# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: terdot, atsengine, rcbgrab, vbvgrabber

# Reference: https://twitter.com/ViriBack/status/1207762597887578117

4netdown.com
7travel.online
asepyqicob.ga
bestshareland.com
cooldatazone.com
englishpro.online
netgetdream.com
prozipdownload.com
rapidsha.com

# Reference: https://twitter.com/albertzsigovits/status/1207805362780491777

vipfilehost.com

# Reference: https://twitter.com/ViriBack/status/1209101494471057409

oajdasnndkdahm.com

# Reference: https://twitter.com/James_inthe_box/status/1209101821773398016

fdsjfjdsfjdsjfdjsfh.com
fdsjfjdsfjdsdsjajjs.com
idisaudhasdhasdj.com

# Reference: https://twitter.com/nao_sec/status/1217834630612647946
# Reference: https://app.any.run/tasks/c5f307eb-4389-4713-83a4-67ee331409f9/

isfjiaaodwsoi.com

# Reference: https://app.any.run/tasks/1bc5951f-38a1-4f18-89f5-498f4e8733e7/

6pi3jrqjbssfh6gu.onion.pw

# Reference: https://twitter.com/Racco42/status/1224232852998574080
# Reference: https://app.any.run/tasks/b4707b79-2101-4204-9aa7-30879480fd85/

giril.org
shatskie.org

# Reference: https://app.any.run/tasks/f27e3051-b85a-4f62-be6e-6322c24d5aab/

hourtschem.com

# Reference: https://app.any.run/tasks/b620b4ea-25f0-4fb8-a957-acf2629fe361/

xhj4hypdsb3jozwn.onion.pw

# Reference: https://twitter.com/Racco42/status/1226813759642951680

tarynak.org

# Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23, Zloader)

45.72.3.132:443
185.174.100.9:80
4netdown.com
7travel.online
acusyposaq.gq
asepyqicob.ga
bestshareland.com
l9ce1490.justinstalledpanel.com
prozipdownload.com
netgetdream.com
rapidsha.com
bdr.ubibancaa.fun
cooldatazone.com
oajdasnndkdahm.com
englishpro.online

# Reference: https://twitter.com/malware_traffic/status/1238557668475797504

marchadvertisingnetwork.com
marchadvertisingnetwork1.com
marchadvertisingnetwork2.com
marchadvertisingnetwork3.com
marchadvertisingnetwork4.com
marchadvertisingnetwork5.com
marchadvertisingnetwork6.com
marchadvertisingnetwork7.com
marchadvertisingnetwork8.com
marchadvertisingnetwork9.com
marchadvertisingnetwork10.com

# Reference: https://twitter.com/1ZRR4H/status/1240678076888965121
# Reference: https://pastebin.com/nbhJXUyM

tdvomds.pw

# Reference: https://twitter.com/Racco42/status/1242476400260476929
# Reference: https://app.any.run/tasks/8dfb9e60-3397-448e-9b2e-3170f8babc00/

dandycodes.com
hustlertest.com
sandyfotos.com

# Reference: https://twitter.com/malware_traffic/status/1243301158002855938

botig.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1243586975665455109

cdncloudtech.xyz
waitupdate.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1243594194175832065

blazeseher.xyz

# Reference: https://www.virustotal.com/gui/ip-address/47.91.88.100/relations

artiealtiery.xyz
lottiebailony.xyz
pxdgcvnsb.xyz
twinsors.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1244690703420215296
# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

basorkiq.host
bwambztl.xyz
emmnebuc.xyz
ethelenecrace.xyz
hxzfvomd.buzz
merystol.xyz
orruucsl.xyz
pnxkntdl.xyz
rosannahtacey.xyz
tozcftdl.xyz
uenoeakd.site
veqejzkb.xyz
wrjmkdod.xyz

# Reference: https://app.any.run/tasks/fcce1eaf-9c8e-4f86-8516-be4429469bab/

cosomeder.pw
loacorecoder.club
pythonfinder.top

# Reference: https://twitter.com/DynamicAnalysis/status/1244712457068777479

coniglurnerer.pw
goingfurther.club

# Reference: https://twitter.com/DynamicAnalysis/status/1244726754561986562

zoraokorol.xyz

# Reference: https://twitter.com/Racco42/status/1244885376344510464
# Reference: https://twitter.com/Racco42/status/1244885377514643458

fotonums.com
greenrumba.com
hibsurf.com
nexycombats.com
peermems.com
postgringos.com
starterdatas.com
tetraslims.com

# Reference: https://twitter.com/malware_traffic/status/1244961995272658944
# Reference: https://twitter.com/malware_traffic/status/1245476991010320386
# Reference: https://app.any.run/tasks/0ba53a31-e6bf-4343-b28e-770452577622/
# Reference: https://app.any.run/tasks/bce15dd2-0b28-46b9-a0a4-0c578b0ff9f5/

105711.com
106311.com
124331.com
209711.com
restorefutureschool.com/wp-includes/customize/class-wp-customize-partial.dll

# Reference: https://twitter.com/abuse_ch/status/1245035543748018176

amberlessard.xyz
marlodubberly.xyz
paxtontranter.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1245255570816405504

cristinneese.xyz
dierdreswensson.xyz
judyantonini.xyz
raegodbold.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1245426914728316928

horatiobrotherton.xyz

# Reference: https://twitter.com/malware_traffic/status/1245474904688005121
# Reference: https://app.any.run/tasks/b2f2a7e3-7922-417f-adf4-67d7a1304eb2/
# Reference: https://www.virustotal.com/gui/url/a13cbbd9aff6991cc01e7e053248b6d7e965591c6abdf0884eb1a1c1025bec55/detection

foodsgoodforliver.com/invest_20.dll

# Reference: https://twitter.com/Racco42/status/1245642286265847815
# Reference: https://app.any.run/tasks/ebc118a2-e633-4cfc-bf66-7b9fdd6ad300/

buhismus.com
smoash.org
spensores.com
zonaa.org

# Reference: https://twitter.com/abuse_ch/status/1245770198453452801

representis.icu
representis.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1246105347074527234

amgdorie.online

# Reference: https://twitter.com/DynamicAnalysis/status/1246112440611409921

rwtkoaqe.club

# Reference: https://twitter.com/DynamicAnalysis/status/1246112441915801608

ydmfemfe.pw

# Reference: https://twitter.com/Racco42/status/1246162154790760453
# Reference: https://app.any.run/tasks/883607e6-884e-42db-bab6-0050bbbbbd87/

geost.com
klill.com
tarsilh.com

# Reference: https://twitter.com/DynamicAnalysis/status/1246553161373892608

jzfozxqe.site

# Reference: https://twitter.com/MSteve25/status/1246563825500987394
# Reference: https://pastebin.com/hvnwKAX4

axgqqajnfusmnadvpmwy.com
bqxcagrgtkqyoafqdoac.com
dksbrxlwxvvbhrlyjpng.com
dmwavhkmwavspovdtwvm.com
duxyrolqbnodiaswmyce.com
gsqpcgodicxguusvlinr.com
hjlwxvvbeijnueiymmpt.com
htfujurumqddlfrpbivj.com
jgkiohoithggulgcsyht.com
jkluognywgcscvnhtfxm.com
jsyxhoofxmvavxmhkrqn.com
jxfbqgywrtqgyiutwone.com
jxnrhqkcscmeoinifrht.com
ksbrcqibtamreysefsan.com
kudhvynnsxnynwudrcnf.com
kumbfpnlacbtumgbmcds.com
luvyfljyvxtdckqykbxw.com
mcjctcrjxnuhiikoiapd.com
mptuydssaqenxddltean.com
peifedkveokvffenjvat.com
phqhaacetpivjmhkutws.com
pnodralyaaceteviswqx.com
qrbmcgaroafhvoiwkmmy.com
rodlqbkfekwvtnoofbnd.com
saqenxvawbwvxmtednhw.com
tbqenjyadhgyppidxiap.com
urlnxnwcunlayktlnjoj.com
vlqmhrivqkdjbvcyqcii.com
wkskhnehbbfllvuqtmlx.com
xkkxwwusvpucdjdbgwry.com
xpyseiuknkwonuaotbqg.com
yybbfamaemjheuoraimf.com

# Reference: https://twitter.com/DynamicAnalysis/status/1247191438019960833

efbzfyvsb.website

# Reference: https://twitter.com/Racco42/status/1247289428214718474
# Reference: https://app.any.run/tasks/622ebec2-bba4-4de5-9484-a13732282727/

ergensu.com
knalc.com
mioniough.com
namilh.com
ronswank.com
stagolk.com

# Reference: https://twitter.com/DynamicAnalysis/status/1247590823639822337
# Reference: https://www.virustotal.com/gui/ip-address/8.208.91.105/relations

kuaxbdkvbbmivbxkrrev.com
ooygvpxrb.pw

# Reference: https://twitter.com/DynamicAnalysis/status/1247570161860837378
# Reference: https://www.virustotal.com/gui/ip-address/8.208.78.185/relations

xyajbocpggsr.site
zgpqjzwrb.pw

# Reference: https://www.virustotal.com/gui/ip-address/8.208.11.89/relations
# Reference: https://pastebin.com/CdLyBqEm

ddfspwxrb.club
fcowhcwsb.space

# Reference: https://twitter.com/macteca/status/1242456502738325510

209711.com
adsprestige.com
adsprestigecars.com
daudivk.xyz

# Reference: https://twitter.com/James_inthe_box/status/1237858749307445251

mayinakh.xyz

# Reference: https://app.any.run/tasks/2be8ba62-31ec-4882-8ae6-95ae651707b1/

leiomity.com
infinitydeveloperspes.info
unverifiedintigoosjai.info

# Reference: https://app.any.run/tasks/2be23e89-c275-4fa3-85f0-eba9017240d8/

bumblizz.com

# Reference: http://www.pwncode.io/2020/02/spam-campaign-targeting-australian.html

penaght.org
pitinjest.org

# Reference: https://twitter.com/0xE9FBFFFFFF/status/1218146171660701697

ifjedssofllvcr.com
isfjiaaodwsoi.com
mslfiedjssfdes.com
sifeiwdjiesde.com
sldeodjiweiswi.com

# Reference: https://twitter.com/DynamicAnalysis/status/1247916027901628416

http://95.181.152.77
assemble.sg
cworld.top
hwbblyyrb.pw

# Reference: https://twitter.com/Racco42/status/1248226681116123136

mioniough.com
ergensu.com
purots.com
lipurf.com
vacontd.com
zelacarths.com

# Reference: https://twitter.com/DynamicAnalysis/status/1248655950124220416

http://45.138.72.217
giaytore.com/wp-content/themes/calliope/wp-front.php
gdchub.com//wp-content/themes/chihua/wp-front.php

# Reference: https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
# Reference: https://otx.alienvault.com/pulse/5e8e33f25e325c8269192e07

ergensu.com
mioniough.com
namilh.com
ronswank.com
knalc.com
stagolk.com

# Reference: https://twitter.com/DynamicAnalysis/status/1249725300239413249

free-lans.online/wp/wp-content/themes/calliope/wp_data.php
grundschule-manderbach.de/wp-content/themes/calliope/wp_data.php

# Reference: https://twitter.com/DynamicAnalysis/status/1249738656442724353

fflxcsbtb.pw
nncpsedsb.host

# Reference: https://twitter.com/reecdeep/status/1249999309296320514

braeswoodfarmersmarket.com/wp-smart.php
kacper-formela.pl/wp-smart.php

# Reference: https://twitter.com/executemalware/status/1250091162083393537

caude368.com/wp-content/themes/calliope/wp_data.php
caudebachthu.com/wp-content/themes/calliope/wp_data.php

# Reference: https://twitter.com/Racco42/status/1250146778915184658
# Reference: https://app.any.run/tasks/0ad9a5fe-1cf0-49aa-90ce-e52762ee0bbd/

vacontd.com
zelacarths.com
bluslias.com
adandore.com
ficutept.com
veckeard.com

# Reference: https://twitter.com/DynamicAnalysis/status/1250443051505418241
# Reference: https://pastebin.com/FMEMAUbb

tfkmcgyadnbkwcfbtgpw.com
thqtsaqvmxlvvirchvrm.com
kotgpvsfmhfeleaqjmyp.com
hltywgksxtkgjpmgtjok.com
xdxpfsnelncuggoupcmv.com
ookshkrevododxisotou.com
bviybjknmhfcfrmgcynk.com
gphwvuomaupnmslpukki.com
uoskjsoivaaihjtwuhol.com
itsqvitrywxkaafbqpfc.com
ukknaicxmqmpifohutqx.com
ptdvmmduuuuslotigvci.com
cxmqjnajikgpvjxbfyci.com
wxbcscxmfohckirnqyqi.com
hqnouijvybevxarlnsne.com
sjmyjgjbymeimwockdmx.com
gkqqrknephekkvtasmjs.com
qfuojbylxjtplacqamgo.com
jgempwmqbakubyskbcjh.com
yxhnhwfytcxeockdmnlg.com
rjevoqpcmkbdeseuqopx.com
hubyksxtypsiebxoephw.com
vawmuwepsdtkiabjdqfu.com
imhqnoumkberfdcnldrg.com
asxtasnhawsgjeggkocb.com
kbbnpkujhlvddvfciwwb.com
dndvvxlmxaecsaqvjstp.com
xutovrdrmkehhnjuxxfa.com
smdiyjvdaoikuutdfapu.com
uuusoowkxghertmohjro.com
rdufjiplkkwjwuqopxoe.com
vjuwwbdaoiavffhjqbqm.com

# Reference: https://twitter.com/DynamicAnalysis/status/1250461394115362818

http://45.138.72.228
adrianjohnreviews.com/wp//wp-content/themes/calliope/wp-front.php
ambicare.misuperweb.es/wp-content/themes/calliope/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1250474339704725505
# Reference: https://app.any.run/tasks/703d4ce4-4e99-43cb-bde0-9b37a6950bf3/

ltuywjafbt.icu
nurgsozebt.pw

# Reference: https://twitter.com/DynamicAnalysis/status/1250811123517067265

pqayjeenbbt.icu
tepbfiafbtt.pw
gxieahdgreifujrocxgg.com
lcefclurxxmkjchqfbkr.com
mifkudjueyugefbhnuao.com
chwwnmnkaljgkcvwavaw.com
iafkjgpqxvivqvlrxhbe.com
ukuecptwinsqenjawygj.com
vdukuesfsaqcogusvlvw.com
sakpisjgeyenxdedqktc.com
xqmyoogaxmvyuuhfilqm.com
hrivqkffkathnpvrjpng.com
shwpleanyjftceyamboo.com
wnjvlcedqktcxqmymkha.com
ometlymgjxnrhloygtts.com
tjpvpfpaqvatvgghmpng.com
shwplegjkccbkqniytvn.com
jpiqhjmeilalallibqgg.com
wnjvlraocxggusvlfesa.com
alalallibqggwnjvlrjh.com
ilwfwfwowiqqmksnnolc.com
bxeyenxdedqktcxqmyxh.com
beuyxqmkhadrduogueyx.com
mtacqjjhilwdurxxkugb.com
vdlwisawlnxduymklidi.com
dgdujngmwhrwyjduxyru.com
ubahlcbhugevudeypbiv.com
xmnbhaafustskowogxie.com
ifedwtewnuxklymveifk.com
uuorthyrroddoiwypmfg.com
jjqusiihmkajxjvfcuek.com
ajjelymkjcsluwqxnwcb.com
ahwpwhrwyjjsaqpkbxev.com
umnkjcsnyoafqdmgulfx.com

# Reference: https://twitter.com/DynamicAnalysis/status/1250816870787227655

experiza.com.br/wp-includes/js/gritg.php
reneixer.org/wp/wp-content/themes/calliope/wp_data.php
semplyusya.ru/wp-content/themes/calliope/wp_data.php

# Reference: https://twitter.com/executemalware/status/1250807797857628160

saidulhussen.com/wp-content/themes/calliope/wp-front.php
sarkarjewells.com/wp-content/themes/calliope/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1251163062628831239

http://95.181.172.99
rksinha.com/wp-content/themes/calliope/wp-front.php
salamdrug.com/wp-content/themes/calliope/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1251164977832001536

q8dl3.com/wp-content/themes/calliope/wp_data.php
sarkarjewells.com/wp-content/themes/calliope/wp_data.php
groundhogday2020.com/wp-includes/blocks/gumjf.php

# Reference: https://twitter.com/DynamicAnalysis/status/1251164979186761728
# Reference: https://pastebin.com/k9jpj5xc

ajvwdjtebb.pw
lgepubbf.icu
jlcusnqhdwceneaqogsp.com
ifasotqhtqkwlchqymcg.com
srigxnfqgpvxsdgwhwvn.com
pjiklbggolkygstlhjpm.com
wdvybuaunwbahdpennvh.com
mldfverghyfjljaxabgw.com
ykncwpdttjlxstjftoid.com
peprcmfsyehxwqenebrq.com
twunwdtidytinvqbspux.com
xswyhtyewpqekodkiiqe.com
vcckggkylqsgqkwlbgcw.com
ydxogbkwprdimlmdhoiv.com
litqmbfvioyadihmpvly.com
djsvdmyisdrdrnolitdb.com
akgslsamgxyokstpiqbe.com
xkxjtbtqxhrafwlwkjhy.com
ltngvmmswlkpqbnxjoby.com
lotfxlikltbhxphwibnj.com
uxlbsdttbwegldfgpjdk.com
fbqxbftoidpeprcdrtgi.com
wcbkqtirfwxgqkavpmxo.com
raovqqdyubovhxkapxtu.com
spgkfvqoefsrksmidcdy.com
viomovnywflgntqxtglc.com
qqrsvmxtxcmfssohycfg.com
pjdkssohycsqmlrtwixl.com
bdppqpcajdrgtjygsmgl.com
ptjilhhknoxrsvmxrvvs.com
hdwkxqrsxmaesjtkioyq.com
wobjftotqayqtumvnyyh.com
rqgfngjnntoxebovqqfb.com
qxuidcllpugkllgcnnvo.com

# Reference: https://twitter.com/DynamicAnalysis/status/1251218013367554049
# Reference: https://app.any.run/tasks/613cde47-a250-46af-8c15-d1b8e096b625/
# Reference: https://app.any.run/tasks/57fc3cf4-7b7f-41e1-a27c-06eaad188c20/
# Reference: https://app.any.run/tasks/f8fd3b18-1aff-4398-9d75-777989358638/

http://108.62.12.98

# Reference: https://twitter.com/DynamicAnalysis/status/1252259631042301957

lakeviewbinhduong.com.vn/wp-content/themes/calliope/wp-front.php
nevefe.com/wp-content/themes/calliope/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1252259632762011649

dcaiqjgnbt.icu
nmttxggtb.press
rymxiptdskhnpvbyromq.com

# Reference: https://app.any.run/tasks/d2ca7fbf-a02b-40ed-907f-9e4d3dd06565/

cmmxhurildiigqghlryq.com
fvqlkgedqjiqgapudkgq.com
fyratyubvflktyyjiqgq.com
iawfqecrwohcxnhwtofa.com
nlbmfsyplohyaicmxhum.com
nmqsmbiabjdnuushksas.com
ojnxjgfjlftfkkuxxiqd.com
pwkqhdgytsshkoibaake.com
snnmnkxdhflwgthqismb.com
wmwifbajxxbcxmucxmlc.com

# Reference: https://twitter.com/DynamicAnalysis/status/1252259631042301957

http://176.96.238.22

# Reference: https://pastebin.com/iRHL4GWi

evdjomtwobiavfmljisx.com
rcksrimcpjftiapuboev.com
ortbeulgcdsoaixsccqa.com
gkpxrwfnwsnnntiosuke.com
utkjtbnnntioseutkjtd.com
vkqkgabhhusseolewjhp.com
rymxiptdskhnpvbyromq.com
bndgxvofnwouhtwcbnea.com
nbeylnmbypoiiwxmhlrt.com
aprksbosaqqnugkkxwwu.com
cdjionvneqetyxstwkoj.com
lcvxabahjpwkjitxtmcd.com
jdbsjdkmhkppigbmttfp.com
arwkisndarssjdkmhkpp.com
igbmtkobjpkdwrlkfwqw.com
uningssimhvotltbdsws.com
rqcnhmdnfrpeebiohvhn.com
xnwcundtxtbtsixssddv.com
sjarfhvphsxylbdsiplu.com
vpjauysexuqtktdpjqws.com
mliesawlsrqytfhnhmtw.com
omobgtrshndsvqnyntjq.com
jwgpqwueyuuhfinscsmo.com
aimfpniwpwqkmfdlolbd.com
eyqecunqtobjldxblfee.com
biivkbkluauuhutuxefv.com
dwhwdnumdhdvehbrxlln.com
fuctcoxsokefetkmimcm.com
vicudrlwqpxbkdbmcdsb.com
oewjhvbiivvjpvfvuvka.com
iyhkxnxvdgxhloxrigfg.com
lmiledpbsudhfpnuaoch.com

# Reference: https://twitter.com/Racco42/status/1252365091204247556
# Reference: https://app.any.run/tasks/e1a9d05d-f499-4839-b457-4e9cede501c8/

baatiot.com
lonehee.com
maremeo.com
soceneo.com
spardanos.com
surgued.com
tremood.com
welefus.com

# Reference: https://twitter.com/reecdeep/status/1252604177852833794

teachertoh.com/wp-content/themes/calliope/wp-front.php
topspeedfitness.com.my/blog/wp-content/themes/calliope/wp-front.php

# Reference: https://twitter.com/James_inthe_box/status/1252604516991504384

hcmbqvcntd.pw

# Reference: https://twitter.com/p5yb34m/status/1252648679543934976

iawfqecrwohcxnhwtofa.com
pwkqhdgytsshkoibaake.com
snnmnkxdhflwgthqismb.com
wmwifbajxxbcxmucxmlc.com
yompmepuagwsmxeecqtk.com

# Reference: https://twitter.com/executemalware/status/1252616122488283136

teachertoh.com/wp-content/themes/calliope/wp-front.php
topspeedfitness.com.my/blog/wp-content/themes/calliope/wp-front.php

# Reference: https://twitter.com/executemalware/status/1252728411912572928
# Reference: https://pastebin.com/jia92L9d

http://195.2.93.15
maesimplesmente.com/wp-admin/includes/wp-smart.php
glsunzdf.casa
xaprgnve.icu
ualdfdjoevspjtpilbtb.com

# Reference: https://bazaar.abuse.ch/sample/d63088780e90eda6a7ce286d6b190614f0ea6f1f55c6e6e9d6a30260eb84d03c

gveejlsffxmfjlswjmfm.com

# Reference: https://twitter.com/Racco42/status/1253643478392856576
# Reference: https://app.any.run/tasks/18cc20c7-d61d-4531-9948-91572d81f631/

coult.org
rhald.org
rutom.org
tilyn.org

# Reference: https://twitter.com/DynamicAnalysis/status/1250043720512274434

xltoogmecoulgkloygal.com

# Reference: https://twitter.com/Racco42/status/1255409164651761667

chorbly.org
kodray.org
retualeigh.com

# Reference: https://twitter.com/DynamicAnalysis/status/1257369145177526272

shetkarimarket.com/wp-snapshots/tmp/wp-smart.php
theislandmen.com/wp-smart.php
visadvise.com/cgi-bin/s2dhfwe.php

# Reference: https://twitter.com/DynamicAnalysis/status/1257376602394066944

rswtgmhf.pw
fwgdhdln.icu
pwnuuhiikmjmkrjeyuxr.com

# Reference: https://twitter.com/malware_traffic/status/1257438530357415937

april30domain.com
april30x3domain.com
aftohysmkffhjpjrljee.com
bblfjlftfhghincgyqke.com
bblftofqpxnkomjjvyyf.com
bstpepygxuywdfdukacj.com
cfrmmlirggjkpinueaon.com
cjfpbllwcexqpxnkbcxm.com
covjpgxudajxbotxvcwe.com
cpuinvhqkucymkjsklhx.com
dajxbfyxgvsjmibctyys.com
dukwerbshhkpiarcvkrn.com
frdbmneytexqystpesej.com
fyhwkddxonibjdbvymbo.com
glpntvrkwerbshjmibwe.com
ijdbmnngwrmbiawfnmjw.com
irjrljealjumbfvsnahy.com
ismbklxfpxkweryqnvhq.com
jtwslqaoorsxqvbhxwhp.com
ljuvmhxwdokmwebxkcdy.com
lscxmhaylhskygxwbdnu.com
lwcckeovaldrbshhkpia.com
mjabstgnbkpntvtmygtn.com
pnkomsusnahyarsbkpli.com
pvlrmtqqbnnmacfxsddo.com
rqyoliismbiawdlgpamp.com
rtnqqwmfmajmroxiqgdh.com
tecgekmkdpwerbppskpl.com
thjmibwebdnuirjhocns.com
tperkjvyyfukdgcuhlok.com
vfcyisijtwgmxhreetmr.com
wfqakwaaixyhwtofubfm.com
xhrqdpavwwybewoicjea.com
xjtmdhcharsffefunepy.com

# Reference: https://twitter.com/reecdeep/status/1257711966401028096

ekhobrand.com

# Reference: https://twitter.com/malware_traffic/status/1257701476455059457

xn--80agatbmcgncccbd9andd6w.xn--p1ai

# Reference: https://twitter.com/DynamicAnalysis/status/1257723521385578498

exukinjyukrglrwqedto.com

# Reference: https://johannesbader.ch/blog/the-dga-of-zloader/

jgqhigsjkulmsvvhshmk.com
wapjdxlstholqwakofgi.com
aiavxvlshmkweccksfky.com
liswrfujohqsnbnohetn.com
hciqylualwcnyvajdkqq.com
pdtlshacpbacpnhcndpd.com
kdacggcctwcavdgvpbmk.com
wapwtpwciertrhkdaxrp.com
shyjgiyhyegxeqqpdtya.com
gccggcctwcerlshacpba.com
cpnhcndpdkylibtlbeco.com
bxhwpdkqdakbplfvfqwn.com
bioonshmwrbecckfcavh.com

# Reference: https://twitter.com/reecdeep/status/1258123252054077442

nevefe.com/wp-content/themes/calliope/wp_data.php
salamdrug.com/wp-content/themes/calliope/wp_data.php

# Reference: https://twitter.com/DynamicAnalysis/status/1258431523864403968

wp.regalporn.com/wp-keys.php
qmwechat.cn/wp-keys.php
mothersdryfruits.com/wp-content/uploads/2020/04/fg3rg.php

# Reference: https://twitter.com/Mesiagh/status/1258534969225277441

gsetgyknjfmfspbhhuxd.com

# Reference: https://twitter.com/bit_dam/status/1259511916076154880

lifeprimary.site/wp-keys.php
luckystatus.com/wp-keys.php

# Reference: https://www.virustotal.com/gui/ip-address/8.208.89.250/relations

hwbblyyrb.pw
kuaxbdkvbbmivbxkrrev.com

# Reference: https://twitter.com/reecdeep/status/1259841893917212674

jewellerydesigns.co.za/wp-parser.php
irfanhaber.net/wp-parser.php
luckystatus.com/wp-parser.php
lifeprimary.site/wp-parser.php

# Reference: https://twitter.com/DynamicAnalysis/status/1259884167598411776

45.147.229.254:92
munesdon.top

# Reference: https://twitter.com/DynamicAnalysis/status/1259910913617989632

mutarakis.top

# Reference: https://twitter.com/ffforward/status/1260213067507515395
# Reference: https://www.virustotal.com/gui/domain/japanjisho.info/relations

japanjisho.info/wp-keys.php

# Reference: https://app.any.run/tasks/63a9c45b-bbf2-45f4-b4a3-51e665876a9f/

gavrelets.ru/wp-keys.php

# Reference: https://twitter.com/reecdeep/status/1260246860956123136

mycoursera.in/wp-content/uploads/2020/05/wp-front.php
stoplazyconf.com/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1260257851395780608

home.comegico.com.mx/wp-parser.php
hormonas.comegico.com.mx/wp-parser.php
hopime.com/wp-parser.php

# Reference: https://twitter.com/DynamicAnalysis/status/1260249869291327495

http://95.181.152.73
hopime.com/wp-content/plugins/apikey/2.dll

# Reference: https://twitter.com/DynamicAnalysis/status/1248277149053747200

braeswoodfarmersmarket.com/wp-smart.php
kacper-formela.pl/wp-smart.php
bullze.com
dcgljuzrb.pw
eoieowo.casa

# Reference: https://twitter.com/ps66uk/status/1260553896897982464

dehabadi.ir/wp-keys.php

# Reference: https://twitter.com/reecdeep/status/1260559351829454848

eleventalents.com/wp-front.php

# Reference: https://twitter.com/reecdeep/status/1260577332206678021

confirmgood.com/wp-parser.php
dehabadi.ir/wp-parser.php
dotworldtour.com/wp-parser.php
eleventalents.com/wp-parser.php

# Reference: https://pastebin.com/KeC2SswU

dehabadi.ir/wp-content/uploads/2020/05/f13r3.php

# Reference: https://twitter.com/DynamicAnalysis/status/1260960649586315264

http://45.138.72.39
almakaaseb.com/wp-content/uploads/2020/05/wp-front.php
neebank.com/wp-content/uploads/2020/05/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1260960651452743680

kickapoochiefsfootball.com/wp-parser.php
appsbispo.tk/wp-parser.php
staging4.allemny.net/wp-parser.php
bondarenkopjatk.ru/wp-parser.php
euromix.com.ua/wp-parser.php
dinghaomcc.com/wp-parser.php

# Reference: https://twitter.com/reecdeep/status/1261220660958892032

esvconnects.com/wp-content/plugins/apikey/wp-front.php
kickapoochiefsfootball.com
appsbispo.tk
euromix.com.ua
dinghaomcc.com
bondarenkopjatk.ru
staging4.allemny.net

# Reference: https://twitter.com/DynamicAnalysis/status/1261317333689171971

http://176.96.238.42
http://45.138.72.39
esvconnects.com/wp-content/plugins/apikey/wp-front.php
linguy.cn/wp-content/plugins/apikey/wp-front.php
luxiyouyue.club/wp-parser.php
aapasifik.com/wp-parser.php
zylstudio.com/wp-parser.php
caodangyduochanoi1.edu.vn/wp-parser.php
butterfly-crm.solusaas.com/wp-parser.php
karkas24.site/wp-parser.php

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1262132584185761792

almakaaseb.com/wp-content/uploads/2020/05/wp-front.php
neebank.com/wp-content/uploads/2020/05/wp-front.php

# Reference: https://twitter.com/reecdeep/status/1263063406585708544

alpha.iwp-hydro.ru/wp-keys.php
dinghaomcc.com/wp-keys.php

# Reference: https://twitter.com/James_inthe_box/status/1263129864401387522

unsanrohandper.tk

# Reference: https://twitter.com/reecdeep/status/1263145785119707136

arunruntuchattcar.tk
krisithcomdebe.tk

# Reference: https://pastebin.com/qn8Y7d2Q

letssihamra.gq
puffmenscourtcomenthy.tk
thurlopetnyi.cf
blog.menusmile.com

# Reference: https://twitter.com/JayTHL/status/1263484825362747394

xm-yihao.com/wp-content/uploads/2020/05/wp-front.php
vsenling.net/wp-content/uploads/2020/05/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1263670717238968320

tishina.pw
lvsenling.net/wp-content/uploads/2020/05/wp-front.php
xm-yihao.com/wp-content/uploads/2020/05/wp-front.php

# Reference: https://twitter.com/DynamicAnalysis/status/1263673958962016258

promptintegratedexpress.com/wp-keys.php
heckenritter.com/wp-keys.php
andikachandra.com/wp-keys.php
gatemovie.online/wp-keys.php

# Reference: https://twitter.com/reecdeep/status/1263831817343336450

activediscounts.club/wp-data.php
hackcheatsonline.club/wp-data.php

# Reference: https://twitter.com/DynamicAnalysis/status/1263873474562600966

9dani.com/wp-keys.php
scsanwei.cn/wp-keys.php
fanscaar.com/wp-parser.php
hecci.vn/wp-parser.php
retemrenecali.ml
busulhurdtib.ga
amunoreratid.tk

# Reference: https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns
# Reference: https://otx.alienvault.com/pulse/5ec8375aca8f622daf866b49

http://162.241.115.242
http://162.241.70.164
http://185.180.198.32
http://185.185.24.49
http://185.236.202.146
http://185.236.202.226
http://185.236.202.235
http://188.127.226.197
http://195.154.119.165
http://2.57.38.157
http://213.155.31.199
http://217.138.205.135
http://217.138.205.136
http://217.138.205.159
http://45.72.3.132
http://51.83.171.27
http://62.109.2.250
105711.com
106311.com
124331.com
209711.com
238ehs823s8h23.com
23d8s23hs89j239sj23.com
3reh8rd23js9.com
40j9f2j9sj32ssoj.com
4f394j89d3j4d89j34d.com
adandore.com/sound.php
adird.org/sound.php
adran.org/sound.php
adslsticker.world/click.php
adslstickerf.world/click.php
adslstickerf1.world/click.php
adslstickerfone.world/click.php
advokat-hodonin.info
airnaa.org/sound.php
ajvwdjtebb.pw/wp-config.php
akrisko.info
apprdlbtb.pw/wp-config.php
april30domain.com/post.php
april30x3domain.com/post.php
aquolepp.pw
aracp.org/sound.php
artiealtiery.xyz
asdmark.org
avnjila.website/stuck.php
axelerode.club/stuck.php
axelerode.host/stuck.php
baatiot.com/sound.php
baj3tu.xyz/image.php
baj3tu.xyz/thread.php
banog.org/sound.php
banssa.org/sound.php
barbeyo.xyz
basorkiq.host
bdr.ubibanca.pro/stat.php
bdr.ubibanca.xyz/stat.php
bdr.ubibancaa.fun/stat.php
bdr.ubibancaa.host/stat.php
bdr.ubibancaa.space/stat.php
bdr.ubibancaa.website/stat.php
bhajkqmd.xyz
blazeseher.xyz
bluecheese.top/erors.php
bluslias.com/sound.php
botiq.xyz
brewaz.club
brihutyk.xyz
brosmasters.com/sound.php
buhismus.com/sound.php
buhjike.host
bunap.org/sound.php
bwambztl.xyz
calife.best/erors.php
calul.org/sound.php
cersubego.com/sound.php
ch.theblissbinder.com/wp-smart.php
chorbly.org/sound.php
ciconuati.com/sound.php
cmmxhurildiigqghlryq.com/post.php
coult.org/sound.php
cristinneese.xyz
czadvokat.info
d823hrd9239sdj2.com
d9j49dj923993.com
danceeruohitslatm.de/music.php
dandycodes.com/sound.php
dasifosafjasfhasf.com
dasifosafjasfhasf.com/web
dcaiqjgnbt.icu/wp-config.php
dcgljuzrb.pw/wp-config.php
deephousesets1.de/music.php
dentatox.org/sound.php
detid.org/sound.php
dhteijwrb.host
dierdreswensson.xyz
dij49jf39fjd340d.com
disrelure.com/sound.php
djsadhsadsadjashs.pro
dksadjsahnfaskmsa.com
dolax.org/sound.php
dsdjfhd9ddksaas.pro
dsdjfhdsufudhjas.com
dsdjfhdsufudhjas.info
dsdjfhdsufudhjas.pro
dsjadjsadjsadjafsa.info
dsjdjsjdsadhasdas.com
dskdsajdsadasda.info
dskdsajdsahda.info
dskjdsadhsahjsas.info
dxdeedle.host
eirry.org/sound.php
emearibys.com/sound.php
eoieowo.casa/wp-config.php
erbscactus.at/noagate.php
ergensu.com/sound.php
etized.org/sound.php
eurodancehitslatm.de/music.php
evahs.org/sound.php
far.spargroarr.org/tv/x.php
fdsjfjdsfjdsdsjajjs.com
fdsjfjdsfjdsdsjajjs.info
fdsjfjdsfjdsjfdjsfh.com
ffclubs.net
fflxcsbtb.pw/wp-config.php
fibulu.org/sound.php
ficutept.com/sound.php
finib.org/sound.php
finuclier.com/sound.php
flopperos.org/sound.php
footmess.com/sound.php
fotonums.com/sound.php
fsakjdsafasifkajfaf.pro
fslakdasjdnsasjsj.com
fvqlkgedqjiqgapudkgq.com/post.php
fwgdhdln.icu/wp-config.php
fyratyubvflktyyjiqgq.com/post.php
gavrelets.ru/wp-parser.php
gdexordsb.icu/wp-config.php
geost.com/sound.php
gertibaeronjdkwp.site/library/topikpost.php
gilantec.org/sound.php
ginibenio.com/sound.php
giril.org/sound.php
givlonest.com/tv.php
givlonest.org/tv.php
glsunzdf.casa/wp-config.php
gorab.org/sound.php
greenrumba.com/sound.php
grimberks.com/post.php
grually.com/sound.php
gynrhcoe.pw/wp-config.php
hahwuUmkwioq.site/library/topikpost.php
happyiphoneusr.top/erors.php
heartsmobileautorepair.com/123.php
heartsmobileautorepair.com/redir.php
hesaista.org/sound.php
hibsurf.com/sound.php
hinurs.org/sound.php
home.comegico.com.mx/wp-parser.php
hopime.com/wp-parser.php
horatiobrotherton.xyz
horcinx.org/sound.php
hormonas.comegico.com.mx/wp-parser.php
hustlertest.com/sound.php
hwbblyyrb.pw/wp-config.php
iawfqecrwohcxnhwtofa.com/post.php
idisaudhasdhasdj.com
idisaudhasdhasdj.info
idjwidj8f4f5ge.com
idsakjfsanfaskj.com
ifjedssofllvcr.com
iloveyoubaby1.pro
imosey.com/sound.php
insceos.com/post.php
interurbanpu.at/noagate.php
invesund.org/sound.php
iphonexr.top/erors.php
iphonexsmax.top/erors.php
irfanhaber.net/wp-parser.php
isfjiaaodwsoi.com
islacangrejo.fun/library/topikpost.php
itachaphi.com/sound.php
j2888hennene.site/library/topikpost.php
japanjisho.info/wp-parser.php
jdafiasfjsafahhfs.com
jewellerydesigns.co.za/wp-parser.php
js823hs23js.com
jtppbycsb.space/wp-config.php
jzfozxqe.site
kasfajfsafhasfhaf.com
kdsidsiadsakfsas.com
klill.com/sound.php
knalc.com/sound.php
kodray.org/sound.php
kuaxbdkvbbmivbxkrrev.com/wp-config.php
ldhly.com/wp-parser.php
leaben.pw
lesson.musicentrance.com/wp-parser.php
lgepubbf.icu/wp-config.php
liangzizhineng.cn/wp-parser.php
lifeprimary.site/wp-parser.php
lildor.com/sound.php
lipurf.com/sound.php
lonehee.com/sound.php
loots.org/sound.php
lotio.org/sound.php
ltuywjafbt.icu/wp-config.php
luckystatus.com/wp-parser.php
march262020.best
march262020.club
march262020.com
march262020.live
march262020.network
march262020.online
march262020.site
march262020.store
march262020.tech
maremeo.com/sound.php
marlodubberly.xyz
maxbiler.dk/wp-parser.php
mayinakh.xyz/plugins.php
milsop.org/sound.php
mioniough.com/sound.php
monbrase.com/post.php
mslfiedjssfdes.com
msrtuhctb.pw/wp-config.php
naght.org/sound.php
namilh.com/sound.php
nexycombats.com/sound.php
nlbmfsyplohyaicmxhum.com/post.php
nmqsmbiabjdnuushksas.com/post.php
nmttxggtb.press/wp-config.php
nncpsedsb.host/wp-config.php
norpy.org/sound.php
nurgsozebt.pw/wp-config.php
oajdasnndkdahm.com
obeaf.com/sound.php
oidjweidj34rd3.com
ojnxjgfjlftfkkuxxiqd.com/post.php
onfovdaqqrwbvdfoqnof.com/post.php
onregcan.com/post.php
ooygvpxrb.pw
ooygvpxrb.pw/wp-config.php
pacallse.com/sound.php
pearlsolutionis.com/post.php
peermems.com/sound.php
penaght.org/sound.php
penaz.info
perditta.org/sound.php
pheia.com/sound.php
pitinjest.org/sound.php
plemopomps.com/post.php
polild.org/sound.php
postgringos.com/sound.php
postxer.com/sound.php
pqayjeenbbt.icu/wp-config.php
pressrealbox.com/post.php
purots.com/sound.php
pwkqhdgytsshkoibaake.com/post.php
qwd8s3j8s23h8s.com
rarigussa.com/sound.php
rayonch.org/sound.php
rehoterv.org/sound.php
representis.icu
representis.xyz
retualeigh.com/sound.php
rhald.org/sound.php
rizoqur.pw
ronswank.com/sound.php
roo.purcererya.org/tv/x.php
rswtgmhf.pw/wp-config.php
rubense.xyz
rutom.org/sound.php
s28hs823hs823js.com
sandyfotos.com/sound.php
sentspiels.com/sound.php
shatskie.org/sound.php
shotroot.xyz/data.php
sifeiwdjiesde.com
sigmark.org/sound.php
siloban.pw
sldeodjiweiswi.com
smeack.org/sound.php
smenard.com/sound.php
smoash.org/sound.php
snnmnkxdhflwgthqismb.com/post.php
soceneo.com/sound.php
soficatan.site
spardanos.com/sound.php
spensores.com/sound.php
stagolk.com/sound.php
starterdatas.com/sound.php
surgued.com/sound.php
tarsilh.com/sound.php
tarynak.org/sound.php
teamper.org/sound.php
tepbfiafbtt.pw/wp-config.php
teslatis.org/sound.php
tetraslims.com/sound.php
thoughtlibrary.top/library/topikpost.php
tilyn.org/sound.php
tirdo.org/sound.php
todiks.xyz
trancepartysets.de/music.php
trebitmore.org/sound.php
tremood.com/sound.php
twinsors.xyz
unwer.org/sound.php
vacontd.com/sound.php
vanagitah.com/sound.php
veckeard.com/sound.php
verobani.website
vfgthujbxd.xyz
vitog502.digital
vitog502.life
vitog502.live
vitog502.world
watae.org/sound.php
wd23h8qsh8qhs823qs.com
weako.org/sound.php
welefus.com/sound.php
wgyvjbse.pw
wlqaqife.icu/wp-config.php
wmwifbajxxbcxmucxmlc.com/post.php
wuaiwan.cn/wp-content/uploads/2020/04/123.php
xaprgnve.icu/wp-config.php
xyajbocpggsr.site
ydmfemfe.pw
zelacarths.com/sound.php
zernel.org/sound.php
zgpqjzwrb.pw
zonaa.org/sound.php
zoraokorol.xyz

# Reference: https://twitter.com/reecdeep/status/1264903148440780801
# Reference: https://app.any.run/tasks/a50c94bb-5bec-4553-8b37-3127743662b6/

baseballsokuhou.xyz
lenssunvasuncana.tk

# Reference: https://twitter.com/DynamicAnalysis/status/1264973244789952520

auto2000.club
baseballsokuhou.xyz
lenssunvasuncana.tk
margapowhipmipe.tk

# Reference: https://twitter.com/DynamicAnalysis/status/1264973246232793094

tentrhetarav.gq
slidirinisprec.ml
iedison.vip/wp-parser.php
financiallifecoaching.com/wp-parser.php
fly2go.cn/wp-parser.php
kothtdfaputusqvoolks.com

# Reference: https://twitter.com/reecdeep/status/1265652845245870085

uinames.org/wp-keys.php
ferme-imaan.com/wp-keys.php

# Reference: https://twitter.com/reecdeep/status/1265677551948742657

sigmark.org
perditta.org
dentatox.org
flopperos.org
teslatis.org

# Reference: https://twitter.com/DynamicAnalysis/status/1265715477625667584

clicmiscentfrussoting.tk

# Reference: https://twitter.com/JAMESWT_MHT/status/1265641041350328320

unesrafho.cf
cripuntisispoi.tk
sannyjewelry.ir/wp-parser.php

# Reference: https://twitter.com/luc4m/status/1267039320218755072

militanttra.at

# Reference: https://twitter.com/abuse_ch/status/1267362618936786944

urleddrug.at

# Reference: https://twitter.com/James_inthe_box/status/1268221227908227073

gegnacheckwebtiyclin.tk

# Reference: https://twitter.com/reecdeep/status/1268439324665749505

palchik.club
psychotherapyresources.org

# Reference: https://twitter.com/reecdeep/status/1268528381290786818

dambalik.org
erooneah.org
erreessi.org
pecketil.org
reeution.org
semettyx.org
twelicie.org
weisnise.org

# Reference: https://twitter.com/bit_dam/status/1268512036943790081

ogglededibl.at


# Reference: https://twitter.com/reecdeep/status/1268792547003990016

naorietenderpver.gq
placanemcourri.ga

# Reference: https://twitter.com/reecdeep/status/1268776929001443328

destgrena.at

# Reference: https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
# Reference: https://otx.alienvault.com/pulse/5ed944daa31be44ecfc35eb4

tlanddissipate.at

# Reference: https://twitter.com/reecdeep/status/1268899143814205441

regerfederer.club
sharkweek2019.best

# Reference: https://twitter.com/DynamicAnalysis/status/1268945496388841473

lauwang.vn
visionmedia.vn

# Reference: https://pastebin.com/pPAp2chF

chromenerlitigub.tk
riesperetidtur.tk
cmso.med.cmu.ac.th
gahotimaskever.ga
tlenexicagopca.tk
cld.kazgau.com/wp-parser.php
janekleeb.com/wp-parser.php

# Reference: https://app.any.run/tasks/5efe9c94-1037-4f6d-bb0d-04a890e467d7/

onallyblo.at

# Reference: https://twitter.com/reecdeep/status/1270287441669259266

sdeputizi.at

# Reference: https://twitter.com/reecdeep/status/1270336551575334913

uringvermi.at

# Reference: https://twitter.com/abuse_ch/status/1270600330506637312

erpoweredent.at

# Reference: https://twitter.com/CERT_Polska_en/status/1270623116931317760
# Reference: https://pastebin.com/raw/Ap38Fr7e
# Reference: https://pastebin.com/raw/YyYs8Her

aonagenarian.eu
destgrena.at
eetownvulgar.xyz
entspartner.at
eronisuseab.xyz
lungeflight.xyz
ogglededibl.at
retinaegras.at
tlanddissipate.at
urleddrug.at

# Reference: https://twitter.com/58_158_177_102/status/1270629663124013061

linesburline.at

# Reference: https://twitter.com/killamjr/status/1270745629774528512

speechdogfadewaji.tk

# Reference: https://twitter.com/reecdeep/status/1270756509664915456

studentsclasses.com

# Reference: https://twitter.com/DynamicAnalysis/status/1270779264988622849

caisalebebespli.ml
speechdogfadewaji.tk
mounlametling.ga
lucreteanu.de
luvletter.club

# Reference: https://twitter.com/DynamicAnalysis/status/1270779266448252928

vastmenkrirohama.gq
toolvienrewic.cf
shreejeeherbs.com/wp-parser.php
han-teknik.com/wp-parser.php

# Reference: https://twitter.com/MaelSecurity/status/1271335205463379968

oidblueprin.at

# Reference: https://twitter.com/reecdeep/status/1272530598725369862

datearoc.org
matarlod.org

# Reference: https://twitter.com/abuse_ch/status/1273651845383274496

neomithirdseman.tk
reafdersfaca.ga

# Reference: https://twitter.com/reecdeep/status/1273665225070444548

wireborg.com/wp-keys.php
zmedia.shwetech.com/wp-keys.php
datalibacbi.ml
procacardenla.ga

# Reference: https://pastebin.com/TutiU3FW

datalibacbi.ml
gueberzehngemoonde.tk
fernmasucsavidi.cf
wireborg.com/wp-parsing.php
secretele-naturii.xyz
legendcoder.com/wp-parsing.php
tiilearaphefanpa.gq
sutoverlaopers.tk

# Reference: https://twitter.com/p5yb34m/status/1274084982634377216

legendcoder.com/wp-keys.php
pullingmezcnarcmer.tk
reinin.tw/wp-keys.php
ruibrunconcallconsta.tk

# Reference: https://twitter.com/malware_traffic/status/1274088854191050752
# Reference: https://twitter.com/malware_traffic/status/1298757535793635333
# Reference: https://www.virustotal.com/gui/file/57459dde0156fdd2aeca12b223b5767172bc6b97562e765feb89e0f959e3ab5e/behavior/C2AE
# Reference: https://www.virustotal.com/gui/file/30b2e0eb4357c10315f3ba26e09cd0b478c2c801ef4f645b3c2498aa1a794fa3/behavior/C2AE

http://205.185.125.104

# Reference: https://twitter.com/MaelSecurity/status/1274092413716496385

nlbmfsyplohyaicmxhum.com
snnmnkxdhflwgthqismb.com
softwareserviceupdater1.com
softwareserviceupdater2.com

# Reference: https://twitter.com/abuse_ch/status/1274228809315897345

tiilearaphefanpa.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1274250360094289920

pullingmezcnarcmer.tk
ruibrunconcallconsta.tk

# Reference: https://pastebin.com/4P65E0tz

thebypath.com/wp-parsing.php
dramalove.su/wp-parsing.php
hongsamlinhchi.vn/wp-parsing.php
monquasuckhoe.com/wp-parsing.php
nhansamlinhchi.com.vn/wp-parsing.php

# Reference: https://twitter.com/reecdeep/status/1275085198946963457
# Reference: https://app.any.run/tasks/aa0c8899-a534-4882-930e-282b9e889320/

thepsaokhue.com
metagro.com.br/wp-keys.php
loughturnperceidrin.ml
joliroomlides.tk

# Reference: https://twitter.com/DynamicAnalysis/status/1275110199754461184

unencansatecal.ml

# Reference: https://twitter.com/James_inthe_box/status/1275112840488075264

194.36.191.113:443

# Reference: https://twitter.com/reecdeep/status/1275434331368910849
# Reference: https://app.any.run/tasks/33b0d6d2-7f70-4044-89e0-ce984c64624d/

blacalypichab.ga
esoseraz.cf
skwifi.net
stalaleninmac.tk
yqm5.cn

# Reference: https://twitter.com/reecdeep/status/1275449351372824578

magic-place.fr/wp-crunch.php
velocitii.com/wp-crunch.php
hongsamlinhchi.vn/wp-crunch.php
thepsaokhue.com/wp-parsing.php

# Reference: https://twitter.com/malware_traffic/status/1275602265575997445

snnmnkxdhflwgthqismb.com

# Reference: https://twitter.com/DynamicAnalysis/status/1275812564203638785

abdulwajed.xyz
anhthienquang.com/wp-parser.php
artnego.com.tr/wp-parser.php
babysayworld.com/wp-parser.php
bhutansyncits.com/wp-parser.php
infinitearc.com/wp-parser.php
thebypath.com/wp-parser.php
npxrqvwocrpecygjnclw.com

# Reference: https://twitter.com/abuse_ch/status/1276047071653646341

axisbasis.xyz
newhopedream.com

# Reference: https://twitter.com/H_Miser/status/1273191024798679040

abdulwajed.xyz
anbecatanketppi.tk
anhthienquang.com
autoclub2000.club
babysayworld.com
baseballsokuhou.xyz
bhutansyncits.com
lenssunvasuncana.tk

# Reference: https://twitter.com/reecdeep/status/1276506416833060864

britemanid.cf

# Reference: https://twitter.com/reecdeep/status/1277593590777163776

celvadesynola.gq

# Reference: https://twitter.com/reecdeep/status/1277618971878010880
# Reference: https://app.any.run/tasks/91c2c1e5-1c91-493a-b356-0086352a0339/
# Reference: https://app.any.run/tasks/7ba31e84-0619-430e-9d78-6581d8a0b1e1/

ceoblaws.com
pettsmickey.com
vooydvclhlqukhdvrsxe.com

# Reference: https://twitter.com/abuse_ch/status/1277627432774897665

nlbmfsyplohyaicmxhum.com
snnmnkxdhflwgthqismb.com
softwareserviceupdater1.com
softwareserviceupdater2.com

# Reference: https://twitter.com/DynamicAnalysis/status/1277668534223601664

helpdallas.org/wp-crunch.php
designerremodeling.com/wp-crunch.php
healsoul.thememove.com/wp-crunch.php
septatechnology.com/wp-crunch.php
krazycupmunchiesbar.com/wp-parsing.php
memobhurinquipres.tk/wp-parsing.php
megaklima.com/wp-parsing.php
thefinejeweller.com/wp-parsing.php
thisismushu.com/wp-parsing.php
goarisentopdbemas.tk/wp-parsing.php

# Reference: https://twitter.com/reecdeep/status/1280162558360551425

celltee.xyz
dkf.co.id/wp-keys.php
electricpicklemiami.com/wp-keys.php
elito-grad.ru/wp-keys.php

# Reference: https://twitter.com/abuse_ch/status/1280162671510401024

neterscunverssuf.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1280177169671520257

acrilicossp.com.br/wp-parsing.php
afdah2.com/wp-parsing.php
ajacademys.com/wp-parsing.php
aydninsaat.com/wp-parsing.php
bludelego.it/wp-parsing.php
bnegg.vn/wp-parsing.php
chwasinsvolanrosti.gq/wp-parsing.php
neterscunverssuf.gq/wp-parsing.php

# Reference: https://twitter.com/p5yb34m/status/1280566415913676803

silalang.go.th/wp-keys.php
plumberwarsawindiana.club/wp-keys.php
pc.shindiristudio.com/wp-keys.php
parts.avtosprava.com/wp-keys.php

# Reference: https://twitter.com/DynamicAnalysis/status/1280599259184840704

ultimatefitnessholiday.com/wp-parsing.php
netinup.it/wp-parsing.php
oneolimpio.tech/wp-parsing.php
adgersandviho.cf/wp-parsing.php
paraben-sticks.com/wp-parsing.php
tralsiwheepegangcomp.tk/wp-parsing.php
parceirosvendaativa.club/wp-parsing.php

# Reference: https://bazaar.abuse.ch/sample/1615c46ae8e9b2f243ed4e124edffeea4cd452fd5a2ad92b496260e1c963ae86/

adgersandviho.cf
dayton.store

# Reference: https://twitter.com/p5yb34m/status/1280921411087818753

anatoliadrilling.com
charlesengineering.in
dcws-ev.com
doorbhai.com

# Reference: https://twitter.com/DynamicAnalysis/status/1280951123625598981

rdaprint.in/wp-parsing.php
vishweshwarastrology.com
tatpasapipag.tk
netinup.it/wp-parsing.php
oneolimpio.tech/wp-parsing.php
hanskingrypgirigolf.ml

# Reference: https://twitter.com/DynamicAnalysis/status/1280892126428114944

karen.store
quechardojecde.tk
ticformjunclenneo.tk

# Reference: https://twitter.com/p5yb34m/status/1281275752961282048

merter.shop/wp-keys.php
pasca.fapet.ub.ac.id/wp-keys.php
pick20shop.shop/wp-keys.php
posviat.ru/wp-keys.php

# Reference: https://twitter.com/reecdeep/status/1282621884102774784

dayton.store
karen.store
quechardojecde.tk
ticformjunclenneo.tk

# Reference: https://twitter.com/Racco42/status/1282616955028090880

dweandro.com
sweleger.com
zonculet.com

# Reference: https://twitter.com/DynamicAnalysis/status/1283451811052032002

quuik.com/wp-keys.php
theincrediblebihar.com/wp-keys.php
tlcid.org/wp-keys.php
tvxnoticias.com/wp-keys.php

# Reference: https://twitter.com/p5yb34m/status/1284176284499578881

6730dartmouth.com/wp-keys.php
6730dartmouth.com/wp-parsing.php
akcje.browarbrodacz.pl/wp-keys.php
akcje.browarbrodacz.pl/wp-parsing.php
fortsanmanesilink.ga/wp-parsing.php
myadvision.com/wp-keys.php
myadvision.com/wp-parsing.php
scoutadvisors.com/wp-keys.php
wadapptanara.tk/wp-parsing.php
winfectsolutions.com/wp-parsing.php

# Reference: https://twitter.com/DynamicAnalysis/status/1285264183328673792

bdvan.com/wp-keys.php
atemschutzmasken-schutzmasken.de/wp-keys.php
bitcoincasinoreview.com/wp-keys.php
ballista.vn/wp-keys.php
bothigolfscuron.tk
caixabanktalks-bancaprivada.agoranews.es/wp-parsing.php
cardskool.com/wp-parsing.php
cloudguchenleteli.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1285269378641141761

ashok-poudel.com.np/wp-keys.php
aulaabierta.agoranews.es/wp-keys.php

# Reference: https://twitter.com/JasonMilletary/status/1285295845601087488

tiawildlidapu.tk

# Reference: https://twitter.com/DynamicAnalysis/status/1285264185211981833

/wp-parsing.php

# Reference: https://twitter.com/malware_traffic/status/1285984351583338502
# Reference: https://app.any.run/tasks/d5999721-fd0c-4e45-a849-90c248a56246/
# Reference: https://pastebin.com/raw/9JwfrjFA

80.249.146.77:443
vlcafxbdjtlvlcduwhga.com
softwareserviceupdater3.com
softwareserviceupdater4.com

# Reference: https://twitter.com/abuse_ch/status/1290676919072182272

aghacks.xyz

# Reference: https://twitter.com/p5yb34m/status/1290839320245358593

agrandissementpenisxxlfr.xyz
pawsnewmapitocdo.tk
trochzoposotocon.tk

# Reference: https://twitter.com/abuse_ch/status/1290994444171452417

luckyprizewon.xyz

# Reference: https://twitter.com/reecdeep/status/1291021060490571777

modifikasi.xyz
fuefutingtourmomi.tk
sympmatidoorslo.tk

# Reference: https://twitter.com/malware_traffic/status/1291047792450908162
# Reference: https://twitter.com/malware_traffic/status/1291055785435373570

channelmelabd.com/wp-keys.php
hhbiao.com/wp-parsing.php
web.job2go.net/wp-parsing.php
ia9.cn/wp-parsing.php
billibazar.com/wp-parsing.php
th.plus/wp-parsing.php

# Reference: https://twitter.com/DynamicAnalysis/status/1292869239259488259
# Reference: https://twitter.com/DynamicAnalysis/status/1292869241742426112
# Reference: https://app.any.run/tasks/96791cf1-fa33-4ba8-bd00-bda03e36d155
# Reference: https://app.any.run/tasks/28dc3476-2c2b-4f0c-b89e-0b0038ab06a4
# Reference: https://app.any.run/tasks/ba1b2b5e-fcd8-475e-ae48-be7507eebff1
# Reference: https://pastebin.com/5mvpFftn

ahoeviwo.com/wp-parsing.php
cga.cn/wp-parsing.php
chiarizzimooca-lancamento.com.br/wp-keys.php
chiarizzimooca-lancamento.com.br/wp-parsing.php
danyalpakhsh.ir/wp-keys.php
danyalpakhsh.ir/wp-parsing.php
flidot.com/wp-keys.php
flidot.com/wp-parsing.php
geoflamonadrieve.tk/wp-parsing.php
globalfilipino.net/wp-keys.php
globalfilipino.net/wp-parsing.php
mementomori.vn/wp-parsing.php
metodoking.com/wp-parsing.php
nocusnanakindtu.tk/wp-parsing.php

# Reference: https://twitter.com/VK_Intel/status/1293081799644581889

syndicationtwimg.site
twiitter.website

# Reference: https://twitter.com/threatinsight/status/1293607914339434496

softwareserviceupdater1.com

# Reference: https://twitter.com/reecdeep/status/1293601730618437632
# Reference: https://twitter.com/malware_traffic/status/1293609013318385664
# Reference: https://app.any.run/tasks/ef5bd545-7404-440e-a86a-f00e2e89bc42/

alesirovone.world
billboardonline.live

# Reference: https://bazaar.abuse.ch/sample/13509b3f6aeacb569938cc1baa474beac1c0e6d1ce222ca681d9d463889babac/

titaniumgamers.com/wp-keys.php
titaniumgamers.com/wp-parsing.php
girldowcahohorme.tk/wp-parsing.php
blog2.textbookrush.com/wp-parsing.php
curiosidadez.com.br/wp-parsing.php
nonchothetohear.cf/wp-parsing.php
sicupira8.com.br/wp-parsing.php

# Reference: https://www.virustotal.com/gui/file/36e03265704d015cb3890c7fe46b5aeb2202a23ef55f5ff809dd83c2eadec521/detection
# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.105/relations

itqssosgjbloiuuuuumd.com
mawfotjeqprnvfmawfot.com
otjeqprnvfmawfotjeqp.com
qprnvfmawfotjeqprnvf.com
rnvfmawfotjeqprnvfma.com
vfmawfotjeqprnvfmawf.com
wfotjeqprnvfmawfotje.com

# Reference: https://www.virustotal.com/gui/file/cfb00e79168171aa3c36a8de4dd6adb74d43839f59e9543143fb3260dc0b9ff3/detection

viewextension.live

# Reference: https://www.virustotal.com/gui/file/7ff3fd64dc196279d321f8047065e6998d0db6c6ffe0b02c9770488a0538bfc3/detection

billboardonline.live

# Reference: https://twitter.com/anyrun_app/status/1301096026577797121
# Reference: https://app.any.run/tasks/8cfc0b3f-c668-4e2b-b8c8-837431699fd2/
# Reference: https://www.virustotal.com/gui/file/7ac38370b6402a643f4b2921eae726f3b5f873bd74eed54d7a782c370be1905a/detection
# Reference: https://www.virustotal.com/gui/file/10af5707c8f1a59c31d0f57d99f6ca4386ba7cadd3b6b71a0eac05eacf631f5e/detection

as9897234135.org
as9897234135.xyz
sushiassasin.xyz

# Reference: https://twitter.com/reecdeep/status/1301137977331060736
# Reference: https://app.any.run/tasks/02b2f88f-d81b-43fe-a2b9-076429024888/

lastcost2020.com

# Reference: https://www.virustotal.com/gui/file/dec5d4a8805defd810a545d6cb3e46cb7bb72a63f0d1c60cef82baf15bfad39b/detection

cheneer.org
cupersip.com
esplody.org
findulz.com
fredoam.com
orderrys.com
paiancil.com
procinul.com

# Reference: https://www.virustotal.com/gui/file/bc2c5e2692df4493a1bbc9364689f1b7c532964497512065d3693cae50214860/detection

bladilk.com
dinctov.com
ennaser.com
fopiese.com
giridly.com
hyatart.com
phanleb.com
pleclep.com

# Reference: https://www.virustotal.com/gui/ip-address/216.10.251.31/relations

scotogh.com
toweadi.com
wunchilm.com

# Reference: https://www.virustotal.com/gui/ip-address/162.241.120.85/relations

cromecho.com
holavar.com
zonculet.com

# Reference: https://twitter.com/Racco42/status/1280620367078395904
# Reference: https://app.any.run/tasks/4fcd482e-925c-458a-86ec-d9828a3b0fe6/

odoncrol.com

# Reference: https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html (# Zloader)
# Reference: https://otx.alienvault.com/pulse/5f5120c23b86bf1880a2ba7c
# Reference: https://www.virustotal.com/gui/file/5ca221824971461dcb7a32ff9ca391c57bbca2aafa980a7f01204b376cdf30a0/detection
# Reference: https://www.virustotal.com/gui/file/5f287d8b207645d9cfb47ff2aacb7ed2a6769fa14b1fe78c45a73efc73f0a84c/detection
# Reference: https://www.virustotal.com/gui/file/1233250fdba7a6a9af69091ba14ec5186c703714ff8c18c911087d16c22da64d/detection

dasifosafjasfhasf.com
dksadjsahnfaskmsa.com
dksdjasi92iejdnfsa.info
dksjdsajdiei28uj2.info
drysetfirst.com
dsdjfhd9ddksaas.pro
dsdjfhdsufudhjas.com
dsdjfhdsufudhjas.pro
dsjdjsjdsadhasdas.com
dskdsajdsadasda.info
dskdsajdsahda.info
dskjdsadhsahjsas.info
dwajfjaiakdnsandks.com
fastandstrongwolf.com
fdsjfjdsfjdsdsjajjs.com
fdsjfjdsfjdsjfdjsfh.com
fslakdasjdnsasjsj.com
idisaudhasdhasdj.com
idsakjfsanfaskj.com
iloveyoubaby1.pro
jdafiasfjsafahhfs.com
kasfajfsafhasfhaf.com
kdsidsiadsakfsas.com

# Reference: https://www.virustotal.com/gui/file/76776877cf663f9b3d5647b0efdf3e062cf41d7d4757371ed9ad4fc0d85d7179/detection

staycalm.club

# Reference: https://www.virustotal.com/gui/file/5557fd15d615f360af1aefa6a7e2bed3382e26bdabb08d7e5a8f0f9387449f3a/detection

stoutorder.xyz

# Reference: https://twitter.com/p5yb34m/status/1301574398206341121
# Reference: https://twitter.com/p5yb34m/status/1301577379945480192

4fishing.it/wp-parsing.php
adsnoinsta.com/wp-parsing.php
divocdiagnostics.com/wp-keys.php
educationcrypto.io/wp-keys.php
gamehub.ee/wp-keys.php
hatcuomhoainhu.com/wp-keys.php

# Reference: https://twitter.com/p5yb34m/status/1303396479210414080

jawadsarwary.com/wp-keys.php
lavish.hu/wp-keys.php
noithatdtwood.com/wp-keys.php
placemonster.com/wp-keys.php
jggourmet.com.br/wp-parsing.php
hepgul.net/wp-parsing.php

# Reference: https://app.any.run/tasks/ae4f5a71-55f3-4e72-9652-9e6457439a0d/

component.pw

# Reference: https://www.virustotal.com/gui/file/0547b9ad623b3416f46adef429a06f65b153af1e8789063d3ba2171a1ed5865e/detection

aware.pw

# Reference: https://twitter.com/James_inthe_box/status/1303705761546006529
# Reference: https://app.any.run/tasks/c563b0ca-3bda-44b6-88be-f50679c6f9de/

narbahe.co
postplanet.xyz

# Reference: https://app.any.run/tasks/104bd2d0-d638-41b0-abe2-dcb841ed7e41/

lastcost2020.com
lastcost2020.in
lastcost2020.info
lastcost2020.net
lastcost2020.org
rrleuleuetijabsnqsgn.com
tvlmfacgscbjlndewpxn.com
yvibvuyolrfeegaophef.com

# Reference: https://twitter.com/malware_traffic/status/1304526920982421504
# Reference: https://app.any.run/tasks/b5f91495-1e1b-46e3-8fa3-9167be09d2f3/
# Reference: https://app.any.run/tasks/1010d37c-df87-437e-ba72-8888677549b8/
# Reference: https://app.any.run/tasks/b63d7983-51a2-41ff-8af1-cec3e06e8830/
# Reference: https://app.any.run/tasks/f8e275f7-707e-4049-8997-e3fd4c03a9e8/
# Reference: https://app.any.run/tasks/e8974739-ae34-42b3-be47-34068041b3b7/
# Reference: https://app.any.run/tasks/2be932ef-c6d2-42f2-82c5-ae4decdae3ec/

http://205.185.113.20
calgarydancecentral.com
nlbmfsyplohyaicmxhum.com
snnmnkxdhflwgthqismb.com
softwareserviceupdater1.com
softwareserviceupdater2.com
softwareserviceupdater5.com

# Reference: https://www.virustotal.com/gui/file/5b0d2be4d9cce9d75ca447d998c529cb3bf68cf81403d9417fd8c9922cfe6fb5/detection

sept9stuff1.com
sept9stuff2.com

# Reference: https://twitter.com/makflwana/status/1305089992830496769

dotxwbdwktpeaoniphea.com
dsjdjsjdsadhasdas.com
fqnvtmqsywublocpheas.com
gveejlsffxmfjlsfbllq.com
pkiser.online
xbcfxmfmjqstjiocvrni.com
xrldoakhnnjsuvjslccd.com

# Reference: https://twitter.com/FaLconIntel/status/1306045674887155712

freebreez.com
litlblockblack.com
vaktorianpackif.com

# Reference: https://twitter.com/p5yb34m/status/1306663695318093829

arboristcrew.net/wp-smarts.php
jumper.rocks/wp-index.php
jumper.yoga/wp-index.php

# Reference: https://twitter.com/InQuest/status/1311077223584071680
# Reference: https://www.virustotal.com/gui/ip-address/47.254.26.204/relations

baroqueone.top
ccleanerguide.com
daisygirl.top
lampofcosmos.top
modeson.top
moonitor.me
oldgoodviktory.top
servicedesk42.org
setupupdate2020.com
somesecrets2020.net
thesesecrets2020.net
ultimatemoon.top
win-update2020.net
winsetup220.com
fqnvtmophfeas.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1311267393545568256
# Reference: https://twitter.com/ffforward/status/1316769541159104518

exwhbecwrsuggjavqopq.com
fqnceas.su
fqncpheas.ru
fqnvsdaas.su
fqnvtcpheas.su
fqnvtmophfeas.ru
fqnvtmqass.ru
securefiles.top

# Reference: https://twitter.com/p5yb34m/status/1312091143685906437

tokojayacs.com/wp-touch.php
volero.ca/wp-touch.php
webdachieu.com/wp-touch.php

# Reference: https://twitter.com/d4rksystem/status/1313524422993760256
# Reference: https://twitter.com/James_inthe_box/status/1314677701538508800
# Reference: https://app.any.run/tasks/86d4d856-eaa5-464e-8ce2-d75d948ef1c7/
# Reference: https://www.virustotal.com/gui/file/e60996672c7901683e5de88d6e9482e55b5cf9612b7ac1b4eee64e34c44bd6aa/detection

amagank.com
quartanam.com
rkbthfiysckqfbiqbfmu.com

# Reference: https://twitter.com/James_inthe_box/status/1313442561348968448
# Reference: https://www.virustotal.com/gui/file/69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09/detection

hacemosmarketingdigital.com.ar/6bbktc.php
heimat-harz.com/zgwykq.php
hgt.vaduni.vn/tjxxhk.php
hoanggiang.tk/kgqbsf.php

# Reference: https://twitter.com/p5yb34m/status/1313548199538298880

fqnesas.ru
fqnvsdaas.su
fqnvtmqass.ru
fqnvtcpheas.su

# Reference: https://twitter.com/malware_traffic/status/1314277885985853444
# Reference: https://www.malware-traffic-analysis.net/2020/10/08/index.html

sept9stuff10.com

# Reference: https://twitter.com/DynamicAnalysis/status/1314339997512736768

nextdiv.net/fy02i9.php
shelfie.co.il/mvairs.php
smcalive.com/pi77oi.php
tumejorcafe.com/zgzy5j.php

# Reference: https://twitter.com/DynamicAnalysis/status/1314343818985005060

dogestidecamels.tk
rentuineranmudfhe.tk
nextdiv.net/k1wig8.php
pizza-cordial.fr/2gzmxg.php
shelfie.co.il/mm0tb8.php
smcalive.com/ucgcdq.php

# Reference: https://app.any.run/tasks/2e2b3a30-fcaa-4f1d-9acf-2dcdc7c9d66e/

guanzhongxp.club

# Reference: https://twitter.com/DynamicAnalysis/status/1314616784843018241
# Reference: https://pastebin.com/EDrhpGEr
# Reference: https://app.any.run/tasks/0e36b933-30e3-4f71-ada8-0520a0402664/
# Reference: https://app.any.run/tasks/3bb0fe37-b3a8-4131-8829-c3aea6018da8/

triccirohepe.tk
dataworxsystems.com
cforcemarine.com/bvprba.php
floridalimousinerental.com/b7ub0h.php
fredshead.info/txiao2.php
1stsecuritysolutions.co.uk/17vfj3.php
aplusevents.com.au/elxbmr.php
autoescolatopsul.com.br/zsog59.php
avecla.es/d3k34t.php
botchicoffee.com/fmsbdt.php
buddingreport.com/yxewxx.php

# Reference: https://twitter.com/p5yb34m/status/1314629141925257216

cforcemarine.com/bvprba.php
dataworxsystems.com/6ncaq0.php
floridalimousinerental.com/b7ub0h.php
fredshead.info/txiao2.php

# Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html (# Win.Packed.Zbot-9773448-0)

ayydtgoztdeobrnbswxyhivl.ru
betneqxoxsgondrgtzdhxtif.com
beyhrshuguucxobxoylxsobalz.biz
bisqwdizeahjvlxoifhuwfud.info
bymfljnjjzeugullozlrnrwovifin.net
cqjrjnqwjvgyzhabiobizrxoif.biz
dqldugazhroylorhipjbubyqyti.org
hmpndhpdqgahvsceqypxgey.ru
hxdzdzxqokvijvkzxcaeuhukgmiz.biz
iraeivaecqovcurggyzpcqugkvnvga.net
ivivdbihycjnkjhifqocihnrxs.net
mrtkaqztpgudkjgelfdhnvdinj.com
nbrpnrlobinobduqceumzgayttc.info
onytsgmbeueifazhewcpztqsgmsw.com
pfapbtrszxbynqclzjfxelbeq.org
pmjqwmvdzdzttxkfhmfuobtl.com
pnrmjlxrkfasgusrohbyjrtsgm.ru
qshididaizdmnocmddhqgnvau.org
qsqwjbmzaepdpxazhwfalmr.info
rcvivmvoztgdyuwnfrwcmxwmrcqh.org
tklxkbqwfqdijvtkibyxwgpjr.ru
uglbqhercsgdzdszlfexbirkd.com
ukgiytxmnijpnsgyxcmfdaupt.biz
vkypzptwlrgycqmcqtkojeihaq.info
wgdxgrllxcpfgajzifhtkuc.ru

# Reference: https://twitter.com/DynamicAnalysis/status/1315732408658923520

clientinclusiveconsulting.co.ke//wp-includes/cache-wp-block-auth.php
giddysadventure.co.ke/wp-includes/class-wp-walkerrequests.php

# Reference: https://twitter.com/bomccss/status/1316909947435798528
# Reference: https://twitter.com/bomccss/status/1316891618352357377
# Reference: https://app.any.run/tasks/ea9083bf-4324-417e-b80a-8606ea083821/
# Reference: https://app.any.run/tasks/4de1f28e-5695-467d-af0e-07c4653462d6/

cateringmuslimcemangi.com
hellomydad.xyz
montessori123.net
notsweets.net
pickthismotel.xyz

# Reference: https://resources.malwarebytes.com/files/2020/05/The-Silent-Night-Zloader-Zbot_Final.pdf

http://162.241.115.242/sound.php
http://162.241.70.164/sound.php
http://185.180.198.32/abbyupdater.php
http://185.185.24.49/gate.php
http://185.236.202.146/sound.php
http://185.236.202.226/sound.php
http://185.236.202.235/sound.php
http://188.127.226.197/gate.php
http://195.154.119.165/gate.php
http://213.155.31.199/wwp/gate.php
http://217.138.205.135/sound.php
http://217.138.205.136/sound.php
http://217.138.205.159/sound.php
http://2.57.38.157/sound.php
http://45.72.3.132/web7643/gate.php
http://51.83.171.27/sound.php
http://62.109.2.250/gate.php
105711.com
106311.com
124331.com
209711.com
238ehs823s8h23.com
23d8s23hs89j239sj23.com
3reh8rd23js9.com
40j9f2j9sj32ssoj.com
4f394j89d3j4d89j34d.com
933988.com.tw/redir.php
adandore.com
adird.org
adran.org/sound.php
adslstickerf1.world
adslstickerfone.world
adslstickerf.world
adslsticker.world
advokat-hodonin.info
airnaa.org
ajvwdjtebb.pw
akrisko.info
apprdlbtb.pw
april30domain.com
april30x3domain.com
aquolepp.pw
aracp.org
artiealtiery.xyz
avnjila.website
axelerode.club
axelerode.host
baatiot.com
baj3tu.xyz
banog.org
banssa.org
barbeyo.xyz
basorkiq.host
bdr.ubibancaa.fun
bdr.ubibancaa.host
bdr.ubibancaa.space
bdr.ubibancaa.website
bdr.ubibanca.pro
bdr.ubibanca.xyz
bhajkqmd.xyz
blazeseher.xyz
bluecheese.top
bluslias.com
botiq.xyz
brewaz.club
brihutyk.xyz
brosmasters.com
buhismus.com
buhjike.host
bunap.org
bwambztl.xyz
calife.best
calul.org
cersubego.com
chorbly.org
ch.theblissbinder.com
ciconuati.com
cmmxhurildiigqghlryq.com
coult.org
cristinneese.xyz
czadvokat.info
d823hrd9239sdj2.com
d9j49dj923993.com
dandycodes.com
dasifosafjasfhasf.com
dcaiqjgnbt.icu
dcgljuzrb.pw
dentatox.org
detid.org
dhteijwrb.host
dierdreswensson.xyz
dij49jf39fjd340d.com
disrelure.com
djsadhsadsadjashs.pro
dksadjsahnfaskmsa.com
dolax.org
dsdjfhd9ddksaas.pro
dsdjfhdsufudhjas.com
dsdjfhdsufudhjas.info
dsdjfhdsufudhjas.pro
dsjadjsadjsadjafsa.info
dsjdjsjdsadhasdas.com
dskdsajdsadasda.info
dskdsajdsahda.info
dskjdsadhsahjsas.info
dxdeedle.host
eirry.org
emearibys.com
eoieowo.casa
erbscactus.at
ergensu.com
etized.org
evahs.org
far.spargroarr.org
fdsjfjdsfjdsdsjajjs.com
fdsjfjdsfjdsdsjajjs.info
fdsjfjdsfjdsjfdjsfh.com
fdsjfjdsfjdsjfdjsfh.com
fdsjfjdsfjdsjfdjsfh.com
ffclubs.net
fflxcsbtb.pw
fibulu.org
ficutept.com
finib.org
finuclier.com
flopperos.org
footmess.com
fotonums.com
fsakjdsafasifkajfaf.pro
fslakdasjdnsasjsj.com
fvqlkgedqjiqgapudkgq.com
fwgdhdln.icu
fyratyubvflktyyjiqgq.com
gavrelets.ru/wp-parser.php
gdexordsb.icu
geost.com/sound.php
gertibaeronjdkwp.site
gilantec.org
ginibenio.com
giril.org
givlonest.com
givlonest.org
glsunzdf.casa
gorab.org
greenrumba.com
grimberks.com
grually.com
gynrhcoe.pw
hahwuUmkwioq.site
happyiphoneusr.top
heartsmobileautorepair.com/123.php
heartsmobileautorepair.com/redir.php
hesaista.org
hibsurf.com
hinurs.org
home.comegico.com.mx
hopime.com/wp-parser.php
horatiobrotherton.xyz
horcinx.org
hormonas.comegico.com.mx
host.ff
hostww.enne
hustlertest.com
hwbblyyrb.pw
iawfqecrwohcxnhwtofa.com
idisaudhasdhasdj.com
idisaudhasdhasdj.com
idisaudhasdhasdj.com
idisaudhasdhasdj.info
idjwidj8f4f5ge.com
idsakjfsanfaskj.com
ifjedssofllvcr.com
iloveyoubaby1.pro
imosey.com
insceos.com
interurbanpu.at
invesund.org
iphonexr.top
iphonexsmax.top
irfanhaber.net/wp-parser.php
isfjiaaodwsoi.com
islacangrejo.fun
itachaphi.com
j2888hennene.site
japanjisho.info/wp-parser.php
jdafiasfjsafahhfs.com
jewellerydesigns.co.za
js823hs23js.com
jtppbycsb.space
jzfozxqe.site
kasfajfsafhasfhaf.com
kdsidsiadsakfsas.com
klill.com
knalc.com
kodray.org
kuaxbdkvbbmivbxkrrev.com
ldhly.com/wp-parser.php
leaben.pw
lesson.musicentrance.com/wp-parser.php
lgepubbf.icu
liangzizhineng.cn
lifeprimary.site
lildor.com
lipurf.com
lonehee.com
loots.org
lotio.org
ltuywjafbt.icu
luckystatus.com
march262020.best
march262020.club
march262020.com
march262020.live
march262020.network
march262020.online
march262020.site
march262020.store
march262020.tech
marchadvertisingnetwork10.com
marchadvertisingnetwork2.com
marchadvertisingnetwork3.com
marchadvertisingnetwork4.com
marchadvertisingnetwork5.com
marchadvertisingnetwork6.com
marchadvertisingnetwork7.com
marchadvertisingnetwork8.com
marchadvertisingnetwork9.com
marchadvertisingnetwork.com
maremeo.com
marlodubberly.xyz
maxbiler.dk/wp-parser.php
mayinakh.xyz
milsop.org
mioniough.com
monbrase.com
mslfiedjssfdes.com
msrtuhctb.pw
naght.org
namilh.com
nexycombats.com
nlbmfsyplohyaicmxhum.com
nmqsmbiabjdnuushksas.com
nmttxggtb.press
nncpsedsb.host
norpy.org
nurgsozebt.pw
oajdasnndkdahm.com
obeaf.com
oidjweidj34rd3.com
ojnxjgfjlftfkkuxxiqd.com
onfovdaqqrwbvdfoqnof.com
onregcan.com
ooygvpxrb.pw
pacallse.com
pearlsolutionis.com
peermems.com
penaght.org
penaz.info
perditta.org
pheia.com
pitinjest.org
plemopomps.com
polild.org
postgringos.com
postxer.com
pqayjeenbbt.icu
pressrealbox.com
purots.com
pwkqhdgytsshkoibaake.com
qwd8s3j8s23h8s.com
rarigussa.com
rayonch.org
rehoterv.org
representis.icu
representis.xyz
retualeigh.com
rhald.org
rizoqur.pw
ronswank.com
roo.purcererya.org
rswtgmhf.pw
rubense.xyz
rutom.org
s28hs823hs823js.com
sandyfotos.com
sentspiels.com
shatskie.org
shotroot.xyz
sifeiwdjiesde.com
sigmark.org
siloban.pw
sldeodjiweiswi.com
smeack.org
smenard.com
smoash.org
snnmnkxdhflwgthqismb.com
soceneo.com
soficatan.site
spardanos.com
spensores.com
stagolk.com
starterdatas.com
surgued.com
tarsilh.com
tarynak.org
teamper.org
tepbfiafbtt.pw
teslatis.org
tetraslims.com
thoughtlibrary.top
tilyn.org
tirdo.org
todiks.xyz
trebitmore.org
tremood.com
twinsors.xyz
unwer.org
vacontd.com
vanagitah.com
veckeard.com
verobani.website
vfgthujbxd.xyz
vipstore.pp.ua
vitog502.digital
vitog502.life
vitog502.live
vitog502.world
watae.org
wd23h8qsh8qhs823qs.com
weako.org
welefus.com
wgyvjbse.pw
wlqaqife.icu
wmwifbajxxbcxmucxmlc.com
danceeruohitslatm.de
deephousesets1.de
eurodancehitslatm.de
trancepartysets.de
wuaiwan.cn/wp-content/uploads/2020/04/123.php
xaprgnve.icu
xyajbocpggsr.site
ydmfemfe.pw
zelacarths.com
zernel.org
zgpqjzwrb.pw
zonaa.org
zoraokorol.xyz

# Reference: https://twitter.com/reecdeep/status/1317129307987345417

acpdd.cat
aestheticscc.com
ashraydekho.com
biotantra.info
breaktalks.com
procalterfineb.tk
reach-me.co
rkhydraulic.com
sadarpursangbad.com
t20group.com
voldemarholding.ee

# Reference: https://twitter.com/p5yb34m/status/1317147109498310656

arifulhuq.com
ashraydekho.com
biotantra.info
breaktalks.com

# Reference: https://twitter.com/pancak3lullz/status/1318908446515863557

eecakesconf.at

# Reference: https://twitter.com/ffforward/status/1318959441555881987

digidraft.in/ve5hpk.php
trackbrand.com/h0g6g6.php
icapturefilms.com/jo4xyy.php
iptvipstore.com/a070ru.php

# Reference: https://twitter.com/p5yb34m/status/1318969744670613504
# Reference: https://app.any.run/tasks/481e2a81-db99-4591-b8db-d2485954b62e/

albeeah.co/zg5ndr.php
htrackbrand.com/oltxgw.php
mail.htrackbrand.com/6bfcaf.php
recrugenie.cm/cqvlp9.php

# Reference: https://twitter.com/ffforward/status/1319260364865966082
# Reference: https://www.virustotal.com/gui/ip-address/8.209.124.215/relations

amwsb.top
digitfile24.top
docustore2020.top
donwloadfiles.top
download24.top
onlyfiles2020.top
purefile24.top
topme2u.top

# Reference: https://twitter.com/benkow_/status/1334457137104302081
# Reference: https://twitter.com/sS55752750/status/1340142914366808065
# Reference: https://app.any.run/tasks/96c98cc5-938a-454a-ae5f-b94b66bec454/
# Reference: https://www.virustotal.com/gui/ip-address/8.208.27.152/relations

downlfile24.top
download24.top
fersite24.top
fersite24.xyz
fileshare24.top
getfiles2020.top
marioluidgi.top
onlyfiles2020.top
puredoc2020.top
purefile24.top
rma321.com
secfile24.top
securedocument24.top
sendfile24.top
sendspace.top

# Reference: https://twitter.com/FewAtoms/status/1317162909512892417
# Reference: https://www.virustotal.com/gui/ip-address/8.208.76.109/relations
# Reference: https://www.virustotal.com/gui/file/696bb0e2594ca7eda7482d77d12c56f904ff3d07985c45e6f2e5b7c027b2d1db/detection
# Reference: https://www.virustotal.com/gui/file/9e566de0ea8df6d37bde4de438df7bc539cb0dae8fb5233bf9c27cb567dd894b/detection

callmebb.com
callmebe.com
digdown2020.top
digitfile24.top
docsecure.top
downdetect24.top
download2020.top
getfiles24.top
manudeg.top
mecorus.top
onlyfiles24.top
privatefiles24.top
purefiles24.top
puresoftware.top
securefiles.top
somefiles24.top
therefiles24.top

# Reference: https://twitter.com/ffforward/status/1319689162975531009
# Reference: https://www.virustotal.com/gui/ip-address/8.208.80.144/relations

getfiles2020.top
secureinfo.top
dksaoidiakjd.su
iqowijsdakm.ru
iweuiqjdakjd.su
kochamkkkras.su
odsakjmdnhsaj.su
odsakmdfnbs.su
olksmadnbdj.su
uookqihwdid.ru
wiewjdmkfjn.ru
yuidskadjna.su

# Reference: https://twitter.com/ffforward/status/1319645783029878785

naturalwaterresources.com/hzqx9t.php
sosoab.com/6fz3ha.php
v2.oldhenry.com.vn/8pajkb.php
v2.oldhenry.com.hk/8tj8mz.php

# Reference: https://www.virustotal.com/gui/ip-address/8.208.28.187/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.80.144/relations

bigsyndicate.top
fastbikers.top
leathershirt.top
pacmanslife.top
redrumz.top

# Reference: https://www.virustotal.com/gui/ip-address/47.241.144.63/relations

scribbles.top

# Reference: https://twitter.com/p5yb34m/status/1320801058260578304

honey-vinegar.com/ubkc0d.php
gabrielcuadra.com/kokrv4.php
trassierramotor.com/s9csvh.php
barsoleillevant.fr/hfmxoc.php
kare.academy/cztq8q.php
shbiolabs.com/hhn9x6.php
tamilgreets.com/mlt2li.php

# Reference: https://twitter.com/malware_traffic/status/1320867685513728002
# Reference: https://www.virustotal.com/gui/ip-address/91.203.192.40/relations

celtictimesofkarishan.com
decemberkentuck102981.com
deemberkentyucky101.com
donburitimesofindia.com
kentyckyderby201000.com
wingtonwelbemdon.com

# Reference: https://twitter.com/p5yb34m/status/1321507293356126208

hkq.cfc.myftpupload.com/qyc7wt.php
creatorclick.com/eqyjz6.php
tsapparel.com.my/fd66e6.php
puraanvidya.com/wlp11a.php

# Reference: https://twitter.com/James_inthe_box/status/1321542025238306816

freelancer.yoga
joliet.xyz

# Reference: https://twitter.com/nao_sec/status/1321839154225803264/photo/1
# Reference: https://www.capesandbox.com/analysis/80983/

azoraz.net
dogrunn.com
karamelliar.org
olpons.com

# Reference: https://twitter.com/p5yb34m/status/1322230013815476224

longisland.casa/wp-data.php
payment.fashiont/wp-data.php
creditoacumuladoicms.com.br/njcnt1.php
morgadoent.co.za/tizmel.php
amazonuniverse.in/a1cunn.php
access-one.us/aym3vh.php

# Reference: https://www.virustotal.com/gui/file/25a07edb7f484aaef1991a9f30b1dd4a51fb6820d4cf67a5ddb5474fe020c761/detection
# Reference: https://www.virustotal.com/gui/file/280969adede7a10b271c9d20e227f49e3c627b8233837624364e4511ba4cd45a/detection
# Reference: https://www.virustotal.com/gui/file/d7a95fbf8e4bfc8b5f5ede22e8922ac0992866a1a2e91b27e9ff25d3c674bd58/detection
# Reference: https://www.virustotal.com/gui/ip-address/8.208.25.249/relations

staticwin.top
winstatic.top
winstatics.xyz

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662

avanospetrol.com.tr
piksellat.com/tcsrog.php

# Reference: https://twitter.com/ffforward/status/1323688558025232386

belfast.pw/wp-index.php
payment.fashion/wp-index.php
greensborojeep.com

# Reference: https://twitter.com/ffforward/status/1324347621000028161

animalbliss.com/xmlpl.php
gogaurav.com/lkcvjw.php
susansquires.com/2014-style2.php
wfduino.com/pcwblt.php

# Reference: https://twitter.com/ffforward/status/1326189094087618561

oxbridge.org.hk/robots.php
protekgr.com/wp-touch.php
mandreskincare.com/wp-touch.php
ukidzbooks.com/holidays.php

# Reference: https://twitter.com/DynamicAnalysis/status/1326958416959397895

albanycofp.com/composer.php
tlsac.pe/wp-touch.php
ec3-design.com/wp-touch.php
srs.com.tw/wp-touch.php

# Reference: https://twitter.com/DynamicAnalysis/status/1326958417869598722
# Reference: https://twitter.com/DynamicAnalysis/status/1326958418683289601

tfbuildingjoinery.co.uk/robots.php
globalpacificproperties.com.au/terms.php
loonybinforum.com/errors.php
luminousintent.com.au/wp-smarts.php
espazioabierto.com/wp-smarts.php
racriporrosepo.tk/wp-smarts.php
kgtwiakkdooplnihvali.com

# Reference: https://twitter.com/ffforward/status/1327284610552782853
# Reference: https://twitter.com/p5yb34m/status/1327345395236708352
# Reference: https://twitter.com/p5yb34m/status/1327384040995864576
# Reference: https://twitter.com/DynamicAnalysis/status/1327361167530946560
# Reference: https://app.any.run/tasks/5875516d-57d4-4937-a4a4-8b88a9e287d1/

azoltd.myzen.co.uk/errors.php
b-design.studio/errors.php
b-design.studio/server.php
b-dvs.com/cpanel.php
b-dvs.com/server.php
enmasucitessee.tk/wp-smarts.php
mandreskincare.com/wp-smarts.php
moisbridge.co.uk/cp-panel.php
pousadadosolbuzios.com.br/wp-smarts.php
taigen-landscape.com/wp-crunch.php
taigen-landscape.com/wp-touch.php
taigen-landspace.com/logs.php
taigen-landspace.com/php_errors.php
telkfitness.protekgr.com/errors.php
topic.yoga/wp-data.php
topic.miami/wp-data.php
topic.miami
topic.yoga
tfbuildingjoinery.co.uk/errors.php

# Reference: https://twitter.com/DynamicAnalysis/status/1328448590818148352

christian.bar
customer.yoga

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/11/malsmoke-operators-abandon-exploit-kits-in-favor-of-social-engineering-scheme/
# Reference: https://otx.alienvault.com/pulse/5fb557ab0fa16a4265515139

dksaoidiakjd.su
iqowijsdakm.ru
iweuiqjdakjd.su
moviehunters.site
odjdnhsaj.com
odoishsaj.com
odsakjmdnhsaj.com
odsakmdfnbs.com
olksmadnbdj.su
wiewjdmkfjn.ru
yuidskadjna.su

# Reference: https://twitter.com/DynamicAnalysis/status/1328809549420118017

aclexpert.com/wp-touch.php
battery-wala.com/errors.php
jaspalandassociates.com/logs.php
joinaslicagent.co.in/logs.php
kabiraprints.in/logs.php
mintcennelattti.ga/wp-smarts.php
physiotherapywala.com/logs.php
proactivefacilities.com/logs.php
valleyviewhighschool.co.in/wp-touch.php
vinayakbatteries.com/server.php

# Reference: https://twitter.com/ViriBack/status/1329958833154908161
# Reference: https://www.virustotal.com/gui/ip-address/8.208.97.57/relations

iqowijsdakm.com
jealmmfvqltrgfjlfktp.com
ksadjaskdjaskd.com
mpwqqdyiwhydyidiuhjm.com
odsakmdfnbs.com
wiewjdmkfjn.com

# Reference: https://twitter.com/Scoobs_McGee/status/1330910908432994305

7cats.ch/logs.php
zoomerisdyslexic.com/wp-touch.php

# Reference: https://twitter.com/malware_traffic/status/1330953075310342151

geauverpalithinmyo.tk
orangeboxasia.com

# Reference: https://twitter.com/neonprimetime/status/1330969313294028804
# Reference: https://twitter.com/James_inthe_box/status/1330971564431478784
# Reference: https://twitter.com/James_inthe_box/status/1330974004656566272
# Reference: https://app.any.run/tasks/92d94699-7ab0-4acc-8752-3bf23e662c7b/
# Reference: https://www.virustotal.com/gui/ip-address/175.126.167.148/relations
# Reference: https://www.virustotal.com/gui/file/7af038d2f4f41c0d130aaa1e4557d821e2b7f4c6bda2be44300e229cd5c721df/detection
# Reference: https://www.virustotal.com/gui/file/b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35/detection
# Reference: https://www.virustotal.com/gui/file/07267a80219222f415c393876532a6f7806b713a4751aab34520545bed6795ef/detection

ametrine.dev.nymedia.no
redin.redsla.com
derdsgdannyer.com
dersmasfannyer.com
penodux.com
ploaernysannyer.com
tommusikirtyur.com

# Reference: https://twitter.com/K_N1kolenko/status/1331226553712308225

orangeboxasia.com/wp-smarts.php
m3izoglass.ro/wp-smarts.php
bayza.ro/up_img_01.php
cofetariarodna.ro/errors.php
casapintea.ro/logs.php
roractaseja.ml/wp-smarts.php

# Reference: https://twitter.com/ffforward/status/1331644073455849472
# Reference: https://twitter.com/ffforward/status/1331649287621586944
# Reference: https://twitter.com/p5yb34m/status/1331686984205496320
# Reference: https://app.any.run/tasks/6243c0aa-0a49-455d-a39a-cdbf218cf1e2/

skill.fashion
syracuse.best

# Reference: https://twitter.com/ffforward/status/1332359935477362693

angerango.com/logs.php
sodcf.com/logs.php

# Reference: https://twitter.com/ffforward/status/1332362642095222791

statedauto.com/wp-data.php

# Reference: https://twitter.com/Scoobs_McGee/status/1333451550602252290

flautasdeamor.com/server.php
smartfarmthailand.com/wp-scan.php

# Reference: https://twitter.com/ffforward/status/1334166467923865601

dishankart.com/scan.php
fohowpharmaceutical.com/r.php
hostmayo.com/server.php
zenitram-it.com/server.php

# Reference: https://tria.ge/201202-ff2b8wv312

alhasanatbooks.com/reader.php
aflim.org.ng/wp-punch.php
sardarmohammad.com/reports.php
erikarabelo.com.br/server.php
thechapelofthehealingcross.org/java.php
grebcanualcwilfprofal.ml/wp-smarts.php

# Reference: https://twitter.com/JasonMilletary/status/1334193775573397513

thechapelofthehealingcross.org
zivotopisi.sdmsh.hr/wp-smarts.php
vladstudio.md/wp-smarts.php
ittafernnetipum.cf/wp-smarts.php

# Reference: https://twitter.com/neonprimetime/status/1334483196663173122

markens.online
statedauto.com

# Reference: https://tria.ge/201205-e4k79bke7e/behavioral1

dksaoidiakjd.com
iqowijsdakm.com
iweuiqjdakjd.com
odjdnhsaj.com
odoishsaj.com
odsakjmdnhsaj.com
odsakmdfnbs.com
olksmadnbdj.com
wiewjdmkfjn.com
yuidskadjna.com

# Reference: https://www.virustotal.com/gui/file/a612370e45b7c1121a2ab805c05e67722070d4a9d553d4f1dfb1ddb6f1073567/detection

berlitzalahsa.sa/sport/rockstar.php

# Reference: https://www.virustotal.com/gui/file/311866db40d23103cd233bee8d86206b52007bb6254e36502e20606ff34dcb39/detection

berlitzalahsa.sa/QW4.exe

# Reference: https://twitter.com/ffforward/status/1335909463698644992

luckyladdys.com/wp-loader.php
rosecollection.biz/cape.php

# Reference: https://twitter.com/ffforward/status/1336328138402328586
# Reference: https://twitter.com/p5yb34m/status/1336422367929671681

leadingpips.com/crypt.php
localco.ae/wp-scan.php
mobitel-servis.si/vendor.php
sadiahyat.com/scan.php

# Reference: https://twitter.com/p5yb34m/status/1336419133697626112

nature4health.id/wp-punch.php
serproimsas.com/wp-punch.php
agrospas.co.rs/wp-punch.php
fnxcrypto.com/server.php
lywakelireal.ga
maschuquisaca.tk

# Reference: https://twitter.com/ffforward/status/1337398984655183874
# Reference: https://twitter.com/Scoobs_McGee/status/1337401077323493378

bimladfuels.co.uk/server.php
primaria-piscu.ro/wp-scan.php
robimartpetroleum.com/server.php
ruvybeverages.com/wp-scan.php

# Reference: https://twitter.com/JasonMilletary/status/1337421493169500162

businessinsurancelaw.com/wp-punch.php
squire.ae/wp-punch.php
lamun.pk/wp-punch.php
rcclabbd.com/wp-punch.php
thecype.com/wp-punch.php
theterteboltallbrow.tk

# Reference: https://twitter.com/ffforward/status/1337460174903259136

foodopennow.com
matheraphy.com

# Reference: https://www.virustotal.com/gui/ip-address/185.240.102.113/relations

bmrbpdnuvvbkpluajbll.com
bwhskyguqecrwoekrnxl.com
ciyejmogsxnefypiwpew.com
cpidyredhfyvrkkytcsg.com
cpuinvhqismbiawfnivw.com
cpuiouglooukucidynln.com
cvrqkbluxembotuhluwc.com
dgxmychtpuvmenkbbchw.com
dohcnsghxwohogagaknm.com
dotxwbdwmvfoptjlcckb.com
exxkosgrxxlfyxnqakqe.com
fjnqnolijkpevhnkiqey.com
gdupdneyhwhsxtnpotrd.com
gjttaamibpysxadlgatx.com
ifnpsgupgdujqmxhuvwn.com
jeaxiuorfkxpmibophev.com
jkyisyprnuonxpsdmskn.com
khhnprlvipumrrpaiila.com
mpvrqfbkfcaivqbkjpdw.com
ouohygqcdyfraeumcvkd.com
ptaxjgsimgyxhuvvbblo.com
qwqnvhnqepymjaduaxih.com
rcoixfyxmiqqhmgowyxj.com
rcoixxkaxclbapkyvxtk.com
ropmibwbwfkevluntsfv.com
sryjfwjoeujnyfptujlx.com
sywhpcxmxhurildirjok.com
teejdhytvemxnrawlebm.com
tqxiurcrtunuvnddxfpu.com
txvcwirjkdggmbfvqhfc.com
ubfxsklljlfrmifklwcy.com
uqiyrgufaurljodorptt.com
vjjwuegyajqtiqmalkqv.com
wqwmqoykrkkfcpruxxro.com
xdeummiurcurcyjsnngt.com
yompmepvyvbxkjvydsxt.com

# Reference: https://twitter.com/James_inthe_box/status/1352293970911453185
# Reference: https://app.any.run/tasks/e73342fe-9ff3-432e-b829-1c63a2325257/

funkstarnews.com

# Reference: https://www.virustotal.com/gui/file/5772f00cf84796a5e5d33b9bb6a9e35003d77d513a6441fc0728760905156c20/detection

hebronoil.com/wp-content/plugins/WPSecurity/load.php
indiatoday.tech/wp-content/plugins/WPSecurity/load.php
jagofreelance.com/wp-content/plugins/WPSecurity/load.php
parkersway.com/wp-content/plugins/WPSecurity/load.php
roqyajeddah.com/wp-content/plugins/WPSecurity/load.php
shortcat.stream/wp-content/plugins/WPSecurity/load.php
sifenlemma.net/wp-content/plugins/WPSecurity/load.php
sportsplatform.eu/wp-content/plugins/WPSecurity/load.php
/wp-content/plugins/WPSecurity/load.php

# Reference: https://www.virustotal.com/gui/file/08ecec4c732190e56000173c05210bfa300053916246d3a3f11ad10965260b14/detection

creditoscorfo.com/wp-content/plugins/wpsecurity/load.php
eatafoodcayman.com/wp-content/plugins/wpsecurity/load.php
freddymutonga.com/wp-content/plugins/wpsecurity/load.php
hebronoil.com/wp-content/plugins/wpsecurity/load.php
intelligentool.com/wp-content/plugins/wpsecurity/load.php
laservision24.com/wp-content/plugins/wpsecurity/load.php
rambeeinc.website/wp-content/plugins/wpsecurity/load.php
sportsplatform.eu/wp-content/plugins/wpsecurity/load.php
themoneybreaks.com/wp-content/plugins/wpsecurity/load.php
thinkbestdeal.com/wp-content/plugins/wpsecurity/load.php

# Reference: https://twitter.com/cocaman/status/1353745680108564480
# Reference: https://bazaar.abuse.ch/sample/da61733e71fa28d0e04d55a88ba1b512531a0f3ed56656e4cdd0fef0de7a4452/
# Reference: https://www.virustotal.com/gui/file/da61733e71fa28d0e04d55a88ba1b512531a0f3ed56656e4cdd0fef0de7a4452/detection

amethystwinds.com

# Reference: https://twitter.com/ffforward/status/1356312657779970048
# Reference: https://app.any.run/tasks/1f251526-c50f-45b5-a9c2-9827f48cf232/
# Reference: https://tria.ge/210201-ccj8fe7lyn

chungasa.com
/chungasa.php
/chungasa.txt

# Reference: https://twitter.com/ffforward/status/1357733709005410304

idcg.co.in/server.php
mukaznigerialtd.com.ng/server.php
alahsateam.com/post.php
bestarticleblog.com/post.php
carmeta-ampuh.com/post.php
perlisisacsiograv.tk/post.php
pyggroup.com.pe/post.php
vidhyashram.edu.in/post.php

# Reference: https://twitter.com/Casperinous/status/1364268740892897281
# Reference: https://app.any.run/tasks/a349ed92-9a89-4b9e-97c6-84821f767bd2/

sanfilippowholesale.ca/post.php

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.48/relations

http://217.8.117.48

# Reference: https://www.virustotal.com/gui/ip-address/139.99.230.102/relations

http://139.99.230.102

# Reference: https://twitter.com/neonprimetime/status/1365328294674112513

findinglala.com
sejutamanfaat.com
/_vti_bin/shtml.exe/_vti_rpc

# Reference: https://twitter.com/ffforward/status/1365368776619937794
# Reference: https://tria.ge/210219-g8t2kxnh8e

cacesatansingmilk.tk
tenlapatevaj.tk
timemeaning.com
timeremain.com
toclylene.tk

# Reference: https://twitter.com/malware_traffic/status/1369052011728171009
# Reference: https://malware-traffic-analysis.net/2021/03/08/index.html

ntqsfkffxmfssairdbgv.com

# Reference: https://twitter.com/nao_sec/status/1371771006986022914
# Reference: https://app.any.run/tasks/cb6ee4fd-abd0-4dbb-b6fc-f045017f8022/

lggiwmsqpxbflwtoptnc.com

# Reference: https://app.any.run/tasks/5c40262f-0340-4016-bba1-53cbf64ff501/

pglmjwjuneypyatuewkq.com
ubfxsklljlfvqukmhuvj.com

# Reference: https://www.virustotal.com/gui/file/ce9d8545eb14f98f81526457b784ada2e37057dae2d74f625e47b4ed10549397/detection

dksdjfhd9ddksaas.info
dsdjfhd9ddks2aas.info
dsdjfhd9ddksa1as.info
dsdjfhd9ddksaas.com
dsdjfhd9ddksaas.eu
dsdjfhd9ddksaas.ru
dsdjfhdsufudhjas.net
dsdjfhdsufudhjas.su
dskadjfhd9ddksaas.info
kdsadisadijdsasm2.com

# Generic trails

/b56834fhdfh/
/desjardinsadmin/
/rbcadmin/
/scotiaadmin/
/blocks/gumjf.php
/fBvcwEr/index.php
/RA9cbC/tM0LVE.php
/web982/gate.php
/xsmkld/index.php
/lk4238fh317/
/LKhwojehDgwegSDG/gateJKjdsh.php
/LKhwojehDgwegSDG/
/gateJKjdsh.php
/js/gritg.php
/17vfj3.php
/pcwblt.php
/6ncaq0.php
/b7ub0h.php
/bvprba.php
/d3k34t.php
/elxbmr.php
/fmsbdt.php
/txiao2.php
/yxewxx.php
/zsog59.php
/wbbako.php
/atufik.php
/gqvvjx.php
/sv34fs.php
/oay1hk.php
/eraksa.php
/b6h7s1.php
/ve5hpk.php
/h0g6g6.php
/jo4xyy.php
/a070ru.php
/14gt134.php
/2gzmxg.php
/3YUjngR.php
/56hgfbcx.php
/6bbktc.php
/87aksjt.php
/zg5ndr.php
/oltxgw.php
/6bfcaf.php
/cqvlp9.php
/hzqx9t.php
/6fz3ha.php
/8pajkb.php
/8tj8mz.php
/ubkc0d.php
/kokrv4.php
/s9csvh.php
/hfmxoc.php
/cztq8q.php
/hhn9x6.php
/mlt2li.php
/qyc7wt.php
/eqyjz6.php
/wlp11a.php
/fd66e6.php
/njcnt1.php
/tizmel.php
/tcsrog.php
/a1cunn.php
/aym3vh.php
/abbyupdater.php
/adfw3.php
/aexwdbkcqdd.php
/axick.php
/fg3rg.php
/fy02i9.php
/g34gc.php
/gf3rg.php
/lkcvjw.php
/gravitels.php
/k1wig8.php
/kgqbsf.php
/kjzge.php
/mm0tb8.php
/mvairs.php
/7aops3.php
/x9tity.php
/qbqkew.php
/fsq48c.php
/NlGkb4ivk.php
/noagate.php
/ph4xUMChrXId6.php
/qDqNRqo3hREb.php
/pi77oi.php
/qgg43g.php
/rqh3h51.php
/s2dhfwe.php
/sa223if3g4f23.php
/sa2234332324if3g4f23.php
/tjxxhk.php
/tM0LVE.php
/ucgcdq.php
/wp-smarts.php
/zgwykq.php
/zgzy5j.php
/ZldfWxRC.php
/ajt1eg4fh
/bag4hy
/deg34g
/f2f23
