# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: zeus, zbot, vmzeus, citadel, zitmo
# Note: https://securelist.com/android-security-suite-premium-new-zitmo/33088/ (Zitmo is the Android variation of Zeus/Zbot)

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=GODADDY.COM,%20LLC

aefalcon.com
9virgins.com
lincolnkaraoke.com
vegantravelshow.com
roanmtbb.com
oycservicios.com
milkworks.org
prtscrinsertcn.net
toolsathomes.com
dphcustompins.com
bocaautocenters.com
tronuprising.heliohost.org
links.heliohost.org
bilbobaggins.comxa.com
danislenefc.info
sslsam.com
bots.configbinbots.info
joejdbjrmrkklfnmf.usr.me
z3us1.z-ed.info
kesikelyaf.com
felanco.heliohost.org
circleread-view.com.mocha2003.mochahost.com
resr.configure.8c1.net
server.bovine-mena.com
google.poultrymiddleeast.com
ice.ip64.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=ENOM,%20INC.

ozowarac.com
luenhinpearl.com
wayufilm.com
zetes.vdsinside.com
poolkingsthailand.com
me404.net
escuelanet.com
stats.lead.mysitehosted.com
hotelavalon.org
branchtist.com
spartanr.5gbfree.com
leon10.5gbfree.com
kraonkelaere.com
indongsang.com
lion.web2.0campus.net
lifeisgoodwhenu2.info
warriorinjapan.hostjava.net
wor6.b6dfnahea.ns2.name
mxstat230.com
yamleg.fu8.com

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=Namecheap

shadowraze.pw
speroni.pw
cryptmyexe.pw
dominoziele.pw
u8781a21.pw
japanparts.pw
waserazer.pw
martex-rybnik.pw
foxmanwer.pw
ohimmades.pw
ryuitaqw.pw
blogerjijer.pw
serverjainpangwang.pw
debservers.pw

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=R01-RU

bqtest2.ru
cd31411.tmweb.ru
jacoblanderville.myjino.ru
kadastr89.ru
islenpiding.hotmail.ru
natlalirans.hotmail.ru
dileconme.hotmail.ru
pharirgatic.hotmail.ru
imamnhearte.hotmail.ru
naaninggeschcho.hotmail.ru
rarabarnfi.hotmail.ru
gyodundena.hotmail.ru
ya-aaaa123123.myjino.ru

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=PDR%20Ltd.%20d/b/a%20PublicDomainRegistry.com

iphoneservisci.com
christianwomenpc.org
rajrainwater.org
mersinescortbayanlar.org
bppkbsulsel.com
franka.in.net
markhousecm.com
chhathpuja.com
cooldomainname.ws
gjiayimeiya.com
xclones.in.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=R01-REG-FID

bright.su
bitters.su
turkeyhotelnoslafas.su
angryshippflyforok.su
nonstopeddanceraz.su
pedropedreiromoxik.su
beatyhousesupporte.su
rsslessons.su

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=SHINJIRU%20MSC%20SDN%20BHD

cennoworld.com
classicalbitu.com
eresimgbo.com
emailsclient.com
micheal766.info
hillalala.com
yahoo-action.com

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=ERANET%20INTERNATIONAL%20LIMITED

depolakoeasre.pw
bolerakopsoa.pw
doratopelase.pw
samoniklo.pw
delaponitan.pw
slivoratikam.pw

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=TUCOWS%20DOMAINS%20INC.

demexsoft.com
blog.raw-recruits.com
burrinsurance.com
pfengineering.com
lonsmemorials.com
bbwscimanuk.pdsda.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=WEB%20COMMERCE%20COMMUNICATIONS%20LIMITED%20DBA%20WEBNIC.CC

domifondery3d.com
domifondery.com
securetestingnetwotk.com
littwronthath.net
hope-found-now.net
jangasm.org

# Reference: https://plot.ly/~vkremez/17

actualmove.ru
aflar.ru
alaska2russia.ru
almazdental.ru
atmape.ru
baims.ru
bbumn.ru
bitcoin-send.ru
blesslifelove.ru
bqtest2.ru
brr-21.ru.shn-host.ru
cd31411.tmweb.ru
cogoda.ru
danbeta.ru
dileconme.hotmail.ru
dozybrown.ru
eddw.ru
endnra.ru
fitytrade.ru
fx45.pp.ru
genmjob3.ru
geopryce.ru
goa-inf.ru
gyodundena.hotmail.ru
hjsahdjalsudioaso.ru
imamnhearte.hotmail.ru
islenpiding.hotmail.ru
jacoblanderville.myjino.ru
junniper.mcdir.ru
kadastr89.ru
lebedev30.ru
legitvendors.ru
lifestyles.pp.ru
lifestyles3d.ru
love.saleb.ru
lucoilosa.ru
madunixxx.ru
mcbt.ru
naaninggeschcho.hotmail.ru
natlalirans.hotmail.ru
now-work.ru
olwwe.ru
onlyl.ru
panorama-otel.ru
pharirgatic.hotmail.ru
platinum-casino.ru
pnmmn-cyvbiqzbe.ru
rarabarnfi.hotmail.ru
rich11ds2015sqr.ru
richus.ru
s888for.ru
sp4m.ru
tosyisha.ru
u0003321.cp.regruhosting.ru
ulogroup.ru
uralviolet.ru
viose.ru
vz81757.eurodir.ru
warfacebest.ru.swtest.ru
changeexchange2.ru
eroconlia.ru
luxkupe.ru
ruyacafe.net
tvergeneration.ru
zvenigorodskoe.ru
ya-aaaa123123.myjino.ru
zabava-bel.ru
zhyravlik.ru

# Reference: https://www.malwaredomainlist.com/forums/index.php?topic=2207.1255;wap2

zxjfcvfvhqfqsrpz.onion
zxjfcvfvhqfqsrpz.onion.gq
zxjfcvfvhqfqsrpz.onion.lt
zxjfcvfvhqfqsrpz.onion.cab
zxjfcvfvhqfqsrpz.onion.city
zxjfcvfvhqfqsrpz.onion.direct
zxjfcvfvhqfqsrpz.onion.link
zxjfcvfvhqfqsrpz.onion.nu
zxjfcvfvhqfqsrpz.tor2web.fi
zxjfcvfvhqfqsrpz.tor2web.blutmagie.de
zxjfcvfvhqfqsrpz.tor2web.org
zxjfcvfvhqfqsrpz.tor2web.ru
zxjfcvfvhqfqsrpz.tor-gateways.de

# Reference: https://www.virustotal.com/en/file/0663c151e7107e6d5378ecba52753f78ad50761ac6e32b63b95172dc840a1225/analysis/

aa.jn43d.su
ds38dks.net
tmp87.jn43d.su
tmp90.edns.su
tmp32.dns-free.su
c19h7.no-ip.su
fp-mk.net78.net
tmp21.dnsx23.su
tmp19.dns71.su
tmp12.dns-top.org
d65g.dw7g3.dns-free.su
d65g.dw7g3.dn3gwe.su
d65g.dw7g3.dnesa343.ru
d65g.dw7g3.dndfr44.su
d65g.dw7g3.d33jd.net
d65g.dw7g3.fefg934.info
d65g.dw7g3.46hf44.tv
d65g.dw7g3.dnrrrrrrrr.xxx

# Reference: https://www.threatcrowd.org/malware.php?md5=1ccde9e8e2599f7423ec0334013ef0c7

xdns.su

# Misc.

c19h7.no-ip-free.su
d65g.dw7g3.dns-free.su
ds.fdlo1.su
tmp19.dndddew1.su
tmp19.dns71.su
tmp21.dnsx23.su
tmp32.dns7free.su
tmp33.djuika.su
tmp33.dnsm2.su
tmp47.xdns.su
tmp90.dnsm2.su
ujn.sdf439.su

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html

blessedgroup.biz

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

neosz.org

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

www.crossatlantictrades.info

# Reference: https://reaqta.com/2018/09/global-malware-campaign-using-zeus-panda/

http://85.204.74.107
http://89.18.27.143
http://89.18.27.221
http://95.141.36.106
http://95.181.178.216
aanvraag-ing.nl
abnamto.com
adobeflashupdater.net
american-express.site
american-express24.com
apple-activated.com
apple-inc-server-icloud.com
apple-ins-server-icloud.com
apple-ituens.com
apple-ltunes-ios.com
appleid-find-usa.com
applessl.info
bdv4cc9rub.net
blochhain.com
blockchaiw.info
cibconline.cibc.com.ebm-anp.com
clickara.com
cloudflore.cc
colobinar.com
conectlo.qt
conishiret.com
disbanist.com
elementaleios.win
elementalelib.space
free-etherwallet.com
freeflysky.tk
gegirtan.com
gemendoloma.top
google-cloud.pw
gorevoin.com
gov.0.56v.us
guardnet.review
iban-abnamro.nl
iban-ing.nl
iban-marktplaats.nl
iban-rabobank.nl
icloudip-itunes.com
ielectrum.info
imap.em.gmailssdf.com
imap.maill.clintonemailhearing.com
lelectrum.com
lloyds-online-banking.verificaiton-stamp-online.com
maferdola.top
magentotoolset.com
mail30.power-gt.com
metrobanakonlline.com
mijning-ssl.info
mijning-ssl.nl
minotaris.com
mongovaca.win
nodertoma.top
polessdo.com
polinodara.com
power-gt.com
ppnl.info
procrd.pro
prosalesservice.com
sitergenis.com
sobentera.com
staticball.com
sucursalesvirtuales.at
sucursalvirtualpersonas.at
ukogono.top
verificaiton-stamp-online.com
vigerentis.com
waser.ml
worontau.top

# Reference: https://twitter.com/Bank_Security/status/1039211385752875008
# Reference: https://otx.alienvault.com/pulse/5b968a18fd673805822ff806

bizercise.top
cremedesoins.top
disithedtse.com
gaswanted.top
nauseorofte.ru
theeunload.website

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Zbot-6681657-0)

grandesupport.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1045564495723188225

94.102.60.144/1/gate.php
94.102.60.144/1/screenshot_gate.php

# Reference: https://twitter.com/r00tninja/status/1043978633558347777

wxyxgpescui4qpmc.onion

# Reference: https://twitter.com/blackorbird/status/1140519090961825792

br1vo.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-07-zbot-botnet-steals-thousands-credentials/zbot-botnet-steals-thousands-credentials.csv

merdekapalace.com
vodrasit.su

# Reference: https://twitter.com/James_inthe_box/status/1186291866511147008
# Reference: https://twitter.com/P3pperP0tts/status/1186565131829948417

baloobafoudanitojahdge.space
godisonourside5.store
molanounakomllbsedfrtee.xyz

# Reference: https://twitter.com/ChrisPSecc/status/1059374450100109313

foxbeagle.com

# Reference: https://twitter.com/James_inthe_box/status/1190320241139564544

ac-cofan.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html (# Win.Packed.Zbot-7364099-0)

alnisat.com
jagalot.com
myadvsit1.com

# Reference: https://www.virustotal.com/gui/ip-address/185.70.184.88/relations

http://185.70.184.88

# Reference: https://www.virustotal.com/gui/domain/appareluea.com/relations

appareluea.com

# Reference: https://viriback.com/30-days-later-97-panels/

nsdic.pp.ru
dtron.gdn

# Reference: https://www.virustotal.com/gui/file/0f799184fc1d6912469a26fc1c60e0f3f7fa4f9ef172f77d791911200168ee84/behavior/VirusTotal%20Cuckoofork

bonton.by

# Reference: https://www.virustotal.com/gui/file/eda6b09b87f893c7940219e19c2aa1ae1a4e0c9d07af13c4cedb9bd4ecc7cdda/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/4e8d523f1c48f606a42a25a7ebacedc0747da860bfef6a489dfe6f3b72eb7762/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/34c3e4f184b2b2551988e97941cc5aafaf9ad9bb47e03e35b4a6951a9ec502dc/behavior/Dr.Web%20vxCube

http://31.220.2.120/~bulblgh1/

# Reference: https://www.virustotal.com/gui/ip-address/185.170.43.187/relations

/ibbcgcwbrsghsovq/gate.php
/lgdrxgsorgvanizl/gate.php
/rnbqjgjxyqonejhm/gate.php
/wjsjltaipbnypilx/gate.php

# Reference: https://www.virustotal.com/gui/ip-address/167.114.89.205/relations

bemybooter.eu
edmundgroup.tk
emeonlineinc.com
estebantrejos.com
freetool.tk
partchecker.info
skmineinc.tk
swatt.me

# Reference: https://securityintelligence.com/posts/zeus-sphinx-back-in-business-some-core-modifications-arise/
# Reference: https://www.virustotal.com/gui/ip-address/185.236.203.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.63.159.168/relations
# Reference: https://www.virustotal.com/gui/ip-address/109.94.209.66/relations
# Reference: https://www.virustotal.com/gui/file/e3932ab83bc05de2e91d321c4d479ff1aa3d10fdbd91e1687c80cc0ec88270e8/detection

choksaiiwkokskkall.info
dasifosafjasfhasf.com
dsdjfhdsufudhjas.com
dsdjfhdsufudhjas.info
dsjdjsjdsadhasdas.com
fdsjfjdsfjdsdsjajjs.com
fdsjfjdsfjdsdsjajjs.info
fdsjfjdsfjdsjfdjsfh.com
fdsjfjdsjfdjsfh.com
idisaudhasdhasdj.com
idisaudhasdhasdj.info
infinitydeveloperspes.info
jdafiasfjsafahhfs.com
kasfajfsafhasfhaf.com
kdsidsiadsakfsas.com
oajdasnndkdahm.com
unverifiedintigoosjai.info

# Reference: https://www.virustotal.com/gui/file/cdd21d133862b336d6e9f6023cabc8624f2dfe78b4060e22bcd560d83caa7725/detection

microsofto.sytes.net

# Reference: https://www.virustotal.com/gui/file/f3990a88fbcd2e6c31d6dc423bb90610444227e25bd26848e653939bf593b9ed/detection

http://93.174.89.19

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html (# Win.Packed.Zeus-9762533-1)

cyxaerkijeuaupzhqjzxhkzmrmvxw.net
gmwgkfjfrcdamydbuucrhxzxqclv.org
hmnbdanrschumrtouxhmxwhfe.biz
hseuswtumvofhaugxcbuaskifzp.ru
hvwuwdellgqcaivwkeqzxhkhyea.org
jvzxcyfquohmzyotkswskjnbn.biz
kljvxotcuplskxqwbyizbro.org
knibxwsofqprztzpbyibhpvqcsh.ru
ldugqylugovtcpfuingawkugnws.com
llxcijbliflgqhiijivxkvkrcr.com
mjhhmhrovocqlnkjqkuayhxgvgoj.net
mvdyheugepjxxdgyxxsuceqv.info
mzqocmpfltdlirxcqwxwdmb.info
nbvcqsprcapbymreyvojvteagy.org
pgdgqxhufexpnfqcedvbaythu.com
pvyhfypvemoeqhxsgerotsorpsfe.ru
rshuptpdiypmjovfebcetxkud.com
soamvwpqwdxougljpjwpfbuzpuky.biz
tstcfobmbcizlrramfuhwckrn.net
tvkdezvwqkqclpnxsdapinamd.com
vklfwsfqpbsxvobnzrkxshmrkd.com
xcpijwuyvktcbmuodykbkbp.biz
xgijwozlwbiddyeavkvintxnrv.biz
xwgbavssggegeubilbnzdpbwkjzt.biz
zthqlrtgcexobqkpqkoydheikj.org

# Reference: https://www.virustotal.com/gui/file/64ed16141e4200957c51541d8b542e69828004eadfb12d7be6af1cb315bd477b/detection

dnsslavemgr.info

# Reference: https://www.virustotal.com/gui/file/1dfe64efadacd42c07ddacd8ac0bb8b4fcc8fb714411bb1f2c9a3dc6ff32bc94/detection

e-trustuplevel.info
uplvlmassreserv.com
uplvlmassreserv.info
/strongest/encryption/lvl.php
/turbojets/service/file.php

# Reference: https://www.virustotal.com/gui/file/a2c687cd7ea9a8962327848539d59ba702e5808b8450b878106ea749856e41f6/detection

yholder.com
/server[php]/file.php

# Reference: https://www.virustotal.com/gui/file/b5f692f2b5d1ded9063df83c6c50e46f800308a623d88516f11c705ee43878de/detection

aolmm.com
dreampass.us

# Reference: https://www.virustotal.com/gui/file/60ffd56104693c5232a7c7036595fe415b0538a47e3e84357fda6e9526397fb5/detection

brightgraph.com
blogstruct.com
babbleprint.com
/sopelka1/file.php

# Reference: https://www.virustotal.com/gui/file/9c4d15d6ebceaa72992e69984d42982886e18a7f78579f373152d15dcc45a63e/detection
# Reference: https://www.virustotal.com/gui/file/fa980962e88c61e29145ccded7da9666ecd2d855c2edc4f64a05a8a54cead222/detection

vikingwer6.com
/deadm/file.php

# Reference: https://www.virustotal.com/gui/file/f33cc7e44566a77e288990d8c13747cc54402c6c1cedc6c4da226ceb685f6c8e/detection

newoubouhbolihbi.in
trading-top.com

# Reference: https://www.virustotal.com/gui/file/ee5e4d0b93a5e8eccaebfaedb8701f5599248a28f8ef904bccaf4ea109687d62/detection

wtfrpfm.com

# Reference: https://www.virustotal.com/gui/file/d598ee9b6b6aeb0d7f0969e4964ce64136110fdc0084ae03393f8681e4b6c83e/detection

joomwerk.ru
kansound.ru
in911.ru

# Reference: https://www.virustotal.com/gui/file/67d209a1f080e29bb168e81c19ef7e149cd675b2cecb61b947d772259aee021d/detection

rolabork.ru

# Reference: https://www.virustotal.com/gui/file/869780a8cf3e5c6abef877d0c8de6d25f39b3f2190ae5437e301195bca2f2a36/detection

hronologqq33.org
httpservice-check.in
poseidonmnesovsem.org

# Reference: https://www.virustotal.com/gui/file/af482f12f5d3d14e7b1ef4b172c46647d4f117da224abfba55b682eabba147b8/detection

secondaryfoundationforyou.com

# Reference: https://www.virustotal.com/gui/file/bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb/detection

au1-gate.com
au1-gate.net
au1-gate.org
/citadel/file.php

# Reference: https://www.virustotal.com/gui/file/1ac2d1eeb98eb86e1d362b77dea44e4c2004b150b0a5351ab11af009010287fb/detection

birdisaword.com

# Reference: https://www.virustotal.com/gui/file/d54a79e8e02d981cb3e997a6c7ce62139c3231f7afeb81eee208b993cb8bf243/detection
# Reference: https://www.virustotal.com/gui/file/e8a189c50cecd228054fe4712c5e141b3537b708edc6bc5ae3b92f8f9fa8950a/detection
# Reference: https://www.virustotal.com/gui/file/2c7c90ed27e4362f1bbe6a0804dccb2290d336738f9ffaee953e74e55faf80ed/detection
# Reference: https://www.virustotal.com/gui/file/5545d836b2d098d7a27d5078b420db3876b64a62ea0f37e4c72a6eb7d8790353/detection

969696.ru
/(())/cfg.bin
/((l))/ld.php
/696969/cfg.bin
/696969/ld.php
/69111/69.php

# Reference: https://www.virustotal.com/gui/file/76df057847c5c03cdb03909463fe1cf971227be2916bd44fcad238ca71795059/detection

gussiley.org
wowteammy113.org

# Reference: https://www.virustotal.com/gui/file/b3e03b09e6c232697baf75a2bf9d6294286515b39f0d9c4760bfe31df9a26617/detection

omarioscb.com
megasuperzx.com
megasuperzxa.com
/citdl/qpcpcitdl/amdinkz/filex.php

# Reference: https://www.virustotal.com/gui/file/77aa47af04cd0e6db95601f1fc99341502d46796e71491946cffafd99b9026f9/detection
# Reference: https://www.virustotal.com/gui/file/d36a83d3dd3426c0f25f75eab0975476dfdd46a76482d31ad650faa2f45cab20/detection
# Reference: https://www.virustotal.com/gui/file/1ea97b370180d9d44d664a4f1a864b900e024ca2341e4ca1cfe8ce8f1453bf84/detection

fs21sa643664.be
fs535a64364.be
fsa3fsa1643624.be
fsafs421524.be
fsafs4215254.be
fsafsa521524.in
/0x0003/file.php

# Reference: https://www.virustotal.com/gui/file/8af46632f1182264dfca3865ae9583748a21e8a3d020ef8d3340c8c0b36a04f0/detection

quittsagges3ies.be
/0x0004/file.php

# Reference: https://www.virustotal.com/gui/file/b73f0e9996a603e6a365e94fa187dddb228911e88224513fd06bd55a46fb1cea/detection

kopolenatser.com
urkinotgood.com

# Reference: https://www.virustotal.com/gui/file/2d2c858c42ca6a3f5cf5dee426359c6af428d067ee76b695bf77e95d64338e8c/detection

homelinuxinside2.net

# Reference: https://www.virustotal.com/gui/file/7481d6bbe0dbee670f794927d4616766f67b0b29949035ef1eeb518ff1f64b51/detection

grblinux.com

# Reference: https://www.virustotal.com/gui/file/8b9618bb2c711d6957a77559a6ae067ea80e80a40e19020b2034848c7362df37/detection

alemandat.info
bilbodron.info

# Reference: https://www.virustotal.com/gui/file/2e489f865d361135df441d5abf8345110a71216a76a67c5cf427c48564980d14/detection

demoserviceout.ru

# Reference: https://www.virustotal.com/gui/file/237dcc31bf8f4b64d96bd3a2fbe5c5f0851f384b66d94b64f2667a9448694559/detection

commonformstopnet.com
netcenterc.com
obcmainrevisitor.net

# Reference: https://www.virustotal.com/gui/file/19798a9e42cce6050411aef7bd409f7159963d84f15da8fdfd97201028bf4877/detection

soundwisdomfinancial.com
thelockmanpublic.com/wp-content/themes/instal/file.php
trendlavoro.com

# Reference: https://www.virustotal.com/gui/file/88621dfb1f33552c74a5737b94b82a8a21ebad940ff4cbeac5875f7859a6bdbb/detection

checkincheckoutdoodling.in
emphasissmartlists.org
simplynamedgritty.in

# Reference: https://www.virustotal.com/gui/file/9c49410451724a01979fe1f0977c401053350b2b09870dc446d8fc052af13fb1/detection

h5d5c57.com
h5d5c61.com
mobidickguru.com

# Reference: https://www.virustotal.com/gui/file/3b9ff9953de8cf87fd8a8f81e0ed49f2872733c79c9c4f300ac6d4054cece8f9/detection

computer-data-klinik.de/html/kk2.bin
justtakethis.be
/html/kk2.bin

# Reference: https://www.virustotal.com/gui/file/575bab5077092b7eed58daa88dc419fcb7c63297e2dc5f6709719665cab5b67d/detection

sikonsol.com
/jobcfg/cfg.bin

# Reference: https://www.virustotal.com/gui/file/b9a128c5ba5aba51e29a83c15500d551fd900c84d84c90a2f1ae94d2136be661/detection

sampleadvert.net
someadverdownservice.com
werbadvsrvpoints.net

# Reference: https://www.virustotal.com/gui/file/ec17c8a9397fd0563453c9d81c67e5e4582e4826221e060e4c192cb5c0efdb2e/detection

aartdvery.ru
ischu-sponsora.ru
lana-ross.ru
lazur-gagra.ru

# Reference: https://www.virustotal.com/gui/file/c3a6741265e5ab85fd0961d32c24732c224ace930933a379fc1e86ef14fc709c/detection

dualglobalwave.info
dualglobalexwave.com
quadglobalexwave.com
/encrypted/globalwave/aes.php

# Reference: https://www.virustotal.com/gui/file/229c8f1c6c38736cd17b640c23af25820c0ae03605dce999c1753d0471c1586e/detection

kulanustarikamistalama.in
lopusterijuxtanta.org
robasteolukatunamela.com
/chuqn/siaoqir9v/file.php
/chuqn/siaoqir9v/
/siaoqir9v/
/dgquicnqi/ladlchfiq/ofpcnqkx/file.php
/dgquicnqi/ladlchfiq/ofpcnqkx/
/dgquicnqi/ladlchfiq/
/dgquicnqi/
/ladlchfiq/ofpcnqkx/
/ladlchfiq/
/ofpcnqkx/

# Reference: https://www.virustotal.com/gui/file/4486727f171db1926ef12dd440d21eea31b93da2216970eff293583f635dba85/detection

commonftsformbs.com
fieldmanv.net
obcontainerev.net

# Reference: https://www.virustotal.com/gui/file/3db29a66fe45ca425b777f48b65c92151b76d1ba937a59b9ac1578b705f69c28/detection

webdatab.net

# Reference: https://www.virustotal.com/gui/file/4309d4f49abeb0d39454f20a5c60195ee42bf0b0f59864c86059da078c189830/detection

gremlindefault.net
/mainsession/game_install.bin

# Reference: https://www.virustotal.com/gui/file/c8f04368f328a59e18c07bd0ee1db101395828d0927780cb33188eff3d784a17/detection

cloudsfigs.info
getocifpo.in

# Reference: https://www.virustotal.com/gui/file/6fc09cc6d28ec986cfc0aacda23ec88be4c0bda626872bfde372cb9ab9dc8671/detection

alexaworldserver.com
clickbankstat.com

# Reference: https://www.virustotal.com/gui/file/f636794e88cb81b01ac7fa6c4bdf77a33ddd7e88cd33eb98072008e0e64d3013/detection

inconvenienceonthefly.org
performschronicle.org

# Reference: https://www.virustotal.com/gui/file/b3dd0f0ed4049538d744bb23be46595e5e13776c1fd1bd925b04d9bfb94fe38c/detection

newcidomain.com
trestnetreste.com

# Reference: https://www.virustotal.com/gui/file/d7c0238bf4b822e0c48da87d643182a0cc078dcbca2d6ea1db47e02f2802163f/detection

somanyexp.com

# Reference: https://www.virustotal.com/gui/file/915c2d5328ac5ad50b1cc62ad86e18f6f176d2b8f1971c436d9f21aed9f4fe6e/detection

hatefujews.com
qwe111.com

# Reference: https://www.virustotal.com/gui/file/b7b6c4f9addbc4d9b409a3cbda3b4575abb4b48e0f39659adc38306fd1f0bc16/detection

sunshinework22.com

# Reference: https://www.virustotal.com/gui/file/5a72c2f099c6a6fce7b9c67ba818d1a03b1e419dc502f04e484230c6dfd37247/detection

alldomainsguns.org
fincdoms11.com
returnzlab.net

# Reference: https://www.virustotal.com/gui/file/800193aaf555efb8fc4c4cf40b0a33ff7bab082c3cc07d254156300e1b45b5f7/detection

viplobbyr.in
waxshmax.org

# Reference: https://www.virustotal.com/gui/file/b963b4f7340d6c1a691f62f7051d922c9ba5eb8283e49b3d7308faa52fc938e7/detection

transservx.com
/xz4h3/files/test_config.bin

# Reference: https://www.virustotal.com/gui/file/fc11097eaf4e2cc3b36ff3e3ca399568219693623a3c85142dd6a3999404c7b4/detection

streetviewdaz.com

# Reference: https://www.virustotal.com/gui/file/0cf49127a7a57851623353d77dbb7dd54c337a5b56cdbe11475bb9fa68c44624/detection

aderege.com
domainqwerty.com

# Reference: https://www.virustotal.com/gui/file/ec8d0d93275f35730ca3d122116f6fb2705f357a72f0ac919567ac89ad521100/detection

adiumflux.com
/UOIy7893uas4adss/
/UOIy7893uas4adss/file.php

# Reference: https://www.virustotal.com/gui/file/9247811c3355c6a72eb1b9b2c2f6535a68a34add7486c3c3ee450903fa2edc60/detection

games4win.org

# Reference: https://www.virustotal.com/gui/file/c52b858a241f25202cec44f8606307c3a31333cd35a8692dfa0cdf8c708b780b/detection

leramvena15.info

# Reference: https://www.virustotal.com/gui/file/8e035883bba72d3bc925f8657dc9da754e5ed854290d436ab188ce155a31dea7/detection

produkktc.com

# Reference: https://www.virustotal.com/gui/file/ffc588993173d8b4a19a9ee87888d53f1b13c957e47a89027439deb73ad3ba4d/detection

ineshohaia.no-ip.biz
oslomoslo.myftp.biz
philcrow88.my03.com
smartappsecurity.com
smartappsecurity.net
smtpandrho.sendsmtp.com
/sms/me_v689.php

# Reference: https://otx.alienvault.io/indicator/domain/promisex.ru
# Reference: https://www.slideshare.net/realdeepdark/famous-cc-servers-from-inside-to-outside
# Reference: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3156.pdf

promisex.ru
tredokilo745241.ru
/1/uggi/
