# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Emotet, Heodo, Geodo

# Reference: https://twitter.com/_lockhum/status/1221213324525867008

66.210.228.178:443
66.210.228.178:80

# Reference: https://twitter.com/_lockhum/status/1221245124707078144

50.252.121.146:85
dvr.petcp.com

# Reference: https://twitter.com/500mk500/status/1221353819059167233

116.247.95.206:443
116.247.95.206:80

# Reference: https://twitter.com/500mk500/status/1221354099058401280

77.230.243.54:75
1c26.dyndns.org

# Reference: https://twitter.com/500mk500/status/1221355282971942914

217.77.171.230:8090

# Reference: https://twitter.com/500mk500/status/1221355851795046400

186.52.202.49:1216
vigilantepadre.dvrdns.org

# Reference: https://twitter.com/500mk500/status/1221359005655805953

201.159.153.38:8080
geracaokids.jflddns.com.br

# Reference: https://twitter.com/500mk500/status/1221360316740775937

190.158.245.105:9022

# Reference: https://twitter.com/_lockhum/status/1221620873779609602

158.255.30.100:443
158.255.30.100:80

# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Emotet#tab=2
# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Spammer:Win32/Cetsiol.A#tab=2
# Reference: http://www.securityhome.eu/malware/malware.php?mal_id=1193064972549a82b0400072.08119525

ajeyftrjqeashgda.mobi
bardubar.com
cryspellingslaveseducation.eu
distrbilko.pw
labamito.ru
likesomessfortelr.eu
mail.ps4hacked.es
naimjax.ru
qwuyegasd3edarq6yu.org
thehappylattersforallpeopleoftheworld.eu
usportrock.ru
www6067ug.sakura.ne.jp

# Reference: https://pastebin.com/csipUv2z

http://regionsnews.net/OEqhU8Lg5
http://barcounterstools.info/gwzel4FlN0
http://latemia.com.br/obrqY699Rj
http://bestofcareer.com/clwPPAOykd
http://reelcreations.ie/KAqmCDJk
http://seaweldci.com/ADR
http://seilanithih.com.kh/Rfg0JO1
http://sunflowerschoolandcollege.com/ibb/papkaa17/OWFktY
http://dealtimer.com/AsIn9
http://abujarealproperties.com/fl
http://zippyrooter.com/lvUg6HFdC
http://puntoyaparteseguros.com/B9P3zyHmix
http://fastinternet.net.au/WDnndUN
http://mebel-m.com.ua/HuvTFu8
http://tomas.datanom.fi/testlab/YHMLRXJ
http://aliu-rdc.org/QwWKYJxM
http://2idiotsandnobusinessplan.com/wC7
http://7naturalessences.com/DFaSvtrS
http://hostmktar.com/mP
http://benimdunyamkres.com/v0vig1G1
http://alpharockgroup.com/HT
http://adminflex.dk/l5TF6w
http://gailong.net/X5AyWfJG
http://shunji.org/logsite/TJaaB
http://binar48.ru/OtTlVIU5
http://tonda.us/nK8Gqwgp8
http://acejapan.net/gTFikCcVIF
http://www.finspangonline.se/qpSw0SD
http://yazilimextra.com/jHQNAQVM9
http://tpms.net.pl/gXJTQL6qMO
http://ysd63.com/xw0jDX
http://exclusiv-residence.ro/IuWn6
http://leizerstamp.ir/zqiQcpE
http://firstchoicetrucks.net/kCV0l
http://olsenelectric.com/zVz4iwC

# Reference: https://www.malware-traffic-analysis.net/2018/08/16/index2.html

theeunload.website
mykeeptake.xyz

# Reference: https://www.virustotal.com/#/domain/bizercise.top

bizercise.top

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Doc.Downloader.Emotet-6878774-0)

uka.me
woelf.in

# Reference: https://twitter.com/Cryptolaemus1/status/1113429409946644480
# Reference: https://pastebin.com/raw/DZd2628u

192.186.96.125:8080
83.110.216.26:8443
189.159.103.149:8080
200.126.225.56:8080
189.190.169.221:7080
104.236.135.119:8080
162.243.125.212:8080
217.13.106.160:7080
5.230.147.179:8080
64.13.225.150:8080
94.76.200.114:8080
212.122.71.196:995
174.93.130.148:8443
181.92.117.141:993
133.242.156.30:7080
91.92.191.134:8080
63.77.201.245:443
69.198.17.7:8080
181.39.51.243:993
27.130.153.101:53
187.189.195.208:8443
174.106.108.31:80
60.49.36.149:50000
70.57.82.196:80
62.75.187.192:8080
95.128.43.213:8080
73.217.113.111:80
87.106.139.101:8080
211.63.71.72:8080
173.255.250.241:443
190.161.186.116:80
178.62.37.188:443
175.100.138.82:22
201.220.152.101:80
208.78.100.202:8080
167.114.210.191:8080
204.184.25.150:143
184.22.6.124:7080
45.33.49.124:443
201.152.34.208:995
85.104.59.244:20
103.12.133.7:8080
203.210.237.200:993
87.106.210.123:80
45.123.3.54:443
173.255.196.209:8080
138.201.140.110:8080
78.186.5.109:443
105.101.6.219:8080
186.4.234.27:443
83.222.124.62:8080
187.198.57.250:7080
147.135.210.39:8080
24.63.218.229:80
50.31.0.160:8080
67.205.149.117:443

# Reference: https://twitter.com/makflwana/status/1085118389633175555

87.207.58.148:20

# Reference: https://twitter.com/pollo290987/status/1114007607352725504

103.12.133.7:8080
104.2.2.153:8080
104.236.135.119:8080
104.236.24.85:443
105.101.6.219:8080
105.225.191.133:80
106.51.237.174:50000
109.104.79.48:8080
109.73.52.242:8080
110.169.107.239:443
114.79.191.12:20
115.254.91.178:7080
115.74.214.134:443
120.63.130.239:465
125.99.106.225:80
133.242.156.30:7080
136.49.87.106:80
138.201.140.110:8080
138.68.139.199:443
139.59.19.157:80
144.76.117.247:8080
147.135.210.39:8080
154.120.228.126:8080
162.243.125.212:8080
165.227.213.173:8080
167.114.210.191:8080
171.101.196.138:80
173.255.196.209:8080
173.255.250.241:443
174.106.108.31:80
174.93.130.148:8443
175.100.138.82:22
176.58.93.123:8080
178.62.37.188:443
179.8.124.11:443
181.118.101.22:8080
181.15.177.100:443
181.16.4.180:80
181.170.252.83:80
181.170.93.38:8080
181.39.51.243:993
181.44.231.127:443
181.56.165.97:53
181.92.117.141:993
182.176.184.81:22
183.82.1.142:7080
184.160.113.4:993
184.22.6.124:7080
184.95.192.237:80
185.191.177.79:143
185.86.148.222:8080
186.139.160.193:8080
186.4.234.27:443
187.153.103.175:443
187.189.195.208:8443
187.189.210.143:80
187.198.57.250:7080
187.228.144.250:143
187.234.36.129:8443
188.51.153.187:993
189.148.145.183:50000
189.150.218.69:8080
189.156.223.10:20
189.159.103.149:8080
189.186.208.24:8443
189.190.169.221:7080
189.208.239.98:443
189.222.167.65:20
189.252.110.239:443
189.252.15.206:443
190.0.32.206:8080
190.104.229.114:8090
190.117.206.153:443
190.117.82.103:443
190.128.26.2:80
190.146.86.180:443
190.15.198.47:80
190.161.186.116:80
190.18.153.249:80
190.18.219.56:443
190.185.241.151:443
190.186.70.146:21
190.230.219.95:20
190.35.109.41:990
190.36.237.47:8443
190.96.118.53:443
190.97.219.241:80
192.155.90.90:7080
192.163.199.254:8080
192.186.96.125:8080
192.228.158.238:443
197.248.67.226:8080
197.88.12.80:53
200.114.142.40:8080
200.125.190.126:8080
200.126.225.56:8080
201.110.165.146:8443
201.138.11.223:8080
201.146.85.239:22
201.152.34.208:995
201.152.64.25:20
201.165.102.49:443
201.170.241.239:8080
201.220.152.101:80
201.236.95.82:80
201.239.154.191:443
201.97.91.217:443
203.210.237.200:993
204.138.46.166:7080
204.184.25.150:143
208.180.246.147:80
208.78.100.202:8080
209.159.244.240:443
210.2.86.72:8080
211.105.238.226:80
211.63.71.72:8080
212.122.71.196:995
212.31.106.90:22
216.221.73.45:443
217.13.106.160:7080
217.165.84.16:7080
217.165.84.98:20
219.94.254.93:8080
23.254.203.51:8080
24.137.254.148:80
24.63.218.229:80
2.50.4.159:443
27.130.153.101:53
37.209.252.121:80
41.227.243.107:80
41.71.19.150:80
43.229.62.186:8080
45.123.3.54:443
45.33.49.124:443
47.202.17.6:80
50.250.136.225:80
50.31.0.160:8080
51.255.50.164:8080
5.230.147.179:8080
5.9.128.163:8080
59.91.30.53:443
60.49.36.149:50000
61.2.56.167:80
62.75.143.100:7080
62.75.187.192:8080
63.77.201.245:443
64.13.225.150:8080
66.115.90.48:80
66.209.69.165:443
67.205.149.117:443
67.206.210.18:80
67.241.81.253:8443
68.191.37.107:80
69.163.33.82:8080
69.198.17.7:8080
70.184.8.94:80
70.57.82.196:80
71.11.157.249:80
72.47.248.48:8080
73.217.113.111:80
74.36.4.206:80
78.186.5.109:443
80.82.62.9:443
81.134.59.36:8080
81.22.137.186:8080
82.226.163.9:80
82.73.220.225:80
83.110.216.26:8443
83.110.80.67:22
83.222.124.62:8080
85.104.184.242:8080
85.104.59.244:20
87.106.139.101:8080
87.106.210.123:80
88.254.240.194:80
89.188.124.145:443
89.211.193.18:80
91.205.215.57:7080
91.92.191.134:8080
92.154.101.154:50000
92.48.118.27:8080
94.250.55.138:443
94.76.200.114:8080
95.128.43.213:8080
95.42.189.34:443
96.64.191.13:80
99.243.127.236:80

# Reference: https://twitter.com/ozuma5119/status/1123474884221382656

http://117.196.47.110/teapot/badge/ringin/merge/

# Reference: https://twitter.com/ozuma5119/status/1127619333444730886

tamsuamy.com
66.84.11.168:8080

# Reference: https://twitter.com/P3pperP0tts/status/1135976656751996928

142.4.198.249:7080
162.243.125.212:8080
170.150.11.245:8080

# Reference: https://twitter.com/bry_campbell/status/1164689134012833792
# Reference: https://pastebin.com/raw/7Kq2e1ik

104.131.11.150:8080
104.131.208.175:8080
104.236.151.95:7080
142.93.88.16:443
144.139.247.220:80
159.89.179.87:7080
162.144.119.216:8080
162.243.125.212:8080
170.150.11.245:8080
176.31.200.130:8080
177.242.214.30:80
187.163.180.243:22
195.242.117.231:8080
216.98.148.156:8080
217.13.106.160:7080
31.12.67.62:7080
45.123.3.54:443
45.32.158.232:7080
46.101.142.115:8080
46.105.131.69:443
64.13.225.150:8080
69.45.19.145:8080
70.32.84.74:8080
75.127.14.170:8080
91.83.93.103:7080

# Reference: https://www.virustotal.com/gui/file/09007a7ee335c0556b4a519596b589f55a0451ac540d5bbfd009f58bd9cdeb69/detection
# Reference: https://app.any.run/tasks/f78c73cb-c3b2-4ea1-a50e-187a3545eb57/

176.113.82.144:443
realty4rent.hk

# Reference: https://app.any.run/tasks/1c298a26-6a84-425f-bc1e-d37438a3ef58/

/guids/xian/ringin/

# Reference: https://twitter.com/MalwareBlueTeam/status/1171447070307188738
# Reference: https://app.any.run/tasks/ad2a8ad2-884e-4971-93bb-628305633af7/

cwbsa.org
greatvacationgiveaways.com
ulukantasarim.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1173526753308020736
# Reference: https://app.any.run/tasks/d488ee5e-8fac-47b1-b60c-56a6e39dbd89/

179.24.118.93:990
190.55.39.215:80
190.55.86.138:8443
/ringin/usbccid/

# Reference: https://twitter.com/reecdeep/status/1173858862467883008

179.12.170.88:8080
/ringin/merge/

# Reference: https://twitter.com/Paladin3161/status/1173758599442468864

alldc.pw
dentalsearchsolutions.com
dywanypers.pl
keqiang.pro
playasrivieramaya.com

# Reference: https://twitter.com/SethKingHi/status/1173825828053872641

139.59.242.76:8080
149.202.153.251:8080
159.69.211.211:7080
181.230.126.152:8090
190.13.146.47:443
190.92.103.7:80
192.241.175.184:8080
203.150.19.63:443
216.154.222.52:7080
69.164.216.124:8080
93.78.205.196:443

# Reference: https://twitter.com/killamjr/status/1173960346572378112

59055.cn
larissalinhares.com.br
robotechcity.com
toptarotist.nl
xinlou.info

# Reference: https://twitter.com/lazyactivist192/status/1173983779981012994
# Reference: https://pastebin.com/ya09DEzC

103.97.95.218:143
104.131.11.150:8080
104.236.246.93:8080
109.104.79.48:8080
109.169.86.13:8080
117.197.124.36:443
123.168.4.66:22
136.243.177.26:8080
138.201.140.110:8080
138.68.106.4:7080
142.44.162.209:8080
144.139.247.220:80
149.202.153.252:8080
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
159.65.241.220:8080
159.65.25.128:8080
162.243.125.212:8080
169.239.182.217:8080
173.212.203.26:8080
175.100.138.82:22
177.246.193.139:20
178.254.6.27:7080
178.62.37.188:443
178.79.161.166:443
178.79.163.131:8080
179.32.19.219:22
179.62.18.56:443
181.143.53.227:21
181.188.149.134:80
181.36.42.205:443
181.81.143.108:80
182.176.106.43:995
182.176.132.213:8090
182.76.6.2:8080
183.82.97.25:80
183.87.87.73:80
185.129.92.210:7080
185.86.148.222:8080
185.94.252.13:443
186.4.172.5:443
186.4.172.5:8080
186.4.194.153:993
186.83.133.253:8080
187.155.233.46:443
187.188.166.192:80
188.166.253.46:8080
189.209.217.49:80
190.1.37.125:443
190.117.206.153:443
190.145.67.134:8090
190.186.203.55:80
190.19.42.131:80
190.200.64.180:7080
190.221.50.210:8080
190.226.44.20:21
190.230.60.129:80
190.53.135.159:21
198.199.106.229:8080
198.199.88.162:8080
200.21.90.6:8080
200.57.102.71:8443
200.58.171.51:80
201.163.74.202:443
201.212.57.109:80
201.250.11.236:50000
203.25.159.3:8080
206.189.98.125:8080
211.63.71.72:8080
212.71.234.16:8080
217.113.27.158:443
217.160.182.191:8080
217.199.175.216:8080
222.214.218.192:8080
23.92.22.225:7080
31.12.67.62:7080
31.172.240.91:8080
37.157.194.134:443
37.208.39.59:7080
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
46.21.105.59:8080
46.29.183.211:8080
5.196.35.138:7080
5.77.13.70:80
59.152.93.46:443
62.210.142.58:8080
62.75.143.100:7080
62.75.187.192:8080
64.13.225.150:8080
75.127.14.170:8080
77.245.101.134:8080
77.55.211.77:8080
78.188.105.159:21
78.24.219.147:8080
79.127.57.42:80
79.143.182.254:8080
80.85.87.122:8080
81.169.140.14:443
85.104.59.244:20
86.42.166.147:80
86.98.25.30:53
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
88.250.223.190:8080
89.188.124.145:443
91.205.215.57:7080
91.205.215.66:8080
91.83.93.103:7080
91.83.93.124:7080
91.92.191.134:8080
92.222.125.16:7080
92.222.216.44:8080
94.205.247.10:80
95.128.43.213:8080

# Reference: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/
# Reference: https://otx.alienvault.com/pulse/5d8a324eb4ec65a6ab67f511

62.75.171.248:7080
cia.com.py

# Reference: https://twitter.com/reecdeep/status/1179310971761901570
# Reference: https://pastebin.com/stDdCGt8

80.240.141.141:7080
/child/free/ringin/

# Reference: https://www.virustotal.com/gui/file/985c26006ec5b38ff8c77239ccd33f1019918282c4cb50e541a58bcf8267d7bd/detection

67.225.229.55:8080

# Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html

109.104.79.48:8080
109.169.86.13:8080
114.79.134.129:443
119.159.150.176:443
119.59.124.163:8080
119.92.51.40:8080
123.168.4.66:22
138.68.106.4:7080
139.5.237.27:443
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
170.84.133.72:7080
170.84.133.72:8443
178.249.187.151:8080
178.79.163.131:8080
179.62.18.56:443
181.123.0.125:80
181.167.53.209:80
181.188.149.134:80
181.230.212.74:80
181.36.42.205:443
183.82.97.25:80
184.69.214.94:20
185.187.198.10:8080
185.86.148.222:8080
186.0.95.172:80
186.83.133.253:8080
187.155.233.46:443
187.188.166.192:80
187.199.158.226:443
187.199.158.226:7080
187.235.239.214:8080
189.166.68.89:443
189.187.141.15:50000
190.1.37.125:443
190.104.253.234:990
190.117.206.153:443
190.158.19.141:80
190.200.64.180:7080
190.221.50.210:8080
190.230.60.129:80
190.230.60.129:8080
190.38.14.52:80
200.21.90.6:8080
200.57.102.71:8443
200.58.171.51:80
201.163.74.202:443
201.184.65.229:80
201.214.74.71:80
203.25.159.3:8080
211.229.116.97:80
212.71.237.140:8080
217.113.27.158:443
217.199.160.224:8080
217.199.175.216:8080
23.92.22.225:7080
46.163.144.228:80
46.21.105.59:8080
46.28.111.142:7080
46.29.183.211:8080
46.41.134.46:8080
46.41.151.103:8080
5.196.35.138:7080
5.77.13.70:80
50.28.51.143:8080
51.15.8.192:8080
62.75.143.100:7080
62.75.160.178:8080
71.244.60.230:7080
71.244.60.231:7080
77.245.101.134:8080
77.55.211.77:8080
79.143.182.254:8080
80.240.141.141:7080
80.85.87.122:8080
81.169.140.14:443
86.42.166.147:80
87.106.77.40:7080
88.250.223.190:8080
89.188.124.145:443
91.205.215.57:7080
91.83.93.124:7080
66.228.32.31:443
198.50.170.27:8080
216.98.148.157:8080
101.187.237.217:20
103.255.150.84:80
103.97.95.218:143
104.131.11.150:8080
104.236.246.93:8080
119.15.153.237:80
136.243.177.26:8080
138.201.140.110:8080
142.44.162.209:8080
144.139.247.220:80
149.167.86.174:990
149.202.153.252:8080
159.65.25.128:8080
162.144.47.94:7080
169.239.182.217:8080
173.212.203.26:8080
177.246.193.139:20
178.254.6.27:7080
178.79.161.166:443
179.32.19.219:22
180.183.112.185:21
181.143.194.138:443
181.143.53.227:21
182.176.106.43:995
182.176.132.213:8090
182.76.6.2:8080
185.142.236.163:443
185.94.252.13:443
186.4.172.5:443
186.4.172.5:8080
186.75.241.230:80
187.144.189.58:50000
188.166.253.46:8080
189.209.217.49:80
190.106.97.230:443
190.108.228.48:990
190.145.67.134:8090
190.18.146.70:80
190.186.203.55:80
190.211.207.11:443
190.226.44.20:21
190.228.72.244:53
190.53.135.159:21
199.19.237.192:80
200.21.90.6:80
200.71.148.138:8080
201.251.43.69:8080
206.189.98.125:8080
211.63.71.72:8080
212.129.24.82:8080
212.71.234.16:8080
217.145.83.44:80
217.160.182.191:8080
222.214.218.192:8080
24.51.106.145:21
27.147.163.188:8080
31.12.67.62:7080
31.172.240.91:8080
37.157.194.134:443
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
47.41.213.2:22
5.196.74.210:8080
62.75.187.192:8080
63.142.253.122:8080
77.237.248.136:8080
78.188.105.159:21
78.24.219.147:8080
80.11.163.139:21
80.11.163.139:443
83.136.245.190:8080
85.104.59.244:20
85.106.1.166:50000
86.98.25.30:53
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
88.247.163.44:80
91.205.215.66:8080
92.222.125.16:7080
92.222.216.44:8080
94.205.247.10:80
95.128.43.213:8080
46.105.131.69:443
176.31.200.130:8080
104.131.58.132:8080
108.179.216.46:8080
110.36.234.146:80
113.52.135.33:7080
115.88.70.226:7080
125.99.61.162:7080
138.197.140.163:8080
139.59.242.76:8080
143.95.101.72:8080
148.240.52.172:80
152.170.220.95:80
162.214.27.219:7080
162.241.232.82:8080
176.58.93.123:80
178.249.187.150:7080
179.62.18.56:443
181.113.229.139:990
181.165.150.211:143
181.230.126.152:8090
181.55.171.237:8080
186.10.16.244:53
186.117.174.26:80
186.29.155.101:50000
186.93.167.147:443
190.117.206.153:443
190.13.146.47:443
190.55.39.215:80
190.55.86.138:8443
190.92.103.7:80
190.96.118.15:443
194.50.163.106:8080
197.211.244.6:443
200.114.134.8:20
201.244.125.210:995
203.150.19.63:443
216.154.222.52:7080
216.70.88.55:8080
41.60.202.26:22
45.33.1.161:8080
46.32.229.152:8080
5.189.148.98:8080
51.38.134.203:8080
70.45.30.28:80
78.109.34.178:443
83.169.33.157:8080
93.78.205.196:443
94.177.253.126:80
178.32.255.133:443
198.46.150.196:7080

# Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html

tamariaclinic.com/blog/po22/
a3infra.com/config.charge/92/
www.kairod.com/4rvg/fg19/
www.weifanhao.com/wp-admin/mm6zz6158/
aladilauto.com/wp-admin/o273wu4/
marchekit.com/wp-admin/oaxj1/
matteogiovanetti.com/wp-admin/264/
fntc-test.xcesslogic.com/wp-content/3b7s9209/
m.alahmads.com/wordpress/h5ut582/
ejob.magnusideas.com/cgi-bin/i5834/
otc-manila.com/wp-admin/q2zht7567/
www.mti.shipindia.com/wp-admin/css/21nd31328/
www.wisdomabc.com/css/wm8fu9190/
reportingnew.xyz/wordpress/3f0880/
metaphysicalhub.com/bkp_08092019/9nvo876799/
gg4.devs-group.com/amdcwdp/YPRqWcJFaE/
tlbplanning.org/wp-admin/KqrBgDoSq/
eternalsea.cn/qfpka0q/tPeJNBsE/
banglaay.com/wp-includes/VRVWLAbrjy/
www.shizizmt.com/jr/633mjf4w8_54d4cu-209964833/
aplikasi.bangunrumah-kita.com/b8kee0mj/0m3l_clo7kkcub-76/
altaikawater.com/wp-admin/4jh8s_sxm6m3eec-441/
antoinegimenez.com/css/hUgHbaEf/
auto-moto-ecole-vauban.fr/wp-admin/ww42_lwln3c-1236328628/
avant2017.amsi-formations.com/prog/skzHGQddV/
cheaptrainticket.cogbiz-infotech.com/cgi-bin/9vsx4g6l_p5x29co-43731795/
gsfcloud.com/fir/qx88b0qgfq_tdpfmobexf-881829012/
fabiogutierrez.com.br/loja/bEZYtLkJGj/
gruasasuservicio.com/cgi-bin/YdFmLIEsIB/
itf.palemiya.com/wp-includes/IIswblOCV/
moda.9l.pl/calendar/HugncgqxUR/
sweetmagazine.org/wp-admin/z0jxuhjao_n6me674y8i-3862/
precisieving.com/wp-admin/db090yl5_bwwmv-86392/
ucomechina.com/wp-content/aVMBsBCy/
your-event.es/mailin/OgXcBNiq/
lensakaca21.com/wp-admin/dBfxiIyp/
ithync.net/wp-includes/tyyYyGS/
blog.coopealbaterense.es/wp-admin/dnf3-nl9qg-869655/
lumiinx.eu/inc/prevents/addtosavedlist/nStxFTJB/
lupusvibes.ca/wp-admin/jnmvgio-dsl-6986784805/
cielouvert.fr/syvhqw1/nkch-nzf59az7e-99571/
demo.magerase.co.uk/wp-admin/wKpBbWmF/
www.accountingtoindia.com/fhsao/txsp1-fcy9gfh-11178860/
diawan.club/wordpress/ZnbSfWu/
lelecars.it/wp-admin/khrufjms-sijs5jz1e3-532825/
notiwebs.xyz/wordpress/vBfQVN/
ocstudio.tv/wp-admin/qWhNBtEM/
dulich.goasiatravel.com/wp-admin/mCXZnnARx/
www.hellotech.io/fivestar/vHYxCPeDd/
hospitalitysource.co.uk/test/lohXuP/
mobasara13.zahidulzibon.com/hyi/iGIuWmPa/
munishjindal.com/wp-content/tIZtULuZv/
www.cowabungaindustries.com/cgi-bin/hv3g9x-hkzj-9002618725/
sgiff.com/css/ixuc3k-wus7v022j-4995897081/
thesafeplace.net/wp/AsHrwMT/

# Reference: https://twitter.com/BarryShooshooga/status/1182535664643923968

mayurpai.com
mastersjarvis.com
nyc.rekko.com
lagriffeduweb.com
onickdoorsonline.com

# Reference: https://any.run/report/06f1f3ab993e994fe2b14126c50f009854081f55e52e26d5f0e2a325c5c5280f/e304cf8f-c3e5-4c03-a37d-2eb47266e450

offmaxindia.com

# Reference: https://github.com/silence-is-best/c2db#emotet

69.162.169.173:8080

# Reference: https://twitter.com/D3LabIT/status/1182633589764165640
# Reference: https://app.any.run/tasks/e6e252dc-6a94-4e61-ae21-a581beee5114/
# Reference: https://pastebin.com/zKBnkxqq

http://110.36.234.146
http://191.82.16.60
91.83.93.105:8080
110.36.234.146:80
191.82.16.60:80
91.83.93.105:8080
216.98.148.181:8080
68.183.190.199:8080
190.230.60.129:80
183.82.97.25:80
114.79.134.129:443
89.188.124.145:443
178.79.163.131:8080
76.69.29.42:80
87.106.77.40:7080
178.249.187.151:8080
62.75.143.100:7080
201.163.74.202:443
62.75.160.178:8080
181.188.149.134:80
186.0.95.172:80
217.199.160.224:8080
203.25.159.3:8080
189.160.49.234:8443
190.104.253.234:990
71.244.60.230:7080
159.203.204.126:8080
71.244.60.231:7080
142.93.82.57:8080
46.41.151.103:8080
138.68.106.4:7080
5.1.86.195:8080
149.62.173.247:8080
170.84.133.72:7080
190.230.60.129:8080
190.97.30.167:990
190.85.152.186:8080
200.58.171.51:80
51.15.8.192:8080
190.158.19.141:80
91.83.93.124:7080
139.5.237.27:443
123.168.4.66:22
81.169.140.14:443
187.188.166.192:80
212.71.237.140:8080
186.1.41.111:443
77.245.101.134:8080
181.29.101.13:8080
181.44.166.242:80
185.86.148.222:8080
86.42.166.147:80
190.221.50.210:8080
94.183.71.206:7080
181.36.42.205:443
170.84.133.72:8443
68.183.170.114:8080
79.129.0.173:8080
184.69.214.94:20
189.180.243.255:8080
200.57.102.71:8443
109.104.79.48:8080
185.187.198.10:8080
80.85.87.122:8080
181.143.101.18:8080
119.59.124.163:8080
46.163.144.228:80
50.28.51.143:8080
88.250.223.190:8080
190.38.14.52:80
119.159.150.176:443
5.77.13.70:80
200.51.94.251:143
82.196.15.205:8080
201.199.93.30:443
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
189.166.68.89:443
151.80.142.33:80
79.143.182.254:8080
119.92.51.40:8080
46.101.212.195:8080
46.29.183.211:8080
91.205.215.57:7080
190.10.194.42:8080
77.55.211.77:8080
109.169.86.13:8080
190.1.37.125:443

# Reference: https://app.any.run/tasks/a30f1cfa-5088-4993-9435-58e2df1791a9/

181.16.17.210:443
chefchaouen360.com
faithmontessorischools.com
japanesepdf.com

# Reference: https://twitter.com/blackorbird/status/1191185536372920320

46.105.131.68:8080

# Reference: https://medium.com/@vishal_29486/emotet-sep-2019-wk-3-c2i-urls-f3bb8b10e17f

http://95.42.189.34/rtm/child/
http://41.227.243.107/child/report/publish/
http://190.18.153.249/json/
http://189.150.218.69/loadan/
http://104.236.135.119/site/tlb/
http://162.243.125.212/schema/loadan/
http://217.13.106.160/teapot/jit/publish/
http://5.230.147.179/guids/img/
http://64.13.225.150/publish/nsip/
http://95.128.43.213/raster/srvc/publish/
http://187.234.36.129/ringin/
http://37.209.252.121/taskbar/schema/publish/enabled/
http://211.63.71.72/xian/vermont/publish/enabled/
http://174.93.130.148/results/enable/publish/
http://83.110.80.67/site/devices/publish/enabled/
http://50.31.0.160/devices/cookies/publish/enabled/
http://175.100.138.82/enabled/dma/
http://190.128.26.2/attrib/odbc/publish/
http://45.123.3.54/ringin/balloon/publish/enabled/
http://78.186.5.109/raster/codec/publish/
http://69.198.17.7/cookies/
http://50.250.136.225/ban/teapot/
http://24.63.218.229/merge/rtm/
http://217.165.84.98/balloon/acquire/
http://106.51.237.174/entries/raster/
http://167.114.210.191/devices/window/publish/
http://45.33.49.124/attrib/
http://147.135.210.39/cone/
http://94.76.200.114/psec/
http://96.64.191.13/devices/
http://190.161.186.116/guids/
http://201.220.152.101/cone/
http://67.205.149.117/balloon/forced/
http://133.242.156.30/badge/loadan/publish/
http://201.152.64.25/walk/free/publish/enabled/
http://70.57.82.196/scripts/add/publish/
http://138.201.140.110/acquire/
http://201.236.95.82/mult/ringin/publish/enabled/
http://186.4.234.27/codec/sess/publish/
http://114.79.191.12/merge/
http://190.36.237.47/free/chunk/
http://189.252.110.239/tpt/schema/publish/enabled/
http://190.97.219.241/add/
http://92.154.101.154/between/
http://201.170.241.239/cone/iplk/publish/enabled/
http://85.104.59.244/enable/odbc/publish/enabled/
http://103.12.133.7/loadan/balloon/
http://87.106.139.101/devices/health/publish/enabled/
http://183.82.1.142/merge/splash/publish/
http://212.122.71.196/chunk/
http://87.106.210.123/arizona/
http://62.75.187.192/iab/
http://187.189.195.208/psec/scripts/
http://201.146.85.239/sess/merge/
http://83.222.124.62/badge/enabled/
http://173.255.250.241/usbccid/
http://189.222.167.65/srvc/between/
http://173.255.196.209/nsip/entries/publish/enabled/
http://63.77.201.245/pnp/child/
http://178.62.37.188/srvc/guids/publish/
http://208.78.100.202/pdf/
http://91.92.191.134/scripts/
http://95.42.189.34/json/
http://125.99.106.225/forced/loadan/publish/
http://41.227.243.107/merge/
http://47.41.213.2/between/ban/
http://206.189.98.125/child/json/free/
http://200.21.90.6/raster/
http://187.163.222.244/forced/
http://186.4.234.27/devices/window/free/enabled/
http://190.97.219.241/report/enabled/free/
http://87.106.136.232/tlb/usbccid/
http://213.14.166.152/merge/entries/free/
http://125.99.106.226/guids/
http://60.48.253.12/child/
http://187.189.195.208/acquire/guids/free/enabled/
http://92.154.101.154/enabled/report/free/
http://189.209.217.49/child/results/free/enabled/
http://41.220.119.246/child/forced/
http://217.13.106.160/scripts/arizona/
http://188.166.253.46/jit/loadan/free/
http://162.243.125.212/merge/
http://75.127.14.170/guids/xian/
http://159.65.25.128/arizona/ringin/free/enabled/
http://190.72.136.214/site/srvc/
http://50.99.132.7/badge/publish/
http://50.31.0.160/ringin/chunk/free/enabled/
http://31.172.240.91/dma/schema/free/
http://104.236.99.225/teapot/vermont/free/enabled/
http://46.101.142.115/between/prov/free/enabled/
http://222.214.218.136/taskbar/enable/free/
http://201.199.89.223/walk/
http://85.104.59.244/tlb/cookies/
http://190.25.255.98/site/badge/free/
http://190.145.67.134/balloon/cab/
http://216.98.148.156/iab/health/free/
http://45.123.3.54/prov/site/free/enabled/
http://24.139.205.186/raster/teapot/free/enabled/
http://78.186.5.109/devices/walk/
http://136.243.177.26/json/acquire/free/enabled/
http://120.150.236.64/pdf/raster/free/
http://181.189.213.231/cab/window/free/enabled/
http://187.225.213.90/stubs/enabled/free/
http://88.21.212.13/img/
http://190.75.47.24/enabled/
http://178.152.78.149/enabled/cone/
http://39.61.34.254/balloon/guids/free/enabled/
http://182.176.132.213/mult/symbols/free/
http://138.201.140.110/merge/results/free/
http://186.144.64.31/schema/tlb/free/enabled/
http://91.74.62.86/prep/loadan/
http://178.79.161.166/results/free/free/
http://147.135.210.39/ringin/
http://144.139.247.220/symbols/
http://222.214.218.192/schema/srvc/
http://69.45.19.145/merge/publish/
http://201.220.152.101/iplk/chunk/
http://186.4.167.166/scripts/attrib/free/
http://84.241.10.111/taskbar/prov/free/enabled/
http://162.144.119.216/child/
http://142.93.88.16/splash/
http://31.12.67.62/enabled/cookies/free/enabled/
http://91.83.93.103/cone/
http://104.131.208.175/ringin/
http://62.75.187.192/site/balloon/
http://177.242.214.30/symbols/site/
http://211.248.17.209/usbccid/walk/free/enabled/
http://195.242.117.231/cookies/acquire/free/
http://87.106.139.101/entries/merge/free/
http://94.76.200.114/cookies/sym/free/
http://179.32.19.219/publish/
http://200.85.46.122/acquire/entries/free/
http://169.239.182.217/prov/cone/free/enabled/
http://190.25.255.98/enable/taskbar/free/
http://104.131.11.150/srvc/
http://201.238.152.20/iplk/results/free/
http://190.83.191.92/raster/forced/
http://78.24.219.147/symbols/arizona/
http://179.14.2.75/psec/pdf/free/enabled/
http://59.103.164.174/glitch/nsip/free/
http://71.244.60.230/loadan/sess/free/
http://190.128.26.2/nsip/publish/free/
http://182.176.94.236/pdf/iab/free/enabled/
http://87.230.19.21/pnp/schema/
http://175.100.138.82/badge/vermont/
http://117.218.17.6/loadan/prov/
http://91.205.215.66/pdf/enable/free/
http://187.163.180.243/enabled/iplk/free/enabled/
http://211.63.71.72/report/badge/
http://190.25.255.98/usbccid/cab/free/
http://64.13.225.150/xian/health/free/
http://181.129.30.82/enabled/
http://46.105.131.87/glitch/
http://66.84.11.168/cone/teapot/free/enabled/
http://182.176.94.236/acquire/
http://80.1.76.46/acquire/
http://77.56.253.112/psec/
http://212.71.234.16/merge/
http://95.128.43.213/xian/enabled/free/enabled/
http://167.114.210.191/taskbar/between/free/enabled/
http://177.246.193.139/usbccid/glitch/
http://178.62.37.188/publish/child/
http://174.136.14.100/sym/taskbar/free/
http://78.188.7.213/enabled/report/
http://104.236.246.93/cab/results/free/
http://45.33.49.124/acquire/
http://47.41.213.2/acquire/
http://206.189.98.125/psec/
http://200.21.90.6/walk/xian/free/enabled/
http://187.163.222.244/usbccid/
http://186.4.234.27/symbols/
http://190.97.219.241/arizona/ringin/free/enabled/
http://87.106.136.232/loadan/srvc/
http://213.14.166.152/bml/publish/free/
http://125.99.106.226/add/chunk/free/
http://60.48.253.12/raster/schema/free/enabled/
http://187.189.195.208/rtm/attrib/
http://92.154.101.154/iplk/prov/free/enabled/
http://189.209.217.49/walk/enable/
http://41.220.119.246/enabled/iplk/free/
http://217.13.106.160/child/psec/
http://188.166.253.46/json/dma/free/
http://162.243.125.212/report/odbc/free/
http://75.127.14.170/tpt/balloon/free/enabled/
http://159.65.25.128/splash/splash/free/
http://190.72.136.214/forced/pnp/free/
http://50.99.132.7/ban/
http://50.31.0.160/raster/json/free/enabled/
http://31.172.240.91/splash/raster/free/
http://104.236.99.225/free/scripts/free/enabled/
http://46.101.142.115/usbccid/merge/
http://222.214.218.136/jit/enabled/free/enabled/
http://201.199.89.223/arizona/between/
http://85.104.59.244/taskbar/glitch/free/
http://190.25.255.98/iab/taskbar/free/enabled/
http://190.145.67.134/raster/report/free/
http://216.98.148.156/ringin/
http://45.123.3.54/report/forced/
http://24.139.205.186/srvc/
http://78.186.5.109/free/add/
http://136.243.177.26/psec/stubs/
http://120.150.236.64/guids/ringin/free/
http://181.189.213.231/usbccid/
http://187.225.213.90/iab/publish/free/
http://88.21.212.13/symbols/
http://190.75.47.24/arizona/attrib/free/enabled/
http://178.152.78.149/results/prov/free/
http://39.61.34.254/acquire/iplk/free/
http://182.176.132.213/devices/
http://138.201.140.110/sym/
http://186.144.64.31/publish/
http://91.74.62.86/cone/
http://178.79.161.166/arizona/site/free/enabled/
http://147.135.210.39/arizona/tpt/free/enabled/
http://144.139.247.220/scripts/rtm/pdf/enabled/
http://222.214.218.192/psec/
http://69.45.19.145/sym/
http://201.220.152.101/xian/window/pdf/enabled/
http://186.4.167.166/window/enabled/pdf/
http://84.241.10.111/scripts/
http://162.144.119.216/enable/
http://142.93.88.16/attrib/
http://31.12.67.62/child/child/
http://91.83.93.103/symbols/guids/pdf/
http://104.131.208.175/rtm/report/pdf/enabled/

# Reference: https://any.run/report/55dfe66f79cd29e7d145b2ac8737753c5450f635660e66b5776e97cbe8c1a76c/e8aa6541-b117-4e28-9b0a-7e45587b67d9

191.100.24.201:50000
193.34.144.138:8080
74.208.173.91:8080
46.105.131.68:8080
152.169.32.143:8080

# Reference: https://any.run/report/3cf19ad5c06f025712300a4e93219e0faa35475402fae323b4daa4bbe1ba7bef/eebb6b29-c512-4502-96ea-fafedfd21ecb

189.252.102.40:8080

# Reference: https://any.run/report/90fb407e71334f7ca323d9f6537706d54cafed3bf9538799b79b89658ae067ee/b893ddb7-d8ff-4994-8a7a-644851c4fced

85.234.143.94:8080
204.225.249.100:8080
178.249.187.151:8080

# Reference: https://any.run/report/603d002fe4cd0bd24f19036d9885877062233ffb32309c510f10e86ac1bc9f38/b492d8c0-56ed-48ea-b10e-1147c848753b

104.239.175.211:8080
67.225.179.64:8080
183.102.238.69:465

# Reference: https://twitter.com/malware_traffic/status/1196554607658459136
# Reference: https://app.any.run/tasks/1496c35f-f44a-4913-b7de-847a421bdfe1/
# Reference: https://www.virustotal.com/gui/ip-address/144.76.56.36/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.156.35.235/relations

144.76.56.36:8080
65.23.154.17:8080
94.156.35.235:443

# Reference: https://pastebin.com/5iAUEP7J

jameslotz.com/wp-admin/k3s20753/
monitoring.bactrack.com/wp-content/cmdz7/
enegix.com/pytosj2jd/v9s7ze3/
jaafarattar.com/pytosj2jd/2re2j5773/
iruainvestments.com/pytosj2jd/0nc76zs40663/
handbookforfairygodmothers.com/yjlsdsd/k3/
yummybox.uk/wp-admin/7Q/
scrapy999.com/cgi-bin/g1oi/
bunifood.com/pytosj2jd/pazg/
eurobizconsulting.it/cgi-bin/9q6ty/

# Reference: https://app.any.run/tasks/68191492-99f0-464f-bb25-dd4f006c2c64/

http://momo2.test.zinimedia.com/medias/2wgtpu56548/

# Reference: https://app.any.run/tasks/dd109624-8140-4935-a10f-da93f909b3cf/

http://astrametals.com/wp-content/im24279/

# Reference: https://app.any.run/tasks/c1a626cf-c6e1-4405-8893-b45fe2b08323/
# Reference: https://app.any.run/tasks/27f879de-fbd3-4b44-89b3-67955cc78a71/

109.169.86.13:8080
125.99.61.162:7080
142.93.114.137:8080
149.62.173.247:8080
154.120.227.206:8080
159.203.204.126:8080
170.130.31.177:8080
172.104.233.225:8080
178.79.163.131:8080
182.48.194.6:8090
186.23.132.93:990
190.146.131.105:8080
190.195.129.227:8090
190.210.184.138:995
190.97.30.167:990
201.190.133.235:8080
203.25.159.3:8080
212.71.237.140:8080
213.189.36.51:8080
217.199.160.224:8080
50.28.51.143:8080
51.255.165.160:8080
62.75.160.178:8080
68.183.170.114:8080
68.183.190.199:8080
70.32.78.99:8080
77.55.211.77:8080
80.85.87.122:8080
81.213.215.216:50000
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
92.169.250.229:8080
94.183.71.206:7080

# Reference: https://app.any.run/tasks/810d6543-148f-4b1e-8266-b7bf63fb3f18/

209.97.168.52:8080
217.149.241.121:8080
31.47.234.186:8080
31.47.234.186:8080
37.187.2.199:443
46.101.7.140:8080
50.116.86.205:8080
69.64.67.20:8080

# Reference: https://www.virustotal.com/gui/domain/kids-education-support.com/relations

kids-education-support.com

# Reference: https://www.virustotal.com/gui/file/811fa8cd3dfb73070dc5c2f646c3b009944c6b4353cbf72a2355986606b1a7a0/detection

185.189.58.222:5050
92.63.197.59:5050

# Reference: https://pastebin.com/LdXdyCGQ

212.71.234.16:8080
78.47.106.72:8080
165.227.156.155:443
192.241.255.77:8080
181.57.193.14:80
86.22.221.170:80
37.187.2.199:443
179.12.170.148:8080
95.128.43.213:8080
59.103.164.174:80
152.89.236.214:8080
78.24.219.147:8080
190.226.44.20:21
104.236.246.93:8080
190.145.67.134:8090
104.239.175.211:8080
46.105.131.87:80
144.139.247.220:80
83.136.245.190:8080
171.101.153.86:990
190.211.207.11:443
104.131.44.150:8080
189.209.217.49:80
186.4.172.5:443
87.106.136.232:8080
87.106.139.101:8080
94.205.247.10:80
181.143.194.138:443
200.71.148.138:8080
186.4.172.5:20
62.75.187.192:8080
169.239.182.217:8080
92.222.216.44:8080
192.241.220.155:8080
87.230.19.21:8080
80.11.163.139:21
182.176.132.213:8090
31.172.240.91:8080
37.157.194.134:443
31.12.67.62:7080
190.53.135.159:21
191.92.209.110:7080
138.201.140.110:8080
45.33.49.124:443
103.39.131.88:80
167.71.10.37:8080
167.99.105.223:7080
85.104.59.244:20
115.78.95.230:443
186.75.241.230:80
67.225.179.64:8080
181.31.213.158:8080
104.131.11.150:8080
212.129.24.79:8080
217.160.182.191:8080
211.63.71.72:8080
159.65.25.128:8080
173.212.203.26:8080
5.196.74.210:8080
183.102.238.69:465
186.4.172.5:8080
178.79.161.166:443
192.81.213.192:8080
176.31.200.130:8080
178.210.51.222:8080
173.249.47.77:8080
91.205.215.66:8080
149.202.153.252:8080

# Reference: https://twitter.com/tkanalyst/status/1199711428082425857
# Reference: https://app.any.run/tasks/4f792e29-48b8-40ae-9e11-6f29c3ac7204/

104.236.137.72:8080
172.104.233.225:8080

# Reference: https://twitter.com/malware_traffic/status/1199754976748359680

178.63.78.150:8080
192.161.190.171:8080
80.93.48.49:7080

# Reference: https://twitter.com/malware_traffic/status/1199787380477235201

149.202.153.251:8080
222.239.249.166:443
50.63.13.135:8080
80.211.32.88:8080
82.145.43.153:8080
92.119.123.10:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1200047745307951105
# Reference: https://pastebin.com/raw/Sk3z09G0

116.48.142.21:443
12.229.155.122:80
120.150.246.241:80
121.175.14.59:990
125.230.36.147:443
128.65.154.183:443
144.139.56.105:80
164.68.101.171:80
165.228.24.197:80
172.90.70.168:443
177.103.201.23:80
187.144.236.211:443
187.250.92.82:80
190.101.87.170:80
195.244.215.206:80
197.254.221.174:80
2.38.99.79:80
202.226.238.55:80
220.146.36.244:80
41.218.118.66:80
47.187.70.124:443
5.88.182.250:80
72.27.212.209:8080
77.211.249.124:80
77.241.53.234:80
78.15.114.100:80
81.213.145.45:443
85.105.183.228:443
91.73.197.90:80
95.219.199.225:80

# Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/
# Reference: https://www.virustotal.com/gui/ip-address/190.12.119.180/relations

190.12.119.180:443

# Reference: https://twitter.com/Cryptolaemus1/status/1200388377805279232
# Reference: https://pastebin.com/raw/tKXqac1m

101.187.247.29:80
107.2.2.28:80
109.166.89.91:80
110.143.18.92:80
116.48.138.115:80
118.200.218.193:443
118.201.230.249:80
122.11.164.183:80
186.215.101.106:80
187.233.220.93:443
189.180.105.125:443
190.12.119.180:443
195.191.107.67:80
197.90.159.42:80
200.71.193.220:443
201.183.251.100:80
211.218.105.101:80
213.179.105.214:8080
47.50.251.130:80
60.53.3.153:8080
80.21.182.46:80
80.29.54.20:80
83.110.107.243:443
85.130.127.2:80
98.196.49.107:80

# Reference: https://twitter.com/peric0/status/1200535559615201285
# Reference: https://app.any.run/tasks/92158989-24e1-43df-9cc1-958aadacdce8/

31.41.221.148:80
5.63.8.237:443
88.198.60.25:80
95.216.124.146:443
artnkrafts.com
arvinhayat.com
mototorg.com
peruorganiconatural.com
primekala.com

# Reference: https://twitter.com/luc4m/status/1201929340717547520
# Reference: https://pastebin.com/tk8Wj4ya

104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
110.143.18.92:80
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
121.175.14.59:990
125.99.61.162:7080
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
14.160.93.230:80
142.127.57.63:8080
142.93.114.137:8080
144.139.56.105:80
149.62.173.247:8080
154.120.227.206:8080
159.203.204.126:8080
163.172.40.218:7080
172.104.233.225:8080
178.79.163.131:8080
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
181.36.42.205:443
181.61.143.177:80
182.48.194.6:8090
183.82.97.25:80
185.86.148.222:8080
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
189.173.113.67:443
190.102.226.91:80
190.146.131.105:8080
190.17.42.79:80
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
190.38.14.52:80
190.4.50.26:80
190.97.30.167:990
191.103.76.34:443
2.38.99.79:80
200.113.106.18:80
200.123.101.90:80
200.124.225.32:80
200.58.83.179:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
203.130.0.69:80
203.25.159.3:8080
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
213.189.36.51:8080
217.199.160.224:8080
37.132.193.19:8080
45.79.95.107:443
46.101.212.195:8080
46.28.111.142:7080
47.146.42.234:80
47.187.70.124:443
5.196.35.138:7080
50.28.51.143:8080
51.255.165.160:8080
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
77.241.53.234:80
77.55.211.77:8080
80.29.54.20:80
80.85.87.122:8080
81.213.215.216:50000
82.196.15.205:8080
82.8.232.51:80
85.234.143.94:8080
86.42.166.147:80
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
95.179.195.74:80
96.20.84.254:7080
98.196.49.107:80

# Reference: https://app.any.run/tasks/5275f984-a656-41d5-b031-496accf03e4b/

105.227.58.49:80

# Reference: https://pastebin.com/jfsfQ6Cq

1.32.54.12:8080
103.122.75.218:80
103.9.145.19:8080
110.142.161.90:80
113.52.135.33:7080
115.179.91.58:80
119.159.150.176:443
122.11.164.183:80
123.142.37.165:80
124.150.175.129:8080
124.150.175.133:80
138.197.140.163:8080
142.93.87.198:8080
143.95.101.72:8080
152.169.32.143:8080
162.144.46.90:8080
163.172.97.112:8080
172.104.70.207:8080
172.105.213.30:80
172.90.70.168:443
174.57.150.13:8080
176.58.93.123:80
177.103.201.23:80
178.134.1.238:80
181.197.108.171:443
181.44.166.242:80
181.47.235.26:993
182.176.116.139:995
186.215.101.106:80
186.66.224.182:990
187.177.155.123:990
187.233.220.93:443
187.250.92.82:80
188.230.134.205:80
189.225.211.171:443
189.61.200.9:443
190.101.87.170:80
190.161.67.63:80
190.171.135.235:80
190.189.79.73:80
190.5.162.204:80
191.100.24.201:50000
192.161.190.171:8080
192.163.221.191:8080
192.210.217.94:8080
192.241.220.183:8080
193.33.38.208:443
195.191.107.67:80
198.57.217.170:8080
200.71.112.158:53
201.183.251.100:80
201.196.15.79:990
210.111.160.220:80
210.224.65.117:80
211.218.105.101:80
212.112.113.235:80
212.129.14.27:8080
216.75.37.196:8080
221.154.59.110:80
23.253.207.142:8080
24.27.122.202:80
24.28.178.71:80
37.59.24.25:8080
41.218.118.66:80
41.77.74.214:443
45.129.121.222:443
46.105.128.215:8080
46.105.131.68:8080
46.17.6.116:8080
5.189.148.98:8080
50.116.78.109:8080
51.38.134.203:8080
58.93.151.148:80
60.53.3.153:8080
67.171.182.231:80
67.254.196.78:443
69.30.205.162:7080
72.27.212.209:8080
72.69.99.47:80
77.245.12.212:80
78.186.102.195:80
78.46.87.133:8080
81.213.145.45:443
81.82.247.216:80
82.79.244.92:80
83.110.107.243:443
83.156.88.159:80
83.99.211.160:80
85.105.183.228:443
85.109.190.235:443
86.6.123.109:80
89.215.225.15:80
91.117.31.181:80
95.216.207.86:7080
95.216.212.157:8080
98.15.140.226:80

# Reference: https://twitter.com/Jouliok/status/1204348553117798400
# Reference: https://app.any.run/tasks/af64addf-eaec-4936-8ae1-49de48511547/

bigbizyou.fr

# Reference: https://www.virustotal.com/gui/file/d7fa60d982e84f82f1e310801990591ad9d518921d338e0d6045555cd9a55abb/detection

http://12.176.19.218

# Reference: https://twitter.com/luc4m/status/1204102158012100608
# Reference: https://pastebin.com/B5R4ggig

104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
125.99.61.162:7080
130.45.45.31:80
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
14.160.93.230:80
142.127.57.63:8080
142.93.114.137:8080
144.139.56.105:80
144.2.165.179:80
149.135.123.65:80
149.62.173.247:8080
159.203.204.126:8080
163.172.40.218:7080
172.104.233.225:8080
178.79.163.131:8080
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
181.36.42.205:443
181.61.143.177:80
183.82.97.25:80
185.160.212.3:80
185.86.148.222:8080
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
190.102.226.91:80
190.146.131.105:8080
190.17.42.79:80
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
190.38.14.52:80
190.4.50.26:80
190.97.30.167:990
191.103.76.34:443
2.139.158.136:443
2.38.99.79:80
2.44.167.52:80
200.119.11.118:443
200.123.101.90:80
200.124.225.32:80
200.58.83.179:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
202.186.240.165:8080
203.130.0.69:80
203.25.159.3:8080
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
217.199.160.224:8080
37.183.121.32:80
45.50.177.164:80
45.79.95.107:443
46.101.212.195:8080
46.28.111.142:7080
47.146.42.234:80
47.187.70.124:443
5.196.35.138:7080
5.88.27.67:8080
50.28.51.143:8080
51.255.165.160:8080
58.171.181.213:80
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.129.203.162:443
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
77.241.53.234:80
77.55.211.77:8080
79.31.85.103:80
80.29.54.20:80
80.85.87.122:8080
82.196.15.205:8080
82.8.232.51:80
83.165.163.225:80
85.234.143.94:8080
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
93.67.154.252:443
95.179.195.74:80
96.126.121.64:443
96.20.84.254:7080
96.61.113.203:80
98.196.49.107:80

# Reference: https://app.any.run/tasks/3f80a1bc-55d1-444b-9000-327db827ef8a

cigpcl.com
http://85.152.208.146
http://68.174.15.223

# Reference: https://twitter.com/Sentry_23/status/1204371815591817216

162.241.92.219:8080

# Reference: https://twitter.com/luc4m/status/1204453473015586816
# Reference: https://pastebin.com/LPpTsymc

2.44.167.52:80
2.139.158.136:443
5.88.27.67:8080
5.196.35.138:7080
14.160.93.230:80
37.183.121.32:80
45.50.177.164:80
45.79.95.107:443
46.28.111.142:7080
46.101.212.195:8080
47.146.42.234:80
47.187.70.124:443
50.28.51.143:8080
51.255.165.160:8080
58.171.181.213:80
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.129.203.162:443
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
76.221.133.146:80
77.55.211.77:8080
77.241.53.234:80
79.31.85.103:80
80.29.54.20:80
80.85.87.122:8080
82.8.232.51:80
82.196.15.205:8080
83.165.163.225:80
85.234.143.94:8080
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.83.93.124:7080
91.204.163.19:8090
91.205.215.57:7080
93.67.154.252:443
95.179.195.74:80
96.20.84.254:7080
96.61.113.203:80
96.126.121.64:443
98.196.49.107:80
104.33.129.244:80
104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
125.99.61.162:7080
130.45.45.31:80
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
142.93.114.137:8080
142.127.57.63:8080
144.2.165.179:80
144.139.56.105:80
149.62.173.247:8080
149.135.123.65:80
159.203.204.126:8080
163.172.40.218:7080
172.90.70.168:8080
172.104.233.225:8080
178.79.163.131:8080
181.36.42.205:443
181.61.143.177:80
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
183.82.97.25:80
184.184.202.167:443
185.86.148.222:8080
185.160.212.3:80
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
190.4.50.26:80
190.17.42.79:80
190.38.14.52:80
190.97.30.167:990
190.102.226.91:80
190.146.131.105:8080
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
191.103.76.34:443
200.58.83.179:80
200.119.11.118:443
200.123.101.90:80
200.124.225.32:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
202.186.240.165:8080
203.25.159.3:8080
203.130.0.69:80
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
217.199.160.224:8080

# Reference: https://twitter.com/pollo290987/status/1205363829678518273

/fhdr1acb63nl723f_9uy53v64/index.php

# Reference: https://twitter.com/malware_traffic/status/1205171614788313101

96.234.38.186:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1205506348936548353
# Reference: https://pastebin.com/KaWyyr31

1.33.230.137:80
100.14.117.137:80
101.187.134.207:443
101.187.247.29:80
103.86.49.11:8080
104.131.11.150:8080
104.131.44.150:8080
104.236.246.93:8080
104.237.155.168:443
105.227.35.51:80
107.170.24.125:8080
107.2.2.28:80
108.179.206.219:8080
108.191.2.72:80
110.142.38.16:80
110.143.57.109:80
110.143.84.202:80
116.48.142.21:443
12.176.19.218:80
12.229.155.122:80
120.150.246.241:80
128.65.154.183:443
138.59.177.106:443
139.130.241.252:443
144.139.247.220:80
149.202.153.252:8080
159.65.25.128:8080
165.227.156.155:443
165.228.24.197:80
167.114.242.226:8080
167.71.10.37:8080
167.99.105.223:7080
169.239.182.217:8080
173.91.11.142:80
176.106.183.253:8080
176.31.200.130:8080
178.209.71.63:8080
178.210.51.222:8080
179.13.185.19:80
181.57.193.14:80
182.176.132.213:8090
183.102.238.69:465
183.102.238.69:80
186.67.208.78:8080
186.75.241.230:80
188.152.7.140:80
189.209.217.49:80
190.12.119.180:443
190.147.215.53:22
190.220.19.82:443
190.226.44.20:21
190.53.135.159:21
192.241.255.77:8080
195.244.215.206:80
197.254.221.174:80
2.235.190.23:8080
2.38.99.79:80
200.7.243.108:443
201.173.217.124:443
201.184.105.242:443
201.251.133.92:443
206.189.112.148:8080
206.81.10.215:8080
206.81.10.215:80
209.141.54.221:8080
209.97.168.52:8080
210.6.85.121:80
211.63.71.72:8080
212.129.24.79:8080
212.64.171.206:80
217.160.182.191:8080
218.44.21.114:80
24.45.193.161:7080
31.131.182.30:80
31.172.240.91:8080
31.31.77.83:443
37.157.194.134:443
37.59.24.177:8080
45.33.49.124:443
45.51.40.140:80
45.56.88.91:443
46.105.131.87:80
47.156.70.145:80
47.6.15.79:443
47.6.15.79:80
5.196.74.210:8080
5.88.182.250:80
50.116.86.205:8080
58.171.42.66:8080
59.103.164.174:80
61.197.110.214:80
62.75.187.192:8080
64.147.15.138:80
64.53.242.181:8080
66.34.201.20:7080
66.76.63.99:80
67.225.179.64:8080
68.118.26.116:80
70.175.171.251:80
73.11.153.178:8080
73.176.241.255:80
73.214.99.25:80
74.105.102.97:8080
75.80.148.244:80
78.24.219.147:8080
80.21.182.46:80
81.0.63.86:8080
82.155.161.203:80
83.136.245.190:8080
85.72.180.68:80
86.98.156.239:443
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
91.205.215.66:8080
91.73.197.90:80
92.222.216.44:8080
93.147.141.5:80
95.128.43.213:8080
98.24.231.64:80

# Reference: https://twitter.com/VK_Intel/status/1206497909858078720
# Reference: https://www.virustotal.com/gui/file/de8f44a132a0968356621c69413840b6b259e1d8c7c0708cda5e3b62be4eb787/detection

91.121.89.129:8443

# Reference: https://twitter.com/matte_lodi/status/1207575386835607552

http://63.248.198.8
proyectoin.com

# Reference: https://twitter.com/malware_traffic/status/1208205659466092544

24.181.125.62:80

# Reference: https://pastebin.com/4VENH618

1.215.28.101:8080
1.217.126.11:443
1.221.254.82:80
100.14.117.137:80
101.187.134.207:443
101.187.247.29:80
103.108.146.195:80
103.86.49.11:8080
104.131.11.150:8080
104.131.44.150:8080
104.131.58.132:8080
104.137.176.186:80
104.236.137.72:8080
104.236.246.93:8080
105.209.235.113:8080
107.170.24.125:8080
108.179.206.219:8080
108.184.9.44:80
108.191.2.72:80
108.20.69.44:80
109.169.86.13:8080
110.142.161.90:443
110.142.161.90:80
110.142.38.16:80
110.143.84.202:80
110.170.65.146:80
110.2.118.164:80
112.186.195.176:80
112.218.134.227:80
113.190.254.245:80
113.52.135.33:7080
113.61.76.239:80
114.109.179.60:80
114.179.127.48:80
115.179.91.58:80
116.48.142.21:443
118.36.70.245:80
119.59.124.163:8080
12.176.19.218:80
120.150.246.241:80
120.150.247.164:80
120.151.135.224:80
120.51.83.89:443
121.88.5.176:443
122.116.104.238:7080
124.150.175.129:8080
124.150.175.133:80
125.99.61.162:7080
128.65.154.183:443
136.243.250.34:8080
138.122.5.214:8080
138.197.140.163:8080
138.59.177.106:443
138.68.106.4:7080
139.130.241.252:443
139.130.242.43:80
139.162.118.88:8080
139.162.183.41:443
139.59.12.63:8080
14.160.93.230:80
14.161.30.33:443
14.201.35.38:80
142.93.114.137:8080
142.93.87.198:8080
144.139.247.220:80
144.139.56.105:80
144.139.91.187:80
144.217.117.207:8080
149.202.153.252:8080
149.62.173.247:8080
151.237.36.220:80
154.120.227.190:443
156.155.163.232:80
157.7.164.178:8081
158.69.167.246:8080
159.203.204.126:8080
159.65.25.128:8080
159.69.89.130:8080
160.119.153.20:80
160.16.215.66:8080
162.144.46.90:8080
163.172.40.218:7080
163.172.97.112:8080
165.100.148.200:8080
165.227.156.155:443
165.228.195.93:80
167.71.10.37:8080
167.99.105.223:7080
168.235.67.138:8080
168.235.82.183:8080
169.239.182.217:8080
172.104.70.207:8080
173.12.14.133:8080
173.21.26.90:80
173.247.19.238:80
173.66.96.135:80
173.91.11.142:80
174.77.190.137:8080
174.81.132.128:80
175.103.239.50:80
175.114.178.83:443
175.127.140.68:80
176.106.183.253:8080
176.31.200.130:8080
176.58.93.123:80
177.103.159.44:80
177.103.240.93:80
177.144.130.105:443
177.180.115.224:80
177.242.21.126:80
177.34.142.163:80
178.134.1.238:80
178.153.176.124:80
178.210.51.222:8080
178.237.139.83:8080
178.32.255.133:443
178.63.78.150:8080
178.79.163.131:8080
179.13.185.19:80
179.159.198.70:80
179.208.84.218:8080
179.5.118.12:8080
180.33.6.136:443
180.92.239.110:8080
181.10.204.106:80
181.126.70.117:80
181.167.35.84:80
181.196.27.123:80
181.198.203.45:443
181.231.220.232:80
181.36.42.205:443
181.53.29.136:8080
181.61.143.177:80
182.176.116.139:995
182.176.132.213:8090
182.187.137.199:8080
183.101.175.193:80
183.102.238.69:465
183.87.40.21:8080
183.99.239.141:80
184.167.148.162:80
185.144.138.190:80
185.160.212.3:80
185.160.229.26:80
185.192.75.240:443
185.244.167.25:443
185.86.148.222:8080
186.15.83.52:8080
186.177.174.163:80
186.4.172.5:8080
186.67.208.78:8080
186.68.48.204:443
186.75.241.230:80
186.84.173.136:8080
187.188.166.192:8080
187.250.92.82:80
187.54.225.76:80
187.72.47.161:443
188.0.135.237:80
188.135.15.49:80
188.152.7.140:80
188.216.24.204:80
188.218.104.226:80
188.251.213.180:443
189.159.115.178:8080
189.19.81.181:443
189.201.197.98:8080
189.203.177.41:443
189.225.211.171:443
189.26.118.194:80
189.61.200.9:443
190.100.153.162:443
190.115.18.139:8080
190.117.226.104:80
190.12.119.180:443
190.151.5.130:443
190.161.180.184:80
190.161.67.63:80
190.162.159.212:80
190.17.44.48:80
190.17.94.108:443
190.171.135.235:80
190.171.153.139:80
190.186.164.23:80
190.189.224.117:443
190.201.144.85:7080
190.210.184.138:995
190.210.236.139:80
190.219.149.236:80
190.220.19.82:443
190.231.210.35:80
190.231.42.130:80
190.38.152.143:80
190.38.252.45:443
190.47.236.83:80
190.5.162.204:80
190.53.135.159:21
190.55.181.54:443
190.74.246.158:8080
190.93.210.113:80
191.100.24.201:50000
191.103.76.34:443
191.183.21.190:80
192.161.190.171:8080
192.163.221.191:7080
192.210.217.94:8080
192.241.146.84:8080
192.241.220.183:8080
192.241.241.221:443
192.241.255.77:8080
193.33.38.208:443
195.201.56.70:8080
195.244.215.206:80
197.94.32.129:8080
198.199.112.197:8080
198.46.150.196:7080
198.57.217.170:7080
2.235.190.23:8080
2.237.76.249:80
2.38.99.79:80
2.42.173.240:80
2.45.112.134:80
2.47.112.72:80
200.114.167.85:80
200.116.145.225:443
200.119.11.118:443
200.123.183.137:443
200.124.225.32:80
200.21.90.5:443
200.41.121.69:443
200.45.187.90:80
200.55.53.7:80
200.58.83.179:80
200.82.170.231:80
200.82.88.254:80
201.137.247.222:443
201.173.217.124:443
201.183.251.100:80
201.184.105.242:443
201.196.15.79:990
201.213.32.59:80
202.62.39.111:80
203.124.57.50:80
203.130.0.69:80
203.153.216.178:7080
203.160.173.202:80
203.25.159.3:8080
206.189.112.148:8080
206.81.10.215:8080
207.154.204.40:8080
209.141.54.221:8080
209.146.22.34:443
209.97.168.52:8080
210.111.160.220:80
210.171.146.118:80
210.224.65.117:80
210.6.85.121:80
211.42.204.154:80
211.48.165.9:443
211.63.71.72:8080
212.112.113.235:80
212.129.14.27:8080
212.237.50.61:8080
212.253.82.142:443
212.71.237.140:8080
216.251.83.79:80
216.75.37.196:8080
217.12.70.226:80
217.160.182.191:8080
217.181.139.237:443
217.199.160.224:8080
219.75.66.103:80
219.78.255.48:80
220.255.57.31:80
220.78.29.88:80
221.154.59.110:80
223.255.148.134:80
23.253.207.142:8080
24.105.202.216:443
24.181.125.62:80
24.28.178.71:80
24.94.237.248:80
31.172.240.91:8080
31.177.54.196:443
31.31.77.83:443
37.120.185.153:443
37.157.194.134:443
37.187.6.63:8080
37.46.129.215:8080
37.59.24.177:8080
37.59.24.25:8080
37.70.131.107:80
41.111.190.94:80
41.185.29.128:8080
41.60.200.34:80
41.77.74.214:443
42.51.192.231:8080
45.33.49.124:443
45.51.40.140:80
45.79.95.107:443
45.8.136.201:80
46.101.212.195:8080
46.101.7.140:8080
46.105.131.68:8080
46.105.131.87:80
46.17.6.116:8080
46.216.60.138:80
46.28.111.142:7080
46.32.229.152:8080
47.149.28.234:80
47.153.183.211:80
47.156.70.145:80
47.6.15.79:443
47.6.15.79:80
5.154.58.24:80
5.178.245.100:80
5.189.148.98:8080
5.196.35.138:7080
5.196.74.210:8080
5.32.55.214:80
5.88.27.67:8080
50.116.78.109:8080
50.116.86.205:8080
50.28.51.143:8080
51.159.23.217:443
51.255.165.160:8080
51.38.134.203:8080
51.77.113.97:8080
58.162.218.151:80
58.171.38.26:80
58.171.42.66:8080
58.185.224.18:80
59.103.164.174:80
59.120.5.154:80
59.148.227.190:80
59.158.164.66:443
59.8.197.241:80
60.231.217.199:8080
62.138.26.28:8080
62.15.36.103:443
62.75.143.100:7080
62.75.160.178:8080
62.75.187.192:8080
63.248.198.8:80
64.147.15.138:80
64.53.242.181:8080
66.209.97.122:8080
66.229.161.86:443
66.25.34.20:80
66.34.201.20:7080
67.225.179.64:8080
67.254.196.78:443
68.118.26.116:80
68.174.15.223:80
68.183.170.114:8080
68.183.190.199:8080
68.187.160.28:443
69.14.208.221:80
69.163.33.84:8080
69.30.205.162:7080
70.169.53.234:80
70.175.171.251:80
70.46.247.81:80
71.83.82.123:8080
72.27.212.209:8080
72.29.55.174:80
72.51.153.27:80
73.11.153.178:8080
73.214.99.25:80
73.217.39.73:80
73.60.8.210:80
74.105.102.97:8080
74.79.103.55:80
75.127.72.18:8080
75.86.6.174:80
76.164.99.46:80
77.55.211.77:8080
78.186.102.195:80
78.189.165.52:8080
78.189.60.109:443
78.210.132.35:80
78.24.219.147:8080
78.46.87.133:8080
79.159.249.152:80
79.7.114.1:80
79.7.158.208:80
80.11.158.65:8080
81.82.247.216:80
82.146.55.23:7080
82.165.15.188:8080
82.196.15.205:8080
82.27.181.93:80
82.79.244.92:80
82.8.232.51:80
83.156.88.159:80
83.165.78.227:80
83.248.141.198:80
85.100.122.211:80
85.109.190.235:443
85.152.174.56:80
85.152.208.146:80
85.235.219.74:80
85.67.10.190:80
86.42.166.147:80
86.98.156.239:443
87.106.136.232:8080
87.106.139.101:8080
87.106.46.107:8080
87.106.77.40:7080
87.230.19.21:8080
87.9.181.247:80
88.247.26.78:80
88.248.140.80:80
88.249.120.205:80
88.249.181.198:443
89.215.225.15:80
91.117.131.122:80
91.117.159.233:80
91.117.31.181:80
91.117.83.59:80
91.191.206.60:443
91.205.173.150:8080
91.205.215.57:7080
91.205.215.66:443
91.73.197.90:80
91.74.175.46:80
91.83.93.103:443
91.83.93.124:7080
92.16.222.156:80
92.222.216.44:8080
93.144.226.57:80
93.147.141.5:80
94.200.114.162:80
94.200.126.42:80
94.203.236.122:80
95.128.43.213:8080
95.130.37.244:443
95.216.207.86:7080
95.216.212.157:8080
95.9.217.200:8080
96.61.113.203:80
97.120.32.227:80
98.15.140.226:80
98.156.206.153:80
98.178.241.106:80
98.30.113.161:80
99.252.27.6:80

# Reference: https://twitter.com/luc4m/status/1217152651046948864
# Reference: https://pastebin.com/KGF4uy28

104.131.58.132:8080
109.169.86.13:8080
110.142.161.90:443
110.170.65.146:80
113.190.254.245:80
113.61.76.239:80
114.109.179.60:80
118.36.70.245:80
119.59.124.163:8080
120.150.247.164:80
125.99.61.162:7080
138.68.106.4:7080
139.162.118.88:8080
14.160.93.230:80
14.201.35.38:80
142.93.114.137:8080
144.139.56.105:80
149.62.173.247:8080
151.237.36.220:80
151.80.142.33:80
152.231.89.226:80
159.65.241.220:8080
165.228.195.93:80
172.104.169.32:8080
175.114.178.83:443
177.103.159.44:80
177.242.21.126:80
177.34.142.163:80
177.92.14.34:80
178.79.163.131:8080
179.208.84.218:8080
181.10.204.106:80
181.129.96.162:990
181.167.96.215:80
181.231.220.232:80
181.30.61.163:443
181.30.61.163:80
181.36.42.205:443
185.160.212.3:80
185.160.229.26:80
185.86.148.222:8080
185.94.252.12:80
186.15.52.123:80
186.15.83.52:8080
186.68.48.204:443
187.188.166.192:8080
187.54.225.76:80
188.135.15.49:80
189.19.81.181:443
189.201.197.98:8080
189.26.118.194:80
190.100.153.162:443
190.151.5.130:443
190.17.44.48:80
190.186.164.23:80
190.191.82.216:80
190.195.129.227:8090
190.210.184.138:995
190.210.236.139:80
190.219.149.236:80
191.103.76.34:443
191.183.21.190:80
192.241.143.52:8080
192.241.146.84:8080
2.42.173.240:80
2.45.112.134:80
2.47.112.72:80
200.123.183.137:443
200.45.187.90:80
200.55.53.7:80
200.58.83.179:80
201.213.100.141:8080
201.213.32.59:80
202.62.39.111:80
203.130.0.69:80
203.25.159.3:8080
207.154.204.40:8080
212.71.237.140:8080
216.251.83.79:80
217.199.160.224:8080
37.120.185.153:443
37.187.6.63:8080
45.79.95.107:443
45.8.136.201:80
46.101.212.195:8080
46.28.111.142:7080
5.196.35.138:7080
5.88.27.67:8080
50.28.51.143:8080
58.162.218.151:80
58.171.38.26:80
59.120.5.154:80
62.15.36.103:443
62.75.143.100:7080
62.75.160.178:8080
63.248.198.8:80
68.174.15.223:80
68.183.170.114:8080
68.183.190.199:8080
68.187.160.28:443
69.163.33.84:8080
72.29.55.174:80
76.69.26.71:80
77.55.211.77:8080
79.7.114.1:80
79.7.158.208:80
80.11.158.65:8080
81.16.1.45:80
81.213.78.151:443
82.196.15.205:8080
82.8.232.51:80
83.165.78.227:80
85.105.241.192:80
86.123.138.76:80
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
89.211.114.203:80
91.117.159.233:80
91.205.215.57:7080
91.74.175.46:80
93.144.226.57:80
94.176.234.118:443
94.200.126.42:80
96.61.113.203:80
97.120.32.227:80
99.252.27.6:80

# Reference: https://twitter.com/DFNCERT/status/1218190294769971203
# Reference: https://app.any.run/tasks/59210c37-fda8-41a6-8ab1-0b2eee9d2145/

68.172.243.146:80

# Reference: https://pastebin.com/iniJV48S

1.217.126.11:443
1.221.254.82:80
105.209.235.113:8080
106.248.79.174:80
110.142.161.90:80
110.2.118.164:80
112.186.195.176:80
114.179.127.48:80
122.116.104.238:7080
122.176.116.57:443
122.19.63.27:80
124.150.175.133:80
125.209.114.180:443
139.59.12.63:8080
14.161.30.33:443
142.93.87.198:8080
144.139.91.187:80
144.76.56.36:8080
149.202.153.251:8080
154.73.137.131:80
156.155.163.232:80
157.7.164.178:8081
158.69.167.246:8080
160.119.153.20:80
160.226.171.255:443
162.144.46.90:8080
163.172.107.70:8080
176.58.93.123:80
177.103.240.93:80
177.144.130.105:443
178.33.167.120:8080
179.5.118.12:8080
180.16.248.25:80
181.196.27.123:80
181.39.96.86:443
181.53.29.136:8080
182.176.116.139:995
183.82.123.60:443
183.87.40.21:8080
183.91.3.63:80
185.207.57.205:443
186.147.245.204:80
186.223.86.136:443
186.84.173.136:8080
187.177.155.123:990
187.72.47.161:443
188.251.213.180:443
190.17.94.108:443
190.171.153.139:80
190.201.144.85:7080
190.5.162.204:80
190.93.210.113:80
192.210.217.94:8080
192.241.220.183:8080
192.241.241.221:443
195.201.56.70:8080
196.6.119.137:80
197.94.32.129:8080
200.82.88.254:80
201.183.251.100:80
203.124.57.50:80
203.153.216.178:7080
211.20.154.102:80
211.229.116.130:80
212.112.113.235:80
212.129.14.27:8080
216.75.37.196:8080
220.247.70.174:80
23.253.207.142:8080
24.141.12.228:80
24.70.40.15:8080
37.46.129.215:8080
41.215.79.182:80
41.77.74.214:443
42.51.192.231:8080
46.17.6.116:8080
46.32.229.152:8080
5.178.245.100:80
5.196.200.208:8080
50.116.78.109:8080
51.38.134.203:8080
51.77.113.97:8080
58.185.224.18:80
58.92.179.55:443
59.135.126.129:443
60.130.173.117:80
60.152.212.149:80
61.204.119.188:443
61.221.152.140:80
67.254.196.78:443
69.14.208.221:80
70.45.30.28:80
72.27.212.209:8080
75.127.14.170:8080
75.86.6.174:80
76.11.76.47:80
76.185.136.132:80
76.87.58.38:80
77.74.78.80:443
78.101.95.172:80
78.186.102.195:80
78.188.170.128:80
78.189.165.52:8080
78.189.60.109:443
78.210.132.35:80
78.46.87.133:8080
80.211.32.88:8080
81.82.247.216:80
82.146.55.23:7080
82.165.15.188:8080
85.100.122.211:80
85.109.190.235:443
88.225.230.33:80
88.247.53.159:443
88.248.140.80:80
88.249.181.198:443
89.215.225.15:80
91.117.131.122:80
91.117.31.181:80
91.73.169.210:80
91.83.93.103:443
95.130.37.244:443
95.216.207.86:7080
95.9.217.200:8080
98.15.140.226:80
98.178.241.106:80
98.192.74.164:80

# Reference: https://app.any.run/tasks/9056d965-915a-498a-83bc-a750fc0389f2/
# Reference: https://www.virustotal.com/gui/ip-address/98.199.196.197/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.85.143.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.223.215.190/relations

98.199.196.197:80
188.85.143.170:80
195.223.215.190:80
testtaglabel.com/wp-includes/LqYA88863/
xishicanting.com/wp-admin/jIx/

# Reference: https://app.any.run/tasks/881f5580-7cee-4156-bc70-d9592d526345/
# Reference: https://www.virustotal.com/gui/ip-address/113.61.76.239/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.62.245.148/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.242.136.103/relations

salman.vetkare.com/dashboard/ccABOH4/
113.61.76.239:80
68.62.245.148:80
91.242.136.103:80

# Reference: https://twitter.com/Jouliok/status/1219952503032250368
# Reference: https://app.any.run/tasks/4092920b-325b-494e-b00e-edc0b494c2d8/
# Reference: https://www.virustotal.com/gui/ip-address/68.114.229.171/relations
# Reference: https://www.virustotal.com/gui/ip-address/74.101.225.121/relations

68.114.229.171:80
74.101.225.121:80
74.101.225.121:443

# Reference: https://www.virustotal.com/gui/ip-address/72.186.137.156/relations

72.186.137.156:80

# Reference: https://www.virustotal.com/gui/ip-address/66.7.242.50/relations

66.7.242.50:80
66.7.242.50:8080

# Reference: https://twitter.com/gibbersen/status/1220405804106420225

186.177.165.196:443

# Reference: https://www.virustotal.com/gui/ip-address/177.103.157.126/relations

177.103.157.126:80

# Reference: https://app.any.run/tasks/effd2c56-edcc-4ae8-9643-7265de85ceea/
# Reference: https://app.any.run/tasks/8e35de27-f9d8-4d2f-bb83-7cad61d10e69/

70.184.9.39:8080
108.6.140.26:80
207.180.227.229:8080

# Reference: https://pastebin.com/E2VjnVCx

167.71.10.37:8080
37.157.194.134:443
217.199.160.224:8080
192.241.255.77:8080
31.31.77.83:443
108.191.2.72:80
185.160.212.3:80
70.175.171.251:80
67.254.196.78:443
66.34.201.20:7080
37.46.129.215:8080
79.7.114.1:80
110.143.84.202:80
110.2.118.164:80
203.153.216.178:7080
45.8.136.201:80
217.12.70.226:80
190.17.94.108:443
82.165.15.188:8080
165.228.195.93:80
187.188.166.192:8080
181.231.220.232:80
98.156.206.153:80
173.21.26.90:80
200.55.53.7:80
91.117.159.233:80
110.142.161.90:443
173.66.96.135:80
47.153.183.211:80
41.60.200.34:80
98.30.113.161:80
79.159.249.152:80
189.203.177.41:443
190.117.226.104:80
70.169.53.234:80
91.73.169.210:80
200.82.88.254:80
85.105.241.192:80
27.109.153.201:8090
41.215.79.182:80
106.248.79.174:80
77.74.78.80:443
172.104.169.32:8080
91.250.96.22:8080
95.213.236.64:8080
66.7.242.50:8080
72.186.137.156:80
197.89.27.26:8080
115.95.6.218:443
61.204.119.188:443
70.123.95.180:80
201.236.135.104:443
61.37.31.243:80
189.159.112.237:8080
76.104.80.47:80
64.66.6.71:8080
115.65.111.148:443
104.131.44.150:8080
78.24.219.147:8080
92.222.216.44:8080
46.105.131.87:80
182.176.132.213:8090
211.63.71.72:8080
5.196.74.210:8080
104.236.246.93:8080
87.106.139.101:8080
87.106.136.232:8080
190.53.135.159:21
149.202.153.252:8080
62.75.187.192:8080
45.33.49.124:443
95.128.43.213:8080
159.65.25.128:8080
31.172.240.91:8080
201.184.105.242:443
59.103.164.174:80
104.131.11.150:8080
169.239.182.217:8080
217.160.182.191:8080
87.230.19.21:8080
176.58.93.123:80
192.241.220.183:8080
216.75.37.196:8080
95.216.207.86:7080
212.112.113.235:80
157.7.164.178:8081
51.38.134.203:8080
68.183.190.199:8080
178.79.163.131:8080
87.106.77.40:7080
62.75.143.100:7080
62.75.160.178:8080
203.25.159.3:8080
138.68.106.4:7080
149.62.173.247:8080
91.83.93.124:7080
212.71.237.140:8080
181.29.101.13:8080
185.86.148.222:8080
86.42.166.147:80
181.36.42.205:443
68.183.170.114:8080
119.59.124.163:8080
50.28.51.143:8080
82.196.15.205:8080
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
151.80.142.33:80
91.205.215.57:7080
77.55.211.77:8080
109.169.86.13:8080
78.186.5.109:443
190.17.44.48:80
200.58.83.179:80
159.65.241.220:8080
186.15.83.52:8080
64.53.242.181:8080
70.45.30.28:80
149.202.153.251:8080
46.105.131.69:443
46.32.229.152:8080
89.32.150.160:8080
105.247.123.133:8080
41.185.29.128:8080
69.163.33.84:8080
45.79.95.107:443
23.253.207.142:8080
172.104.70.207:8080
201.213.32.59:80
211.229.116.130:80
183.102.238.69:465
142.93.87.198:8080
142.93.114.137:8080
207.154.204.40:8080
190.210.184.138:995
217.160.19.232:8080
187.177.155.123:990
50.116.78.109:8080
78.46.87.133:8080
46.17.6.116:8080
162.144.46.90:8080
212.129.14.27:8080
190.195.129.227:8090
203.130.0.69:80
209.97.168.52:8080
50.116.86.205:8080
182.176.116.139:995
206.189.112.148:8080
206.81.10.215:8080
190.186.164.23:80
186.68.48.204:443
191.103.76.34:443
50.63.13.135:8080
144.139.56.105:80
195.244.215.206:80
120.150.246.241:80
91.73.197.90:80
72.27.212.209:8080
190.12.119.180:443
201.183.251.100:80
190.5.162.204:80
108.179.206.219:8080
69.30.205.162:7080
210.111.160.220:80
192.210.217.94:8080
81.82.247.216:80
82.79.244.92:80
89.215.225.15:80
72.29.55.174:80
188.216.24.204:80
82.8.232.51:80
5.88.27.67:8080
87.106.46.107:8080
110.142.161.90:80
78.186.102.195:80
139.130.241.252:443
58.171.42.66:8080
210.6.85.121:80
201.173.217.124:443
98.15.140.226:80
41.77.74.214:443
91.117.31.181:80
85.109.190.235:443
209.141.54.221:8080
73.11.153.178:8080
68.174.15.223:80
2.42.173.240:80
47.156.70.145:80
175.127.140.68:80
139.59.12.63:8080
185.244.167.25:443
158.69.167.246:8080
42.51.192.231:8080
91.74.175.46:80
139.162.118.88:8080
37.120.185.153:443
192.241.146.84:8080
103.86.49.11:8080
94.200.114.162:80
47.6.15.79:80
47.6.15.79:443
91.117.131.122:80
177.103.240.93:80
179.13.185.19:80
190.220.19.82:443
88.247.26.78:80
82.146.55.23:7080
37.70.131.107:80
51.77.113.97:8080
113.61.76.239:80
80.11.158.65:8080
99.252.27.6:80
58.185.224.18:80
95.9.217.200:8080
85.152.174.56:80
2.237.76.249:80
91.205.215.66:443
69.14.208.221:80
156.155.163.232:80
185.192.75.240:443
190.100.153.162:443
188.135.15.49:80
85.67.10.190:80
177.144.130.105:443
189.19.81.181:443
2.45.112.134:80
195.223.215.190:80
151.237.36.220:80
121.88.5.176:443
160.16.215.66:8080
62.138.26.28:8080
120.151.135.224:80
178.237.139.83:8080
190.93.210.113:80
197.94.32.129:8080
112.186.195.176:80
191.183.21.190:80
175.114.178.83:443
93.144.226.57:80
58.171.38.26:80
37.187.6.63:8080
110.170.65.146:80
24.105.202.216:443
24.94.237.248:80
98.178.241.106:80
190.171.153.139:80
179.5.118.12:8080
177.242.21.126:80
190.210.236.139:80
200.123.183.137:443
202.62.39.111:80
114.109.179.60:80
113.190.254.245:80
181.10.204.106:80
85.100.122.211:80
78.189.165.52:8080
88.248.140.80:80
105.209.235.113:8080
95.130.37.244:443
45.73.157.243:8080
216.251.83.79:80
62.15.36.103:443
58.162.218.151:80
201.213.100.141:8080
14.201.35.38:80
94.200.126.42:80
59.120.5.154:80
79.7.158.208:80
120.150.247.164:80
188.218.104.226:80
200.82.170.231:80
177.103.159.44:80
189.201.197.98:8080
2.47.112.72:80
190.191.82.216:80
190.219.149.236:80
47.180.91.213:80
181.143.126.170:80
186.86.247.171:443
5.32.55.214:80
200.21.90.5:443
181.126.70.117:80
139.130.242.43:80
223.197.185.60:80
88.249.120.205:80
188.0.135.237:80
180.92.239.110:8080
178.153.176.124:80
190.55.181.54:443
200.116.145.225:443
60.231.217.199:8080
209.146.22.34:443
196.6.119.137:80
1.217.126.11:443
1.221.254.82:80
78.210.132.35:80
203.124.57.50:80
75.86.6.174:80
91.83.93.103:443
78.189.60.109:443
122.116.104.238:7080
144.139.91.187:80
181.196.27.123:80
183.87.40.21:8080
195.201.56.70:8080
188.251.213.180:443
192.241.241.221:443
160.119.153.20:80
14.161.30.33:443
187.72.47.161:443
181.30.61.163:80
186.15.52.123:80
81.213.78.151:443
204.225.249.100:7080
185.94.252.12:80
24.164.79.147:8080
190.117.126.169:80
221.165.123.72:80
37.187.72.193:8080
110.36.217.66:8080
190.146.205.227:8080
183.91.3.63:80
183.82.123.60:443
185.207.57.205:443
125.209.114.180:443
154.73.137.131:80
181.39.96.86:443
60.130.173.117:80
163.172.107.70:8080
5.196.200.208:8080
160.226.171.255:443
82.145.43.153:8080
61.221.152.140:80
122.176.116.57:443
75.127.14.170:8080
78.188.170.128:80
152.231.89.226:80
86.123.138.76:80
192.241.143.52:8080
76.69.26.71:80
200.45.187.90:80
181.167.96.215:80
181.129.96.162:990
81.16.1.45:80
94.176.234.118:443
177.239.160.121:80
78.189.180.107:80
201.229.45.222:8080
105.27.155.182:80
205.185.117.108:8080
62.75.141.82:80
186.147.245.204:80
60.152.212.149:80
88.247.53.159:443
70.184.69.146:80
186.177.165.196:443
139.47.135.215:80
129.205.201.163:80
151.231.7.154:80
78.142.114.69:80
24.141.12.228:80
76.11.76.47:80
220.247.70.174:80
24.196.49.98:80
93.147.141.5:443
72.189.57.105:80
73.239.11.159:80
82.152.149.79:80
186.200.205.170:80
68.172.243.146:80
64.40.250.5:80
101.187.134.207:8080
181.13.24.82:80
101.187.197.33:443
178.20.74.212:80
103.97.95.218:80
60.250.78.22:443
118.185.7.132:80
58.92.179.55:443
180.16.248.25:80
186.223.86.136:443
98.199.196.197:80
100.6.23.40:80
200.71.200.4:443
190.114.244.182:443
190.143.39.231:80
90.69.145.210:8080
101.187.237.217:80
98.192.74.164:80
59.135.126.129:443
24.70.40.15:8080
178.33.167.120:8080
144.76.56.36:8080
88.225.230.33:80
153.183.25.24:80
153.137.36.142:80
182.74.249.74:80
68.62.245.148:80
91.242.136.103:80
76.104.80.47:443
74.130.83.133:80
85.105.205.77:8080
87.81.51.125:80
202.175.121.202:8090
176.9.43.37:8080
5.199.130.105:7080
190.131.167.50:80
124.99.167.65:443
68.114.229.171:80
74.101.225.121:443
152.168.248.128:443
211.192.153.224:80
81.214.253.80:443
180.33.71.88:80
175.181.7.188:80
37.211.67.229:80
177.103.157.126:80
203.45.161.179:443
73.125.15.41:80
185.243.92.42:8080
75.114.235.105:80
78.101.70.199:443
42.200.226.58:80
45.55.65.123:8080
99.229.254.209:80
190.63.7.166:8080
81.214.142.115:80
186.138.186.74:443
190.24.243.186:80
175.139.209.3:8080
108.6.140.26:80
70.184.9.39:8080
222.144.13.169:80
189.212.199.126:443
72.176.87.136:80
150.246.246.238:80
202.229.211.95:80

# Reference: https://app.any.run/tasks/d5d42b37-39d3-4c1d-81f0-f6df25ae4bf9/

195.250.143.182:80
rahatsozluk.com

# Reference: https://app.any.run/tasks/78465443-f40b-48eb-a4ba-9189953a96a2/

190.6.193.152:8080
200.69.224.73:80

# Reference: https://app.any.run/tasks/4d39b07f-4ea9-40ed-a379-e29bc6b924c0/

71.197.197.100:80
24.167.122.146:8080

# Reference: https://app.any.run/tasks/fcc29969-14fe-40d0-b556-167453c0d7b1/
# Reference: https://www.virustotal.com/gui/ip-address/71.126.247.90/relations
# Reference: https://www.virustotal.com/gui/ip-address/98.239.119.52/relations

104.236.28.47:8080
71.126.247.90:80
80.86.91.91:8080
98.239.119.52:80

# Reference: https://twitter.com/malwrhunterteam/status/1226219678579777536

193.26.217.243:443
45.79.223.161:443

# Reference: https://www.virustotal.com/gui/domain/movin.cloud/relations

movin.cloud

# Reference: https://twitter.com/VK_Intel/status/1229512005591207936
# Reference: https://www.virustotal.com/gui/file/2dfc4c92635a2a86c8d70dc0931547f183467038dd95c857d374bdcb107a7d6b/detection

machunion.com/kajsdfogijoig

# Reference: https://twitter.com/James_inthe_box/status/1229520603020873728
# Reference: https://app.any.run/tasks/19018714-6f35-4a7b-9aa7-5783f8bc208b/

mappingskills.com/msdlfkbdkfjb

# Reference: https://app.any.run/tasks/e2544e05-649d-4ef4-8490-26d503c0cf69/

72.44.93.233:8080

# Reference: https://otx.alienvault.com/pulse/5e4e6a0d94a95ceef6df9cec
# Reference: https://www.virustotal.com/gui/ip-address/70.187.114.147/relations

70.187.114.147:80
91.205.215.10:7080
91.205.215.10:80
houloul.org
usaa-unlock.net
shabon.co
usaa-unlock.com

# Reference: https://app.any.run/tasks/edb01a6a-5e48-43f3-833a-e2fb000fbc31/

66.209.97.122:8080
174.77.190.137:8080

# Reference: https://twitter.com/seguridadyredes/status/1234215349454876672/photo/1
# Reference: https://www.virustotal.com/gui/ip-address/51.77.113.102/relations

http://51.77.113.102

# Reference: https://twitter.com/Bitterman59/status/1233487861082677249

arcelik.servisimerkezim.com

# Reference: https://www.virustotal.com/gui/file/fa99feb493d26c540fa722f044930534417a92ddb9b3e3b994702416bce27f38/behavior/Dr.Web%20vxCube

monodoze.com/wp-content/SSlWN/
smartelecttronix.com/wp-includes/pHtVW/
puntoprecisoapp.com/ypb/C3p/
puntoprecisoapp.com/fORZa/ypb/C3p/
tomsnyder.net/Factures/ed/
puntoprecisoapp.com/pSgNQ/ypb/C3p/
themauritiustour.com/9fuc5ls/oPkA/
puntoprecisoapp.com/NRXVg/ypb/C3p/
puntoprecisoapp.com/OQWRh/ypb/C3p/

# Reference: https://www.virustotal.com/gui/domain/blueombrehairstyle.site/relations

blueombrehairstyle.site/wp-admin/WTwFtrmTPyVSnESPjOoYOLtaIc

# Reference: https://www.virustotal.com/gui/file/8ef3a86989c9654cd7b0914ab743459ad98702ea960612c66e331f858a791eb0/behavior/Lastline

uccn.bru.ac.th/wp-content/rfaa0u4/

# Reference: https://app.any.run/tasks/db8063d7-b17b-4d40-88f1-9b4212a48a97/
# Reference: https://www.virustotal.com/gui/ip-address/68.202.51.4/relations

http://68.202.51.4

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Dropper.Emotet-7600941-0)
# Reference: https://www.virustotal.com/gui/ip-address/104.32.141.43/relations
# Reference: https://www.virustotal.com/gui/ip-address/181.61.224.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/189.201.197.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/212.174.57.124/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.75.37.196/relations
# Reference: https://www.virustotal.com/gui/ip-address/74.105.51.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.108.158.234/relations

http://104.32.141.43
http://181.61.224.26
http://189.201.197.106
http://216.75.37.196
http://212.174.57.124
http://74.105.51.75
http://89.108.158.234
189.201.197.106:8080
212.174.57.124:8080
74.105.51.75:8080
89.108.158.234:8080

# Reference: https://twitter.com/tosscoinwitcher/status/1237223974750191616

42.115.22.145:80
95.85.22.63:443

# Reference: https://twitter.com/tosscoinwitcher/status/1237067625106030594
# Reference: https://www.virustotal.com/gui/ip-address/104.236.52.89/relations

http://104.236.52.89
104.236.52.89:8080

# Reference: https://twitter.com/tosscoinwitcher/status/1237469398740303873
# Reference: https://twitter.com/tosscoinwitcher/status/1237499336021299202
# Reference: https://www.virustotal.com/gui/ip-address/1.163.163.199/relations
# Reference: https://www.virustotal.com/gui/file/ed58cad9049c6c4af8029a5f4d087857be4306bcc0b4b3739c74f6caf0a458c8/detection

http://1.163.163.199
http://165.255.105.53

# Reference: https://paste.cryptolaemus.com/emotet/2020/03/12/emotet-c2-rsa-update-03-12-20-1.html

1.163.163.199:80
101.187.97.173:80
102.182.145.130:80
102.22.62.71:80
103.205.177.228:443
103.31.232.93:443
103.61.109.13:80
103.97.95.221:80
104.131.103.37:8080
104.131.11.150:443
104.131.41.185:8080
104.236.161.64:8080
104.238.80.237:8080
104.32.141.43:80
105.224.209.135:443
107.184.91.187:80
109.236.109.159:8080
110.145.124.178:443
110.145.77.103:80
110.37.226.196:80
110.44.113.2:8080
111.67.12.221:8080
112.68.240.21:80
113.160.180.109:80
113.160.235.179:8080
113.160.88.86:443
113.161.148.81:80
113.61.66.94:80
115.65.111.148:80
115.75.6.2:443
115.79.195.246:80
116.73.14.186:80
116.90.228.177:80
116.90.229.22:80
117.2.133.44:443
117.7.236.115:80
118.200.116.83:80
118.69.70.109:80
118.69.71.14:80
12.162.84.2:8080
120.150.142.241:80
120.150.76.215:80
120.151.194.117:80
122.116.104.238:8080
124.150.175.133:443
125.63.106.22:80
130.204.245.137:80
132.248.38.158:80
133.208.252.149:80
136.243.205.112:7080
14.141.203.150:80
14.161.6.60:80
143.0.87.101:80
148.102.77.148:80
152.169.32.195:80
152.170.108.99:443
152.170.196.157:443
152.32.78.6:80
153.160.71.129:53
153.174.73.130:80
154.120.227.190:20
154.120.227.190:80
156.67.114.199:80
161.18.233.114:80
162.255.112.157:443
163.53.180.227:80
164.77.130.222:80
164.77.131.165:80
165.255.105.53:80
168.235.67.138:7080
173.66.242.48:80
173.79.107.84:80
177.139.131.143:443
177.144.135.2:80
177.188.121.26:443
177.6.166.4:80
177.66.190.130:80
177.72.13.80:80
178.62.75.204:8080
179.184.65.222:80
179.232.65.117:80
179.5.118.12:80
181.122.172.67:8080
181.13.24.83:443
181.16.18.72:8080
181.164.25.59:80
181.167.53.79:443
181.225.24.251:80
181.230.116.163:80
181.31.211.181:80
181.54.182.135:80
181.56.163.152:80
181.60.247.8:443
181.61.224.26:80
182.71.222.187:80
182.73.199.226:8080
183.131.156.10:7080
183.91.15.80:8080
185.135.109.128:80
185.155.20.82:80
185.160.212.5:80
185.94.252.104:443
185.94.252.27:443
186.10.92.114:80
186.138.210.130:80
186.167.16.242:80
186.189.228.84:80
186.3.185.206:80
186.3.232.68:80
186.33.141.88:80
187.162.250.23:80
187.188.163.98:80
187.212.208.8:8080
187.241.28.114:80
187.51.47.26:80
189.1.185.248:80
189.14.80.194:443
189.220.246.167:80
189.42.145.34:80
190.111.215.3:8080
190.117.226.104:443
190.128.90.22:80
190.13.215.114:80
190.147.137.153:443
190.17.195.202:80
190.190.134.145:80
190.190.26.188:80
190.194.151.145:80
190.2.31.172:80
190.247.9.40:443
190.57.130.142:443
190.79.103.57:80
195.82.165.181:20
197.94.32.129:20
198.211.121.27:8080
198.58.119.85:8080
199.83.161.218:80
200.108.250.176:80
200.116.191.114:80
200.123.150.89:443
200.123.183.137:80
200.41.121.90:80
200.58.180.130:80
200.7.243.109:443
200.85.110.240:8080
201.155.204.151:80
201.17.193.151:443
202.175.121.202:8443
202.52.247.178:80
203.122.18.234:8080
203.153.216.182:7080
210.56.10.58:80
211.184.5.163:443
211.20.154.102:443
212.174.19.87:80
216.132.25.162:80
220.128.125.18:80
220.132.16.114:80
220.210.163.76:80
23.92.16.164:8080
24.196.13.216:80
24.249.73.48:80
31.146.61.34:80
37.139.21.175:8080
37.208.106.146:8080
37.222.74.104:8080
42.200.178.117:80
42.200.191.247:80
45.55.179.121:8080
47.146.123.171:80
47.156.64.4:80
49.204.68.26:20
5.32.84.54:80
5.39.91.110:7080
5.45.108.146:8080
50.35.17.13:80
54.39.177.43:80
54.39.187.202:443
58.177.172.160:80
59.120.74.106:80
59.20.65.102:80
60.142.249.243:80
61.92.159.208:8080
62.84.75.50:80
64.66.6.71:20
68.183.18.169:8080
70.32.115.157:8080
71.10.114.255:80
71.222.157.155:80
72.10.33.195:8080
72.202.237.228:80
72.231.228.196:80
72.47.248.48:7080
74.130.137.231:80
74.208.45.104:8080
75.133.26.185:80
77.69.8.132:7080
77.90.136.129:8080
79.99.107.130:443
81.215.14.128:80
83.169.21.32:7080
87.252.100.28:80
89.19.20.202:443
90.79.26.91:8080
91.219.169.180:80
91.231.166.124:8080
91.236.4.234:443
91.242.138.11:80
93.114.205.169:80
93.123.22.241:80
93.147.157.195:80
93.51.50.171:8080
94.206.82.254:443
94.76.247.61:8080
95.9.95.101:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/03/30/emotet-c2-rsa-update-03-30-20-1.html

104.182.56.131:443
109.73.110.33:80
110.143.8.89:80
110.37.226.196:443
113.160.130.116:8443
113.161.147.51:80
117.4.120.226:8080
118.70.126.251:443
134.19.217.180:80
149.135.10.19:80
168.197.252.178:80
177.0.241.28:80
177.139.128.221:80
177.230.81.0:22
177.73.3.204:80
179.62.26.236:80
180.222.165.169:80
181.164.215.193:80
181.176.191.27:443
181.228.91.247:443
184.57.130.8:80
186.176.228.2:80
186.208.123.210:443
186.80.169.128:80
187.162.248.237:80
188.129.197.149:80
188.251.213.180:8080
189.154.68.123:143
189.160.15.202:465
189.168.169.129:80
189.253.255.142:80
190.147.165.160:465
190.16.142.187:80
190.160.53.126:80
190.181.235.46:80
190.244.125.144:80
190.251.235.239:80
190.47.227.130:443
2.28.113.59:80
2.47.112.152:80
200.126.237.113:80
200.73.228.225:80
201.214.229.79:80
212.156.219.6:8080
213.243.211.114:80
24.179.13.119:80
24.194.252.25:80
37.210.228.23:80
41.169.20.147:80
41.203.62.170:80
45.118.136.92:8080
45.161.242.102:80
46.35.75.225:8080
47.150.248.161:80
49.176.162.90:80
60.117.26.28:80
61.197.37.169:80
67.20.141.76:80
68.115.64.219:80
68.203.213.226:80
73.155.126.84:80
73.176.10.71:80
80.102.134.174:8080
81.169.202.3:443
82.240.207.95:443
84.9.167.76:80
88.247.144.128:80
91.73.223.130:80
95.7.221.205:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/01/emotet-c2-rsa-update-04-01-20-1.html

189.134.47.51:443
101.187.104.105:80
60.53.206.244:80
70.180.44.93:80
221.133.46.86:443
88.244.56.219:80
201.91.28.210:80
46.214.11.172:80
65.24.85.214:80
190.108.228.62:8080
124.150.175.133:8080
170.82.195.50:80

# Reference: https://twitter.com/ScumBots/status/1238427161482211328
# Reference: https://www.virustotal.com/gui/ip-address/77.72.131.69/relations

77.72.131.69:442
77.72.131.69:8080

# Reference: https://twitter.com/sysopfb/status/1245787828300234752
# Reference: https://www.virustotal.com/gui/ip-address/23.95.238.106/relations

http://23.95.238.106

# Reference: https://www.virustotal.com/gui/file/761287c60d47505b6d4bd079b49dd1ce3376217737c3aff8fd3daecdcc618e3f/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/e3b41c0d0834c0d5b121012fe9219529afaed899420d99bd3dba11f2c0a8810b/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01/behavior/Dr.Web%20vxCube

197.87.130.229:8080
216.137.249.154:80
106.243.65.250:443
98.191.228.168:990

# Reference: https://www.virustotal.com/gui/ip-address/118.167.155.233/relations

http://118.167.155.233

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/06/emotet-c2-rsa-update-04-06-20-1.html

152.170.222.65:80
84.79.142.51:8080
94.130.171.231:8080
113.52.123.226:7080
95.180.25.146:80
82.223.70.24:8080
186.188.152.177:80
179.127.59.210:443
91.73.197.186:80
137.25.7.112:8080
181.30.69.50:80
190.229.148.144:80
176.111.60.55:8080
209.151.248.242:8080
142.105.151.124:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/07/emotet-c2-rsa-update-04-07-20-1.html

201.213.100.141:443
87.127.197.7:8080
189.160.234.67:80
201.231.87.82:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/13/emotet-c2-rsa-update-04-13-20-1.html

67.235.68.222:80
110.145.101.66:443
93.147.137.162:80
137.59.187.107:8080
190.161.45.112:80
46.30.175.11:80
152.231.123.2:80
70.48.238.90:80
189.154.128.205:80
170.81.48.2:80
220.213.79.166:443
190.196.143.58:80
60.53.197.6:80
177.38.15.151:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/20/emotet-c2-rsa-update-04-20-20-1.html

68.44.137.144:443
114.145.241.208:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/30/emotet-c2-rsa-update-04-30-20-1.html

196.179.249.218:8080
85.94.81.18:80
193.80.169.64:80
78.12.27.172:80
132.255.227.134:80

# Reference: https://www.virustotal.com/gui/ip-address/103.38.12.139/relations

103.38.12.139:443
103.38.12.139:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/04/emotet-c2-rsa-update-05-04-20-1.html

195.76.232.114:80
85.94.170.73:80
186.188.222.3:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/11/emotet-c2-rsa-update-05-11-20-1.html

103.83.81.141:8080
95.216.118.202:8080
84.21.179.51:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/25/emotet-c2-rsa-update-05-25-20-1.html

162.154.38.103:80
186.226.226.116:80
181.92.244.156:80
41.215.92.157:80
190.47.227.130:80
213.60.96.117:80
79.45.112.220:80
153.133.224.78:80
140.207.113.106:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/01/emotet-c2-rsa-update-06-01-20-1.html

190.163.1.31:8080
190.19.169.69:443
190.144.18.198:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/15/emotet-c2-rsa-update-06-15-20-1.html

121.124.124.40:7080
24.1.189.87:8080
46.105.131.79:8080
186.223.86.132:443
207.255.37.143:80
37.210.166.214:80
75.139.38.211:80
153.126.210.205:7080

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/22/emotet-c2-rsa-update-06-22-20-1.html

190.111.215.4:8080
200.83.209.144:80
80.249.176.206:80
173.91.22.41:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/26/emotet-c2-rsa-update-06-26-20-1.html

46.49.124.53:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/06/emotet-c2-rsa-update-07-06-20-1.html

190.108.228.62:443
190.55.233.156:80
178.153.214.228:80
14.99.112.138:80
203.153.216.189:7080
61.19.246.238:443
41.169.20.147:8090
181.164.110.7:80
88.235.222.255:80
212.51.142.238:8080
91.211.88.52:7080
181.120.79.227:80
93.156.165.186:80
108.48.41.69:80
64.88.202.250:80
190.194.242.254:443
200.55.243.138:8080
217.13.106.14:8080
51.38.201.19:7080
81.2.235.111:8080
110.143.151.194:80
222.214.218.37:4143
139.59.60.244:8080
116.203.32.252:8080
186.250.52.226:8080
219.92.13.25:80
181.230.65.232:80
189.218.165.63:80
79.98.24.39:8080

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/14/emotet-c2-rsa-update-07-14-20-1.html

217.199.160.224:7080
186.70.127.199:8090
137.74.106.111:7080
109.117.53.230:443
109.74.5.95:8080
198.27.69.201:8080
58.153.68.176:80
181.129.96.162:8080
210.165.156.91:80
87.106.231.60:8080
181.134.9.162:80
104.247.221.104:443
95.179.229.244:8080
157.245.99.39:8080

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/20/emotet-c2-rsa-update-07-20-20-1.html

157.7.199.53:8080
124.45.106.173:443
74.207.230.187:8080
201.212.78.182:80

# Reference: https://www.virustotal.com/gui/file/a157a594207a18ada06373850abfce851648ff92ecf590b4539504ccd53c1354/detection

51.68.220.244:8080

# Reference: https://www.virustotal.com/gui/file/7aa1e0b8e78c3e0fd34f19b7398342d98216979a5a1ee19a5b89f83e4ce0fbbf/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/1514389b50f6fb2be1712fa470e2b5c9a7455697bc029ca211f944d8d3907228/detection
# Reference: https://www.virustotal.com/gui/file/dc4fa229a83ac9689fbbe7494d408c0806a769af5008df4ae6975b9e89a0c35f/behavior/Dr.Web%20vxCube

tan-shuai.com/wp-content/9j34284/
raioz.com/img/qngig44/
raybo.net/bemcadd/7307/
avendtla.com/tcuv/pd27/

# Reference: https://twitter.com/58_158_177_102/status/1284138503127699458

109.117.53.230:443
tri-comma.com/wp-admin/MmD/

# Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/

178.210.171.15:443
190.160.53.126:443
212.51.142.238:443

# Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
# Reference: https://app.any.run/tasks/765ea589-8b55-4031-818e-521840513ed2/

http://201.212.78.182
74.207.230.187:8080

# Reference: https://twitter.com/malware_traffic/status/1285664072814538753

124.45.106.173:443
198.144.158.120:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/28/emotet-malware-IoCs_07-28-20.html

190.164.75.175:80
212.231.60.98:80
76.27.179.47:80
70.167.215.250:8080
47.153.182.47:80
187.106.41.99:80
88.217.172.65:443
177.37.81.212:443
24.234.133.205:80
181.143.101.19:8080
177.75.143.112:443
78.189.111.208:443
67.225.201.19:8080
23.111.136.190:8080
181.113.229.139:443
195.14.0.12:8080
71.208.216.10:80
192.95.4.184:8080
201.214.108.231:80
209.182.216.177:443
179.60.229.168:443
95.9.185.228:443
212.156.133.218:80
177.73.0.98:443
83.110.223.58:443
24.43.99.75:80
71.50.31.38:80
191.182.6.118:80
144.139.91.187:443
190.163.31.26:80
189.1.185.98:8080
189.146.1.78:443
191.99.160.58:80
105.209.239.55:80
177.74.228.34:80
190.96.118.251:443
24.157.25.203:80
195.159.28.229:7080

# Reference: https://www.virustotal.com/gui/file/9b5ffb189c00d8a536848736e9cba2d4a71f8fba6f97d11867d677886b4a23e4/detection

http://47.146.117.214

# Reference: https://www.virustotal.com/gui/domain/foroanticorrupcion.sytes.net/relations

foroanticorrupcion.sytes.net

# Reference: https://www.virustotal.com/gui/file/6bdcbed80061d3b58f17759a2b932809c060a9a8b399dc92ee658ec5efd2d000/detection
# Reference: https://www.virustotal.com/gui/domain/deactivate.pw/relations

deactivate.best
deactivate.pw

# Reference: https://twitter.com/malware_traffic/status/1291168989108998146

204.197.146.48:80

# Reference: https://twitter.com/satontonton/status/1291723797528076290
# Reference: https://app.any.run/tasks/eb656a74-c0ba-4811-98e1-38a8cefaa70f/

http://47.146.32.175

# Reference: https://www.virustotal.com/gui/file/50d58ca2623e7fbbe3265bd78640c81fc3cb01a146c5630f656a18fc27e93c5e/detection

185.45.193.62:8080
216.239.32.21:443

# Reference: https://www.virustotal.com/gui/file/62fe71ddde725e4599889009d466a79b0de683d98a8490979b357732c18b79c6/detection

216.239.34.21:443

# Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection

http://24.249.135.121

# Reference: https://www.virustotal.com/gui/file/7c430fa3421e2ea8b9013a4b2d488c721f01245a353a6e93c9f57a99b99a1324/detection

http://198.57.203.63
http://78.189.60.109

# Reference: https://app.any.run/tasks/7e3113be-372a-40f7-9cde-6f32fa94d03a/

http://74.120.55.163

# Reference: https://twitter.com/papa_anniekey/status/1293103714136281095

focus123.mycpanel.rs

# Reference: https://app.any.run/tasks/412a6dce-5520-4e9e-8254-d42c0fff1bd2/

http://95.9.180.128

# Reference: https://app.any.run/tasks/13508623-0e52-4928-b905-46dc7a7ae037/

http://92.24.51.238
139.99.157.213:8080

# Reference: https://pastebin.com/raw/BPTTq6GH

107.185.211.16:80
96.8.113.4:8080
153.126.210.205:7080
47.146.117.214:80
104.131.44.150:8080
169.239.182.217:8080
95.179.229.244:8080
209.182.216.177:443
209.141.54.221:8080
5.196.74.210:8080
72.12.127.184:443
104.131.11.150:443
200.55.243.138:8080
116.203.32.252:8080
142.105.151.124:443
81.2.235.111:8080
74.120.55.163:80
167.86.90.214:8080
87.106.139.101:8080
37.139.21.175:8080
189.212.199.126:443
103.86.49.11:8080
203.153.216.189:7080
181.211.11.242:80
37.187.72.193:8080
41.60.200.34:80
139.130.242.43:80
181.230.116.163:80
109.74.5.95:8080
121.124.124.40:7080
114.146.222.200:80
157.245.99.39:8080
76.27.179.47:80
62.138.26.28:8080
24.43.99.75:80
93.51.50.171:8080
157.147.76.151:80
83.110.223.58:443
46.105.131.79:8080
119.198.40.179:80
79.98.24.39:8080
176.111.60.55:8080
190.160.53.126:80
183.101.175.193:80
104.236.246.93:8080
5.39.91.110:7080
74.208.45.104:8080
24.179.13.119:80
78.24.219.147:8080
50.116.86.205:8080
200.41.121.90:80
190.55.181.54:443
201.173.217.124:443
85.152.162.105:80
137.59.187.107:8080
152.168.248.128:443
95.213.236.64:8080
222.214.218.37:4143
47.146.32.175:80
110.145.77.103:80
70.167.215.250:8080
173.62.217.22:443
47.144.21.12:443
165.165.171.160:8080
62.75.141.82:80
47.153.182.47:80
87.106.136.232:8080
113.160.130.116:8443
185.94.252.104:443
168.235.67.138:7080
91.211.88.52:7080
204.197.146.48:80
180.92.239.110:8080
61.19.246.238:443
139.59.60.244:8080

# Reference: https://app.any.run/tasks/0a4c6780-43d1-4f2d-bc61-e2c74d604fc7/

http://174.102.48.180

# Reference: https://app.any.run/tasks/f8998e16-9781-4289-bd0f-fc346107935c/

http://176.216.226.44

# Reference: https://www.virustotal.com/gui/file/2cc2799a0f649e3f0d8bbfccd7f693a37a5a8def9094ae3f686169513d1d9ea7/detection

159.203.232.29:8080

# Reference: https://pastebin.com/raw/FUr39rYd

109.116.214.124:443
114.173.201.110:80
176.216.226.44:80
177.32.8.85:80
188.83.220.2:443
190.212.140.6:80
192.210.135.126:8080
197.83.232.19:80
201.213.177.139:80
203.117.253.142:80
207.144.103.227:80
212.93.117.170:80
24.233.112.152:80
51.75.33.120:8080
66.61.94.36:80
67.205.85.243:8080
69.30.203.214:8080
83.169.36.251:8080
85.105.140.135:443
88.217.172.164:443
91.222.77.105:80
97.82.79.83:80

# Reference: https://www.virustotal.com/gui/file/97095bd460f1f5204b572cd269f8c3a3e7e73302bcbaac05b3c0b106e2342f47/detection

201.171.150.41:443
219.240.39.215:443
81.198.69.61:80
94.76.247.61:8080

# Reference: https://www.virustotal.com/gui/file/e221dda5e172df72a7b9b605d2ffff5043219a3980adb5102825ee97e75ff423/detection

213.176.36.147:8080

# Reference: https://www.virustotal.com/gui/file/79fe6e1db7b6d43c9d290ccbfcc0d81127d7d366451e5c04c09980ffd352e388/detection

http://47.146.32.175

# Reference: https://www.virustotal.com/gui/file/3813928dd0bac12320f38a077ff89695a08c2b334b3d57fd37130ae2040b3842/detection

http://24.233.112.152

# Reference: https://app.any.run/tasks/ca298aef-0237-4f4c-9d4c-16e9ffa8d995/

http://186.109.104.67

# Reference: https://app.any.run/tasks/33208f2a-b475-4c87-a901-2c5ffc9931a1/

http://45.173.88.33

# Reference: https://app.any.run/tasks/dc65776b-ff73-45ee-89c4-34189aaafe80/

http://182.176.95.147
172.96.190.154:8080

# Reference: https://app.any.run/tasks/4ba4ab9b-664c-4817-b84b-a51f891637af/

http://82.163.245.38

# Reference: https://app.any.run/tasks/91f5641c-18d1-42b1-ba94-57a3aab3241b/

116.202.234.183:8080

# Reference: https://app.any.run/tasks/0b1c53d6-f7a2-4d10-964d-2d416abf2537/

http://162.249.220.190

# Reference: https://www.virustotal.com/gui/file/3eea9f7afe639ed32775963d6fae0261bd31b0927a8d21eb9cbcaadfe7633ae4/detection

poonamjoshi.com

# Reference: https://twitter.com/papa_anniekey/status/1289005683581435904

microclan.com

# Reference: https://app.any.run/tasks/9bc263f3-d30b-466c-9a9f-95121bd5606d/

http://94.49.254.194

# Reference: https://twitter.com/Jan0fficial/status/1297864705504092161

mj-web.dk

# Reference: https://twitter.com/Circuitous__/status/1298324692214919170

smileplz.com

# Reference: https://twitter.com/yungmay0/status/1298374886499508225
# Reference: https://app.any.run/tasks/6f234b9c-35dd-4659-be3c-f6ee6a6b1567/

pelayoacctg.org.ph
quanticaelectronics.com

# Reference: https://app.any.run/tasks/3f4cb411-b57f-4535-bf97-0123144a4081/

http://107.5.122.110
45.55.219.163:443

# Reference: https://app.any.run/tasks/7111f9b9-5357-4a91-850c-3471d257a016/

65.156.53.186:8080

# Reference: https://app.any.run/tasks/191b2189-4ab8-4085-a457-2b1e2aaf3dbc/

71.197.211.156:80

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-25-IOCs-for-Emotet-with-Trickbot.txt

185.81.158.15:8080
grzegorzkucharski.com
karaz-sd.com
king61tours.com

# Reference: https://twitter.com/seguridadyredes/status/1298903561724669952

http://176.10.250.88

# Reference: https://app.any.run/tasks/0c98e26c-ad79-46e3-b603-cd4f36470c69/

http://98.13.75.196

# Reference: https://pastebin.com/raw/QUeZ8m10

112.78.142.170:80
134.209.193.138:443
162.144.42.60:8080
172.91.208.86:80
184.66.18.83:80
188.219.31.12:80
190.96.15.50:80
207.144.103.227:80
212.93.117.170:80
217.199.160.224:8080
24.26.151.3:80
37.205.9.252:7080
54.38.143.245:8080
65.156.53.186:8080
72.167.223.217:8080
73.116.193.136:80
78.189.60.109:443
86.57.216.23:80
91.75.75.46:80
93.51.50.171:8080
98.13.75.196:80

# Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html (# Doc.Downloader.Emotet-9412146-0)

abcofcricket.com
reliancectg.com

# Reference: https://www.virustotal.com/gui/file/b59c25c29ded7dad9f0015a8ae0101c845220fc92ac6e0ecbc1c4ceaed70ac18/detection

http://173.94.215.84

# Generic trails

/ringin/
/meecpy20181/
/xian/
/s_w6_h2gc/
/o_wle6_cyuobdkxwm/
/3vzc_oj94_q3v42ns4nb/
/4ots_c9x_ty/
/cx8yyu/
/ofoJX/
/vXl0kcy/
