# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/

madh0use8.no-ip.org

# Reference: https://www.virustotal.com/en/domain/vajityu.club/information/

vajityu.club

# Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx

aepahphahv.co.vu
aisohcaehi.co.vu
anothertembr\.(cf|ga|gq|ml)
chughaiquu.co.vu
eewujoopai.co.vu
faeceedaba.co.vu
iewohpotae.co.vu
kladara.ml
meicashala.co.vu
rooniebohl.co.vu
sheibohchu.co.vu
sootateiso.co.vu
xooseishoh.co.vu

# Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/

facetwop.ru
rulething.ru
montirose.com

# Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100

server2.bjdnxbgp3.ru
bogerando.ru

# Misc (incidents)

devomchart.com
getmyhouse.net
gimail.com
ginbig.com
moksaduqqovlof.net
observatorystarsoh.net
runningwayforsun.net
locatedforporternok.net
addressbooklocater.net
alarg53.ddns.net
kiliposturgy22.no-ip.biz
beatyourmeatwhileweeat.com
qibrasob.ru
zibravopl.ru
forgiveme.workisboring.com
kyelines.ddns.net
nethunter.duckdns.org
[0-9]{1}juni103\.no-ip\.biz$
75ulqnwb.ru
i7gd9ultgx.ru
v99ay4wuo.ru
gd14hp0u6x.ru
qsqjeuno53.ru
aplikacii.com
dac.911domain.com
dd.911domain.com
pirata-88.zapto.org
rp.911domain.com

# Reference: https://www.virustotal.com/en/file/6c18145ff39653968002e268066144ccabc61a6da4373a6bc0db9494374c484b/analysis/

nerujeo.zapto.org
nerujeo.no-ip.org

# Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/

lightsmokesky.net
segateslondo.ru
devomchart.com
lemotgraph.com
wittersphere.net
monitmock.su
monitnear.ru
zapoio.com
napalmstories.su
jabberstorm.su
photohubchart.com
thoughtdog.net

# Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/

wanmeishua.com

# Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl

alsblueshelpt.nl

# Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/
# Reference: https://cymon.io/46.166.165.114

46.166.165.114
committeedub.com
09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link
cekmakasabasa.com
0oers58juxhcm7e.aze.link
yadakbloghesaplar.link
aze.link
fsafakfskane.net
cclamarablog.xyz
cutecatworldhappy.website

# Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/
# Reference: https://cymon.io/181.174.164.3

181.174.164.3
adobeflashplayernew.com
adobeflashplayernew.org
adobeplayerdownload.com
adobeuploadplayer.com
adobeflashplaayer.com
flashplayeerupdate.com
adobeupdateplayer.com
adobeupdateplayeer.com
adobeupdateflash11.com
update-flash-player.org
adobeflashupdate.org
updateflashplayer11.com
alarkamaravaas.pw
lin.kim
cutecatworldhappy.website
abaza.ninja
shoppet.net
aze.link
q0a2wqepvhz8ame.aze.link
samaravablog.pw
weightloss-secrets-revealed.net
gomen.ninja

# Reference: https://www.snort.org/rule_docs/1-30285

palauone.com

# Reference: https://marc.info/?l=emerging-sigs&m=135207116130028

whatandwhyeh.com
manymanyd.com
traindiscover.com

# Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617

bktwenty.com
adbullion.com
sleeveblouse.com

# Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951

meherdelam.com
fordulak.com
germerand.com

# Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/

meherdelam.com
royalbankofcanadahelp.com
dns8.ffv3.ru
dns9.ffv3.ru
royalbankservicescheck.com

# Reference: http://www.urlvoid.com/scan/recenthosts.ru/

recenthosts.ru

# Reference: https://www.siteadvisor.com/sites/intelcorpsg.com

intelcorpsg.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx

cyber7.bit

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx

fionades.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx

cgi.dubkill.com

# Reference: https://www.virustotal.com/en/file/bb7238944240e9eeee1371e1970cbd5d7697180b0ba1436ef7e62da3d97438db/analysis/

srv5020.net
srv5010.net

# Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120

fina.online

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

blooping.ovh.net
salako.net

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

ns7.hadara.ps

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

himynameisnoah.su
ichockealotkrug.com
idontlikeitwhenyoudoit.ru
iliketopunchnoah.com
justreggitifyouknowit.ru
karnevallizdageil.com
merhabaslm.su
wheniseeyourdedows.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

joaosgk03.sytes.net
spectrun2008.no-ip.org

# Reference: https://twitter.com/ps66uk/status/1037866649435729921

widewiderangers.fun

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section)

http://122.14.210.142
http://141.8.225.75
http://198.46.86.224
http://43.230.143.219
americasculturalstudies.net
danhbaviet.com
kegodanang.com
sevbizleadservices.com
siyaghasourccing.com
vhecha.com
www970234.com

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0)

amniyatgostariranian.ir

# Reference: # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0)

codelux2017.ddns.net
ducklife.ddns.net
homersides.duckdns.org
skypeprocesshost.ddns.com.br
wandersongay.ddns.net

# Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html

2bunny.com

# Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/

vv338.com

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

laserjetpro.com

# Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680

manapowermta.us

# Reference: https://twitter.com/jonaha92/status/1045344161690505217

11m.online

# Reference: https://twitter.com/blu3_team/status/1046054098884349953

images.laofamilymerce.com

# Reference: https://twitter.com/blu3_team/status/1037854618477383681

tub.gotomental.com
/bin/page/hpsrv.tmp

# Reference: https://twitter.com/blu3_team/status/1033356637543825408

nhatbao.chatpacific.com

# Reference: https://twitter.com/blu3_team/status/1030263686001246210

v2.buydiamond.hk

# Reference: https://twitter.com/blu3_team/status/993121509643378688

fb-dn.net/disrt/
ap12.ms-update-server.net

# Reference: https://twitter.com/blu3_team/status/988204223975305218

kmbk8.hicp.net

# Reference: https://twitter.com/blu3_team/status/981659638776115200

unnews.freetcp.com

# Reference: https://twitter.com/blu3_team/status/971351907095711745

baoin.baotintu.com:8001

# Reference: https://twitter.com/blu3_team/status/968588888867393536

news.voteandreahorwath.com
/polar-beer/election2018/info.html

# Reference: https://twitter.com/blu3_team/status/964324749106130944

zero-emissioncar.org

# Reference: https://twitter.com/blu3_team/status/958573054052978688

weather.gbaycruise.com

# Reference: https://twitter.com/blu3_team/status/956144807554043906

teredo-update.com

# Reference: https://twitter.com/blu3_team/status/951759637816205312

chrome.softupdate.xyz

# Reference: https://twitter.com/blu3_team/status/951658055858622464

mktnplace.com:81

# Reference: https://twitter.com/blu3_team/status/951647866531057665

nubpubwizard.jetos.com
worktrs.wikaba.com

# Reference: https://twitter.com/blu3_team/status/950126294137819136

thestar.live

# Reference: https://twitter.com/blu3_team/status/950124083332689920

newmysticvision.com

# Reference: https://twitter.com/FewAtoms/status/1045358651307962369

lse-my.asia

# Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376

firefox-addons.com

# Reference: https://twitter.com/James_inthe_box/status/1046844087469391872

kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz

# Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648

docs.herobo.com/in/
docs.herobo.com/mr/

# Reference: https://twitter.com/FewAtoms/status/1047533778665660425

americanxdrive.gq

# Reference: https://twitter.com/FewAtoms/status/1047514168105082881

uchservers.ga

# Reference: https://twitter.com/virqdroid/status/1047419271662505985

bibonado.com

# Reference: https://pastebin.com/AasLyArF

monochromestr.site
motiondev.com.br
studio2321.com

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

alangudiagroindia.com

# Reference: https://twitter.com/dvk01uk/status/1047797297835397121

tokovio.com
/kfjvbdrlq

# Reference: https://twitter.com/ScumBots/status/1035348180903321601

23ace.site

# Reference: https://twitter.com/avman1995/status/1047354322974064640

yoacafpshlcz.de

# Reference: https://twitter.com/Dashowl/status/1047924040026001409

noipppl-online.com

# Reference: https://twitter.com/James_inthe_box/status/1047907038582304768

alsafeeradvt.com/m/

# Reference: https://twitter.com/nullcookies/status/1048030992320143360

h2hphotography.com

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

faktura24.ml
przelewy24.tk

# Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888
# Reference: https://pastebin.com/raw/fLf15eVp

1drivemail.ml
aghightile.ml
atlasglb.tk
bengusi.ga
britwind.tk
capt.ga
cmfgen.cf
cpseeds.ml
dajjuooltd.ga
foodpro.cf
generationgrowth.ml
illumin8blinds.ml
inmailadmin\.(cf|ga|gq|ml|tk)$
italamp.tk
itc-co.cf
kooshkan.ml
kwangshin-co.tk
nsewyainc.ml
onedrivemail\.(cf|ga|gq|ml|tk)$
onmailadmin\.(cf|ga|gq|ml|tk)$
potoflogz.tk
premiumchemical.ga
pseaways.tk
pvtechuae.cf
rathot.ml
ritter.gq
rivonka.ga
royalgroup.ga
safetexgroup.tk
salturchltd.ga
sebbeninternational.ml
sense-eng.ml
sercer.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
utehaltd.tk
veritasoverseas.ga
vip163.cf
yuan-fa.tk

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0)

q0fpkblizxfe1l.com

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Win.Malware.Razy-6703914-0)

extreme33.dns1.us
mdformo.ddns.net
mdformo1.ddns.net

# Reference: https://twitter.com/ViriBack/status/950478648150282240

0m0.in

# Reference: https://twitter.com/FewAtoms/status/1048982479783309314

capt.ga
italamp.tk
nsewyainc.ml
sense-eng.ml
sercer.tk

# Reference: https://twitter.com/FewAtoms/status/1048978792931368960

britwind.tk
dajjuooltd.ga
illumin8blinds.ml
kooshkan.ml
potoflogz.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
veritasoverseas.ga
vip163.cf

# Reference: https://twitter.com/James_inthe_box/status/1049445992808890369

viswavsp.com/newworld/

# Reference: https://twitter.com/malware_traffic/status/1049407739619880961

23.249.161.109/extrum/

# Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264

readyteam.org

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

guarana.pw
marryjane.club
names34.top
safi.co.za

# Reference: https://twitter.com/nullcookies/status/1050907886392623104

dirajrakhbhae.com

# Reference: https://twitter.com/FewAtoms/status/1050457033810558976

akznqw.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448

wemusthammer.com

# Reference: https://twitter.com/FewAtoms/status/1051099620020035585

msmapparelsourcing.com/directory/
msmapparelsourcing.com/wp-admin/users/

# Reference: https://twitter.com/nullcookies/status/1051321548634804226 

ghrelokamkaj.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560

globamachines.com

# Reference: https://twitter.com/FewAtoms/status/1050802529498525697

plus1interactive.com/bots/

# Reference: https://twitter.com/James_inthe_box/status/1050762064665309185

my.mixtape.moe

# Reference: https://twitter.com/olihough86/status/1050722705740304384

www.wheelnet.ca

# Reference: https://twitter.com/ximo2006/status/1050331166597758976

93.174.93.149:21

# Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service

hard-grooves.com
hellonwheelsthemovie.com
miamirecyclecenters.com

# Reference: https://twitter.com/nullcookies/status/1051244629704740865

daduhinnawmaz.com

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

datingittlive.info

# Reference: https://twitter.com/nullcookies/status/1030243288677277696

mayorel.website

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

osdsoft.com

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

faktura24.cf
przelewy24.ml

# Reference: https://twitter.com/MaelSecurity/status/1051900926078922753

adobe-reader.site

# Reference: https://twitter.com/avman1995/status/1052023584187719680

elektroklinika.pl/wp-content/languages/plugins/includes/

# Reference: https://twitter.com/ulexec/status/1051959861964169217

alprazolam.rip

# Reference: https://twitter.com/nullcookies/status/1052339217056129026

grafmx.com

# Reference: https://twitter.com/olihough86/status/1052607058883870720

yootbe.org

# Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329

holisticxox.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

cuezo.tk

# Reference: https://twitter.com/avman1995/status/1052879462449274880

ondasolution.ga

# Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382
# Reference: https://pastebin.com/raw/v7XN8dZS

alfredbusinessltd.flu.cc
citytrading.usa.cc

# Reference: https://twitter.com/FewAtoms/status/1053365757197860864

hnmseminar.aamraresources.com/dotcom/

# Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360

loggerz.xyz

# Reference: https://twitter.com/ViriBack/status/971430374919122944

acctspayable.com

# Reference: https://twitter.com/executemalware/status/999034066258284545

theipgenerators.com

# Reference: https://twitter.com/malware_traffic/status/1053494383708844032
# Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html

2019bracket.com
2069brackets.com
activenavy.com
adomesticworld.com
allpurplehandling.com
anilmoni.com
answermanagementgroup.com
antinomics.com
bluestarpaymentsolutions.com
boobfanclub.com
borderlands3.com
brickell100.com
bubsware.com
cactopelli.com
careercoachingbusiness.com
cclawsuit.com
cgunited.com
crosspeenpress.com
crystalhotel.com
dehionsgbes.com
dmknott.com
docswitch.com
expertsjourney.com
farminginthefloodplain.com
geziyurdu.com
gloria-glowfish.com
gnosmij.com
gokceozagar.com
greatwp.com
ieltsonlinetest.com
indiangirlsnude.com
indicasativas.com
inmotionframework.com
internationalboardingandpetservicesassociation.com
intimateimagery.com
iptechnologysolutions.com
iscanhome.com

# Reference: https://twitter.com/ps66uk/status/1053632722667794433

dWUJncxxb.sh-master02.com
qixjd277g3621166.impressoxpz97367.com

# Reference: https://twitter.com/DissectMalware/status/1042276512886599680

exxxwrtw1111111.kloudghtlp.com

# Reference: https://twitter.com/ni_fi_70/status/1053207719291879424

84.38.130.139/pk/office/

# Reference: https://twitter.com/xxdesmus/status/1053440011289280512

123.249.71.250:666
89.34.237.210/ikahedbts/

# Reference: https://twitter.com/nullcookies/status/1054185582467993600

daxiu678.com
lianyebo1.com

# Reference: https://twitter.com/FewAtoms/status/1054419759511547904

guideofgeorgia.org/doc/

# Reference: https://twitter.com/FewAtoms/status/1054762247405424642

nabato.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

davidharvill.org
hotkine.com
informanetwork.com
invasivespecies.us
lookper.eu
maleass.eu
schwerdt.org

# Reference: https://twitter.com/KorbenD_Intel/status/1054857588695683072

6cameronr.ga

# Reference: https://twitter.com/FewAtoms/status/1055149939456688133

linetrepanier.com/wp-data/

# Reference: https://twitter.com/avman1995/status/1055360237484552192

ponti-int.com/a/

# Reference: https://twitter.com/yvesago/status/1055362284569145344

84.38.130.139/pk/office/

# Reference: https://twitter.com/FewAtoms/status/1055477161577115648

192.3.162.102/out/

# Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network
# Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6

officesales2.com

# Reference: https://blog.en.elevenpaths.com/2019/01/chrome-extension-card-cybersecurity.html

fbsgang.info

# Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/

google-analytics.cm
gooqletagmanager.com

# Reference: https://ti.360.net/blog/articles/upgrades-in-winrar-exploit-with-social-engineering-and-encryption/

manage-shope.com
local-update.com
conloap.linkin.tw

# Reference: https://twitter.com/blu3_team/status/1053669632438099970
# Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802

pus.inter.cloudns.cc

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

bite-me.wz.cz
jma-go.jp
mountainhigh.at
racemodel.at
thunderbolt-price.com
sungmap.at

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/

chadikaysora.com
lt99.ddns.net
http://35.227.52.26

# Reference: https://twitter.com/ScumBots/status/1094811119154356224

gxbjugb.xyz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Autoit-6877140-0)
# Reference: https://www.virustotal.com/#/file/028914f9d3455b44d9186d218874047530a367cb1d20cbc7d9b047a42faf1774/detection

kuangdl.com

# Reference: https://www.virustotal.com/#/url/0d8185a9bf6eb842a7e07758882d86a33f090d7572efd61d1b296382c2af4a7a/detection

j0mla.sytes.net

# Reference: https://news.drweb.com/show/?i=12955&c=23&lng=en&p=0
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/Trojan.Click3.27430
# Reference: https://app.any.run/tasks/0a0be637-4950-4727-bfaa-8eaa05563262

barmash.ru
dnsip.ru
dns-free.com

# Reference: https://twitter.com/ScumBots/status/1105495431864303616

flowerstick.net

# Reference: https://www.hybrid-analysis.com/string-search/results/dadfd0d8b49c6852e76468b76d381248d8db9f18250b303ead54986bca8dd98f
# Note: used by many different malware strains (ipinfo service used exclusively by malware)

codeluxsoftware.com

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html

mokoaehaeihgiaheih.ru

# Reference: https://twitter.com/James_inthe_box/status/1106551689132138497

llkty.gq

# Reference: https://twitter.com/James_inthe_box/status/1105124840501989378

dsmbil.ml

# Reference: https://www.virustotal.com/#/domain/cloudnetwork.kz
# Reference: https://twitter.com/James_inthe_box/status/1101548458090016768

cloudnetwork.kz

# Reference: https://twitter.com/bad_packets/status/1104313051166068737

methaddict.xyz

# Reference: https://twitter.com/bad_packets/status/1090885643197009920

bulehero.in

# Reference: https://twitter.com/VK_Intel/status/1044631042454249473

mintsbox.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1107662516824535041

xqzuua1594.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1107932063209017344

/gr.mpwq

# Reference: https://twitter.com/James_inthe_box/status/1107977083123204102

brokenway.cf

# Reference: https://twitter.com/James_inthe_box/status/1108085222317289473

goldchainsblue.com
validcc.ch

# Reference: https://twitter.com/ActorExpose/status/1108113213164523521

vocational-age.000webhostapp.com

# Reference: https://twitter.com/dvk01uk/status/1108204451309981697

alta-brasiil.com

# Reference: https://twitter.com/dvk01uk/status/1106429454736388096

fast4elev.gq

# Reference: https://twitter.com/dvk01uk/status/1105718483118108672

remenelectricals.com

# Reference: https://twitter.com/dvk01uk/status/1105736132908720128

morningfresh.ga

# Reference: https://twitter.com/dvk01uk/status/1105819049831862278

chemisoli.com

# Reference: https://twitter.com/dvk01uk/status/1105437702999166976

goodlord.cf

# Reference: https://twitter.com/dvk01uk/status/1103507380892061696

evaglobal.eu

# Reference: https://twitter.com/dvk01uk/status/1103259569013305344

mamaknowyourname.gq

# Reference: https://twitter.com/dvk01uk/status/1103257149508075520

modexcommunications.eu

# Reference: https://twitter.com/dvk01uk/status/1102820682713522176

ruga.africa

# Reference: https://twitter.com/dvk01uk/status/1099697529409671168

maheshshukla.com

# Reference: https://twitter.com/dvk01uk/status/1098244837374070786

findouttheway.gq

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

etruht.ml

# Reference: https://twitter.com/dvk01uk/status/1093734309947719680

etruht.ga

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

tanerm.ug

# Reference: https://twitter.com/dvk01uk/status/1096445096306921472

xvirginieyylj.city

# Reference: https://twitter.com/dvk01uk/status/1095633303758127104

joshdghd.cf

# Reference: https://twitter.com/dvk01uk/status/1094924981971107840

geepaulcast.com

# Reference: https://twitter.com/dvk01uk/status/1092780337434947584

lightmusic.cocomet-china.com

# Reference: https://twitter.com/dvk01uk/status/1092685964743503872

imtooltest.com

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

sulphurrnills.com

# Reference: https://twitter.com/dvk01uk/status/1088391308849434629

pornhouse.mobi

# Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf

bhrserviceaps.dk

# Reference: https://twitter.com/pollo290987/status/1108393592605863940

brothersjoy.nl

# Reference: https://twitter.com/fletchsec/status/1108144401530978304

86818.prohoster.biz

# Reference: https://twitter.com/killamjr/status/1108455343816916992

quiltyfabricsorders.xyz

# Reference: https://www.virustotal.com/gui/domain/fid.hognoob.se/details
# Reference: MT heuristic (direct exe download)

fid.hognoob.se

# Reference: https://twitter.com/nao_sec/status/1108388558539087873

todaymale.xyz
dogfunnyviedeos.xyz

# Reference: https://twitter.com/JayTHL/status/1108402913938935808

mansoura.co
root-mrx.tk

# Reference: https://twitter.com/Racco42/status/1107351502878842880

angel-aristizabal.com.co

# Reference: https://twitter.com/Racco42/status/1106547527334154240

thinknik.ca

# Reference: https://twitter.com/Racco42/status/1106225615705948167

ministere-elshaddai.org

# Reference: https://twitter.com/Racco42/status/1106201029127880704

tiemokodoumbia.com

# Reference: https://twitter.com/Racco42/status/1105504898525917184

mincare.vn
sharegroup.info

# Reference: https://twitter.com/Racco42/status/1102896181011795969

wearewhatwesay.com

# Reference: https://twitter.com/Racco42/status/1102869794502705152

fm.radio.googlemenow.org

# Reference: https://twitter.com/Racco42/status/1102590512228388866

handbuiltapps.com
luxdecor.co.il

# Reference: https://twitter.com/Racco42/status/1101142170663354370

loh-tech.com

# Reference: https://twitter.com/Racco42/status/1100855213668421632

oppws.cn
skity.hk

# Reference: https://twitter.com/Racco42/status/1100733716995944448

aviatorssm.bit

# Reference: https://twitter.com/Racco42/status/1098979285443006465

burcutekstil.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1108668614742368261

mkatarina7094maybelle.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1108683102187110400
# Reference: https://app.any.run/tasks/7d5fcd3a-9d57-45f4-8616-f867ee76f765

nuovilod.icu
wwikrrtt.info

# Reference: https://twitter.com/malwrhunterteam/status/1108689191326625794

bigassbabyart.com

# Reference: https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/

gxxservice.com
infestexe.com
xigncodeservice.com

# Reference: https://twitter.com/anyrun_app/status/1108695731530055680
# Reference: https://app.any.run/tasks/f9c9b7ed-ac6b-454f-86c6-8bbc7c3b8d1f

n48lxj5097.email
wyideegb.city

# Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168

brandin.nu
servicemanager.icu

# Reference: https://twitter.com/luc4m/status/1103952276132192256

splitbiin.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1100698122563567616

mi88karine.company

# Reference: https://twitter.com/avman1995/status/1094181713121558529

fpetraardella.band

# Reference: https://twitter.com/benkow_/status/1088009157733683200

uni-full.com

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

tollzwork.ru

# Reference: https://twitter.com/CryptoInsane/status/1074048007912464389

ooxxzzvv.com

# Reference: https://twitter.com/Racco42/status/1067027684906151936

pdf\-compare\.(site|space)

# Reference: https://twitter.com/anyrun_app/status/1060858198599577601

checksolutions.pw
officemysuppbox.com

# Reference: https://twitter.com/benkow_/status/1057977911607783425

osxmacservice.com

# Reference: https://twitter.com/Racco42/status/1040144285453180928

emailerservo.science

# Reference: https://twitter.com/James_inthe_box/status/1108727176038236166

fnutdue.ru

# Reference: https://twitter.com/dvk01uk/status/1108706531636326400

lovliygtyu.ml

# Reference: https://twitter.com/dvk01uk/status/1108745052686307328

hytexxi.xyz

# Reference: https://twitter.com/pollo290987/status/1108755025604591622

tarhona-libya.com

# Reference: https://twitter.com/Jan0fficial/status/988318117532176384

mlhxyz.ml

# Reference: https://twitter.com/fumik0_/status/973504037999075329

win-dows.net

# Reference: https://twitter.com/dvk01uk/status/1109045863664533504

zentacher3.ga

# Reference: https://twitter.com/JaromirHorejsi/status/793071347215790080

pomf.cat

# Reference: https://twitter.com/JAMESWT_MHT/status/1109085932949590018

u1a2zlzeuya.company

# Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480

nitb.pk-gov.org

# Reference: https://app.any.run/tasks/7dff8b86-1cff-4d38-9264-aa5a217eca0e

interruption.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1109089319871004673

r414525xw.band

# Reference: https://app.any.run/tasks/b853927b-ff78-4744-81db-789e8592bda2

realdealhouse.eu

# Reference: https://twitter.com/casual_malware/status/1107101098714656768

elec-tb.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1106579701290672129

abhicoupon.com

# Reference: https://twitter.com/JaromirHorejsi/status/1105806463468036096

awdmiami.com

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

freedomate.ga

# Reference: https://twitter.com/ViriBack/status/1093994913249853440

cocomet-china.com
naceco.com
qai-abb.com

# Reference: https://twitter.com/nullcookies/status/1029173962595598336

appgosecurity.com

# Reference: https://twitter.com/FewAtoms/status/1109119034082103298

shannai.us

# Reference: https://twitter.com/James_inthe_box/status/1109120289604931584

zjnewdan.us

# Reference: https://twitter.com/ClearskySec/status/1001833343581900800

stcinet.com
stcnet.ddns.net

# Reference: https://twitter.com/guelfoweb/status/1109103783571795970

mit-gov-it.icu

# Reference: https://twitter.com/Racco42/status/1109591919561187330

alph.staroundi.com

# Reference: https://twitter.com/FewAtoms/status/1109773299985379329

ruih.co.uk

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

oteam.io

# Reference: https://twitter.com/James_inthe_box/status/1079727395161104384

amsi.co.za

# Reference: https://twitter.com/James_inthe_box/status/1109832439700971520
# Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e

a-7763.com
davidich.life
domekan.ru
doshimotai.ru
kifge43.ru
/MatherFuckerAv.dll

# Reference: https://www.hybrid-analysis.com/sample/b0b9beba8089d5ff30d11703648b1bc2083bac677da4cdd3a9ef007dd62282b4?environmentId=100

soplifan.ru

# Reference: https://app.any.run/tasks/8b133ab1-aed9-4e75-9a91-42a9274c18b9

s11.ohbabycani.su
s1.letsplay.su
s16.letsplay.su
s23.letsplay.su
s4.ohbabycani.su
s20.ohbabycani.su

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

gmltdprocrop.com

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

mulenrooj.adygeya.su

# Reference: https://twitter.com/avman1995/status/1090972632261029891

monstercartune.club

# Reference: https://twitter.com/dms1899/status/1070382435148447745

ph0en1x.tk

# Reference: https://twitter.com/ViriBack/status/1069965350442283009
# Reference: https://pastebin.com/PTkLE0se

bingobongo.space
finik18topw.cc
gafigaf.in
jelouslaodnn.org

# Reference: https://twitter.com/avman1995/status/1035723902612324352

botsphere.biz

# Reference: https://twitter.com/Racco42/status/1110098645263810561

bzios.info

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-10-22: Ukrainian telcos fake domains on servers with Metasploit and Cobalt Strike)

24tv.agency
2mdns.org
a-msedge.org
ads1-msn.com
ads1-msn.net
akadns-ms.net
api-p001-1drv.com
apostrophe-news.biz
appex-bing.net
appex-bing.org
bigmir.email
blob-weather.com
cdn-onenote.net
censornews.org
client-googledns.com
cnn-metanews.biz
compatexchange-cloudapp.com
corpext-datamart.net
delometaua.biz
diagnostics-support-microsoft.net
diagnostics-support.com
dns-msftncsi.com
eizvestia-news.org
espreso.today
feedback-google.net
feedback-google.org
feedback-windows.com
feedback-windows.org
foxnewsmeta.biz
fwdcdn.org
gateway-telemetry.net
gateway-telemetry.org
gazetaua-news.org
gismeteo.city
img-s-msn-com-akamaized.net
interfax-globalnews.com
ipv4-microsoft.net
ipv4-microsoft.org
ipv6-google.net
ipv6-google.org
ipv6-microsoft.org
kyivstar-ip.com
ls2web-redmond-corp.com
microsoft-com-nsatc.org
microsoft-metaservices.com
microsoft-nsatc.org
ms-akadns.com
ms-akadns.org
news-liga.net
newska-uanews.biz
nod-update.org
ns0-ukrpack.net
ns0-volia.net
ns1-datagroup.com
ns1-datagroup.org
ns1-volia.net
ns2-datagroup.com
ns2-datagroup.org
ns2-ukrtel.com
ns3-datagroup.org
ns4-datagroup.org
obozrevatel-news.com
officeclient-microsoft.com
paypal-com1.com
paypal-com2.com
pppoe-infocom.com
pppoe-kyivstar.com
pppoe-ukrtel.com
preview-msn.org
redir-metaservices.com
redir-metaservices.org
reports-telemetry-microsoft.com
rian-ua.org
sandbox-cloudapp.com
sandbox-cloudapp.org
search-msn.net
search-msn.org
secure-telemetry.net
secure-telemetry.org
securenod32.com
segodnya-news.org
services-glbdns2.com
services-glbdns2.org
services-google.org
serving-sys-windows.net
serving-windows.net
social-msn.net
social-msn.org
ssw-live.org
statototalitario.com
support-cloudapp.net
support-microsoft.biz
survey-microsoft.net
telecommand-microsoft.net
telecommand-microsoft.org
telegraf-news.biz
telemetry-akadns.org
uatimes-meta.biz
ubr-news.org
ui-skype.net
ukrfreshnews.com
unian-search.com
urs-microsoft.net
watson-microsoft.org
win-msecnd.com
win-msecnd.org
win10-telemetry.net

# Reference: https://twitter.com/James_inthe_box/status/1056920457218125826

mypanell.online

# Reference: https://twitter.com/Racco42/status/1029986121286074369

atcproje.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1110147918995091457
# Reference: https://app.any.run/tasks/8e80d6b5-507a-40ab-98bd-2dfd73d313ab

klub046.co

# Reference: https://twitter.com/Racco42/status/1110160140962066432

zaczvk.pl

# Reference: https://twitter.com/Racco42/status/1110170198005436417
# Reference: https://app.any.run/tasks/30775d98-c3a7-4de0-b4e1-5ae6db7fece9

space.bajamelide.ch

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

zabenkot.top

# Reference: https://twitter.com/angel11VR/status/1109075153114279936
# Reference: https://app.any.run/tasks/37b99bb8-a81b-4298-bc78-b19ecc0adb0f

185.25.50.168:4444

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

89.105.202.62:1080

# Reference: https://twitter.com/James_inthe_box/status/1110196027338817538

erimbil.ml

# Reference: https://twitter.com/ScumBots/status/1110265736029712384

safetimes.biz

# Reference: https://twitter.com/ScumBots/status/1110265564428226565

wite.biz

# Reference: https://twitter.com/ScumBots/status/1110265483264167939

s3rpfish.biz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Autoit-6897734-0)

charlesprofile.website

# Reference: https://twitter.com/Racco42/status/1110450502087725057

kozol.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1110470611137114112

fubuy60w.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1110533916279128071

24forejungl.site

# Reference: https://twitter.com/James_inthe_box/status/1110563590950445056

lattempted.pw

# Reference: https://twitter.com/James_inthe_box/status/1110560151977623552

conamylups.com

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/avman1995/status/951077991966064640

itgpll.com

# Reference: https://twitter.com/ViriBack/status/950469147976257536

m3ss4g3rtesla.com

# Reference: https://twitter.com/ViriBack/status/950354442917990400

dominica2.com

# Reference: https://twitter.com/cocaman/status/909339498445705216

iemnnyanmar.com

# Reference: https://twitter.com/58_158_177_102/status/1110814561500708864

onbraker.com
podertan.com

# Reference: https://twitter.com/Racco42/status/1110844776075706368

zolik.info

# Reference: https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/

favoritfile.in
kyrkymalol.000webhostapp.com

# Reference: https://twitter.com/ClearskySec/status/1110941180106366976

/D2_de2o@sp0/

# Reference: https://twitter.com/ClearskySec/status/1062026777604820994

disw.top
jobk.info
ktis.club
kotb.top
lupx.info

# Reference: https://twitter.com/Racco42/status/1111189949712420864

armasglass.com

# Reference: https://twitter.com/dvk01uk/status/1111218416227102720

babamaturu.cf

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1111223066137448449

bambamdumer.ml
kodjdsjsdjf.tk
lookatmenaaaa.tk

# Reference: https://twitter.com/ps66uk/status/1111309717664604162

poperjffd.gq
zentacher.cf

# Reference: https://otx.alienvault.com/pulse/5c9d13987ec3ed127b3175a5

crypt24.in
clean.crypt24.in
zani.streghettaincucina.com
midgnighcrypt.com
yinhbygrm.com
4uland.com
favoritfile.in
img.martatovaglieri.com

# Reference: https://twitter.com/James_inthe_box/status/1111371723092299776

edjsqvg.ua

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/ViriBack/status/1111440848787402752

evih.scamfreeweb.com

# Reference: https://twitter.com/JayTHL/status/1111497469937045504

brynn.ink

# Reference: https://twitter.com/DissectMalware/status/1111511953061621760

onbraker.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623245965545473

justpony.xyz
warezpony.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623824695611392

myloki.icu

# Reference: https://twitter.com/ViriBack/status/1111646690233192449

pamthasion.pw

# Reference: https://twitter.com/Racco42/status/1111651759276072961

zerio.info

# Reference: https://twitter.com/James_inthe_box/status/1111666754604789760

recordsforsmssent.xyz

# Reference: https://twitter.com/ViriBack/status/1067995331810549760

oceanicproducts.eu
jesseworld.eu
modexdeals.xyz
modecloudserver.eu

# Reference: https://twitter.com/ekamioka/status/1111658931624001540

edzz.la
nanowopsite.club

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-16: New Order PO)

/buchi/i/fred.php

# Reference: https://twitter.com/ViriBack/status/971430374919122944

carolp1.xyz

# Reference: https://twitter.com/malware_traffic/status/1111049259305046016

ultimateyahoo.top

# Reference: https://twitter.com/jfslowik/status/1112010565742788609

download-updates-comp.com
get-updates-ms.com

# Reference: https://twitter.com/benkow_/status/1112046921303113729

gcleaner.info

# Reference: https://twitter.com/VK_Intel/status/1112225078010437633

ref345.icu

# Reference: https://twitter.com/ps66uk/status/1112172657729044480

00399a4.netsolhost.com

# Reference: https://twitter.com/Racco42/status/1112623595459612673

zesis.info

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

not-my-guilty.com
onlinedattingforlife.info
russkistandart.info

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

datingforllives.info

# Reference: https://twitter.com/malwrhunterteam/status/1112969094322683904

danhuaile.net

# Reference: https://twitter.com/packet_Wire/status/1112802915650027520

ordernow.cf

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
rivier.at

# Reference: https://twitter.com/KorbenD_Intel/status/1113151983030943744

vilamax.home.pl
# Reference: https://twitter.com/James_inthe_box/status/1113114356714168321

bluewales.ml
worldatdoor.in

# Reference: https://twitter.com/albertzsigovits/status/1113096573284728839

powellpablooo.myjino.ru
fnsss77.ru
darbl.icu

# Reference: https://twitter.com/illegalFawn/status/1113336529433374721

4fallingstar.info
esurf.info
childrensliving.com

# Reference: https://twitter.com/malware_traffic/status/1113586907655680001

tytalrecoverysolutions.com
zakromanoff.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113747351405985792

bobbobb1z.com

# Reference: https://twitter.com/dvk01uk/status/1094130931596701696

liqurestore.cf

# Reference: https://twitter.com/benkow_/status/1090564148184924160

dfgdfgghjghfshfgh.ru

# Reference: https://twitter.com/JayTHL/status/1036810959644438528

dvpont.com
itwsaelants.com
kmnnl.com
tekinkgroup.com

# Reference: https://twitter.com/James_inthe_box/status/1113888371204472832

smart.cloudnetwork.kz
nicru.supermicrotransapi.ru
mel.cloudcontentsmak.com
js.securetopdevelopment.kz
secure.jsc0nten1maker.com
secure.jscontentmaker.kz
tel.jsapisettings.kz

# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
top.sineadholly.com

# Reference: https://twitter.com/K_N1kolenko/status/1113818032248430593

waorveled.com
hegutceper.ru
dintroprula.ru

# Reference: https://twitter.com/takerk734/status/1113851637292920832

artdefensive.com
tracpadsforgame.info

# Reference: https://twitter.com/takerk734/status/1113852021579206658

ceaningthe.com
hosttrade.ru
letsdoitquick.site

# Reference: https://twitter.com/p5yb34m/status/1111707577685991424

givemejs.cc

# Reference: https://twitter.com/Racco42/status/1114080917402861568

pasios.info

# Reference: https://www.bromium.com/mapping-malware-distribution-network/
# Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58

l-jaxx.com
monkeyinferno.net

# Reference: https://twitter.com/smica83/status/1114099330628096000

echuhnova.digital

# Reference: https://twitter.com/smica83/status/1114101564648689664

daidaowu.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1114103736731951104

vip-163.cc

# Reference: https://twitter.com/Bank_Security/status/1114122727080771585

g53lois51bruce.company

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

11totalzaelooop11.club

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Autoit-6919193-0)

jfnutts.com
jamesxx.dynu.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Vobfus-6919817-0)

backdates[0-9]{1,2}\.(com|net)

# Reference: https://twitter.com/x42x5a/status/1114468129327984640

westeast.world

# Reference: https://imgur.com/a/8mFGk
# Reference: https://otx.alienvault.com/pulse/5a49115f93199b171b90a212

conectionapis.com

# Reference: https://twitter.com/nullcookies/status/1115006946216747008

lolkek.club

# Reference: https://twitter.com/James_inthe_box/status/1114879968452829187

http://141.105.68.131/api/register.php

# Reference: https://twitter.com/JayTHL/status/1115077956781715456
# Reference: https://pastebin.com/raw/HggkKKVu

awazpeople25.com.pl
awazpeople25.net.pl
awazpeople25.pl
awazpeople25.waw.pl
e-helpingcenterxg.pl
egalleryimagesas.pl
ehelpingcentervh.pl
estoremkg.pl
everificationaccountls.pl
galleryimagesas.com.pl
galleryimagesas.net.pl
galleryimagesas.pl
galleryimagesas.waw.pl
helpingcentervh.com.pl
helpingcentervh.net.pl
helpingcentervh.pl
helpingcentervh.waw.pl
helpingcenterxg.com.pl
helpingcenterxg.net.pl
helpingcenterxg.pl
helpingcenterxg.waw.pl
hypemediahdy.com.pl
hypemediahdy.net.pl
hypemediahdy.pl
hypemediahdy.waw.pl
i-awazpeople25.pl
i-mzenjdfu.pl
ihypemediahdy.pl
make-upvalleyusastoread.pl
mzenjdfu.com.pl
mzenjdfu.pl
mzenjdfu.waw.pl
storemkg.com.pl
storemkg.net.pl
storemkg.pl
storemkg.waw.pl
verificationaccountls.com.pl
verificationaccountls.net.pl
verificationaccountls.pl
verificationaccountls.waw.pl

# Reference: https://twitter.com/smica83/status/1115174343288545280

etechnocrat.us

# Reference: https://twitter.com/Racco42/status/1115216282670989313

hallos.info

# Reference: https://twitter.com/MisterCh0c/status/1115001122673102848

yolodice.icu

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

vapeegy.com

# Reference: https://twitter.com/Racco42/status/1115259915877146625

e-mailupgrade.com

# Reference: https://twitter.com/malwrhunterteam/status/1115289020421025792

bestpage1.com

# Reference: https://twitter.com/BroadAnalysis/status/731653488443305985

khamsanphukhoa.com.vn

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

gingerandcoblog.com

# Reference: https://twitter.com/illegalFawn/status/1115537607256150016

logger-keyz.tk
rtdetailing.com

# Reference: https://twitter.com/Artilllerie/status/1115556048243437568

subby.xyz

# Reference: https://twitter.com/James_inthe_box/status/1115591879586795521

hot-mail.online

# Reference: https://twitter.com/slayersecurity/status/1115599512758697984

bobbobb1z.com

# Reference: https://twitter.com/pollo290987/status/1115613838689341440

nicholaspring.xyz

# Reference: https://twitter.com/slayersecurity/status/1115902366686031878

klis.icu
notz.icu
qgb.us
shortener.icu
shortit.icu
zvb.us

# Reference: https://twitter.com/JAMESWT_MHT/status/1115926996582830081

nemelyu871.info
s1591e46.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1115928599792640000

instant-payments.ru

# Reference: https://twitter.com/makflwana/status/1115953092090941440

vman23.com

# Reference: https://twitter.com/x42x5a/status/1115980225127571456

freelim.cf

# Reference: https://app.any.run/tasks/34e6fb84-9c9f-4839-8c08-a2db34280b72

younglybae.tk

# Reference: https://twitter.com/KorbenD_Intel/status/1115987185206013953

b02aee36.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1116302275335475201

a.uchi.moe

# Reference: https://twitter.com/tkanalyst/status/1116370690444124160

adpop.xyz

# Reference: https://twitter.com/anyrun_app/status/1115513990711521280

user-protect-center.pe.hu

# Reference: https://twitter.com/58_158_177_102/status/1116608652985585670

aupa.xyz
azedizayn.com
aussiescanners.com
fumicolcali.com
sundarbonit.com

# Reference: https://twitter.com/Racco42/status/1116787155710500866

yassra.com

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://www.virustotal.com/gui/domain/appboxlive.host/relations

appboxlive.host

# Reference: https://twitter.com/JAMESWT_MHT/status/1095672902232477697

cytotan.xyz
fatando.pw
srv18427.microhost.com.pl

# Reference: https://twitter.com/devnullek/status/1073159905480183808

favbaby.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

ahgsuy3829.top
best-remit.com
hybypi.xyz
nerdcommunity.top
reballancefreestyle.win

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

chebersto.com
chelkibot.com
jejefolso.com
kalambint.com
karachark.com
kerukiron.com
kurtillon.com
markrelso.com
nintedrer.com
reregaton.com

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

arabicdessert.co
prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

badbigbearr.com
bearbigger.top
beargrizzler.win
dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

lowashemterle.top
yfyke.xyz

# Reference: https://twitter.com/x42x5a/status/1117697750886428672

ahsantiago.pt

# Reference: https://twitter.com/dvk01uk/status/1117752424331190273

licenses-renewal.com

# Reference: https://twitter.com/killamjr/status/1117776513288503296
# Reference: https://www.virustotal.com/gui/domain/netlux.in/relations
# Reference: https://www.virustotal.com/gui/domain/vitalmania.eu/relations

netlux.in
vitalmania.eu

# Reference: https://twitter.com/FewAtoms/status/952884418733072384

gg.usdipc.com

# Reference: https://twitter.com/DynamicAnalysis/status/1117833770332303365

ridihaagroup.com

# Reference: https://twitter.com/FewAtoms/status/1117824449670209536

annaviyar.com

# Reference: https://twitter.com/malware_traffic/status/1117811800395767808

shahkara.com.tr

# Reference: https://twitter.com/HONKONE_K/status/1118035160362913792

new2019.mine.nu

# Reference: https://twitter.com/JAMESWT_MHT/status/1118102912549433345

fineiksus.com

# Reference: https://cofense.com/latest-software-functionality-abuse-url-internet-shortcut-files-abused-deliver-malware/

buyviagraoverthecounterusabb.net

# Reference: https://twitter.com/James_inthe_box/status/1118146373361078272

tshukwasolar.com

# Reference: https://twitter.com/Racco42/status/1118476901876674561

vreau-relatie.eu

# Reference: https://twitter.com/FewAtoms/status/1118588045312368641

http://188.209.52.180

# Reference: https://twitter.com/FewAtoms/status/1118893063219372034

krosnovunderground.se

# Reference: https://twitter.com/ViriBack/status/1119019674006687744

deuor.info/index.php

# Reference: https://twitter.com/ActorExpose/status/1118914631609794561

kulsofttech.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

plenoils.com
sharedrive.top
alkzonobel.com
web2prox.com
webxpo.us
office.webxpo.us
sunny-displays.com
modernizingforeignassistance.net

# Reference: https://twitter.com/malware_traffic/status/1119021844416405504

sunmeter.eu

# Reference: https://twitter.com/ViriBack/status/1119592527106072576

http://185.79.156.15

# Reference: https://twitter.com/James_inthe_box/status/1119758368858468352

gbchb.com

# Reference: https://twitter.com/pancak3lullz/status/1117825748583243776

esko7.cf

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

benelll.com

# Reference: https://twitter.com/pancak3lullz/status/1085189158866378754

liftocean.us

# Reference: https://twitter.com/The_d0c_T0R/status/1120184484312354816

bbkac.com

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

get.extra-files.com

# Reference: https://twitter.com/malwrhunterteam/status/1120969169233690624

187.ip-54-36-162.eu

# Reference: https://twitter.com/devnullek/status/1120708504619290624

news-medias.ru

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

icbegypt.com

# Reference: https://twitter.com/makflwana/status/1121063810289238018

newfield-us.info

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

alspi.cf

# Reference: https://twitter.com/bad_packets/status/1005578509564108800

upgraderservices.cf

# Reference: https://twitter.com/smii_mondher/status/962702751762468866

centropesquisabit.com.br

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

baldorclip.icu

# Reference: https://twitter.com/malwrhunterteam/status/1121095736299597824

geraldgore.com/news/

# Reference: https://twitter.com/malware_traffic/status/1121097028426194944

iblservicosonline.com

# Reference: https://twitter.com/MisterCh0c/status/1121125682032119808

noda-8879.cf

# Reference: https://twitter.com/malware_traffic/status/1061039473448734722

po0o0o0o.com

# Reference: https://twitter.com/coldshell/status/936173677854580736
# Reference: https://pastebin.com/9JfkQ1FX 

accessyouraudience.com
alucmuhendislik.com
awholeblueworld.com
bit-chasers.com
datenhaus.info
hexacam.com
mh-service.ru

# Reference: https://twitter.com/coldshell/status/936588497216995328
# Reference: https://pastebin.com/LRTA7NSn

basedow-bilder.de
centralbaptistchurchnj.org
highlandfamily.org
motifahsap.com
pdj.co.id
pragmaticinquiry.org
schwellenwertdaten.de
shamanic-extracts.biz
team-bobcat.org
troyriser.com

# Reference: https://twitter.com/coldshell/status/894908561855307776
# Reference: https://pastebin.com/dZXyvmvL

adelaidemotorshow.com.au
apositive.be
autoecoleathena.com
autoecoleboisdesroches.com
autoecoledufrene.com
beansviolins.com
cipemiliaromagna.cateterismo.it
firstonetelecom.com
fly2.com.tw
harristeavn.com
heathrowestudios.com
hydronetinfo.com
melting-potes.com
microsom.com
modemagazine.net
new.intranet.wem.fr
patrickreeves.com
potamitis.gr
rosascomendador.com
scoot-mail.net
sixty-six.org
telesolutionsconsultants.com
trombositting.org

# Reference: https://twitter.com/tmmalanalyst/status/891998398462566400

luczki.pl

# Reference: https://twitter.com/x42x5a/status/1121702655464751104

payeer-coin.icu

# Reference: https://twitter.com/FewAtoms/status/1121751424096845831

http://216.170.120.137

# Reference: https://twitter.com/JAMESWT_MHT/status/1121755894511960064
# Reference: https://app.any.run/tasks/c18ca904-42a7-4cda-89ca-8960f38ff406

gcleaner.info
melbettyge.top
refpagdcmr.top
salosvodkoi.ru

# Reference: https://twitter.com/FewAtoms/status/1121780178676527104
# Reference: https://twitter.com/FewAtoms/status/1121096964869959682

http://80.82.66.58

# Reference: https://twitter.com/jeromesegura/status/1121811483195633670
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/

jquerylol.ru

# Reference: https://twitter.com/neonprimetime/status/1121800377727426561

hlggregoriazl.xyz

# Reference: https://twitter.com/QuaestioQuestio/status/1121777747834155012

gatiropimonita.website
updateservice.work

# Reference: https://twitter.com/x42x5a/status/1122096731800375296

fin18.org

# Reference: https://twitter.com/slayersecurity/status/1122137824076148736

basaso.mobi
dpyfo.mobi
enchanted.mobi
ghtc.mobi
hfik.mobi
mobisad.mobi
nefal.mobi
nkdyo.xyz
professional.mobi
rhggy.mobi

# Reference: https://twitter.com/DbgShell/status/1121583280145543168

http://84.200.43.124

# Reference: https://twitter.com/jpcert_ac/status/1121701529847603202

officecrack.gi2.cc

# Reference: https://twitter.com/ViriBack/status/1122527363772887044

90551.prohoster.biz

# Reference: https://twitter.com/hexlax/status/988881472403763200

untorsnot.in

# Reference: https://twitter.com/0x13fdb33f/status/1122544651628576768
# Reference: https://www.kernelmode.info/forum/viewtopic.php?p=32871
# Reference: https://otx.alienvault.com/pulse/5cc6ca1e69cc6cfee80974a7

fusu.icu
keke.icu
luru.icu
qoqo.icu
susu.icu
zqfgy.app

# Reference: https://twitter.com/dvk01uk/status/1122803607269773312

findrew.gq

# Reference: https://twitter.com/makflwana/status/1122818381856555010

http://91.243.83.154

# Reference: https://twitter.com/James_inthe_box/status/1122861244023656453

anticcolonial.cf

# Reference: https://twitter.com/x42x5a/status/1122863171222560768

h-drums.cf

# Reference: https://twitter.com/dvk01uk/status/1122702052482846720

ayakkokulari.com

# Reference: https://twitter.com/ScumBots/status/1122874459432599555

s0ft3r.ru

# Reference: https://twitter.com/anyrun_app/status/1122812186680856577
# Reference: https://app.any.run/tasks/b389fddc-d90a-427c-a164-ff73dc2c185b

govhotel.us

# Reference: https://twitter.com/Racco42/status/1122966809924329472

iceslyt.ru

# Reference: https://twitter.com/Sm0k10/status/1123018192228626443

quo75fbm.club

# Reference: https://twitter.com/dave_daves/status/1123143230852358145

mail-tools.info

# Reference: https://twitter.com/JaromirHorejsi/status/1095328020028628992

nim3.xyz

# Reference: https://twitter.com/FewAtoms/status/1123154922562678784

http://23.249.163.113

# Reference: https://twitter.com/avman1995/status/1035033720489734145

kangnaterayna.com

# Reference: https://twitter.com/x42x5a/status/1123191255679291392

sellingproducts.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123202218101039109

jbfd8699nia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123206109421027329

wadameee.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123209767135141889

cliniquevoyage.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123214806251646977
# Reference: https://www.virustotal.com/gui/domain/digital-studio.org/details
# Reference: https://app.any.run/tasks/27874df0-5ed8-469e-8a53-0741bb8fca58

digital-studio.org

# Reference: https://twitter.com/siri_urz/status/1123212324385513472

http://92.63.197.153

# Reference: https://twitter.com/x42x5a/status/1123250026883497985

lovemepls.com

# Reference: https://twitter.com/PRODAFT/status/1123241137710555136

http://45.227.252.54

# Reference: https://twitter.com/malwrhunterteam/status/1123262864029040641

nathanklebe.com

# Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

http://188.166.74.218
http://45.55.211.79

# Reference: https://twitter.com/makflwana/status/1123465749027225600

http://5.188.231.210

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

auzonet.net
datdepot.net

# Reference: https://twitter.com/FewAtoms/status/1123563237084024832

http://155.138.134.133

# Reference: https://twitter.com/ScumBots/status/1122705081953132549

bitwhites.top

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834

frameupds.info

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976

hbr0.icu

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

teleduck.de
zaremedspa.com

# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

individualkipitera.site
individualkipitera24.site
intimorg.xyz
prostitutkivoronezha24.bid
prostitutkiyaroslavlya76.men
prostitutkisoy.com
prostitutki-adlera.xyz
prostitutki-sterlitamaka.xyz
prostitutki-vologdy.xyz
prostitutki-tomska.xyz
prostitutkisochi24.xyz
prostitutki-magnitogorska.xyz
prostitutki-tveri.xyz
prostitutki-kaliningrada.xyz
prostitutki.soy
prostitutkimoskvy.surf
prostitutkiyaroslavlya.xyz
prostitutki-surguta.xyz
prostitutki-izhevska.xyz
prostitutki-permi.xyz
prostitutkikazani.xyz
prostitutkikrasnoyarska.xyz
prostitutkiomska.xyz
prostitutkirostova.xyz
prostitutkiufy.xyz
prostitutkivoronezha.xyz
prostitutki-arhangelska.xyz
prostitutki-biyska.xyz
prostitutki-taganroga.xyz
prostitutki-tambova.xyz
prostitutkipitera.soy
prostitutkivologdy.win

# Reference: https://twitter.com/JayTHL/status/1123591741347704832

92.222.151.63:36437

# Reference: https://twitter.com/JayTHL/status/1123829087913508865

leon-l-atkinson.club

# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

vman23.com

# Reference: https://otx.alienvault.com/pulse/5ccab2b0769cdc85663c84b9

747f9d59.ngrok.io

# Reference: https://twitter.com/x42x5a/status/1123914216665174016
# Reference: https://twitter.com/JAMESWT_MHT/status/1126420676427096065

ccleaner.host
ccleaner.top

# Reference: https://twitter.com/Racco42/status/1123953925831446529

41.231.120.138:7700
http://4more5.67.14.61

# Reference: https://twitter.com/Racco42/status/1123974086970019840

fjlryd.com

# Reference: https://twitter.com/drok3r/status/1124018831444385794

http://185.79.156.23

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

a-7763.com

# Reference: https://twitter.com/SickPeaSec/status/1124078107617574912

http://42.51.65.7

# Reference: https://www.virustotal.com/gui/domain/heheda.tk/relations

heheda.tk

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Tovkater-6956309-0)

dicier.ru
triobol.ru
walforder.ru

# Reference: https://twitter.com/TheMan___TheMan/status/1124526444955295744

http://3.14.6.4

# Reference: https://twitter.com/slayersecurity/status/1124605083554078720

ckssplcom.ga

# Reference: https://twitter.com/FewAtoms/status/1124624471548149761

megaklik.top

# Reference: https://twitter.com/James_inthe_box/status/1124634464447950848

hamriadhurai1.com

# Reference: https://twitter.com/James_inthe_box/status/1124648077627838465

http://106.13.96.196

# Reference: https://twitter.com/VK_Intel/status/1124826957764603905

ghostru.biz

# Reference: https://twitter.com/ViriBack/status/1125145578638389248

umc-tech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (#Win.Malware.Shadowbrokers-6958490-0)
# Reference: https://www.virustotal.com/gui/domain/sex.kuai-go.com/relations

teetah.com
thmqyo.com
iadaef.com
yvyqyr.com
yyhhwt.com
yoiupy.com
abvyoh.com
evoyci.com
nzooyn.com
niulzo.com
meadgz.com
yxpwly.com
cberyk.com
xuvvie.com
nfgesv.com
rjodmz.com
ygjuju.com
iauany.com
zopkpn.com
ubnuov.com
kroqzu.com
uxmaie.com

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1125358634979012613

polaroil.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1125388900862767105

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/pmelson/status/1125070087218659330

anyconnect.stream
bigip.stream
fortiweb.download
kaspersky.science
microtik.stream
owa365.bid
symanteclive.download
windowsdefender.win

# Reference: https://twitter.com/angel11VR/status/1125765188370731009
# Reference: https://app.any.run/tasks/8bee6450-d92c-4a21-8b8e-6dbec1e777e5

joeing2.duckdns.org

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

neperepahano.top

# Reference: https://twitter.com/Jan0fficial/status/1093123191504031746

scanjet.tk

# Reference: https://twitter.com/P3pperP0tts/status/979416398932905985

mdolk.ru

# Reference: https://twitter.com/P3pperP0tts/status/980426489802960897

ponysolution.tk

# Reference: https://twitter.com/x0rz/status/763396946371436544

andmabi.com
redidfe.ru
undwohed.ru

# Reference: https://twitter.com/hexlax/status/740548297723678720

cussocarve.net

# Reference: https://twitter.com/hexlax/status/777967707601895424

tortonrcommt.pw

# Reference: https://twitter.com/hexlax/status/905947662595366913

detrogoldenmayer.com

# Reference: https://twitter.com/teoseller/status/674601023076462596

beamtech-tw.com

# Reference: https://twitter.com/teoseller/status/790919712909697024

zjibingfeng.com

# Reference: https://twitter.com/hexlax/status/803324541858627584

ru-id21387192837.com

# Reference: https://twitter.com/DissectMalware/status/1125899122958065665

velquene.net

# Reference: https://twitter.com/bomccss/status/1125902307030265856

donersonma.com

# Reference: https://twitter.com/executemalware/status/1125818675519459328

58.218.66.168:32221

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

samuelkerns.com

# Reference: https://www.virustotal.com/gui/ip-address/90.103.111.117/relations

iamahackeur.servehttp.com
jesuisunhackeur.servehttp.com

# Reference: https://twitter.com/papa_anniekey/status/1090808731393155072

kuroekoyamato.com
kuronekoyamao.com

# Reference: https://twitter.com/051R15/status/984704059109093382

jcgloball.org

# Reference: https://twitter.com/dvk01uk/status/1126064949212721152

carlostevez.ga
carlostevez.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1126109441651245057
# Reference: https://app.any.run/tasks/004e0cf9-8b5c-41eb-a7af-d048dcb80608

green.nogel.tech
safa.205dundas.com
ssw.138front.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/

link.fivetier.com

# Reference: https://twitter.com/MisterCh0c/status/1126214464334979074

ftp://computernewb.ml

# Reference: https://twitter.com/VirITeXplorer/status/1126382269646741505

zuisarch.top

# Reference: https://twitter.com/x42x5a/status/1126402234676404225

abscete.info
fopstudios.com

# Reference: https://twitter.com/x42x5a/status/1126395015566102528

bluedahab.ga

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

effe-erre.es
sigaingegneria.com

# Reference: https://twitter.com/JayTHL/status/1126254567568695301

fuckchriscollingsworth.com

# Reference: https://twitter.com/DissectMalware/status/1126384963497205762

http://51.89.0.134

# Reference: https://otx.alienvault.com/pulse/5cd3f89df12b501c477a6fba

vision2030.cf
vision2030.tk

# Reference: https://twitter.com/malwrhunterteam/status/1126438072047099905
# Reference: https://twitter.com/malwrhunterteam/status/1126443181879459842
# Reference: https://twitter.com/malwrhunterteam/status/1126450000425361408

abidefr.com
ambertut.com
profile.sandoct.com
sagdao.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126435324530503680

binnatto.de
megaklik.top
uzocoms.eu
venzatechi.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1126461915780255745

nettubex.top

# Reference: https://twitter.com/ActorExpose/status/1126448541637984256

can25.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126465809415647232

bullettruth.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126476203253280773

ezeada.site

# Reference: https://twitter.com/James_inthe_box/status/1126487574317490179

aotiahua.com

# Reference: https://twitter.com/James_inthe_box/status/1126590019269840896

farmfit.ru

# Reference: https://twitter.com/dvk01uk/status/1126726101055574016

xzhch.ml

# Reference: https://app.any.run/tasks/b9d22ade-b917-421b-a117-e514d56fefd5
# Reference: https://www.virustotal.com/gui/domain/ndtst.com/details

ndtst.com

# Reference: https://twitter.com/dvk01uk/status/1121281997643636736
# Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf

nxgenbiz.us

# Reference: https://twitter.com/dvk01uk/status/1118559250471628800

terryhill.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1126803185753047040

gcleaner.info

# Reference: https://twitter.com/malwrhunterteam/status/1126808002986639361

rapport.lcto.lu

# Reference: https://twitter.com/x42x5a/status/1126832160936214529

soksanhotels.com

# Reference: https://twitter.com/dave_daves/status/1126840642485784576

mecharniser.com

# Reference: https://twitter.com/James_inthe_box/status/1126846840060571648

vasinvestment.tk

# Reference: https://twitter.com/ViriBack/status/1126992620310470656

iujoaqstqiywertgpu.club

# Reference: https://twitter.com/ViriBack/status/1127224259837878273

phumyhunggiatot.com

# Reference: https://twitter.com/daphiel/status/1123927542149328896

blanki-shabloni24.ru
ezstat.ru
icq.chatovod.info
ktosdelaetskrintotpidor.com
medialeaks.icu
sositehuypidarasi.com
superjob.icu
women-history.me

# Reference: https://twitter.com/malware_traffic/status/810966197881671680
# Reference: http://malware-traffic-analysis.net/2016/12/19/index.html

talhanterbutres.top
srugbah.com

# Reference: https://twitter.com/pancak3lullz/status/1022845906041929728

asterixenergy.in

# Reference: https://twitter.com/pancak3lullz/status/746337709774430208

camera-test.hi2.ro
summerr554fox.su

# Reference: https://twitter.com/FewAtoms/status/1127531654019334144

222.187.238.16:2020

# Reference: https://twitter.com/ActorExpose/status/1127565211832135681

webarconet.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1127927901725306881

rabbitscafenyc.com
rerplan.tk
ttreface.tk

# Reference: https://twitter.com/malware_traffic/status/1128019457966735360

dhlexpress.club

# Reference: https://twitter.com/ActorExpose/status/1128018026673131521

double-minded-elect.000webhostapp.com

# Reference: https://twitter.com/ActorExpose/status/1128004155673542657

ryselis.xyz

# Reference: https://twitter.com/ActorExpose/status/1128017378518892544

aquilesarocaltda.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1128214459334500353

sonofgraceoffice.website

# Reference: https://twitter.com/dvk01uk/status/1128239904402694144

modipond.gq

# Reference: https://twitter.com/dvk01uk/status/1128286894553489408

terryhill.top

# Reference: https://twitter.com/JayTHL/status/1128405725888307200

maketheswitch.ca

# Reference: https://twitter.com/58_158_177_102/status/1128310206327283713

mondayis.info

# Reference: https://twitter.com/virusbtn/status/1128556881079930881

ezinebachelor.top

# Reference: https://twitter.com/FewAtoms/status/1128706633671090179

is45wdsed4455sdfsf.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1128828811796242433

187.ip-54-36-162.eu

# Reference: https://twitter.com/Racco42/status/1128955163023171584

myscs.ca

# Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232

ybtvmt.info

# Reference: https://twitter.com/x42x5a/status/1128995801286492162

tandf.xyz

# Reference: https://twitter.com/pancak3lullz/status/1129392247924035584

brsystem1000k33.com

# Reference: https://twitter.com/James_inthe_box/status/1129452679250321408

officeboss.xyz

# Reference: https://app.any.run/tasks/4a96e0a9-8b6a-46ac-8e31-5d7d6a417720/

asnkar.me

# Reference: https://twitter.com/dave_daves/status/1129401061696036864

http://13.58.74.46

# Reference: https://twitter.com/James_inthe_box/status/1129514888148086784

botonbot.net
ruit.live

# Reference: https://twitter.com/malware_traffic/status/1129758980585283584

alimstores.com

# Reference: https://twitter.com/Jouliok/status/1129662977664274432

microsoft-products.com
228276216.net

# Reference: https://twitter.com/ActorExpose/status/1130119521770102791

thenewsystemsetup.online

# Reference: https://www.virustotal.com/gui/url/a23b74470167c11d15f0ece4f0859c10f411a21f895836a7df383a87ce857930/detection

android-fanatics.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130401062710648832
# Reference: https://app.any.run/tasks/e4f79fa5-1908-4791-8e49-bd966a4ff139/

maso.at

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclick.live

# Reference: https://twitter.com/dave_daves/status/1130465690740232193

gdres.tk

# Reference: https://twitter.com/FewAtoms/status/1130496077759746050

mnsoorysoemsystems.com

# Reference: https://twitter.com/James_inthe_box/status/1130541505356095488
# Reference: https://pastebin.com/LFHR1XX1

absentselection.icu
chargement-pro.icu
commande.icu
commandeapp.icu
commandehq.icu
commandehub.icu
commandelabs.icu
continentaltourist.icu
document-joint.icu
documentpro.icu
emaillabs.icu
emailly.icu
opencommande.icu
proapp.icu
prohq.icu
standardpopulation.icu

# Reference: https://twitter.com/ActorExpose/status/1130199745287413760

mywegsite.com

# Reference: https://twitter.com/dvk01uk/status/1130735131793207296

handuruz.cf
handuruz.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304

office365-cloud5.com
office365-cloud5.space

# Reference: https://twitter.com/ViriBack/status/1130814960517427201

carsitxal.tk

# Reference: https://twitter.com/James_inthe_box/status/1130882574853632002

http://82.221.139.139

# Reference: https://twitter.com/ViriBack/status/1131000954613108737

http://54.37.141.202

# Reference: https://twitter.com/FewAtoms/status/1131234678550220805

faqshub.xyz

# Reference: https://twitter.com/ViriBack/status/1131318550759641088

lucid44.xyz

# Reference: https://twitter.com/ViriBack/status/1131542334850699264

modestworld.top

# Reference: https://app.any.run/tasks/457da061-f848-42e8-a26d-82259768b2c0/

2mmotorsport.biz
alpenlodge.com
arbezie-hotel.com
aparthotelzurich.com
apartmenthaus.com
aubergemontblanc.com
belvedere-locarno.com
berginsel.com
bizziniinfissi.com
bnbdelacolline.com
bristol-adelboden.com
chambre-d-hote-chez-fleury.com
checkerrors.ug
elite-hotel.com
fliptray.biz
googletime.ug
haargenau.biz
hardrockhoteldavos.com
holzbock.biz
hotelalbanareal.com
hotel-blumental.com
hotelfarinet.com
hotelweisshorn.com
hrk-ramoz.com
la-fontaine.com
limmathof.com
morcote-residenza.com
mountainhostel.com
nationalzermatt.com
pizcam.com
seitensprungzimmer24.com
swisswellness.com
tantarantantan23.ru
torhotel.com
waageglarus.com
whitepod.com

# Reference: https://twitter.com/James_inthe_box/status/1131717489824428032
# Reference: https://www.virustotal.com/gui/domain/baihes.com/relations
# Reference: https://www.virustotal.com/gui/domain/coipip.com/relations

baihes.com
coipip.com

# Reference: https://twitter.com/blackorbird/status/1131790385884278784

asia-kunsthandwea1-online.com
kkrudy.com

# Reference: https://twitter.com/x42x5a/status/1131822281452380160
# Reference: https://twitter.com/James_inthe_box/status/1131855420073496576

airliness.info
donaldcity.club
nevernews.club
vsblobprodscussu5shard62.blob.core.windows.net
vsblobprodscussu5shard67.blob.core.windows.net
weekdanys.com

# Reference: https://twitter.com/James_inthe_box/status/1131927201496961024

tryfast-v52.cf

# Reference: https://twitter.com/FewAtoms/status/1131961073219899394

http://82.221.139.139
eyeseepotential.com
is45wdsed4455sdfsf.duckdns.org

# Reference: https://twitter.com/Racco42/status/1132056583293329408

eurogov.pw

# Reference: https://twitter.com/BroadAnalysis/status/880488094277009408

batbetorzen.com

# Reference: https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/

51.255.101.144:4444
twitter.com-users.info

# Reference: https://twitter.com/HONKONE_K/status/1132892192719101952

naiei-aldiel.16mb.com

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclicks.live

# Reference: https://twitter.com/JAMESWT_MHT/status/1133024098542604288

ethchain.live

# Reference: https://twitter.com/x42x5a/status/1133025211606077440

ethmoney.live
ethcrypto.live
ethpromo.live
ethmoney.club
ethmoney.club

# Reference: https://twitter.com/jorgemieres/status/1133052016568274950

vbtz.cf

# Reference: https://twitter.com/FewAtoms/status/1133059049887604737

vaddesobhanadri.com

# Reference: https://twitter.com/cybsecbot/status/1133275353349316610

gettyimages-okta.com
harpercollins-okta.com
login-hulu.com
dropbox-apps.com
webmail-premierpr.com

# Reference: https://twitter.com/dvk01uk/status/1133294737006518272

oliver-khan.tk

# Reference: https://twitter.com/ViriBack/status/1133339769776349185

http://80.233.134.242

# Reference: https://twitter.com/HONKONE_K/status/1133205335877885952

ip1.qqww.eu

# Reference: https://twitter.com/Racco42/status/1133330864216133632

secureserverftp.xyz

# Reference: https://twitter.com/ActorExpose/status/1133339071630204928

ntexplorerlite.com

# Reference: https://twitter.com/MalwarePatrol/status/1133417154009870337

banner.poker.williamhill.com

# Reference: https://twitter.com/MalwarePatrol/status/1133054765573844993

attachments.goapk.com

# Reference: https://twitter.com/MalwarePatrol/status/1132873570932203520

support1.uvnc.com

# Reference: https://twitter.com/MalwarePatrol/status/1132692376848281600

img2.img.9xiu.com

# Reference: https://twitter.com/tkanalyst/status/1133505361145556993

makemoneyeasy.live

# Reference: https://app.any.run/tasks/324f1dc9-5cce-42b4-bec0-f572b37bedfa/

kentona.su

# Reference: https://twitter.com/raby_mr/status/1133347073154097153
# Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
# Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/ip-address/185.142.97.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.182.200.111/relations

185.142.97.228:65233
217.182.200.111:21
217.182.200.111:35046
217.182.200.111:35579
217.182.200.111:35829
217.182.200.111:35348
http://217.182.200.111

# Reference: https://twitter.com/SickPeaSec/status/1133660498023501824

129.204.248.16:65534

# Reference: https://twitter.com/JAMESWT_MHT/status/1133701006238375937

anmcousa.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1133691719348830208

bobbyworld.top

# Reference: https://twitter.com/P3pperP0tts/status/1133897358402564096

http://193.32.161.77

# Reference: https://twitter.com/dvk01uk/status/1133950202233200640

amanihackz.com

# Reference: https://twitter.com/SoulRage6/status/1133994359987277831

http://84.38.135.164

# Reference: https://twitter.com/JAMESWT_MHT/status/1134050405430808577
# Reference: https://app.any.run/tasks/f1a352c4-1174-41bb-809f-ab4ed0b6be7c/

redinqtongvlftadf.xyz

# Reference: https://twitter.com/MalwarePatrol/status/1134141928541446146

tripdownload.com

# Reference: https://twitter.com/FewAtoms/status/1134146787953000449

moonday-v54.tk

# Reference: https://twitter.com/SickPeaSec/status/1134180182544093186

190.37.209.37:3569

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

sj81helmer.top

# Reference: https://twitter.com/BleepinComputer/status/1134227276101554176

up-date.to

# Reference: https://twitter.com/VK_Intel/status/1134606562180382720

li888-183.members.linode.com

# Reference: https://www.virustotal.com/gui/domain/swtest.ru/relations

[a-z0-9]{10}\.temp\.swtest\.ru

# Reference: https://twitter.com/ViriBack/status/1134859021234651136

pounds.ngrok.io

# Reference: https://twitter.com/ViriBack/status/1134912329597050880

sm.rooderoofing.com.au

# Reference: https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360/

big-partynew.ru

# Reference: https://twitter.com/MalwarePatrol/status/1135410287992025088

www8.piaodown.com

# Reference: https://twitter.com/securiteoff/status/740562516699447296
# Reference: https://www.virustotal.com/gui/domain/lasersteam178.ru/relations

lasersteam178.ru

# Reference: https://twitter.com/pancak3lullz/status/748146742571372544
# Reference: https://www.virustotal.com/gui/domain/19891108.info/relations

19891108.info

# Reference: https://twitter.com/Jouliok/status/1135293849314693126

http://82.221.139.139

# Reference: https://twitter.com/dms1899/status/1135693930492829696

proapp.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1135825545038401536

ar-energyservice.com

# Reference: https://app.any.run/tasks/9a352314-04a9-4594-8d10-9f375b7cc2c3/

http://176.10.118.191

# Reference: https://www.virustotal.com/gui/domain/yourdocument.biz/relations

yourdocument.biz

# Reference: https://twitter.com/takerk734/status/1135955547310632960

http://95.213.217.139
http://54.36.218.96
maidcafeyoyo.fun
simbaooshi.space
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/eComscan/status/1136181192796061697

dns-forwarding.com

# Reference: # Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dnsedc.com

# Reference: # Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dellnewsup.net

# Reference: https://twitter.com/0xrb/status/1135869164239769601 (# root domain)

yiffgallery.xyz

# Reference: https://www.virustotal.com/gui/domain/sportsnewsa.net/relations

sportsnewsa.net

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/

bazar.services
ds38.test-hf.su

# Reference: https://twitter.com/James_inthe_box/status/1136631137571237888

mysecrethope.com

# Reference: https://twitter.com/benkow_/status/1136623836936495104

china-hql.com

# Reference: https://twitter.com/FewAtoms/status/1136672182967439361

yonghonqfurniture.com

# Reference: https://twitter.com/malware_traffic/status/1136682537005305858

flash2019.xyz

# Reference: https://twitter.com/ViriBack/status/1136695799818215424

cvbt.ml

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

http://209.141.46.175
http://54.36.218.96

# Reference: https://twitter.com/KorbenD_Intel/status/1136765613412671488

ddl7.data.hu

# Reference: https://twitter.com/dave_daves/status/1137001089088315392

http://212.73.150.157

# Reference: https://twitter.com/VK_Intel/status/1137003147887566848

gstestat.com

# Reference: https://twitter.com/MalwarePatrol/status/1137041033609584640

vilamax.home.pl

# Reference: https://twitter.com/James_inthe_box/status/1137067993739943937

http://45.76.37.123
melirossa-shop.xyz
zipmatchpost.net

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

regwide.club
streetsave.club

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

keuhne-negal.com

# Reference: https://www.virustotal.com/gui/domain/panasocin.com/relations

panasocin.com

# Reference: https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
# Reference: https://www.virustotal.com/gui/ip-address/176.103.48.228/relations

http://176.103.48.228
baranevents.com
baranweddings.com
ctifsouteni.icu
etapportert.icu
ffrirbesoin.icu
hrhuae.com
ielassocier.icu
ourmazdcompany.net
samaste.net
sarahelizabethjewelry.com

# Reference: https://twitter.com/P3pperP0tts/status/1138360072168509440
# Reference: https://twitter.com/P3pperP0tts/status/1138373736187518977
# Reference: https://app.any.run/tasks/d9984618-81f4-48e5-883e-ee5591d73483/

qxyl.date
148.70.57.37:878
148.70.57.37:3

# Reference: https://twitter.com/P3pperP0tts/status/1138352249007222784
# Reference: https://twitter.com/P3pperP0tts/status/1140603446921433090

47.112.130.235:258
47.112.130.235:280

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

http://176.105.252.168

# Reference: https://otx.alienvault.com/pulse/5cff9b9b7a111ab1f15d7819
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/

139.180.199.167:1012
45.32.28.187:1012
pixeldrain.com

# Reference: https://twitter.com/James_inthe_box/status/1138440424765288454
# Reference: https://www.virustotal.com/gui/domain/hognoob.se/relations

hognoob.se
fid.hognoob.se
haq.hognoob.se
pxi.hognoob.se
pxx.hognoob.se
uio.hognoob.se
q1a.hognoob.se
upa1.hognoob.se
upa2.hognoob.se

# Reference: https://twitter.com/FewAtoms/status/1138477829434351624

2be431d7.ngrok.io
niggalife.5gbfree.com
sheddy.5gbfree.com

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

46fordhamavenue-camberwell.com
haveahealthy.life
homepage-iclouds.com

# Reference: https://twitter.com/bomccss/status/1138620211140030464

elievarsen.ru

# Reference: https://twitter.com/HarioMenkel/status/1138725169323790336

bluecornerblog.xyz

# Reference: https://www.virustotal.com/gui/ip-address/121.41.39.145/relations

121.41.39.145:7149
http://121.41.39.145

# Reference: https://twitter.com/James_inthe_box/status/1138930135548157952

http://5.206.226.15

# Reference: https://twitter.com/FewAtoms/status/1139177275977555970

sripipat.com

# Reference: https://twitter.com/James_inthe_box/status/1139206166385348613

138.68.16.227:8080
topdalescotty.top

# Reference: https://twitter.com/yvesago/status/1139209832014274562

fujielectric.cf

# Reference: https://twitter.com/P3pperP0tts/status/1139277669575659529

182.254.220.148:88

# Reference: https://twitter.com/gorimpthon/status/1139351204540977152
# Reference: https://app.any.run/tasks/51d14dec-d0de-4718-b5f1-3ae489013df9/

185.106.122.120:80
185.140.248.17:80

# Reference: https://twitter.com/58_158_177_102/status/1139369225863065602

185.164.72.213:80

# Reference: https://twitter.com/dave_daves/status/1139509798926467073
# Reference: https://twitter.com/FewAtoms/status/1139608798119768065

adl-groups.com
deluxerubber.com
greatmischiefdesign.com

# Reference: https://twitter.com/MalwarePatrol/status/1139758944224731141

a0310625.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1139841634655277056

check511.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1140333563319128064

222.186.172.44:9

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

785sou.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1140525091110998017

mondaydrem.ru

# Reference: https://twitter.com/x42x5a/status/1140530422172045312

storage.alfaeducation.mk

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568
# Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/

sventiskai.lt
45.67.14.157:80

# Reference: https://twitter.com/Sebdraven/status/1140597344720830471
# Reference: https://app.any.run/tasks/d7ce191d-c04f-4eff-a13c-02cbe746c256/
# Reference: https://www.virustotal.com/gui/domain/cdn-dl.cn/relations

cdn-dl.cn

# Reference: https://twitter.com/nullcookies/status/1140780769914302467

belllflight.com

# Reference: https://twitter.com/VirITeXplorer/status/1140875655955079168

btta.xyz

# Reference: https://twitter.com/papa_anniekey/status/1140825590632570880

blogmason.mixh.jp

# Reference: https://twitter.com/luc4m/status/1140928778799124482

http://185.230.161.116

# Reference: https://twitter.com/malware_traffic/status/1141083006574178304

tor2net.com

# Reference: https://twitter.com/58_158_177_102/status/1141226169720815616

bibicity.ru

# Reference: https://twitter.com/James_inthe_box/status/1141326136212766720

http://185.158.248.80

# Reference: https://twitter.com/James_inthe_box/status/1141429831688605697

joeing.duckdns.org

# Reference: https://twitter.com/SecurityGuyPhil/status/1141466335592869888
# Reference: https://twitter.com/ItsReallyNick/status/1141517097991835648
# Reference: https://otx.alienvault.com/pulse/5d0aeb6260c8332e03da9063

89.34.111.113:443
185.49.69.210:80

# Reference: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

http://185.162.131.92
http://185.49.71.101

# Reference: https://twitter.com/P3pperP0tts/status/1141611364953337856

94.191.94.149:8080

# Reference: https://twitter.com/P3pperP0tts/status/1141961999796113408
# Reference: https://twitter.com/FewAtoms/status/1144567670555254787

103.45.174.46:81
103.45.174.46:8080

# Reference: https://twitter.com/James_inthe_box/status/1142005711808765952

jplymell.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142018475508060160

tommyhalfigero.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

crypy.top

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
# Reference: https://www.virustotal.com/gui/ip-address/45.67.14.179/relations

http://45.67.14.179

# Reference: https://twitter.com/peterkruse/status/1141993808105811968

proyectobasevirtual.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142065672387792896

makemoneyeasywith.me

# Reference: https://twitter.com/James_inthe_box/status/1140768910465101824

aeg.tmc.mybluehost.me

# Reference: https://twitter.com/FewAtoms/status/1142143526165073920

http://185.82.200.189

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Zusy-6995723-0)

brureservtestot.cc
qytufpscigbb.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Trojan.Shiz-6994953-0)

cilynitiseg.eu
dikuvizigiz.eu
fodavibusim.eu
gaherobusit.eu
ganazywutes.eu
jenupydaces.eu
keraborigin.eu
lykemujebeq.eu
lyvoguraxeh.eu
magofetequb.eu
nojepofyren.eu
norumikemem.eu
novacofebyz.eu
nozapekidis.eu
pupucuvymup.eu
qeburuvenij.eu
qegefavipev.eu
rytahagemeg.eu
tufamugevih.eu
tunarivutop.eu
tupazivenom.eu
vocupotusyz.eu
xubifaremin.eu
xukafinezeg.eu
xuxetiryqem.eu

# Reference: https://twitter.com/jeromesegura/status/1142232287041343489

denizprivatne.top

# Reference: https://twitter.com/P3pperP0tts/status/1142248371631140867

http://149.202.29.67

# Reference: https://twitter.com/executemalware/status/1141882448063737857

blogmason.mixh.jp

# Reference: https://www.reverse.it/sample/a4ca81a3f7dc09377bbda508db39b48ef08073a07a0472f78db8b5256e93bdb5
# Reference: https://www.virustotal.com/gui/domain/winshipway.com/relations

winshipway.com

# Reference: https://twitter.com/DissectMalware/status/1142979828339150850

aesculapius.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1143142047987195904

baidu.wookhost.me

# Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/

mechanicaltools.club

# Reference: https://twitter.com/killamjr/status/1110889738653913089

valdez.pw

# Reference: http://vxcube.com/tools/domain/mailsa-qau.com/relate_iocs

153-66-11-33.com
154-65-22-26.com
154-65-22-29.com
154-66-11-33.com
154-66-21-29.com
154-66-21-30.com
154-66-21-33.com
154-66-22-29.com
anima-sana.cz
askdrthomas.com
beetfeetlife.bit
btoaspa.xyz
canadianposcorp.com
chaibuckz.com
checkmyurls.com
cognitionclassroom.com
dual-it.com
fastandup.co.in
fin-plcukltd.com
gracesandoval.com
id-19190249012904912904190249129490219049129419.pro
intecwi.org
internettenparakazanma.org
istanbulside.net
ivanajankovic.com
jointings.org
kitcross.ca
llkty.gq
masee.info
mcnconstruction.net
mincoindia.com
onlinemail.kz
ox2ybk1nf4muo3.net
pekip-und-mehr.de
pilarrakyat.com
propertiesfirst.com
rencontres-idf.fr
sewardsfollybarandgrill.net
shawneklassen.com
theevanescense.com
tiltangeomatics.tk
trafficartspace.com
unlaca.info
unlaca.net
unlaca.org

# Reference: https://twitter.com/killamjr/status/1143498263892582402

deserv.ie/gunie/

# Reference: https://twitter.com/JAMESWT_MHT/status/1143514933646245889

up-dates.to
svarog-jez.com
yotube.com

# Reference: https://www.lacework.com/cve-2019-3396-poc-deep-dive/
# Reference: https://otx.alienvault.com/pulse/5d12356ce0b0b1db4062231e

http://37.44.212.223
51.15.56.161:201
68.183.164.16:2121
jukesbrxd.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1143539589849767936

selly.duckdns.org

# Reference: https://twitter.com/OttoScav/status/1143567557649154048

birthdayeventdxb.com
cscuniversal.com

# Reference: https://twitter.com/malware_traffic/status/1143624752956940288

kooovaqas.biz
naaleazas.net
rogojaob.info
vaxeiayas.mobi
oltaeazas.mobi
amlivaias.us
ijcaiatas.name
ufayubja.me

# Reference: https://twitter.com/luc4m/status/1143808322430218241

aeg.tmc.mybluehost.me/xx/

# Reference: https://twitter.com/MalwarePatrol/status/1140664914417205249

cloud.xenoris.fr

# Reference: https://twitter.com/neonprimetime/status/1116754139281805317

eventricity.biz

# Reference: https://twitter.com/FewAtoms/status/1144223806195716098

mikejesse.top

# Reference: https://twitter.com/h4ckak/status/1144173749056315392

http://217.163.23.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1144238644460433408

qwerty123456.space

# Reference: https://twitter.com/sniko_/status/1144454852698705924

digidick.xyz

# Reference: https://twitter.com/x42x5a/status/1144554536809435136

42.51.194.10:81

# Reference: https://twitter.com/x42x5a/status/1144559810123370496

http://114.118.80.241
114.118.80.241:8081

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

natchotuy.com

# Reference: https://twitter.com/FewAtoms/status/1144636921437655041

http://123.207.143.211

# Reference: https://twitter.com/The_d0c_T0R/status/1144640214293520385

http://47.95.252.24

# Reference: https://twitter.com/malware_traffic/status/1144726582596186120
# Reference: https://www.malware-traffic-analysis.net/2019/06/28/index.html
# Reference: https://twitter.com/malware_traffic/status/1144027142696656896

thetechhaus.com
ntri.triplegconsults.com
green.mattingsolutions.co
ruscacademy.in
track.positiverefreshment.org

# Reference: https://twitter.com/Bank_Security/status/1115131039511396352
# Reference: https://www.malware-traffic-analysis.net/2019/04/05/index.html
# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
snap.cr-acad.com
static.spillpalletonline.com
tops.sineadholly.com

# Reference: https://twitter.com/Paladin3161/status/1144641457992556546

119.188.250.55:8080

# Reference: https://twitter.com/dineshdina04/status/1008621004896198657
# Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/

111.73.46.110:2233

# Reference: https://twitter.com/ViriBack/status/970443789234929664

cajo.com.au
etnografskimuzej.rs

# Reference: https://twitter.com/TelecomixSyria/status/301863376395587584
# Reference: https://www.virustotal.com/gui/domain/syrian-martyrs.com/details

syrian-martyrs.com

# Reference: https://twitter.com/ViriBack/status/1145040024297181186

mimiplace.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/rarog/c2_w_timestamps.csv (# root domains)

0100.name
111orion.xyz
1gq.ru
4spirin.pw
5max.xyz
7bog.ru
abibletit.ru
accbmosol.com
admina.xyz
adminbtc.ru
albertsrun.xyz
badboy.pw
banddos.ru
bcjsoinlsidun3.eu
bdwiki.ru
bfvvsdfvjbvcdg.pw
billionaireboys.pw
bitcoin.lisx.ru
bitoklg.ru
bizmailcon.ru
bjkdfhbvvr.pw
bldimablog.xyz
bnknw.pw
bsdfbsadjfb.pw
bsdfksbdfj.pw
bsdfvsh.pw
btc-db.com
btchash777.ru
btcminergate.ru
bvjhsdvbfjsd.pw
centralfargo.com
checkingsite.site
checkmeout.ru
chvpobidno.com
cryptongram.org
cryptopoly.pw
csgotrade.vip
csobik.xyz
dcr048dd.ru
dedpanel.xyz
def397.pw
dfgsfdkj3jk4h5.ru
dfsfgsdfg.pw
digital-game.ru
dismay.pw
doomed.cf
dratuti.info
drujbanu.pw
enable.pw
enigma-top.bid
euirterhgt.pw
f1eriya.pw
fl-god.pw
games-revi.ru
getdownload4812.ru
ghjdthrf.tk
googleanalistics7431.ru
gopanel.ru
gslll.ru
hfyljv.ru
highwrite.ru
hjbkfwejhkfbj2334f.pw
hjdskyewljfdn.pw
hlebb.pw
how-to-how.club
hsnqy2no.host
ibsmoney.ru
igogos.ga
incor.xyz
itemsbet.com
itsmydomain.xyz
jackblack.pw
jisec.xyz
kdjsnbfgkjdf.pw
kefirsports.xyz
kevyank.ru
kiras.kz
kolokolchik.info
kopilka.io
kwam.gdn
land-seo.ru
lkasdjfklhngn.pw
m234.xyz
macadmin.xyz
mainivent.xyz
malmine.ru
maxpinezzz.ru
microtrend.xyz
min2rarllsknfoeihe.ru
minerarog.xyz
minergood.ru
minerhash.pw
minetbot.online
money-exchanger.info
mousehous.gdn
moy-mayner.ru
mrgap.pw
mybblog.xyz
mynebo7.xyz
mysuperprojectnumone.xyz
nbvnfuyjft567uygvhgfc.pw
nebuchadnezzar.xyz
newmine.ru
norfest1x.win
o4kobati.xyz
odmenarmi9z.site
plastileen.pw
poiwebm.ru
rand0msh1tm1n3r.xyz
rar740.xyz
rarog-cobetchik.ru
raznospower.ru
realbarbos.life
realtek.website
recheckmail24.ru
rikimaru7.pw
rrealstats.ru
rublikzarabotok.com
sadating.xyz
sanya330.pro
sdbfhjbsdfjh.pw
sdfbdsfjhkbgdf.pw
sdfvbshgdvf.pw
shilo.ml
soft-portal.kz
spaceman07.ru
spiridus.pw
staglion.pro
stingtek.com
sychost.com
system-analyse.win
tapblackmoney.pw
tiberious.xyz
torprojectonioncheck.com
tyha84.info
ugrym.pw
vergames.ru
webbserfer.ru
wilhost.com
wolframalpha.pw
wwqrwwwreewrqwer.xyz
xgames.su
xyw.space
zerstoren.pro
zloki.pw

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations

11fhfh.com
11xhxh.com
11xjxj.com
123dmdm.com
123fhfh.com
123hyhy.com
123jjyy.com
123kbkb.com
123xhxh.com
123xjxj.com
123xmxm.com
123xxbb.com
123yybb.com
22ctct.com
22fhfh.com
22hyhy.com
33dmdm.com
33jjyy.com
33xjxj.com
33xxaa.com
44ctct.com
44dmdm.com
44fhfh.com
44jjyy.com
44qxqx.com
44xhxh.com
44xjxj.com
44xmxm.com
44xxaa.com
44xxpp.com
520dmdm.com
520fhfh.com
520qxqx.com
520ssbb.com
520xhxh.com
520xjxj.com
520xmxm.com
55dmdm.com
55fhfh.com
55jjyy.com
55qxqx.com
55sdsd.com
55xhxh.com
55xjxj.com
55xxaa.com
55xxpp.com
628ai.com
6688cdn.com
66bbmm.com
66dmdm.com
66fhfh.com
66hyhy.com
66jjyy.com
66qxqx.com
66xhxh.com
66xjxj.com
66xxaa.com
66xxpp.com
6ctct.com
77dmdm.com
77hyhy.com
77xhxh.com
77xxaa.com
7ctct.com
7ufuf.com
888dmdm.com
888fhfh.com
888hbhb.com
888kbkb.com
888mbmb.com
888xhxh.com
888xjxj.com
888xmxm.com
88cscs.com
88ctct.com
88dmdm.com
88fhfh.com
88jjyy.com
88mkmk.com
88xhxh.com
88xjxj.com
88xxpp.com
890ai.com
898ai.com
999dmdm.com
999fhfh.com
999kbkb.com
999xhxh.com
999xjxj.com
999xmxm.com
99bbmm.com
99dmdm.com
99fhfh.com
99jjyy.com
99ppss.com
99xhxh.com
99xjxj.com
99xxpp.com
avav99.com
bcbc11.com
bcbc22.com
btbt33.com
btbt44.com
btbt77.com
didi22.com
gbgb11.com
gbgb66.com
mbmb55.com
mbmb99.com
nbnb33.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations

5444666.com
lh590.com
lh65.com
lh660.com
lh993.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.105/relations

1122sb.com
1188sb.com
629k.com
yh558877.com

# Reference: https://twitter.com/FewAtoms/status/1145357973579083778

securefilesdatas23678842nk.cf

# Reference: https://app.any.run/tasks/8df63024-05d4-4d67-bea9-ecdb1b9884a7/

nixtin.us

# Reference: https://twitter.com/ViriBack/status/1145366573898747905

http://190.97.166.189

# Reference: https://twitter.com/JayTHL/status/1145425745315008516

flavorizedjuice.de

# Reference: https://twitter.com/0bfusCat/status/1145269019374698496

http://31.207.34.129

# Reference: https://twitter.com/luc4m/status/1145650430476783617

http://23.249.167.147

# Reference: https://twitter.com/malware_traffic/status/1145793372126416897

http://31.184.252.188
cellfom.com
chungfamily.us
narutik.at
pranahat.at

# Reference: https://twitter.com/david_jursa/status/1146014269940609025

beahero4u.com

# Reference: https://twitter.com/ps66uk/status/1146090626498347009

holahospice.org
john1715.com

# Reference: https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (# CVE-2017-11774)
# Reference: https://twitter.com/obiwanblee/status/1146152208976584704
# Reference: https://otx.alienvault.com/pulse/5d1bb4b9a3f21fdc4d509f47

customermgmt.net

# Reference: https://twitter.com/James_inthe_box/status/1146183202467303424

xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1146328144141606913
# Reference: https://www.virustotal.com/gui/file/b1650c6085710bd89fdec14ce9a1a5f52d7199ab98671d994181b1e7116a0a86/behavior/Lastline

http://92.63.197.59
http://193.32.161.69
aoruuoooshfrohfe.su
bbruuoooshfrohfe.su
foruuoooshfrohfe.su
roruuoooshfrohfe.su
soruuoooshfrohfe.su
toruuoooshfrohfe.su
uoruuoooshfrohfe.su
zeruuoooshfrohfe.su
zzruuoooshfrohfe.su
aoruuoooshfrohle.su
bbruuoooshfrohle.su
foruuoooshfrohle.su
roruuoooshfrohle.su
soruuoooshfrohle.su
toruuoooshfrohle.su
uoruuoooshfrohle.su
zeruuoooshfrohle.su
zzruuoooshfrohle.su
aoruuoooshfrohoe.su
bbruuoooshfrohoe.su
foruuoooshfrohoe.su
roruuoooshfrohoe.su
soruuoooshfrohoe.su
toruuoooshfrohoe.su
uoruuoooshfrohoe.su
zeruuoooshfrohoe.su
zzruuoooshfrohoe.su
aoruuoooshfrohue.su
bbruuoooshfrohue.su
foruuoooshfrohue.su
roruuoooshfrohue.su
soruuoooshfrohue.su
toruuoooshfrohue.su
uoruuoooshfrohue.su
zeruuoooshfrohue.su
zzruuoooshfrohue.su

# Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/community

rainbowtrade.net

# Reference: https://twitter.com/James_inthe_box/status/1146446614367576065

bonus-ssl.com

# Reference: https://twitter.com/malware_traffic/status/1146503887215636480

cohen-nicoleau.com
mkzd.ru

# Reference: https://twitter.com/alex_lanstein/status/1146073296502501376

http://185.222.58.151

# Reference: https://twitter.com/killamjr/status/1146521318503964678

equipmnts.com

# Reference: https://www.virustotal.com/gui/domain/alcatelupd.xyz/relations

alcatelupd.xyz

# Reference: https://www.virustotal.com/gui/domain/symcorp.xyz/relations

symcorp.xyz

# Reference: https://twitter.com/FewAtoms/status/1146804894785056768

http://35.230.88.182

# Reference: https://twitter.com/James_inthe_box/status/1146896227000209408

http://92.119.113.32
xzshadows13.icu

# Reference: https://twitter.com/anyrun_app/status/1147040289300910080

ciber1250.gleeze.com

# Reference: https://twitter.com/VK_Intel/status/1147276748331081728
# Reference: https://www.virustotal.com/gui/domain/jsc0nten1maker.com/details

jsc0nten1maker.com

# Reference: https://twitter.com/benkow_/status/1147443642728103936

trading-secrets1.ru

# Reference: https://twitter.com/FewAtoms/status/1147484142218752002

janavenanciomakeup.com.br

# Reference: https://twitter.com/P3pperP0tts/status/1147540932490719233

58.218.66.92:1990
xdzzt.cn

# Reference: https://twitter.com/pancak3lullz/status/748521146321035264

htver.com

# Reference: https://twitter.com/FewAtoms/status/953966104887676928

gaming4life.org

# Reference: https://twitter.com/p5yb34m/status/1147269466293592064

servicess.online

# Reference: https://twitter.com/FewAtoms/status/1147829136146219009

bizimedebiyatimiz.com

# Reference: https://www.virustotal.com/gui/domain/metoristrontgui.info/relations

metoristrontgui.info

# Reference: https://www.virustotal.com/gui/domain/forstraus.co/relations

forstraus.co

# Reference: https://twitter.com/seguridadyredes/status/1054112048559329282

printnow.club

# Reference: https://twitter.com/P3pperP0tts/status/1148122871883030528

http://118.89.185.104
111.231.142.229:9921

# Reference: https://twitter.com/david_jursa/status/1148199946618732544
# Reference: https://app.any.run/tasks/839a2d29-1bf5-4d54-bd12-e179f9d1154f/

104.203.92.254:8080

# Reference: https://twitter.com/vigilantbeluga/status/1148118035581960193

expressdatings.info
herasimaonline.biz
ohso.site

# Reference: https://twitter.com/jeromesegura/status/1006616151118397440

feelingsdi.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912

fpayyhh.com

# Reference: https://twitter.com/malware_traffic/status/1148330383634812933

sgbzw12y.club
hlilaf44erick.xyz
kherthax0yua.info

# Reference: https://twitter.com/ViriBack/status/1148364925225578497

chemright.site

# Reference: https://twitter.com/JayTHL/status/1118595885208866819
# Reference: https://twitter.com/JayTHL/status/1118650213084872705

helplog[0-9]{3,4}\.(ml|ga|gq|tk|cf)

# Reference: https://twitter.com/FewAtoms/status/1148623685412110336

creativecompetitionawards.gq

# Reference: https://twitter.com/x42x5a/status/1148603527444480000

obichereu.website

# Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632

111.30.107.131:228

# Reference: https://twitter.com/James_inthe_box/status/1148598156109799425

http://34.214.24.187

# Reference: https://twitter.com/James_inthe_box/status/1148652274727575558

apertona.com

# Reference: https://twitter.com/benkow_/status/1128639735960875010

abovethecrowd.site

# Reference: https://twitter.com/benkow_/status/1148658101463203841

ubercoupon.site

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/
# Reference: https://www.virustotal.com/gui/ip-address/195.154.255.174/relations

http://194.109.206.212
http://195.154.255.174
http://46.165.250.224
http://162.247.74.200
http://178.17.171.78
http://188.138.88.42
http://204.85.191.9
http://23.129.64.207
http://91.203.146.126

# Reference: https://twitter.com/Ledtech3/status/1148883757094645760

http://5.56.133.137

# Reference: https://twitter.com/mrmolley/status/1149120144305729536

177.37.79.206:3000
http://35.193.98.140
http://78.201.31.9

# Reference: https://twitter.com/1ZRR4H/status/1149282913751617536
# Reference: https://www.virustotal.com/gui/ip-address/91.209.70.21/relations

accesso-cupo-de-tarjeta-cl.cf
accesso-cupo-de-tarjeta-cl.gq
activacion-aumento-tarjeta-cl.cf
activacion-aumento-tarjeta-cl.gq
active-cupo-de-2-millones-avance-cl.cf
active-cupo-de-2-millones-avance-cl.gq
active-cupo-de-avances-cl.cf
active-cupo-de-avances-cl.gq
aprobacion-cupo-web-cl.cf
aprobacion-cupo-web-cl.gq
aprobado-cupo-de-avance-cl.cf
aprobado-cupo-de-avance-cl.gq
aumento-activo.cf
aumento-activo.gq
aumento-aprobado.cf
aumento-aprobado.gq
aumento-cupo-aprobacion-cl.cf
aumento-cupo-diferido-cl.cf
aumento-cupo-diferido-cl.gq
aumento-para-clientes.cf
aumento-servicios.cf
aumento-servicios.gq
aumento-validacion-cupo-de-avance-en-tarjeta-cl.cf
aumento-validacion-cupo-de-avance-en-tarjeta-cl.gq
aumento-verificado-de-tarjeta-cl.cf
aumento-web-activado.cf
aumento-web-activado.gq
avance-activo-en-cuotas-cl.cf
avance-aprobado-cl.cf
avance-aprobado-cl.gq
avance-cupo-diferido-cl.cf
avance-cupo-diferido-cl.gq
avance-cupo-diferido-personas-cl.cf
avance-cupo-diferido-personas-cl.gq
avance-cupo-informacion-cl.cf
avance-cupo-informacion-cl.gq
avance-cupo-simulador-web.cf
avance-cupo-simulador-web.gq
avance-de-aumento-cl.cf
avance-de-aumento-cl.gq
avance-de-confimacion-web-cl.cf
avance-de-confimacion-web-cl.gq
avance-de-cupo-en-linea-personal-cl.cf
avance-de-cupo-en-linea-personal-cl.gq
avance-en-linea-diferido-web-cl.cf
avance-en-linea-diferido-web-cl.gq
avance-en-linea-verificado-cl.cf
avance-en-linea-verificado-cl.gq
avance-en-linea-web-simulador-cl.cf
avance-en-linea-web-simulador-cl.gq
avance-online-cl.cf
avance-online-cl.gq
avance-personas-cuotas-diferido-cl.cf
avance-personas-cuotas-diferido-cl.gq
avance-solicitud-cupo.cf
avance-solicitud-cupo.gq
avance-web-activo-simulador-cl.cf
avance-web-aprobado-cl.cf
avance-web-aprobado-cl.gq
avance-web-confirmacion-cl.cf
avance-web-confirmacion-cl.gq
avance-web-servicios-cl.cf
avance-web-servicios-cl.gq
avances-cuotas-diferido-promo-cl.cf
avances-cuotas-diferido-promo-cl.gq
avances-online-asignado-cl.cf
avances-online-asignado-cl.gq
consulta-activacion-de-avance-cl.cf
consulta-activacion-de-avance-cl.gq
cupo-avance-credito-en-linea-cl.cf
cupo-avance-credito-en-linea-cl.gq
cupo-avance-online-cl.cf
cupo-avance-online-cl.gq
cupo-de-avance-online-cl.cf
cupo-de-avance-online-cl.gq
cupo-disponible-avance-cl.cf
cupo-disponible-avance-cl.gq
cupo-financiado-cl.cf
cupo-financiado-cl.gq
cupo-prestamo-cl.cf
cupo-prestamo-cl.gq
cupo-tarjeta-activo-cl.cf
cupo-tarjeta-activo-cl.gq
cupo-tarjeta-aumento.cf
cupo-tarjeta-aumento.gq
cupo-tarjeta-cuotas-diferido-cl.cf
cupo-tarjeta-cuotas-diferido-cl.gq
cupo-tarjeta-linea-de-credito-cl.cf
cupo-tarjeta-linea-de-credito-cl.gq
cupo-web-avance-cl.cf
cupo-web-avance-cl.gq
cupo-web-para-avance-cl.cf
cupo-web-para-avance-cl.gq
incremento-avance-en-tarjeta-cl.cf
incremento-avance-en-tarjeta-cl.gq
ingreso-cupo-de-tarjeta-cl.cf
ingreso-para-avance-cl.cf
ingreso-para-avance-cl.gq
ingreso-verificacion-cupo-de-avance-cl.cf
ingreso-verificacion-cupo-de-avance-cl.gq
ingreso-verificacion-de-avance-cl.cf
ingreso-verificacion-de-avance-cl.gq
login-avance-incremento-web-cl.cf
login-avance-incremento-web-cl.gq
login-web-avances-cl.cf
login-web-avances-cl.gq
obten-cupo-enlinea-cl.cf
obten-cupo-enlinea-cl.ga
obten-cupo-enlinea-cl.gq
obten-cupo-enlinea.cf
obten-cupo-enlinea.ga
obten-cupo-enlinea.gq
obten-validacion-cupo-web.cf
obten-validacion-cupo-web.gq
obtener-avance.cf
obtener-avance.ga
obtener-avance.gq
portal-avances-de-cupo-cl.cf
portal-avances-de-cupo-cl.gq
portal-para-avance-activado-cl.cf
portal-para-avance-activado-cl.gq
registro-de-avance-cl.cf
registro-de-avance-cl.gq
revision-cupo-tarjeta.cf
revision-cupo-tarjeta.gq
servicio-de-avance-cl.cf
servicio-de-avance-cl.gq
servicio-web-activacion-avance-cl.cf
servicio-web-activacion-avance-cl.gq
solicitud-avance-cupo-en-linea-cl.cf
solicitud-avance-cupo-en-linea-cl.gq
solicitud-cupo-de-avance-personal-cl.cf
solicitud-cupo-de-avance-personal-cl.gq
validacion-aumento-cupo.cf
validacion-aumento-cupo.gq
validacion-incremento.cf
validacion-incremento.gq
verificacion-de-aumento.cf
verificacion-de-aumento.gq
verificacion-de-avance-cl.cf
verificacion-de-avance-cl.gq
web-avance-de-tarjeta-cl.cf
web-avance-en-linea-cl.cf
web-avance-en-linea-cl.gq
web-avance-para-personas-scotia-cl.cf
web-avance-para-personas-scotia-cl.gq
www-aumento-de-avance-cl.cf
www-aumento-de-avance-cl.gq
www-avances-online-cl.cf
www-avances-online-cl.gq
www-login-retiro-de-avance-web-cl.cf
www-login-retiro-de-avance-web-cl.gq

# Reference: https://twitter.com/coderippers/status/1149312700205416448

vman22.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1149574068435218432

dgkhj.ru
fdghfghdfghjhgjkgfgjh234569.ru
hjkg456hfg.ru

# Reference: https://twitter.com/Paladin3161/status/1149456134622863360
# Reference: https://www.virustotal.com/gui/file/a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8/detection

aol.vready.cn
v2api.v6.cn
118.25.165.228:443
134.175.107.117:80

# Reference: https://twitter.com/1ZRR4H/status/1121146391127044096

http://163.172.84.54

# Reference: https://twitter.com/James_inthe_box/status/1149640703082815489
# Reference: https://app.any.run/tasks/9bb12825-d6d8-4c82-9491-c6a460196bad/

43.254.217.67:443

# Reference: https://twitter.com/KorbenD_Intel/status/1146463851526938625

http://34.68.116.148

# Reference: https://twitter.com/stvemillertime/status/1142593479966691333

http://45.32.89.133

# Reference: https://www.virustotal.com/gui/domain/pre23sence.club/relations

pre23sence.club

# Reference: https://twitter.com/RedDrip7/status/1145877272945025029

http://43.254.217.67

# Reference: https://twitter.com/killamjr/status/1150218238573404160

pictureviewerpro.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1150378625268666370

218.61.16.142:886

# Reference: https://twitter.com/P3pperP0tts/status/1150389146185342976
# Reference: https://app.any.run/tasks/d9edfd31-3526-4a6e-9657-0037a9c3ec43/
# Reference: https://twitter.com/James_inthe_box/status/1150402589449568257

82.202.221.61:4015
justdoits.pw
russianbase.ru

# Reference: https://twitter.com/P3pperP0tts/status/1150419408197693442
# Reference: https://app.any.run/tasks/bd7ea7cd-d94f-4e21-b809-864653ae59e7/

dircon88.bit
185.126.200.39:4000
185.126.200.39:4158

# Reference: https://twitter.com/JAMESWT_MHT/status/1150688427307929600

balances.duckdns.org

# Reference: https://twitter.com/nao_sec/status/1149273164058222592
# Reference: https://app.any.run/tasks/b2f81922-c7cf-4974-8a02-570ac3f440c1/

http://45.12.215.157

# Reference: https://twitter.com/James_inthe_box/status/1150794193494630401

mis.us

# Reference: https://twitter.com/James_inthe_box/status/1059087094612602881

jobs.samref.com.sa

# Reference: https://twitter.com/malware_traffic/status/856924240158896128

chaggma.com
hurtmehard.net

# Reference: https://twitter.com/Zerophage1337/status/854883694905098241

red.5efinance.net.in

# Reference: https://twitter.com/tmmalanalyst/status/796650651631505408

http://151.248.116.32
o61ulk.top

# Reference: https://twitter.com/BroadAnalysis/status/796379886738874368

di8dzlz.top
whitaker-detail.com

# Reference: https://twitter.com/oppimaniac/status/1151113181751906304

zerodayv3startedexploitpcwithexcelgreat.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

http://5.56.133.137

# Reference: https://twitter.com/James_inthe_box/status/1151222412890927104

icf-fx.kz

# Reference: https://twitter.com/FewAtoms/status/1151220766337167360

jessecom.top

# Reference: https://twitter.com/jeromesegura/status/1148289957716344832

http://213.227.154.121
azera.club

# Reference: https://twitter.com/dvk01uk/status/1151351846411390976

mrjbiz.top

# Reference: https://twitter.com/sugimu_sec/status/1151463058138525696

woeiuyfgowe.xyz

# Reference: https://twitter.com/fletchsec/status/1151553862110720006

danmaxexpress.com

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

4wereareyou.icu

# Reference: https://twitter.com/ViriBack/status/1151644173302456320

http://5.252.192.117

# Reference: https://twitter.com/ViriBack/status/1151642872778776581

http://172.86.120.238

# Reference: https://twitter.com/anyrun_app/status/1151747662011674624

charest-orthophonie.ca

# Reference: https://twitter.com/reecdeep/status/1151756075407945729

onholyland.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
# Reference: https://otx.alienvault.com/pulse/5d30c84b82e46bd810cb4957

http://37.252.15.241
http://89.105.198.28
http://185.202.174.44
http://199.189.108.71

# Reference: https://twitter.com/FewAtoms/status/1152182269454499840

baladefarms-com.ga
baladefarms.ga

# Reference: https://twitter.com/x42x5a/status/1152203190898778112

sxhts-group.com

# Reference: https://twitter.com/HerbieZimmerman/status/1152207191962767360

f72f7994.green.mattingsolutions.co

# Reference: https://twitter.com/Paladin3161/status/1151809951762964480

http://119.29.29.29
zhujb.cn


# Reference: https://twitter.com/P3pperP0tts/status/1152231737583271936

103.118.221.190:38888
111.6.76.54:959

# Reference: https://twitter.com/P3pperP0tts/status/1152538885974634496

granportale.com.br

# Reference: https://twitter.com/SBousseaden/status/1152532262589800448

78sh68279.atspace.eu

# Reference: https://twitter.com/DGAFeedAlerts/status/1151931732725293060
# Reference: https://www.virustotal.com/gui/ip-address/63.251.106.22/relations

404mobi.com
51ginkgo.com
adblock.qihuweb.com
adqwozlzb.info
aszzfjwuzngkao.com
brokenpiano.ru
ceuflaxurxy.info
down.heheelibom.com
gatherreceive.net
haprtwfitgylgiivvcaunvealzqcfq.com
heheelibom.com
kibertuz.site
m8374.net
nzizemese.info
oymjiasojevof.com
pcfixertools.biz
pcfixertools.info
pcfixertools.net
plsskq.com
ponka.biz
qicswtcvvxnmv.info
qihuweb.com
sernak.xyz
sr57mj1bcvng4yqf2y41cep8d5.com
storyhave.net
system-internals.com
systembooster.info
thisborn.net
tpyntpcnxwvsjqow.com
windows-pcrepair.com
xrjlmyhds.info

# Reference: https://twitter.com/FewAtoms/status/1152611531890331648

climapro-africa.com

# Reference: https://twitter.com/Xylit0l/status/1152980561943760896

wwkkss.com

# Reference: https://twitter.com/petrovic082/status/1152952807600939008

bruze2.ug

# Reference: https://twitter.com/bad_packets/status/1153089384884736000

silynigr.xyz

# Reference: https://twitter.com/reecdeep/status/1153248954911514625

karysmarie.me

# Reference: https://twitter.com/P3pperP0tts/status/1153257218780909568

enc-tech.com

# Reference: https://twitter.com/James_inthe_box/status/1153385401278771201

novocontador.club
thenewsystemsetup.online

# Reference: https://twitter.com/FewAtoms/status/1153714739324829696

adityebirla.com

# Reference: https://twitter.com/JayTHL/status/1153744085737512962

africanmobilenetworks.com
cxgtgdf.com
forteol.com
onwamay.in

# Reference: https://twitter.com/killamjr/status/1153760441056845824

100puntos.com

# Reference: https://twitter.com/gorimpthon/status/1153476585736925184

dellbankyzaj.com

# Reference: https://twitter.com/James_inthe_box/status/1154036514600308737

fomoportugal.com

# Reference: https://twitter.com/FewAtoms/status/1154065536596107264

http://185.62.189.153
comforitgreel.ml
jbssa.one

# Reference: https://twitter.com/luc4m/status/1154390964045254656

rgalldmn.duckdns.org

# Reference: https://twitter.com/stvemillertime/status/1151148881729789954

fullmeshnet.eu

# Reference: https://twitter.com/ViriBack/status/1155093166841892864

alldayever231.su

# Reference: https://twitter.com/DissectMalware/status/1069507395448184833

cxvbilladsoi-legal.1gb.ru
dttmasterpropriv.ml

# Reference: https://www.virustotal.com/gui/ip-address/173.231.184.61/relations

http://173.231.184.61

# Reference: https://twitter.com/FewAtoms/status/1155496035461947392

u700222964.hostingerapp.com

# Reference: https://twitter.com/MisterCh0c/status/1155725091214372864

tjcyint.ml
razorcrypter.com
systemswift.group
oymmadencilik.com.tr

# Reference: https://twitter.com/Racco42/status/1155790202306211841

http://23.81.246.28

# Reference: https://twitter.com/stvemillertime/status/1155896477195091971

s2lol.com

# Reference: https://twitter.com/James_inthe_box/status/1155845641949442048

serverstresstestgood.duckdns.org

# Reference: https://www.virustotal.com/gui/domain/xsph.ru/relations

[a-z0-9]{8}\.xsph\.ru

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

robertogowin.com

# Reference: https://twitter.com/Artilllerie/status/1155851644262920199

protest-01262505.ga

# Reference: https://twitter.com/ninoseki/status/1156110479028133889

fatmazpharmc.com

# Reference: https://twitter.com/p5yb34m/status/1155956248681930755

modexcommunications.eu

# Reference: https://twitter.com/FewAtoms/status/1156156572747390977

creativecompetitionawards.ga

# Reference: https://twitter.com/p5yb34m/status/1156420680725831680

anthasoft.mx

# Reference: https://twitter.com/pulsedive/status/1156474611015528448

103.243.26.251:8988

# Reference: https://www.virustotal.com/gui/ip-address/212.32.237.136/relations

avideo.pro
checktip.pro
checktop.pro
cools.pro
coolvid.pro
formens.pro
freenews.pro
fvideo.pro
hdcheck.pro
hdtopv.pro
kinomir.pro
kinonew.pro
klassokbot.com
msvideo.pro
mvideo.pro
nativesubscribe.pro
newsforyou.pro
newskyin.pro
notifymes.com
noteme.pro
supervid.pro
topnew.pro
topnsp.pro
trenchcur.pro
truekino.pro
tvnewtop.pro
tvtopme.pro
videokino.pro
videommm.pro
videosupers.pro
vidnew.pro

# Reference: https://www.virustotal.com/gui/domain/rigneda.ru/relations
# Reference: https://www.virustotal.com/gui/file/4466e9258c00ecb4783001c678af6da8682fac36e5dd542a59f28a29245e5efa/detection

kuitrafes.ru  # Note: found on infected machine
rigneda.ru

# Reference: https://www.virustotal.com/gui/file/27e68e5e547860a9312d751381127ac85e89eeb40d74fa04aa4ca7fbc5498e51/detection

green5news.org

# Reference: https://twitter.com/malware_traffic/status/1157037634167984128

81.171.31.247:4567

# Reference: https://twitter.com/P3pperP0tts/status/1157196635207847938

kmxxw8.com

# Reference: https://twitter.com/alex_lanstein/status/1157261034521939968

122.114.173.174:3306

# Reference: https://twitter.com/James_inthe_box/status/1157406598769213440

zywuqcxtmqtz.000webhostapp.com

# Reference: https://twitter.com/Paladin3161/status/1157425240948920321
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

legion17.icu
vidardeep4.icu

# Reference: https://twitter.com/bad_packets/status/1157720176487329792

fxxxxxxk.me

# Reference: https://twitter.com/fatihsirinnnn/status/1158440148696293376

http://23.95.212.108

# Reference: https://twitter.com/ps66uk/status/1158456891623792647

http://149.202.110.2

# Reference: https://twitter.com/DynamicAnalysis/status/1158406596533338118

fomoportugal.com

# Reference: https://twitter.com/James_inthe_box/status/1158484189685010432

http://165.22.201.28

# Reference: https://twitter.com/P3pperP0tts/status/1158666213960179712

198.44.228.10:665

# Reference: https://twitter.com/Racco42/status/1158729618389643264

gsm-security-solutions.com

# Reference: https://twitter.com/wwp96/status/1158716438598836224

aspsensewiretransfergoogle.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1158812093786857475

http://23.82.128.23

# Reference: https://twitter.com/425A_/status/1158824075676069889
# Reference: https://twitter.com/JayTHL/status/1158839203884650499
# Reference: https://www.virustotal.com/gui/ip-address/94.237.40.127/relations

1dct.ru
3dface-nn.ru
4pplus.ru
aleksvip.ru
alienss.ru
anson-lkz.ru
ariosgroup.ru
aurora-mind.ru
balakhonov-yuriy.ru
bet-club.ru
business-in.ru
child-time.ru
clean24world.ru
csgo-fun.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
downloadjimm.ru
e-engenering.ru
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
favoritklg.ru
films-smotret-online.ru
flashsgame.ru
foleco.ru
fondafon.ru
fso29.ru
gocpro.ru
grozovoy-pereval.ru
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
hochu-shoping.ru
invest-alliance.ru
irkomp.ru
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
jotdesks.ru
kartofelmoptom.ru
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kopenbar.ru
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
krugosvet-ap.ru
ksmxnerqs.com
lenobl-primorsk.ru
leorex-super.ru
lifeofbeer.ru
limo69.ru
lizoblyudnichat.ru
mix-zarabotok.ru
nazarovdesign.ru
okovci.ru
oleg-boyko.ru
parustaxi.ru
plaksa-bdsm.ru
prazd-pack.ru
protest22.ru
pu97.ru
rabotasuper.ru
retro-cinema.ru
richelle-mead.ru
rock2.ru
rosmedpravo.ru
rostov-shops.ru
rulezzwarez.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
salon-na-domu.ru
sam-go.ru
shooting-portal.ru
soft-arhiv.ru
spstav.ru
srf48.ru
srkbelayareka.ru
storeprint.ru
story-toy.ru
strekozafitness.ru
stroydvor-kanev.ru
sunkom.ru
super-boost.ru
svet-lustra.ru
ta4ila.ru
tancemaster.ru
tatnadzor.ru
trialanet.ru
triumf18.ru
tvoyabezopasnost.ru
tvz2.ru
ukspravedlivost.ru
ulitka-plitka.ru
valchenco.ru
vedyshiy-na-svadby.ru
vip-xost.ru
visiohelp.ru
vorkutasport.ru
vradujnom.ru
vs-clab.ru
vseorake.ru
waple.ru
warabase.ru
web2kochanova.ru
webpartizan.ru
winx-clubs.ru
withmychild.ru
wmspb.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
bikton43.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
ksmxnerqs.com
lizoblyudnichat.ru
richelle-mead.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
sam-go.ru
spstav.ru
web2kochanova.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
xvehpuabh.icu
yourub.ru
yzbobdl.space
zaimable.ru
zentrstroy.ru

# Reference: https://twitter.com/FewAtoms/status/1159155277695819776

dhlexpressdeliver.com

# Reference: https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis.html

http://154.222.140.49

# Reference: https://twitter.com/DynamicAnalysis/status/1159564232469417988

karlvilles.com

# Reference: https://twitter.com/FewAtoms/status/1159490383350587392

u700222964.hostingerapp.com

# Reference: https://twitter.com/FewAtoms/status/1159482237513064449

http://13.67.107.73

# Reference: https://twitter.com/FewAtoms/status/1159473273870196736

http://13.75.76.78

# Reference: https://twitter.com/nao_sec/status/1159484498569863169

fasttransfer-trafficads.xyz

# Reference: https://twitter.com/Timele9527/status/1159673642332016640

fateh.aba.ae

# Reference: https://twitter.com/James_inthe_box/status/1159834709209128961

master712.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

lnkexploit.com

# Reference: https://twitter.com/James_inthe_box/status/1159861664960749569

beastmas.club

# Reference: https://twitter.com/James_inthe_box/status/1159916671055757312

http://40.117.61.41
americanaspromocoes.ga

# Reference: https://twitter.com/James_inthe_box/status/1160150821830418432

3prokladkaeu.com
setseta.com

# Reference: https://twitter.com/FewAtoms/status/1160195673054015488

rubthemoneybear.xyz

# Reference: https://twitter.com/FewAtoms/status/1160543075372032006

sevenj.club

# Reference: https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat
# Reference: https://otx.alienvault.com/pulse/5d517a359da59958f72dc6c8

aeconex.com

# Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations

adonis-medicine.at
americanexpresscardconfirmationsystemservice.com
americanexpresscprs.at
americanexpressesitz.com
americanexpressfeedback.com
amnsns.com
associatedbnking.com
badaprutus.pw
biboressurection.info
blaerck.xyz
bozem.co
carforklou.at
carolambasola.co
carrefour-moncompte.info
chaseonlinebusinesssolution.com
chaseonlinei.com
chaseonlinenotifier.com
chasesonliines.com
chasessonline.com
cloud-start.at
cloudresemblao.top
cmarcite.net
co-operative-bank.com
contributionsthroughy.net
csh0p.ru
dioarmmonoder.at
dranidepod.org
dsntu.top
elienne.net
fitalyaka-service.at
flowjob.top
formasnetoyvnastrchine.com
furhatsth.net
garizzlas.top
genesisgrandergh.at
gohaiendo.com
handous.net
hudsonenorincludes.com
igjqwnedjgqwnqwemnta.net
instant-payments.ru
intrade-support.at
intrade-support.ru
jumpinghouse.org
kerbitsallor.us
kreewalk.com
kunden-contact-5126351253252.icu
kunden-contact-6478585764.top
landoftools.ru
manfam.co
marcoplfind.at
medastr.com
miska-server.at
moikopoli.com
mymoneywallets.com
nettubex.top
orderlynet.net
paysell.org
pooiukjadnqwdjnqasdne.com
portfos.org
postedecretosecure.info
posteitalianedecreto.top
posteitalianesicurezzadecreto.info
potomuchtosrazuskazaleb.com
quickbooks-intuits.com
rayshash.com
regeneration-data.at
safegross.com
scottfranch.org
siruksazon.us
solsin.top
statesdr.top
thefreshstuff.at
thefreshstuffs.org
thefreshstuffs.ru
thefreshstuffs.to
tiamos.co
toperdona.com
topwarenhub.top
trading-secrets.ru
try2swipe.ws
tuyngsdnfwefwef.com
ukmarket.su
usaa-communication.com
usaa-urgentrequest.com
usaacominetentproofproofingeventactioninitevent.com
usaadbfeedback.com
usaamemberservices1.com
usaamembersupports.com
vairina.top
validcc.ws
vaslbntr.ru
verificadeidatipostali.com
verify-konto-326351323.icu
waiireme.com
wellsfargosz.com
withadvertisingthe.net
zxciuniqhweizsds.com

# Reference: https://twitter.com/malware_traffic/status/1160988600391086081

http://107.173.90.141

# Reference: https://www.virustotal.com/gui/domain/orderbox-dns.com/details
# Reference: https://app.any.run/tasks/68c8f400-eba5-4d6c-b1f1-8b07d4c014a4/
# Reference: https://www.virustotal.com/gui/file/17901948c9c9f2f0d47f66bbac70592a7740d181f5404bf57c075ed6fa165b67/detection
# Reference: https://www.virustotal.com/gui/ip-address/176.119.29.14/relations

http://176.119.29.14
bbouble.xyz
cdnshop78.world
mtcunlocker.info

# Reference: https://twitter.com/stoerchl/status/1161159995217653761

zerosugaraddonexploit.duckdns.org

# Reference: https://twitter.com/p5yb34m/status/1161323938313457665

dk-rc.com/js/

# Reference: https://twitter.com/FewAtoms/status/1161981277815410688

asdklgb.ga
forconfirmation.gq
xingyang-glove.com

# Reference: https://twitter.com/chen_erlich/status/1162009562674843649
# Reference: https://www.virustotal.com/gui/ip-address/185.99.133.219/relations

http://185.99.133.219
earphorialofts.net
urbanholidaylo.net
wrigleychicago.org

# Reference: https://twitter.com/_jsoo_/status/1162039650791198720

a.ycwave.cn

# Reference: https://twitter.com/w3ndige/status/1162331454233370624
# Reference: https://app.any.run/tasks/c374d548-02b0-4419-9551-d8800388af42/

http://23.106.215.95
114.221.16.192:443
154.149.31.37:443
64.77.134.20:443

# Reference: https://twitter.com/killamjr/status/1162360718395658240

http://195.123.243.210

# Reference: https://twitter.com/FewAtoms/status/1162667333573390337

http://156.238.3.105
59.188.255.217:6320

# Reference: https://twitter.com/0xrb/status/1162955576927670272
# Reference: https://www.virustotal.com/gui/ip-address/216.224.181.16/relations

99bcare.com
apacbizpartner.com
apacsfsolutions.com
apactechbiz.com
asiapacsolution.com
b2janitorial.com
bitmailpost.com
bizventuresgroup.com
bizvertical.com
bpsservices.org
bpswired.com
bsnprotocol.com
cbxsystematics.com
cliquedasia.com
comcleanserv.com
connexionweb.net
csbizsolution.com
csbprofile.com
cstechnology.org
directitsolutions.com
enterpriselevelsolutions.com
expressstrategy.net
file-keeps.com
firstclassit.net
fluxserveasia.com
globalitbuilder.com
great-tec.com
idealprospecting.com
infotechsoln.com
innovationtech-asia.com
insidesalesinc.com
intellibiz.net
istglobal.net
it-salesmktg.com
kickstartsalesforce.com
knitgeek.com
lamultispecialty.com
mail-bounce.com
medassistforte.com
medsolutionscare.com
merchadvisors.com
multichannelmktg.com
realtech-international.com
rhipecloud.com
secureditgroup.net
sf-apac.com
softbizsoln.com
softitcare.net
softstreams.com
softtechenterprise.com
technocloudxpert.com
techpacific-international.com
tecnevo.com
tecqna.com
thebusinessdrift.com
thesoftwareenterprise.com
thewisesoln.com
thunderlinkz.com
tradespecialistgroup.com
ultimateintelligence.net
universalitbiz.com
vitrexa.com
wallstreetguru.info
worldsfinestservice.com
xpresstrategy.net
zenbitsolution.com
zenithnetworxs.com

# Reference: https://twitter.com/FewAtoms/status/1163043154628624385
# Reference: https://www.virustotal.com/gui/file/94543f02145c8cbc924fe6a4229b16f3b1d2988c6db4b66df5cd766322982f93/detection
# Reference: https://www.virustotal.com/gui/file/5e505f7876fbde8e323f698982f189b12be25569113a2426d6f6f8dda0e7d8be/detection
# Reference: https://www.virustotal.com/gui/file/300ece5931709d15dfd9a5ddce2f69ec6aa7466277a0a0edba134375bf2c20be/detection
# Reference: https://www.virustotal.com/gui/file/4ed245f6ae78a3a39543d865c0660c5dab39bcee18ee1abb212d8a3893e6584a/detection

http://193.112.160.173
193.112.160.173:33221
193.112.160.173:55421

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

sexshops.site
sreex.info
sygicstyle.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163565834343632897
# Reference: https://app.any.run/tasks/04a0a774-dd16-43bd-a966-2a35ca66fe70/
# Reference: https://pastebin.com/Lv0KAQ0k

dogware.pw
cy91219.tmweb.ru
cy[0-9]{5}\.tmweb\.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1163736730371022848

nainyet.casa

# Reference: https://twitter.com/gorimpthon/status/1163616173860122624

evaglobal.eu

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

http://194.58.38.50
http://194.58.58.70

# Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/James_inthe_box/status/1163880851236462592

bulehero2019.club
kingminer.club
oiwcvbnc2e.stream

# Reference: https://twitter.com/KorbenD_Intel/status/1163929665230299137

u700222964.hostingerapp.com

# Reference: https://twitter.com/WarlordLestat/status/1164118573872271360

malikom.xyz
mrtcom.space
rainit.xyz
sauronn.host
sidom.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1164140106095177731
# Reference: https://app.any.run/tasks/0c5278c0-d505-4873-b612-9318dbbc2733/

101legit.com
legitville.com
moskaumoskau.com
savemax.store

# Reference: https://twitter.com/n0p1shing/status/1164150184517033986

akudobia.com

# Reference: https://twitter.com/VK_Intel/status/1164194019930497025

vregbqeg.com

# Reference: https://twitter.com/dms1899/status/1164699178527842304

dngerpppsa.xyz

# Reference: https://twitter.com/bad_packets/status/1165041748772438016

fuckingmy.life

# Reference: https://twitter.com/JAMESWT_MHT/status/1165942869359759361

xyskyewhitedevilexploitgreat.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166243679058694145

statexadver3552mn12.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1166252297124552704

collinsserver.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1166278659629408257
# Reference: https://app.any.run/tasks/acaedaa7-fbe2-4139-b190-edaebc601c08/

http://45.76.113.195

# Reference: https://twitter.com/FewAtoms/status/1166319332051128320

http://161.202.40.99

# Reference: https://twitter.com/malware_traffic/status/1166114783676051456

statexadver3552mn12.club

# Reference: https://twitter.com/DynamicAnalysis/status/1166433211548913668

filebase.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166491923911184385

owak-kmyt.ru
pdofan.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1166721502579974146

curly-bar-8ce5.myloaders.workers.dev
young-bonus-b8e4.myloaders.workers.dev

# Reference: https://twitter.com/James_inthe_box/status/1166683407943794688

chernovik55.ru

# Reference: https://twitter.com/P3pperP0tts/status/1166782653623918592

brizy5.ru

# Reference: https://app.any.run/tasks/b79f8f2f-d8d9-4f39-ad9c-4feae85babdf/

mailadvert19.world

# Reference: https://twitter.com/FewAtoms/status/1167070059010953218

background.pt

# Reference: https://twitter.com/bad_packets/status/1167336978041303040

stresser.cc

# Reference: https://twitter.com/JAMESWT_MHT/status/1167443194033901568

i03kf0g2bd9papdx.com

# Reference: https://twitter.com/CyberRaiju/status/1167445076248645632

windows-update-01-en.com

# Reference: https://twitter.com/JayTHL/status/1167666533260304385

azuremoonentertainment.mobi

# Reference: https://twitter.com/nao_sec/status/1167797188363055105 (CVE-2018-15982)
# Reference: https://app.any.run/tasks/49618924-ee31-4ed7-9669-17e0816f59a4/

http://82.146.59.230
gw.brownsine.com

# Reference: https://twitter.com/P3pperP0tts/status/1167890224644362241

k1ristri.ru

# Reference: https://twitter.com/FewAtoms/status/1168131803560984577

accoun2-sign1-secur-ace324490748.com

# Reference: https://www.virustotal.com/gui/file/7d48a6706013036266dbcd44aa7528d9e9331de0e9214b564255b96b5767b282/detection

absetup5.icu

# Reference: https://twitter.com/Paladin3161/status/1168863588015935488

sebains.kozow.com

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

farnbrands.com

# Reference: https://twitter.com/JayTHL/status/1169000377120935941

rdmapperels.com

# Reference: https://twitter.com/angel11VR/status/1169155232447762437

ukr1.net

# Reference: https://twitter.com/malware_traffic/status/1169312743956066305

http://45.142.212.25
dersed.com

# Reference: https://twitter.com/FewAtoms/status/1169333693325946880

macvin.5gbfree.com

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

fomoportugal.com

# Reference: https://twitter.com/malware_traffic/status/1169358788748615680

http://179.43.169.43
wyyjacky.club

# Reference: https://twitter.com/P3pperP0tts/status/1169642311942397954

brizy5.ru
ho3fty.ru
j990981.ru
seraph15.ru
valerana44.ru
ww2rai.ru

# Reference: https://twitter.com/malwrhunterteam/status/1169638468647096321

http://10.103.2.247

# Reference: https://twitter.com/JayTHL/status/1169688507700457472

waymahikatudor.com

# Reference: https://twitter.com/blackorbird/status/1169859337709207552

http://220.158.216.134

# Reference: https://www.virustotal.com/gui/domain/tomx.xyz/relations

tomx.xyz

# Reference: https://twitter.com/SecSome/status/1169972222439690241
# Reference: https://app.any.run/tasks/21339218-b4fd-4084-95d5-5c42fed4c71d/

204.152.219.82:9008
jobmalawi.com

# Reference: https://twitter.com/Zerophage1337/status/1007645365133246464

http://199.192.19.133
http://91.210.104.247

# Reference: https://twitter.com/FewAtoms/status/1170323745195663360

aagaeyarintz.com

# Reference: https://twitter.com/James_inthe_box/status/1170641393875742720
# Reference: https://www.virustotal.com/gui/domain/educationaltools.info/relations

educationaltools.info

# Reference: https://twitter.com/tkanalyst/status/1170688633172443139
# Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/

digimonex.host
mailadvert917dx.world
umbr.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1170726870519824384

pp-back.info

# Reference: https://twitter.com/ViriBack/status/1170731470039789568

fiscalia.ga

# Reference: https://twitter.com/ViriBack/status/1170728460781871105

http://51.15.252.204

# Reference: https://twitter.com/FewAtoms/status/1171076098244919297

http://23.106.124.142

# Reference: https://app.any.run/tasks/1765b64a-78f0-4360-afaf-6ba886a6d72f/

http://195.123.242.175

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/
# Reference: https://otx.alienvault.com/pulse/5d77a74893cf13ee33a1000f

http://141.98.216.130
nw.brownsine.com
zopso.org

# Reference: https://twitter.com/tkanalyst/status/1171572121648033792

starserver715km.world

# Reference: https://twitter.com/reecdeep/status/1171365416180080640

bobbychiz.top

# Reference: https://twitter.com/trungduc751995/status/1171693318117281793
# Reference: https://otx.alienvault.com/pulse/5d78e9388461b273c265778e

http://35.224.233.140

# Reference: https://twitter.com/killamjr/status/1171849775911772165

globalpaymentportal.co

# Reference: https://twitter.com/sugimu_sec/status/1172058813177851904

aliiydr.xyz

# Reference: https://twitter.com/gigafio/status/1172102628546924545

alhaji.top

# Reference: https://twitter.com/Paladin3161/status/1171954425780289542

qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1172122495652155392

mewahgroup.pw

# Reference: https://twitter.com/rpsanch/status/1172548993177522176
# Reference: https://app.any.run/tasks/f24e56fa-c8b8-4b7d-99b0-2975e04429fa/
# Reference: https://otx.alienvault.com/pulse/5d921f7a6ff5154cba005284

213.252.246.80:448
213.252.246.80:80
213.252.246.80:8888
8933-16423.bacloud.info
mtcareers.myftp.org
mantechcareers.serveftp.com
ngcareers.myvnc.com
northropgrumman.sytes.net

# Reference: https://www.virustotal.com/gui/domain/lalitmumbai.net/relations
# Reference: https://app.any.run/tasks/086e4aa9-1ece-441a-a5c3-eb8879d26e2e/

lalitmumbai.net

# Reference: https://twitter.com/jeFF0Falltrades/status/1173300902242988032
# Reference: https://otx.alienvault.com/pulse/5d7f50c9b115a641c04aacd6

dapoerwedding.com

# Reference: https://twitter.com/Racco42/status/1173547031979278336

fomoportugal.com

# Reference: https://twitter.com/struppigel/status/1173883825333706752
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/
# Reference: https://documents.trendmicro.com/assets/Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C&C.pdf
# Reference: https://www.virustotal.com/gui/file/f8bf2120bdec3da240bf4a56760ee42d045e42ec4ae1d261774ff13fc2cb7cc0/detection

http://95.179.168.23
http://144.202.19.31
diangovcomuiscia.com
eltiempocomco.com
medicosempresa.com

# Reference: https://twitter.com/FewAtoms/status/1173982410951839745

http://185.250.240.84

# Reference: https://twitter.com/reecdeep/status/1174270764461244417

indta.co.id

# Reference: https://twitter.com/wwp96/status/1174311496639221760

this-a22.tk

# Reference: https://twitter.com/James_inthe_box/status/1174336699112906752

hushpan.icu

# Reference: https://twitter.com/FewAtoms/status/1174350146768965636

http://34.87.96.249

# Reference: https://twitter.com/blackorbird/status/1174894127378358272

http://141.98.213.198

# Reference: https://twitter.com/DbgShell/status/1174997242425565185

xozidazatibotiko.ddns.net

# Reference: https://twitter.com/JayTHL/status/1175248668502437888

discribechnl.com
menukndimilo.com
raatphailihai.com

# Reference: https://app.any.run/tasks/ce52b6fb-5444-4d4d-9071-aa4a3d4d0f52/

http://185.206.212.65

# Reference: https://twitter.com/illegalFawn/status/1176077657311764480

sicurezzaonline.info

# Reference: https://twitter.com/luc4m/status/1176045112469725184

http://216.170.126.139

# Reference: https://twitter.com/P3pperP0tts/status/1176831679106826240

systemgooglegooglegooglegooglegooglegoole.warzonedns.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048

redmoscow.info

# Reference: https://twitter.com/h4ckak/status/1112953627478351874
# Reference: https://app.any.run/tasks/72dd9d2e-5d7d-412a-830b-d2bd59f98760/
# Reference: https://www.virustotal.com/gui/file/f99cb5b099030834f84c5053b1610e911727673767dd9a6a938a13f1da9d6a33/detection

88.80.144.9:9987
exchangeser.com

# Reference: https://twitter.com/SaudiDFIR/status/1177740045186457600
# Reference: https://app.any.run/tasks/7ad3c08f-c1d1-4893-8227-3c47ed1ebe81/

http://96.9.211.157
afsasadaslfo3d3.xyz
almagel.icu
artrolife.club
soul-fly.xyz
supremeconnect.xyz

# Reference: https://twitter.com/FewAtoms/status/1177940330655543302

202.168.151.38:3880

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496

whoil.club

# Reference: https://twitter.com/Edgespot_io/status/1069690604198682624

34.227.171.221:8080

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html

cindysonam.org

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

kiskakisska.xyz
xyxyxoooo.com

# Reference: https://twitter.com/0xFrost/status/1179128508817260545
# Reference: https://app.any.run/tasks/c08c12cc-4a9f-44f4-9aa7-ef11900a8bc8/

wirelord.us

# Reference: https://twitter.com/tkanalyst/status/1179174693963587584
# Reference: https://app.any.run/tasks/a2ef7bde-fc71-4f7e-9246-1af8f16b5e6b/

crasyhost.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-08-14-microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253/microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253.csv

missaruba.aw

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-05-04-drive-by-downloads-attack-adobe-zero-day-flaw/drive-by-downloads-attack-adobe-zero-day-flaw.csv

jeentern.dyndns.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-12-14-inside-adobe-reader-zero-day-exploit-cve-2011-2462/inside-adobe-reader-zero-day-exploit-cve-2011-2462.csv
# Reference: https://www.virustotal.com/gui/file/c6072e6446c1641d35e1e471adf4ce533f0615a0365168728bcefe4df2d213ff/detection

prettylikeher.com

# Reference: https://twitter.com/James_inthe_box/status/1180128778229444608
# Reference: https://twitter.com/P3pperP0tts/status/1180141309685837825

corpcougar.com
corpcougar.in

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-03-rtf-attack-takes-advantage-of-multiple-exploits/rtf-attack-takes-advantage-of-multiple-exploits.csv

aulbbiwslxpvvphxnjij.biz
invoice-accounts.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2015/2015-05-18-malware-spreads-facebook-tag-scam/malware-spreads-facebook-tag-scam.csv

exusers.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-02-hackers-bypassed-adobe-flash-protection-mechanism/hackers-bypassed-adobe-flash-protection-mechanism.csv

korea-tax.info

# Reference: https://twitter.com/YttriumSec/status/1180101251855343616

http://115.159.87.251

# Reference: https://twitter.com/FewAtoms/status/1180819300476755969

http://34.87.19.73

# Reference: https://twitter.com/jishuzhain/status/1181201933714911232

103.99.2.65:1010

# Reference: https://twitter.com/ecarlesi/status/1181522701195849728

downloadtg4.website

# Reference: https://twitter.com/P3pperP0tts/status/1181547444837986304

http://43.255.241.160

# Reference: https://twitter.com/JAMESWT_MHT/status/1181616566024183809

http://209.141.42.23

# Reference: https://twitter.com/0xFrost/status/1182037064344322053

5571875.info

# Reference: https://twitter.com/P3pperP0tts/status/1182225501387141120

http://31.44.184.123
goji-actives.net

# Reference: https://twitter.com/benkow_/status/1182604054742085632

wisecleaner.cleaning

# Reference: https://twitter.com/JAMESWT_MHT/status/1182613351425368066

taskhostw.com

# Reference: https://twitter.com/James_inthe_box/status/1182703889012813824

http://198.23.202.49

# Reference: https://twitter.com/P3pperP0tts/status/1182968741283454977

madnik.beget.tech

# Reference: https://twitter.com/0xFrost/status/1182973846208598017
# Reference: https://pastebin.com/M70QQdqJ

installpack.net

# Reference: https://twitter.com/ViriBack/status/1183098116263858176

taxjustice-usa.org

# Reference: https://twitter.com/ViriBack/status/1183157722348433413

gayaju.com

# Reference: https://www.virustotal.com/gui/domain/paletoxyz.com/relations

paletoxyz.com

# Reference: https://twitter.com/ecarlesi/status/1183415444612485120

inationnetwork.xyz

# Reference: https://www.virustotal.com/gui/file/62010ae6b25999cbc37c935c163285f571294f4732965c66b9233a7573c13c10/detection

w.googlex.me
m.googlex.me

# Reference: https://twitter.com/w3ndige/status/1171159313865465856

http://108.62.118.233

# Reference: https://twitter.com/w3ndige/status/1168437823193669632

posqit.net

# Reference: https://www.virustotal.com/gui/domain/accessheler.com/relations

accessheler.com

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

http://45.114.8.161

# Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/

http://167.114.95.127

# Reference: https://twitter.com/ffforward/status/1184379075642773505

show-qo13.tk

# Reference: https://twitter.com/P3pperP0tts/status/1184405805648564226

qisqholden.com

# Reference: https://twitter.com/tkanalyst/status/1184825216033099777

185.193.26.154:14596
186.4.254.199:18941
vwxqv.xyz

# Reference: # Reference: https://twitter.com/tkanalyst/status/1188778602306818048

173.26.52.16:13821
202.91.248.237:17613
hxfiqz.dynu.net

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

fbigov.website

# Reference: https://twitter.com/FewAtoms/status/1185249656235843588

afrimarinecharter.com

# Reference: https://twitter.com/JayTHL/status/1185303303892033536

thekukuaproject.com

# Reference: https://twitter.com/FewAtoms/status/1185980535497207808

collierymines.com

# Reference: https://twitter.com/albertzsigovits/status/1186255610163187714

logover.su

# Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html
# Reference: https://otx.alienvault.com/pulse/5dadb6fad17367c025d25421

abcxyz.stream

# Reference: https://twitter.com/James_inthe_box/status/1186363546155663360

0b8a67f7.ngrok.io

# Reference: https://twitter.com/wwp96/status/1186365682520338434

granuphos-tn.com

# Reference: https://twitter.com/smica83/status/1186520175467810817
# Reference: https://www.virustotal.com/gui/domain/taamgol.com/relations

taamgol.com

# Reference: https://twitter.com/wwp96/status/1186637571876630529

46.183.220.10:1010

# Reference: https://twitter.com/JAMESWT_MHT/status/1186641478996639745

cloudown.icu

# Reference: https://app.any.run/tasks/83bf663d-6020-4186-970e-3c50b842510c/

newandupdates1234.blogspot.com

# Reference: https://twitter.com/FewAtoms/status/1186676588013899776

http://151.80.8.7

# Reference: https://twitter.com/ANeilan/status/1186847142113173504

diporpef.com

# Reference: https://twitter.com/j_rom_/status/1184880435219849218

amz-syndication.com

# Reference: https://twitter.com/fatihsirinnnn/status/1186938514845380608

acmestoolsmfg.com

# Reference: https://twitter.com/P3pperP0tts/status/1186988588656934913

tourscentralasian.com

# Reference: https://twitter.com/wwp96/status/1187023690636152832

romanceobsessed.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187296372833357825

http://5.188.9.33

# Reference: https://twitter.com/dms1899/status/1187270160220147712

modexcourier.eu

# Reference: https://www.virustotal.com/gui/ip-address/161.117.41.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/161.117.8.4/relations

abs-glt.com
akinsab.ru
app-comercialex.top
aucklandcustom-nz.com
avgsupport.info
bkam.tech
capeplcinc.com.ua
casmagnat.rocks
clinefr12.com
clotiahs.info
cremeroloe.com
doosamnt.com
dotmpegjdj.com
echaintool.info
efore.info
esetsupport.info
famoosonutt.com
fueda.info
gidnik.com
gihf2.com
gracetime.tech
grindtreue.online
grindtruex.online
gunmak-com.tk
higomanga.info
jajar.ru
jer23.com
jobttast.com
kaburto.info
knt73.com
kord23.com
mikeservers.eu
modcloudserver.eu
modexcommunications.eu
nestp11.com
niiqata-power.com
offsolo-gbb.tech
oker1.com
oldendroff.com
pache22.com
paramountemporium.vip
peaches19.com
posqit.net
priv112.com
qoqip.com
quecik.com
rnuganbank.com
roumines.com
saturatix.top
siiigroup.com
smart-net.rocks
sun-clear.net
sylvaclouds.eu
torresansrl-it.com
tr0nsf01.org
tr30nfs01.com
tsep13.com
tyler14.com
uloego.info
vcmcompanys.com
vinaprio.com
wgeise4.com
xinblasta.us
yuxinproteins.com
zhchlt.com

# Reference: https://twitter.com/petrovic082/status/1187762565969043457
# Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/

neroolive.org
ring1.ug

# Reference: https://www.virustotal.com/gui/domain/aklianfa.com/relations

aklianfa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1188005690130026498

http://193.26.217.230

# Reference: https://twitter.com/DissectMalware/status/1006784787854581760

111.73.46.110:7717

# Reference: https://twitter.com/InQuest/status/1188373526622941186

lritck.tk

# Reference: https://twitter.com/JayTHL/status/1188801316417687552

http://37.1.219.172

# Reference: https://app.any.run/tasks/24cc7183-7345-46f6-b26e-1e173d9c98a9/

d1c56b05.ngrok.io

# Reference: https://twitter.com/JAMESWT_MHT/status/1188856141633261570

blockchainblogger.club

# Reference: https://twitter.com/FewAtoms/status/1188858041686466561

enkaypastri.com

# Reference: https://twitter.com/DrStache_/status/1188917585540276224

torishima-qa.com

# Reference: https://twitter.com/david_jursa/status/1189155057834647552

thekokokoupd.online

# Reference: https://app.any.run/tasks/4c6e0f94-e147-47ca-9467-c3864047439f/

lkdff.com

# Reference: https://twitter.com/wwp96/status/1189236233613889538

frenddizoni.org

# Reference: https://twitter.com/OttoScav/status/1189220259842187264

213.152.160.146:1010

# Reference: https://app.any.run/tasks/986f65f5-5208-4133-b9af-c993edcc1e34/

http://199.195.254.187

# Reference: https://twitter.com/James_inthe_box/status/1189287512684019714

oz-dn.org

# Reference: https://twitter.com/w3ndige/status/1189301536691752960

http://74.118.138.167

# Reference: https://twitter.com/ViriBack/status/1189329887074619395

arbistars.com

# Reference: https://twitter.com/wwp96/status/1189536892322304002

uzojesse.top

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://185.193.125.135

# Reference: https://twitter.com/killamjr/status/1189717599040528386

esascom.com

# Reference: https://twitter.com/InvertedLina/status/1189940700311379968

amana-agro.com

# Reference: https://www.virustotal.com/gui/ip-address/23.227.207.137/relations

http://23.227.207.137

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667

http://107.181.175.118
http://149.154.67.19

# Reference: https://twitter.com/unmaskparasites/status/1184973893225865222

dropboxfiles.net
mydropboxfiles.com

# Reference: https://twitter.com/killamjr/status/1190087811803815936

http://51.89.163 174

# Reference: ttps://twitter.com/pmelson/status/1190419506620981248

azuredatabox.azureedge.net

# Reference: https://pastebin.com/29uSdMAk

chinalarnpbase.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html (# Win.Trojan.Socks-7363151-0)

blinko-usa.com
fewfwe.net
satellife.info

# Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577
# Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26

5.100.251.106:443
5.100.251.106:80

# Reference: https://app.any.run/tasks/2be23d42-242b-47bc-8d0f-76a5b80e7a4b/

1xv4.com

# Reference: https://app.any.run/tasks/e15b03be-14d2-49c0-b6c1-04249d0783f1/
# Reference: https://www.virustotal.com/gui/domain/stroytrest19.by/details

stroytrest19.by

# Reference: https://twitter.com/tkanalyst/status/1190975614766833664

http://198.199.104.8
shophandbag.store

# Reference: https://twitter.com/wwp96/status/1191013406175830017

racetech.club

# Reference: https://twitter.com/ViriBack/status/1062544747062050817

web-bancadigitalbod.com

# Reference: https://twitter.com/ViriBack/status/989663475445190656

pf-pv.xyz

# Reference: https://twitter.com/fumik0_/status/968070745766154240

updatecenter.ru

# Reference: https://twitter.com/FewAtoms/status/1191349702920474625

http://35.247.253.206
