# Copyright (c) 2014-2018 Miroslav Stampar (@stamparm)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/

madh0use8.no-ip.org

# Reference: https://www.virustotal.com/en/domain/vajityu.club/information/

vajityu.club

# Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx

aepahphahv.co.vu
aisohcaehi.co.vu
anothertembr.cf
anothertembr.ga
anothertembr.gq
anothertembr.ml
chughaiquu.co.vu
eewujoopai.co.vu
faeceedaba.co.vu
iewohpotae.co.vu
kladara.ml
meicashala.co.vu
rooniebohl.co.vu
sheibohchu.co.vu
sootateiso.co.vu
xooseishoh.co.vu

# Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/

facetwop.ru
rulething.ru
montirose.com

# Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100

server2.bjdnxbgp3.ru
bogerando.ru

# Misc (incidents)

devomchart.com
getmyhouse.net
gimail.com
ginbig.com
moksaduqqovlof.net
observatorystarsoh.net
runningwayforsun.net
locatedforporternok.net
addressbooklocater.net
alarg53.ddns.net
kiliposturgy22.no-ip.biz
beatyourmeatwhileweeat.com
qibrasob.ru
zibravopl.ru
forgiveme.workisboring.com
kyelines.ddns.net
nethunter.duckdns.org
1juni103.no-ip.biz
2juni103.no-ip.biz
3juni103.no-ip.biz
4juni103.no-ip.biz
5juni103.no-ip.biz
6juni103.no-ip.biz
7juni103.no-ip.biz
8juni103.no-ip.biz
9juni103.no-ip.biz
75ulqnwb.ru
i7gd9ultgx.ru
v99ay4wuo.ru
gd14hp0u6x.ru
qsqjeuno53.ru
aplikacii.com
dac.911domain.com
dd.911domain.com
pirata-88.zapto.org
rp.911domain.com

# Reference: https://www.virustotal.com/en/file/6c18145ff39653968002e268066144ccabc61a6da4373a6bc0db9494374c484b/analysis/

nerujeo.zapto.org
nerujeo.no-ip.org

# Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/

lightsmokesky.net
segateslondo.ru
devomchart.com
lemotgraph.com
wittersphere.net
monitmock.su
monitnear.ru
zapoio.com
napalmstories.su
jabberstorm.su
photohubchart.com
thoughtdog.net

# Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/

wanmeishua.com

# Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl

alsblueshelpt.nl

# Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/
# Reference: https://cymon.io/46.166.165.114

46.166.165.114
committeedub.com
09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link
cekmakasabasa.com
0oers58juxhcm7e.aze.link
yadakbloghesaplar.link
www.aze.link
aze.link
fsafakfskane.net
cclamarablog.xyz
cutecatworldhappy.website

# Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/
# Reference: https://cymon.io/181.174.164.3

181.174.164.3
adobeflashplayernew.com
adobeflashplayernew.org
adobeplayerdownload.com
adobeuploadplayer.com
adobeflashplaayer.com
flashplayeerupdate.com
adobeupdateplayer.com
adobeupdateplayeer.com
adobeupdateflash11.com
update-flash-player.org
adobeflashupdate.org
updateflashplayer11.com
alarkamaravaas.pw
lin.kim
cutecatworldhappy.website
abaza.ninja
shoppet.net
aze.link
q0a2wqepvhz8ame.aze.link
samaravablog.pw
weightloss-secrets-revealed.net
gomen.ninja

# Reference: https://www.snort.org/rule_docs/1-30285

palauone.com

# Reference: https://marc.info/?l=emerging-sigs&m=135207116130028

whatandwhyeh.com
manymanyd.com
traindiscover.com

# Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617

bktwenty.com
adbullion.com
sleeveblouse.com

# Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951

meherdelam.com
fordulak.com
germerand.com

# Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/

meherdelam.com
royalbankofcanadahelp.com
dns8.ffv3.ru
dns9.ffv3.ru
royalbankservicescheck.com

# Reference: http://www.urlvoid.com/scan/recenthosts.ru/

recenthosts.ru

# Reference: https://www.siteadvisor.com/sites/intelcorpsg.com

intelcorpsg.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx

cyber7.bit

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx

fionades.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx

cgi.dubkill.com

# Reference: https://www.virustotal.com/en/file/bb7238944240e9eeee1371e1970cbd5d7697180b0ba1436ef7e62da3d97438db/analysis/

srv5020.net
srv5010.net

# Reference: https://www.hybrid-analysis.com/sample/95b5ef4e0284f82d4f6e68d750645f3475e174e10a2c33da18e372a212976a8d?environmentId=100

bestfriendsroot.com
consaltingsolutionshere.com
kimdotcomfriends.com

# Reference: http://www.porezna-uprava.hr/Lists/Vijesti/Vijest.aspx?ID=1979

porezna-uprava.net

# Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120

fina.online

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

blooping.ovh.net
salako.net

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

ns7.hadara.ps

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

himynameisnoah.su
ichockealotkrug.com
idontlikeitwhenyoudoit.ru
iliketopunchnoah.com
justreggitifyouknowit.ru
karnevallizdageil.com
merhabaslm.su
wheniseeyourdedows.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

joaosgk03.sytes.net
spectrun2008.no-ip.org

# Reference: https://twitter.com/ps66uk/status/1037866649435729921

widewiderangers.fun

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section)

http://122.14.210.142
http://141.8.225.75
http://198.46.86.224
http://43.230.143.219
www.americasculturalstudies.net
www.danhbaviet.com
www.kegodanang.com
www.sevbizleadservices.com
www.siyaghasourccing.com
www.vhecha.com
www.www970234.com

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0)

amniyatgostariranian.ir

# Reference: # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0)

codelux2017.ddns.net
ducklife.ddns.net
homersides.duckdns.org
skypeprocesshost.ddns.com.br
wandersongay.ddns.net

# Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html

2bunny.com

# Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/

vv338.com

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

laserjetpro.com

# Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680

manapowermta.us

# Reference: https://twitter.com/jonaha92/status/1045344161690505217

11m.online

# Reference: https://twitter.com/blu3_team/status/1046054098884349953

images.laofamilymerce.com

# Reference: https://twitter.com/blu3_team/status/1037854618477383681

tub.gotomental.com
/bin/page/hpsrv.tmp

# Reference: https://twitter.com/blu3_team/status/1033356637543825408

nhatbao.chatpacific.com

# Reference: https://twitter.com/blu3_team/status/1030263686001246210

v2.buydiamond.hk

# Reference: https://twitter.com/blu3_team/status/993121509643378688

fb-dn.net/disrt/
ap12.ms-update-server.net

# Reference: https://twitter.com/blu3_team/status/988204223975305218

kmbk8.hicp.net

# Reference: https://twitter.com/blu3_team/status/981659638776115200

unnews.freetcp.com

# Reference: https://twitter.com/blu3_team/status/971351907095711745

baoin.baotintu.com:8001

# Reference: https://twitter.com/blu3_team/status/968588888867393536

news.voteandreahorwath.com
/polar-beer/election2018/info.html

# Reference: https://twitter.com/blu3_team/status/964324749106130944

zero-emissioncar.org

# Reference: https://twitter.com/blu3_team/status/958573054052978688

weather.gbaycruise.com

# Reference: https://twitter.com/blu3_team/status/956144807554043906

teredo-update.com

# Reference: https://twitter.com/blu3_team/status/951759637816205312

chrome.softupdate.xyz

# Reference: https://twitter.com/blu3_team/status/951658055858622464

mktnplace.com:81

# Reference: https://twitter.com/blu3_team/status/951647866531057665

nubpubwizard.jetos.com
worktrs.wikaba.com

# Reference: https://twitter.com/blu3_team/status/950126294137819136

thestar.live

# Reference: https://twitter.com/blu3_team/status/950124083332689920

newmysticvision.com

# Reference: https://twitter.com/FewAtoms/status/1045358651307962369

lse-my.asia

# Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376

firefox-addons.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/rat_nest/iocs.csv

xvczasiu.freeddns.org
ro-bucharest.ra4wvpn.com
rkoertig.jumpingcrab.com
getpoopedonkid.freedns.tech
jlux123.no-ip.biz
stomedykira.freedns.tech
jmcoru2.appleupdate.xyz
machination.dynu.com
league.runescape.csgo.siliconrouting.pw
gnu.linuxrepository.xyz
nn12.chickenkiller.com
devteam.ddns.net
grovt.duckdns.org
home.maddiewang.com
seekingpvp13.ddns.net
alrightlad.chickenkiller.com
antisec8394.no-ip.info
skinscats.duckdns.org
loudpack101.ddns.net
hitmefag.hitmefag.cf
iufgaj.hopto.org
deymoss.duckdns.org
omgrektomgrekt.ignorelist.com
machination.duia.in
intexylo.ddns.net
xekush32.chickenkiller.com
dellboy22.couchpotatofries.org
hujscsrs.servehalflife.com
chathanz.dynu.com
blackjack.alcatelupd.xyz
jmcoru.alcatelupd.xyz
bfbackup.baepaws.ru
fbiserver.ignorelist.com
zealservice.ddns.net
sphiinxballert.gotdns.ch
babybabyratta.csgoblock.com
network.systemsecurity.cf
csgodoubleee.csgoblock.com
eagleeyenike.dankdns.xyz
jmcoru.fagdns.com
indablood.chickenkiller.com
godsechf.chickenkiller.com
buildcheck.zapto.org
putty123.ignorelist.com
dangermm.no-ip.biz
1991668.crabdance.com
cool.freedns.tech
supremeisgay.ns0.it
aminzzzzz.no-ip.biz
a4ti3ec5089.no-ip.info
shinezz.duckdns.org
peet11.crabdance.com
logicistheman.freedns.tech
csgos.freedns.tech
aixzvcxvnz.fagdns.com
kinval456.ddns.net
wezeen578.fishdns.com
getversionid.myftp.org
timelogs.freedns.su
layziebone009.ddns.net
zarasrl2016.ddns.net
ookey.linkpc.net
cool.londonstresser.uk
thyshallascend.tinydns.tech
luminost.freedns.tech
lmaobox.systemsecurity.cf
classiccream.hopto.org
poker.whizwhener.ru
duckyforyou22.dynu.com
conelobriks.hopto.org
hehehe.no-ip.info
destinified.ddns.net
mshal.mooo.com
rattingskid.duckdns.org
microsoftupdatetool.no-ip.org
pabloescobar.freedns.su
googledoc.duckdns.org
akaros79.no-ip.biz
localservice.ddns.net
justicebro.linkpc.net
updatechecker.myftp.biz
z33k.chickenkiller.com
watchingj.ddns.net
jmcoru.ddns.net
cleinttwelve.ddns.net
seperatemyself.dramacenter.xyz
sp00ky.myftp.biz
donkeykong.dankdns.xyz
zilinxgroup.ddns.net
iamawesome.freedns.tech
dellboy12.ditchyourip.com
mathew79.no-ip.biz
indablood.ignorelist.com
vivekhaxor007.ddns.net
carlos1388.ddns.net
daniyel.zapto.org
xuofmx.alcatelupd.xyz
www.ing.nl.fbbsbe.eu
machination.fishdns.com
hitme.struggle.cf
game.mruni.club
manbks123.ddns.net
mocklngblrd.freedns.su
randomlovezs.duckdns.org
coralgroups.no-ip.biz
blogpiu.sytes.net
mcfunny146.fishdns.com
justdiehood.fishdns.com
k3k3rekt.duckdns.org
whowas.strangled.net
z33k1337.mooo.com
audioadapter.fishdns.com
psyborg.strangled.net
insanitypks.chickenkiller.com
upman.ddns.net
redtr.dumb1.com
superhackmods.duckdns.org
game.vilniusmail.co
jmcoru.appleupdate.xyz
jointish.ddns.net
childofthecorn.freedns.su
danrarkelenter.fishdns.com
xcrew.crabdance.com
airzwcvzq.nullroute.pw
ra4rro1.dynamicdns.science
amateurz.zapto.org
ayyyyyy.chickenkiller.com
topkekmofo.duckdns.org
spot.utopian.xyz
soycraft2.duia.pw
lmaobox.csgoblock.com
kromosho.sytes.net
cyber.freedns.su
dellboy27.eating-organic.net
swyratfr.no-ip.org
l33twizard.duckdns.org
eth0s123.ddns.net
matoxenoon.freedns.tech
hutlerplek.duckdns.org
cleintten101.no-ip.biz
it-milano.ra4wvpn.com
district9.fishdns.com
krookodilezombie.duckdns.org
amanghacker123.no-ip.biz
crazypkss.chickenkiller.com
angelman.no-ip.org
fbstatic.duckdns.org
kefero.chickenkiller.com
xgcfvgbhj.ddns.net
fizipop.freedns.tech
gloryhour.no-ip.biz
machination.xresurrection.xyz
antisec8899.no-ip.info
audioadapterplugin.chickenkiller.com
cozyboys.dankdns.xyz
ts.shiro.pw
droidnuuuu.chickenkiller.com
goodperson.freedns.tech
shots.servebeer.com
sampledog.freedns.tech
jmcoru2.fagdns.com
loverat.porn60s.com
alexoler.fishdns.com
nullbyte.duckdns.org
letsgopeople.fagdns.com
deadpixel.securedns.site
zido.homepc.it
andrewsnetwork.co.uk
mrpooper.freedns.tech
de-frankfurt.ra4wvpn.com
gstatlc.duckdns.org
seekingpvp101.duckdns.org
weareprometheus.tinydns.xyz
onye-nna.ddns.net
kalashas.no-ip.biz
machination.xinvasion.xyz
freelaser.no-ip.org
emekau2002.ddns.net
rektscrubsomg.dynamicdns.science
hurensohn52.ddns.net
kraken28.myz.info
www.argenta.be.avsbe.eu
cleintten.no-ip.biz
milkshakemodz.duckdns.org
dust.amxdust.xyz
uk-hampshire.ra4wvpn.com
jluxi.dynu.com
cleintten.duckdns.org
zixsnzcvz.dynapoint.pw
crazypks.chickenkiller.com
amangkirkuki12.ddns.net
windowsaudio.fishdns.com
projectk.duckdns.org
nn12.fishdns.com
antisec40401.no-ip.info
quadratic.nullroute.pw
salty1.ddns.net
omer16.no-ip.biz
hellolightness.ddns.net
habbahabba.bounceme.net
phazeonrunescape.no-ip.org
faddd331rat.zapto.org
uzoowalter.duckdns.org
amoxicillina1.no-ip.biz
www.bnpparibasfortis.be.avsbe.eu
swaggedout.duckdns.org
softwareoutlet.myftp.biz
c329.duckdns.org
mobutu4spirit.hopto.org
justice.linkpc.net
indahood.dynapoint.pw
identitytealeaf.chickenkiller.com
stalker.fishdns.com
kelbhie.duckdns.org
xuofmx.dankdns.xyz
smithsure92.no-ip.biz
triplekmafia.duckdns.org
tabaninfo.bounceme.net
cool.securenetwork.host
owner2016.zapto.org
credithax0r.bounceme.net
nn12.fagdns.com

# Reference: https://twitter.com/James_inthe_box/status/1046844087469391872

kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz

# Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648

docs.herobo.com/in/
docs.herobo.com/mr/

# Reference: https://twitter.com/FewAtoms/status/1047533778665660425

americanxdrive.gq

# Reference: https://twitter.com/FewAtoms/status/1047514168105082881

uchservers.ga

# Reference: https://twitter.com/virqdroid/status/1047419271662505985

bibonado.com

# Reference: https://pastebin.com/AasLyArF

monochromestr.site
motiondev.com.br
studio2321.com

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

alangudiagroindia.com

# Reference: https://twitter.com/dvk01uk/status/1047797297835397121

tokovio.com
/kfjvbdrlq

# Reference: https://twitter.com/ScumBots/status/1035348180903321601

23ace.site

# Reference: https://twitter.com/avman1995/status/1047354322974064640

yoacafpshlcz.de

# Reference: https://twitter.com/Dashowl/status/1047924040026001409

noipppl-online.com

# Reference: https://twitter.com/James_inthe_box/status/1047907038582304768

alsafeeradvt.com/m/

# Reference: https://twitter.com/nullcookies/status/1048030992320143360

h2hphotography.com

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

faktura24.ml
przelewy24.tk

# Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888
# Reference: https://pastebin.com/raw/fLf15eVp

1drivemail.ml
aghightile.ml
atlasglb.tk
bengusi.ga
britwind.tk
capt.ga
cmfgen.cf
cpseeds.ml
dajjuooltd.ga
foodpro.cf
generationgrowth.ml
illumin8blinds.ml
inmailadmin.cf
inmailadmin.ga
inmailadmin.gq
inmailadmin.ml
inmailadmin.tk
italamp.tk
itc-co.cf
kooshkan.ml
kwangshin-co.tk
nsewyainc.ml
onedrivemail.cf
onedrivemail.gq
onmailadmin.cf
onmailadmin.ga
onmailadmin.gq
onmailadmin.ml
onmailadmin.tk
potoflogz.tk
premiumchemical.ga
pseaways.tk
pvtechuae.cf
rathot.ml
ritter.gq
rivonka.ga
royalgroup.ga
safetexgroup.tk
salturchltd.ga
sebbeninternational.ml
sense-eng.ml
sercer.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
utehaltd.tk
veritasoverseas.ga
vip163.cf
yuan-fa.tk

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0)

q0fpkblizxfe1l.com

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Win.Malware.Razy-6703914-0)

extreme33.dns1.us
mdformo.ddns.net
mdformo1.ddns.net

# Reference: https://twitter.com/ViriBack/status/950478648150282240

0m0.in

# Reference: https://twitter.com/FewAtoms/status/1048982479783309314

capt.ga
italamp.tk
nsewyainc.ml
sense-eng.ml
sercer.tk

# Reference: https://twitter.com/FewAtoms/status/1048978792931368960

britwind.tk
dajjuooltd.ga
illumin8blinds.ml
kooshkan.ml
potoflogz.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
veritasoverseas.ga
vip163.cf

# Reference: https://twitter.com/James_inthe_box/status/1049445992808890369

viswavsp.com/newworld/

# Reference: https://twitter.com/malware_traffic/status/1049407739619880961

23.249.161.109/extrum/

# Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264

readyteam.org

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

guarana.pw
marryjane.club
names34.top
safi.co.za

# Reference: https://twitter.com/nullcookies/status/1050907886392623104

dirajrakhbhae.com

# Reference: https://twitter.com/FewAtoms/status/1050457033810558976

akznqw.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448

wemusthammer.com

# Reference: https://twitter.com/FewAtoms/status/1051099620020035585

msmapparelsourcing.com/directory/
msmapparelsourcing.com/wp-admin/users/

# Reference: https://twitter.com/nullcookies/status/1051321548634804226 

ghrelokamkaj.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560

globamachines.com

# Reference: https://twitter.com/FewAtoms/status/1050802529498525697

plus1interactive.com/bots/

# Reference: https://twitter.com/James_inthe_box/status/1050762064665309185

my.mixtape.moe

# Reference: https://twitter.com/olihough86/status/1050722705740304384

www.wheelnet.ca

# Reference: https://twitter.com/ximo2006/status/1050331166597758976

93.174.93.149:21

# Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service

hard-grooves.com
hellonwheelsthemovie.com
miamirecyclecenters.com

# Reference: https://twitter.com/nullcookies/status/1051244629704740865

daduhinnawmaz.com

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

datingittlive.info

# Reference: https://twitter.com/nullcookies/status/1030243288677277696

mayorel.website

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

osdsoft.com

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

faktura24.cf
przelewy24.ml

# Reference: https://twitter.com/MaelSecurity/status/1051900926078922753

adobe-reader.site

# Reference: https://twitter.com/avman1995/status/1052023584187719680

elektroklinika.pl/wp-content/languages/plugins/includes/

# Reference: https://twitter.com/ulexec/status/1051959861964169217

alprazolam.rip

# Reference: https://twitter.com/nullcookies/status/1052339217056129026

grafmx.com

# Reference: https://twitter.com/olihough86/status/1052607058883870720

yootbe.org

# Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329

holisticxox.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

cuezo.tk

# Reference: https://twitter.com/avman1995/status/1052879462449274880

ondasolution.ga

# Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382
# Reference: https://pastebin.com/raw/v7XN8dZS

alfredbusinessltd.flu.cc
citytrading.usa.cc

# Reference: https://twitter.com/FewAtoms/status/1053365757197860864

hnmseminar.aamraresources.com/dotcom/

# Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360

loggerz.xyz

# Reference: https://twitter.com/ViriBack/status/971430374919122944

acctspayable.com

# Reference: https://twitter.com/executemalware/status/999034066258284545

theipgenerators.com

# Reference: https://twitter.com/malware_traffic/status/1053494383708844032
# Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html

2019bracket.com
2069brackets.com
activenavy.com
adomesticworld.com
allpurplehandling.com
anilmoni.com
answermanagementgroup.com
antinomics.com
bluestarpaymentsolutions.com
boobfanclub.com
borderlands3.com
brickell100.com
bubsware.com
cactopelli.com
careercoachingbusiness.com
cclawsuit.com
cgunited.com
crosspeenpress.com
crystalhotel.com
dehionsgbes.com
dmknott.com
docswitch.com
expertsjourney.com
farminginthefloodplain.com
geziyurdu.com
gloria-glowfish.com
gnosmij.com
gokceozagar.com
greatwp.com
ieltsonlinetest.com
indiangirlsnude.com
indicasativas.com
inmotionframework.com
internationalboardingandpetservicesassociation.com
intimateimagery.com
iptechnologysolutions.com
iscanhome.com
185.162.130.150
205.185.125.244

# Reference: https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/

ta4dcmj.proxy6x-server.website

# Reference: https://twitter.com/ps66uk/status/1053632722667794433

dWUJncxxb.sh-master02.com
qixjd277g3621166.impressoxpz97367.com

# Reference: https://twitter.com/DissectMalware/status/1042276512886599680

exxxwrtw1111111.kloudghtlp.com

# Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network
# Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6

officesales2.com