# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: qakbot, qbot

# Reference: http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=2

abc-hobbies.com
acadubai.org
adserv.co.in
alfamex.com
b.nt002.cn
b.rtbn2.cn
b.tn001.cn
bckp01.in
boogiewoogiekid.com
buldrip.com
cdcdcdcdc212121cdsfdfd.com
cdcdcdcdc2121cdsfdfd.com
citypromo.info
du01.in
du02.in
ftp.acmeinformation.com
ftp.hunterscentral.com
ftp.periodicopuruvida.com
gator862.hostgator.com
googcnt.co.in
hostrmeter.com
inetrate.info
laststat.co.in
nt002.cn
nt010.cn
nt101.cn
nt13.co.in
nt16.in
nt17.in
nt20.in
nt202.cn
ppcimg.in
prstat.in
redserver.com.ua
s046.panelboxmanager.com
saper.in
spotrate.info
successful-marketers.com
swallowthewhistle.com
up002.cn
up003.com.ua
up004.cn
up01.co.in
up02.co.in
up03.in
whitepix.info
yimg.com.ua
zenpayday.com
zurnretail.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://twitter.com/abuse_ch/status/1116023921894219778

d221-73-45.commercial.cgocable

# Reference: https://twitter.com/Bank_Security/status/1124209952019689472
# Reference: https://pastebin.com/pTXbXVnZ
# Reference: https://blog.talosintelligence.com/2019/05/qakbot-levels-up-with-new-obfuscation.html
# Reference: https://twitter.com/_Bear_Crawl_/status/1124357801906716672
# Reference: https://pastebin.com/Tq6ji8uV

lg.prodigyprinting.com
hp.prodigyprinting.com
layering.wyattspaintbody.net
painting.duncan-plumbing.com
rss.thulos.com
wordpress.4ainternacional.com
feedback.couponpx.com
10tillcom.montgomerytech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Qakbot-6956539-0)

jpfdtbmvuygvyyrebxfxy.info
hknkmwfdngcfavzhqd.biz
ywubouysdukndoakclnr.org
uwujtnymeyeqovftsc.org
kaaovcddwmwwlolecr.org
ijdlykvhnvrnauvz.com
lunkduuumhmgpnoxkbcjqcex.org
hsyglhiwqfc.org
forumity.com
zebxhuvsz.com
yxssppysgteyylwwprsyyvgf.com
fcptxaleu.net
olosnxfocnlmuw.biz
cbqjxatxrumjpyvp.biz
sproccszyne.org
uschunmmotkylgsfe.biz
wgysvrmqugtimwhozoyst.biz
tkpxkpgldkuyjduoauvwoiwcg.org
cufgghfrxaujbdb.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Qakbot-7079811-0)

aqksafpuovjyfrzit.org
aulmkpipscpopgwrtzhlnqmjk.info
bmbtgoova.com
cagkhrabktfwkuroydfwtta.org
doiknfcneeeydnyofyurzy.info
erbqfnvqsahyshygeglwhxhvd.org
hibqrywwciwhbks.net
jkijlzrsvic.com
jueafvkiigmul.org
mgpepssjlpytbdktejekl.net
nwocsvuw.net
pzsbodhuinrzhcjin.org
tvntnfczmfiewin.info
uofdwoxezbdujgadioqvy.net
vljfhvniqpl.org
vwsbvkpkzgsvyhapfcm.org
wlakhytkctowfowlzyehtt.net
wupgkipgaiu.biz
yaznaovutvzwgp.net
ymoabqpo.com
zqpbnjvmfkfzbyko.info

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html (# Win.Dropper.Qakbot-7287972-0)

ageanrzekiycakzrswcq.com
cyiynudufvqmswxgtdkgyal.org
evvedpvqyno.net
fmncuwynktocekwqmthsr.net
hrmmnxigwodcsbqhcezedv.net
ocqfamsdr.org
ohfckvgylddiulbtgcrdijtpl.org
ohnzjsjoyxmkfpafaouujked.biz
qguuivkqppwohlzzvjv.org
rpagfveavil.com
tnqnpjthcwhhit.biz
utglavlafksmzfcniumfwwbm.biz
wpaoyqevfvmqquvpfwo.com
wyrlmssiybtkxemblgkturpw.net
zhkclrrbgufzsgljzohs.com

# Reference: https://twitter.com/killamjr/status/1183831240090312706

mottosfer.com
sosanhapp.com

# Reference: https://twitter.com/killamjr/status/1184219573664530437

ivoireboutique.net
newbestacademy.com

# Reference: https://twitter.com/DGAFeedAlerts/status/1186130743241707520

veadymnpvxjxzicecamltc.com

# Reference: https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html
# Reference: https://tria.ge/reports/191119-kdqwsphw2e/task1
# Reference: https://twitter.com/malware_traffic/status/1223044973836361729



content.markdutchinc.com

# Reference: https://twitter.com/reecdeep/status/1218172158633029632

deccolab.com
helpvan.su

# Reference: https://twitter.com/reecdeep/status/1222429871621709824

productsphotostudio.com/wp-content/uploads/2020/01/lane/444444.png

# Reference: https://twitter.com/ps66uk/status/1244784860927004672

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
worldplaces.in/direct/444444.png

# Reference: https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9

411foru.biz
411foru.com
411foru.info
411foru.net
411foru.org
aecfdpuspicop.biz
aifrbgvit.org
akurktsicohzxrfoynqaixspe.org
americansvoice.com
americasvoice.net
angelandthebackbeat.com
angelandthebackbeats.info
angelandthebackbeats.net
angelandthebackbeats.org
anthonybryanauthor.com
aoznszhhyhktgb.com
awtptzoblgkkdmfb.biz
ballbutter.com
bbostybfmaa.org
bdbprqhsomsonztxios.net
beverlyhillsaestheticplasticsurgery.com
beverlyhillsaestheticplasticsurgeryassociates.com
beverlyhillsshrinkwrapliposuction.com
bhapsa.com
bogtdrfdeqabyyxdg.net
bookhotelonlinetoday.com
boomer-talk.com
boomerstalk.com
boomersvoice.com
boomersvoice.net
brpnkctjvgdmnbwtv.biz
bryhitenwzmdtakavoofanp.org
bwzxubzdgaq.biz
bzkgskajhmcwrbk.net
candcbuilding.com
candcplumbing.com
casinobettingpoker.com
cecate.net
cio-inspired.com
cioemea.com
cioeurope.com
cioinnovate.com
cisoinspired.com
cmoinspired.com
cortezs.com
cortezs.net
costcoexpress.com
coxrwiuxkcausxnlbgjmakxrw.net
coxrwiuxkcausxnlbgjmakxrw.net
cpoinspired.com
creinspired.com
csgoclimb.ru
csgoevent.com
csgohs.ru
czkwuxvndxrjsprm.org
dandymanscrubs.com
dandyscrub.com
dandyscrubs.com
dejyjcwo.info
dfnchvkjlzlkdaygzdakqhn.info
dkdjezurex.org
doctorraffi.com
domandvilma.com
dpsjwmwzuwnicaq.biz
dpsjwmwzuwnicaq.biz
drhovsepian.com
drhovsepianbeverlyhillsbotchedme.com
drhovsepianbeverlyhillsbotchedmeup.com
drhovsepianbeverlyhillsexperience.com
drhovsepianbeverlyhillsreview.com
drhovsepianbeverlyhillsreviews.com
drhovsepianbotched.com
drhovsepianbotchedme.com
drhovsepianbotchedmeup.com
drhovsepianplasticsurgeon.com
drhovsepianplasticsurgery.com
drhovsepianreview.com
drhovsepianreviews.com
drhovsepianruinedme.com
drraffibeverlyhills.com
drraffibeverlyhillsbotched.com
drraffibeverlyhillsbotchedme.com
drraffibeverlyhillsbotchedmeup.com
drraffibeverlyhillsreview.com
drraffibeverlyhillsreviews.com
drraffibotched.com
drraffibotchedme.com
drraffibotchedmeup.com
drraffihovsepian.com
drraffihovsepianbeverlyhillsbotched.com
drraffihovsepianbeverlyhillsbotchedme.com
drraffihovsepianbeverlyhillsbotchedmeup.com
drraffihovsepianbeverlyhillsexperience.com
drufxhimmwwnfhegujbutyw.com
drufxhimmwwnfhegujbutyw.com
dslmkpgjvuisnqa.com
dslmkpgjvuisnqa.com
dtvsxudgnort.biz
dynamicwords.us
eeaforums.org
ejnkyujcazyyrehecjmox.net
engeniusforum.com
facilitiesmanagementforum.com
fbptaqbegdpqfkqeniulcz.com
felruzatqofkxlzkrskrbcilq.org
fgmbdteifejszcmn.org
fm-inspired.com
fminnovate.com
fmpevent.com
fobccpaug.org
frcblvtmpuygvxzdjsdw.net
gandhiprobably.com
gdfqutzvshhgzheqksxj.biz
gfapuxkfzsddekagqyvtibckx.org
gfsbfuaogfwrcvstpnvuskqjh.net
gilkeyphotography.com
gjcybzvmvir.com
gjcybzvmvir.com
gkvimqrvoscnuvggw.net
godbetter.com
godbigger.com
godonlinetv.com
gvyxwaslgliazuilhtyl.com
hbjzvgyej.org
hernandezenterprise.com
hernandezenterprise.info
hernandezenterprise.mobi
hernandezenterprise.net
hernandezenterprise.org
hhwkqccfvmbxvgsrfodzblfk.org
hihybiipewmutcpqjsnnn.org
hr-inspired.com
htibkjlyhffmhnetwvaia.net
hvjhbdtxslkr.net
hyfotrom.biz
hyfpcoogiuxackrjlvqfoa.org
iaahouston1.com
inspiredbusinessmedia.com
internetmarketingenterprise.net
izfrynscrek.net
jaxmksttqwcfycm.org
jdqmdauuzavhvzmchymtn.com
jekawtzb.net
jfgsifrptbirusgs.net
jghgaukpemdsitwrbkm.org
jhsjqyopeiivfjonxfd.com
justportraits.ca
jyemfaceteeg.info
kvwyoivqwydfdlpzd.org
kyimozmtezqaghxaqbykf.net
kzdmlrtrdfmuvyczjeoysnnr.com
lifewavechina.com
lifewavedenmark.com
lifewavedistributor.com
lifewaveforever.com
lifewaveindia.com
lifewaveuk.com
listentoamericans.com
listentoamericans.net
ljiececesruwqsiaafspjb.biz
ljiececesruwqsiaafspjb.biz
lowtechinternational.com
lssteedshlf.org
lzxrbgvcpdefafmtkmypd.org
marcelohernandez.net
marcelohernandez.org
messifootball.com
messimessimessi.com
messistar.com
messistars.com
mlmbonus.com
modernhide.com
mushroomalley.com
my-voice.net
myvoiceamerica.com
myvoiceusa.com
mzvmmsedkr.biz
naughtytimebooks.com
nknpagmexfmpivpfkej.org
nkwnfcvlqvouqyspcpfxdbmkv.org
nwqsckeoatb.biz
nyqvjyehgmyzwsutaoeqrzdff.net
oabtwabgoyatl.info
oeisvpck.com
ofcource.com
ohjnxkcqhyzcqxoxyrqsvmovb.org
ohnzjsjoyxmkfpafaouujked.biz
ohpjbauaztbcqjwbxyepjg.info
olecram.info
olecram.org
olecramproductions.info
olecramproductions.net
olecramproductions.org
onlineredwine.com
onlyportraits.com
onpzjbvxnbvuhrjbjb.info
osnyjaaliqdpegehd.com
oxpsuqkej.org
pgnioogwlucnv.com
pptyqmktluqnpameptwtzno.org
pqmqomkgjnfdng.org
pzmftmgqnxaqgrznm.net
qfdjjouamlbqtfyewaxci.org
qotavczeb.info
raymondelectronics.com
rdnzplgrz.net
reckchfhtndingqrynjdgpbjy.net
revivearizona.com
reviveindiana.net
reviveindiana.org
revivejerusalem.org
revivelondon.org
revivemilwaukee.org
reviveminnesota.com
reviveminnesota.info
reviveminnesota.net
reviveminnesota.org
revivemississippi.net
revivemississippi.org
revivemsp.org
reviverichmondca.org
revivesarasota.org
reviveseattle.org
revivesoutherncaribbean.com
revivesoutherncaribbean.org
revivetheholyland.com
revivetheholyland.org
revivethepromisedland.com
revivethepromisedland.org
revivetupelo.com
revivetupelo.org
revivetwincities.org
revivewisconsin.org
rhjbkrqiekhdxlgzrzdzw.net
riiqynnpolhrrqtjq.com
rkdxaovlaoltxnorwhtqo.com
rss.dimadimapress.com
rtachicago.com
rudedogbrewery.com
rudedogbrewery.info
rudedogbrewery.net
rudedogbrewery.org
rudedogbrewing.co
rudedogbrewing.net
rustywallacefordtennessee.com
saveonfordtrucks.com
saveonscion.com
saveontoyotas.com
sda-courier24.biz
sdacourier.info
senior-voice.com
sexlag.com
shehtaamozvljiemrijsgzff.com
shoprustywallace.com
shoprustywallaceford.com
silent-majority.net
simnewsdaily.com
sportsbettingrace.com
stat.nickspizzade.com
tnqnpjthcwhhit.biz
trackbonus.com
ttzioiyzupuntyceqbwqr.org
tybsrwyftchsd.biz
uisfhfwqrcsqcvo.org
uitutnmieyxfk.org
usobtaaxtdkpzqqvkahae.com
utalkhere.com
utalkhere.net
uvaphhxjmijvuvobqfezgnc.com
uvaphhxjmijvuvobqfezgnc.com
uzjwupjsjfpcezlchdsmzodkm.org
vcavovfkbnxdi.org
vpsbrubhqlrpqfnadsvc.net
vvdpprlurgnja.biz
vxozgiucpq.com
vyffojtfi.net
vzdrlswljtpgsmvddeehav.org
walmgvyongcjrfpjjlwiweyiv.biz
wolfgnards.com
wybmdazfdaapjtabgbamyuq.biz
xkwczygvqosxx.com
xykrgjnhkhjgpkdi.net
year2018.com
year2019.com
year2023.com
year2024.com
yliolxjywjpmtpxwkcsc.biz
yqwjvhxgaiszygziq.org
yqwjvhxgaiszygziq.org
yrkinsiwejn.biz
yuhjomyygtrbcr.info
zlczwkjposmtcawsga.org
zvwidimzmcbsrdbrtk.org
zwdhqcthdwlugocbiqn.info

# Reference: https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/

content.bigflimz.com
fixdoctorsfirst.net
help.postsupport.net
ontario.postsupport.net
portla.mlcsoft.com
qt.files.diggerspecialities.com
store.thecenterforyoga.com
store.birthtothreeipswich.org
uhfudshfduhsf.com

# Reference: https://twitter.com/Bank_Security/status/1121684786068611072

apps.theandroidstore.tv

# Reference: https://twitter.com/killamjr/status/1184564829140291584

baytk-ksa.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://app.any.run/tasks/affb8f2b-864b-4919-94f9-628bb8de9c1c/

maishousemeovac.com

# Reference: https://twitter.com/Arkbird_SOLG/status/1230436957693632512

http://91.196.70.103

# Reference: https://twitter.com/shiftybitshiftr/status/1231422937799856128

qthrebadf.mrbonus.com

# Reference: https://twitter.com/Jouliok/status/1235446560735080449
# Reference: https://app.any.run/tasks/35172a93-5c37-44c2-aac8-7697c4682667/

murreeweather.com

# Reference: https://app.any.run/tasks/4e308047-6593-4aa7-9ca6-aab1d55d324f/

a-o-concepts.ch

# Reference: https://twitter.com/JAMESWT_MHT/status/1244933553151979520
# Reference: https://app.any.run/tasks/d1f38527-29f0-4367-8b65-68896c52ebf6/
# Reference: https://app.any.run/tasks/65300f66-2666-427f-815e-a155b346ceab/

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
t.unplugrevolution.com/articles/18928/2910.png
worldplaces.in/direct/444444.png

# Reference: https://twitter.com/ps66uk/status/1245050707180498947

worldsatellitemedia.com/tools/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1246089064182435840

wizcapture.com/Branding/444444.png
swisscleantechreport.ch/Branding/444444.png
aaronfickling.com/Branding/444444.png
5.unplugrevolution.com/234/4324/43.png

# Reference: https://app.any.run/tasks/4eed74e1-5dd0-4a78-8e92-6a0351adf6e5/

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png

# Reference: https://twitter.com/0xCARNAGE/status/1235716209540296704

samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
careers.sorint.it/idle/33333.png
uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://pastebin.com/3ZzD5N51

tubolso.cl/wp-content/uploads/2020/02/white/444444.png
samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
murreeweather.com/wp-content/white/444444.png

# Reference: https://twitter.com/wwp96/status/1234919547590905856

samphaopet.com/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://twitter.com/wwp96/status/1230183193300676609

g2creditsolutions.com/trusty/444444.png

# Reference: https://twitter.com/wwp96/status/1229887414069579777

kantei-center.com/wp/wp-content/uploads/2020/02/safety/444444.png

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1227767571547590657

mostasharanetalim.ir/wp-content/uploads/2020/02/recent/444444.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1246109511473037312

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
4.unplugrevolution.com/189/24/4788.png

# Reference: https://twitter.com/lazyactivist192/status/1247179930821177344

a.assignmentproff.com/ashduhfudsf.png
corbucrochet.com/cursors/444444.png
stajer.eu/cursors/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1247530680776417282
# Reference: https://app.any.run/tasks/23430199-4079-4202-a847-683ef164c392/

b.assignmentproff.com/amyceyaihd.png
kramo.pl/wp-content/plugins/apikey/slider/444444.png
wppunk.com/wp-content/uploads/2020/04/slider/444444.png
retroband.uk/wp-content/uploads/2020/04/slider/444444.png
almohadonera.clichead.club/slider/825381.zip

# Reference: https://pastebin.com/C9Jmzvdu

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/plugins/advanced-ads-genesis/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/pN5DfFyS

millionsawesomeproducts.com/string/444444.png
common-factor.nl/string/444444.png
funpartyrent.com/string/444444.png
leukkado.be/string/444444.png
unik-evenements.fr/string/444444.png
d.teamworx.ph/1839/20/279.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1250473025012711424

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/themes/calliope/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/hYd6S8YT
# Reference: https://otx.alienvault.com/pulse/5e97740b990dafad240cf9e7

bizzlon-realty.com/wp-content/themes/calliope/beads/444444.png
pakgt.com/wp-content/themes/calliope/beads/444444.png
marinerevetement.com/wp-content/themes/calliope/beads/444444.png
chattosport.com/wp-content/themes/calliope/beads/444444.png
a.coolbreeze.uk/213/312d/6748.png

# Reference: https://twitter.com/secret_return/status/1250574408566976512

/wp-content/themes/calliope/db.php?u=true
/wp-content/themes/calliope/wp-data.php
/wp-content/themes/calliope/wp_class_datalib.php

# Reference: https://twitter.com/ActorExpose/status/1252183338141601793
# Reference: https://app.any.run/tasks/be4a431b-fdb7-4dec-ad40-f67201493494/

greindustry.com
paceldelivery.express

# Reference: https://www.virustotal.com/gui/domain/automatischer-staubsauger.com/relations

automatischer-staubsauger.com

# Reference: https://www.virustotal.com/gui/file/9a8206be5f1eeca651f0d858f752fd84e7014ab561a3b7a8ad2a56971e5f338f/detection

anamikaindanegas.in
demo.caglificioclerici.com

# Reference: https://twitter.com/lazyactivist192/status/1252946567780319233
# Reference: https://pastebin.com/L0g5fRgv
# Reference: https://app.any.run/tasks/286bb4a8-6392-4b31-8e36-ae143522d0d6/

hasumvina.nrglobal.top/wp-content/themes/mapro/pump/55555.png
4mco.com.pk/wp/wp-content/themes/mapro/pump/55555.png
cloud.wmsinfo.com.br/wordpress/wp-content/themes/mapro/pump/55555.png
jeromenetpanel.ml/wp-content/themes/mapro/pump/55555.png
cheshirecheetah.com/wp-content/themes/mapro/pump/55555.png

# Reference: https://pastebin.com/7bYzetJF

170.82.210.138:2222
178.193.33.121:2222
184.167.2.251:2222
188.26.150.82:2222
195.162.106.93:2222
68.14.210.246:2222
72.204.242.138:50003
75.117.128.20:2222
atn24live.com/spool/8888.png
bg142.caliphs.my/spool/8888.png
afsholdings.com.my/spool/8888.png
alphapioneer.com/spool/8888.png
kbzsa.cn/wp-content/plugins/apikey/spool/8888.png

# Reference: https://pastebin.com/55uiNwYC

auxiliumassessoria.com.br/docs_tmj/8888.png
inglesdoribas.com.br/docs_cyq/8888.png
adamdtmassage.co.uk/docs_394/8888.png
adwokat-pleszka.pl/docs_v6n/8888.png
afterdrugs.life/docs_kxk/8888.png

# Reference: https://pastebin.com/BSe9sHVR

arcyten.cl/iulbxki/88888.png
beforeshithappens.com/docs_2re/55555.png
can-media.de/e/88888.png
cirugiagenital.com.mx/rrigg/88888.png
clair-salon.info/docs_xgy/55555.png
clubtempel.de/zeksv/88888.png
delmaestro.cl/uyc/88888.png
mytex.pe/phsse/88888.png
svvlive.com/docs_fbz/55555.png
themmacoach.com/wp-content/uploads/2020/04/docs_cv0/55555.png
tianmaouae.com/docs_9qu/55555.png
y-sani.com/docs_bcx/55555.png

# Reference: https://pastebin.com/SbZvFXPa

batdongsanbentre.com.vn/vbtbnvxnrl/22222.png
betopceo.com/ivbglae/22222.png
capath.vn/yxrw/22222.png
cerisiers.be/fczjua/22222.png
daricci.de/wp-content/uploads/2020/04/owkf/22222.png

# Reference: https://pastebin.com/Qsf0XmFj

tradingwithharmony.com/wp-content/uploads/2020/04/phsse/8888.png
moinmo.de/phsse/8888.png
herrfischer.me/phsse/8888.png
ngon10.com/phsse/8888.png
gmassurance.fr/wp-content/uploads/2020/04/phsse/8888.png

# Reference: https://app.any.run/tasks/173baaa3-8577-49a3-b525-04dddc3ed2a5/
# Reference: https://app.any.run/tasks/23781225-7661-48b5-a3bb-4f3c22b99252/

tristatehs.com
new.tristatehs.com

# Reference: https://app.any.run/tasks/20fdc52d-21bd-4a76-aa4e-0a0b6729c66f/

hotelbharatpurpalace.com/fjtpbqbq/88888.png

# Reference: https://pastebin.com/czHZP8AJ

beachtour14.fr/bpqlrau/2222.png
casadospa.com.br/wp-content/uploads/2020/05/fougrzbplzd/2222.png
chapaitoday.com/olsce/2222.png
ecogold.com.au/wp-content/uploads/2020/05/ggmjmxnvzabj/2222.png
en.goldwin1.ir/sysaasdyrwt/2222.png
cupid.ninja/jbwyga/3333.png
era.co.id/jwpgqgdwcg/3333.png
escriba.art/wp-content/uploads/2020/05/volbgwi/3333.png
flowersforfuneral.net/zkqsxgiuc/3333.png
ftluae.com/wp-content/uploads/2020/05/nkwyacugcyjt/3333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1258057381637955586
# Reference: https://app.any.run/tasks/84e1beae-8ca6-484e-9124-c9ffd0116307/

alhussain.pk/ioxix/88888.png
beta.enerbras.com.br/muvolifvmg/88888.png
blog.saigon247.vn/wp-content/uploads/2020/05/axtcud/88888.png
it.shopforever.pk/ewbaleo/88888.png
limonauto.com.ua/gdjcigc/88888.png

# Reference: https://pastebin.com/j5tcBGZR

p2b.in/tpgcy/6666.png
cjemskayyoor.com/wp-content/uploads/2020/05/yaakhc/6666.png
cosmea.pl/wp-content/uploads/2020/05/lqauk/6666.png
hobsnchimney.in/dawfxassh/6666.png
hyundainamdinh.org/wp-content/uploads/2020/05/nxacxffh/6666.png

# Reference: https://pastebin.com/jmh7jtHb

landing1.allencarr.co.il/wp-content/themes/danfe/itfmy/4444.png
laraib.freelancefront.com/wp-content/themes/danfe/seobfszigf/4444.png
learn.milwayresources.com/wp/wp-content/plugins/wp-block-pack/yaziwtgpugnl/4444.png
kazemart.com/wp-content/themes/danfe/eupsvyto/4444.png
kenfendi.com/wp-content/themes/danfe/abfbbq/4444.png

# Reference: https://pastebin.com/NfiYEGRW

datphatlocsg.com/wp-content/uploads/2020/05/scfcgmbjsv/77777.png
moydom.md/wp-content/uploads/2020/05/hflhgo/77777.png
renobarapp.es/wp-content/uploads/2020/05/ahrtqqlwe/77777.png
league265.com/awoaokzq/77777.png
doryfotografia.com/wordpress_1/valoub/77777.png

# Reference: https://pastebin.com/drJgf5aZ

conference.vlgprojects.ru/fsxijcpft/5555.png
sjabbens.xyz/wp-content/uploads/2020/05/xngij/5555.png
telefonrammen.dk/pcixoheru/5555.png
vdovira.net.ua/qjzcgusihgg/5555.png
formationcap.tn/wp-content/uploads/2020/05/avxvwjxvpzh/5555.png

# Reference: https://pastebin.com/55RY1qcm

fitoluri.cat/wp-content/themes/twentyseventeen/inc/turns/55555.png
mrdgrupointegral.com/wp-content/themes/twentytwenty/inc/turns/55555.png
demo.dehliwalalunch.com/wp-content/themes/twentyseventeen/inc/turns/55555.png
dr-nano.ir/wp-content/themes/twentytwenty/classes/turns/55555.png
bondarenkopjatk.ru/wp-content/themes/twentyseventeen/inc/turns/55555.png

# Reference: https://pastebin.com/PwQfddsP

new.myoc.com.au/pqurjvfpjl/8888888.png
uhuru.online/krtxtkiajk/8888888.png
one2onedriving.co.uk/zxzhmxut/8888888.png
kancelariaziolkowscy.pl/xfyinzwfwqv/8888888.png
shop.luisvillalonga.com/fztdvmyodegs/8888888.png

# Reference: https://pastebin.com/15vppTwk

idea-development.ru/afqwno/8888888.png
rifey-zlat.ru/oezwkp/8888888.png
m.alt-hospital.ru/dsancifk/8888888.png
6pond.com/yjssrdxwb/8888888.png
redletterliving.org/iqoehhnywvt/8888888.png

# Reference: https://twitter.com/ffforward/status/1268905190041759744

test.acdlec.be/ilxjzhky/8888888.png

# Reference: https://pastebin.com/HkmkarTG
# Reference: https://app.any.run/tasks/68251632-8093-4ae1-9a33-99c8b2437e21/

salwadm.com/tcphx/8888888.png
flipkenya.com/nujazbwrhjy/8888888.png
10x45.com/zfbjvvqxktx/8888888.png
iamployed.nl/lbbiujdyjy/8888888.png
aptociudadamuralladacartagena.com/gddqez/8888888.png
autoescolaciganos.com.br/gezzf/8888888.png

# Reference: https://twitter.com/lazyactivist192/status/1271079253988093953
# Reference: https://pastebin.com/Kx6ADJ3z

amandadecardy.com/NSUEdD/wp-includes/js/tinymce/plugins/directionality/pdvav/8888888.jpg
ameliasmoments.com/wp-includes/js/thickbox/wifgyfro/8888888.jpg
digitalschoolfaridabad.in/courses/images/parallax/mjogqxakfxg/8888888.jpg
sometechsense.com/wp-includes/js/tinymce/plugins/wptextpattern/tbpfdfelf/8888888.jpg
uniquehindunames.com/wp-content/uploads/cnesco/8888888.jpg

# Reference: https://twitter.com/JAMESWT_MHT/status/1271486893188886531
# Reference: https://pastebin.com/L8JGi5nE

leeephee.top
withifceale.top
wpsnoum.pw
wsaexdig.pw
xeemoquo.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1272522078252609538
# Reference: https://pastebin.com/wfQduHVS
# Reference: https://app.any.run/tasks/c5fe9c77-58b8-4e45-9df9-a0fa5e41a627/

sehgalestates.co.in/zvufsph/8888888.png
dentixdentalcare.com/ftoddj/8888888.png
fooodshooters.com/enlokgqs/8888888.png
new.carfinancehotline.ca/lqjdqsckuihv/8888888.png
altuspsg.com/fyhhqlmq/8888888.png

# Reference: https://twitter.com/Bank_Security/status/1272787094319095809

w1.plenimusic.com/fakes/

# Reference: https://twitter.com/0xCARNAGE/status/1274062746716438528
# Reference: https://app.any.run/tasks/78977d8c-8907-418d-87ae-bfbddd3d611d/

savemall.store/shiolmqj/33333333.png
tshirtstirupur.com/zbdmzdogdptt/33333333.png
maxacerna.org/ekasrroy/33333333.png
kwickshop.co.tz/lwhtksmfrbyh/33333333.png
paschalhildreth.com/bnqcndfbrfc/33333333.png

# Reference: https://pastebin.com/sEPSHH4j

test.africanamericangolfersdigest.com/kkmthjsvf/5555555.png
frankiptv.com/liehyidqtu/5555555.png
klubnika-malina.by/utgritefmjq/5555555.png
centr-toshiba.by/wogvynkombk/5555555.png
marokeconstruction.com.au/hhmzmlqct/5555555.png

# Reference: https://app.any.run/tasks/26bee149-383f-4e98-91b9-3f1a36f821e6/

digisham.ir/cbroi/33333333.png
renukagraphics.com/ttgoccwx/33333333.png
tempusout.co.uk/qqzweuuwqo/33333333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1275434967418327041

girandolegiobas.it/jvhum/33333333.png

# Reference: https://app.any.run/tasks/133c6579-ee89-45d8-ad4b-ab64bac3a9e7/

40chorr.com/xlgkqwjt/8888888.png

# Reference: https://pastebin.com/WVeqdZu6

hospitaisipiranga.com.br/ewtxh/8888888.png
tahanikhawaji.com/imbya/8888888.png
whichworx.com/bmktzamm/8888888.png

# Reference: https://blog.morphisec.com/qakbot-qbot-maldoc-two-new-techniques
# Reference: https://otx.alienvault.com/pulse/5f40159bcca40ac86178f5a1

forum.insteon.com/suowb/111111.png
marineworks.eu/dwaunrsamlbq/111111.png
nashsbornik.com/rqzvoxtjyhw/555555.png
craniotylla.ch/vzufnt/111111.png
atsepetine.com/evuyrurweyib/555555.png
studiomascellaro.it/wnzzsbzbd/111111.png
nanfeiqiaowang.com/tsxwe/111111.png
maplewoodstore.com/rmwclxnbeput/555555.png
quickinsolutions.com/wfqggeott/111111.png
ankaramekanlari.net/vmnzwr/555555.png
rijschoolfastandserious.nl/rprmloaw/111111.png
akindustrieschair.com/smuvtnrgvmd/55555.png
optovik.store/bkatah/555555.png
akersblog.top/kipql/555555.png
quoraforum.com/btmlxjxmyxb/111111.png
duvarsaatcisi.com/gbmac/555555.png
all-instal.eu/mgpui/555555.png
store.anniebags.com/qyvbyjaiu/555555.png
bronco.is/pdniovzkgwwt/111111.png

# Reference: https://www.virustotal.com/gui/file/c11dccbc459882fa6098a1022c5bb187890ea4ab6ef60d69a11af722ab6699e2/detection

poxclip.com

# Reference: https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
# Reference: https://otx.alienvault.com/pulse/5f484a9c3331ef2fad5e0b74

klubnika-malina.by
centr-toshiba.by
kiesow-auto.de
fortinet-cloud.com
requirejscdn.com
frankiptv.com
factory-hot.com
cersomab.com
marokeconstruction.com.au
callunaconycatcher.com
chs.zarifbarbari.com
asn.crs.com.pa
backup.justthebooks.com
test.africanamericangolfersdigest.com

# Reference: https://twitter.com/malware_traffic/status/1303845647691505667
# Reference: https://pastebin.com/XV3PCBTH

acrinetshop.com.br/arnphkv/55555555.png
anawabighschool.com/lipun/55555555.png
dellenbene.de/wpfsjfcrp/55555555.png
emulatorgame.ir/ocdxvkhvmtjx/55555555.png
evutt.ee/imjzrilmu/55555555.png
hillsborobookkeeping.com/yowyvoux/55555555.png
lojacorpoemente.com.br/beuefuqpd/55555555.png
papadeilumi.it/kupmmngtbbn/55555555.png
sulduzkhabar.ir/fhrhowc/55555555.png
talantinua.com/apawn/55555555.png
corbettasalvatore.com/bolcv/55555555.png
crippacostruzioni.it/jnatzwzp/55555555.png
pauwstoffering.nl/pqwwmqzgjot/55555555.png
serramentispada.it/odisaehjgg/55555555.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1310629325285322752

condochicks.com/ynwnx/222222.png

# Reference: https://twitter.com/j_dubp/status/1310604638404710401

mahathi2.ondemandcreative.com/24.gif

# Reference: https://otx.alienvault.com/pulse/5f734f0ea4be892f4e48a71e

donostiayocio.com/jqmapuowktbb/555555555555.png

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-09-28-Qakbot-IOCs.txt

condochicks.com/ynwnx/222222.png
ideskonline.com/vzpcwa/222222.png
matterandhome.com/twtao/222222.png
pramars.xyz/psswhqxs/222222.png
exploshot.com/24.gif
foundation.shanto-mariamfoundation.org/24.gif
mahathi2.ondemandcreative.com/24.gif
staging.stikbot.toys/24.gif
pramars.xyz

# Reference: https://twitter.com/ps66uk/status/1313495882495655936
# Reference: https://app.any.run/tasks/5723181d-5681-44e1-b166-08ed4daf7eb1/
# Reference: https://www.virustotal.com/gui/file/be22c42d30ca60a3839bac35e79917944ba74f3912e7327093fd1006c840089e/detection

etlapgyartas.hu/0510.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1314186304414986240
# Reference: https://app.any.run/tasks/a6075bef-0ca8-4565-bb7e-e2091ffbb979/

rapidlending.club/0810.gif

# Generic

/TealeafTarget.php
/treusparq.php
/tpan/azep.php
/uQnED83/tltZT3.php
/tltZT3.php
/vbtbnvxnrl/22222.png
/ivbglae/22222.png
/yxrw/22222.png
/fczjua/22222.png
/owkf/22222.png
/bpqlrau/2222.png
/fougrzbplzd/2222.png
/olsce/2222.png
/ggmjmxnvzabj/2222.png
/sysaasdyrwt/2222.png
/ynwnx/222222.png
/ynwnx/222222.png
/vzpcwa/222222.png
/twtao/222222.png
/psswhqxs/222222.png
/jbwyga/3333.png
/jwpgqgdwcg/3333.png
/volbgwi/3333.png
/zkqsxgiuc/3333.png
/nkwyacugcyjt/3333.png
/cbroi/33333333.png
/jvhum/33333333.png
/ttgoccwx/33333333.png
/qqzweuuwqo/33333333.png
/bnqcndfbrfc/33333333.png
/ekasrroy/33333333.png
/lwhtksmfrbyh/33333333.png
/shiolmqj/33333333.png
/zbdmzdogdptt/33333333.png
/itfmy/4444.png
/seobfszigf/4444.png
/yaziwtgpugnl/4444.png
/eupsvyto/4444.png
/abfbbq/4444.png
/beads/444444.png
/previous/444444.png
/slider/444444.png
/string/444444.png
/differ/999999.png
/ahrtqqlwe/77777.png
/awoaokzq/77777.png
/hflhgo/77777.png
/scfcgmbjsv/77777.png
/valoub/77777.png
/feature/777777.png
/tpgcy/6666.png
/yaakhc/6666.png
/lqauk/6666.png
/dawfxassh/6666.png
/nxacxffh/6666.png
/pump/55555.png
/spool/8888.png
/docs_tmj/8888.png
/docs_cyq/8888.png
/docs_394/8888.png
/docs_v6n/8888.png
/docs_kxk/8888.png
/cnesco/8888888.jpg
/mjogqxakfxg/8888888.jpg
/pdvav/8888888.jpg
/tbpfdfelf/8888888.jpg
/wifgyfro/8888888.jpg
/fztdvmyodegs/8888888.png
/ilxjzhky/8888888.png
/krtxtkiajk/8888888.png
/pqurjvfpjl/8888888.png
/xfyinzwfwqv/8888888.png
/zxzhmxut/8888888.png
/fyhhqlmq/8888888.png
/afqwno/8888888.png
/oezwkp/8888888.png
/dsancifk/8888888.png
/yjssrdxwb/8888888.png
/iqoehhnywvt/8888888.png
/tcphx/8888888.png
/nujazbwrhjy/8888888.png
/zfbjvvqxktx/8888888.png
/lbbiujdyjy/8888888.png
/gddqez/8888888.png
/gezzf/8888888.png
/zvufsph/8888888.png
/ftoddj/8888888.png
/enlokgqs/8888888.png
/lqjdqsckuihv/8888888.png
/xlgkqwjt/8888888.png
ewtxh/8888888.png
/imbya/8888888.png
/bmktzamm/8888888.png
/fsxijcpft/5555.png
/turns/55555.png
/xngij/5555.png
/pcixoheru/5555.png
/qjzcgusihgg/5555.png
/avxvwjxvpzh/5555.png
/docs_2re/55555.png
/docs_9qu/55555.png
/docs_bcx/55555.png
/docs_cv0/55555.png
/docs_fbz/55555.png
/docs_xgy/55555.png
/kkmthjsvf/5555555.png
/liehyidqtu/5555555.png
/utgritefmjq/5555555.png
/wogvynkombk/5555555.png
/hhmzmlqct/5555555.png
/arnphkv/55555555.png
/lipun/55555555.png
/wpfsjfcrp/55555555.png
/ocdxvkhvmtjx/55555555.png
/imjzrilmu/55555555.png
/yowyvoux/55555555.png
/beuefuqpd/55555555.png
/kupmmngtbbn/55555555.png
/fhrhowc/55555555.png
/apawn/55555555.png
/bolcv/55555555.png
/jnatzwzp/55555555.png
/pqwwmqzgjot/55555555.png
/odisaehjgg/55555555.png
/e/88888.png
/fjtpbqbq/88888.png
/iulbxki/88888.png
/phsse/88888.png
/rrigg/88888.png
/uyc/88888.png
/zeksv/88888.png
/ioxix/88888.png
/muvolifvmg/88888.png
/axtcud/88888.png
/ewbaleo/88888.png
/gdjcigc/88888.png
/bkatah/555555.png
/btmlxjxmyxb/111111.png
/dwaunrsamlbq/111111.png
/evuyrurweyib/555555.png
/gbmac/555555.png
/kipql/555555.png
/mgpui/555555.png
/pdniovzkgwwt/111111.png
/qyvbyjaiu/555555.png
/rmwclxnbeput/555555.png
/rprmloaw/111111.png
/rqzvoxtjyhw/555555.png
/smuvtnrgvmd/55555.png
/suowb/111111.png
/tsxwe/111111.png
/vmnzwr/555555.png
/vzufnt/111111.png
/wfqggeott/111111.png
/wnzzsbzbd/111111.png
/rqfardzsgihu/555555555.png
/jqmapuowktbb/555555555555.png

# IP connections

104.153.240.6:2222
104.173.119.54:2222
104.174.71.153:2222
104.221.4.11:2222
104.32.185.213:2222
107.15.153.110:8443
108.184.57.213:8443
108.190.151.108:2222
109.106.69.138:2222
109.209.94.165:2222
111.125.70.30:2222
116.30.4.51:2222
116.72.208.166:2222
116.72.213.83:2222
118.93.167.173:2222
119.157.106.105:3389
120.147.65.97:2222
120.147.83.120:2222
122.148.156.131:995
130.25.130.19:2222
142.117.191.18:2222
144.202.38.185:2222
144.202.38.185:995
146.199.132.233:2222
146.200.250.17:2222
146.200.250.36:2222
149.28.101.90:2222
149.28.101.90:8443
149.28.101.90:995
149.28.98.196:2222
149.28.98.196:995
149.28.99.97:2222
149.28.99.97:995
150.143.128.70:2222
151.242.43.85:32103
151.242.62.59:32103
166.62.180.194:2078
171.100.86.168:2222
172.115.177.204:2222
172.58.107.229:2222
172.87.157.235:3389
173.163.115.89:2078
173.18.126.193:2222
173.197.22.90:2222
173.21.10.71:2222
173.22.120.11:2222
173.22.125.129:2222
173.247.186.90:2087
173.26.65.44:50010
174.30.165.242:2222
174.34.67.106:2222
176.193.14.165:2222
176.202.187.129:61201
176.205.222.30:2078
176.205.222.30:2222
176.223.0.185:2222
176.223.35.19:2222
176.223.43.145:2222
176.223.7.75:2222
178.193.33.121:2222
178.193.38.188:2222
182.190.19.241:3389
183.82.100.249:2222
184.167.2.251:2222
184.180.157.203:2222
184.191.61.13:32100
184.90.139.176:2222
186.47.208.238:50000
186.94.173.62:2078
187.194.16.208:2222
187.250.238.164:995
188.127.231.114:2222
188.25.223.107:2222
188.25.233.157:2222
188.26.150.82:2222
188.26.178.176:2222
188.27.166.186:2222
188.52.106.206:20
189.163.230.27:2222
189.222.216.44:443
189.222.59.177:443
189.250.115.177:2222
190.198.124.212:2078
190.204.58.240:2078
190.75.167.44:2222
190.75.173.8:2078
193.248.221.184:2222
193.248.44.2:2222
195.162.106.93:2222
195.6.1.154:2222
196.194.28.127:2222
196.194.74.33:2222
196.194.76.68:2222
196.194.77.181:2222
196.194.84.165:2222
196.221.15.34:6881
196.221.207.137:995
197.210.96.222:995
197.45.110.165:995
2.232.253.79:995
2.45.53.40:2222
2.50.153.20:2222
2.50.159.112:2222
2.50.161.6:2222
2.50.47.97:2222
2.7.116.188:2222
2.7.202.106:2222
2.7.65.32:2222
2.7.69.217:2222
2.86.41.23:2222
200.140.154.174:2222
201.209.0.55:2078
201.209.218.89:2078
201.209.22.209:2078
201.209.4.83:2078
201.248.122.51:2078
206.51.202.106:5000
206.51.202.106:50002
206.51.202.106:50003
207.246.116.237:2222
207.246.116.237:8443
207.246.116.237:995
207.246.77.75:2222
207.246.77.75:8443
207.246.77.75:995
207.255.161.8:2078
207.255.161.8:2087
207.255.161.8:2222
207.255.161.8:32100
207.255.161.8:32102
207.255.161.8:32103
209.182.121.133:2222
209.210.187.52:995
213.120.109.73:2222
213.31.203.38:2222
216.137.140.236:2222
216.150.207.100:2222
216.21.168.27:32101
216.21.168.27:50000
216.215.77.18:2078
216.221.73.45:2222
216.8.170.82:2222
217.133.54.140:32100
217.165.164.57:2222
220.135.31.140:2222
222.195.69.36:2078
23.49.13.33:7000
24.100.46.201:2222
24.110.14.40:3389
24.136.33.120:2222
24.184.5.251:2222
24.184.6.58:2222
24.201.61.153:2078
24.201.68.105:2078
24.201.68.105:2087
24.201.79.208:2078
24.202.42.48:2222
24.203.221.252:2222
24.203.36.180:2222
24.203.64.26:2222
24.228.185.224:2222
24.229.150.54:995
24.231.54.185:2222
24.26.1.14:2222
24.27.82.216:2222
24.44.142.213:2222
24.44.180.236:2222
24.46.40.189:2222
31.50.210.205:2222
31.53.49.169:2222
35.142.12.163:2222
35.142.24.147:2222
37.116.152.122:2222
37.182.238.170:2222
37.210.160.50:61201
45.32.211.207:2222
45.32.211.207:8443
45.32.211.207:995
45.37.57.119:2222
45.45.51.182:2222
45.46.53.140:2222
45.63.107.192:2222
45.63.107.192:995
45.67.231.247:995
45.77.115.208:2222
45.77.115.208:8443
45.77.115.208:995
45.77.117.108:2222
45.77.117.108:8443
45.77.117.108:995
47.39.177.171:2222
47.48.236.98:2222
49.144.81.46:8443
49.28.99.97:2222
5.107.144.131:2222
5.107.157.6:2222
5.107.208.94:2222
5.107.229.6:2222
5.107.232.32:2222
5.12.213.152:2222
5.12.214.109:2222
5.14.44.173:2222
5.15.90.159:2222
5.193.175.12:2078
5.193.178.241:2078
5.193.181.221:2078
5.193.61.212:2222
5.233.222.211:61202
5.233.232.81:61202
5.89.115.73:2222
50.198.141.161:2078
50.29.166.232:995
51.9.198.164:2222
54.36.108.120:65400
62.38.111.70:2222
63.155.9.141:995
63.230.11.201:2083
63.230.2.205:2083
64.72.102.10:2222
65.100.247.6:2083
65.169.66.123:2222
65.30.213.13:6882
66.25.168.167:2222
66.76.255.133:2078
67.200.146.98:2222
67.209.195.198:3389
67.214.201.117:2222
67.5.33.229:2078
67.60.113.253:2222
67.7.2.109:2222
67.82.244.199:2222
67.83.122.112:2222
67.83.54.76:2222
67.87.38.242:2222
68.14.210.246:22
68.14.210.246:2222
68.207.33.232:2222
68.207.39.244:2222
69.58.147.82:2078
70.123.92.175:2222
70.168.130.172:995
70.21.182.149:2222
70.54.25.76:2222
70.62.160.186:6883
70.74.159.126:2222
70.95.94.91:2078
70.95.94.91:2222
71.12.214.209:2222
71.163.224.206:443
71.217.112.41:2222
71.220.186.241:2222
71.221.224.19:2222
71.222.141.81:61200
71.41.184.10:3389
71.57.230.51:50000
71.69.128.2:2222
71.77.252.14:2222
72.204.242.138:2078
72.204.242.138:2087
72.204.242.138:32100
72.204.242.138:32102
72.204.242.138:50001
72.204.242.138:50003
72.204.242.138:53
72.204.242.138:6881
72.224.213.98:2222
72.231.224.122:2222
72.240.200.181:2222
72.255.200.129:2222
72.255.200.69:2222
72.29.181.77:2078
72.29.181.77:2083
72.29.181.77:2222
72.29.181.78:2078
72.36.59.46:2222
73.152.213.187:80
73.183.145.218:2222
73.216.60.90:2222
73.25.124.140:2222
74.222.204.82:995
74.73.120.197:443
74.88.112.250:2222
74.90.76.128:2222
75.109.193.173:2087
75.109.193.173:8443
75.131.72.82:2087
75.161.36.21:2222
75.165.112.82:50002
75.182.220.196:2222
75.183.171.155:3389
75.86.193.144:2222
76.14.129.53:2222
76.172.59.56:2222
76.182.33.43:2222
76.187.97.98:2222
76.67.162.70:2222
76.86.57.179:2222
76.94.200.148:995
77.132.113.187:2222
77.211.30.202:995
77.27.204.204:995
78.94.55.26:50003
79.129.252.62:2222
79.166.83.103:2222
80.106.85.24:2222
80.11.173.82:8443
80.11.5.65:2222
80.14.209.42:2222
80.195.103.146:2222
81.133.234.36:2222
81.147.42.176:2222
81.147.42.195:2222
81.147.42.227:2222
81.150.181.168:2222
81.214.126.173:2222
82.12.157.95:995
82.127.125.209:990
82.127.193.151:2222
82.77.169.118:2222
83.110.108.100:2222
83.110.108.161:2222
83.110.108.181:2222
83.110.108.38:2222
83.110.109.155:2222
83.110.109.164:2222
83.110.109.252:2222
83.110.12.140:2222
83.110.9.71:2222
83.196.56.65:2222
83.202.68.220:2222
83.25.10.201:2222
83.25.14.84:2222
83.25.18.252:2222
83.25.3.51:2222
83.25.31.13:2222
83.79.2.218:2222
84.232.252.202:2222
84.247.55.190:8443
84.78.128.76:2078
85.132.36.111:2222
85.25.211.31:65400
85.52.72.32:2222
85.58.200.50:2222
85.7.22.186:2222
86.121.121.14:2222
86.121.95.169:2222
86.121.95.197:2222
86.122.251.89:2222
86.122.254.67:2222
86.123.95.59:2222
86.125.140.0:2222
86.126.108.242:2222
86.126.97.183:2222
86.127.144.244:2222
86.153.98.125:2222
86.153.98.2:2222
86.153.98.35:2222
86.153.98.37:2222
86.153.98.75:2222
86.163.174.7:2222
86.182.234.245:2222
86.183.127.100:2222
86.218.67.235:2222
86.220.60.133:2222
86.220.60.247:2222
86.220.62.251:2222
86.233.4.153:2222
86.236.77.68:2222
86.248.16.253:2222
86.97.146.204:2222
86.98.49.75:2078
86.98.89.78:2222
86.98.93.124:2078
87.115.53.122:2222
87.202.87.210:2222
88.106.237.152:2222
88.111.255.235:2222
89.137.211.239:995
89.35.93.254:2222
89.45.102.218:2222
90.101.117.122:2222
90.101.62.189:2222
90.174.217.251:2222
90.175.88.99:2222
90.43.120.113:2222
90.43.6.185:2222
90.65.234.26:2222
90.65.236.181:2222
90.68.84.121:2222
92.1.83.210:2222
92.137.138.52:2222
92.154.83.96:2078
92.154.83.96:2222
92.17.167.87:2222
92.5.146.37:2222
92.59.35.196:2222
93.118.214.168:2222
93.149.253.201:2222
96.20.108.17:2222
96.20.238.2:2078
96.20.238.2:2083
96.20.238.2:2087
96.20.238.2:2222
96.20.238.2:61201
96.21.251.127:2222
96.22.239.27:2222
96.23.62.35:2222
96.27.47.70:2222
96.35.170.82:2078
96.35.170.82:2222
96.56.237.174:32103
96.57.188.174:2222
97.127.144.203:2222
97.69.160.4:2222
97.84.210.38:2222
98.16.70.197:2222
98.207.89.76:2222
98.23.52.168:2222
98.30.44.223:2222

# Reference: https://app.any.run/tasks/b9a2ae6f-4feb-451d-adbf-779e82c45009/

piket.smkyaspim.sch.id

# Reference: https://app.any.run/tasks/7c061adf-e2e1-45b3-91dc-81151117dd9d/

citycarmen.com/lvhyf/

# Reference: https://blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/

http://95.77.144.238
china.asiaspain.com/tertgev/1247015.png

# Reference: https://twitter.com/ankit_anubhav/status/1324306444334764033
# Reference: https://app.any.run/tasks/84f1e2cb-577f-4582-9cd8-36e92d60b897/

nics.co.id/yftxdru/1254750.png

# Reference: https://www.virustotal.com/gui/ip-address/172.87.157.235/relations

http://172.87.157.235/t3

# Reference: https://twitter.com/dark0pcodes/status/1327297011155152896
# Reference: https://twitter.com/1ZRR4H/status/1327358754501877762
# Reference: https://twitter.com/dark0pcodes/status/1333788584009101315
# Reference: https://twitter.com/jfslowik/status/1336354790192758785

cloudplatformsnq.com
fortinet-cloud-storage.com
fortinet-storage.com
fortinet-storage-class.com
/wbj/crt/uadmin/adm.php

# Reference: https://twitter.com/jstrosch/status/1332576642493984769

/lxjhux/923753.jpg

# Reference: https://www.virustotal.com/gui/file/a07e0fbaa48ba6e7fed7f97d46e32d78fe45f0a64fe0c59661ca12a1122b6057/detection
# Reference: https://www.virustotal.com/gui/domain/auroratd.cf/relations

auroratd.cf

# Reference: https://twitter.com/p5yb34m/status/1334216244308844545
# Reference: https://twitter.com/InQuest/status/1334427406027927553
# Reference: https://twitter.com/dms1899/status/1334420005887291392
# Reference: https://twitter.com/malware_traffic/status/1334969751509094402
# Reference: https://twitter.com/baberpervez2/status/1334653257197768704
# Reference: https://twitter.com/malware_traffic/status/1336136217004478465

/acavskwwkh/423323.jpg
/mmyubbktjopl/423323.jpg
/sqkqkx/423323.jpg
/eksmablcflfg/423323.jpg
/bxdskxok/423323.jpg
/rrblvgkx/423323.jpg
/uqiyr/423323.jpg
/yvwyz/423323.jpg
/nkmqsjd/904400.jpg
/aflwjjneuxg/904400.jpg
/mjbgpabrmph/590906.jpg
/glpmfgve/590906.jpg
/jjjjrfkb/590906.jpg
/uxpjm/590906.jpg
/cnevzpw/590906.jpg
/pmiore/590906.jpg
/wrfebtq/590906.jpg
/wlbleqhpxy/590906.jpg

# Reference: https://app.any.run/tasks/aab68f80-e4df-46cd-9dd6-8f6127336a0f/

/svgqcnjto/590906.jpg

# Reference: https://twitter.com/killamjr/status/1338924486419165186

ventas.website
/lewhqfhdky/5555555555.jpg

# Reference: https://twitter.com/MSteve25/status/1339181272812441601
# Reference: https://twitter.com/Mesiagh/status/1338946344174538752
# Reference: https://twitter.com/bit_dam/status/1341820952196251648

/aypgwsssu/5555555555.jpg
/criizszfsx/5555555555.jpg
/ddqgokffk/5555555555.jpg
/dubpsw/5555555555.jpg
/fvrxhmox/5555555555.jpg
/hjqipbuqsis/5555555555.jpg
/ozkuclxvlgjf/5555555555.jpg
/svwcp/5555555555.jpg
/xhrcex/5555555555.jpg
/zhsvrgfcs/5555555555.jpg

# Reference: https://twitter.com/reecdeep/status/1339973819470114823

demex.ro
onelink.com.bd/ds/1712.gif
/ds/1712.gif

# Reference: https://twitter.com/reecdeep/status/1352267772886216709
# Reference: https://tria.ge/210121-napv9vzmda

bbpqtf.com/qextstpcuumf/5555555555.jpg
digital-box.fr/hjmrcv/5555555555.jpg
leafybuy.com/norzygt/5555555555.jpg
rishtee.com/zbpxyo/5555555555.jpg
webdevelopmentinlahore.com/whoqvn/5555555555.jpg
/hjmrcv/5555555555.jpg
/norzygt/5555555555.jpg
/qextstpcuumf/5555555555.jpg
/whoqvn/5555555555.jpg
/zbpxyo/5555555555.jpg

# Reference: https://www.virustotal.com/gui/file/43fae3b384cd8ca7215b4baf9fd92d753be82b8eaf534b61b9762ee0f5843107/detection
# Reference: https://www.virustotal.com/gui/file/350e16ad2db661167dad6a457aa6970568fb24948001eb1c389cee57504237d5/detection

kangaroo.techonext.com/spywwafea/5555555555.jpg
/spywwafea/5555555555.jpg

# Reference: https://twitter.com/reecdeep/status/1356957674114580483

farias.art.br/ds/0302.gif

# Reference: https://twitter.com/reecdeep/status/1357280290427842561

mywebscrap.com/ds/0402.gif

# Reference: https://twitter.com/reecdeep/status/1357709480587382794

awakenbeautyhq.com/ds/0502.gif

# Reference: https://twitter.com/reecdeep/status/1358787552753430528

fastswitch.org/ds/0702.gif
flipahousebook.com/ds/0702.gif

# Reference: https://twitter.com/reecdeep/status/1359172653442039808

batarey.net/bcorucporp
panic-studios.dk/zqbvc
unit4.space/bjpeqzfvs
interluxcargo.kz/xncvbcbzw
immanta.com/zrqzfrsvu
lagacetadelopositor.com/sdrbzodvwi
test.frogmood.com/wssxsgqu

# Reference: https://twitter.com/reecdeep/status/1359467670148698113

upgradedagent.com/ds/1002.gif

# Reference: https://twitter.com/ps66uk/status/1361302529871654912
# Reference: https://twitter.com/reecdeep/status/1361305219016101891

darmatic.co.rs/ds/1502.gif
lmvidros.com.br/ds/1502.gif
zmprintingbd.com/ds/1502.gif

# Reference: https://twitter.com/reecdeep/status/1362030594264358914

intellectsmart.in/ds/1702.gif
transcription.net.au/ds/1702.gif

# Reference: https://twitter.com/reecdeep/status/1362404765137788929

lloydsindian.co.uk/ds/1802.gif

# Reference: https://urlhaus.abuse.ch/browse/tag/SilentBuilder/

118travel.net/ds/1512.gif
12.ossmarcial.com/ds/0812.gif
123sellfast.com/ds/2312.gif
62.113.113.250/ds/11.gif
62.113.117.225/ds/11.gif
81.4.106.224/ds/1002.gif
acarchidesign.com/ds/0402.gif
adapttostress.co.za/ds/0502.gif
africaincoming.com/ds/1002.gif
alkem.ro/ds/021220.gif
alnujaifi-portal.com/ds/3101.gif
alphabravo.com.br/ds/1702.gif
artwebsite.uk/ds/1512.gif
asimarsy.mycpanel.rs/ds/0902.gif
aula-web.space/ds/2112.gif
aurobliss.com/ds/1502.gif
auroratd.cf/ds/291120.gif
autoabi.pl/ds/021220.gif
awakenbeautyhq.com/ds/0502.gif
axwaydatamasters.com/ds/0502.gif
backup.agewsage.com/ds/1412.gif
bagrover.com/ds/291120.gif
barastea.com/ds/061220.gif
behendige-boxers.nl/ds/0902.gif
bellababy.com.sa/ds/0902.gif
bhtt.vn/ds/021220.gif
birdexim.com/ds/231120.gif
bizarrestudio.net/ds/1612.gif
body.inmedlabs.co.ke/ds/1702.gif
boomideas.pro/ds/0902.gif
bsma.com.bd/ds/2112.gif
bucklindata.net/ds/061220.gif
bumka.com.ua/ds/291120.gif
cacso.org.ng/ds/041220.gif
cards.vaults.ga/ds/0812.gif
casadodestino.com/ds/1802.gif
castingparaguay.com/ds/3101.gif
ccvip.ca/ds/021220.gif
chili.id/ds/041220.gif
clinica-cristal.com/ds/3101.gif
cloud.sofal.com.my/ds/2112.gif
cnc-burundi.bi/ds/2112.gif
compucamp.ink/ds/0502.gif
comunaolari.ro/ds/2112.gif
cpc-spa.cl/ds/021220.gif
crizal.gr/ds/1002.gif
curs.mariamarian.md/ds/1702.gif
cyantech.com/ds/041220.gif
dahasa.danaweb.vn/ds/061220.gif
dailyswail.org/ds/1612.gif
dcain.physio123.com/ds/1602.gif
debragordon.com/ds/1712.gif
demex.ro/ds/1712.gif
depositoclara.com.br/ds/0702.gif
dev.northzone.it/ds/2312.gif
dev.zemp.com/ds/291120.gif
distribuidoramc.com/ds/0502.gif
dpoonabakers.com/ds/1512.gif
dropclose.com/excel/shared.xls
dtmh.gr/ds/231120.gif
duburimusic.com/ds/0812.gif
duniaraha.com/ds/0902.gif
eliteblogspot.com/ds/0702.gif
elixerdigitall.com/ds/1412.gif
ermi.co.zw/ds/2312.gif
etechpk.net/ds/1512.gif
events.sayphin.org/ds/0302.gif
expandcpa.com/ds/291120.gif
eyeqoptical.ca/ds/0302.gif
eyeqoptical.ca/ds/3101.gif
fangs.co.in/ds/1512.gif
farias.art.br/ds/0302.gif
fcco1936.com/ds/231120.gif
ffa.odessa.ua/ds/1512.gif
foresah.com/ds/1712.gif
fotospek.com/ds/2112.gif
ftabajamexicali.com/ds/1002.gif
fu5on.com/ds/231120.gif
furgonsuperior.com/ds/2112.gif
gbhtrade.com.br/ds/3101.gif
gener8media.gi/ds/061220.gif
gerrusi.ru/ds/021220.gif
globaltravel-jo.com/ds/2112.gif
gotoshopping.pk/ds/1502.gif
gravitysoft.in/ds/1712.gif
groupeicaetudes.com/ds/0302.gif
gst-system.com/ds/0902.gif
gtroot.edulinellc.mn/ds/0502.gif
guarartloja.com.br/ds/2112.gif
halalcosmetics.uz/ds/2112.gif
hannesc.com/ds/2112.gif
he.thenamestork.com/ds/1512.gif
hoyamu.tellwhom.com/ds/1512.gif
hwsm-global.com/ds/2312.gif
icveritas.pe/ds/1002.gif
imzps.co.za/ds/041220.gif
inpulsion.net/ds/0702.gif
instamef.webd.pl/ds/0812.gif
israrulhaq.me/ds/1312.gif
izmirburo.com/ds/0812.gif
jathra.co.uk/ds/0402.gif
joostpieter.com/ds/1412.gif
jordanbetterworkplace.org/ds/1802.gif
jordanembassy.or.id/ds/1502.gif
joycapas.com.br/ds/0402.gif
kabinarf.ru/ds/0402.gif
kashful.softwarebd.biz/ds/1802.gif
kavok.ind.br/ds/2312.gif
kbpertiwi.sch.id/ds/0702.gif
keatonberry.me/ds/1412.gif
kelwinsales.com/ds/1702.gif
kgvidhyashram.in/ds/1512.gif
khaugalliindia.com/ds/0812.gif
kientrucadhome.vn/ds/1512.gif
kiniti.net/ds/0402.gif
kliksini.web.id/ds/061220.gif
l.loungu.com/ds/231120.gif
legalpyramids.com/ds/1312.gif
lenimar.com/ds/021220.gif
level-travel.com/ds/2112.gif
linhtumblr.com/ds/2312.gif
luxtorcred.com.br/ds/1002.gif
m2melectronica.com.ar/ds/1002.gif
man.myanmarfas.com/ds/2112.gif
mapleleafnetwork.net/ds/1502.gif
marcostrombetta.com.br/ds/1802.gif
marka.mikronexus.net/ds/0302.gif
martastrubing.com/ds/1002.gif
masadahtime.com/ds/0812.gif
me48.ru/ds/231120.gif
mecamath.com/ds/1712.gif
medstori.com/ds/0902.gif
mempresariales.com/ds/061220.gif
mercados247.com/ds/1602.gif
micmart.store/ds/291120.gif
minet-it.com/ds/021220.gif
miraclecollagen.co.za/ds/1802.gif
mmsesquadrias.com.br/ds/1002.gif
my.loungu.com/ds/1312.gif
mygrandmomskitchen.com/ds/1802.gif
narumi.mn/ds/041220.gif
nearlearn.com/ds/1612.gif
net.cyantech.com/ds/0402.gif
news24mrl.com/ds/1312.gif
newstimeurdu.com/ds/3101.gif
ngoonlinebd.com/ds/0402.gif
novavista.com.py/ds/1612.gif
nrdsbd.org/ds/0702.gif
nyuscape.xyz/ds/291120.gif
ochko123.net/details.xls
oleohitec.com.co/ds/1612.gif
omenstyle.pk/ds/2112.gif
onelink.com.bd/ds/1712.gif
outdoorsphoto.net/ds/1512.gif
p-clone.net/ds/021220.gif
pamltd.co.uk/ds/1502.gif
pin.crptechs.com/ds/0702.gif
planetaiphone.com.mx/ds/0902.gif
platechmold.co.id/ds/1002.gif
pos.staysafe.pk/ds/1412.gif
pqrs.enelar.net.co/ds/1002.gif
prisecomparer.com/ds/1512.gif
probit.digital/ds/0402.gif
proco.lt/ds/021220.gif
rdpspuraini.com/ds/1612.gif
rebeccaumblewhite.com/ds/0502.gif
remacon.net/ds/3101.gif
remedial.aaua.edu.ng/ds/1502.gif
rhinoclothes.com/ds/2312.gif
ruggedcall.com/ds/1002.gif
s-system.ba/ds/1702.gif
sadgad.ru/ds/231120.gif
safetylad.com/ds/2312.gif
saisoftwareinc.com/ds/1002.gif
savasaachi.systems/ds/0302.gif
secam.mycpanel.rs/ds/1002.gif
seligue.net/ds/231120.gi
servicespro.com.pk/ds/3101.gif
shop.paritetdom.ru/ds/1612.gif
shopee.gr/ds/021220.gif
skconstruction.info/ds/3101.gif
ski-travel.pl/ds/231120.gif
skycitymall.co.in/ds/0812.gif
smartgal.us/ds/041220.gif
smf.design4u.ca/ds/0702.gif
softwarecpanel.com/ds/2112.gif
starminimall.com/ds/061220.gif
stevie-m.co.uk/ds/0302.gif
sunmarkholidays.com/ds/0702.gif
surmaconcrete.com/ds/1412.gif
swedenfoods.net/ds/1712.gif
syifabioderma.com/ds/0902.gif
tacefradio.com/ds/1312.gif
tact9.in/ds/1612.gif
talkeasy.in/ds/2312.gif
tearsoftheearth.org/ds/0702.gif
test.dawwie.com/ds/0812.gif
tetek.ru/ds/041220.gif
th.czonediver.com/ds/061220.gif
thetravelingcard.com/ds/0302.gif
tiesta.in/ds/291120.gif
titanautomobiles.com/ds/1002.gif
tolensociety.com/ds/1312.gif
toptipsoffice.us/data_order.php
toptoffice.us/data_order.php
toyotacollege.ac.th/ds/1312.gif
tt-office.us/data_order.php
ttoffices.us/order_data.php
tv5a.com.br/ds/1612.gif
upsfrance-download.com/ireo.png
used-jeans.fr/ds/1702.gif
utbapp.poweritbd.com/ds/0302.gif
vdonkihot.ru/ds/041220.gif
vendedorfenix.com/ds/1602.gif
vestelbd.com/ds/1802.gif
viraugra.com/ds/291120.gif
vmusicsound.com/ds/1412.gif
vytyazhki.by/ds/291120.gif
xn--72c0bbr3dtble.com/ds/0902.gif
yamm.com.my/ds/2312.gif
yanyosa.com/ds/021220.gif

# Reference: https://twitter.com/p5yb34m/status/1362469846634491904
# Reference: https://pastebin.com/raw/7mH09Yyv

biblicalisraeltours.com/otmchxmxeg/
jugueterialatorre.com.ar/xjzpfwc/
pathinanchilearthmovers.com/eznwcdhx/
rzminc.com/fdzgprclatqo/
rzminc.com/xklyulyijvn/

# Reference: https://twitter.com/wato_dn/status/1362661494198996993
# Reference: https://tria.ge/210219-velay7211j

7ruzezendegi.com/samsgtlfwzt/
batikentklinik.com/qtuofsxtov/
chandni.pk/ictrljsfuh/
dindorf.com.ar/ntpnttfypqs/
miaovideo.com/wwdtfgdlijlr/

# Reference: https://twitter.com/p5yb34m/status/1362879210952400902
# Reference: https://pastebin.com/raw/8rth91je

erp.demosoftware.biz/focahjqevd/
jayshreewoods.com/gvazzbwlvyk/
parama-college.id/yxpmmmg/
raivens.com/zdmqwymhhza/
sportsmarquee.com/hmffuzbolyio/

# Reference: https://twitter.com/reecdeep/status/1362716892792823809

i345999.hera.fhict.nl/ds/1902.gif

# Reference: https://twitter.com/reecdeep/status/1363853849283428354

mavenconsulting.com.pk/ds/2202.gif

# Reference: https://twitter.com/p5yb34m/status/1364646433517752322

fernway.com/xjhuljbqv/
hdmedia.pro/noexyryqori/
stadt-fuchs.net/gwixglx/
sumonpro.xyz/nseoqnwbbvmc/
vngkinderopvang.nl/rmyjq/

# Reference: https://twitter.com/pmmkowalczyk/status/1364850641433219074

dicomm-001-site35.ctempurl.com/pmslsda/
dnvillas.com/ncmlzqphuqma/
eventpeople.pro/cfuizfotpz/

# Reference: https://twitter.com/fr0s7_/status/1365308651636989954

rlyrt26rnxw02vqijgs.com

# Reference: https://twitter.com/reecdeep/status/1366406191312683009
# Reference: https://twitter.com/peterkruse/status/1366407348202389505
# Reference: https://twitter.com/InQuest/status/1366447657904992259
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt

emqjj27ljgl02hqqzi.com
jqilt27xsbz02anaeu.com
nygvj27cvlk02cktf.com
rlvq27rmjej02sfvb.com
vyw27lfrvoj02kkxo.com
wnah27frybfe02sadb.com
/fedara.gif

# Reference: https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
# Reference: https://otx.alienvault.com/pulse/603fd483e52dabf8b0e6223d
# Reference: https://www.virustotal.com/gui/ip-address/8.209.64.96/relations

beazf26awkee02gvog.com
cyh26wcekai02atpeax.com
emqjj27ljgl02hqqzi.com
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
gbza26rngn02bekll.com
ghtyrncjf2df.com
hqn27dyhvwp02wznv.com
hqzf28ebdjjm02ywyxek.com
jqilt27xsbz02anaeu.com
kfzhm28pwzrlk02bmjy.com
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
pbdq26xjey02uprxwx.com
pxiw28jgmb02slcqxq.com
qab26utxb02pquc.com
qcywk28rcywfw02ehij.com
qxloq28vhjko02eiiagg.com
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sbr28gizur02fcxtz.com
sfhbv28xhvi02fbok.com
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ugrl28bxsnh02kohk.com
uovxx28jqdgp02kzseg.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
wlog28dzzmi02spfin.com
wnah27frybfe02sadb.com
ydw27hfhbk02zpidmv.com

# Reference: https://pastebin.com/XvH8rDBD

cidn02mjco03pobx.com
dskl02touc03jeby.com
etysu02scnabr03wzaxue.com
hqcaz02egeq03bvmhm.com
inpa02lzjvt03anas.com
lic02uiccnh03nruvp.com
ououz02naba03oiyd.com
ppk02dmgmzj03dxekog.com
uhfa02eknih03swzdku.com
zkkn02lffiff03zkmh.com

# Reference: https://tria.ge/210305-z4hdat5hzs/static1

dzw10jpcgj03fckc.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.97.177/relations

cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
cyh26wcekai02atpeax.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
ftkaq03ihfbh03rehx.com
gbza26rngn02bekll.com
ghtyrncjf2df.com
hei03tfxv03mahl.com
ihjpn03sijjl03dtmtr.com
jam03iofwv03jniedf.com
kyvws03ndah03hecon.com
lic02uiccnh03nruvp.com
pbdq26xjey02uprxwx.com
qab26utxb02pquc.com
sal03gicu03qcwtif.com
toqku26hwpu02shuroh.com
vpu03jivmm03qncgx.com
xgka03stox03cloeqz.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
zkkn02lffiff03zkmh.com

# Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations
# Reference: https://www.virustotal.com/gui/file/d9eded39c99656747708e72c395c9a542d427e588c5343c8e512262f3a42f35b/detection

jhj10jtvwu03zsjwk.com
tmrz10fxhy03ntxjf.com
ttj10qrrqx03kdts.com
xjw10whta03ytgdi.com
ywgiu10zmnwcx03vpnyp.com

# Reference: https://twitter.com/reecdeep/status/1370032331914895360

caqp10snyod03msvsqu.com

# Reference: https://www.virustotal.com/gui/file/e15245fdf2ed6b28499cddd0961265247df5c69158016d0a6e125abbdee49ebb/detection
# Reference: https://www.virustotal.com/gui/ip-address/8.210.31.137/relations

ablefullrun.xyz
actschoolserious.xyz
actsincenose.xyz
actuallyrecognizepack.xyz
afterfreecolou.xyz
agentteartoward.xyz
agreekillsleep.xyz
airtinybrother.xyz
alreadyemptylock.xyz
ammotionmany.xyz
amr16pzcp03omerd.com
amr16pzcp03omerd.xyz
anywayhourtrue.xyz
apartmentmomentgod.xyz
armhowlettershouldr.xyz
armycertainblade.xyz
aroundlatebeen.xyz
attentiongrowdistance.xyz
bedwhoelevator.xyz
belowshopboat.xyz
bpxe15jijmh03ubiwhh.xyz
bqx12lnjk03rrdio.xyz
burstuniformreturn.xyz
calmshipchance.xyz
caqp10snyod03msvsqu.com
cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
commandbebetween.xyz
coollivingmind.xyz
cyh26wcekai02atpeax.com
darkfoodlight.xyz
dskl02touc03jeby.com
dzw10jpcgj03fckc.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
everythincausenews.xyz
evz15lmlir03sygmyr.xyz
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
fqzzj16gndioz03mxadr.com
fqzzj16gndioz03mxadr.xyz
frownexpressionfoot.xyz
ftkaq03ihfbh03rehx.com
fyz10eijkl03mytjfb.com
gbza26rngn02bekll.com
gcfxb12aefoyn03epdoji.xyz
ghtyrncjf2df.com
glassmuchhuge.xyz
hei03tfxv03mahl.com
holeenoughmore.xyz
hqcaz02egeq03bvmhm.com
hqn27dyhvwp02wznv.com
ihjpn03sijjl03dtmtr.com
inpa02lzjvt03anas.com
ipok12bcame03shzpiq.xyz
jam03iofwv03jniedf.com
jgu16cbxdr03ehqvx.com
jgu16cbxdr03ehqvx.xyz
jhj10jtvwu03zsjwk.com
jqilt27xsbz02anaeu.com
klhlh16zldwun03vlpq.com
klhlh16zldwun03vlpq.xyz
kyvws03ndah03hecon.com
lbgyn15pchoit03azhs.xyz
lic02uiccnh03nruvp.com
lxoyw10bipu03ilyig.com
nvelj12qyyfi03kqxy.xyz
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
openalreadygather.xyz
ououz02naba03oiyd.com
pbdq26xjey02uprxwx.com
ppk02dmgmzj03dxekog.com
qab26utxb02pquc.com
quitelifebreak.xyz
rcj16whwaqg03pmrp.com
rcj16whwaqg03pmrp.xyz
rdraj16rwjw03xnli.com
rdraj16rwjw03xnli.xyz
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sal03gicu03qcwtif.com
showcertainlychair.com
somebodysergeantshop.xyz
spreadgathertruth.xyz
tmrz10fxhy03ntxjf.com
todayfewnear.xyz
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ttj10qrrqx03kdts.com
uhfa02eknih03swzdku.com
uqtgo16datx03ejjz.com
uqtgo16datx03ejjz.xyz
uqw16atsxge03cbwwx.com
uqw16atsxge03cbwwx.xyz
usy15wycqme03dymh.xyz
vad12mhpfp03vyfl.xyz
vdk10pfsny03tzfva.com
vpu03jivmm03qncgx.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
wecrashdoctor.xyz
whiteotherwhole.xyz
wnah27frybfe02sadb.com
wquwb16swlxr03miuell.com
wquwb16swlxr03miuell.xyz
xgka03stox03cloeqz.com
xjw10whta03ytgdi.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
ykv16cmtign03mfeen.com
ykv16cmtign03mfeen.xyz
ywgiu10zmnwcx03vpnyp.com
zkkn02lffiff03zkmh.com
zltw15tzezi03nbmru.xyz

# Reference: https://twitter.com/ps66uk/status/1370078419879362572

lxoyw10bipu03ilyig.com
tmrz10fxhy03ntxjf.com
vdk10pfsny03tzfva.com

# Reference: https://twitter.com/James_inthe_box/status/1370430017830756356

/44265.6787289352.dat

# Reference: https://twitter.com/pmmkowalczyk/status/1370072095925927941

/44266.6080112269.dat

# Reference: https://twitter.com/malware_traffic/status/1370115044734861312

/44266.8078175926.dat

# Reference: https://twitter.com/p5yb34m/status/1370436549691645954

/44267.7472592593.dat

# Reference: https://twitter.com/malware_traffic/status/1370520363520696336

/44267.9354760417.dat

# Reference: https://twitter.com/p5yb34m/status/1371509011825057794

/44270.7073414352.dat

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-15-IcedID-IOCs.txt

/44270.7145450231.dat

# Reference: https://twitter.com/James_inthe_box/status/1372268803833294852
# Reference: https://www.virustotal.com/gui/file/cd90621a36e92dfa4b49a804478522670685f234a3916c648779be639f553284/detection

/44272.6229643519.dat

# Reference: https://www.virustotal.com/gui/file/5aaef4f77b79d4bca0df0eae1e2d695da65cd858421f243273fc273afee30b3c/detection

/44272.3462201389.dat

# Reference: https://twitter.com/reecdeep/status/1372511120502759424
# Reference: https://app.any.run/tasks/d46b7411-f9ec-4fd0-ac24-bc9424a5671e/

http://185.82.219.219
http://188.127.231.55
http://45.140.146.180
/44273.5055075232.dat

# Reference: https://twitter.com/peterkruse/status/1372515989913530371

http://185.82.219.80
http://188.119.112.125
http://188.127.230.133
/44272.8138383102.dat

# Reference: https://www.malware-traffic-analysis.net/2021/03/19/index.html

http://185.82.219.225
http://188.127.237.152
/44274.6591174769.dat

# Reference: https://twitter.com/malware_traffic/status/1370520363520696336

# Reference: https://twitter.com/reecdeep/status/1370324080340168704
# Reference: https://twitter.com/reecdeep/status/1370331381277016068
# Reference: https://app.any.run/tasks/cb8d105e-f9b6-4c70-9df5-c1ce912b8586/

bqx12lnjk03rrdio.xyz
gcfxb12aefoyn03epdoji.xyz
ipok12bcame03shzpiq.xyz
nvelj12qyyfi03kqxy.xyz

# Reference: https://twitter.com/InQuest/status/1370473713888542722

fyz10eijkl03mytjfb.com

# Reference: https://twitter.com/reecdeep/status/1371794991614398466

ykv16cmtign03mfeen.com

# Reference: https://otx.alienvault.com/pulse/6050fb82f9a8e34a3ce2b4c1

ablefullrun.xyz
actschoolserious.xyz
actsincenose.xyz
actuallyrecognizepack.xyz
afterfreecolou.xyz
agentteartoward.xyz
agreekillsleep.xyz
airtinybrother.xyz
alreadyemptylock.xyz
ammotionmany.xyz
amr16pzcp03omerd.com
amr16pzcp03omerd.xyz
anywayhourtrue.xyz
apartmentmomentgod.xyz
armhowlettershouldr.xyz
armycertainblade.xyz
aroundlatebeen.xyz
attentiongrowdistance.xyz
beazf26awkee02gvog.com
bedwhoelevator.xyz
belowshopboat.xyz
bpxe15jijmh03ubiwhh.xyz
bqx12lnjk03rrdio.xyz
burstuniformreturn.xyz
calmshipchance.xyz
caqp10snyod03msvsqu.com
cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
commandbebetween.xyz
coollivingmind.xyz
cyh26wcekai02atpeax.com
dskl02touc03jeby.com
dzw10jpcgj03fckc.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
everythincausenews.xyz
evz15lmlir03sygmyr.xyz
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
fqzzj16gndioz03mxadr.com
frownexpressionfoot.xyz
ftkaq03ihfbh03rehx.com
fyz10eijkl03mytjfb.com
gbza26rngn02bekll.com
gcfxb12aefoyn03epdoji.xyz
ghtyrncjf2df.com
hei03tfxv03mahl.com
holeenoughmore.xyz
hqcaz02egeq03bvmhm.com
hqn27dyhvwp02wznv.com
hqzf28ebdjjm02ywyxek.com
ihjpn03sijjl03dtmtr.com
inpa02lzjvt03anas.com
ipok12bcame03shzpiq.xyz
jam03iofwv03jniedf.com
jgu16cbxdr03ehqvx.com
jgu16cbxdr03ehqvx.xyz
jhj10jtvwu03zsjwk.com
jqilt27xsbz02anaeu.com
kfzhm28pwzrlk02bmjy.com
klhlh16zldwun03vlpq.com
kyvws03ndah03hecon.com
lbgyn15pchoit03azhs.xyz
lic02uiccnh03nruvp.com
lxoyw10bipu03ilyig.com
march-socat01.com
march-socat01.xyz
marchassl01.com
marchassl012.com
mearmyarea.xyz
nvelj12qyyfi03kqxy.xyz
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
openalreadygather.xyz
ououz02naba03oiyd.com
pbdq26xjey02uprxwx.com
ppk02dmgmzj03dxekog.com
pxiw28jgmb02slcqxq.com
qab26utxb02pquc.com
qcywk28rcywfw02ehij.com
quitelifebreak.xyz
qxloq28vhjko02eiiagg.com
rcj16whwaqg03pmrp.com
rdraj16rwjw03xnli.com
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sal03gicu03qcwtif.com
sbr28gizur02fcxtz.com
sfhbv28xhvi02fbok.com
spreadgathertruth.xyz
testframeline.xyz
theredearmovie.xyz
tirephonerun.xyz
tmrz10fxhy03ntxjf.com
todayfewnear.xyz
togetheremptymind.xyz
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ttj10qrrqx03kdts.com
ugrl28bxsnh02kohk.com
uhfa02eknih03swzdku.com
uovxx28jqdgp02kzseg.com
uqtgo16datx03ejjz.com
uqw16atsxge03cbwwx.com
usy15wycqme03dymh.xyz
vad12mhpfp03vyfl.xyz
vdk10pfsny03tzfva.com
vpu03jivmm03qncgx.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
walkwellquite.xyz
whiteotherwhole.xyz
wishdadwhisper.xyz
wlog28dzzmi02spfin.com
wnah27frybfe02sadb.com
wquwb16swlxr03miuell.com
xgka03stox03cloeqz.com
xjw10whta03ytgdi.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
ykv16cmtign03mfeen.com
ywgiu10zmnwcx03vpnyp.com
zkkn02lffiff03zkmh.com
zltw15tzezi03nbmru.xyz

# Reference: https://otx.alienvault.com/pulse/605274d69b83780319fac22a
# Reference: https://app.any.run/tasks/0ebbef51-244d-4f9f-9bfb-5bd1db5d2dda
# Reference: https://app.any.run/tasks/04d6eb2d-9548-48d4-8968-a1b079e9cd19
# Reference: https://app.any.run/tasks/c3132802-4657-44df-a7f9-00dff79dfd85

fqzzj16gndioz03mxadr.xyz
rcj16whwaqg03pmrp.xyz
uqtgo16datx03ejjz.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1372559634150592512

lem18iuru03vwvqwt.xyz

# Reference: https://twitter.com/reecdeep/status/1372890526203179009
# Reference: https://www.virustotal.com/gui/ip-address/35.228.48.27/relations

caqp10snyod03msvsqu.com
dfyf19fytrc03magy.xyz
dzw10jpcgj03fckc.com
evz15lmlir03sygmyr.xyz
ghtyrncjf2df.com
ppk02dmgmzj03dxekog.com
qsklc19fboh03zlewu.xyz
qsmbo18vxondw03uimrc.xyz
rcj16whwaqg03pmrp.com
rlyrt26rnxw02vqijgs.com
rmdwk19obfzrq03ohby.xyz
ttj10qrrqx03kdts.com
wyhfi19vkwt03hcrle.xyz
ywgiu10zmnwcx03vpnyp.com

# Reference: https://www.virustotal.com/gui/ip-address/34.65.218.17/relations

aath22rzmo03mvewdj.xyz
drt22uhfjmz03ltxc.xyz
ewiak22wbzmpq03ysileo.xyz
rcwj22jxyvt03swnlt.xyz
tvzhp22pzrh03vdawn.xyz
wnsx22gdouo03tuyu.xyz
xsd22aeofw03lqzf.xyz

# Reference: https://twitter.com/malware_traffic/status/1374800753173352450
# Reference: https://twitter.com/reecdeep/status/1374361487205089282
# Reference: https://www.virustotal.com/gui/ip-address/35.204.191.93/relations
# Reference: https://otx.alienvault.com/pulse/605a414709647aca906c467c/

http://45.150.67.226
/44279.7753403935.dat
amr16pzcp03omerd.xyz
beg23crlsak03wwzwc.xyz
brannon-powlowski25d.xyz
crooks-cooper24g.xyz
demetris9127f.com
dennis-hill25lw.xyz
fegr23ylwp03yfvm.xyz
ghtyrncjf2df.com
hardy-parker27ea.com
hprosacco25i.xyz
ire22wndw03opoq.xyz
kassandra5024d.xyz
lvv23blili03ujrxcp.xyz
lxoyw10bipu03ilyig.com
mtk23gqakwj03bzds.xyz
olfs23kvri03wyyb.xyz
ovesf23knfg03eixqds.xyz
plangosh27a.com
qvqy23thdsed03xjeqtf.xyz
rgleason25s.xyz
rlyrt26rnxw02vqijgs.com
rosenbaum-jaida24nz.xyz
rsjb23tnxjng03dgiy.xyz
sarai7227dl.com
treutel-jamir25ju.xyz
usy15wycqme03dymh.xyz
virgie-will27pn.com
vyhml26anpfyb02aqsehz.com
wsbc23imtnnc03lrmpxa.xyz
xherzog24pv.xyz
yar03jmtvr03jtqg.com
yzq24meogxq03bsvfu.xyz

# Reference: https://twitter.com/JRoosen/status/1376994339281309699

agenbolatermurah.com/ds/3003.gif
columbia.aula-web.net/ds/3003.gif
metaflip.io/ds/3003.gif
partsapp.com.br/ds/3003.gif
tajushariya.com/ds/3003.gif

# Reference: https://twitter.com/fr0s7_/status/1377588184226336772
# Reference: https://pastebin.com/fnd1tHh6

ieclb.com.br/ds/3103.gif
maharaniworld.com/ds/3103.gif
aycconsultoriaempresarial.com/ds/3103.gif
hashmati.com/ds/3103.gif
sgb.ac.ke/ds/3103.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1377929158593032192

jaishritours.com/ds/0204.gif
digitalcreations.co.in/ds/0204.gif
unityindiversity.in/ds/0204.gif
utabmis.ac.rw/ds/0204.gif
pinkpaprika.co.uk/ds/0204.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1379339978526883840

jacktech.jackindia.com/ds/0204.gif
moumitas.com/ds/0204.gif

# Reference: https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
# Reference: https://otx.alienvault.com/pulse/606f2e77342bd3d1fa7e8d34

http://188.127.254.114
holmesservices.mobiledevsite.co/ds/2803.gif
kfzhm28pwzrlk02bmjy.com
pokojewewladyslawowie.pl
/44270.5684626157.dat
/44270.7082388889.dat

# Reference: https://twitter.com/pmmkowalczyk/status/1382039816968212491

cesiroinsurance.com/ds/0604.gif
innermetransformation.com/ds/0604.gif
shalombaptistchapel.com/ds/0604.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1385643227538247680

shapoorjipallonji.online/drms/ind.html
studio.joellemagazine.com/drms/ind.html

# Reference: https://twitter.com/d4rksystem/status/1382979851892748290

glsiba.org/drms/body.html
jahthroneafricancrafts.com/drms/body.html

# Reference: https://twitter.com/teamcymru_S2/status/1387085777482489858

185.250.149.187:443

# Reference: https://twitter.com/MBThreatIntel/status/1390375540595507201

http://185.45.193.74
http://195.123.220.175
http://45.144.29.253
/44313.6048108796.dat

# Reference: https://madlabs.dsu.edu/madrid/blog/2021/04/30/qbot-analyzing-php-proxy-scripts-from-compromised-web-server/

http://91.193.180.161
91.193.180.161:7080
/first_loader/first_loader_qbz001.php
/first_loader_qbz001.php

# Reference: https://twitter.com/jstrosch/status/1354913027762622469
# Reference: https://github.com/jstrosch/malware-samples/tree/master/malware_infrastructure/2021/January/qbot_compromised_server

selfstoragemillionaires.com
/hxevjccijc.php
/mhqiFVdEBo.php

# Reference: https://www.virustotal.com/gui/file/521e6ab3da29cda2fc6399ac88289ed9762577ff4e9742a56ec89bf4521be6c1/detection

8.209.64.96:4039

# Reference: https://twitter.com/tosscoinwitcher/status/1384575076293439492

/44300.5396033565.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1392514493100531714

dsafarm.com/h03itpGP/ue.html
stateoftheartacademy.com.br/E4V8njAb2/ue.html
/E4V8njAb2/ue.html
/h03itpGP/ue.html

# Reference: https://twitter.com/JAMESWT_MHT/status/1393123509090533381

/44330.3435314815.dat

# Reference: https://www.virustotal.com/gui/file/1ecf737a0bd1cb4a25e09d8be8ce9700a8905fcc5891d2a80dbc17677b623553/detection

/44333.8078178241.dat

# Reference: https://www.virustotal.com/gui/file/14bfd4407897eb27a12125e23d08ac7c9be13e69959ffa77b4f7cea1cba2dae4/detection

/44333.7737885417.dat

# Reference: https://www.virustotal.com/gui/file/6befb1bcec9588b17d893ccdfdc0d4c008ce3cbe1671e792eea73829e93268f8/detection

/43976.6705686343.dat

# Reference: https://www.virustotal.com/gui/file/a6bcd1310d0703904889958ffb1bdc1e616ad5a4861519a2f055b03088a96a72/detection

http://185.183.98.29
http://188.165.62.17
http://195.123.221.179
/43976.835568287.dat

# Reference: https://twitter.com/bit_dam/status/1395471492427755525

http://190.14.38.106
http://193.38.54.246
http://51.89.73.152
/44336.7336625.dat

# Reference: https://twitter.com/reecdeep/status/1395296845375619076

http://103.155.93.169
http://45.67.228.153
http://51.89.73.149
/44329.6550195602.dat

# Reference: https://twitter.com/1ZRR4H/status/1395287974309474304
# Reference: https://pastebin.com/3Bmm16zt
# Reference: https://www.virustotal.com/gui/file/6d858e68b298e851836a55f5570c502b9a7bba79afd89c49c1345309f49a91f5/detection

droneteamproject.gr/BfWvudjrIQMF/utka.html
rallyautosport.com/CA2Sz1Pz33Sn/utka.html
dev.favterest.com/VBPFHU4UdmdT/filter.html
ethioshare.com/q22UgZzM3PV7/filter.html
digitrac.org/g31Qro72rb4Q/heart.html
swedish.askochembla.nl/6PNITEcbA/heart.html
academy.haleemcampus.com/GxaCS5azoZlJ/filter.html
tahaffuzenamooserisalat.com/YgUmSu/
jk-systems.in

# Reference: https://twitter.com/papa_anniekey/status/1402066103912697900

http://101.99.95.176
http://185.117.73.153
http://45.67.228.169
/44355.2896359954.dat

# Reference: https://twitter.com/ffforward/status/1401905278501670917

ibcu.cu.edu.eg/0eqB2jiJS/yy.html

# Reference: https://twitter.com/ffforward/status/1402973963853172741

control.sahum.gob.ve/ORqVv3i5b5e/zv.html

# Reference: https://twitter.com/pancak3lullz/status/1405566965553545225

http://101.99.95.230
http://103.155.92.217
http://185.219.43.60
http://190.14.37.2
http://194.36.189.154
http://45.67.230.241
/44364.4585763888.dat
/44364.3929405093.dat
