# Follina CVE-2022-30190 related
tibet-gov.web.app
tibetyouthcongress.com
t1bet.net
www.xmlformats.com
xmlformats.com
www.sputnikradio.net
sputnikradio.net
airjaldi.online
tibet.bet
# Bumblebee C2 (malicious) related
#cdn.jsdelivr.net # not always malicious, more sometimes misused.
28.11.143.222
49.12.241.35
185.33.87.53
71.1.188.122
89.222.221.14
108.62.118.56
ec2-18-118-156-145.us-east-2.compute.amazonaws.com
gomuzigak.com
# Cobalt Strike re-emerge
zupeyico.com
lentgenn.com
policyupdating.com
baronrtal.com
45.153.243.93
# EMOTET C2 traffic observations to block
chobemaster.com
bencevendeghaz.hu
vibesapparels.com
# IceID / BokBot / DarkVNC
hectorcalle.com
pilatylu.com
guguchrome.com
ganjicow.com
callbackhubs.com
84.32.190.49
yolneanz.com
# QAKBOT C2
meumundocatolico.com
smartleasesonora.com
rizucem.com
svfin.icu
# HelloXD Ransomware - reference unit42.paloaltonetworks.com/helloxd-ransomware/
www.zxlab.iol4cky.men
btc-trazer.xyz
sandbox.x4k.me
malware.x4k.me
f.x4k.me
0.x4k.me
pwn.x4k.me
docker.x4k.me
apk.x4k.me
x4k.me
powershell.services
vmi378732.contaboserver.net
x4k.in
L4cky.men
m.x4k.me
mx2.l4cky.com
mailhost.l4cky.com
www1.l4cky.com
authsmtp.l4cky.com
ns.l4cky.com
mailer.l4cky.com
imap2.l4cky.com
ns2.l4cky.com
server.l4cky.com
auth.l4cky.com
remote.l4cky.com
mx10.l4cky.com
ms1.l4cky.com
mx5.l4cky.com
relay2.l4cky.com
ns1.l4cky.com
email.l4cky.com
imap.l4cky.com
mail.x4k.me
repo.x4k.me
bw.x4k.me
collabora.x4k.me
cloud.x4k.me
yacht.x4k.me
book.x4k.me
teleport.x4k.me
subspace.x4k.me
windows.x4k.me
sf.x4k.me
dc-b00e12923fb6.l4cky.men
box.l4cky.men
mail.l4cky.men
www.l4cky.men
mta-sts.l4cky.men
ldap.l4cky.men
cloud.l4cky.men
office.l4cky.men
rexdooley.ml
relay2.kuimvd.ru
ns2.webmiting.ru
# Gallium - PingPull
micfkbeljacob.com
df.micfkbeljacob.com
jack.micfkbeljacob.com
hinitial.com
t1.hinitial.com
v2.hinitial.com
v3.hinitial.com
v4.hinitial.com
v5.hinitial.com
goodjob36.publicvm.com
goodluck23.jp.us
helpinfo.publicvm.com
mailedc.publicvm.com
# IceXLoader 3.0 Malware # Includes C2 URLs and Download URLs - Source Fortinet
kulcha.didns.ru
r4yza92.com
62.197.136.240
north.ac
hhj.jbk0871.fun
funmustsolutions.site
golden-cheats.com
# PureCrypter Malware 
# reference https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter
amcomri.upro.site/.tmb/ID44/313606953372.jpg
# cdn.discordapp.com/attachments/933024359981932666/934953013670449253/Koieiminr.jpg
amcomri.upro.site/.tmb/ID44/Ffobs.png
#cdn.discordapp.com/attachments/911013699026825266/935017324182913104/EpicGames.jpg
gbtak.ir/wp-content/846569297734.jpg
# cdn.discordapp.com/attachments/765212138226450455/934977016292327455/Installer2.log
# cdn.discordapp.com/attachments/934261104564113441/934945441370497054/FlareTopia_V5.1.log
# cdn.discordapp.com/attachments/934261104564113441/935058809200730142/new.log
transfer.sh/get/3tWVO9/Evbccj.png
gbtak.ir/wp-content/759279720662.jpg
sub.areal-parfumi.si/kk/Lnnuda.log
sub.areal-parfumi.si/new/Ofwcwpm.jpg
gbtak.ir/wp-content/078571269562.jpg
# cdn.discordapp.com/attachments/846778795524751371/935185760783585360/Pmvzeaoj.log
# cdn.discordapp.com/attachments/933024359981932666/935065418803056680/Lkrbylqxx.png
taskmgrdev.com/e/Jymuty.png
# Lyceum-net-dns-backdoor
news-spot.live
# Shadowpad Backdoor - reference https[:]//ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/
api.onedriev.tk
storage.ondriev.tk 
order.cargobussiness.site
documents.kankuedu.org
live.musicweb.xyz
obo.videocenter.org
tech.obj.services
houwags.defineyourid.site
noub.crabdance.com
grandfoodtony.com