# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bokbot, icedid

# Reference: https://otx.alienvault.com/pulse/5fb042c8c8bc52fd36438c9d
# Reference: https://github.com/JR0driguezB/malware_configs/tree/master/IcedID

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html

efoijowufjaowudawd.com

# Reference: https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/

lik0sa1.com
nejokexulang.example.com
payfinance.net

# Reference: https://www.crowdstrike.com/blog/bokbots-man-in-the-browser-overview/
# Reference: https://otx.alienvault.com/pulse/5c99fb543acc7f5eb0e7e933

acquistic.space
ambusted.space
coultra.space
exhausines.space
exterine.space
haractice.space
hospirit.com
overein.space
parchick.space
portened.space
resurround.pw
segregory.com
stocracy.space
stradition.space
subsquire.com
tybalties.com
ugrigo.space
waharactic.com
yorubal.space

# Reference: https://twitter.com/James_inthe_box/status/1110564181021908993

mathedro.com

# Reference: https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/

zonefb.com

# Reference: https://twitter.com/malware_traffic/status/1123458651434434563

marakusta.at
saudienter.pw

# Reference: https://twitter.com/CapeSandbox/status/1123605348466741249
# Reference: https://cape.contextis.com/analysis/70719/

forsynanchyv.com
hipponexunam.org

# Reference: https://twitter.com/CapeSandbox/status/1121084063903821824
# Reference: https://cape.contextis.com/analysis/68966/

arguerns.top
extenterms.top
minental.top

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

37.59.68.215:443
goodinzone.at
mozambiquest.pw

# Reference: https://twitter.com/James_inthe_box/status/1136950895986429954

albarthurst.pro
hipponexunam.org

# Reference: https://twitter.com/malware_traffic/status/1147303805115162624

germakhya.xyz

# Reference: https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-two.html

albarthurst.pro
carlsbadenomise.top
chardiop.club
ethracial.pw
exchangests.xyz
forsynanchyv.com
goodinzone.at
hipponexunam.org
hydrylater.online
mechangerous.space
mozambiquest.pw
parenessed.icu
ransmittend.club
saudienter.pw
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/takerk734/status/1135955547310632960
# Reference: https://app.any.run/tasks/13d6d9f9-7033-4ce7-9ad4-76591f15274c/

http://195.123.234.12
http://95.213.217.139
http://54.36.218.96
185.143.145.90:443
maidcafeyoyo.fun
simbaooshi.space
summerch.xyz
wagenstead.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163512836930199552
# Reference: https://pastebin.com/rcwZmSu0

bumpsitting.pro
diplomainter.pro
duffered.pro
existination.pro
hahashow67.bit
pitfields.pro

# Reference: https://twitter.com/SoulRage6/status/1168171341998149637

casternsinc.com
casternsblog.com

# Reference: https://github.com/silence-is-best/c2db#icedid

memphase.com

# Reference: https://twitter.com/SoulRage6/status/1184141516534702081
# Reference: https://www.virustotal.com/gui/file/6f72987e323aa2d0a81c74e45851b62c1f415f703be20afb662748bc709f9361/detection
# Reference: https://twitter.com/JasonMilletary/status/1184201998381522944
# Reference: https://pastebin.com/vnwHadJk
# Reference: https://twitter.com/JasonMilletary/status/1190286207751733248
# Reference: https://pastebin.com/cz2HePMS

amongolia.com
bavariousltc.com
bhagavana.com
biorexis.top
builtitute.com
contrmved.com
corposted.com
coujtried.com
demonike.com
demonsoon.com
dioneras.top
eurobable.com
founddhog.com
honolfogy.com
jjanuatu.com
leonopic.top
lionerat.top
magnwnce.com
mastroga.top
memphase.com
molinaro.top
nopelrod.top
pidronog.top
piloresi.top
presifered.com
sacrecope.com
semistor.top
sheaffic.com
sheaffic.net
sheaffic.nl
sheaffic.org
tadpoleonilc.com
tidesore.top
wentinueqhcr.com
whyeelong.com

# Reference: https://twitter.com/OttoScav/status/1186356752406724609

gfthwards.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1187390560384049155

gfthwards.com
gfthwards.eu
piloresi.top
presifered.com

# Reference: https://twitter.com/wwp96/status/1189244489472319489

kbtseafood.com

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667
# Reference: https://www.virustotal.com/gui/ip-address/217.182.188.118/relations

217.182.188.118:443
demonsoon.com
emperimen.com
magnwnce.com
moreogramlfgt.com
orsement.net
orsement.org
resultiplrt.com

# Reference: https://twitter.com/malware_traffic/status/1068570263732789248

govenian.host
suprecien.host

# Reference: https://twitter.com/malware_traffic/status/1068281897346838528

freshwallet.at
labadegmc.com
listmyfloor.com
modelssohn.website

# Reference: https://twitter.com/pollo290987/status/996471190221983746

3200bpm.com
autozpolisy.pl
tagamol.com

# Reference: https://twitter.com/JR0driguezB/status/978937668921970688
# Reference: https://github.com/JR0driguezB/malware_configs/blob/master/IcedID/C2.txt

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://twitter.com/Paladin3161/status/1156867967260303360

bumpsitting.pro
heinless.pro
mainly.pro

# Reference: https://twitter.com/Paladin3161/status/1156632752260648960

diplomainter.pro
existination.pro
forsynanchyv.com
stalitic.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1194631881007910921

aginia.net
aginia.top
leonopic.top
nopelrod.top
sacrecope.com
telected.xyz

# Reference: https://twitter.com/stecar792/status/1194745611377135616
# Reference: https://pastebin.com/FhbU27vC
# Reference: https://pastebin.com/if2VpJJg

bhagavana.com
eurobable.com
leonopic.top
lionerat.top
memphase.com
mirkolkdb.com
mirkolkdb.eu
mirkolkdb.net
mirkolkdb.nl
nopelrod.top
pidronog.top
sacrecope.com
semistor.top
tadpoleonilc.com
telected.com
telected.eu
telected.in
telected.net
telected.nl
telected.one
telected.org
telected.tel
telected.top
telected.xyz
wentinueqhcr.com
whyeelong.com

# Reference: https://twitter.com/JasonMilletary/status/1177323562425815049
# Reference: https://pastebin.com/XF980VrW

bhagavana.com
biorexis.top
centrash.com
duffice.com
eurobable.com
fallium.com
gioredoh.top
kenoted.com
leonopic.top
lionerat.top
mamerona.top
mastroga.top
memphase.com
molinaro.top
nopelrod.top
pidronog.top
samioner.top
scatholics.com
semistor.top
tidesore.top
uniresio.top
vulcate.com

# Reference: https://twitter.com/JasonMilletary/status/1176934514414759936

genepbisulphite.nl
yavagumchewer.com

# Reference: https://twitter.com/JasonMilletary/status/1174026442100940800

eonopic.top
ionerat.top
ioredoh.top
mamerona.top
olinaro.top
samioner.top
uniresio.top

# Reference: https://www.f5.com/labs/articles/threat-intelligence/de-icing-icedid--decompression-and-decryption-methods-explained-?

ygrenevresed.fun

# Reference: https://twitter.com/CapeSandbox/status/1168607522795790337
# Reference: https://twitter.com/SoulRage6/status/1168171341998149637

casternsblog.com
casternsclub.com
casternsinc.com
casternssite.com
rankrns.com
staterns.com
webcasterns.com

# Reference: https://twitter.com/JasonMilletary/status/1197209873294999553
# Reference: https://pastebin.com/964KsuMx

bhagavana.com
dioleg.top
eurobable.com
fioure.top
goidiom.top
guiertr.top
hiolne.top
leonopic.top
lionerat.top
memphase.com
mirkolkdb.com
mirkolkdb.eu
mirkolkdb.net
mirkolkdb.nl
monerto.top
nopelrod.top
pidronog.top
riopwe.top
sacrecope.com
semistor.top
tadpoleonilc.com
tierton.top
tyuerse.top
wentinueqhcr.com
whyeelong.com
ziones.top

# Reference: https://twitter.com/JasonMilletary/status/1197541828402143233

37.48.83.137:80
37.48.83.137:443

# Reference: https://twitter.com/JasonMilletary/status/1197593565863518208
# Reference: https://app.any.run/tasks/30cb7b07-6cff-4ff0-88eb-e69c6d60397a/

berrydom.top

# Reference: https://twitter.com/Kostastsale/status/1199604381751988225
# Reference: https://app.any.run/tasks/b3f60bc6-c821-4921-b4e4-221e32b2d7e7/
# Reference: https://app.any.run/tasks/6e5996c2-81b1-45ac-bdd0-3ec9517608ce/

astenitral.club
desreona.top
gerrredona.top
nedisona.top

# Reference: https://any.run/malware-trends/icedid (Note: as seen on 2019-12-04)

dirosad.top
jikolis.top
monerto.top
ziones.top
tierton.top
ddos.dnsnb8.net
semistor.top
guiertr.top
tyuerse.top
thuocnam.tk
desreona.top
nedireob.top
gerrredona.top
nameseorin.top

# Reference: https://pastebin.com/ErESEBNy

herrasei.top

# Reference: https://twitter.com/killamjr/status/1203183444127354880
# Reference: https://www.virustotal.com/gui/domain/colonisfg.com/relations
# Reference: https://www.virustotal.com/gui/file/5cfbcfac6faea9055f9c7bebc1974aac0ec445f4d08900100b5a3a389ec02610/detection

colonisfg.com
derilopa.top
dezaredo.top
gerontos.top
netionax.top
seniorex.top

# Reference: https://twitter.com/luc4m/status/1204861411010207744

certifacto.com
beaderza.top
gertuko.top
hiperdom.top
modestog.top
nonedore.top

# Reference: https://twitter.com/malware_traffic/status/1208205022925860865

b99vxjju.com
jlb81hdvernon.com
v60yuuu1415.com

# Reference: https://app.any.run/tasks/5e1ba7ba-4a11-44d0-a80b-ea188041fd76/
# Reference: https://pastebin.com/higQqzwD

arkanacarszoom.pro
arkanacarszoom.red
arkanaways.pro
arkanaways.red
baberdon.top
bavariousltc.com
bavidopa.top
beaderza.top
berrydom.top
bilopans.top
biodeser.top
bladisuka.red
brekatrinado.red
carensod.top
certifacto.com
colonisfg.com
containerfirearms.com
copiresd.top
coridef.top
cowspidzu.pro
demandary.com
desreona.top
dioledoe.top
dioleg.top
dirosad.top
elabortin.com
exceptionalsanta.pro
fanisder.top
fidonau.top
fioure.top
foxitone.top
geropil.top
gertuko.top
giretona.top
golitope.top
goredoma.top
goresoin.top
herdomo.top
hiolne.top
hiperdom.top
hironmen.com
hovernor.com
jikolis.top
kololokoip.red
korendor.top
kuskusnamnam.icu
loperdon.top
manyloaddss.red
maredosa.top
maxikolo.top
modestog.top
monerto.top
moreogramlfgt.com
muratinue.com
nedisona.top
newyeardocs.pro
newyearfreaks.pro
nikolopu.top
nonedore.top
owspidzu.pro
piterdos.top
redilok.top
renaultarkana.pro
renaultarkana.red
resultiplrt.com
riopwe.top
rubonder.top
santaclausdriver.red
serkolo.top
sionerde.top
sisipiciliko.pro
skachkiiloady.pro
stata.link
succine.com
systemory.com
thrushmore.com
tierton.top
transityfade.pro
transityfade.top
viderson.top
vilokilofilo.pro
viterex.top
voperdom.top
xyuvuugadali.info
xyuvuugadali.pro
ziones.top

# Reference: https://pastebin.com/VniAbG5k

ecowis.com
exceptionalsanta.red
fmjstorage.com
happysantacows.red

# Reference: https://twitter.com/SoulRage6/status/1215259274055704577

letsgotopluto.best
plutomylove.monster
plutoisaplanet.best
plutomylove.monster
plutusforpluto.best
saveplutoplanet.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1215260222832463873
# Reference: https://app.any.run/tasks/47590dc6-e93a-49e9-b053-974230cf8d3c/

hillenincopenhagen.best
willenhillen.xyz

# Reference: https://app.any.run/tasks/36d30924-4064-4288-a4e3-bc3ea44bda3e/

venusplanet.best

# Reference: https://twitter.com/JasonMilletary/status/1227975671282118657
# Reference: https://pastebin.com/kVWnJkaC

4success8.pro
creativedevelopment.xyz
developme.best
fridgehealth.best
geminichair.xyz
imreherzog.xyz
kinuplayer.info
langlawer.pro
nasafridge.xyz
spacecable.best
starofporn.xyz
thefeelingsapple.xyz

# Reference: https://twitter.com/Paladin3161/status/1228359000359501824
# Reference: https://pastebin.com/GUGbsQxE

appleparkca.best
bigbonmax.best
firedoggy.xyz
laroshelle.best
stamptowns.best
stsseriesdilemma.xyz

# Reference: https://twitter.com/James_inthe_box/status/1228452446978002944

applethecompany.best
bulbulmeni.best

# Reference: https://app.any.run/tasks/e7fb661a-6968-4367-9cd4-2077419a702d/

jagerteam.top
bibliophil.club
happyhunters.pw
bibliophil.pw

# Reference: https://twitter.com/malware_traffic/status/1243645177245380610
# Reference: https://www.malware-traffic-analysis.net/2020/03/27/index.html
# Reference: https://app.any.run/tasks/16c7bbfb-1c6a-40be-a625-bf8bc870354b
# Reference: https://app.any.run/tasks/9f2e532c-24d9-42d5-9be2-7ce9a8920980

conceptinteriors.ae
karantino.xyz
pravizzillo.club
projectfatty.club

# Reference: https://sysopfb.github.io/malware,/icedid/2020/04/28/IcedIDs-updated-photoloader.html
# Reference: https://app.any.run/tasks/d092cd7a-3e1c-479f-93e0-6494e464f44e/

hxxp://45.147.231.107
customscripts.us
hinkaly.club
karantino.xyz
zajjizev.club

# Reference: https://twitter.com/malware_traffic/status/1256297802948399104

ghefgekil.club
obratapres.pw
smallhole.club
severeconditions.xyz

# Reference: https://twitter.com/James_inthe_box/status/1257418677760282624

knockaddress.xyz

# Reference: https://pastebin.com/vCfWusnR

lokolojazz.club

# Reference: https://twitter.com/SBousseaden/status/1258564579463921665
# Reference: https://app.any.run/tasks/c98c5585-ad28-4744-8156-476efa30674e/

turtlesfun.fun

# Reference: https://twitter.com/James_inthe_box/status/1262856956613554176

connuwedro.xyz

# Reference: https://bazaar.abuse.ch/sample/837f40c12fc476d81d0741da2ab0bc0ee5c9857fe9623f2dfa33fb9f9d20f6ce/

bividilli.xyz

# Reference: https://app.any.run/tasks/6b57fda7-dd83-44c9-a8d0-3befecb7c4c6/
# Reference: https://bazaar.abuse.ch/sample/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec
# Reference: https://www.virustotal.com/gui/file/df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec/detection

cryptocrio.pw
cryptocrio.top

# Reference: https://twitter.com/abuse_ch/status/1265989591628238848

3chickens.pw

# Reference: https://pastebin.com/bUzE4Df6

fordthunderbirth.site
gotofresno.xyz
luxcarlegend.top
nicebirththunder.cloud
poloturtles.top
robertogunez.xyz
totheocean.pw

# Reference: https://twitter.com/James_inthe_box/status/1268985862173257728

porkon3stuff.top

# Reference: https://twitter.com/Artilllerie/status/1270013362194219008

makindra.xyz
pohindra.best
prostokilo.top

# Reference: https://twitter.com/malware_traffic/status/1270158384738770951

trythisrandom.top
ziddat.com/registration.doc

# Reference: https://twitter.com/malware_traffic/status/1271588921168867329

musicapuntocero.com
wloppyload.top

# Reference: https://github.com/f0wl/deICEr/blob/master/README.md

boldidiotruss.xyz
nizaoplov.xyz
153ishak.best
ilu21plane.xyz

# Reference: https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware
# Reference: https://pastebin.com/Sz16iU57

2pillsofhunderts.pw
30miles.xyz
3chickens.pw
3glanzepages.top
antivarevare.club
antivarevare.pw
bavadivaclub.club
beradocolon.top
bividilli.xyz
bluekit.pw
bonwes.bid
bredretre.uno
carpetkisa.xyz
carztesla.xyz
chumocarz.club
citytrallbus.xyz
colocarantino.xyz
connuwedro.xyz
cosacasa.top
costacolonel.club
costamustero.pw
coucarachiz.top
cozyappt.club
crossbones.email
cryptocrio.pw
cryptocrio.top
cucumberz99.club
dayafterthe.xyz
dezisenkor.club
docccutime.xyz
emergencytoolz.pw
extraordinarycurc.club
fekilopol.xyz
feminization.xyz
fidelliware.pw
filacolonel.site
filacolonel.xyz
filteroggy.pw
fishmak.pw
flighfinder.xyz
flightslots.online
forwardnogi.pw
fredoferodo.top
frenchfries8.top
fullplainefares.club
gerenada.club
ghefgekil.club
gigakolors.club
glassyradua.xyz
goodcolonell.xyz
goodservers.top
groggypirogy.top
herekeder.best
hinkaly.club
instarobotics.club
karantino.xyz
kassadesada.top
knockaddress.xyz
knockdomain.xyz
loacorecoder.club
lokolojazz.club
menosmeno.best
millogorillo.top
nadalia.top
northdestrickt.top
oggytarakan.club
oggythecoucca.xyz
polymorphis.top
pravizzillo.club
pravizzillo.email
presserdresser.best
pyramide33.pw
pythonfinder.top
safebanktest.top
seguridadcolonel.club
sharedocar.xyz
siffersniffer.best
silkycow.pw
smallhole.club
stuffed8tomatoes.club
svaerossi.pw
testermeisterz.top
tourdayly.top
tryfreder.xyz
trythisone2.best
uxozhuki.pw
vereseptem.pw
vodkahater.xyz
withoutemblems.top
yahzdaje2.website
zajjizev.club

# Reference: https://twitter.com/ffforward/status/1275364648091557889
# Reference: https://app.any.run/tasks/f4945f71-1327-43d4-b948-326bcc730033/

khaliel.com/load/
loadthird.casa

# Reference: https://twitter.com/abuse_ch/status/1275526243404972034
# Reference: https://bazaar.abuse.ch/sample/921138bc2b28d01a51e6673c6e61ba3237592d08875180e0b3749d8e47fdfd6d/

germana-arad.ro/tds.php
redbrookconservatories.com/wp-content/themes/genesis/tds.php

# Reference: https://twitter.com/abuse_ch/status/1278373790054076417

ldrbasketball.net

# Reference: https://twitter.com/baberpervez2/status/1279177216249733120

lotusabloom.com

# Reference: https://twitter.com/James_inthe_box/status/1282793500325498881
# Reference: https://app.any.run/tasks/0a4d263a-75d7-4e10-8129-4b260141ebcf/

neptuneloadz.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1283450384061800453
# Reference: https://www.virustotal.com/gui/domain/ldrglobal.casa/relations
# Reference: https://www.virustotal.com/gui/ip-address/104.248.62.43/relations

ldrglobal.casa
ldrgreecehome.casa

# Reference: https://pastebin.com/raw/DZNj1XQ6

circleoccupy.best
ldrtango.casa
mramoritto.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1285210383557558273
# Reference: https://www.virustotal.com/gui/ip-address/157.230.17.102/relations

loadberlin.casa
loadprague.casa

# Reference: https://www.virustotal.com/gui/file/502268717d5b2e7c70d800f09daaebb861d0c05baf66f96f698215107bcf82d3/detection
# Reference: https://www.virustotal.com/gui/file/4794fc23f8b61badab67099a5f31ab20a1864a061fabd89d60695c5cefe2a29b/detection

citytrallbus.xyz
cluebullet.best
conspiracylegal.xyz
freekolobanga.top
kolobanga.press
mannycoder.top

# Reference: https://twitter.com/malware_traffic/status/1285669899696775175
# Reference: https://www.virustotal.com/gui/ip-address/178.128.195.34/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.105.198.105/relations

againstrocket.top
androsandro.top
blmfuck.best
blmfuck.top
changewinds.top
fegmetozza.top
helicopterstarted.top
italyvenice.top
newwildtuna.top
overthewater.top
plainlanded.top
shopunderwater.top
venicefood.best
venicefood.top
loaderprototype.casa

# Reference: https://app.any.run/tasks/d52f66be-14f1-47fc-ad3b-77c89c0e2b77/

loadhnichar.co

# Reference: https://pastebin.com/raw/bfTG05My
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.122/relations

betafrosner.best
foztrotalphatester.xyz
gigaholliver.top
iskuliokilo.pw
loadkanoe.casa
passiopersio.top

# Reference: https://pastebin.com/a5rqv7c7

ldrfoxtrot.casa
ldrvals.casa
loadproto.co

# Reference: https://pastebin.com/NvzmauW1

ldrgopak.casa
loadbudapest.casa

# Reference: https://github.com/tsale/Kostas_Yara-Rules/blob/master/Malware/IcedID_loader.yar

requiregreen.com

# Reference: https://twitter.com/0bfusCat/status/1243213416837402624

monoplanebis.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.174.65.224/relations

banconchle.live
blackbullhorns.pro
blackcowlegs.best
boldidiotruss.xyz
bullhorns.xyz
bullyhorn.xyz
cargoship.top
cargovan.top
colocalzz.xyz
daretohaveyours.xyz
freeclubcargo.club
freeshippingto.top
hornybull.best
landoffarming.xyz
landstorages.best
nizaoplov.xyz
propanballoon.club
propanballoon.pw
propanballoon.top
selectedship.top
servantstat.best
shalomgashish.best
shalomisrael.xyz
shalomshabatt.best
shishashalom.pro
sizhinpin.best
spinnertrousers.best
sportspotlandfarm.xyz
trustedcommand.top
venomnewsite.club
verticalzz.pro

# Reference: https://www.virustotal.com/gui/file/79723cbc2234e26aae3111b8c7b6711da68a46d01e5808598a1492e49c331f60/detection

mexicanfoodinmiami.pro
exceptionalsanta.pro
happysantacows.red

# Reference: https://twitter.com/0bfusCat/status/1209421391910645760

santaclausdriver.pro

# Reference: https://twitter.com/0bfusCat/status/1059084917756301318
# Reference: https://www.virustotal.com/gui/file/199351acf7947ed415f6b4ed0049757fba0b0111aed1cfc20030efebe5af5005/detection

alldo.club
office365.bit
specialnan.date

# Reference: https://twitter.com/reecdeep/status/1290260109260595200
# Reference: https://app.any.run/tasks/dbf04eb6-35c7-4a8c-b311-67f6ffc1b54f/

ldrflippo.co

# Reference: https://twitter.com/p5yb34m/status/1290408585273344001
# Reference: https://www.virustotal.com/gui/ip-address/134.209.191.228/relations
# Reference: https://www.virustotal.com/gui/file/677fd9bc5ee34b4e171897fc07082a7fa14854d2f881cd62a23cb0c2181fa240/detection

ldrneptuno.net
loadagent.casa
loaderclass3.casa

# Reference: https://twitter.com/James_inthe_box/status/1290773214520434690
# Reference: https://tccontre.blogspot.com/2020/08/learning-from-iceid-loader-including.html
# Reference: https://app.any.run/tasks/b4beb108-60c8-4ae5-8f7b-4f21ffa5da7a/

loadfreeman.casa

# Reference: https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+IcedID+Bokbot/26438/
# Reference: https://otx.alienvault.com/pulse/5f2d7028f25fbdc6daa1b016
# Reference: https://www.virustotal.com/gui/ip-address/94.100.18.58/relations

31goalsyaher.co
atalantaclub.co
juveperdhue.top
leaderfreeder.co
northkorisla.co
qazyaquanauti.co

# Reference: https://twitter.com/reecdeep/status/1292828204445696001
# Reference: https://app.any.run/tasks/59666532-c5e3-4080-9266-7812f337a104/

nothingtodo.co

# Reference: # Reference: https://twitter.com/p5yb34m/status/1292886770246225920

soldkorean.top

# Reference: https://pastebin.com/raw/Ye7MrSqV
# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.145/relations

debuggerhelper.top
discsnooker.best
felliohreffer.co
jallioradio.co
youmecube.top

# Reference: https://twitter.com/0bfusCat/status/1293218539684401154
# Reference: https://www.virustotal.com/gui/ip-address/159.203.184.41/relations
# Reference: https://www.virustotal.com/gui/file/d99c8340e0a0c65212465e36ea184e48b16136ccda77dcf2b2a0865b154f70c6/detection

accentio.online
boxeschannel.co
dassentrio.top
ulanudeo.online
zalkipamat.top

# Reference: https://twitter.com/reecdeep/status/1295399848569712642
# Reference: https://app.any.run/tasks/26ef48a4-c45b-48f3-8a63-c5b02f7467b4/
# Reference: https://www.virustotal.com/gui/ip-address/134.122.73.8/relations

loadlisboa.casa
loadofficer.casa

# Reference: https://pastebin.com/raw/4tgby2qV
# Reference: https://www.virustotal.com/gui/file/9ba8f41f73a563796c021dbe89d3bd9a8d3a2d0226425e43efc271536f5f376b/detection
# Reference: https://www.virustotal.com/gui/ip-address/165.227.41.66/relations

loadrome.directory
crypnotes.co
ghererrafleur.co
helindraold.co
hwakiraklir.top
mahindranew.co
staerfraer.co

# Reference: https://twitter.com/reecdeep/status/1295727323052945411
# Reference: https://app.any.run/tasks/c33bd52b-f56e-486f-9b7f-55ac112e8554/

firstava.top
fourthava.club
secava.best

# Reference: https://twitter.com/Unit42_Intel/status/1296500515065536515
# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-18-TA551-IOCs-for-IcedID.txt

apparatto.top
babafirst.top
babafourth.club
cheapoilz.best
mintrillion.club
musorru.top
rolifo23.top
thirdava.cyou

# Reference: https://twitter.com/reecdeep/status/1296809596351283200
# Reference: https://www.virustotal.com/gui/ip-address/138.197.137.215/relations

ballsinluza.co
ferhalirish.co
ldralfa.casa
ldrbeta.casa
ldrcharlie.casa
lifregal.co
snookermaster.co
spplohh.co
trazzhres.best
truckycustom.pw

# Reference: https://twitter.com/reecdeep/status/1300432198135418880
# Reference: https://twitter.com/reecdeep/status/1301159068279746561
# Reference: https://app.any.run/tasks/f3c7a321-bead-4914-b780-bd9e1dca32a2/
# Reference: https://app.any.run/tasks/f312482a-bf13-4f05-ac58-9bf0a91ef132/
# Reference: https://www.virustotal.com/gui/ip-address/64.227.95.68/relations

classified.best
customrecustom.top
deskofreserve.top
dissdoorg.top
explodevices.top
huhunadekil.top
ldrtugi.casa
niggpigs.best
piggyniga.pw
programmelexc.club
singleperson.pw
terminpolg.top

# Reference: https://www.virustotal.com/gui/file/2a9fe9fdc49ae22a691d027f721bab70a430136559b2207b528e905c390343f6/detection

195.69.187.86:443
93.189.149.176:443
ignorepairs.pro

# Reference: https://pastebin.com/QSqT99xJ

albarthurst.pro
ambiguing.net
anothese.xyz
answerved.net
bandstreat.pro
berlingbowman.pro
bugandonesis.club
camishniacing.pw
carlsbadenomise.top
centrastroyer.club
charactic.pro
chardiop.club
consequencycle.pw
contempty.club
demandymedes.xyz
dorentmeofts.com
egainvisit.pw
ettestinbalt.com
exchangests.xyz
forsynanchyv.com
germakhya.xyz
goodinzone.at
harbournal.club
hipponexunam.org
hornformance.pro
hydrylater.online
ichthererbob.org
ignorepairs.pro
importional.com
maiowforecto.org
massentern.pw
mechangerous.space
meiyardionsa.org
minoriticipal.pw
monkeyflowed.pro
mozambiquest.pw
murderinal.pro
parenessed.icu
ransmittend.club
rolescene.xyz
runethern.pro
seconominist.com
seeminism.pw
stimateurs.club
summerch.xyz
talogue.pw
teautotaillhurneg.org
therlanding.xyz
thracial.pw
thussailled.pw
tracroadsmendisan.org
tradication.pw
wagenstead.xyz
writtee.pro

# Reference: https://twitter.com/p5yb34m/status/1303408866483290112
# Reference: https://twitter.com/p5yb34m/status/1304108801860071424
# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.92/relations

eurisiuri.top
kilogoncha.casa
ldflipper.casa
ldfolkland.casa
ldklippers.casa
loadbejing.casa
loadgermy.casa
loadlondon.casa
loadnewjersey.casa
loadperventin.casa
loadseoul.casa
loadxiniang.casa
repofinlsnd.casa
sleepymaxer.cyou
vbikdemokk.casa
vloppiloker.cyou
zasudaproteet.casa

# Reference: https://twitter.com/reecdeep/status/1304051067093692422
# Reference: https://twitter.com/reecdeep/status/1304071658521669632
# Reference: https://app.any.run/tasks/c0d6f2fb-ad34-4ce8-9a87-ee2c9ac94055/
# Reference: https://app.any.run/tasks/0db6cb2f-b477-4e8a-8b7e-a7911fcfc8f0/
# Reference: https://www.virustotal.com/gui/ip-address/159.65.137.90/relations
# Reference: https://twitter.com/reecdeep/status/1305523915054354433
# Reference: https://app.any.run/tasks/2c48723a-6803-4f9d-a330-63d546408b9d/

9dayscitadel.co
biglosses.top
ldleadflip.top
ldrfatty.casa
ldrglass.casa
ldrplastic.casa
loadbiofill.casa
loadbooker.casa
loadhooker.casa
loadnavycomp.casa
loadspanny.casa
roofallkilo.co
waysoflibis.best

# Reference: https://www.virustotal.com/gui/ip-address/51.210.73.176/relations

fikilederes.club
ldjersey.casa
ldrapollo.casa
ldrglass.casa
ldrinsertion.casa
ldrpanel.casa
ldrporollon.casa
loaderooker.casa
loadflooker.casa
loadfrooker.casa
loadgooker.casa
loadsite2.casa
loadsite4.casa
pussiageorge.cyou
starterdewakilo.best

# Reference: https://pastebin.com/Z4kWrhSF

10hesadety.pw
85vumbut.best
asnerkifa.cyou
aspellino.cyou
bcertyuo.cyou
gastellino.top
hurmaniut.cyou
matrossinio.xyz
povoliporillio.xyz
zopenret.top

# Reference: https://twitter.com/malware_traffic/status/1304507387957608450
# Reference: https://pastebin.com/bRT1y6rv
# Reference: https://www.virustotal.com/gui/ip-address/68.183.47.194/relations
# Reference: https://www.virustotal.com/gui/ip-address/164.90.153.241/relations

budagent.cyou
castrovillage.cyou
daswerbworse.best
delegatoz.xyz
jheckler.top
malgs.best
patriwifecis.cyou
saqerisation.best
tatarovers.best
tizersincluded.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/134.122.55.164/relations

77hertykol.club
90nesokret.top
astrafrodo.asia
bcertyou.cyou
bettercontact.co
downdomino.click
examoplerevo.pw
ldrdropper.casa
ldrpaperkoz.casa
ldrpitcher.casa
ldrruble.casa
ldrshekel.casa
ldrstar.casa
ldruniverse.casa
loadgo2.casa
loadro3.casa
loadwe4.casa
trapotorio.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.158/relations

circleoccupy.best
corporotto.top
mramoritto.top
papuanewguinew.club
portivitto.top
slizilinno.top

# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.223/relations

loadwarsaw.casa

# Reference: https://www.virustotal.com/gui/ip-address/79.141.171.183/relations

allpikoloserdzwe.cyou
gaagachelo.cyou
obnaprimezert.cyou
odnovoennbundes.cyou
sipmptomsledy.top
sprbumazna.club
uragapediculez.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-20-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/161.35.148.20/relations

ldrplutos.casa
loaderoverlord.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-31-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/165.22.120.138/relations

ldrpolka.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-03-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/161.35.207.41/relations

houssio45.co
littlehomies.cyou
radicaltreppo.co
transferhouse.cyou
twoloftscats.cyou

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-14-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/89.105.198.114/relations

atombody.best
blholove.best
blholove.co
coverbeacon.top
cutbroken.club
lostinbush.best

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-20-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/104.131.13.31/relations

ldrfewa.casa
ldrgeo.casa
ldrnuri.casa
ldrpopi.casa

# Reference: https://www.virustotal.com/gui/ip-address/159.203.35.240/relations

gugafirst.top
gugasecond.cyou
ldrfohill.casa
womindo.co

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-27-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/89.105.194.231/relations

chinadedoing.best
feretraidsouth.cyou
musiciange.club
pommiopeo.cyou
rightsaqua.cyou

# Reference: https://www.virustotal.com/gui/ip-address/128.199.121.86/relations

balancesheets.pw
destroyerspussan.top
stryjerefer.buzz
swedenstats.best
tank50.top
xixoloadr.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-28-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/67.205.166.105/relations

dluizz.top
ldrloki.casa
nothingtodo.co
shammunani.top
situator.best
sleepstops.club

# Reference: https://www.virustotal.com/gui/ip-address/185.147.15.25/relations

kajakracer.top
sequoejak.club
statuator.pw
swedenstats.best
withmar.club

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-01-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/167.71.229.185/relations

gigacouckarach.xyz
ldrulmio.casa
piggyniga.top

# Reference: https://www.virustotal.com/gui/ip-address/159.89.226.226/relations

dissdoorg.top
explodevices.top
trazzhres.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-08-TA551-IOCs-for-IcedID.txt

loudnavycomp.casa

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-17-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/142.93.218.110/relations

astedolo.asia
ldrcantimo.casa
ldrearth.casa
ldrkrona.casa
ldrmercury.casa
ldrpanel.casa
ldrpeso.casa
ldrphound.casa
ldrporollon.casa
ldrspace.casa
ldrsuede.casa
ldrvenus.casa
vragafraga.beer
wertigohol.click

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-21-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/134.122.101.157/relations

10hesadety.pw
85vumbut.best
bcertyuo.cyou
doremifasol.online
likofedo.club

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-23-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/206.81.11.50/relations

andronicakopianz.top
assfingerz.club
droidattac.cyou
geraldiconews.cyou
spacerevodron.pw

# Reference: https://www.virustotal.com/gui/ip-address/46.101.10.119/relations

antologymaster.pw
headtroller.pw
lokopotio.pw
smavellpolia.cyou

# Reference: https://www.malware-traffic-analysis.net/2020/10/06/index.html
# Reference: https://www.virustotal.com/gui/ip-address/161.35.111.71/detection
# Reference: https://www.virustotal.com/gui/ip-address/91.235.116.132/relations
# Reference: https://www.virustotal.com/gui/file/58708f4f20813442260ac0983ad6edb8666c4173606debef497d546bec2b1a2a/detection

america2020.cyou
donmekyrm.top
figatrummpper.cyou
fikilederes.club
firstava.top
flathommy.top
holubicoklire.top
huliosmall.cyou
huntinglon.com
islandfighters.top
ldraccumuu.fit
ldrautos.fit
ldrcalifa.click
ldreuro.casa
ldrforce.click
ldrjersey.beer
ldrpeset.casa
loadbmw.click
loadgiga.click
loadmercedes.beer
loadpascal.asia
loadwater.casa
lobechess.cyou
placestostart.club
realparallel.top
rufepuksuka.cyou
sepneretyiu.cyou
softcornerz47.top
uzhokpidarok.cyou

# Reference: https://twitter.com/malware_traffic/status/1313952618948030464
# Reference: https://pastebin.com/raw/Dv6edvut
# Reference: https://www.virustotal.com/gui/ip-address/178.62.243.45/relations

donmekrym.top
grablihuiz.cyou
holubicoklire.top
obnulenush.cyou
sepneretyiu.cyou

# Reference: https://isc.sans.edu/diary/rss/26674
# Reference: https://www.virustotal.com/gui/ip-address/134.209.25.122/relations

huntysmally.top
jazzcity.top
ldrdifference.casa
ldrright.beer
loadfelicio.fit
loadmarcello.beer
smalleryurta.club
whiskeybravo.xyz

# Reference: https://www.virustotal.com/gui/ip-address/143.110.176.28/relations

minishtab.cyou
novemberdejudge.cyou
sryvplanrespublican.cyou
suddekaster.best
xoxofuck.cyou

# Reference: https://www.virustotal.com/gui/ip-address/104.131.38.173/relations

ldrengineer.casa
ldrk50.casa
sadawerty.link

# Reference: https://twitter.com/malware_traffic/status/1317238281554317313
# Reference: https://www.malware-traffic-analysis.net/2020/10/16/index.html

engisilo.best
likoncar.cyou
phauballistic.club
skrepamulan.cyou
weaponreich.pw

# Reference: https://www.virustotal.com/gui/ip-address/206.189.179.174/relations

japansoldat.asia
kommyplete.cyou
loadcuhel.beer
loadhelico.asia
rusoldat.click
smallplaces.shop
spaceprogramm.cloud
spehanemzu.top
zomboboxer.top

# Reference: https://www.virustotal.com/gui/ip-address/46.101.0.125/relations

americansoldat.link
anklavartefact.cyou
greerknees.top
ideaofplet.club
isolatedglobus.top
kleeslikreff.top
konzsered.best
ldrleft.asia
loadbombardier.beer
loadcessna.asia
loaddyna.fit
loadnelliko.click
ostiriozhio.top
qapoloki.cyou
seaforrest.asia
startcapital.top
vernerfonbraun.pw
voairtaxetion.xyz
wasserherehiller.club

# Reference: https://www.virustotal.com/gui/ip-address/159.65.114.23/relations

8mopazuredolit.best
couretplodaserq.cyou
familyfromforrest.club
fihokiliopo.pw
filopipilo.top
millogorillo.pw
mishagrisha.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-10-19-TA551-IOCs-for-IcedID.txt
# Reference: https://www.virustotal.com/gui/ip-address/68.183.125.188/relations

awemvngktyl.club
cowsmilky.top
defthebest.club
entroerdogany.pw
fishechi3.pw
fourblaizers.xyz
gigamazers.club
isolatedglubus.top
kolopoedre.best
kracherregimme.pw
luxcarlegend.club
pizzaeaters.top
posipako.top
reraspomonob.cyou
simpliefire.best
touchification.pw

# Reference: https://twitter.com/malware_traffic/status/1321211578113511425
# Reference: https://pastebin.com/raw/Szm0xFwr
# Reference: https://www.virustotal.com/gui/ip-address/188.166.82.172/relations

34ortiz.pw
bowlinglocombina.pw
careerquaterb.pw
dpvtrans.cyou
finulipor.pw
fodsijjire.cyou
hdfouter.pw
inforesuaremedown.club
maseratipirosh.top
mosquitollio.pw
nesutrebbe.pw
noviewnorussia.club
rivercoockinh.cyou
tsalkshower.cyou
tyrek87.cyou
wassilerepiom.top

# Reference: https://twitter.com/58_158_177_102/status/1321583599485820928
# Reference: https://twitter.com/58_158_177_102/status/1323420403277033472
# Reference: https://app.any.run/tasks/4e842de4-2dee-4f8c-ab25-d52a0c7bc4c0/
# Reference: https://app.any.run/tasks/2bbc6d3e-f0ca-42cd-8cac-f3af5296eea5/
# Reference: https://app.any.run/tasks/dbc926f6-eb68-43af-9a55-bc307b781754/
# Reference: https://app.any.run/tasks/deebf118-abe7-4ea5-9e33-81bce557d426/
# Reference: https://app.any.run/tasks/f64b9924-6022-428e-a0d7-4bd8ed3a3f01/
# Reference: https://app.any.run/tasks/8beff69c-0c5c-4ea2-9205-8b7ca7ade6f7/
# Reference: https://www.virustotal.com/gui/ip-address/167.99.248.130/relations

argentinocapuccho.cyou
covercinemo.club
detecvasquez.cyou
hobburussye.top
klopperflitter.cyou
konzsered.best
likrodetective.best
loaddyna.fit
loadhighertop.fit
loadrescuerer.casa
loadtwomoretimes.fit
ostiriozhio.top
papararazzi.cyou
redicilious.online
rekreations.cyou
voairtaxetion.xyz
zarubanonce.top

# Reference: https://twitter.com/MBThreatIntel/status/1321963911365586944
# Reference: https://www.virustotal.com/gui/ip-address/188.166.103.231/relations
# Reference: https://www.virustotal.com/gui/file/4d3c594e119e5137a2baafc1174d57b08f7b8bbd8e9116331abf8063837c0222/detection

anthekarabach.top
heredeire.xyz
loadpillar.casa
newbieshanna.pw
vesaporedik.club
zenit20112020.top

# Reference: https://twitter.com/malware_traffic/status/1323766476541775874
# Reference: https://pastebin.com/kHXmMhQQ
# Reference: https://www.virustotal.com/gui/ip-address/104.248.90.150/relations

0349ssss.cyou
3422jelle.best
9485pele.cyou
blokaddio.top
defeodallio.cyou
grekilioliplane.best
nawserty8.club
pelefootball40.best
quaddroporrte4.top
rewetiolo.xyz

# Reference: https://www.virustotal.com/gui/ip-address/46.101.7.77/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.245.106.220/relations

alotthinlayers.best
gridplates8.pw
loadatlantic.fit
loadhonda.asia
loadricky.fit
loadrover.beer
loadsite2.casa

# Reference: https://twitter.com/malware_traffic/status/1326680201208717315
# Reference: https://www.virustotal.com/gui/ip-address/143.110.191.95/relations

2018starnpz.cyou
2solovushka8.cyou
aerofighters.co
angarakolessi.top
anyactions.best
armanepozy.top
armennewerria.top
aslokodebillo.best
astrapresa.top
aswepori.club
awelipo7.club
awertyutilo.pw
balkimraklire.cyou
belowragi.pw
beradocolon.top
besoputinnioputa.cyou
bigconsequences.top
bomberfiller.cyou
budaberlin44.top
bulutuso.club
casadekilo.best
cderete.pw
ckkpuliopo.best
closeroads.cyou
conretullio.best
consistan.xyz
coshmaputuxuylo.xyz
dasikloti.club
daysarecommitee.top
ddekilocasa.top
defencesystem.xyz
defreind.best
deliveryeating.best
derivoclition.club
dilibobiol.top
dosyllitu.top
durkapsycho.best
eastzrada.club
fcbarca.top
fdelopoh.club
federesursy.best
fekoliture.cyou
fellazillio.co
ferekilocasa.pw
findscrinder.pw
firstpartmotor.cyou
fodsijjire.cyou
footbalgoalkeeper.club
footballillemarcelle.best
freekolobanga.top
freemonter.top
geliopeople.cyou
gelipeterria.cyou
gettokolo.club
ghosternew.casa
gigikilo.xyz
gliokisser.best
glovercasa.club
goblinsdown.top
goloploroto.best
hdfouter.pw
hilloritopo.club
hongkonger.best
hzlkfb.xyz
jacksonwennik.pw
jare4.pw
jeteame.press
jijikolo.uno
kileder8.cyou
klopoprigozh.best
kolobanga.press
ledasopiret.best
lezasopedrill.cyou
likercasserio.top
likoncar.cyou
malselsilo.pw
maseratipirosh.top
moldovsky.club
moldovsky.top
moneocurva.top
motordotor.cyou
multiplecities.co
nekillosa.co
nithingmore.top
northvietnam.top
nothingknown.co
novoport16045.best
nullnadum.cyou
oldeney.xyz
operswagner.club
panrights.pw
parrondon.xyz
passsmennelio.top
phauballistic.club
pipulosha.cyou
piska.win
plainia.xyz
polisyl.top
postsovok.cyou
prevampion.icu
rankaraoh.xyz
rasolpewsitr.club
recidiver.best
rerozvi.best
reshitixa.cyou
retainthecolour.co
revorevonove.pw
rurulukashi.pw
sanoradad.club
sillivilkous.top
skisliz.club
sositezaporebrik.top
stilstol.pw
stopfurusputo.cyou
swerlillio.co
tarabarov.online
transmissons.pw
trebletta.top
trolliroses.cyou
tyrek87.cyou
ultimatulebe.cyou
unodostres.top
uppernapitki.club
uralshuja.club
velocarsderev.co
vergilliostar.top
vesaporedik.club
villedasilpo.best
visiondesicion.casa
werikiloty.best
whiterange.top
winthebrit.pw
zaborder.pw
zedebobo.top

# Reference: https://www.virustotal.com/gui/ip-address/198.211.99.24/relations

12demuslims.top
aslokodebillo.best
besoputinnioputa.cyou
compactmuslimsdeport.pw
experrementummo.pw
jacksonwennik.pw
nomoremigration.cyou
timerdisclaimer.pw

# Reference: https://twitter.com/58_158_177_102/status/1329591778635235328
# Reference: https://twitter.com/58_158_177_102/status/1329591782519177218
# Reference: https://app.any.run/tasks/9a6231ad-313a-4dff-a22a-e087f99edbb4/
# Reference: https://app.any.run/tasks/383862d8-66f5-4de9-b013-1d99f8bde04f/
# Reference: https://www.virustotal.com/gui/ip-address/143.110.185.84/relations

deretter.club
futuduramatios.best
kamastos.cyou
kennethinstitute.xyz
lowbudget.top
marinesnotarmy7.cyou
rasolpewsitr.club
suitecasecourt.cyou
sweetporto.cyou
zoperawekil8.top

# Reference: https://twitter.com/reecdeep/status/1329761384842792961
# Reference: https://app.any.run/tasks/89819e81-b694-42d2-9cd1-fa0b8e6bd9c8/
# Reference: https://www.virustotal.com/gui/ip-address/159.89.6.165/relations

4tankers8.cyou
aweragiprooslk.cyou
formerglommer.best
linedefragmentatiom.best
psycotrest33.cyou
revopilte3.club
transferblog.top

# Reference: https://twitter.com/malware_traffic/status/1329934246249697280
# Reference: https://www.malware-traffic-analysis.net/2020/11/20/index.html
# Reference: https://www.virustotal.com/gui/ip-address/165.232.104.85/relations

agrivcultureintegra.club
coupper3.cyou
desinforma.cyou
emoposawe.cyou
okrufedikol29.club
plumbum44.cyou
realisationdelimitation.top
store4famly.xyz

# Reference: https://www.virustotal.com/gui/ip-address/161.35.152.178/relations
# Reference: https://www.virustotal.com/gui/file/26101626e9e57de6271161f6929922bdc46ba4c71a98161cebf4e3199b82e58d/detection

bolopedasrty.club
desatopillo.best
klopperflitter.cyou
m103tank.cyou
minerdorf.top
shermannlow.best
/laband162/main.php

# Reference: https://twitter.com/malware_traffic/status/1331259415022825473
# Reference: https://pastebin.com/BR3dZTNU
# Reference: https://www.virustotal.com/gui/ip-address/68.183.54.143/relations

9seeallcars.best
afromadness.club
astroglippers.club
billeriubin.club
crypetecranch.best
dawessigriggio.pw
dnaislatoler.pw
egedemaer.cyou
fuckingkremlin.pw
grabberputinoyd.best
initiativeuntimed.cyou
lawofthechanges.cyou
noagreforisla.pw
nonormsinsla.pw
oligophreneoligarchi.club
oxxoboats.top
pochkapechenka.cyou
proissvollio.club
reraspomonob.cyou

# Reference: https://www.virustotal.com/gui/ip-address/167.71.224.39/relations

0349ssss.cyou
100thdollars.cyou
1911drink.best
49vodysf.club
54asplane.top
9485pele.cyou
aretulopetega.cloud
asertuyo.pw
asskniferd.best
avilablehelp.top
colombosuede.club
colosssueded.top
decorunbelieveble.best
delokijio.pw
desertpw.pw
driverapmassive.pw
durablad.shop
evroparlamiko.cyou
falsivikirigizy.pw
fihokiliopo.pw
fufuarmenja.xyz
golddisco.top
gromhitputi.cyou
hotelindivire.cyou
jajaelecto.club
june85.cyou
kniferbellir.cyou
kultimulti.top
laskiopowert56.club
layerfatfek.club
miamia.club
millogorillo.pw
mishagrisha.top
netochstatic.club
olloterponeik.pw
pareomedeo.club
pelefootball40.best
propellerregis.top
rarejawelleryz.cyou
refakolun.best
ruwedolki.pw
selekilleque.best
servepeolor.top
shakerdrinker.top
stubbornbilo.xyz
supremecourt.cyou
tatataryk.pw
wasserwoman.top
wertigoterrio.online
wheelssp.top
yorkykukri24.top

# Reference: https://twitter.com/malware_traffic/status/1331720027188441088
# Reference: https://pastebin.com/raw/43E0C8w3
# Reference: https://www.virustotal.com/gui/ip-address/68.183.89.248/relations

aslopoer45.cyou
bonvemrt.cyou
desloporty8.top
ujkiol45.cyou
vopilo49.best

# Reference: https://www.virustotal.com/gui/ip-address/64.227.88.71/relations

21pointsframe.cyou
acci54.cyou
casaderassa.cyou
defillionew.cyou
fikolopore.cyou
froplays.top
winasession.cyou

# Reference: https://www.virustotal.com/gui/ip-address/37.252.1.57/relations

basebusebise.red
bseballpro.pro
countrylandlords.info
geroiconnect.info
kostafootball.info
kostanards.red
selefromeconnect.pro
simpletransit.red
successkali.red

# Reference: https://www.virustotal.com/gui/file/e5f928160acd53a19b7de681b32b61fb36e1a7b13e9e8c1f3b5be66bc36496b3/detection

embassyecuador.ca
executiveteams.biz
maelloussa.red
malumaricky.info
mekillomelloussa.info
raeggyricky.pro

# Reference: https://www.virustotal.com/gui/ip-address/188.127.227.76/relations

arkanacarszoom.pro
arkanacarszoom.red
arkanaways.pro
arkanaways.red
bezzuhikali.info
custommegane.info
indianfoodinmiami.pro
kalistands.info
kasialinia.info
koreanfoodinmiami.pro
kostaboxing.pro
kostacardsplayer.pro
landiscloudlord.red
landlordscloud.pro
malayanfoodinmiami.pro
meganrenaultforjoe.red
mexicanfoodinmiami.pro
renaultarkana.pro
renaultarkana.red
russianfoodinmiami.pro
serejitykaty.pro
sisipiciliko.pro
thaifoodinmiami.pro

# Reference: https://twitter.com/malware_traffic/status/1333485185841713157
# Reference: https://pastebin.com/x9iiCjGH
# Reference: https://www.virustotal.com/gui/ip-address/167.71.138.137/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.135.82.225/detection

1952warrior.xyz
8mopazuredolit.best
allthemeanings.top
asderator.cyou
azomorinno.best
crysys70th.cyou
fewboys.cyou
folopotress.top
heavytankmarines.best
kamastos.cyou
m41tank.best
marinesnotarmy7.cyou
middletankbattalion.club
morenthechief.xyz
oldaquafrsh.cyou
outgrade.club
rotapetek.cyou
symplyfireteller.best
t34tank.club
tatarinanaboskuto.cyou
woodenbruus.cyou

# Reference: https://www.virustotal.com/gui/ip-address/206.189.56.140/relations

8andmack.cyou
moviecastle.club
philadelphiagirl.top
rockercastle.best
wendi4kcash.top

# Reference: https://twitter.com/malware_traffic/status/1337471320339177475
# Reference: https://twitter.com/reecdeep/status/1337458646754729986
# Reference: https://app.any.run/tasks/6749761d-4922-4b3f-be99-609aae866aeb/
# Reference: https://app.any.run/tasks/95e1dda9-37a1-460e-9e46-e53d45194211/
# Reference: https://www.virustotal.com/gui/ip-address/188.166.88.45/relations

14katok.cyou
aluditos.top
awertino.xyz
berringheavy.best
cosmokosmo.best
djordanobruno.best
eastpomeranija.top
energydefrost.top
firstpetja.top
fislatriller.best
franciscointelle.club
glicolikop.best
holeretopolo.club
kastrillobromwich.cyou
killwaterkolonn.cyou
lockdowngunni.club
millipillio.best
milliship.top
modulbelongs.club
neasdutr55.top
neferetiti.top
pedezrkken.xyz
pilotflights.club
portugalloindostan.top
proorbital.best
razunimorep.online
retechnolodgy.top
rpoznahu.top
terpepillio.casa
tsarabsolutely.top

# Reference: https://www.virustotal.com/gui/ip-address/5.149.254.27/relations

fiscalclub.top
ottepel.biz
reshailam.biz
t3476.top
vollhafer.top

# Reference: https://www.virustotal.com/gui/ip-address/185.38.185.103/relations

chainoftheapril.cyou
localallcases.xyz
lukapedrilla.cyou
unproffesional.club
xilophones.best

# Reference: https://otx.alienvault.com/pulse/5fcf6bf143bf8362603727ec
# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.101/relations

80frontluzkher.xyz
bruzilovv.top
heavyselfartillery.best
killicher.best
kolotiloher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/139.59.101.19/relations

aviaaero.pw
likishino.pw
missigloves.best
orsibataan.pw
phillifighters.cyou

# Reference: https://www.malware-traffic-analysis.net/2020/12/11/index.html
# Reference: https://www.virustotal.com/gui/ip-address/161.35.57.202/relations

autohoffer.club
dorogaway.best
joelubber.shop
marcingranio.cyou
marzingranocny.top

# Reference: https://twitter.com/infosecfu/status/1337486196193243137
# Reference: https://app.any.run/tasks/edf32891-5b39-4673-9a25-e575c14a5aac/

manusderci.top
/weqre779/index.php

# Reference: https://www.virustotal.com/gui/domain/romelonda.top/relations
# Reference: https://www.virustotal.com/gui/file/68729a7f6faed84d68f85eeb04058d9f53271f30edc3c6585276e05f4f11ccaf/detection
# Reference: https://www.virustotal.com/gui/file/b112abf8ea2013cf70b5e32f0ac30a9aa938ddb3d3e3a71403afbb94a6a52ba5/detection

romelonda.top
/koreto937/index.php

# Reference: https://www.virustotal.com/gui/ip-address/178.62.242.234/relations

16centurys.cyou
balanseer.top
dastoperasder.cyou
duellolineup.top
fulofutobrille.top
newfleet.best
oldesttrjapka.cyou
oldmanner.cyou
portoweapon.club
rusishipbuilder.cyou

# Reference: https://twitter.com/infosecfu/status/1339238803475718147

perosink.top
zapachastillo.best
/kolpe100/index.php
/kolpe100/main.php

# Reference: https://www.virustotal.com/gui/ip-address/178.62.217.217/relations

10thevoliko.best
cameraoshkosh.cyou
heweruty.club
loadaroma.casa
vesaporedik.club

# Reference: https://www.virustotal.com/gui/ip-address/188.166.126.25/relations

chinadopiller.cyou
defliportor.cyou
dewallerion.club
januarydiscoverry.cyou
premierre.cyou
satiscropertio.cyou
tajkillo.best
worldofcdor.best

# Reference: https://www.virustotal.com/gui/ip-address/91.235.116.134/relations
# Reference: https://www.virustotal.com/gui/file/69d0511d19b40f86ccc004a5172b9b1d0978dbd2cba47800f0e690a0a9a074e5/detection

addyourplanet.pw
balticgrindex.top
balticpagesyellow.best
balticpagesyellow.top
baltpeople.top
besitxavier.best
bestspacer.pw
buygrindex.top
habanadash.top
hispanuredesk.pw
mermateria.cyou
moonwalkerz.pw
morganholes.cyou
nazifestivo.best
vellifilliok.best
vermaxt.top
vilnusgrindex.best
vilnusgrindex.top
williher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.170/relations

20yearsofhappy.top
2posutiu.top
3rasstrium.top
4closium.top
balticpagesyellow.best
balticpagesyellow.top
britford.top
bundesplumber.pw
chinalapsha.top
comherehlopp.best
deactivationlima.pw
dereferederefrost.pw
finderway.pw
firebrighter.club
fitterglitter.best
flightrewards.best
floppysyncty.best
forfillo.top
gigakiloframe.club
grrjeibneder.top
hidethetrooper.top
historyfireclose.online
ididallthis.best
kremlinpidar.pw
lokihiliilo.pw
patrium5.top
physicaldissapear.xyz
pilafirefighter.top
qwebrester.club
seattingiron.club
seculitura.top
severade.casa
sittingbytes.pw
sittingbytes.top
smokebreather.best
sportunism.xyz
tastition.icu
teoreticaldanger.pw
thesisted.icu
thoughout.icu
thyrstypup.best
topolanger.best
tyreprize.best
uxanlabchina.top
wassaby.cyou
weneedmiracle.club

# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.55/relations

alforitn.pw
asertigo.best
asrehillo.best
delkiolllo.club
ferejillo.top
inonumax.pw
planeplan.top
removember.icu
zarinnader.pw

# Reference: https://www.virustotal.com/gui/ip-address/188.119.149.77/relations

bluebook.pw
caserelation.top
demondedemon.cyou
deretopol.top
dogawaydered.top
flipperauto.top
followthemusic.top
glasssmoothest.best
gokaserilo.pw
hallfinaleuro.cyou
helopoderurban.pw
hillitrumper.cyou
inocontacts.top
istredestre.cyou
kylerdog.cyou
makeallbetter.top
march44redflag.top
maynotneed.top
molliksawer.cyou
okliogiokol.online
proig748vybo.cyou
rezultatexit.best
rossafloor.top
servethe.cyou
shiopwarrior.club
udarrihroup.top
uneslokutaz.top
unofighter.top
voiliwerty.best
wakeupearly.club

# Reference: https://www.virustotal.com/gui/ip-address/134.209.182.58/relations

bloadypupper.best
puppybloder.pw

# Reference: https://www.virustotal.com/gui/ip-address/161.35.10.43/relations

brillianto.pw
dramboldorritto.top
goulittioma.top
onixxyto.top
postifitto.top

# Reference: https://www.virustotal.com/gui/ip-address/68.183.147.106/relations

balticgrindex.best
filomante.top
grafomante.top
grepotufe.top
homelandjapan.top
hreopofreopo.top
japanmiduej.top
judgessur.top
myxel.best
myxel.top
pyxel.pw
pyxel.top
rigagrindex.club
rigagrindex.top
sedorozza.top
wedikolitures.top
weliomanter.best
weliomanter.top

# Reference: https://www.virustotal.com/gui/ip-address/165.22.27.128/relations

neffritto.top

# Reference: https://www.virustotal.com/gui/ip-address/159.65.117.225/relations

48greedstrocks.best
60stepsofhonor.club
andropsoshyls.top
asformeded.best
chinamania.cyou
controllerdoppler.club
countrysinger.club
crespofootball.best
disgerdefer.club
dominotopper.top
draggerbreather.top
flemmingyogan.top
icehockeyplayer.best
loadcaramboll.top
loadpool.top
loadsnooker.top
lovemesong.cyou
minutemanner.cyou
neverminded.club
playedwilliams.cyou
plockerdocker.top
prokladvpsder.cyou
protorilla.best
rebuilder.cyou
respondishot.cyou
shotofframe.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.156/relations

boatergrip.top
carduirtitor.top
equipmentkess.top
felixheater.top
footlegger.cyou
gigafilliopot.pw
gilotriatior.top
halfkilo.uno
hereandnow.uno
heroimonroy.xyz
kissavorob.best
klopolopo.co
kompozitt.club
lagunaway.top
miracleisnearby.pw
mostuiretitor.top
planeplan.pw
planoftheplane.best
pullhimoutrightnow.top
rebondianer.top
responsekesson.top
shitdownout.top
sorryworry.pw
spacefutures.club
tangodelfuma.club
tangodelfuma.top
thurstygrep.club
vosshodo.best
watercityv.top
williher.buzz

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.203/relations

45hlopokk.cyou
75meterspenny.best
agreemanrajon.top
analogrostter.cyou
asnuternou.top
aspertilo.pw
astrogonk.top
bennansouth.best
boltwinelter.top
caloporedeiuy.top
chinaamer.co
closeddoors.pw
confliccto.cyou
coopergordon.top
dasaewqaz.pw
destroycruiser.cyou
dewardsdom.top
doprorayny.best
efficientsys.cyou
eishtoss.best
ekipueqe.best
englishjill.top
factoryoccupied.pw
faloppoitu.best
fifthorange.uno
fluckservlet.cyou
gasopenuty.cyou
grabberuno.top
greattemple.cyou
greedyserver.cyou
gregoryhaskey.top
harderpytok.cyou
headcaliber.top
hillerfloppy.best
hongcontrol.best
hrenuevo.top
huilojilo.pw
instadomain.top
integrproject.pw
internalchanges.cyou
kinginoffrance.best
kirewefere.club
kissmobo8.top
krachemore.cyou
lieinthecourt.xyz
litiernode.cyou
longnerrion.cyou
lunat.top
mihabrexa.top
newskrefake.top
niiloporef.top
notoseeing.top
oppponaval.pw
plantstopped.top
politicosite.top
quantummilio.cyou
racerasismus.website
rumeokilobravo.top
saintplaces.top
sellehopolo.cyou
semiofficial.pw
shepperdhlino.top
shopunderwater.club
sincotul.top
socialexpert.top
startluna.club
strangekidnapping.cyou
stratergoicour.club
threefili.cyou
tuksvata.cyou
whiteclub.uno
zipperpocket.cyou

# Reference: https://www.virustotal.com/gui/ip-address/128.199.46.99/relations

250krmilvod.xyz
dnatamdere.top
filopipilo.top
kravynolu.cyou
lostciviliz.top
mustangleverage.top
nikushotomo.cyou
reerwheels.top
singlepizza.club
vladygoofy.top

# Reference: https://www.virustotal.com/gui/ip-address/209.97.178.88/relations

344povja.cyou
docotorre.pw
ecodeberzew.best
eurospirtus.pw
kilokubok.best
klopwedir.pw
longprjob.xyz
modellomatematico.pw
novemberpanda.pw
profitdolores.cyou
shmellioretry.pw
spiritusprom.cyou
stationoxxy.club
valueimporto.xyz

# Reference: https://www.virustotal.com/gui/ip-address/68.183.92.152/relations

damagedhelicopter.top
destrickthelio.top
niggazilla.best
niggazilla.top
vtaplanes.top

# Reference: https://www.virustotal.com/gui/ip-address/64.227.48.220/relations

2001williams.best
defreabral.top
ldfranny.top
ldnails.casa
ldrsitting.casa
ldwikita.casa
loadgranny.top
loadhorit.casa
olleggiomuch.cyou
pollogreffi.cyou
sewellia.top

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.201/relations

100ranhut.casa
12herruio.cyou
areadati.site
assficioklo.cyou
dewellerfive.top
grabberderekilo.cyou
hulioferere.cyou
hunlokiol.best
koliokilio.cyou
lukapidarillo.club
oppokandida88.top
paratraxer.cyou
poloplayerrin.cyou
poreadse.cyou
qafewillian.cyou
qwellerz.cyou
redavenue.pw
redstreet.pw
rewrite.best
selicawand.cyou
susiporo.top
utochkafes.cyou
vemenadra.cyou
vilnovlada.top
wasalerfourth.top
wenjalutto.cyou

# Reference: https://www.virustotal.com/gui/ip-address/142.93.192.37/relations

carantinium.top
jaredetiuo.top
kaiffero.top
kvazideruptura.top
rfparasha.top

# Reference: https://www.virustotal.com/gui/ip-address/128.199.1.118/relations

docktorthird.top
rooferfirst.top
troopersecond.top

# Reference: https://www.virustotal.com/gui/ip-address/161.35.15.124/relations

1208272020.club
daswerty.uno
folokihuradio.top
gibbelspidar.top
kloppertrainer.top
niochem.cyou
patokolsti.cyou
pechedesilla.top
pooltrap.cyou
rebuild.best
redraw.best
saliopok.cyou
sdarrinutulopo.club
suxirakili.top
tesfrentu.club
tixoluka.top

# Reference: https://www.virustotal.com/gui/ip-address/178.62.41.69/relations

asdeliocarlo.uno
australiatrible.best
australiatrible.top
bremenmusician.best
chinatrible.best
chinatrible.top
genry50years.top
motorscollege.top
racerflawer.top
racinghills.top

# Reference: https://www.virustotal.com/gui/ip-address/161.35.29.30/relations

killerturbo.top

# Reference: https://www.virustotal.com/gui/ip-address/5.39.222.254/relations

antiquepariss.top
fresnoviews.top

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.104/relations

fortunefish.best
millitower.co
ollorett.cyou
pzawert.best
sillimotor.co

# Reference: https://www.virustotal.com/gui/ip-address/194.113.34.204/relations

centralliniom.best
dictatnotwin.cyou
idolszillo.club
inrinterest.cyou
mountlunnar.top
naryty.top
nylonwhell.xyz
pillermarket.club
steelmoker.xyz
suverenguardia.pw
varetoukolit.club
wheelformforsu.top

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.247/relations
# Reference: https://www.virustotal.com/gui/file/41d94230aaaff4d4b14233efaf0f106bff0519ac0c5420bf46d3210c33cb3e27/detection
# Reference: https://www.virustotal.com/gui/file/644ce7b8b00378237f12523c452bd0177390d43dc392bf6f679e49dfcfb4338f/detection

glostercrabs.top
placeishidden.best
speedyarmyjp.top
tunahunters.top
westportmorsby.best

# Reference: https://www.virustotal.com/gui/ip-address/94.100.18.53/relations

placeishidden.top

# Reference: https://www.virustotal.com/gui/ip-address/194.187.249.152/relations

allthereal.top
