# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/

madh0use8.no-ip.org

# Reference: https://www.virustotal.com/en/domain/vajityu.club/information/

vajityu.club

# Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx

aepahphahv.co.vu
aisohcaehi.co.vu
anothertembr.cf
anothertembr.ga
anothertembr.gq
anothertembr.ml
chughaiquu.co.vu
eewujoopai.co.vu
faeceedaba.co.vu
iewohpotae.co.vu
kladara.ml
meicashala.co.vu
rooniebohl.co.vu
sheibohchu.co.vu
sootateiso.co.vu
xooseishoh.co.vu

# Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/

facetwop.ru
rulething.ru
montirose.com

# Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100

server2.bjdnxbgp3.ru
bogerando.ru

# Misc (incidents)

devomchart.com
getmyhouse.net
gimail.com
ginbig.com
moksaduqqovlof.net
observatorystarsoh.net
runningwayforsun.net
locatedforporternok.net
addressbooklocater.net
alarg53.ddns.net
kiliposturgy22.no-ip.biz
beatyourmeatwhileweeat.com
qibrasob.ru
zibravopl.ru
forgiveme.workisboring.com
kyelines.ddns.net
nethunter.duckdns.org
1juni103.no-ip.biz
2juni103.no-ip.biz
3juni103.no-ip.biz
4juni103.no-ip.biz
5juni103.no-ip.biz
6juni103.no-ip.biz
7juni103.no-ip.biz
8juni103.no-ip.biz
9juni103.no-ip.biz
75ulqnwb.ru
i7gd9ultgx.ru
v99ay4wuo.ru
gd14hp0u6x.ru
qsqjeuno53.ru
aplikacii.com
dac.911domain.com
dd.911domain.com
pirata-88.zapto.org
rp.911domain.com

# Reference: https://www.virustotal.com/en/file/6c18145ff39653968002e268066144ccabc61a6da4373a6bc0db9494374c484b/analysis/

nerujeo.zapto.org
nerujeo.no-ip.org

# Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/

lightsmokesky.net
segateslondo.ru
devomchart.com
lemotgraph.com
wittersphere.net
monitmock.su
monitnear.ru
zapoio.com
napalmstories.su
jabberstorm.su
photohubchart.com
thoughtdog.net

# Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/

wanmeishua.com

# Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl

alsblueshelpt.nl

# Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/
# Reference: https://cymon.io/46.166.165.114

46.166.165.114
committeedub.com
09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link
cekmakasabasa.com
0oers58juxhcm7e.aze.link
yadakbloghesaplar.link
www.aze.link
aze.link
fsafakfskane.net
cclamarablog.xyz
cutecatworldhappy.website

# Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/
# Reference: https://cymon.io/181.174.164.3

181.174.164.3
adobeflashplayernew.com
adobeflashplayernew.org
adobeplayerdownload.com
adobeuploadplayer.com
adobeflashplaayer.com
flashplayeerupdate.com
adobeupdateplayer.com
adobeupdateplayeer.com
adobeupdateflash11.com
update-flash-player.org
adobeflashupdate.org
updateflashplayer11.com
alarkamaravaas.pw
lin.kim
cutecatworldhappy.website
abaza.ninja
shoppet.net
aze.link
q0a2wqepvhz8ame.aze.link
samaravablog.pw
weightloss-secrets-revealed.net
gomen.ninja

# Reference: https://www.snort.org/rule_docs/1-30285

palauone.com

# Reference: https://marc.info/?l=emerging-sigs&m=135207116130028

whatandwhyeh.com
manymanyd.com
traindiscover.com

# Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617

bktwenty.com
adbullion.com
sleeveblouse.com

# Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951

meherdelam.com
fordulak.com
germerand.com

# Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/

meherdelam.com
royalbankofcanadahelp.com
dns8.ffv3.ru
dns9.ffv3.ru
royalbankservicescheck.com

# Reference: http://www.urlvoid.com/scan/recenthosts.ru/

recenthosts.ru

# Reference: https://www.siteadvisor.com/sites/intelcorpsg.com

intelcorpsg.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx

cyber7.bit

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx

fionades.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx

cgi.dubkill.com

# Reference: https://www.virustotal.com/en/file/bb7238944240e9eeee1371e1970cbd5d7697180b0ba1436ef7e62da3d97438db/analysis/

srv5020.net
srv5010.net

# Reference: https://www.hybrid-analysis.com/sample/95b5ef4e0284f82d4f6e68d750645f3475e174e10a2c33da18e372a212976a8d?environmentId=100

bestfriendsroot.com
consaltingsolutionshere.com
kimdotcomfriends.com

# Reference: http://www.porezna-uprava.hr/Lists/Vijesti/Vijest.aspx?ID=1979

porezna-uprava.net

# Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120

fina.online

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

blooping.ovh.net
salako.net

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

ns7.hadara.ps

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

himynameisnoah.su
ichockealotkrug.com
idontlikeitwhenyoudoit.ru
iliketopunchnoah.com
justreggitifyouknowit.ru
karnevallizdageil.com
merhabaslm.su
wheniseeyourdedows.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

joaosgk03.sytes.net
spectrun2008.no-ip.org

# Reference: https://twitter.com/ps66uk/status/1037866649435729921

widewiderangers.fun

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section)

http://122.14.210.142
http://141.8.225.75
http://198.46.86.224
http://43.230.143.219
www.americasculturalstudies.net
www.danhbaviet.com
www.kegodanang.com
www.sevbizleadservices.com
www.siyaghasourccing.com
www.vhecha.com
www.www970234.com

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0)

amniyatgostariranian.ir

# Reference: # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0)

codelux2017.ddns.net
ducklife.ddns.net
homersides.duckdns.org
skypeprocesshost.ddns.com.br
wandersongay.ddns.net

# Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html

2bunny.com

# Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/

vv338.com

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

laserjetpro.com

# Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680

manapowermta.us

# Reference: https://twitter.com/jonaha92/status/1045344161690505217

11m.online

# Reference: https://twitter.com/blu3_team/status/1046054098884349953

images.laofamilymerce.com

# Reference: https://twitter.com/blu3_team/status/1037854618477383681

tub.gotomental.com
/bin/page/hpsrv.tmp

# Reference: https://twitter.com/blu3_team/status/1033356637543825408

nhatbao.chatpacific.com

# Reference: https://twitter.com/blu3_team/status/1030263686001246210

v2.buydiamond.hk

# Reference: https://twitter.com/blu3_team/status/993121509643378688

fb-dn.net/disrt/
ap12.ms-update-server.net

# Reference: https://twitter.com/blu3_team/status/988204223975305218

kmbk8.hicp.net

# Reference: https://twitter.com/blu3_team/status/981659638776115200

unnews.freetcp.com

# Reference: https://twitter.com/blu3_team/status/971351907095711745

baoin.baotintu.com:8001

# Reference: https://twitter.com/blu3_team/status/968588888867393536

news.voteandreahorwath.com
/polar-beer/election2018/info.html

# Reference: https://twitter.com/blu3_team/status/964324749106130944

zero-emissioncar.org

# Reference: https://twitter.com/blu3_team/status/958573054052978688

weather.gbaycruise.com

# Reference: https://twitter.com/blu3_team/status/956144807554043906

teredo-update.com

# Reference: https://twitter.com/blu3_team/status/951759637816205312

chrome.softupdate.xyz

# Reference: https://twitter.com/blu3_team/status/951658055858622464

mktnplace.com:81

# Reference: https://twitter.com/blu3_team/status/951647866531057665

nubpubwizard.jetos.com
worktrs.wikaba.com

# Reference: https://twitter.com/blu3_team/status/950126294137819136

thestar.live

# Reference: https://twitter.com/blu3_team/status/950124083332689920

newmysticvision.com

# Reference: https://twitter.com/FewAtoms/status/1045358651307962369

lse-my.asia

# Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376

firefox-addons.com

# Reference: https://twitter.com/James_inthe_box/status/1046844087469391872

kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz

# Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648

docs.herobo.com/in/
docs.herobo.com/mr/

# Reference: https://twitter.com/FewAtoms/status/1047533778665660425

americanxdrive.gq

# Reference: https://twitter.com/FewAtoms/status/1047514168105082881

uchservers.ga

# Reference: https://twitter.com/virqdroid/status/1047419271662505985

bibonado.com

# Reference: https://pastebin.com/AasLyArF

monochromestr.site
motiondev.com.br
studio2321.com

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

alangudiagroindia.com

# Reference: https://twitter.com/dvk01uk/status/1047797297835397121

tokovio.com
/kfjvbdrlq

# Reference: https://twitter.com/ScumBots/status/1035348180903321601

23ace.site

# Reference: https://twitter.com/avman1995/status/1047354322974064640

yoacafpshlcz.de

# Reference: https://twitter.com/Dashowl/status/1047924040026001409

noipppl-online.com

# Reference: https://twitter.com/James_inthe_box/status/1047907038582304768

alsafeeradvt.com/m/

# Reference: https://twitter.com/nullcookies/status/1048030992320143360

h2hphotography.com

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

faktura24.ml
przelewy24.tk

# Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888
# Reference: https://pastebin.com/raw/fLf15eVp

1drivemail.ml
aghightile.ml
atlasglb.tk
bengusi.ga
britwind.tk
capt.ga
cmfgen.cf
cpseeds.ml
dajjuooltd.ga
foodpro.cf
generationgrowth.ml
illumin8blinds.ml
inmailadmin.cf
inmailadmin.ga
inmailadmin.gq
inmailadmin.ml
inmailadmin.tk
italamp.tk
itc-co.cf
kooshkan.ml
kwangshin-co.tk
nsewyainc.ml
onedrivemail.cf
onedrivemail.gq
onmailadmin.cf
onmailadmin.ga
onmailadmin.gq
onmailadmin.ml
onmailadmin.tk
potoflogz.tk
premiumchemical.ga
pseaways.tk
pvtechuae.cf
rathot.ml
ritter.gq
rivonka.ga
royalgroup.ga
safetexgroup.tk
salturchltd.ga
sebbeninternational.ml
sense-eng.ml
sercer.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
utehaltd.tk
veritasoverseas.ga
vip163.cf
yuan-fa.tk

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0)

q0fpkblizxfe1l.com

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Win.Malware.Razy-6703914-0)

extreme33.dns1.us
mdformo.ddns.net
mdformo1.ddns.net

# Reference: https://twitter.com/ViriBack/status/950478648150282240

0m0.in

# Reference: https://twitter.com/FewAtoms/status/1048982479783309314

capt.ga
italamp.tk
nsewyainc.ml
sense-eng.ml
sercer.tk

# Reference: https://twitter.com/FewAtoms/status/1048978792931368960

britwind.tk
dajjuooltd.ga
illumin8blinds.ml
kooshkan.ml
potoflogz.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
veritasoverseas.ga
vip163.cf

# Reference: https://twitter.com/James_inthe_box/status/1049445992808890369

viswavsp.com/newworld/

# Reference: https://twitter.com/malware_traffic/status/1049407739619880961

23.249.161.109/extrum/

# Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264

readyteam.org

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

guarana.pw
marryjane.club
names34.top
safi.co.za

# Reference: https://twitter.com/nullcookies/status/1050907886392623104

dirajrakhbhae.com

# Reference: https://twitter.com/FewAtoms/status/1050457033810558976

akznqw.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448

wemusthammer.com

# Reference: https://twitter.com/FewAtoms/status/1051099620020035585

msmapparelsourcing.com/directory/
msmapparelsourcing.com/wp-admin/users/

# Reference: https://twitter.com/nullcookies/status/1051321548634804226 

ghrelokamkaj.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560

globamachines.com

# Reference: https://twitter.com/FewAtoms/status/1050802529498525697

plus1interactive.com/bots/

# Reference: https://twitter.com/James_inthe_box/status/1050762064665309185

my.mixtape.moe

# Reference: https://twitter.com/olihough86/status/1050722705740304384

www.wheelnet.ca

# Reference: https://twitter.com/ximo2006/status/1050331166597758976

93.174.93.149:21

# Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service

hard-grooves.com
hellonwheelsthemovie.com
miamirecyclecenters.com

# Reference: https://twitter.com/nullcookies/status/1051244629704740865

daduhinnawmaz.com

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

datingittlive.info

# Reference: https://twitter.com/nullcookies/status/1030243288677277696

mayorel.website

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

osdsoft.com

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

faktura24.cf
przelewy24.ml

# Reference: https://twitter.com/MaelSecurity/status/1051900926078922753

adobe-reader.site

# Reference: https://twitter.com/avman1995/status/1052023584187719680

elektroklinika.pl/wp-content/languages/plugins/includes/

# Reference: https://twitter.com/ulexec/status/1051959861964169217

alprazolam.rip

# Reference: https://twitter.com/nullcookies/status/1052339217056129026

grafmx.com

# Reference: https://twitter.com/olihough86/status/1052607058883870720

yootbe.org

# Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329

holisticxox.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

cuezo.tk

# Reference: https://twitter.com/avman1995/status/1052879462449274880

ondasolution.ga

# Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382
# Reference: https://pastebin.com/raw/v7XN8dZS

alfredbusinessltd.flu.cc
citytrading.usa.cc

# Reference: https://twitter.com/FewAtoms/status/1053365757197860864

hnmseminar.aamraresources.com/dotcom/

# Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360

loggerz.xyz

# Reference: https://twitter.com/ViriBack/status/971430374919122944

acctspayable.com

# Reference: https://twitter.com/executemalware/status/999034066258284545

theipgenerators.com

# Reference: https://twitter.com/malware_traffic/status/1053494383708844032
# Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html

2019bracket.com
2069brackets.com
activenavy.com
adomesticworld.com
allpurplehandling.com
anilmoni.com
answermanagementgroup.com
antinomics.com
bluestarpaymentsolutions.com
boobfanclub.com
borderlands3.com
brickell100.com
bubsware.com
cactopelli.com
careercoachingbusiness.com
cclawsuit.com
cgunited.com
crosspeenpress.com
crystalhotel.com
dehionsgbes.com
dmknott.com
docswitch.com
expertsjourney.com
farminginthefloodplain.com
geziyurdu.com
gloria-glowfish.com
gnosmij.com
gokceozagar.com
greatwp.com
ieltsonlinetest.com
indiangirlsnude.com
indicasativas.com
inmotionframework.com
internationalboardingandpetservicesassociation.com
intimateimagery.com
iptechnologysolutions.com
iscanhome.com

# Reference: https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/

ta4dcmj.proxy6x-server.website

# Reference: https://twitter.com/ps66uk/status/1053632722667794433

dWUJncxxb.sh-master02.com
qixjd277g3621166.impressoxpz97367.com

# Reference: https://twitter.com/DissectMalware/status/1042276512886599680

exxxwrtw1111111.kloudghtlp.com

# Reference: https://twitter.com/ni_fi_70/status/1053207719291879424

84.38.130.139/pk/office/

# Reference: https://twitter.com/xxdesmus/status/1053440011289280512

123.249.71.250:666
89.34.237.210/ikahedbts/

# Reference: https://twitter.com/nullcookies/status/1054185582467993600

daxiu678.com
lianyebo1.com

# Reference: https://twitter.com/FewAtoms/status/1054419759511547904

guideofgeorgia.org/doc/

# Reference: https://twitter.com/FewAtoms/status/1054762247405424642

nabato.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

davidharvill.org
hotkine.com
informanetwork.com
invasivespecies.us
lookper.eu
maleass.eu
schwerdt.org

# Reference: https://twitter.com/KorbenD_Intel/status/1054857588695683072

6cameronr.ga

# Reference: https://twitter.com/FewAtoms/status/1055149939456688133

linetrepanier.com/wp-data/

# Reference: https://twitter.com/avman1995/status/1055360237484552192

ponti-int.com/a/

# Reference: https://twitter.com/yvesago/status/1055362284569145344

84.38.130.139/pk/office/

# Reference: https://twitter.com/FewAtoms/status/1055477161577115648

192.3.162.102/out/

# Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network
# Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6

officesales2.com

# Reference: https://blog.en.elevenpaths.com/2019/01/chrome-extension-card-cybersecurity.html

fbsgang.info

# Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/

google-analytics.cm
gooqletagmanager.com

# Reference: https://ti.360.net/blog/articles/upgrades-in-winrar-exploit-with-social-engineering-and-encryption/

manage-shope.com
local-update.com
conloap.linkin.tw

# Reference: https://twitter.com/blu3_team/status/1053669632438099970
# Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802

pus.inter.cloudns.cc

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

bite-me.wz.cz
jma-go.jp
mountainhigh.at
racemodel.at
thunderbolt-price.com
sungmap.at

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/

chadikaysora.com
lt99.ddns.net
http://35.227.52.26

# Reference: https://twitter.com/ScumBots/status/1094811119154356224

gxbjugb.xyz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Autoit-6877140-0)
# Reference: https://www.virustotal.com/#/file/028914f9d3455b44d9186d218874047530a367cb1d20cbc7d9b047a42faf1774/detection

kuangdl.com

# Reference: https://www.virustotal.com/#/url/0d8185a9bf6eb842a7e07758882d86a33f090d7572efd61d1b296382c2af4a7a/detection

j0mla.sytes.net

# Reference: https://news.drweb.com/show/?i=12955&c=23&lng=en&p=0
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/Trojan.Click3.27430
# Reference: https://app.any.run/tasks/0a0be637-4950-4727-bfaa-8eaa05563262

barmash.ru
dnsip.ru
dns-free.com

# Reference: https://twitter.com/ScumBots/status/1105495431864303616

flowerstick.net

# Reference: https://www.hybrid-analysis.com/string-search/results/dadfd0d8b49c6852e76468b76d381248d8db9f18250b303ead54986bca8dd98f
# Note: used by many different malware strains (ipinfo service used exclusively by malware)

codeluxsoftware.com

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html

mokoaehaeihgiaheih.ru

# Reference: https://twitter.com/James_inthe_box/status/1106551689132138497

llkty.gq

# Reference: https://twitter.com/James_inthe_box/status/1105124840501989378

dsmbil.ml

# Reference: https://www.virustotal.com/#/domain/cloudnetwork.kz
# Reference: https://twitter.com/James_inthe_box/status/1101548458090016768

cloudnetwork.kz

# Reference: https://twitter.com/bad_packets/status/1104313051166068737

methaddict.xyz

# Reference: https://twitter.com/bad_packets/status/1090885643197009920

bulehero.in

# Reference: https://twitter.com/VK_Intel/status/1044631042454249473

mintsbox.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1107662516824535041

xqzuua1594.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1107932063209017344

/gr.mpwq

# Reference: https://twitter.com/James_inthe_box/status/1107977083123204102

brokenway.cf

# Reference: https://twitter.com/James_inthe_box/status/1108085222317289473

goldchainsblue.com
validcc.ch

# Reference: https://twitter.com/ActorExpose/status/1108113213164523521

vocational-age.000webhostapp.com

# Reference: https://twitter.com/dvk01uk/status/1108204451309981697

alta-brasiil.com

# Reference: https://twitter.com/dvk01uk/status/1106429454736388096

fast4elev.gq

# Reference: https://twitter.com/dvk01uk/status/1105718483118108672

remenelectricals.com

# Reference: https://twitter.com/dvk01uk/status/1105736132908720128

morningfresh.ga

# Reference: https://twitter.com/dvk01uk/status/1105819049831862278

chemisoli.com

# Reference: https://twitter.com/dvk01uk/status/1105437702999166976

goodlord.cf

# Reference: https://twitter.com/dvk01uk/status/1103507380892061696

evaglobal.eu

# Reference: https://twitter.com/dvk01uk/status/1103259569013305344

mamaknowyourname.gq

# Reference: https://twitter.com/dvk01uk/status/1103257149508075520

modexcommunications.eu

# Reference: https://twitter.com/dvk01uk/status/1102820682713522176

ruga.africa

# Reference: https://twitter.com/dvk01uk/status/1099697529409671168

maheshshukla.com

# Reference: https://twitter.com/dvk01uk/status/1098244837374070786

findouttheway.gq

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

etruht.ml

# Reference: https://twitter.com/dvk01uk/status/1093734309947719680

etruht.ga

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

tanerm.ug

# Reference: https://twitter.com/dvk01uk/status/1096445096306921472

xvirginieyylj.city

# Reference: https://twitter.com/dvk01uk/status/1095633303758127104

joshdghd.cf

# Reference: https://twitter.com/dvk01uk/status/1094924981971107840

geepaulcast.com

# Reference: https://twitter.com/dvk01uk/status/1092780337434947584

lightmusic.cocomet-china.com

# Reference: https://twitter.com/dvk01uk/status/1092685964743503872

imtooltest.com

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

sulphurrnills.com

# Reference: https://twitter.com/dvk01uk/status/1088391308849434629

pornhouse.mobi

# Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf

bhrserviceaps.dk

# Reference: https://twitter.com/pollo290987/status/1108393592605863940

brothersjoy.nl

# Reference: https://twitter.com/fletchsec/status/1108144401530978304

86818.prohoster.biz

# Reference: https://twitter.com/killamjr/status/1108455343816916992

quiltyfabricsorders.xyz

# Reference: https://www.virustotal.com/gui/domain/fid.hognoob.se/details
# Reference: MT heuristic (direct exe download)

fid.hognoob.se

# Reference: https://twitter.com/nao_sec/status/1108388558539087873

todaymale.xyz
dogfunnyviedeos.xyz

# Reference: https://twitter.com/JayTHL/status/1108402913938935808

mansoura.co
root-mrx.tk

# Reference: https://twitter.com/Racco42/status/1107351502878842880

angel-aristizabal.com.co

# Reference: https://twitter.com/Racco42/status/1106547527334154240

thinknik.ca

# Reference: https://twitter.com/Racco42/status/1106225615705948167

ministere-elshaddai.org

# Reference: https://twitter.com/Racco42/status/1106201029127880704

tiemokodoumbia.com

# Reference: https://twitter.com/Racco42/status/1105504898525917184

mincare.vn
sharegroup.info

# Reference: https://twitter.com/Racco42/status/1102896181011795969

wearewhatwesay.com

# Reference: https://twitter.com/Racco42/status/1102869794502705152

fm.radio.googlemenow.org

# Reference: https://twitter.com/Racco42/status/1102590512228388866

handbuiltapps.com
luxdecor.co.il

# Reference: https://twitter.com/Racco42/status/1101142170663354370

loh-tech.com

# Reference: https://twitter.com/Racco42/status/1100855213668421632

oppws.cn
skity.hk

# Reference: https://twitter.com/Racco42/status/1100733716995944448

aviatorssm.bit

# Reference: https://twitter.com/Racco42/status/1098979285443006465

burcutekstil.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1108668614742368261

mkatarina7094maybelle.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1108683102187110400
# Reference: https://app.any.run/tasks/7d5fcd3a-9d57-45f4-8616-f867ee76f765

nuovilod.icu
wwikrrtt.info

# Reference: https://twitter.com/malwrhunterteam/status/1108689191326625794

bigassbabyart.com

# Reference: https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/

gxxservice.com
infestexe.com
xigncodeservice.com

# Reference: https://twitter.com/anyrun_app/status/1108695731530055680
# Reference: https://app.any.run/tasks/f9c9b7ed-ac6b-454f-86c6-8bbc7c3b8d1f

n48lxj5097.email
wyideegb.city

# Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168

brandin.nu
servicemanager.icu

# Reference: https://twitter.com/luc4m/status/1103952276132192256

splitbiin.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1100698122563567616

mi88karine.company

# Reference: https://twitter.com/avman1995/status/1094181713121558529

fpetraardella.band

# Reference: https://twitter.com/benkow_/status/1088009157733683200

uni-full.com

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

tollzwork.ru

# Reference: https://twitter.com/CryptoInsane/status/1074048007912464389

ooxxzzvv.com

# Reference: https://twitter.com/Racco42/status/1067027684906151936

pdf-compare.site
pdf-compare.space

# Reference: https://twitter.com/anyrun_app/status/1060858198599577601

checksolutions.pw
officemysuppbox.com

# Reference: https://twitter.com/benkow_/status/1057977911607783425

osxmacservice.com

# Reference: https://twitter.com/Racco42/status/1040144285453180928

emailerservo.science

# Reference: https://twitter.com/James_inthe_box/status/1108727176038236166

fnutdue.ru

# Reference: https://twitter.com/dvk01uk/status/1108706531636326400

lovliygtyu.ml

# Reference: https://twitter.com/dvk01uk/status/1108745052686307328

hytexxi.xyz

# Reference: https://twitter.com/pollo290987/status/1108755025604591622

tarhona-libya.com


# Reference: https://twitter.com/Jan0fficial/status/988318117532176384

mlhxyz.ml

# Reference: https://twitter.com/fumik0_/status/973504037999075329

win-dows.net

# Reference: https://twitter.com/dvk01uk/status/1109045863664533504

zentacher3.ga

# Reference: https://twitter.com/JaromirHorejsi/status/793071347215790080

pomf.cat

# Reference: https://twitter.com/JAMESWT_MHT/status/1109085932949590018

u1a2zlzeuya.company

# Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480

nitb.pk-gov.org

# Reference: https://app.any.run/tasks/7dff8b86-1cff-4d38-9264-aa5a217eca0e

interruption.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1109089319871004673

r414525xw.band

# Reference: https://app.any.run/tasks/b853927b-ff78-4744-81db-789e8592bda2

realdealhouse.eu

# Reference: https://twitter.com/casual_malware/status/1107101098714656768

elec-tb.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1106579701290672129

abhicoupon.com

# Reference: https://twitter.com/JaromirHorejsi/status/1105806463468036096

awdmiami.com

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

freedomate.ga

# Reference: https://twitter.com/ViriBack/status/1093994913249853440

cocomet-china.com
naceco.com
qai-abb.com

# Reference: https://twitter.com/nullcookies/status/1029173962595598336

appgosecurity.com

# Reference: https://twitter.com/FewAtoms/status/1109119034082103298

shannai.us

# Reference: https://twitter.com/James_inthe_box/status/1109120289604931584

zjnewdan.us

# Reference: https://twitter.com/ClearskySec/status/1001833343581900800

stcinet.com
stcnet.ddns.net

# Reference: https://twitter.com/guelfoweb/status/1109103783571795970

mit-gov-it.icu

# Reference: https://twitter.com/Racco42/status/1109591919561187330

alph.staroundi.com

# Reference: https://twitter.com/FewAtoms/status/1109773299985379329

ruih.co.uk

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

oteam.io

# Reference: https://twitter.com/James_inthe_box/status/1079727395161104384

amsi.co.za

# Reference: https://twitter.com/James_inthe_box/status/1109832439700971520
# Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e

a-7763.com
davidich.life
domekan.ru
doshimotai.ru
kifge43.ru
/MatherFuckerAv.dll

# Reference: https://www.hybrid-analysis.com/sample/b0b9beba8089d5ff30d11703648b1bc2083bac677da4cdd3a9ef007dd62282b4?environmentId=100

soplifan.ru

# Reference: https://app.any.run/tasks/8b133ab1-aed9-4e75-9a91-42a9274c18b9

s11.ohbabycani.su
s1.letsplay.su
s16.letsplay.su
s23.letsplay.su
s4.ohbabycani.su
s20.ohbabycani.su

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

gmltdprocrop.com

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

mulenrooj.adygeya.su

# Reference: https://twitter.com/avman1995/status/1090972632261029891

monstercartune.club

# Reference: https://twitter.com/dms1899/status/1070382435148447745

ph0en1x.tk

# Reference: https://twitter.com/ViriBack/status/1069965350442283009
# Reference: https://pastebin.com/PTkLE0se

bingobongo.space
finik18topw.cc
gafigaf.in
jelouslaodnn.org

# Reference: https://twitter.com/avman1995/status/1035723902612324352

botsphere.biz

# Reference: https://twitter.com/Racco42/status/1110098645263810561

bzios.info

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-10-22: Ukrainian telcos fake domains on servers with Metasploit and Cobalt Strike)

24tv.agency
2mdns.org
a-msedge.org
ads1-msn.com
ads1-msn.net
akadns-ms.net
api-p001-1drv.com
apostrophe-news.biz
appex-bing.net
appex-bing.org
bigmir.email
blob-weather.com
cdn-onenote.net
censornews.org
client-googledns.com
cnn-metanews.biz
compatexchange-cloudapp.com
corpext-datamart.net
delometaua.biz
diagnostics-support-microsoft.net
diagnostics-support.com
dns-msftncsi.com
eizvestia-news.org
espreso.today
feedback-google.net
feedback-google.org
feedback-windows.com
feedback-windows.org
foxnewsmeta.biz
fwdcdn.org
gateway-telemetry.net
gateway-telemetry.org
gazetaua-news.org
gismeteo.city
img-s-msn-com-akamaized.net
interfax-globalnews.com
ipv4-microsoft.net
ipv4-microsoft.org
ipv6-google.net
ipv6-google.org
ipv6-microsoft.org
kyivstar-ip.com
ls2web-redmond-corp.com
microsoft-com-nsatc.org
microsoft-metaservices.com
microsoft-nsatc.org
ms-akadns.com
ms-akadns.org
news-liga.net
newska-uanews.biz
nod-update.org
ns0-ukrpack.net
ns0-volia.net
ns1-datagroup.com
ns1-datagroup.org
ns1-volia.net
ns2-datagroup.com
ns2-datagroup.org
ns2-ukrtel.com
ns3-datagroup.org
ns4-datagroup.org
obozrevatel-news.com
officeclient-microsoft.com
paypal-com1.com
paypal-com2.com
pppoe-infocom.com
pppoe-kyivstar.com
pppoe-ukrtel.com
preview-msn.org
redir-metaservices.com
redir-metaservices.org
reports-telemetry-microsoft.com
rian-ua.org
sandbox-cloudapp.com
sandbox-cloudapp.org
search-msn.net
search-msn.org
secure-telemetry.net
secure-telemetry.org
securenod32.com
segodnya-news.org
services-glbdns2.com
services-glbdns2.org
services-google.org
serving-sys-windows.net
serving-windows.net
social-msn.net
social-msn.org
ssw-live.org
statototalitario.com
support-cloudapp.net
support-microsoft.biz
survey-microsoft.net
telecommand-microsoft.net
telecommand-microsoft.org
telegraf-news.biz
telemetry-akadns.org
uatimes-meta.biz
ubr-news.org
ui-skype.net
ukrfreshnews.com
unian-search.com
urs-microsoft.net
watson-microsoft.org
win-msecnd.com
win-msecnd.org
win10-telemetry.net

# Reference: https://twitter.com/James_inthe_box/status/1056920457218125826

mypanell.online

# Reference: https://twitter.com/Racco42/status/1029986121286074369

atcproje.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1110147918995091457
# Reference: https://app.any.run/tasks/8e80d6b5-507a-40ab-98bd-2dfd73d313ab

klub046.co

# Reference: https://twitter.com/Racco42/status/1110160140962066432

zaczvk.pl

# Reference: https://twitter.com/Racco42/status/1110170198005436417
# Reference: https://app.any.run/tasks/30775d98-c3a7-4de0-b4e1-5ae6db7fece9

space.bajamelide.ch

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

zabenkot.top

# Reference: https://twitter.com/angel11VR/status/1109075153114279936
# Reference: https://app.any.run/tasks/37b99bb8-a81b-4298-bc78-b19ecc0adb0f

185.25.50.168:4444

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

89.105.202.62:1080

# Reference: https://twitter.com/James_inthe_box/status/1110196027338817538

erimbil.ml

# Reference: https://twitter.com/ScumBots/status/1110265736029712384

safetimes.biz

# Reference: https://twitter.com/ScumBots/status/1110265564428226565

wite.biz

# Reference: https://twitter.com/ScumBots/status/1110265483264167939

s3rpfish.biz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Autoit-6897734-0)

charlesprofile.website

# Reference: https://twitter.com/Racco42/status/1110450502087725057

kozol.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1110470611137114112

fubuy60w.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1110533916279128071

24forejungl.site

# Reference: https://twitter.com/James_inthe_box/status/1110563590950445056

lattempted.pw

# Reference: https://twitter.com/James_inthe_box/status/1110560151977623552

conamylups.com

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/avman1995/status/951077991966064640

itgpll.com

# Reference: https://twitter.com/ViriBack/status/950469147976257536

m3ss4g3rtesla.com

# Reference: https://twitter.com/ViriBack/status/950354442917990400

dominica2.com

# Reference: https://twitter.com/cocaman/status/909339498445705216

iemnnyanmar.com

# Reference: https://twitter.com/58_158_177_102/status/1110814561500708864

onbraker.com
podertan.com

# Reference: https://twitter.com/Racco42/status/1110844776075706368

zolik.info

# Reference: https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/

favoritfile.in
kyrkymalol.000webhostapp.com

# Reference: https://twitter.com/ClearskySec/status/1110941180106366976

/D2_de2o@sp0/

# Reference: https://twitter.com/ClearskySec/status/1062026777604820994

disw.top
jobk.info
ktis.club
kotb.top
lupx.info

# Reference: https://twitter.com/Racco42/status/1111189949712420864

armasglass.com

# Reference: https://twitter.com/dvk01uk/status/1111218416227102720

babamaturu.cf

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1111223066137448449

bambamdumer.ml
kodjdsjsdjf.tk
lookatmenaaaa.tk

# Reference: https://twitter.com/ps66uk/status/1111309717664604162

poperjffd.gq
zentacher.cf

# Reference: https://otx.alienvault.com/pulse/5c9d13987ec3ed127b3175a5

crypt24.in
clean.crypt24.in
zani.streghettaincucina.com
midgnighcrypt.com
yinhbygrm.com
4uland.com
favoritfile.in
img.martatovaglieri.com

# Reference: https://twitter.com/James_inthe_box/status/1111371723092299776

edjsqvg.ua

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/ViriBack/status/1111440848787402752

evih.scamfreeweb.com

# Reference: https://twitter.com/JayTHL/status/1111497469937045504

brynn.ink

# Reference: https://twitter.com/DissectMalware/status/1111511953061621760

onbraker.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623245965545473

justpony.xyz
warezpony.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623824695611392

myloki.icu

# Reference: https://twitter.com/ViriBack/status/1111646690233192449

pamthasion.pw

# Reference: https://twitter.com/Racco42/status/1111651759276072961

zerio.info

# Reference: https://twitter.com/James_inthe_box/status/1111666754604789760

recordsforsmssent.xyz

# Reference: https://twitter.com/ViriBack/status/1067995331810549760

oceanicproducts.eu
jesseworld.eu
modexdeals.xyz
modecloudserver.eu

# Reference: https://twitter.com/ekamioka/status/1111658931624001540

edzz.la
nanowopsite.club

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-16: New Order PO)

/buchi/i/fred.php

# Reference: https://twitter.com/ViriBack/status/971430374919122944

carolp1.xyz

# Reference: https://twitter.com/malware_traffic/status/1111049259305046016

ultimateyahoo.top

# Reference: https://twitter.com/jfslowik/status/1112010565742788609

download-updates-comp.com
get-updates-ms.com

# Reference: https://twitter.com/benkow_/status/1112046921303113729

gcleaner.info

# Reference: https://twitter.com/VK_Intel/status/1112225078010437633

ref345.icu

# Reference: https://twitter.com/ps66uk/status/1112172657729044480

00399a4.netsolhost.com

# Reference: https://twitter.com/Racco42/status/1112623595459612673

zesis.info

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

not-my-guilty.com
onlinedattingforlife.info
russkistandart.info

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

datingforllives.info

# Reference: https://twitter.com/malwrhunterteam/status/1112969094322683904

danhuaile.net

# Reference: https://twitter.com/packet_Wire/status/1112802915650027520

ordernow.cf

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
rivier.at

# Reference: https://twitter.com/KorbenD_Intel/status/1113151983030943744

vilamax.home.pl
# Reference: https://twitter.com/James_inthe_box/status/1113114356714168321

bluewales.ml
worldatdoor.in

# Reference: https://twitter.com/albertzsigovits/status/1113096573284728839

powellpablooo.myjino.ru
fnsss77.ru
darbl.icu

# Reference: https://twitter.com/illegalFawn/status/1113336529433374721

4fallingstar.info
esurf.info
childrensliving.com

# Reference: https://twitter.com/malware_traffic/status/1113586907655680001

tytalrecoverysolutions.com
zakromanoff.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113747351405985792

bobbobb1z.com

# Reference: https://twitter.com/dvk01uk/status/1094130931596701696

liqurestore.cf

# Reference: https://twitter.com/benkow_/status/1090564148184924160

dfgdfgghjghfshfgh.ru

# Reference: https://twitter.com/JayTHL/status/1036810959644438528

dvpont.com
itwsaelants.com
kmnnl.com
tekinkgroup.com

# Reference: https://twitter.com/James_inthe_box/status/1113888371204472832

smart.cloudnetwork.kz
nicru.supermicrotransapi.ru
mel.cloudcontentsmak.com
js.securetopdevelopment.kz
secure.jsc0nten1maker.com
secure.jscontentmaker.kz
tel.jsapisettings.kz

# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
top.sineadholly.com

# Reference: https://twitter.com/K_N1kolenko/status/1113818032248430593

waorveled.com
hegutceper.ru
dintroprula.ru

# Reference: https://twitter.com/takerk734/status/1113851637292920832

artdefensive.com
tracpadsforgame.info

# Reference: https://twitter.com/takerk734/status/1113852021579206658

ceaningthe.com
hosttrade.ru
letsdoitquick.site

# Reference: https://twitter.com/p5yb34m/status/1111707577685991424

givemejs.cc

# Reference: https://twitter.com/Racco42/status/1114080917402861568

pasios.info

# Reference: https://www.bromium.com/mapping-malware-distribution-network/
# Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58

l-jaxx.com
monkeyinferno.net

# Reference: https://twitter.com/smica83/status/1114099330628096000

echuhnova.digital

# Reference: https://twitter.com/smica83/status/1114101564648689664

daidaowu.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1114103736731951104

vip-163.cc

# Reference: https://twitter.com/Bank_Security/status/1114122727080771585

g53lois51bruce.company

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

11totalzaelooop11.club

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Autoit-6919193-0)

jfnutts.com
jamesxx.dynu.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Vobfus-6919817-0)

backdates1.net
backdates2.com
backdates4.com
backdates2.net
backdates11.com
backdates17.com
backdates8.com
backdates15.com
backdates3.net
backdates1.com
backdates3.com
backdates5.com
backdates1.org
backdates9.com
backdates10.com
backdates16.com
backdates1.net.example.org
backdates15.com.example.org
backdates4.com.example.org
backdates9.com.example.org
backdates8.com.example.org
backdates11.com.example.org
backdates17.com.example.org
backdates2.net.example.org
backdates16.com.example.org
backdates3.com.example.org
backdates10.com.example.org
backdates3.net.example.org
backdates1.com.example.org

# Reference: https://twitter.com/x42x5a/status/1114468129327984640

westeast.world

# Reference: https://imgur.com/a/8mFGk
# Reference: https://otx.alienvault.com/pulse/5a49115f93199b171b90a212

conectionapis.com

# Reference: https://twitter.com/nullcookies/status/1115006946216747008

lolkek.club

# Reference: https://twitter.com/James_inthe_box/status/1114879968452829187

http://141.105.68.131/api/register.php

# Reference: https://twitter.com/JayTHL/status/1115077956781715456
# Reference: https://pastebin.com/raw/HggkKKVu

awazpeople25.com.pl
awazpeople25.net.pl
awazpeople25.pl
awazpeople25.waw.pl
e-helpingcenterxg.pl
egalleryimagesas.pl
ehelpingcentervh.pl
estoremkg.pl
everificationaccountls.pl
galleryimagesas.com.pl
galleryimagesas.net.pl
galleryimagesas.pl
galleryimagesas.waw.pl
helpingcentervh.com.pl
helpingcentervh.net.pl
helpingcentervh.pl
helpingcentervh.waw.pl
helpingcenterxg.com.pl
helpingcenterxg.net.pl
helpingcenterxg.pl
helpingcenterxg.waw.pl
hypemediahdy.com.pl
hypemediahdy.net.pl
hypemediahdy.pl
hypemediahdy.waw.pl
i-awazpeople25.pl
i-mzenjdfu.pl
ihypemediahdy.pl
make-upvalleyusastoread.pl
mzenjdfu.com.pl
mzenjdfu.pl
mzenjdfu.waw.pl
storemkg.com.pl
storemkg.net.pl
storemkg.pl
storemkg.waw.pl
verificationaccountls.com.pl
verificationaccountls.net.pl
verificationaccountls.pl
verificationaccountls.waw.pl

# Reference: https://twitter.com/smica83/status/1115174343288545280

etechnocrat.us

# Reference: https://twitter.com/Racco42/status/1115216282670989313

hallos.info

# Reference: https://twitter.com/MisterCh0c/status/1115001122673102848

yolodice.icu

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

vapeegy.com

# Reference: https://twitter.com/Racco42/status/1115259915877146625

e-mailupgrade.com

# Reference: https://twitter.com/malwrhunterteam/status/1115289020421025792

bestpage1.com

# Reference: https://twitter.com/BroadAnalysis/status/731653488443305985

khamsanphukhoa.com.vn

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

gingerandcoblog.com

# Reference: https://twitter.com/illegalFawn/status/1115537607256150016

logger-keyz.tk
rtdetailing.com

# Reference: https://twitter.com/Artilllerie/status/1115556048243437568

subby.xyz

# Reference: https://twitter.com/James_inthe_box/status/1115591879586795521

hot-mail.online

# Reference: https://twitter.com/slayersecurity/status/1115599512758697984

bobbobb1z.com

# Reference: https://twitter.com/pollo290987/status/1115613838689341440

nicholaspring.xyz

# Reference: https://twitter.com/slayersecurity/status/1115902366686031878

klis.icu
notz.icu
qgb.us
shortener.icu
shortit.icu
zvb.us

# Reference: https://twitter.com/JAMESWT_MHT/status/1115926996582830081

nemelyu871.info
s1591e46.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1115928599792640000

instant-payments.ru

# Reference: https://twitter.com/makflwana/status/1115953092090941440

vman23.com

# Reference: https://twitter.com/x42x5a/status/1115980225127571456

freelim.cf

# Reference: https://app.any.run/tasks/34e6fb84-9c9f-4839-8c08-a2db34280b72

younglybae.tk

# Reference: https://twitter.com/KorbenD_Intel/status/1115987185206013953

b02aee36.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1116302275335475201

a.uchi.moe

# Reference: https://twitter.com/tkanalyst/status/1116370690444124160

adpop.xyz

# Reference: https://twitter.com/anyrun_app/status/1115513990711521280

user-protect-center.pe.hu

# Reference: https://twitter.com/58_158_177_102/status/1116608652985585670

aupa.xyz
azedizayn.com
aussiescanners.com
fumicolcali.com
sundarbonit.com

# Reference: https://twitter.com/Racco42/status/1116787155710500866

yassra.com

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://www.virustotal.com/gui/domain/appboxlive.host/relations

appboxlive.host

# Reference: https://twitter.com/JAMESWT_MHT/status/1095672902232477697

cytotan.xyz
fatando.pw
srv18427.microhost.com.pl

# Reference: https://twitter.com/devnullek/status/1073159905480183808

favbaby.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

ahgsuy3829.top
best-remit.com
hybypi.xyz
nerdcommunity.top
reballancefreestyle.win

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

chebersto.com
chelkibot.com
jejefolso.com
kalambint.com
karachark.com
kerukiron.com
kurtillon.com
markrelso.com
nintedrer.com
reregaton.com

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

arabicdessert.co
prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

badbigbearr.com
bearbigger.top
beargrizzler.win
dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

lowashemterle.top
yfyke.xyz

# Reference: https://twitter.com/x42x5a/status/1117697750886428672

ahsantiago.pt

# Reference: https://twitter.com/dvk01uk/status/1117752424331190273

licenses-renewal.com

# Reference: https://twitter.com/killamjr/status/1117776513288503296
# Reference: https://www.virustotal.com/gui/domain/netlux.in/relations
# Reference: https://www.virustotal.com/gui/domain/vitalmania.eu/relations

netlux.in
vitalmania.eu

# Reference: https://twitter.com/FewAtoms/status/952884418733072384

gg.usdipc.com

# Reference: https://twitter.com/DynamicAnalysis/status/1117833770332303365

ridihaagroup.com

# Reference: https://twitter.com/FewAtoms/status/1117824449670209536

annaviyar.com

# Reference: https://twitter.com/malware_traffic/status/1117811800395767808

shahkara.com.tr

# Reference: https://twitter.com/HONKONE_K/status/1118035160362913792

new2019.mine.nu

# Reference: https://twitter.com/JAMESWT_MHT/status/1118102912549433345

fineiksus.com

# Reference: https://cofense.com/latest-software-functionality-abuse-url-internet-shortcut-files-abused-deliver-malware/

buyviagraoverthecounterusabb.net

# Reference: https://twitter.com/James_inthe_box/status/1118146373361078272

tshukwasolar.com

# Reference: https://twitter.com/Racco42/status/1118476901876674561

vreau-relatie.eu

# Reference: https://twitter.com/FewAtoms/status/1118588045312368641

http://188.209.52.180

# Reference: https://krebsonsecurity.com/wp-content/uploads/2019/04/wiproiocs.txt
# Reference: https://krebsonsecurity.com/2019/04/wipro-intruders-targeted-other-major-it-firms/

xsecuremail.com
wipro365.com
microsoftonline-secure-login.com
secure-message.online
encrypt-email.online
secured-mail.online
internal-message.app
encrypted-message.cloud
tashabsolutions.xyz

# Reference: https://twitter.com/JayTHL/status/1118755038241988608

helplog3651.ml
helplog3015.cf
helplog364.tk
helplog820.cf

# Reference: https://twitter.com/FewAtoms/status/1118893063219372034

krosnovunderground.se

# Reference: https://twitter.com/ViriBack/status/1119019674006687744

deuor.info/index.php

# Reference: https://twitter.com/ActorExpose/status/1118914631609794561

kulsofttech.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

plenoils.com
sharedrive.top
alkzonobel.com
web2prox.com
webxpo.us
office.webxpo.us
sunny-displays.com
modernizingforeignassistance.net

# Reference: https://twitter.com/malware_traffic/status/1119021844416405504

sunmeter.eu

# Reference: https://twitter.com/ViriBack/status/1119592527106072576

http://185.79.156.15

# Reference: https://twitter.com/James_inthe_box/status/1119758368858468352

gbchb.com

# Reference: https://twitter.com/pancak3lullz/status/1117825748583243776

esko7.cf

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

benelll.com

# Reference: https://twitter.com/pancak3lullz/status/1085189158866378754

liftocean.us

# Reference: https://twitter.com/The_d0c_T0R/status/1120184484312354816

bbkac.com

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

get.extra-files.com

# Reference: https://twitter.com/malwrhunterteam/status/1120969169233690624

187.ip-54-36-162.eu

# Reference: https://twitter.com/devnullek/status/1120708504619290624

news-medias.ru

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

icbegypt.com

# Reference: https://twitter.com/makflwana/status/1121063810289238018

newfield-us.info

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

alspi.cf

# Reference: https://twitter.com/bad_packets/status/1005578509564108800

upgraderservices.cf

# Reference: https://twitter.com/smii_mondher/status/962702751762468866

centropesquisabit.com.br

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

baldorclip.icu

# Reference: https://twitter.com/malwrhunterteam/status/1121095736299597824

geraldgore.com/news/

# Reference: https://twitter.com/malware_traffic/status/1121097028426194944

iblservicosonline.com

# Reference: https://twitter.com/MisterCh0c/status/1121125682032119808

noda-8879.cf

# Reference: https://twitter.com/malware_traffic/status/1061039473448734722

po0o0o0o.com

# Reference: https://twitter.com/coldshell/status/936173677854580736
# Reference: https://pastebin.com/9JfkQ1FX 

accessyouraudience.com
alucmuhendislik.com
awholeblueworld.com
bit-chasers.com
datenhaus.info
hexacam.com
mh-service.ru

# Reference: https://twitter.com/coldshell/status/936588497216995328
# Reference: https://pastebin.com/LRTA7NSn

basedow-bilder.de
centralbaptistchurchnj.org
highlandfamily.org
motifahsap.com
pdj.co.id
pragmaticinquiry.org
schwellenwertdaten.de
shamanic-extracts.biz
team-bobcat.org
troyriser.com

# Reference: https://twitter.com/coldshell/status/894908561855307776
# Reference: https://pastebin.com/dZXyvmvL

adelaidemotorshow.com.au
apositive.be
autoecoleathena.com
autoecoleboisdesroches.com
autoecoledufrene.com
beansviolins.com
cipemiliaromagna.cateterismo.it
firstonetelecom.com
fly2.com.tw
harristeavn.com
heathrowestudios.com
hydronetinfo.com
melting-potes.com
microsom.com
modemagazine.net
new.intranet.wem.fr
patrickreeves.com
potamitis.gr
rosascomendador.com
scoot-mail.net
sixty-six.org
telesolutionsconsultants.com
trombositting.org

# Reference: https://twitter.com/tmmalanalyst/status/891998398462566400

luczki.pl

# Reference: https://twitter.com/x42x5a/status/1121702655464751104

payeer-coin.icu

# Reference: https://twitter.com/FewAtoms/status/1121751424096845831

http://216.170.120.137

# Reference: https://twitter.com/JAMESWT_MHT/status/1121755894511960064
# Reference: https://app.any.run/tasks/c18ca904-42a7-4cda-89ca-8960f38ff406

gcleaner.info
melbettyge.top
refpagdcmr.top
salosvodkoi.ru

# Reference: https://twitter.com/FewAtoms/status/1121780178676527104
# Reference: https://twitter.com/FewAtoms/status/1121096964869959682

http://80.82.66.58

# Reference: https://twitter.com/jeromesegura/status/1121811483195633670
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/

jquerylol.ru

# Reference: https://twitter.com/neonprimetime/status/1121800377727426561

hlggregoriazl.xyz

# Reference: https://twitter.com/QuaestioQuestio/status/1121777747834155012

gatiropimonita.website
updateservice.work

# Reference: https://twitter.com/x42x5a/status/1122096731800375296

fin18.org

# Reference: https://twitter.com/slayersecurity/status/1122137824076148736

basaso.mobi
dpyfo.mobi
enchanted.mobi
ghtc.mobi
hfik.mobi
mobisad.mobi
nefal.mobi
nkdyo.xyz
professional.mobi
rhggy.mobi

# Reference: https://twitter.com/DbgShell/status/1121583280145543168

http://84.200.43.124

# Reference: https://twitter.com/jpcert_ac/status/1121701529847603202

officecrack.gi2.cc

# Reference: https://twitter.com/ViriBack/status/1122527363772887044

90551.prohoster.biz

# Reference: https://twitter.com/hexlax/status/988881472403763200

untorsnot.in

# Reference: https://twitter.com/0x13fdb33f/status/1122544651628576768
# Reference: https://www.kernelmode.info/forum/viewtopic.php?p=32871
# Reference: https://otx.alienvault.com/pulse/5cc6ca1e69cc6cfee80974a7

fusu.icu
keke.icu
luru.icu
qoqo.icu
susu.icu
zqfgy.app

# Reference: https://twitter.com/dvk01uk/status/1122803607269773312

findrew.gq

# Reference: https://twitter.com/makflwana/status/1122818381856555010

http://91.243.83.154

# Reference: https://twitter.com/James_inthe_box/status/1122861244023656453

anticcolonial.cf

# Reference: https://twitter.com/x42x5a/status/1122863171222560768

h-drums.cf

# Reference: https://twitter.com/dvk01uk/status/1122702052482846720

ayakkokulari.com

# Reference: https://twitter.com/ScumBots/status/1122874459432599555

s0ft3r.ru

# Reference: https://twitter.com/anyrun_app/status/1122812186680856577
# Reference: https://app.any.run/tasks/b389fddc-d90a-427c-a164-ff73dc2c185b

govhotel.us

# Reference: https://twitter.com/Racco42/status/1122966809924329472

iceslyt.ru

# Reference: https://twitter.com/Sm0k10/status/1123018192228626443

quo75fbm.club

# Reference: https://twitter.com/dave_daves/status/1123143230852358145

mail-tools.info

# Reference: https://twitter.com/JaromirHorejsi/status/1095328020028628992

nim3.xyz

# Reference: https://twitter.com/FewAtoms/status/1123154922562678784

http://23.249.163.113

# Reference: https://twitter.com/avman1995/status/1035033720489734145

kangnaterayna.com

# Reference: https://twitter.com/x42x5a/status/1123191255679291392

sellingproducts.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123202218101039109

jbfd8699nia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123206109421027329

wadameee.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123209767135141889

cliniquevoyage.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123214806251646977
# Reference: https://www.virustotal.com/gui/domain/digital-studio.org/details
# Reference: https://app.any.run/tasks/27874df0-5ed8-469e-8a53-0741bb8fca58

digital-studio.org

# Reference: https://twitter.com/siri_urz/status/1123212324385513472

http://92.63.197.153

# Reference: https://twitter.com/x42x5a/status/1123250026883497985

lovemepls.com

# Reference: https://twitter.com/PRODAFT/status/1123241137710555136

http://45.227.252.54

# Reference: https://twitter.com/malwrhunterteam/status/1123262864029040641

nathanklebe.com

# Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

http://188.166.74.218
http://45.55.211.79

# Reference: https://twitter.com/makflwana/status/1123465749027225600

http://5.188.231.210

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

auzonet.net
datdepot.net

# Reference: https://twitter.com/FewAtoms/status/1123563237084024832

http://155.138.134.133

# Reference: https://twitter.com/ScumBots/status/1122705081953132549

bitwhites.top

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834

frameupds.info

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976

hbr0.icu

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

teleduck.de
zaremedspa.com

# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

individualkipitera.site
individualkipitera24.site
intimorg.xyz
prostitutkivoronezha24.bid
prostitutkiyaroslavlya76.men
prostitutkisoy.com
prostitutki-adlera.xyz
prostitutki-sterlitamaka.xyz
prostitutki-vologdy.xyz
prostitutki-tomska.xyz
prostitutkisochi24.xyz
prostitutki-magnitogorska.xyz
prostitutki-tveri.xyz
prostitutki-kaliningrada.xyz
prostitutki.soy
prostitutkimoskvy.surf
prostitutkiyaroslavlya.xyz
prostitutki-surguta.xyz
prostitutki-izhevska.xyz
prostitutki-permi.xyz
prostitutkikazani.xyz
prostitutkikrasnoyarska.xyz
prostitutkiomska.xyz
prostitutkirostova.xyz
prostitutkiufy.xyz
prostitutkivoronezha.xyz
prostitutki-arhangelska.xyz
prostitutki-biyska.xyz
prostitutki-taganroga.xyz
prostitutki-tambova.xyz
prostitutkipitera.soy
prostitutkivologdy.win

# Reference: https://twitter.com/JayTHL/status/1123591741347704832

92.222.151.63:36437

# Reference: https://twitter.com/JayTHL/status/1123829087913508865

leon-l-atkinson.club

# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

vman23.com

# Reference: https://otx.alienvault.com/pulse/5ccab2b0769cdc85663c84b9

747f9d59.ngrok.io

# Reference: https://twitter.com/x42x5a/status/1123914216665174016
# Reference: https://twitter.com/JAMESWT_MHT/status/1126420676427096065

ccleaner.host
ccleaner.top

# Reference: https://twitter.com/Racco42/status/1123953925831446529

41.231.120.138:7700
http://4more5.67.14.61

# Reference: https://twitter.com/Racco42/status/1123974086970019840

fjlryd.com

# Reference: https://twitter.com/drok3r/status/1124018831444385794

http://185.79.156.23

# Reference: https://twitter.com/drok3r/status/1124017680439181313

cc01213.tmweb.ru

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

a-7763.com

# Reference: https://twitter.com/SickPeaSec/status/1124078107617574912

http://42.51.65.7

# Reference: https://www.virustotal.com/gui/domain/heheda.tk/relations

heheda.tk

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Tovkater-6956309-0)

dicier.ru
triobol.ru
walforder.ru

# Reference: https://twitter.com/TheMan___TheMan/status/1124526444955295744

http://3.14.6.4

# Reference: https://twitter.com/slayersecurity/status/1124605083554078720

ckssplcom.ga

# Reference: https://twitter.com/FewAtoms/status/1124624471548149761

megaklik.top

# Reference: https://twitter.com/James_inthe_box/status/1124634464447950848

hamriadhurai1.com

# Reference: https://twitter.com/James_inthe_box/status/1124648077627838465

http://106.13.96.196

# Reference: https://twitter.com/VK_Intel/status/1124826957764603905

ghostru.biz

# Reference: https://twitter.com/ViriBack/status/1125145578638389248

umc-tech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (#Win.Malware.Shadowbrokers-6958490-0)
# Reference: https://www.virustotal.com/gui/domain/sex.kuai-go.com/relations

teetah.com
thmqyo.com
iadaef.com
yvyqyr.com
yyhhwt.com
yoiupy.com
abvyoh.com
evoyci.com
nzooyn.com
niulzo.com
meadgz.com
yxpwly.com
cberyk.com
xuvvie.com
nfgesv.com
rjodmz.com
ygjuju.com
iauany.com
zopkpn.com
ubnuov.com
kroqzu.com
uxmaie.com
sex.kuai-go.com

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1125358634979012613

polaroil.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1125388900862767105

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/pmelson/status/1125070087218659330

anyconnect.stream
bigip.stream
fortiweb.download
kaspersky.science
microtik.stream
owa365.bid
symanteclive.download
windowsdefender.win

# Reference: https://twitter.com/angel11VR/status/1125765188370731009
# Reference: https://app.any.run/tasks/8bee6450-d92c-4a21-8b8e-6dbec1e777e5

joeing2.duckdns.org

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

neperepahano.top

# Reference: https://twitter.com/Jan0fficial/status/1093123191504031746

scanjet.tk

# Reference: https://twitter.com/P3pperP0tts/status/979416398932905985

mdolk.ru

# Reference: https://twitter.com/P3pperP0tts/status/980426489802960897

ponysolution.tk

# Reference: https://twitter.com/x0rz/status/763396946371436544

andmabi.com
redidfe.ru
undwohed.ru

# Reference: https://twitter.com/hexlax/status/740548297723678720

cussocarve.net

# Reference: https://twitter.com/hexlax/status/777967707601895424

tortonrcommt.pw

# Reference: https://twitter.com/hexlax/status/905947662595366913

detrogoldenmayer.com

# Reference: https://twitter.com/teoseller/status/674601023076462596

beamtech-tw.com

# Reference: https://twitter.com/teoseller/status/790919712909697024

zjibingfeng.com

# Reference: https://twitter.com/hexlax/status/803324541858627584

ru-id21387192837.com

# Reference: https://twitter.com/DissectMalware/status/1125899122958065665

velquene.net

# Reference: https://twitter.com/bomccss/status/1125902307030265856

donersonma.com

# Reference: https://twitter.com/executemalware/status/1125818675519459328

58.218.66.168:32221

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

samuelkerns.com

# Reference: https://www.virustotal.com/gui/ip-address/90.103.111.117/relations

iamahackeur.servehttp.com
jesuisunhackeur.servehttp.com

# Reference: https://twitter.com/papa_anniekey/status/1090808731393155072

kuroekoyamato.com
kuronekoyamao.com

# Reference: https://twitter.com/051R15/status/984704059109093382

jcgloball.org

# Reference: https://twitter.com/dvk01uk/status/1126064949212721152

carlostevez.ga
carlostevez.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1126109441651245057
# Reference: https://app.any.run/tasks/004e0cf9-8b5c-41eb-a7af-d048dcb80608

green.nogel.tech
safa.205dundas.com
ssw.138front.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/

link.fivetier.com

# Reference: https://twitter.com/MisterCh0c/status/1126214464334979074

ftp://computernewb.ml

# Reference: https://twitter.com/VirITeXplorer/status/1126382269646741505

zuisarch.top

# Reference: https://twitter.com/x42x5a/status/1126402234676404225

abscete.info
fopstudios.com

# Reference: https://twitter.com/x42x5a/status/1126395015566102528

bluedahab.ga

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

effe-erre.es
sigaingegneria.com

# Reference: https://twitter.com/JayTHL/status/1126254567568695301

fuckchriscollingsworth.com

# Reference: https://twitter.com/DissectMalware/status/1126384963497205762

http://51.89.0.134

# Reference: https://otx.alienvault.com/pulse/5cd3f89df12b501c477a6fba

vision2030.cf
vision2030.tk

# Reference: https://twitter.com/malwrhunterteam/status/1126438072047099905
# Reference: https://twitter.com/malwrhunterteam/status/1126443181879459842
# Reference: https://twitter.com/malwrhunterteam/status/1126450000425361408

abidefr.com
ambertut.com
profile.sandoct.com
sagdao.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126435324530503680

binnatto.de
megaklik.top
uzocoms.eu
venzatechi.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1126461915780255745

nettubex.top

# Reference: https://twitter.com/ActorExpose/status/1126448541637984256

can25.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126465809415647232

bullettruth.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126476203253280773

ezeada.site

# Reference: https://twitter.com/James_inthe_box/status/1126487574317490179

aotiahua.com

# Reference: https://twitter.com/James_inthe_box/status/1126590019269840896

farmfit.ru

# Reference: https://twitter.com/dvk01uk/status/1126726101055574016

xzhch.ml

# Reference: https://app.any.run/tasks/b9d22ade-b917-421b-a117-e514d56fefd5
# Reference: https://www.virustotal.com/gui/domain/ndtst.com/details

ndtst.com

# Reference: https://twitter.com/dvk01uk/status/1121281997643636736
# Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf

nxgenbiz.us

# Reference: https://twitter.com/dvk01uk/status/1118559250471628800

terryhill.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1126803185753047040

gcleaner.info

# Reference: https://twitter.com/malwrhunterteam/status/1126808002986639361

rapport.lcto.lu

# Reference: https://twitter.com/x42x5a/status/1126832160936214529

soksanhotels.com

# Reference: https://twitter.com/dave_daves/status/1126840642485784576

mecharniser.com

# Reference: https://twitter.com/James_inthe_box/status/1126846840060571648

vasinvestment.tk

# Reference: https://twitter.com/ViriBack/status/1126992620310470656

iujoaqstqiywertgpu.club

# Reference: https://twitter.com/ViriBack/status/1127224259837878273

phumyhunggiatot.com

# Reference: https://twitter.com/daphiel/status/1123927542149328896

blanki-shabloni24.ru
ezstat.ru
icq.chatovod.info
ktosdelaetskrintotpidor.com
medialeaks.icu
sositehuypidarasi.com
superjob.icu
women-history.me

# Reference: https://twitter.com/malware_traffic/status/810966197881671680
# Reference: http://malware-traffic-analysis.net/2016/12/19/index.html

talhanterbutres.top
srugbah.com

# Reference: https://twitter.com/pancak3lullz/status/1022845906041929728

asterixenergy.in

# Reference: https://twitter.com/pancak3lullz/status/746337709774430208

camera-test.hi2.ro
summerr554fox.su

# Reference: https://twitter.com/FewAtoms/status/1127531654019334144

222.187.238.16:2020

# Reference: https://twitter.com/ActorExpose/status/1127565211832135681

webarconet.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1127927901725306881

rabbitscafenyc.com
rerplan.tk
ttreface.tk

# Reference: https://twitter.com/malware_traffic/status/1128019457966735360

dhlexpress.club

# Reference: https://twitter.com/ActorExpose/status/1128018026673131521

double-minded-elect.000webhostapp.com

# Reference: https://twitter.com/ActorExpose/status/1128004155673542657

ryselis.xyz

# Reference: https://twitter.com/ActorExpose/status/1128017378518892544

aquilesarocaltda.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1128214459334500353

sonofgraceoffice.website

# Reference: https://twitter.com/dvk01uk/status/1128239904402694144

modipond.gq

# Reference: https://twitter.com/dvk01uk/status/1128286894553489408

terryhill.top

# Reference: https://twitter.com/JayTHL/status/1128405725888307200

maketheswitch.ca

# Reference: https://twitter.com/58_158_177_102/status/1128310206327283713

mondayis.info

# Reference: https://twitter.com/virusbtn/status/1128556881079930881

ezinebachelor.top

# Reference: https://twitter.com/FewAtoms/status/1128706633671090179

is45wdsed4455sdfsf.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1128828811796242433

187.ip-54-36-162.eu

# Reference: https://twitter.com/Racco42/status/1128955163023171584

myscs.ca

# Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232

ybtvmt.info

# Reference: https://twitter.com/x42x5a/status/1128995801286492162

tandf.xyz

# Reference: https://twitter.com/pancak3lullz/status/1129392247924035584

brsystem1000k33.com

# Reference: https://twitter.com/James_inthe_box/status/1129452679250321408

officeboss.xyz

# Reference: https://app.any.run/tasks/4a96e0a9-8b6a-46ac-8e31-5d7d6a417720/

asnkar.me

# Reference: https://twitter.com/dave_daves/status/1129401061696036864

http://13.58.74.46

# Reference: https://twitter.com/James_inthe_box/status/1129514888148086784

botonbot.net
ruit.live

# Reference: https://twitter.com/malware_traffic/status/1129758980585283584

alimstores.com

# Reference: https://twitter.com/Jouliok/status/1129662977664274432

microsoft-products.com
228276216.net

# Reference: https://twitter.com/ActorExpose/status/1130119521770102791

thenewsystemsetup.online

# Reference: https://www.virustotal.com/gui/url/a23b74470167c11d15f0ece4f0859c10f411a21f895836a7df383a87ce857930/detection

android-fanatics.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130401062710648832
# Reference: https://app.any.run/tasks/e4f79fa5-1908-4791-8e49-bd966a4ff139/

maso.at

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclick.live

# Reference: https://twitter.com/dave_daves/status/1130465690740232193

gdres.tk

# Reference: https://twitter.com/FewAtoms/status/1130496077759746050

mnsoorysoemsystems.com

# Reference: https://twitter.com/James_inthe_box/status/1130541505356095488
# Reference: https://pastebin.com/LFHR1XX1

absentselection.icu
chargement-pro.icu
commande.icu
commandeapp.icu
commandehq.icu
commandehub.icu
commandelabs.icu
continentaltourist.icu
document-joint.icu
documentpro.icu
emaillabs.icu
emailly.icu
opencommande.icu
proapp.icu
prohq.icu
standardpopulation.icu

# Reference: https://twitter.com/ActorExpose/status/1130199745287413760

mywegsite.com

# Reference: https://twitter.com/dvk01uk/status/1130735131793207296

handuruz.cf
handuruz.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304

office365-cloud5.com
office365-cloud5.space

# Reference: https://twitter.com/ViriBack/status/1130814960517427201

carsitxal.tk

# Reference: https://twitter.com/James_inthe_box/status/1130882574853632002

http://82.221.139.139

# Reference: https://twitter.com/ViriBack/status/1131000954613108737

http://54.37.141.202

# Reference: https://twitter.com/FewAtoms/status/1131234678550220805

faqshub.xyz

# Reference: https://twitter.com/ViriBack/status/1131318550759641088

lucid44.xyz

# Reference: https://twitter.com/ViriBack/status/1131542334850699264

modestworld.top

# Reference: https://app.any.run/tasks/457da061-f848-42e8-a26d-82259768b2c0/

2mmotorsport.biz
alpenlodge.com
arbezie-hotel.com
aparthotelzurich.com
apartmenthaus.com
aubergemontblanc.com
belvedere-locarno.com
berginsel.com
bizziniinfissi.com
bnbdelacolline.com
bristol-adelboden.com
chambre-d-hote-chez-fleury.com
checkerrors.ug
elite-hotel.com
fliptray.biz
googletime.ug
haargenau.biz
hardrockhoteldavos.com
holzbock.biz
hotelalbanareal.com
hotel-blumental.com
hotelfarinet.com
hotelweisshorn.com
hrk-ramoz.com
la-fontaine.com
limmathof.com
morcote-residenza.com
mountainhostel.com
nationalzermatt.com
pizcam.com
seitensprungzimmer24.com
swisswellness.com
tantarantantan23.ru
torhotel.com
waageglarus.com
whitepod.com

# Reference: https://twitter.com/James_inthe_box/status/1131717489824428032
# Reference: https://www.virustotal.com/gui/domain/baihes.com/relations
# Reference: https://www.virustotal.com/gui/domain/coipip.com/relations

baihes.com
coipip.com

# Reference: https://twitter.com/blackorbird/status/1131790385884278784

asia-kunsthandwea1-online.com
kkrudy.com

# Reference: https://twitter.com/x42x5a/status/1131822281452380160
# Reference: https://twitter.com/James_inthe_box/status/1131855420073496576

airliness.info
donaldcity.club
nevernews.club
vsblobprodscussu5shard62.blob.core.windows.net
vsblobprodscussu5shard67.blob.core.windows.net
weekdanys.com

# Reference: https://twitter.com/James_inthe_box/status/1131927201496961024

tryfast-v52.cf

# Reference: https://twitter.com/FewAtoms/status/1131961073219899394

http://82.221.139.139
eyeseepotential.com
is45wdsed4455sdfsf.duckdns.org

# Reference: https://twitter.com/Racco42/status/1132056583293329408

eurogov.pw

# Reference: https://twitter.com/BroadAnalysis/status/880488094277009408

batbetorzen.com

# Reference: https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/

51.255.101.144:4444
twitter.com-users.info

# Reference: https://twitter.com/HONKONE_K/status/1132892192719101952

naiei-aldiel.16mb.com

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclicks.live

# Reference: https://twitter.com/JAMESWT_MHT/status/1133024098542604288

ethchain.live

# Reference: https://twitter.com/x42x5a/status/1133025211606077440

ethmoney.live
ethcrypto.live
ethpromo.live
ethmoney.club
ethmoney.club

# Reference: https://twitter.com/jorgemieres/status/1133052016568274950

vbtz.cf

# Reference: https://twitter.com/FewAtoms/status/1133059049887604737

vaddesobhanadri.com

# Reference: https://twitter.com/cybsecbot/status/1133275353349316610

gettyimages-okta.com
harpercollins-okta.com
login-hulu.com
dropbox-apps.com
webmail-premierpr.com

# Reference: https://twitter.com/dvk01uk/status/1133294737006518272

oliver-khan.tk

# Reference: https://twitter.com/ViriBack/status/1133339769776349185

http://80.233.134.242

# Reference: https://twitter.com/HONKONE_K/status/1133205335877885952

ip1.qqww.eu

# Reference: https://twitter.com/Racco42/status/1133330864216133632

secureserverftp.xyz

# Reference: https://twitter.com/ActorExpose/status/1133339071630204928

ntexplorerlite.com

# Reference: https://twitter.com/MalwarePatrol/status/1133417154009870337

banner.poker.williamhill.com

# Reference: https://twitter.com/MalwarePatrol/status/1133054765573844993

attachments.goapk.com

# Reference: https://twitter.com/MalwarePatrol/status/1132873570932203520

support1.uvnc.com

# Reference: https://twitter.com/MalwarePatrol/status/1132692376848281600

img2.img.9xiu.com

# Reference: https://twitter.com/tkanalyst/status/1133505361145556993

makemoneyeasy.live

# Reference: https://app.any.run/tasks/324f1dc9-5cce-42b4-bec0-f572b37bedfa/

kentona.su

# Reference: https://twitter.com/raby_mr/status/1133347073154097153
# Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
# Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/ip-address/185.142.97.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.182.200.111/relations

185.142.97.228:65233
217.182.200.111:21
217.182.200.111:35046
217.182.200.111:35579
217.182.200.111:35829
217.182.200.111:35348
http://217.182.200.111

# Reference: https://twitter.com/SickPeaSec/status/1133660498023501824

129.204.248.16:65534

# Reference: https://twitter.com/JAMESWT_MHT/status/1133701006238375937

anmcousa.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1133691719348830208

bobbyworld.top

# Reference: https://twitter.com/P3pperP0tts/status/1133897358402564096

http://193.32.161.77

# Reference: https://twitter.com/dvk01uk/status/1133950202233200640

amanihackz.com

# Reference: https://twitter.com/SoulRage6/status/1133994359987277831

http://84.38.135.164

# Reference: https://twitter.com/JAMESWT_MHT/status/1134050405430808577
# Reference: https://app.any.run/tasks/f1a352c4-1174-41bb-809f-ab4ed0b6be7c/

redinqtongvlftadf.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1133469852579106816

doughnut-snack.live
pleasurekeys.hopto.org
suzuki-dc.biz
unknownsoft.duckdns.org

# Reference: https://twitter.com/MalwarePatrol/status/1134141928541446146

tripdownload.com

# Reference: https://twitter.com/FewAtoms/status/1134146787953000449

moonday-v54.tk

# Reference: https://twitter.com/SickPeaSec/status/1134180182544093186

190.37.209.37:3569

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

sj81helmer.top

# Reference: https://twitter.com/BleepinComputer/status/1134227276101554176

up-date.to

# Reference: https://twitter.com/VK_Intel/status/1134606562180382720

li888-183.members.linode.com

# Reference: https://www.virustotal.com/gui/domain/swtest.ru/relations

aidem7783g.temp.swtest.ru
anidielaet.temp.swtest.ru
aramkaaz14.temp.swtest.ru
armossarov.temp.swtest.ru
bi5360mail.temp.swtest.ru
error04004.temp.swtest.ru
examenatio.temp.swtest.ru
fhdbisdaqc.temp.swtest.ru
greatebmlm.temp.swtest.ru
gul9tbhzkz.temp.swtest.ru
i4aucsmail.temp.swtest.ru
info47hapy.temp.swtest.ru
kievgazsuk.temp.swtest.ru
lexa4ekdur.temp.swtest.ru
loginbssdr.temp.swtest.ru
nev99265cn.temp.swtest.ru
newbirzaya.temp.swtest.ru
nezvanovaa.temp.swtest.ru
nha75213cn.temp.swtest.ru
orl05511cn.temp.swtest.ru
otlexidolj.temp.swtest.ru
p0rnfyande.temp.swtest.ru
payeeronli.temp.swtest.ru
pqg39775cn.temp.swtest.ru
qgx70047cn.temp.swtest.ru
rfkzgfnz10.temp.swtest.ru
ribinadash.temp.swtest.ru
rstetpshme.temp.swtest.ru
sergeimvdm.temp.swtest.ru
sngtrafyan.temp.swtest.ru
threehouse.temp.swtest.ru
timeztopg2.temp.swtest.ru
tobnovi4o2.temp.swtest.ru
traditsias.temp.swtest.ru
uofbdfg6ko.temp.swtest.ru
uzwbrkomoc.temp.swtest.ru
vvb93165cn.temp.swtest.ru
yefisebapl.temp.swtest.ru
yuyulamole.temp.swtest.ru
zakikiwiya.temp.swtest.ru
zhitinanin.temp.swtest.ru

# Reference: https://twitter.com/ViriBack/status/1134859021234651136

pounds.ngrok.io

# Reference: https://twitter.com/ViriBack/status/1134912329597050880

sm.rooderoofing.com.au

# Reference: https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360/

big-partynew.ru

# Reference: https://twitter.com/MalwarePatrol/status/1135410287992025088

www8.piaodown.com

# Reference: https://twitter.com/securiteoff/status/740562516699447296
# Reference: https://www.virustotal.com/gui/domain/lasersteam178.ru/relations

lasersteam178.ru

# Reference: https://twitter.com/pancak3lullz/status/748146742571372544
# Reference: https://www.virustotal.com/gui/domain/19891108.info/relations

19891108.info

# Reference: https://twitter.com/Jouliok/status/1135293849314693126

http://82.221.139.139

# Reference: https://twitter.com/dms1899/status/1135693930492829696

proapp.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1135825545038401536

ar-energyservice.com

# Reference: https://app.any.run/tasks/9a352314-04a9-4594-8d10-9f375b7cc2c3/

http://176.10.118.191

# Reference: https://www.virustotal.com/gui/domain/yourdocument.biz/relations

yourdocument.biz

# Reference: https://twitter.com/takerk734/status/1135955547310632960

http://95.213.217.139
http://54.36.218.96
maidcafeyoyo.fun
simbaooshi.space
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/eComscan/status/1136181192796061697

dns-forwarding.com

# Reference: # Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dnsedc.com

# Reference: # Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dellnewsup.net

# Reference: https://twitter.com/0xrb/status/1135869164239769601 (# root domain)

yiffgallery.xyz

# Reference: https://www.virustotal.com/gui/domain/sportsnewsa.net/relations

sportsnewsa.net

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/

bazar.services
ds38.test-hf.su

# Reference: https://twitter.com/James_inthe_box/status/1136631137571237888

mysecrethope.com

# Reference: https://twitter.com/benkow_/status/1136623836936495104

china-hql.com

# Reference: https://twitter.com/FewAtoms/status/1136672182967439361

yonghonqfurniture.com

# Reference: https://twitter.com/malware_traffic/status/1136682537005305858

flash2019.xyz

# Reference: https://twitter.com/ViriBack/status/1136695799818215424

cvbt.ml

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

http://209.141.46.175
http://54.36.218.96

# Reference: https://twitter.com/KorbenD_Intel/status/1136765613412671488

ddl7.data.hu

# Reference: https://twitter.com/dave_daves/status/1137001089088315392

http://212.73.150.157

# Reference: https://twitter.com/VK_Intel/status/1137003147887566848

gstestat.com

# Reference: https://twitter.com/MalwarePatrol/status/1137041033609584640

vilamax.home.pl

# Reference: https://twitter.com/James_inthe_box/status/1137067993739943937

http://45.76.37.123
melirossa-shop.xyz
zipmatchpost.net

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

regwide.club
streetsave.club

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

keuhne-negal.com

# Reference: https://www.virustotal.com/gui/domain/panasocin.com/relations

panasocin.com

# Reference: https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
# Reference: https://www.virustotal.com/gui/ip-address/176.103.48.228/relations

http://176.103.48.228
baranevents.com
baranweddings.com
ctifsouteni.icu
etapportert.icu
ffrirbesoin.icu
hrhuae.com
ielassocier.icu
ourmazdcompany.net
samaste.net
sarahelizabethjewelry.com

# Reference: https://twitter.com/P3pperP0tts/status/1138360072168509440
# Reference: https://twitter.com/P3pperP0tts/status/1138373736187518977
# Reference: https://app.any.run/tasks/d9984618-81f4-48e5-883e-ee5591d73483/

qxyl.date
148.70.57.37:878
148.70.57.37:3

# Reference: https://twitter.com/P3pperP0tts/status/1138352249007222784
# Reference: https://twitter.com/P3pperP0tts/status/1140603446921433090

47.112.130.235:258
47.112.130.235:280

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

http://176.105.252.168

# Reference: https://otx.alienvault.com/pulse/5cff9b9b7a111ab1f15d7819
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/

139.180.199.167:1012
45.32.28.187:1012
pixeldrain.com

# Reference: https://twitter.com/James_inthe_box/status/1138440424765288454
# Reference: https://www.virustotal.com/gui/domain/hognoob.se/relations

hognoob.se
fid.hognoob.se
haq.hognoob.se
pxi.hognoob.se
pxx.hognoob.se
uio.hognoob.se
q1a.hognoob.se
upa1.hognoob.se
upa2.hognoob.se

# Reference: https://twitter.com/FewAtoms/status/1138477829434351624

2be431d7.ngrok.io
niggalife.5gbfree.com
sheddy.5gbfree.com

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

46fordhamavenue-camberwell.com
haveahealthy.life
homepage-iclouds.com

# Reference: https://twitter.com/bomccss/status/1138620211140030464

elievarsen.ru

# Reference: https://twitter.com/HarioMenkel/status/1138725169323790336

bluecornerblog.xyz

# Reference: https://www.virustotal.com/gui/ip-address/121.41.39.145/relations

121.41.39.145:7149
http://121.41.39.145

# Reference: https://twitter.com/James_inthe_box/status/1138930135548157952

http://5.206.226.15

# Reference: https://twitter.com/FewAtoms/status/1139177275977555970

sripipat.com

# Reference: https://twitter.com/James_inthe_box/status/1139206166385348613

138.68.16.227:8080
topdalescotty.top

# Reference: https://twitter.com/yvesago/status/1139209832014274562

fujielectric.cf

# Reference: https://twitter.com/P3pperP0tts/status/1139277669575659529

182.254.220.148:88

# Reference: https://twitter.com/gorimpthon/status/1139351204540977152
# Reference: https://app.any.run/tasks/51d14dec-d0de-4718-b5f1-3ae489013df9/

185.106.122.120:80
185.140.248.17:80

# Reference: https://twitter.com/58_158_177_102/status/1139369225863065602

185.164.72.213:80

# Reference: https://twitter.com/dave_daves/status/1139509798926467073
# Reference: https://twitter.com/FewAtoms/status/1139608798119768065

adl-groups.com
deluxerubber.com
greatmischiefdesign.com

# Reference: https://twitter.com/MalwarePatrol/status/1139758944224731141

a0310625.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1139841634655277056

check511.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1140333563319128064

222.186.172.44:9

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

785sou.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1140525091110998017

mondaydrem.ru

# Reference: https://twitter.com/x42x5a/status/1140530422172045312

storage.alfaeducation.mk

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568
# Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/

sventiskai.lt
45.67.14.157:80

# Reference: https://twitter.com/Sebdraven/status/1140597344720830471
# Reference: https://app.any.run/tasks/d7ce191d-c04f-4eff-a13c-02cbe746c256/
# Reference: https://www.virustotal.com/gui/domain/cdn-dl.cn/relations

cdn-dl.cn

# Reference: https://twitter.com/nullcookies/status/1140780769914302467

belllflight.com

# Reference: https://twitter.com/VirITeXplorer/status/1140875655955079168

btta.xyz

# Reference: https://twitter.com/papa_anniekey/status/1140825590632570880

blogmason.mixh.jp

# Reference: https://twitter.com/luc4m/status/1140928778799124482

http://185.230.161.116

# Reference: https://twitter.com/malware_traffic/status/1141083006574178304

tor2net.com

# Reference: https://twitter.com/58_158_177_102/status/1141226169720815616

bibicity.ru

# Reference: https://twitter.com/James_inthe_box/status/1141326136212766720

http://185.158.248.80

# Reference: https://twitter.com/James_inthe_box/status/1141429831688605697

joeing.duckdns.org

# Reference: https://twitter.com/SecurityGuyPhil/status/1141466335592869888
# Reference: https://twitter.com/ItsReallyNick/status/1141517097991835648
# Reference: https://otx.alienvault.com/pulse/5d0aeb6260c8332e03da9063

89.34.111.113:443
185.49.69.210:80

# Reference: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

http://185.162.131.92
http://185.49.71.101

# Reference: https://twitter.com/P3pperP0tts/status/1141611364953337856

94.191.94.149:8080

# Reference: https://twitter.com/P3pperP0tts/status/1141961999796113408
# Reference: https://twitter.com/FewAtoms/status/1144567670555254787

103.45.174.46:81
103.45.174.46:8080

# Reference: https://twitter.com/James_inthe_box/status/1142005711808765952

jplymell.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142018475508060160

tommyhalfigero.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

crypy.top

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
# Reference: https://www.virustotal.com/gui/ip-address/45.67.14.179/relations

http://45.67.14.179

# Reference: https://twitter.com/peterkruse/status/1141993808105811968

proyectobasevirtual.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142065672387792896

makemoneyeasywith.me

# Reference: https://twitter.com/James_inthe_box/status/1140768910465101824

aeg.tmc.mybluehost.me

# Reference: https://twitter.com/FewAtoms/status/1142143526165073920

http://185.82.200.189

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Zusy-6995723-0)

brureservtestot.cc
qytufpscigbb.com

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Trojan.Shiz-6994953-0)

cilynitiseg.eu
dikuvizigiz.eu
fodavibusim.eu
gaherobusit.eu
ganazywutes.eu
jenupydaces.eu
keraborigin.eu
lykemujebeq.eu
lyvoguraxeh.eu
magofetequb.eu
nojepofyren.eu
norumikemem.eu
novacofebyz.eu
nozapekidis.eu
pupucuvymup.eu
qeburuvenij.eu
qegefavipev.eu
rytahagemeg.eu
tufamugevih.eu
tunarivutop.eu
tupazivenom.eu
vocupotusyz.eu
xubifaremin.eu
xukafinezeg.eu
xuxetiryqem.eu

# Reference: https://twitter.com/jeromesegura/status/1142232287041343489

denizprivatne.top

# Reference: https://twitter.com/P3pperP0tts/status/1142248371631140867

http://149.202.29.67

# Reference: https://twitter.com/executemalware/status/1141882448063737857

blogmason.mixh.jp

# Reference: https://www.reverse.it/sample/a4ca81a3f7dc09377bbda508db39b48ef08073a07a0472f78db8b5256e93bdb5
# Reference: https://www.virustotal.com/gui/domain/winshipway.com/relations

winshipway.com

# Reference: https://twitter.com/DissectMalware/status/1142979828339150850

aesculapius.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1143142047987195904

baidu.wookhost.me

# Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/

mechanicaltools.club

# Reference: https://twitter.com/killamjr/status/1110889738653913089

valdez.pw

# Reference: http://vxcube.com/tools/domain/mailsa-qau.com/relate_iocs

153-66-11-33.com
154-65-22-26.com
154-65-22-29.com
154-66-11-33.com
154-66-21-29.com
154-66-21-30.com
154-66-21-33.com
154-66-22-29.com
anima-sana.cz
aplicativo-sms.com
askdrthomas.com
autopecasecreta.com.br
bancobrasil.mobi
beetfeetlife.bit
btoaspa.xyz
canadianposcorp.com
chaibuckz.com
checkmyurls.com
citiapp.mobi
cognitionclassroom.com
dual-it.com
fastandup.co.in
fin-plcukltd.com
gracesandoval.com
ibercob.com.br
id-19190249012904912904190249129490219049129419.pro
intecwi.org
internettenparakazanma.org
investcerto.site
istanbulside.net
ivanajankovic.com
jointings.org
kitcross.ca
llkty.gq
ltau.mobimasee.info
mcnconstruction.net
mincoindia.com
moduloempresa.com
noisquevoa.mobi
onlinemail.kz
ox2ybk1nf4muo3.net
pagseguro.mobi
pekip-und-mehr.de
pilarrakyat.com
propertiesfirst.com
rencontres-idf.fr
rootcenter.com.br
royhols.comservcobranca.in
sewardsfollybarandgrill.net
shawneklassen.com
theevanescense.com
tiltangeomatics.tk
trafficartspace.com
unlaca.info
unlaca.net
unlaca.org

# Reference: https://twitter.com/killamjr/status/1143498263892582402

deserv.ie/gunie/

# Reference: https://twitter.com/JAMESWT_MHT/status/1143514933646245889

up-dates.to
svarog-jez.com
yotube.com

# Reference: https://www.lacework.com/cve-2019-3396-poc-deep-dive/
# Reference: https://otx.alienvault.com/pulse/5d12356ce0b0b1db4062231e

http://37.44.212.223
51.15.56.161:201
68.183.164.16:2121
jukesbrxd.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1143539589849767936

selly.duckdns.org

# Reference: https://twitter.com/OttoScav/status/1143567557649154048

birthdayeventdxb.com
cscuniversal.com

# Reference: https://twitter.com/malware_traffic/status/1143624752956940288

kooovaqas.biz
naaleazas.net
rogojaob.info
vaxeiayas.mobi
oltaeazas.mobi
amlivaias.us
ijcaiatas.name
ufayubja.me

# Reference: https://twitter.com/luc4m/status/1143808322430218241

aeg.tmc.mybluehost.me/xx/

# Reference: https://twitter.com/MalwarePatrol/status/1140664914417205249

cloud.xenoris.fr

# Reference: https://twitter.com/neonprimetime/status/1116754139281805317

eventricity.biz

# Reference: https://twitter.com/FewAtoms/status/1144223806195716098

mikejesse.top

# Reference: https://twitter.com/h4ckak/status/1144173749056315392

http://217.163.23.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1144238644460433408

qwerty123456.space

# Reference: https://twitter.com/sniko_/status/1144454852698705924

digidick.xyz

# Reference: https://twitter.com/x42x5a/status/1144554536809435136

42.51.194.10:81

# Reference: https://twitter.com/x42x5a/status/1144559810123370496

http://114.118.80.241
114.118.80.241:8081

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

natchotuy.com

# Reference: https://twitter.com/FewAtoms/status/1144636921437655041

http://123.207.143.211

# Reference: https://twitter.com/The_d0c_T0R/status/1144640214293520385

http://47.95.252.24

# Reference: https://twitter.com/malware_traffic/status/1144726582596186120
# Reference: https://www.malware-traffic-analysis.net/2019/06/28/index.html
# Reference: https://twitter.com/malware_traffic/status/1144027142696656896

thetechhaus.com
ntri.triplegconsults.com
green.mattingsolutions.co
ruscacademy.in
track.positiverefreshment.org

# Reference: https://twitter.com/Bank_Security/status/1115131039511396352
# Reference: https://www.malware-traffic-analysis.net/2019/04/05/index.html
# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
snap.cr-acad.com
static.spillpalletonline.com
tops.sineadholly.com

# Reference: https://twitter.com/Paladin3161/status/1144641457992556546

119.188.250.55:8080

# Reference: https://twitter.com/dineshdina04/status/1008621004896198657
# Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/

111.73.46.110:2233

# Reference: https://twitter.com/ViriBack/status/970443789234929664

cajo.com.au
etnografskimuzej.rs

# Reference: https://twitter.com/TelecomixSyria/status/301863376395587584
# Reference: https://www.virustotal.com/gui/domain/syrian-martyrs.com/details

syrian-martyrs.com

# Reference: https://twitter.com/ViriBack/status/1145040024297181186

mimiplace.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/rarog/c2_w_timestamps.csv (# root domains)

0100.name
111orion.xyz
1gq.ru
4spirin.pw
5max.xyz
7bog.ru
abibletit.ru
accbmosol.com
admina.xyz
adminbtc.ru
albertsrun.xyz
badboy.pw
banddos.ru
bcjsoinlsidun3.eu
bdwiki.ru
bfvvsdfvjbvcdg.pw
billionaireboys.pw
bitcoin.lisx.ru
bitoklg.ru
bizmailcon.ru
bjkdfhbvvr.pw
bldimablog.xyz
bnknw.pw
bsdfbsadjfb.pw
bsdfksbdfj.pw
bsdfvsh.pw
btc-db.com
btchash777.ru
btcminergate.ru
bvjhsdvbfjsd.pw
centralfargo.com
checkingsite.site
checkmeout.ru
chvpobidno.com
cryptongram.org
cryptopoly.pw
csgotrade.vip
csobik.xyz
dcr048dd.ru
dedpanel.xyz
def397.pw
dfgsfdkj3jk4h5.ru
dfsfgsdfg.pw
digital-game.ru
dismay.pw
doomed.cf
dratuti.info
drujbanu.pw
enable.pw
enigma-top.bid
euirterhgt.pw
f1eriya.pw
fl-god.pw
games-revi.ru
getdownload4812.ru
ghjdthrf.tk
googleanalistics7431.ru
gopanel.ru
gslll.ru
hfyljv.ru
highwrite.ru
hjbkfwejhkfbj2334f.pw
hjdskyewljfdn.pw
hlebb.pw
how-to-how.club
hsnqy2no.host
ibsmoney.ru
igogos.ga
incor.xyz
itemsbet.com
itsmydomain.xyz
jackblack.pw
jisec.xyz
kdjsnbfgkjdf.pw
kefirsports.xyz
kevyank.ru
kiras.kz
kolokolchik.info
kopilka.io
kwam.gdn
land-seo.ru
lkasdjfklhngn.pw
m234.xyz
macadmin.xyz
mainivent.xyz
malmine.ru
maxpinezzz.ru
microtrend.xyz
min2rarllsknfoeihe.ru
minerarog.xyz
minergood.ru
minerhash.pw
minetbot.online
money-exchanger.info
mousehous.gdn
moy-mayner.ru
mrgap.pw
mybblog.xyz
mynebo7.xyz
mysuperprojectnumone.xyz
nbvnfuyjft567uygvhgfc.pw
nebuchadnezzar.xyz
newmine.ru
norfest1x.win
o4kobati.xyz
odmenarmi9z.site
plastileen.pw
poiwebm.ru
rand0msh1tm1n3r.xyz
rar740.xyz
rarog-cobetchik.ru
raznospower.ru
realbarbos.life
realtek.website
recheckmail24.ru
rikimaru7.pw
rrealstats.ru
rublikzarabotok.com
sadating.xyz
sanya330.pro
sdbfhjbsdfjh.pw
sdfbdsfjhkbgdf.pw
sdfvbshgdvf.pw
shilo.ml
soft-portal.kz
spaceman07.ru
spiridus.pw
staglion.pro
stingtek.com
sychost.com
system-analyse.win
tapblackmoney.pw
tiberious.xyz
torprojectonioncheck.com
tyha84.info
ugrym.pw
vergames.ru
webbserfer.ru
wilhost.com
wolframalpha.pw
wwqrwwwreewrqwer.xyz
xgames.su
xyw.space
zerstoren.pro
zloki.pw

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations

11fhfh.com
11xhxh.com
11xjxj.com
123dmdm.com
123fhfh.com
123hyhy.com
123jjyy.com
123kbkb.com
123xhxh.com
123xjxj.com
123xmxm.com
123xxbb.com
123yybb.com
22ctct.com
22fhfh.com
22hyhy.com
33dmdm.com
33jjyy.com
33xjxj.com
33xxaa.com
44ctct.com
44dmdm.com
44fhfh.com
44jjyy.com
44qxqx.com
44xhxh.com
44xjxj.com
44xmxm.com
44xxaa.com
44xxpp.com
520dmdm.com
520fhfh.com
520qxqx.com
520ssbb.com
520xhxh.com
520xjxj.com
520xmxm.com
55dmdm.com
55fhfh.com
55jjyy.com
55qxqx.com
55sdsd.com
55xhxh.com
55xjxj.com
55xxaa.com
55xxpp.com
628ai.com
6688cdn.com
66bbmm.com
66dmdm.com
66fhfh.com
66hyhy.com
66jjyy.com
66qxqx.com
66xhxh.com
66xjxj.com
66xxaa.com
66xxpp.com
6ctct.com
77dmdm.com
77hyhy.com
77xhxh.com
77xxaa.com
7ctct.com
7ufuf.com
888dmdm.com
888fhfh.com
888hbhb.com
888kbkb.com
888mbmb.com
888xhxh.com
888xjxj.com
888xmxm.com
88cscs.com
88ctct.com
88dmdm.com
88fhfh.com
88jjyy.com
88mkmk.com
88xhxh.com
88xjxj.com
88xxpp.com
890ai.com
898ai.com
999dmdm.com
999fhfh.com
999kbkb.com
999xhxh.com
999xjxj.com
999xmxm.com
99bbmm.com
99dmdm.com
99fhfh.com
99jjyy.com
99ppss.com
99xhxh.com
99xjxj.com
99xxpp.com
avav99.com
bcbc11.com
bcbc22.com
btbt33.com
btbt44.com
btbt77.com
didi22.com
gbgb11.com
gbgb66.com
mbmb55.com
mbmb99.com
nbnb33.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations

5444666.com
lh590.com
lh65.com
lh660.com
lh993.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.105/relations

1122sb.com
1188sb.com
629k.com
yh558877.com

# Reference: https://twitter.com/FewAtoms/status/1145357973579083778

securefilesdatas23678842nk.cf

# Reference: https://app.any.run/tasks/8df63024-05d4-4d67-bea9-ecdb1b9884a7/

nixtin.us

# Reference: https://twitter.com/ViriBack/status/1145366573898747905

http://190.97.166.189

# Reference: https://twitter.com/JayTHL/status/1145425745315008516

flavorizedjuice.de

# Reference: https://twitter.com/0bfusCat/status/1145269019374698496

http://31.207.34.129

# Reference: https://twitter.com/luc4m/status/1145650430476783617

http://23.249.167.147

# Reference: https://twitter.com/malware_traffic/status/1145793372126416897

http://31.184.252.188
cellfom.com
chungfamily.us
narutik.at
pranahat.at

# Reference: https://twitter.com/david_jursa/status/1146014269940609025

beahero4u.com

# Reference: https://twitter.com/ps66uk/status/1146090626498347009

holahospice.org
john1715.com

# Reference: https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (# CVE-2017-11774)
# Reference: https://twitter.com/obiwanblee/status/1146152208976584704
# Reference: https://otx.alienvault.com/pulse/5d1bb4b9a3f21fdc4d509f47

customermgmt.net

# Reference: https://twitter.com/James_inthe_box/status/1146183202467303424

xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1146328144141606913
# Reference: https://www.virustotal.com/gui/file/b1650c6085710bd89fdec14ce9a1a5f52d7199ab98671d994181b1e7116a0a86/behavior/Lastline

http://92.63.197.59
http://193.32.161.69
aoruuoooshfrohfe.su
bbruuoooshfrohfe.su
foruuoooshfrohfe.su
roruuoooshfrohfe.su
soruuoooshfrohfe.su
toruuoooshfrohfe.su
uoruuoooshfrohfe.su
zeruuoooshfrohfe.su
zzruuoooshfrohfe.su
aoruuoooshfrohle.su
bbruuoooshfrohle.su
foruuoooshfrohle.su
roruuoooshfrohle.su
soruuoooshfrohle.su
toruuoooshfrohle.su
uoruuoooshfrohle.su
zeruuoooshfrohle.su
zzruuoooshfrohle.su
aoruuoooshfrohoe.su
bbruuoooshfrohoe.su
foruuoooshfrohoe.su
roruuoooshfrohoe.su
soruuoooshfrohoe.su
toruuoooshfrohoe.su
uoruuoooshfrohoe.su
zeruuoooshfrohoe.su
zzruuoooshfrohoe.su
aoruuoooshfrohue.su
bbruuoooshfrohue.su
foruuoooshfrohue.su
roruuoooshfrohue.su
soruuoooshfrohue.su
toruuoooshfrohue.su
uoruuoooshfrohue.su
zeruuoooshfrohue.su
zzruuoooshfrohue.su

# Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/community

rainbowtrade.net

# Reference: https://twitter.com/James_inthe_box/status/1146446614367576065

bonus-ssl.com

# Reference: https://twitter.com/malware_traffic/status/1146503887215636480

cohen-nicoleau.com
mkzd.ru

# Reference: https://twitter.com/alex_lanstein/status/1146073296502501376

http://185.222.58.151

# Reference: https://twitter.com/killamjr/status/1146521318503964678

equipmnts.com

# Reference: https://www.virustotal.com/gui/domain/alcatelupd.xyz/relations

alcatelupd.xyz

# Reference: https://www.virustotal.com/gui/domain/symcorp.xyz/relations

symcorp.xyz

# Reference: https://twitter.com/FewAtoms/status/1146804894785056768

http://35.230.88.182

# Reference: https://twitter.com/James_inthe_box/status/1146896227000209408

http://92.119.113.32
xzshadows13.icu

# Reference: https://twitter.com/anyrun_app/status/1147040289300910080

ciber1250.gleeze.com

# Reference: https://twitter.com/VK_Intel/status/1147276748331081728
# Reference: https://www.virustotal.com/gui/domain/jsc0nten1maker.com/details

jsc0nten1maker.com

# Reference: https://twitter.com/benkow_/status/1147443642728103936

trading-secrets1.ru

# Reference: https://twitter.com/FewAtoms/status/1147484142218752002

janavenanciomakeup.com.br

# Reference: https://twitter.com/P3pperP0tts/status/1147540932490719233

58.218.66.92:1990
xdzzt.cn

# Reference: https://twitter.com/pancak3lullz/status/748521146321035264

htver.com

# Reference: https://twitter.com/FewAtoms/status/953966104887676928

gaming4life.org

# Reference: https://twitter.com/p5yb34m/status/1147269466293592064

servicess.online

# Reference: https://twitter.com/FewAtoms/status/1147829136146219009

bizimedebiyatimiz.com

# Reference: https://www.virustotal.com/gui/domain/metoristrontgui.info/relations

metoristrontgui.info

# Reference: https://www.virustotal.com/gui/domain/forstraus.co/relations

forstraus.co

# Reference: https://twitter.com/seguridadyredes/status/1054112048559329282

printnow.club

# Reference: https://twitter.com/P3pperP0tts/status/1148122871883030528

http://118.89.185.104
111.231.142.229:9921

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888

http://176.57.217.134
viipdbv.com

# Reference: https://twitter.com/david_jursa/status/1148199946618732544
# Reference: https://app.any.run/tasks/839a2d29-1bf5-4d54-bd12-e179f9d1154f/

104.203.92.254:8080
