursson.best
linkerstar.top
lookatamerica.best
momentaljeep.cyou
newwheels.cyou
newxrocket.top
ninetiten.club
qalufrikili.cyou
saderillo.best
sinaloacity.top
thaiplant.cyou
towermotor.co
wilverhampton.club

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.116/relations

10steps.top
12spended.cyou
23dfuere.top
allthehole.pw
asdpergerz.top
asthenesosto.top
autofiller.top
awerymotor.co
beloviator.top
boatliker.top
daserwerty.top
defulliopo.xyz
dewastradio.top
diktator.cyou
druidzero.pw
formulapilot.top
forrestserviceusa.top
frelossko.top
halfpastsix.pw
hnjkiloer4.xyz
holopourer.cyou
infoillario.icu
klioterrify.top
klosafelli.top
lightshot.pw
messiliving.top
mullioflavio.best
nextflight.top
popondeou.top
prodo22exrad.top
quietcountry.cyou
rarealience.uno
rezinrubber.cyou
seatgreews.top
ser88protu.cyou
show39prit.top
trusteepilot.pw
warriordos.top
warrioruno.top

# Reference: https://www.virustotal.com/gui/ip-address/159.65.146.96/relations

gerermotor.best
kilomotorr.cyou
messagehistory.pw
samadviga.cyou
sederevillio.top

# Reference: https://www.virustotal.com/gui/ip-address/185.245.84.144/relations

dancegirlls.top
hlipolioklass.top
oldformer.top

# Reference: https://www.virustotal.com/gui/ip-address/167.71.73.106/relations

doctryna.xyz
ekxortsisto.best
gabushev.top
kilmentostar.best
netutto.best

# Reference: https://www.virustotal.com/gui/ip-address/159.203.30.45/relations

swibstoca.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.110/relations

avadevatop.top
balkonnydiva.top
fansboysband.club
flagmanduty.top
gerefaller.top
goodperiod.top
goodplay.top
hulioflagger.club
hummondgrande.co
icebreakerz.best
klarksonfresh.best
nicedays.pw
parrapper.top
parratropper.top
pilliows.top
reactionspeed.club
warriortres.top
willigilli.top
wordsayd.co

# Reference: https://www.virustotal.com/gui/ip-address/79.110.52.195/relations

bitemouzert.cyou
readerchater.top
vasellifred.best
warending.top

# Reference: https://www.virustotal.com/gui/ip-address/37.120.222.46/relations

artificialterminal.club
deltaoilprice.stream
enterprizealco.top
oiltechno.top
qwelloprice.best
symplerincomes.cyou
teacherfat.top
tightende.cyou
traxxer.xyz
tresfighter.top
valusepromo.cyou
wazzaruti.top

# Reference: https://www.virustotal.com/gui/ip-address/206.189.140.201/relations

10yonkitchen.cyou
20yearshotel.best
asperhotels.cyou
berendik.top
billionhorob.pw
bishkekeskul.online
bounapartismo.xyz
butunkyrgyzston.pw
chillichemodan.xyz
degradationrus.pw
ebanutyechina.best
favouriteho.cyou
furggonn.cyou
gorokrysa.club
grabbelinno.top
gripperboat.best
kukarachaluka.cyou
maskborts.club
muxxikoma.pw
plitsupperboin.top
rivertrier.top
roofmaplejeep.co
sterevjatnikko.top
tarakanoluka.top
waterzlynulo.cyou
zenithrequired.best

# Reference: https://www.virustotal.com/gui/ip-address/165.232.110.48/relations

chinatrades.best
mufootreve.top

# Reference: https://www.virustotal.com/gui/ip-address/159.89.18.27/relations
# Reference: https://www.virustotal.com/gui/file/8d12f1e1265315d45481a955155f56a3c35a229adf35105bf730a495cfa1332b/detection

nomoreislamy.xyz
parisbarbara.top
ramzanahmat.cyou

# Reference: https://www.virustotal.com/gui/ip-address/159.89.27.147/relations

2020jaccky.shop
cybersecurito.pw
highestscream.pw
icercream.pw
kremlinvorona.pw
linvorodana.cyou
razadrava.pw
vaccicybertheft.pw

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.94/relations

kazluxraritet.club

# Reference: https://www.virustotal.com/gui/ip-address/188.166.120.59/relations

apatiaredopia.cyou
artsteerlingwheel.top
astahastalavista.cyou
decracoffe.best
konchitaebuchka.top
kumurazh.pw
littyfahren.club
lookatnice.top
middleposition.cyou
nazamoskaotp.xyz
tenpounds.top
wheelsreels.best
workerspickuper.club

# Reference: https://otx.alienvault.com/pulse/602911fab6ba07fc0d8b1a70
# Reference: https://www.virustotal.com/gui/ip-address/206.189.161.224/relations
# Reference: https://www.virustotal.com/gui/file/8c5c92e1545b49d6d45c4f14a5414f437f94d1fe628fc656df9154386955f23d/detection

azarewetete.best
honoluluo.club
lawernios9248.top
masfiatto.best
redession.cyou

# Reference: https://twitter.com/MrsYisWhy/status/1360499999415689216

austriarch.xyz
gigagregory.xyz
urgentyattention.cyou

# Reference: https://otx.alienvault.com/pulse/602fa970591aa64fed643c2c
# Reference: https://www.virustotal.com/gui/file/69efa5acfe8ee79871251f01a779e9f1b8458983fce9a32c4b032836f4b947da/detection

willizoo.website

# Reference: https://www.virustotal.com/gui/ip-address/159.203.116.96/relations
# Reference: https://www.virustotal.com/gui/ip-address/167.99.187.112/relations

derrickolop.online
gomotorcycles.site
kraseipolo.space
zaxhasshira.uno

# Reference: https://www.virustotal.com/gui/ip-address/64.227.119.213/relations

artilleryin.online
bowepripos.uno
caliberunity.club
kastellira3.space
pexxota.space
shrapnell.space
snproti.cyou
timerework.fun

# Reference: https://www.virustotal.com/gui/ip-address/206.189.10.247/relations

berxion9.online
chinavillage.uno
deregojikulo.uno
emanielepolikutuo1.website
gommadrilla.space
oskolko.uno
prolomstenn.fun

# Reference: https://twitter.com/malware_traffic/status/1364999361902469127

14yeara.fun
georrohero3.space
livekossa.fun
positionpererost.space
pulemashinegun.online

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt
# Reference: https://www.virustotal.com/gui/ip-address/159.203.6.195/detection

awerityubfer.club
cleantheplace.top
reworktopper.top
wellernaft.top

# Reference: https://otx.alienvault.com/pulse/603f7b7498567421ddbc2ca0

whisperingstar.com

# Reference: https://twitter.com/reecdeep/status/1369357573686779905
# Reference: https://app.any.run/tasks/ab0acd15-b09d-4ff2-bf88-a1e55c7d4f76/
# Reference: https://www.virustotal.com/gui/ip-address/143.198.2.53/relations

22bogotacapoital.online
2tomorrowcaholo.fun
44glovesmoliuy.uno
errehra.club
faeswerderioytt4.fun
gioloporazirt.uno
newandnewers.website
ponchilizza9.website
serpedfiler.uno
warcorrective.online
zcqqdur.uno

# Reference: https://twitter.com/ps66uk/status/1370026963604099081
# Reference: https://tria.ge/210311-k6mbf6fwna
# Reference: https://www.virustotal.com/gui/ip-address/143.198.25.214/relations

apouvtios2.uno
awefoplou5.site
chajkovsky.space
daserwewlollipop.club
dastemodaste.fun
emanielepolikutuo1.website
klicjop9.fun
ohbluebennihill.website
seconwowa.cyou
violonchelistto.space
zomonedu3.website

# Reference: https://twitter.com/p5yb34m/status/1370091615918776320
# Reference: https://www.virustotal.com/gui/ip-address/164.90.143.105/relations

barmaafmaodd.space
fedlopesazillo9.site
kitchenbiggy.best
klicka2.online
laworzbuio77.space

# Reference: https://www.virustotal.com/gui/ip-address/165.227.28.47/relations

agitopinaholop.uno
dedupomoshi.space
iporumuski.fun
twotoiletsr.space

# Reference: https://www.virustotal.com/gui/ip-address/178.128.243.14/relations

217roteben.online
320glazhuk.fun
529pqexirvy.uno
630mordorebiter.website
723salikoper.site
801cvcaller.online
apoxiolazio55.space
asforthemines99.uno
awefoplou5.site
calldivorce.fun
fekiop3.space
fiollofiorro.uno
gaubizza.cyou
georoworro5.website
georrohero3.space
hiolop4.fun
oceanwaterfree34.xyz
shuttlesojuzo2.space
turkairlonomelette.space
zomonedu3.website

# Reference: https://www.virustotal.com/gui/ip-address/167.99.212.207/relations

bulktrumpbun.top
capittolijar.cyou
epitete435.cyou
jailedtrump.club
prioriteteinsider.top

# Reference: https://www.virustotal.com/gui/ip-address/139.59.168.175/relations

520horsepower.top
allhealthis.top
antibioticoroto.club
asianpacificregion.cyou
chassche.top
eventheren.club
kikanefiga.space
klikaclicker.website
solovjevo.uno
tifferoi.top
vovocolo.cyou
vozloteolot.space
wallagolla.cyou
wasserduster.website
weatherbaddyly.website
westerrossa.website

# Reference: https://www.virustotal.com/gui/ip-address/138.68.52.94/relations
alltheout.space
asperragirro.top
awerinosillo.website
bethehere9.site
childparafer.space
countryhero.site
dadavipoliop.site
deprivemeer.space
derrickolop.online
fredtrampovich.site
gomotorcycles.site
goodywelli.uno
gsalliperioptol.online
hodokiblacky.uno
kraseipolo.space
limergreek.cyou
loporewendia.website
mastercalmarro.club
middeterraniendishes.cyou
nighterdevu.website
noknowfish.fun
poertico.website
rajoplaca.top
rossija.online
somythoghi.club
speakingfrog.uno
teherani.uno
urkourga.online
vendingwendigo.xyz
willizoo.website
zaxhasshira.uno

# Reference: https://twitter.com/reecdeep/status/1371794991614398466

33nachoscocso.website

# Reference: https://twitter.com/peterkruse/status/1371806755756335107

berxion9.online
cikawemoret34.space
emanielepolikutuo1.website
gommadrilla.space
prolomstenn.fun

# Reference: https://twitter.com/reecdeep/status/1372511120502759424
# Reference: https://app.any.run/tasks/d46b7411-f9ec-4fd0-ac24-bc9424a5671e/

188criolaserz.space

# Reference: https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection

lightopridum2.website

# Reference: https://twitter.com/reecdeep/status/1374295280309444610

vodostocksstand.uno

# Reference: https://www.virustotal.com/gui/ip-address/138.197.197.35/relations

0384smaturned.uno
34trully.xyz
439tzxtixrex.space
aimmnight.website
alotderedreamhome.fun
biigkrodivza.fun
earthdirespao.website
goodsnara.space
inowaserr.top
nenepepe.pro
otreincomsal.space
polopemoskow.xyz
rakovinnae.website
zawemofu4.website

# Reference: https://www.virustotal.com/gui/ip-address/167.172.240.248/relations

40yrjobberz.space
912caporers.fun
azorropulseee.fun
biigkrodivza.fun
descruppted8.xyz
dodoflightvogel.xyz
feaser2347.club
fivetonnbobavia.uno
islanddeazorro.top
longarmhighsta.xyz
missimokotov.space
opuhuilo3.uno
perfeck42.uno
perplace8234.space
pozharra.space
skolziko.uno
stoikoplot.xyz
tvorartificialnature.xyz
vodostocksstand.uno
willhouseforus.top

# Reference: https://www.virustotal.com/gui/ip-address/207.154.234.212/relations
# Reference: https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection

allthemilliplastini.space

# Reference: https://www.virustotal.com/gui/ip-address/165.227.219.125/relations

aplowzerrio.club
friendfrondo.uno
twocookiess.website
zopewifeisda.uno

# Reference: https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
# Reference: https://otx.alienvault.com/pulse/60620612447fce2d8297e899

cloudmetric.online
nomovee.website
smalleststores.com

# Reference: https://www.virustotal.com/gui/ip-address/161.35.109.168/relations

aspergerr.top
kneelklil.uno
newstationcosmo8.space

# Reference: https://www.virustotal.com/gui/ip-address/159.203.6.250/relations

blindpilotr.xyz
starorienta.uno
usaaforced.fun
wordstream12.tk

# Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768
# Reference: https://www.virustotal.com/gui/ip-address/159.89.146.79/relations

andninediugh.space
bronntanko.top
dellikodebillo.uno
japanrusso.uno
laugvnipha.club
livekossa.fun
minotransporter.biz
navessystrel.club
neprijaki.space
nester.website
orudjuioplik.top
plaskikali.space
polkopushka.cyou
positionpererost.space
pulemashinegun.online
skorossoter.biz
strelkopolk.cyou
thoughzine.website
yukrepoderevo.biz

# Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768
# Reference: https://www.virustotal.com/gui/ip-address/165.22.216.113/relations

22percentcatholic.top
23greems.best
2solovushka8.cyou
35monthmy.top
49spartantroll.top
88trooper.top
8whitehizhi.best
9judgessupreme.top
abutilo.pw
adeserekilo.best
affalyaffala.press
allarmenlos.pw
angarakolessi.top
asqerty.cyou
asuterklot.cyou
aswepori.club
aviacoverage.best
awerrigechess.top
awertyutilo.pw
awseredet.top
ayzerwin.club
balkimraklire.cyou
bellebekeriver.pw
benderlive.club
besoputinnioputa.cyou
beuatyhill.pw
botobotopod.cyou
boxeschannel.co
bychulukboto.top
casalifter3.best
casaverde.top
cassiopea.pw
cassiopeaplanet.top
castingsvillage.cloud
cderete.pw
classifiedz.best
clownstopper.top
colonelbiden.top
cosilituchi.club
costacolonel.club
creatortopdog.co
cresserok.pw
dalobecu.xyz
dancerplancer.co
dasterfroster.shop
daysarecommitee.top
ddiesells.xyz
deactivate.best
definitor.co
delicatomano.cyou
deputilop.best
desinfect.pw
detkazatka.top
dowhatiwant.top
ecolonized.xyz
ekxortsisto.best
enterbezzu.pw
eterasies.best
euroledre.top
fastcolonel.top
fediko.xyz
financesromma.club
finnikulus.xyz
fivefili.xyz
fivejudgescatholic.cyou
flawioretta.club
fodsijjire.cyou
footerloe.pw
fraunas.xyz
fretocasa.club
froretta.top
fukingdron.xyz
goblinsdown.top
gobotoplobot.top
golichi.best
golo5309va.cyou
googmusi.cyou
granittishal.pw
grazioballet.pw
grewekillopol.best
gsusand.xyz
guesspredat.cyou
helopotucasa.top
herience.xyz
highplane.club
hiiiet.cloud
historyz.top
hloporotokilo.best
horisonship.cyou
howitsmade.club
hreglikoli.cyou
immobilli.co
insuedebright.pw
ironcontra.cyou
italyshopping.best
jacksonwennik.pw
jijigolo.best
jpjapan88.pw
kekukurux.top
kidssovoll.pw
kilmentostar.best
kilokiolthree.top
kisslolo.shop
klioporeder.club
kodjakskoda.club
lawepofib.cyou
levede80rus.pw
lifeshopping.pw
lokolikolo.top
luckygoal.co
lukabotol.cyou
menmengogo.shop
meropivedo.xyz
millistore.online
motorrrewun.co
mrevitocration.best
nafrewsa.club
netutto.best
newbokadoors.pw
newtonmaster.xyz
noconnection.cyou
oilcheaper.top
oppogloppo.cyou
palattinograbber.top
patriaheretria.best
peresillo.club
podvaloknowunder.top
politukilo.top
powelrio.best
putinium.pw
qawerutto.best
quantumtime.cyou
refuelingspace.best
regionrus.xyz
renovationclub.club
reshalaraxan.club
resonanse.cyou
reuniondowding.best
salliokory.best
sank99.pw
santiselli.club
setivody400.best
shmylvaro.pw
speedfire.top
terrifitotrible.top
timetopython.club
towercomission.club
traglamat.cyou
tresgrabber.club
trillions.cyou
tuttogowillings.best
twofili.best
tyrek87.cyou
ulanudeo.online
underwaters.top
velessioauto.top
vesselmaker.co
vvpprocentum.top
warmachine.cyou
wasent.cyou
wassermanika.top
watchrights.pw
watermellowen.top
werightcars.best
xaserviolbotopob.cyou
zalopiterkiff.pw
zaporedik.xyz
zassterpolli.pw

# Reference: https://twitter.com/teamcymru_S2/status/1380233063238602768
# Reference: https://www.virustotal.com/gui/ip-address/167.99.189.26/relations

albanallahacrab.club
almostthere.uno
askzaderopol.top
astroperger.uno
aweritynmer.club
bawepotru.club
chiperwhittness.cyou
daskolermasha.club
debillotrussion.best
dewellop.top
erdoorproble.cyou
gerekillo.fit
haloporetopor.club
korytothealien.top
masskwearing.cyou
newwashitropl.uno
notimenodead.cyou
padishahmurrka.best
pollter.uno
psaderinki.top
ratatuiler.club
reloadgreece.cyou
resbulling.pw
retaziloper.top
shnake.top
spyter.top
strwemmillion.casa
takilerito.best
ultimatuum.cyou
uragusexgre.club

# Reference: https://www.virustotal.com/gui/ip-address/206.189.147.24/relations

2weekslockdowd.website
asweullio.xyz
cjgsggo.cloud
domankiy2.uno
grenademetto.uno
hedoilir1.website
smartinsights21.cf

# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.176/relations

ameripermanentno.website
chajkovsky.space
daserwewlollipop.club
mazzappa.fun
odichaly.space
ohbluebennihill.website
seconwowa.cyou
vaccnavalcod.website
violonchelistto.space

# Reference: https://www.virustotal.com/gui/ip-address/104.131.53.120/relations

celocsoptico.uno
provokordino.space
samostoja3.space

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-04-12-IcedID-IOCs.txt
# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.176/relations

ameripermanentno.website
banusdona.top
chajkovsky.space
daserwewlollipop.club
mazzappa.fun
momenturede.fun
odichaly.space
ohbluebennihill.website
seconwowa.cyou
vaccnavalcod.website
violonchelistto.space

# Reference: https://twitter.com/malware_traffic/status/1382868770486513665
# Reference: https://twitter.com/malware_traffic/status/1382869298809475073

185.92.73.147:8080

# Reference: https://www.malware-traffic-analysis.net/2021/04/23/index.html

stereozek.top

# Reference: https://www.virustotal.com/gui/ip-address/167.99.163.235/relations

classicfucup.top
hidethisfact.top
rangstatepol.top
ultimarulle.top

# Reference: https://www.virustotal.com/gui/file/18be9d0088dcf0f1ebb1f070927fe1ba07d3c5d1275d99f54459c2a51f70c18b/detection

federallissimus.casa

# Reference: https://otx.alienvault.com/pulse/603dd3d59d4aa6f57829577e

023943.top
107pushh.fun
10thousandop.website
122milli.site
152fugasso.online
18minutes.xyz
200pounds29.top
213podellkk.website
234tvgro.space
234willkids.uno
23rinninz.space
24savetonnofmaoney.xyz
2toserextended.space
30bisdestroyer.club
3204usexport.club
34tankdetank.website
39gefrost.cyou
400orudi33.cyou
60profit.website
68criuser.top
760maur.top
89shmurufo.pw
90stepsklick.site
aborigencredit.xyz
actorz.site
adinaporter.uno
aerospacefleet.uno
afdeserutil32.website
agrippinio.website
aircoverage.cyou
alkoshaffer.space
allmywill.pw
aloki20sottka.uno
alterdepressio.uno
alvaspace.cyou
amnewzel.cyou
androgender.xyz
anewknowwhere.website
antimatercrymea.top
aperdioret.top
aposlwarlir.club
areakilia.best
aristinmonsitin.uno
armahelper87.xyz
armyguerro.top
artesystemsssr.club
artiellerhow.space
ascjntukzv.buzz
asertinofase.top
asewter.site
asforthema.xyz
asquireter.uno
asredetollo.space
asreterharet.top
assinogrissino.website
asterhalogabry.website
astraracertlip.cyou
attacjollup.top
aviatechholding.uno
azarrdovertikal.top
azertuioploe.top
bejingexporto.space
benzeemo.pw
beregoaerodro.uno
bestcamalla.space
bloshiryn.cyou
brewed.space
brian.koinrobo.com
bridgershina.uno
buriooursqa.ml
buydeslone.work
camillodeprillo.top
capitoli.club
cardinalfirstwar.site
catchallmoments.pw
chernen.space
chertsheat.top
classicfucup.top
classikwarrattempt.uno
coallitsia.uno
cognakcola.fun
collonnellter.club
contreliteaction.cyou
cosidervariants.pw
cserdas.club
dasfilkoler.fun
daskurilla.pw
dasserenity.space
dastinhoklomann.pw
deblacker.best
demorespurde.space
destroyerattacker.xyz
detachingbolt.pw
dictorecovery.cyou
diggadance.top
diswurede.top
doktrinalli.club
dolasendoever.host
dolchegubanni.fun
dostostrelko.space
dromdron.cyou
easterpolletr.top
eeshraplen.club
elcamzigod.fun
erdoganno.top
escalateduttu.space
eurostabiller.top
evenedopolligo.host
everyonemustbe.pw
exitaports.website
expertulthima.club
exsprezzo.top
eyhodtvbm.cloud
fallelected.casa
fantasmagory.club
fasterforrest.site
federallissimus.casa
fellinimover.xyz
firstsentenceliberal.top
flagchipdase.top
forkftriosilly.space
forwardstrickt.website
fredekiltyresder.uno
frontierpilots.club
fsikiolker.uno
fullhamon.pw
gaaga923.website
gabry4saver.website
geasgeolander.fun
getallopeerk3.host
getoutofcontroll.xyz
gimnodopingo.space
gladdisfliop.xyz
gopoloto8.best
grandeprunto.casa
greedert56.cyou
greenpeoplokhoma.fun
grizzionedaser.xyz
guteyahgewish.website
heavyoildevelop2.fun
hedpolifiko.fun
hellernotureik.space
helpiscomming.cyou
hesolkiol.top
hidethisfact.top
hitthuracellio.uno
hoeruruuki.space
holkaxlopot.space
hommyfloppy.best
hondurasto.fun
house34vegas.uno
howergooverz.uno
hubannedillih.top
ideology8cum.top
idiomaflopper.website
importantoteme.uno
italianongrata.website
jasvamaheolop.website
jilliokedr.space
josseliender.website
jrburnit.website
juikole2.club
justiceminister.best
justinreich.net
kawepotriv.space
kdbploxokrocks.uno
kedlopzawutu.uno
kilkolper.space
killofrillio.space
kimyfrenotsure.uno
kinderz.online
kledoapkd.website
klintonkiagered.top
kolochaidomo.website
konstrolo.top
kontoshare.top
kosmolitopor.space
krasskipaint.cyou
kripotopliv.website
krizgorod.website
kuazavia.space
laloflanerry.website
lapoedjkeo.top
lazioperdovo.space
lightbombers.uno
lissikopopo.fun
listofounishments.xyz
littledeselect.club
littleflager.uno
littleshitthu.space
littliwoerdete.xyz
lkiokilogartes.uno
lopokedraito.xyz
mazaksaedr23.space
mealspleasures.xyz
mechaniclaphet.biz
medicinotero.website
melatallhugoboss.space
mhb877.top
middle20.cyou
monno29lizzo.space
moohammeddu9.club
moschner.top
moskomosto.top
mtownkrut.top
nadovodokora.top
nanologicinfo.cyou
nazio9033.cyou
nedalskdsert.website
nedopuumerra.fun
needforslower.uno
netmoscito2.uno
newzolind.cyou
nikakuraguio.xyz
noblackwhiter.fun
nobohlboudy.website
nomassbo.cyou
nomorefails.pw
noscream.club
novoloserto.fun
numerroipolo.space
obaitrumbama.website
obldedistrickt.fun
occupiedcherchill.website
oktavius34flo.website
olavrochki.uno
oppenheimerrizo.top
oprorra.best
orrigatrade.club
orrypansion.top
oxythuler.cyou
pasegroup.website
pasqualle.top
petelbomber.xyz
pidasnowerneever.top
pisdidsukkin.uno
planesdifferent.club
plannodoxho.xyz
plashkadertop.space
polevalight.space
politycodess.uno
pollibatter.best
poloniumqueen.pw
porkaporckuy.uno
porthole.top
premwendegardem.top
productionvolume.online
prohibition34gazza.website
provokewhyder.top
publicoaddio.club
putixuloy.website
quantisranti.xyz
quantuulim.uno
qwerylebedlake.uno
rangstatepol.top
rasterniomno.space
readyformerambassa0.uno
repodepositt.top
repostsubscrypt.club
reweretquanto.space
rfeveefo.fun
roesuwelt.top
romanstores4.best
rudellaito.fun
rudolphtheoeln.club
rusubberserve.club
ruswashi2.uno
sachinsahel.club
sadammanopore.cyou
sadertweller.club
sadervbenitere.fun
sakiloirania.fun
salvadrillo.club
samedime.pw
sanankiti44.website
sanctionshere2.xyz
sattelitekrebljad.top
secondpilots.space
sedakloid.top
sellygloper34.uno
shadeheada9.space
shaxtugel.fun
shelbyflannery.space
shturmann.space
silliorop.top
silloflippo.casa
sligslishki.top
snaruzho.website
solsnaker.xyz
sophiak.site
sosistopililo.top
soufredevous.host
soviwashirouse.uno
stallipoverr.xyz
strannopopolo88.website
submarineubot.xyz
superhaskey.best
suttepromi.top
suttohowmake.top
swiftreloadert.xyz
tankoavis.cyou
tasyateles.club
teaboxes.pw
teacupshotter.space
technicallanallythizz.top
terrikonfere.cyou
thousakilor.top
thulleultinn.club
timedeveloper.website
train348.fun
trefferwasted.top
trend100series.website
tridentscaeder.uno
tromboastrashield.space
truffelpodomain.website
tuashoutting.website
turneedarroundedd.website
twotimercvac.uno
ubotmarinerz.top
uglevodorodo.top
ugolkuzjaspace.website
ulevvinterop.top
ultimarulle.top
unilievercity.uno
urramoskower.top
usser234dopper.space
vaclicinni.xyz
velospok.xyz
veryatlasglanz.best
voighteltinlee.uno
wallerik.xyz
warmpoller.top
warniweder.space
wasserwaster.xyz
wasszerkeater.website
whyfoyouneedthis.cyou
xiolodiogo.club
yeahnowneede.website
zagrotypressure.fun
zaheadd.cyou
zakharymiddi.fun
zakkider2.website
zapatiryesa.fun
zapokorrdo.fun
zapolitudoporetu.website
zaprosso.cyou
zarathabnkgiv.club
zaseflopir.website
zeleydoby9.fun
zenithartillery.top
zhirafatty.host
zlokichinn.space

# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.126/relations
# Reference: https://www.virustotal.com/gui/file/585229377732e8e8b26e4a4ea5ea805b5f6a655de5dd45d6a6ef821f2211a6c3/detection

ferrelosaakolo.top
icouldmakeyoubelieve.top
jikkiaderwa.top
makeyoubelieve.top
refolloprello.top
zasertiokil.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.85/relations

barcafokliresd.top
desagreelokilo.top
desazasilkor.top
dsedertyhuiokle.top
zasertolofolom.top

# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.254/relations

defliressisto.top
luppotuppo.top
weighteroperter.top
zasatava.top

# Reference: https://twitter.com/malware_traffic/status/1390061477739048964
# Reference: https://www.virustotal.com/gui/ip-address/139.60.161.89/relations

bestdecision.agency
redetillu.casa
rojjoness.digital
sporticyber.bid

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-05-10-IOCs-for-TA551-pushing-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.103/relations

dupperawergo.top

# Reference: https://twitter.com/TheDFIRReport/status/1392443465540280322

38.135.122.194:8080

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.86/relations

elligoes.top
everysil.uno
tukituchiundo.uno

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.87/relations

asisas.site
buklaka.top
cheptovgon.top
dronoplon.site
formenalina.top
frealinamov.top
gepuzeum.club
kisekyusn.club
letakyanm.club
lotototok.top
moretok.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.97/relations

fimlubindu.xyz
fungitomik.buzz
hillerfolding.fun
lorrobrama.digital
nostroporto.casa

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.81/relations

2tothepollo.top
allnezokila.cyou
daserekolut.top
scupiol.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.72/relations

chispublic.cyou
emotilnal.top
fresder34.top
gorrodorro.top
servizibancari.website

# Reference: https://www.virustotal.com/gui/ip-address/185.33.85.35/relations

fimlubindu.club
fimlubindu.top
kilodaser4.fit
tournamento3.online

# Reference: https://twitter.com/malware_traffic/status/1395110158292893698

mexidorna.top

# Reference: https://otx.alienvault.com/pulse/60ac3ca5c7a4a34cd42f2c2b

oonnewretrieve.top
aspotube8.top
delorevo54.cyou
73burned.xyz
glibberklised.cyou
referezhu.cyou
aziretedefertyu.space
fourthwireblue.top
saloporitili.uno
davethecat.club
hihitressikol.xyz
mentokiller.top
2timesperhour.cyou
rentedhouses.top
milanotopallo.website
junkkers.cyou
excellent.pw
60kilobig.top
waserutlo.best
dudefromme.pw
regardlessnotice.top
antropometrics2.best
hreffpoz.uno
pasquelle.pw
negrotheanima.top
beslopred8.best
bleepingtrolling.pw
decarrige.top
airtopolos.best
ferrolikosy.best
beedinthecorner.cyou
chaseltd.top
detopobot.best
tranmigrust.club
trueisouthere.top
qazzy44.top
stairparliament.xyz
glioclio.top
colleagues.space
dailyselections.space
conretullio.top
namalnu.cyou
demofuisla.top
shampaolir.club
lsiuprz.club
duckdiliogio.pw
mazsertoph.site
blackermagickl.online
casablancos.top
titannicus.club
quadrogorrila.casa
worsterrio.cyou
zapahzhivot.best
quatrograbber.best
skodacar.top
ludebiliomosso.cyou
ds349onmo.online
1800whyskey.club
jikoloridoro.online
gleeserfer.fun
radioosobble.top
zasityre.fun
politicopaper.cyou
worknigger.best
testthehalf.top
tellernefer.cyou
zoorezerg.pw
muslerafootball.best
burningkuzja.xyz
beavare.top
wegoingforward.top
falalalala.online
nexttimeflopper.top
vyoturehik.top
dowblegroup.top
paserilloterrra.top
berrowernew.casa
ins34devicci.top
marsbasecolonisation.cyou
oplotyholly.top
embassyatt.co
blomdiranus.top
lysterpad.top
blastserriout.space
yozafmail.xyz
bulkikachalki.xyz
ishigishili.top
horseswood.best
winrarzip.top
ereferokiro.club
jillio55tibet.cyou
thetrainz2.fun
heffertopper.best
holdzakreppo.best
konnokaraconfli.club
hamdurget.cyou
enemyplanes.cyou
crprotoper.best
buygassa.cyou
maseratti.co
greatlongitude.top
ezopolanguage.club
ope99wah.top
kontextkassa.xyz
radarinformation.club
bluewhiteblue.top
sparkasse.icu
fillercasser.top
smallerfilterr.pw
asezmbot.pw
aswqazxjf854.uno
freeactivities.pw
aszaertiolki.top
sadwqseria.cyou
awsedc8.cyou
neverfewer.top
britishsuddoku.best
herecasa.top
mousefinger.best
soldierplays.uno
centristovogel.cyou
illioredesazerro.top
cozyfrozzy.club
futterrr04.top
pacificoceanposi.cyou
xerrrload03.top
tanksprunks.co
mdpoter02.top
cheeferichai.top
feleciagelicia.best
tigerslysanka.shop
12wandera.space
gigicasa.top
politicosifilli.pw
2kiljiondo.cyou
deliioppoe.site
daseratioklippa.cyou
washercarefull.best
cryingru.top
asitrepo45.best
asforkaterz.club
refiouthg.uno
responsedolo.cyou
bilbobulbinz.cyou
casfer.space
agriartificial.cyou
90volizmu.pw
tribleafgany.pw
pundikalo.top
tourtogreexce.space
firstcovo.pw
tyrefolo.cyou
20athenanight.space
specihero.top
kasernium.top
encredibleluck.top
lightcost.top
xzcvcvxvxcvxfx.top
bundeswear.club
ledikopaswer.cyou
linkorwship.top
aspergillio.top
feder5ru.club
futterrr06.top
plizzerino.best
freshdelivered.club
pakistanytrible.top
niduaej.co
hueabattle.co
foreversuccess.cyou
lyfterzambija.cyou
kunalamala.site
lokkinkolins.cyou
listentoljah.xyz
futterrr07.top
divisionjungle.top
xerrrload09.top
su25parasha.cyou
dasweruoutl.best
sistersbrothers.top
possipilotmission.top
pushtutrible.top
passacorarocket.cyou
nifrittilo.pw
reloadagun.top
brenttheoil.top
horrortravel.best
rozathetroll.pw
kalldereprostudo.top
slobrewelo.pw
glisserpolot.club
ballelisa.icu
400prettyboy.best
hireowe.cyou
marcelle2020.top
populationrivals.best
tyvasolo.club
hdedkilo.top
avitalion.online
opareomfre.best
virtyvaldauj.club
fertiggbox.co
tunyhouser.cyou
deflaggedteam.cyou
gelevandren.cyou
greenwhite.top
russalino.cyou
hokkerhurricane.xyz
aslillefc.cyou
aswerillio.top
aswenedo.space
ererdivisia8.uno
walirede.top
asgokillpro.pw
bigmotordetax.cyou
xoxolillia.xyz
xerrrload02.top
polterheist.xyz
1timeperminute.top
clackson.club
sissioferrigo.cyou
webhosting.club
xexxds01.top
goodbeach.top
spingland.top
formgotobig.top
ameritrainer.cyou
daweci9.uno
pickuprtvi.cyou
evtoporojk.top
postyu200.best
univmaryland.co
zalupafedor.cyou
orelresh.cyou
opusdeiorden.cyou
pidortelling.cyou
mlokiolopo.top
sleepyputani.top
klanamistress.best
fasederro.site
moriiikk04.top
sneguriko.cyou
retaerdoig.club
greenflopper.best
huyprofitarmane.best
stvoller.casa
thruthicer.best
follerring.best
23ktradell.club
biggarderoub.cyou
fedenio.best
dranyjvatnik.cyou
bottlefresko.top
deactivate.pw
saygoodbauy.cyou
tribleafgany.top
wastedfekol34.club
softlanding.top
selfitrigger.top
nffiiload06.top
ifitislovenosad.cyou
kagozeltabs.xyz
thirdfeder.top
fereoplo.club
xrt10devi.top
qassertolik.top
texasfresnos.top
boughtscreezy.space
37squ75tho.casa
11hearallsongs.cyou
deklafimonum.top
cereberetour.club
noisladominate.cyou
gulliverro.top
felpojdhf8980.cyou
quadrattokolo.club
agraminam.club
azoperfdeoti85.xyz
2kilowestern.club
exisulfur.icu
kukkriop.cyou
babinos.space
quantumoftupik.xyz
landingforced.co
hythereandhere.top
asplikottor1.best
flagoncitadel.co
backtothegrey.co
christmasdealz.space
azpergerlio.best
heretanky34.top
fmourtarito.best
otherpartofpazl.top
kloppertripper59.cyou
weakreal.top
09lawersz.club
lakirjen8.xyz
dirtyfloppy.cyou
welleater.best
spartap.cyou
businessrutuom.cyou
lasdomain.xyz
awerypidary.top
test.xyz
bomminollio.co
servepoint.space
delportio.top
pozzidlio.top
ajdzoovgjg.cloud
intimerjoel.top
10meterscamping.best
androginner.cyou
agencyiono.uno
solidstreamer.top
slavernigger.club
ocordero.site
intensemisha.cyou
karamarabach.best
aquesetu.top
grettaconfetta.top
kengurutrible.top
thirdbiggest.xyz
selfresponcible8.club
azeryforza.cyou
fucknigro.cyou
hilioherta.top
ahalfilomius.top
zilliporilli.cyou
loadamerican.top
oilrereder.top
leverlights.top
orangeisgreen.top
klioperillo.top
drugston.icu
anotherone.space
ameriplatoons.co
clubbyterry.top
gooseloft.club
dastermordaster8.site
declinesuites.top
yammupiro.top
newwest.uno
lonelover.best
wastefropp5.top
santafranta.top
azerasupra5.cyou
virulinnafre.pw
kilohardtostop.pw
greedyfopolo.best
totalitariusto.top
kderetillopo.online
81batallion.top
klopirtop.best
femaleremale.top
zappazappos.top
delimanotrousers.best
jamaguchi.top
128germanni.cyou
pasparadise.cyou
peoplewasserwar.casa
jiko455.club
wassermannshop.club
geroees.club
zaswerlito.top
rokonalo.cyou
villewerro.co
segamega.top
20bottledvine.top
restpost8.cloud
7metersforcamping.best
firsterchisel.cyou
allayzerawill.pw
45prinilop.xyz
27armybester.best
amehistonew.cyou
kjndawjdaw.xyz
monomonster.top
delemano.online
dedakolon.club
dekkiliop10.cyou
69cicopainterconti.cyou
hypergroup.best
lopotilliout.top
bantustan.club
likofeaswe.club
3gelepowagenokilio.online
bubudegert.best
ater78.cyou
roscosblows.top
pohindra.online
heavyfalkonz.top
hoistory.club
wlissywater.top
asqwertigo.club
ploasdemvnty3.top
hybridrerere.space
gioretta.best
mokkaleriol45.cyou
konto.top
garrbidge.club
eveningstarz.top
sawerememo.top
lastsallways.cyou
200senthomemuslims.cyou
havalebba.cyou
midaero.space
pfizer.space
zatulinzalupin.pw
newkolobanga.press
defilliporeit.xyz
chandleshi.top
vinchanger.xyz
funuionals.best
twogrands200.club
democrajikorespo.best
moveforward8.top
sedolawep.top
wasserquasser.best
turkeylokiol.pw
auctibox.club
zyjbohhmza.club
noacceptable.best
despedollig.top
awekiretlon.cyou
3boardeux.best
southattac.co
zhiganno.best
severewinter.co
leprasson.space
longlowbus.top
politifision.top
dollarsotke.website
hockeymanshajba.club
uppervolta.cyou
asterioidglowo.club
zovniokovpoxo.club
felliniferro.club
dronarmanni.top
streetbattles.xyz
fewdozenspeople.pw
millionworkers.top
eurochrysty.cyou
defenceshift.pw
fusbalspieler.best
prostokilo.club
germankjil.shop
aezakmiv52.top
christmasgiftstore.space
austration.icu
aderneillio.online
understandingtroll.cyou
floisthere.club
srvgame.top
muughpickt.xyz
spectacoers.online
ihcyryx.cyou
playerchess.cyou
helokido.top
thaimumbai.cyou
counterwinn.space
naturolinf.top
nffiiload08.top
oneinamillion.cyou
chacagrabsterston.top
loadpilotfly.top
greatdefbritain.top
asertypolo.cyou
zastepolity.cyou
belovedbygod.cyou
anerdtut.website
amrmaninaxuy.best
gorpokryshka.club
redislocated.top
outtvmarquise.club
scoutedevirro.space
perfectland.icu
keepacod.space
zahopaloterra.cyou
zambeziklop.top
differentcountries.top
visitgeece.space
klomperklimpon.fun
aswerellipol.top
webbio.best
dlopesazillop.fun
seduced.top
arahiss.top
rumunumoldo.casa
voldovan.top
puxuloblows.top
fedretiol.space
minibillino.top
piterkoller.cyou
panduspending.uno
lookupup.uno
avi.top
snakesofausrtalia.top
3498gladdios.top
dkilipoaswer.top
muvludturki.top
islapoliliders.best
revoluelectionusa.cyou
ninxuxu.top
meinkontopcypal.top
wifigrederlow.top
gekiloger43.best
forwardmoving.xyz
revoerdoganno.pw
ploreniutre3.best
feloporo.top
delicioustresh.cyou
neccessarywires.top
agropereprawwo.best
allways.cyou
nffiiload04.top
macphillipo.pw
wesselfront77.club
cwertoposler.cyou
zhirikpizdobollish.cyou
gogopizduny.cyou
supportayzer.shop
masigokret.cyou
fevizionn.best
vpngood.best
overzicht.top
mazafakkura.club
ceosin.space
nffiiload02.top
australianpenguin.pw
loveandflowers.pw
divautop038.cyou
negroexplu.club
rusiputipidrilo.best
belodebilo.pw
stoptheplanet.co
shenderovka.top
aspirinustrollus.top
onpixel.site
psgparis.best
sauartillery.club
march42.pw
tradplatgo.xyz
ameriplanes.co
bratvrututy.top
storegijoe.best
alcobottle.best
gladysshow.cyou
writingmessage.fun
ihrearbeit.top
firevilliowok.best
dasterholler.cyou
dastinumnan.cyou
batterygazzi.club
beerpubs.xyz
ecoproggy.club
franceswedenres.cyou
grandefirmio.cyou
gigakolobanga.press
kilokanistro.uno
munomudillo.top
whitelifesmatt.top
dohrepollitu.top
newgooddream.top
45broqngray.cyou
brightsunny.best
ilikedeskerlino.club
oligophrenejan.top
bonussokilo.online
pickuppzz.best
gravitazillio.co
poorbritain.best
2394rabbo.cyou
sderlopoilli.top
noprospective.club
11calikarotelo.fun
budnisjopper.cyou
reramolo.cyou
watergoingiz.top
monolablanic.top
seemslightpor.club
mlkieu.xyz

# Reference: https://www.virustotal.com/gui/ip-address/91.193.19.170/relations

girongasokli.top
malkomaricsad.top
timeculfing.top

# Reference: https://www.virustotal.com/gui/ip-address/165.232.185.3/relations

clusterzhima.live

# Reference: https://www.virustotal.com/gui/ip-address/152.89.247.60/relations

dukdonogirorlish.top
giraredeson.top
nativnefil.top
pakeduvistalik.top
ponduroviga.top

# Reference: https://www.malware-traffic-analysis.net/2021/05/27/index.html
# Reference: https://www.virustotal.com/gui/ip-address/45.147.228.198/relations

bediloper.top
bigeront.top
devicescout.space
disponfirules.top
garrozalibbo.click
lascakatheather.top
marslayot.top
roponavi.online
trinaa3.fun
twistcolseza.top
ytoptila.website

# Reference: https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/

backtotop.top
prepercentu.agency
francolodok.casa
gallsoweller.club
esaquell.website
saintgermaincluff.agency
tusdumifigov.top
buzzinmaster.live
pewazutior.fun
francelosterr.fun
mislinororv.top
vindurualeg.top
iraquyidlok.golf
extravnene3.top
wazakulpa.casa
bilbotor.space
vinchanger.top
zaporedi.club
bigdogbifmur.top
confidermaf.top
jackshanter.top
fungitomik.top
coronanovirus.top
extrimesuofki.top
dekoloeo.space
gontudovingiy.top
smokeinhabds.website
moresifoliatu.top
flipperdesar.digital
90poltuiltu.casa
shiptospace.space
klosterrion.casa
hesteklobum.online
sosista.casa
extrimefigim.top
chiefier.website
naviconscs.bid
dimetriadit.top
browserupdate.online
nonprofitwerde.top
instformtosu.club
contocontinue.agency
tututvmore.fit
frshfriend200.casa
extrimebigim.top
musicmuskolino.top
hinsilipinguo.top
fighterdesert.golf
frangimingi.top
23mozzgoscanne.top
gegemocotoro.top
feelakey.top
folikkuloge.top
xenaxklio.fit
siberiaposlire.top
inkarhanter.top
gonsikolika.top
todykaser.fit
nomorer.casa
piklindaurum.top
planidogat.top
minimulibery.bid
vilkodsare.top
nobadynovoy.top
beggings.top
fertillonoatro.agency
poedkoloed.top
desantogambito.agency
collaborranto.casa
yousarenotrew.top
hartromboblood.club
nositkarta2.top
12horroser.fun
woodabeg.fun
tendaronifulik.top
phoenixsenaks.golf
royallik.uno
vindurualeg.art
hobbitza.website
zaqeurepto.casa
ujoshui.top
starginogil.top
quantokilofresh.fit
hlugoposs.top
wenettoauto.golf
brrammannen.fun
saamosuumo.bid
supnoviklon.top
boalietr.website
colsezarain.top
miglokinewss.top
killynavi.space
mikugivetonik.top
kakecupckake.online
sillkolo.space
unifaestbigbog.top
planeppilot.digital
consoloursullo.casa
goldtograbb.pw
feelingsfreshr.space
10yofcris.casa
fiziturongis.top
dacadece.fit
erlozimadam.top
torbinsb.uno
nuuuaaaretobe.top
peravolicherov.top
kindsoftpron.top
russoful.space
laquasil.top
furnifutolinka.top
ventuaustria.digital
biopewaz.fun
aspessilo.fit
ameriglo.uno
bigcostarikas.top
glooverdoover.top
faeartofaer.top
supplementik.top
bumisuevralek.top
formgotobig.xyz
vindurualeg.club
illuziontime.top
tradplatgo.top
veritylo.uno
moldorunumu.digital
agalere.club
saredurostef.top
idiomore.website
highertrully.top
gambitsniper.digital
tverrotordo.space
xantummassacre.golf
goringavizi.bid
wukuchuk.space
zoktalivensia.top
kaizerrotsosa.casa
dassauldblame.fun
lostdexsation.top
prizedassault.golf
luchinuginfi.top
grennader.space
ggbetcode.golf
captakomanda.top
litefilipiness.top
deerevula.club
durvindigo.top
nighterlikorew.casa
fiflosnurenst.top
finalllolubo.space
asralissralis.online
brokletwistzz.top
arhannexa5.top
mirducolivech.top
catanirogof.top
drannirusso.casa
darkfoxmarket.link
ginreworess.top
zakuppilo.fun
extrimedomino.top
backpackgrey.online

# Reference: https://gist.github.com/myrtus0x0/12b088ab863c5ffc56d84e76712c5f3b
# Reference: https://www.virustotal.com/gui/ip-address/45.142.215.229/relations
# Reference: https://www.virustotal.com/gui/file/b4f8da4dadd6a3f18b98cd39b3d6202d0afcc46db01fbcf792daf0cd36dbd85c/detection
# Reference: https://www.virustotal.com/gui/file/af23d4b7238e7c34710202627722c7d2bb02645380f13066b16d6d8352545e35/detection
# Reference: https://www.virustotal.com/gui/file/d2bc8d2ed345e62138546ba148598641bbf2fe93e9749dad262bf4dcb9117305/detection
# Reference: https://www.virustotal.com/gui/file/81b3ef4c1b47b1f4376b5e887c2c0ff26443cb7204a92d4e815ce1bd88d4e2b5/detection

dilmopozira.top

# Reference: https://gist.github.com/myrtus0x0/e8b191faa086c9b05e3978c3836fca51
# Reference: https://www.virustotal.com/gui/ip-address/193.203.202.108/relations
# Reference: https://www.virustotal.com/gui/file/b5f54359c7ea11c5cece6fb2420b392ed8b7f84e2351e31fe687fa7c03ded5d6/detection
# Reference: https://www.virustotal.com/gui/file/5f035283ef433b5a12b51c7f3157ce9a720df74b192080b465db277341bfed4d/detection
# Reference: https://www.virustotal.com/gui/file/c57f1c661a21b7d160633f48c45a5a3eb9272762f9e88996a488a3d6362928f4/detection

potimomainger.top

# Reference: https://gist.github.com/myrtus0x0/d860787abe5580600835182a70f50412
# Reference: https://www.virustotal.com/gui/file/c3cfec44f342c82d31689da86150710b21a25492a9ce1ad634d700f0e4a8ae5f/detection

calciumasta.top

# Reference: https://gist.github.com/myrtus0x0/835bc1bba8688587f37c25ea2cd09bb5
# Reference: https://www.virustotal.com/gui/file/defcc722a2816c05bd0331858b3a4f51735ff7cf89f4f35649c48cc09f36aa2a/detection

dietarydog.top
zverrokodo.live

# Reference: https://gist.github.com/myrtus0x0/68fd792038380ba4e334b28ff9325d4f
# Reference: https://www.virustotal.com/gui/file/c2e8e316fd877dca1e06fadbda3fd01ae4dbc6d2d1eb8a8ad3eff6ca7f8f56a4/detection

lascakatheather.shop

# Reference: https://gist.github.com/myrtus0x0/c4863c504e76d45f35f4517c644506da
# Reference: https://www.virustotal.com/gui/file/39dde7049b772424639030d139edf59fb1f227604c6a3a16218868f9c64cbee5/detection

immotransfer.top

# Reference: https://gist.github.com/myrtus0x0/408f68a8df12fbadcf5a9d122de06ce4
# Reference: https://www.virustotal.com/gui/file/30f9f6b1b6e37477070d73bb964e95df8ae10b358a72c240ca3f2cc9e56992ec/detection

mappingmorrage.top

# Reference: https://www.virustotal.com/gui/file/66cd46fecdfc361be5c9c75c51b4c84cebc82030da79b219de59e968aca61209/detection

fintopikasling.top

# Reference: https://tria.ge/210621-pd63fl26fn
# Reference: https://www.virustotal.com/gui/file/3839ea5f86c4ebc8036ab26cfee2b0e05893a6b276d39ba23b75980c4db4c8a4/detection

bethehill.trade

# Reference: https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/
# Reference: https://otx.alienvault.com/pulse/60d584d46294b971bc361a14

epicprotovir.download
essoandmobilcards.com
immotransfer.top
kickersflyers.bid
mappingmorrage.top
momenturede.fun
provokordino.space
quadrogorrila.casa
vaclicinni.xyz
vikolifer.top

# Generic

/222g100/index.php
/222g100/main.php
/034g100/index.php
/034g100/main.php
