# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: smokeloader, retefe

# Reference: https://blog.malwarebytes.com/cybercrime/2018/01/fake-spectre-and-meltdown-patch-pushes-smoke-loader/

coolwater-ltd-supportid.ru
localprivat-support.ru
service-consultingavarage.ru

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

killermansopitu.com

# Reference: https://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-monero-miner-via-propagate-injection-technique.html
# Reference: http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/

nhocbo.bit

# Reference: https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html

ukcompany.me
ukcompany.pw
ukcompany.top

# Reference: https://twitter.com/ViriBack/status/1045123124910592000

supremebiz.info

# Reference: https://twitter.com/ViriBack/status/1047664167010926593

haxmall.in

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

/js/metrology/jma.php

# Reference: https://twitter.com/Racco42/status/1097990743711461376

lzlgoy4b17sy5.com

# Reference: https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/

5gssghhs2w.org
dvhwzq.ru
hdxaet.ru
hghwwgh6.info
jdcbhs.ru
kdcbst.ru
kkted54d.ru
si2113gher.com
vshmesz.com
vygxxhh.bit

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865
# Reference: https://www.virustotal.com/gui/domain/taj.co.ug/relations

taj.co.ug
/xzcqefxa/index.php

# Reference: https://twitter.com/James_inthe_box/status/1118534516379803648

anotherblock.bit

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

mynah505.com.kz

# Reference: https://otx.alienvault.com/pulse/5ccb14c894ed463151dcced4
# Reference: https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe

bizbhutanevents.com/wp-rss.php
kjkpropertysolutions.com/wp-rss.php
laserowakasia.pl/wp-rss.php
racyroyalcoin.com/wp-rss.php
thealtilium.com/wp-rss.php
ltro3fxssy7xsqgz.onion

# Reference: https://twitter.com/Antelox/status/1104350571430141952

3bbbccvomp5uhznz.onion
auybplpgam3c62tc.onion
hiv3dylycjbvgrxr.onion
m2pgzofn4w6ttgbb.onion
n6g66hecwbnf7bg4.onion

# Reference: https://twitter.com/peterkruse/status/1049669678086479877

jpxgaweyfdym5zv2.onion

# Reference: https://twitter.com/JaromirHorejsi/status/1017739363613102083

yzpayb4sqad7gnin.onion

# Reference: https://twitter.com/JaromirHorejsi/status/1106230909282541568

bozuniy4sgprvinf.onion

# Reference: https://twitter.com/JaromirHorejsi/status/816203736636915712

f3lrid44upxfgnbe.onion

# Reference: https://twitter.com/P3pperP0tts/status/1133502768935784448

thebotarmy.com

# Reference: https://twitter.com/_CPResearch_/status/1141080891529334784
# Reference: https://pastebin.com/gg4ni5Pm
# Reference: https://www.virustotal.com/gui/file/fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934/detection
# Reference: https://otx.alienvault.com/pulse/5d094cbf85df945a77c3fa45
# Reference: https://research.checkpoint.com/2019-resurgence-of-smokeloader/
# Reference: https://otx.alienvault.com/pulse/5d24b44109756f4227d75025

babolgum.icu
esupdate.icu
fileboard.live
mypromo.online
skcalladhellormi.xyz
vinomag.pw
alltest-service012505.ru
besttest-service012505.ru
biotest-service012505.ru
clubtest-service012505.ru
domtest-service012505.ru
infotest-service012505.ru
kupitest-service012505.ru
megatest-service012505.ru
mirtest-service012505.ru
mostest-service012505.ru
mytest-service01242505.ru
mytest-service012505.ru
newtest-service012505.ru
proftest-service012505.ru
protest-01242505.tk
protest-01252505.ml
protest-01262505.ga
protest-01272505.cf
protest-01282505.gq
protest-01292505.com
protest-01302505.net
protest-01312505.org
protest-01322505.biz
protest-01332505.info
protest-01342505.eu
protest-01352505.nl
protest-01362505.mobi
protest-01372505.name
protest-01382505.me
protest-01392505.garden
protest-01402505.art
protest-01412505.band
protest-01422505.bargains
protest-01432505.bet
protest-01442505.blue
protest-01452505.business
protest-01462505.casa
protest-01472505.city
protest-01482505.click
protest-01492505.company
protest-01502505.futbol
protest-01512505.gallery
protest-01522505.game
protest-01532505.games
protest-01542505.graphics
protest-01552505.group
protest-02252505.ml
protest-02262505.ga
protest-02272505.cf
protest-02282505.gq
protest-03252505.ml
protest-03262505.ga
protest-03272505.cf
protest-03282505.gq
protest-05242505.tk
protest-06242505.tk
protest-service01242505.ru
protest-service012505.ru
rustest-service012505.ru
rutest-service01242505.ru
rutest-service012505.ru
shoptest-service012505.ru
supertest-service012505.ru
test-service01242505.ru
test-service012505.com
test-service012505.eu
test-service012505.fun
test-service012505.host
test-service012505.info
test-service012505.net
test-service012505.net2505.ru
test-service012505.online
test-service012505.org2505.ru
test-service012505.pp2505.ru
test-service012505.press
test-service012505.pro
test-service012505.pw
test-service012505.ru.com
test-service012505.site
test-service012505.space
test-service012505.store
test-service012505.su
test-service012505.tech
test-service012505.website
test-service012505.xyz
test-service01blog2505.ru
test-service01club2505.ru
test-service01dom2505.ru
test-service01forum2505.ru
test-service01info2505.ru
test-service01land2505.ru
test-service01life2505.ru
test-service01plus2505.ru
test-service01pro2505.ru
test-service01rus2505.ru
test-service01shop2505.ru
test-service01stroy2505.ru
test-service01torg2505.ru
toptest-service012505.ru
vsetest-service012505.ru

# Reference: https://twitter.com/James_inthe_box/status/1144917655503040515

zeronde.in

# Reference: https://twitter.com/James_inthe_box/status/1148406371265593344

http://51.91.19.20

# Reference: https://twitter.com/malware_traffic/status/1090366374772383745

youlifesucks.life

# Reference: https://twitter.com/marcos_alvares/status/1158680329881882625

jok3r5.pw
ktngb33.pw
l0vew1n5.xyz

# Reference: https://twitter.com/nao_sec/status/1162581586644070400
# Reference: https://app.any.run/tasks/09dd4638-ca3f-4649-bc37-a5a452070083/
# Reference: https://twitter.com/tkanalyst/status/1162733635679617025
# Reference: https://app.any.run/tasks/9b3c4d44-2996-470e-be96-ce7ae94fa8cd/

advertserv99.club
ezstat.ru
gougounu.site
mailadvert2551mk29.club
popadvert.world
sdstat9551as4.club
statexadvert.club

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

zabugrom.bit

# Reference: https://twitter.com/i/status/1164236292407742464
# Reference: https://app.any.run/tasks/77a62614-4e5b-4e31-8a42-2238b3911194/

vilamax.home.pl
son0fman.pw

# Reference: https://twitter.com/nao_sec/status/1165997780675874816
# Reference: https://app.any.run/tasks/76f63a44-e603-43bf-8288-d9e01addcdba/

btcseller.club
zxtds.world

# Reference: https://twitter.com/tkanalyst/status/1170688633172443139
# Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/

advertserv25.world

# Reference: https://twitter.com/peterkruse/status/1171685525377495040
# Reference: https://twitter.com/tkanalyst/status/1173068957386866688
# Reference: https://pastebin.com/kZVikTtP
# Reference: https://www.virustotal.com/gui/ip-address/5.101.181.35/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.25.50.148/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.25.50.163/relations

advertland.net
advertmex.world
advertserv25.world
advertserv99.club
advexmai42dn.world
advexmail23mn.world
advexmail2551.club
advexmail255143x.club
advexmail2551fc7.club
advexmail270711.club
dsmail95.xyz
dsmailx9547.xyz
ecmero.com
fdmail70.club
griffintech.ru
kxserv65.club
kxserv652.club
kxservx6527.club
mailadvert17dt.world
mailadvert19.world
mailadvert2551.club
mailadvert2551zx1.club
mailadvert5917dx.world
mailadvert917dx.world
mailserv1551.club
mailserv1551ex97.club
mailserv1551kx3.club
mailserv171.club
mailserv7.club
mailserv75.com
mailserv85m.world
mailserv93fd.world
mailstat55.club
mailstat557.club
mailstatx5577.club
mextes.com
popadvert.world
sdstat901511.club
sdstat9551.club
sdstat955192rv.club
sdstat9551as4.club
sdstat9551pm3.club
sdstat95xz.world
sdstat97tp.world
serverupdate7.world
starserver45.world
starserver4551.club
starserver4551mx2.club
starserver715km.world
starserver75ms.world
statexadver32s.world
statexadver35111.club
statexadver3552.club
statexadver3552ap93.club
statexadver3552mn12.club
swissmarine.club
zel.biz
(advert|advertmarin|advertpage|advertserv|advertstar|advertstat|advexmai|aqstarserver|\w{1,3}xspot|blogserv|bstarserver|cmailad|cmailadvert|dgxxstarserver|gmailadvert|htdserv|cmailserv|dsmaild|fdmail|kmailserv|kstarserver|kxserv|kxservxmar|mailadvert|mailserv|mailsmall|mailstat|nadvexmail|pmadvert|psxadvexmail|pstarserver|pzlkxadvert|pzfdmserv|rmailserv|rstarserver|rexstat|rexspot|sdstat|servicem|serverupdate|smantex|starserver|statexadver|starxpush|txmvazmrserv|txmvpltadvert|txmvgbnserv|xzlkmcserv|zmailserv|zvwxadvexmail)[0-9][0-9a-z]+\.(com|club|world|xyz)

# Reference: https://www.virustotal.com/gui/file/b1b974ceee5968a8453e015356edfded1e9dcba5dda50320f78abf24a4a3e0dd/relations

195.201.161.25:2012

# Reference: https://twitter.com/benkow_/status/1164894072580071424

rollansdx.icu

# Reference: https://github.com/silence-is-best/c2db#smokeloader

thankg1.org

# Reference: https://app.any.run/tasks/59bf16be-0c99-43f7-954c-94f952f5eb84/

blogserv27.com

# Reference: https://twitter.com/OttoScav/status/1189220259842187264

careandhelporganization.co.ug

# Reference: https://twitter.com/James_inthe_box/status/1197128315519193088

manikurshoping.ru

# Reference: https://twitter.com/wwp96/status/1206660123256655874

dill10n1.pw/tg/

# Reference: https://twitter.com/James_inthe_box/status/1207417534103732224
# Reference: https://app.any.run/tasks/0d1e9add-f1bc-4387-9bb9-e9fa67f393f6/

jungl35.pw

# Reference: https://twitter.com/kyleehmke/status/1209107746437652480

cloudfront365.com

# Reference: https://twitter.com/James_inthe_box/status/1084282526649147392

fribola.com
mailcdn-office365.io
rocket365.to
update-vmware-service.com

# Reference: https://twitter.com/nao_sec/status/1212931538658004994
# Reference: https://app.any.run/tasks/929d4bd2-2442-45c7-8662-88affaa43cea/

054-235-2465.com
234-25-23-423.com
3053-325-43-253.com
324-23-32432.com
35-23-4532-34.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1217739290270191616
# Reference: https://app.any.run/tasks/2d3d98af-5fcd-4bb0-b0c2-b1fbb09175a4/

kinokritikboss.ru

# Reference: https://www.exposedbotnets.com/2017/10/bookwormsbiorhythmtopsmoke-loader.html

bookwormsbiorhythm.top
charlesadvanced.top

# Reference: https://twitter.com/killamjr/status/1221505288194232320
# Reference: https://app.any.run/tasks/2fa282b6-3e39-49c6-b642-20c8e979d218/

j5cool.xyz

# Reference: https://twitter.com/JayTHL/status/1222384280057319427

troubleshootingasaservice.com

# Reference: https://twitter.com/tkanalyst/status/1225614413350064129
# Reference: https://app.any.run/tasks/ba7e7df3-5eca-4c97-89b6-ddc54f358c36/

chuam365.site

# Reference: https://twitter.com/James_inthe_box/status/1228084030853173248
# Reference: https://app.any.run/tasks/791ddd7b-8e65-461a-9b36-2a023a01e81b/
# Reference: https://app.any.run/tasks/78da8635-9460-45b9-a386-39408008de10/

wdifsdf9820.site
wdifsdf9820.xyz

# Reference: https://pastebin.com/inmdCbi1

soapstampingmachines.com/a2/
soapstampingmachines.com/a/
mac-pro.it/1/

# Reference: https://twitter.com/nao_sec/status/1231149711517634560
# Reference: https://app.any.run/tasks/f1cf470c-ae7e-4831-bc2a-d845a6e616a2/
# Reference: https://www.virustotal.com/gui/file/6f545b2b4503530d6c7df25150a9d68f192b078410086a6073a72c34d3b5f0ea/detection

huivaritaslloa.info
infinitydeveloperspes.info
unverifiedintigoosjai.info

# Reference: https://twitter.com/nao_sec/status/1239137537328701442
# Reference: https://app.any.run/tasks/72580d88-98c9-4495-8321-27f0f6763a2c/

bakery365sawamura.website
offwhiteoallrightou.today

# Reference: https://twitter.com/nao_sec/status/1244567558499389440
# Reference: https://app.any.run/tasks/29d5e021-b083-4316-a9b0-5ad0669f1f39/

bealkian.today
ferymspaniumryou.today
tophundretgoods.today

# Reference: https://app.any.run/tasks/964e4bb8-5a59-496b-9fa8-c3799b6f687e/

ferymspaniumryou.today
sumrachnorber.agency
seamseamnim.today
ruffsdf.today
stopcfams.today
buchxuchsd.agency
girlaina.fun

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

cleancleankkl.net
ghjk78kjhb.net

# Reference: https://twitter.com/FaLconIntel/status/1255665102264528898
# Reference: https://app.any.run/tasks/3f461626-f5e7-4a6c-8b5b-f517bb5619e2/

165.22.96.155:3719
as-1.9hits.com
as-2.9hits.com
as-3.9hits.com

# Reference: https://exchange.xforce.ibmcloud.com/url/hfgfr56745fg.com/admin/gate.php

hfgfr56745fg.com

# Reference: https://www.virustotal.com/gui/file/016f95ec4da0bfd09781714004240abb4f79092b697ae3f3a0868dbfc68f7bf1/detection

45.142.214.39:2012

# Reference: https://twitter.com/reecdeep/status/1268489894306942976
# Reference: https://twitter.com/3rg4f4/status/1268470579541221377

agenciatributaria.site
transvil2.xyz
utenti.info
utenti.live

# Reference: https://twitter.com/reecdeep/status/1269911390141190144

flablenitev.site
lendojekam.xyz
lgrarcosbann.club
lpequdeliren.fun

# Reference: https://app.any.run/tasks/0f097295-2483-45fe-9e64-a55ca8033cb5/
# Reference: https://app.any.run/tasks/fabf6492-1583-4a83-8f7f-d1b9539d9a7c/
# Reference: https://www.virustotal.com/gui/domain/stoknolimchin.exnet.su/relations
# Reference: https://www.virustotal.com/gui/file/2e692927e6d8f711a6ab79e0b5cba6fd6608bfaa43415f1c634119bd296581d6/detection

bteyryeuliliezya.website
dilitainfstezya.website
etasuklavish.today
grammmdinss.today
iizminsaosgstezya.website
isemnisdsidfnstezya.space
kimchinikuzims.today
kimonodridstezya.website
kstlaspodastezya.space
kvkukodasstezya.website
lupadypa.dagestan.su
mragyzmachnobesdi.today
musaroprovadnikov.live
mvodicascdstezya.space
nastyagatezya.website
pikabysapindsstezya.website
roompampamgandish.wtf
skkrapchikuhdncstezya.space
slacvostinrius.today
stobikosdmstezya.website
stoknolimchin.exnet.su
stolkgolmishutich.termez.su
straponuliusyn.today
teemforyourexprensiti.life
viprasputinsd.chimkent.su
yptututdrfezya.website

# Reference: https://www.virustotal.com/gui/file/5bc98c9ee4c28735ed4e72d0b7e03aa824c17716d965b7b07c33a9629ef95335/detection

etasuklavish.today
grammmdinss.today
kimchinikuzims.today
lupadypa.dagestan.su
mragyzmachnobesdi.today
musaroprovadnikov.live
slacvostinrius.today
stoknolimchin.exnet.su
straponuliusyn.today
viprasputinsd.chimkent.su

# Reference: https://pastebin.com/5QKdKvZH

bblkatozainastezya.pet
bteyryeuliliezya.website
bzfdrtadestezya.abkhazia.su
dadadlodddstezya.space
dilitainfstezya.website
drandugaosissstezya.today
glovesddstezya.adygeya.su
iizminsaosgstezya.website
isemnisdsidfnstezya.space
kimonodridstezya.website
korybaxaya.today
kstlaspodastezya.space
ktxuentostsstezya.abkhazia.su
kvkukodasstezya.website
lambadadndstezya.adygeya.su
lgpakistandstezya.adygeya.su
mariusanna.live
mvodicascdstezya.space
nastyagatezya.website
olvnedorogocsnstezya.space
pcdakirgistanddstezya.adygeya.su
pikabysapindsstezya.website
promolniyaropsstezya.space
rastrirovaldrttezya.website
rdododopizzaarstezya.red
rumndadstezya.adygeya.su
semenoavsya.today
skkrapchikuhdncstezya.space
smkladryginichedkezya.today
sstempossdstezya.abkhazia.su
steplerstezya.today
stobikosdmstezya.website
vislouxoasstezya.pet
yptututdrfezya.website

# Reference: https://app.any.run/tasks/d87258f6-f4a5-426e-b6b7-addfe1a490e9/

4ermanderezya.website
bteyryeuliliezya.website
etasuklavish.today
grammmdinss.today
ihglassdzya.website
kimchinikuzims.today
klasgindtezya.space
kmileronurzya.website
lupadypa.dagestan.su
mikluhasya.website
mragyzmachnobesdi.today
musaroprovadnikov.live
pikabyatezya.website
riserdfnstezya.space
rufinurtdrfezya.website
slacvostinrius.today
stoknolimchin.exnet.su
straponuliusyn.today
streptokokusstezya.space
ticketbonus.fun
viprasputinsd.chimkent.su

# Reference: https://www.virustotal.com/gui/domain/swxadvexmail19mn.xyz/relations

swxadvexmail19mn.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1277749661676126209

adexhangetomatto.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1282950881273696259
# Reference: https://twitter.com/malwrhunterteam/status/1247931172811874305
# Reference: https://app.any.run/tasks/2e7abcd4-e6e1-4523-85c8-51db9134ebfa/
# Reference: https://app.any.run/tasks/15f42296-0d96-4536-a255-04105ec7339d/
# Reference: https://www.virustotal.com/gui/file/d3c075c5c6d9c6e8fcfda4a408c5bd8f5fc4c6ff6acf339293c50f72f89f585f/detection

amfibiyapolyakova.com
crocopexpire.ug
informatioshopname.ru
opetileon.ru
scproducts7.ru
siciliyaopartion.ru
yamaha.ug

# Reference: https://www.virustotal.com/gui/file/0dc377b173e5f1379ec75b49e2cb4c62872c36bf01958bf31070c37b5fd6e2c3/detection

10022020newfolder33417-01242510022020.space
10022020test146831-service1002012510022020.space

# Reference: https://app.any.run/tasks/024fa218-732d-40e7-b5f1-3b297935f57e/

rururmask4ermanderezya.website
rururmaskbteyryeuliliezya.website
rururmaskihglassdzya.website
rururmaskkmileronurzya.website
rururmaskkmoderatordstezya.website
rururmaskmikluhasya.website
rururmaskpikabyatezya.website
rururmaskprikchinhdncstezya.space
rururmaskriserdfnstezya.space
rururmaskrufinurtdrfezya.website
rururmasksilkavayssstezya.website
rururmaskstreptokokusstezya.space

# Reference: https://twitter.com/theDark3d/status/1294668801804468225
# Reference: https://www.virustotal.com/gui/file/b0f84f98fc1876b73c07fb048b7d2e069b862de7ab004c1afb0a2ab1edfe43f4/detection

advertxman7x.xyz
atxspot20x.xyz
dexspot2x.xyz
fdmail85.club
rexspot7x.xyz
rexstat35x.xyz
servicem977x.xyz
starxpush7x.xyz

# Reference: https://www.virustotal.com/gui/file/f5c1762f7b2e62540ed3340f3550844d6dd36e8f3c60f0e623cdbaca440944c7/detection

dgxxstarserver17km.xyz
psxadvexmail19mn.xyz

# Reference: https://www.virustotal.com/gui/file/0687165c7a9b105319ada7d1ea051a4852a5b2f32c81a322e6af98d0db9d9257/detection

htdserv985.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1300780509572857858
# Reference: https://bazaar.abuse.ch/sample/ad3bb3f26289dc46ab58afb6cdf67ca9a256519fd9d087a418f849f9bcb78c25/

dogewareservice.ru

# Reference: https://www.virustotal.com/gui/file/0d261d63162d4087a82d1f67012c781cc0aaa05fbe801566f9bffa8d23981736/detection

98iudjsandsas.info
dksjdhsjda89j.info
oi2jidsdjsdd.info

# Reference: https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/
# Reference: https://otx.alienvault.com/pulse/5f59270f9f09e5c82665a7b3

2831ujedkdajsdj.info
928eijdksasnfss.info
adexhangetomatto.space
bumblizz.com
canadaversaliska.info
chinadevmonster.top
dkajsdjiqwdwnfj.info
einlegesohle.com
encelava.com
intica-deco.com
krostaur.com
leiomity.com
surdised.com
uneaskie.com
websolvent.me

# Reference: https://app.any.run/tasks/cafe9b8b-03a7-41b3-854d-c21c67129fa9/

adexhangejuicyads.website

# Reference: https://app.any.run/tasks/991ee0d9-3989-486a-9b52-7a5c27dd315f/
# Reference: https://www.virustotal.com/gui/file/121143554df56a27877ea26c1a11bf2ca52334a76c563e6aa5408898ff35d521/detection

douyogads.xyz
etasuklavish.today
kimchinikuzims.today
line-mme.xyz
mragyzmachnobesdi.today
realy-chat.online

# Reference: https://twitter.com/Racco42/status/1313893751631368193
# Reference: https://app.any.run/tasks/1d9e80ef-ad3c-49a6-9df7-b4fc70ff412e/

gmbshop.ru
informatioshopname.ru
ucar.ug
ukronet.ru
wopropertyhomane.xyz

# Reference: https://www.virustotal.com/gui/ip-address/91.240.87.148/relations

explorupdate.xyz
updateexpplore.xyz

# Reference: https://www.virustotal.com/gui/file/724ce0d8ca978f9bb9004c2252fb51b44f96c87721d68582ec67268cbd8f13a5/detection

applediscussions3827.top

# Reference: https://www.virustotal.com/gui/file/70c2409fd7dc5e597a928f76e4f575adc2c37d73ee3eaee4dfa4081029218c93/detection

x-100new.com

# Reference: https://www.virustotal.com/gui/file/e12feee342a5b7d3e7b57d7dd4842b9c39f660525ae952c81acb6560e01f91f6/detection

goo0g2.xyz
j-20.best
japan-semui.xyz

# Reference: https://www.virustotal.com/gui/file/22618c273f6a28b18d6fd38b709371a415c6c61e424ca0b82b97870df78cfce5/detection

bankshopstars34321.com

# Reference: https://www.virustotal.com/gui/file/c0391f2d0673bc46b3e6de957545650a5f304a0b4b7d6560a733bf92ffd47102/detection

advert95.xyz
pmadvert70.xyz
rexspot7.xyz
zvwxadvexmail19mn.xyz

# Reference: https://www.virustotal.com/gui/file/468be88fa01e1a33af3db76c32051845e0560a264087a33c21ea63b7b9b31a1c/detection

masterrmaskkapsulrttezya.ru
real-chat.club

# Reference: https://www.virustotal.com/gui/file/91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f/detection

sm15sdsd.xyz

# Reference: https://twitter.com/pancak3lullz/status/1325834533934133248

rexspot7xm.xyz
txmvazmrserv194.xyz
txmvpltadvert275.xyz
txmvgbnserv639.xyz

# Reference: https://www.virustotal.com/gui/file/481f6865b6aea3558691e45e7c1de5d3d742a30a06cd4091c6af660b8ad9bf1d/detection
# Reference: https://www.virustotal.com/gui/file/eead77418d69043a8a2aff74fff2292890bca6d6cd26140800f1041f87867452/detection

36193378665f085b.club
56330638d76e1c9b.club
7139e7c222390629.xyz
range6d109e83.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1329783380305653767
# Reference: https://bazaar.abuse.ch/sample/cb76c19c178a71a5115ee308b51de416255de06d4e8226fdda8e59275a519c14/
# Reference: https://www.virustotal.com/gui/file/cb76c19c178a71a5115ee308b51de416255de06d4e8226fdda8e59275a519c14/detection
# Reference: https://www.virustotal.com/gui/file/255e2f5a73623eeada2438de7fe335e2ff3d3e56038da9d457d53770c6f62dba/detection
# Reference: https://www.virustotal.com/gui/ip-address/8.208.96.47/relations

akreusus2m.top
bonalore.top
cdncachefiles.top
manustor.top
memebia.top
memedonu.top
penotrona.top
perucant.top
ronerd.top
securityboulevard.top
treshmendklu.top
turaconte.top
webportaal.top

# Reference: https://twitter.com/FaLconIntel/status/1331245624797392898
# Reference: https://app.any.run/tasks/aeb0c845-5768-43e5-b490-db080cc23151/
# Reference: https://www.virustotal.com/gui/file/8afc2dd7267bbf83a46549f4e7731f6473610c33bc9ee41b4dd0b994c3a29473/detection

http://95.217.27.240
deutchlanddreaam.xyz
etasuklavish.today
kimchinikuzims.today
melt-asleeps.xyz
mragyzmachnobesdi.today
siberiarrmaskkapsulrttezya.ru
slacvostinrius.today

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/
# Reference: https://www.virustotal.com/gui/file/1a91b2a3a252554842de875c89f6eee105bc419d7e32d3a5c9f0f9078780ab30/detection

junsga.com
vgerkisv.com
vuterfaste.ru
vuterfaste.shop

# Reference: https://www.virustotal.com/gui/file/26475ff6c9e4f4491448d66fb97cc70ed9379587d65903ab525f0d8eed1f2930/detection

kayumina.ru

# Reference: https://www.virustotal.com/gui/file/be6d388bf9884d9c73bab12fae60cd8bcab27d1c16d85473cc029f18f21a4e05/detection

195.189.96.150:4044
pzlkxadvert475.xyz
xzlkmcserv437.xyz

# Reference: https://www.virustotal.com/gui/file/1970b8ddf7c86fbc5cba4d7a0458daefb194e1a7fe91c5b415bf07c13c61e0e2/detection

78.47.43.35:4044
pzfdmserv275.xyz

# Reference: https://pastebin.com/H0m0CHy6

5.101.191.51:2012
advertstar85.com
kstarserver17km.club

# Reference: https://app.any.run/tasks/d5809e95-3a8f-4609-880d-b5f4fc8eaa5e/

dolsggiberiaoserkmikluhasya.chimkent.su
dolsibegriaosersk4ermanderezya.chimkent.su
massidfberiatersksilkavayssstezya.ru
rdosdripakloserikabyatezya.chimkent.su
ripakteenrufinishryeuliliezya.ru
rufinisrufripakhmileronurzya.ru
rufislomnishsripakerdfnstezya.adygeya.su
rufiteemnisripakhglassdzya.ru
rurugyrfripakinishtokokusstezya.ru
rusddripakoloserufinurtdrfezya.chimkent.su

# Reference: https://www.virustotal.com/gui/file/186783b2a9a06fb88c30abd5bf632737e671130a10a3717fcc80c0a6a27e932b/detection

cncode.pw

# Reference: https://twitter.com/malware_traffic/status/1357838284181942273

teachmeforlife.com

# Reference: https://twitter.com/James_inthe_box/status/1362872983652499456
# Reference: https://twitter.com/James_inthe_box/status/1362877178929500160
# Reference: https://app.any.run/tasks/f8cf1335-3d10-43fb-8be1-07351095cee3/

main21.site
main21.space
main21.xyz
/adm2021/gate.php

# Reference: https://www.virustotal.com/gui/file/4135ad4d01cf12dd881e7c2cd18d6c5b1c4b10fc4975ac4db7c74a661af0b0c4/detection

olobus.casa
trusho.online

# Reference: https://app.any.run/tasks/9d49cf88-ea20-444c-b849-b01aa84f6b7e/

etasuklavish.today
mragyzmachnobesdi.today
kimchinikuzims.today
straponuliusyn.today
slacvostinrius.today

# Reference: https://twitter.com/gorimpthon/status/1367114234992025602
# Reference: https://app.any.run/tasks/84f5993d-12a8-4d3d-a106-df5ea3442c19/

cfsmarthome.net/1/

# Reference: https://www.virustotal.com/gui/file/f5448e60bc7429b32f402691f2e7168fd931e78e88de9948e1b4af0bd9910329/detection
# Reference: https://www.virustotal.com/gui/file/502ce2c7e598c46b3ce22e24dbbdce07042b2d6e63f8ffc08c8940f3845b8356/detection

jelliousbrain.xyz
mightydollars.xyz
moneyom.xyz
musicislife.xyz
powerinserts.xyz

# Reference: https://twitter.com/ANeilan/status/1374724684508508167
# Reference: https://twitter.com/ffforward/status/1374734692033966082

faleyouind.xyz
telegram-us.com

# Reference: https://twitter.com/nao_sec/status/1375465237902553090
# Reference: https://app.any.run/tasks/4b4870d4-4290-4b65-9287-9e2e77db9f52/

ankltrafficexit.xyz

# Reference: https://www.virustotal.com/gui/file/57290220f611832cbc11c8b6d4929f1dcb585cb5a4c1b2833dca53c04fe072ba/detection

gotanda-clinic.xyz

# Reference: https://www.virustotal.com/gui/file/6a19690c18bd40cd820d719d6b3ee7d5eca1bbd8304cb6066f9d370b6177ab6e/detection

fuck00001.com
fuck00001.info
fuck022551.ru
zoa5533.xyz

# Reference: https://twitter.com/r3dbU7z/status/1385904261435887616
# Reference: https://www.virustotal.com/gui/file/364bcd3b0a74ff15848f1e2c286922fb84ac88a85785e7821544b0539f4e1ff9/detection

al-commandoz.com
antalya-belek.com
luxurysv.com
massagespijkenisse.com
rexgorellhondaevent.com

# Reference: https://twitter.com/Racco42/status/1387328400340180993
# Reference: https://tria.ge/210428-c6yb8kb1ga
# Reference: https://www.virustotal.com/gui/file/4fd71cc36bffa3a5bd4298132dd4aa1a1fda84fb15b691145477050cff010c5d/detection

alfavanilin.ru
autopartswarehouses.ru
baksproperty.gov.ug
citycapproperty.ru
gmbshop.ru
magistralpsw.ru
memoloves.ru
mpmanagertzz.ru
powerglasspot.ru
smbproperty.ru

# Reference: https://www.virustotal.com/gui/file/982c311fe3706744ee5f13e377ff92710385d79eb7287183205f94bd2a05418d/detection

hostunes.info

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

kossnew.com

# Reference: https://www.virustotal.com/gui/file/2c9fdd0b15c5aa905d18cb1e65c5a62bc993065aa56213bbacf2bfc9c3fda4e2/detection

zysbpt.com

# Reference: https://www.virustotal.com/gui/file/abbfe8661c41b59ea96923ef83d26263ef766ebd113be39305f275e136d7aead/detection

atxspot20cx.best
dexspot2cx.club

# Reference: https://www.virustotal.com/gui/ip-address/45.11.19.100/relations

tnxvazmrserv194.xyz
tnxvfdmserv275.xyz
tnxvgbnserv639.xyz
tnxvhtdserv985.xyz
tnxvlkmcserv437.xyz
tnxvlkxadvert475.xyz
tnxvmtxserv437.xyz
tnxvpltadvert275.xyz
tnxvskdfadvert329.xyz
tnxvvncadvert549.xyz

# Reference: https://www.virustotal.com/gui/file/47ad8b99041cd1e47e27256a0e9fdd6dd239debd8f64b10d74a12577c311783c/detection

austinfam.xyz
sausklarnl.xyz

# Reference: https://www.virustotal.com/gui/file/3a6b7c80b96f8fb46d7a38fb527087a643cd4dd3ba2fd6e627484eb2aeb1bf80/detection

ezcube.ru

# Reference: https://www.virustotal.com/gui/file/80f93e9a5c8b08d8041a122ddb066da33a1975a876cd94a6af4b20679ded2ec6/detection

counterpros.online
tesorak.ru

# Reference: https://twitter.com/pollo290987/status/1404358946819878912

howdycash.com
kpotiques.com
lahuertasonora.com
mebbing.com
ppcspb.com
twcamel.com

# Generic trails

/advlogs9579/
/advlogs95/
/blogpics17/
/logstat95/
/logstatx77/
/serverlogs29/
/serverstat315/
/statweb577/
/statweb77/
/statweb955/
