# https://twitter.com/stephenlacy/status/1554697077430505473
myjino.ru

# https://niebezpiecznik.pl/post/uwaga-na-grozne-sms-y-dotyczace-przesylek/
meetappearance.club
vlog100.top
etmf.ir

# https://twitter.com/niebezpiecznik/status/1466040049678626822
jharmonix.com
widehypen.com
yachtingnewstoday.com
jk-jewelry.co.il

# https://twitter.com/CSIRT_KNF/status/1447458704664764418?s=20
pekaopl.com

# https://twitter.com/CSIRT_KNF/status/1447543103439740934?s=20
mbank24eu.online
pl.mbank24.eu.online
pl.mbank24.com
pl.mbank24.net
cz.mbank24.com
cz.mbank24.net

# https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
hotofecro.com
alaiblompass.com
heartratteandpulsetracker.com
icoonectedtrack.com
ospocatracker.com
laalaslirayeblection.com
iblompass.com
smalllcalllrecorder.com
anguaganslatast.com
oroscopemestry.com
blompascator.com
leunoon.com
arindocation.com
rooitor.com
mychattranslator.club
rulapptoplan.com
rportranslator.com
muslimasauda.com
martpolocator.com
wfupppx.com
scandocnotes.com
freecoupon21.com
ponyvideochat.com
ludamec.com
chat-transa.com
soulscanneryh.com
d3cameraplan.com
qibla-ultima.com
zoofanimalm.com
ciaolvc.com
heartrateproxhealthmonitor.com
bus-metrolis.com
truck-rouddrive.com
locatinfind.com
camerdentifier.com
locatorqiafindlocation.com
cocachar.com
squishyp.com
antranslaro.com
ftphotom.com
lockul.com
fingerprihanger.com
locatorshar.com
kfcwsa.com
gpsphonuetrackerfamilylocator.com
cailrecorder.com
tqiblacompas.com
kvprojectop.com
pikchoeditor.com
streetprocarsracingss.com
nemaeovies.com
aecodero.com
ivlewepapallrbkragonucd.com
heartrateandmealtracker.com
phonecontrolblockspamcalls.com
etcotater.com
canopoument.com
locxfindxlocx.com
mnesytrlatr.com
huntcontactz.com
intelgenttran.com
facenalyer.com
fnbdeiegpslocoiatntcrkaer.com
trcalluecodr.com
qrreaderpro.com
itranstxtvoicepht.com
qiberiblaon.com
iconylc.com
lsepeanitor.com
fxkwboard.com
dehcoveanager.com
tickeakhatsp.com
phoneboster.com
phonfinbyclap.com
aralaper.com
qibdirctiowa.com
islsrickers.com
feartranslator.com
vpnzfep.com
snaplens-pt.com
qiblassirection.com
easyvshow.com
qibla-quran.com
qrcodesscan.com
hoolives.com
burivingsim.com
coupongiftsnstashop.com
fingdefend.com
projectormp.com
forzahmobile.com
artateulseonitor.com
sslasmr.com
bagscaner.com
phonecallerscreen.com
datingappswmt.com
lifeel-scan.com
colorizerset.club
expresscreditcash.com
ccallerx.com
transatitonneap.com
lasouncherio.com
claptfindzmphone.com
mirrorscreencasttvv.com
ircleocatinder.com
mobleingsder.com
proocallerr.com
frecalwolwid.com
allelpcoonmber.com
faspulhearratmoni.com
fincconttact.com
uncherdroid.com
iveilembercker.com
lepamcker.com
lockaaocker.com
onarchbylap.com
secontranslatpr.com
tgscontakcs.com
lockaaocker.com
callwhozdine.com
perargero.com
mylocatorplus.club
comclap.club
callerids.club
instantspeechtranslation.club
photoeditorbest.club
piction.club
driveriders.club
skycoachgg.club
ffitnesstrainer.club
racerscardriver.club
fitnessdias.club
meetingonlinechat.club
fitnessgymup.club
editsbackground.club
cutcutpro.club
drivingexpiriencesimulator.club
clipbuddy.club
horoscopefortune.club
ludospeakeasy.club
fitnesspoint.club
wallvoluminousfourk.club
cvectorart.club
ludospeakv2.club
callrecordpro.club
carracer.club
slimesimulator.club
offroaderssurvive.club
lending-online.club
controlcenterios.club
callerids.club
carracer.club
streetracingg.club
checkheart.club
keyboardthemes.club
whatsmesticker.club
batterychargingeffect.club
luxoreditor.club
lionflix.club
amazingvideoeditor.club
zodiachand.club
zeusalmighty.club
pharaohsadventure.club
batterylivewallpaperhd.club
comqubla.club
safelock.club
heartrhythm.club
easybassbooster.club
comphotolab.club
678ikmbtui.com
safe-link.mobi
at.gogameportal.club
activate-your-account-now.com
continue-to-get-content-now.com
your-access-here.com
app.buenosocial.club
join.crazymob.co
vl.denrok.space
www.timpromos.com.br
campaignmanager.fun.moobig.com
get-your-access-now.com
v.mobzones.com
mt2-sdp4.mt-2.co:8010
go.whatabookmark.com
lp.shoopadoo.com
es.mobiplus.me
af.to.123games.club
be.startdownload.mobi
za.startdownload.mobi
n.appspool.net
wap.trend-tech.net
fr.chillaxgames.mobi
tracking.hexilo.com

# https://twitter.com/pswapneel/status/1444971888619376645?s=20
yonoonlinelogin.info
sbimkyc.net
sbiky.org

# https://twitter.com/AHamankiewicz/status/1442141879613669376?s=20
sa.sv

# https://twitter.com/CSIRT_KNF/status/1442054053832413185?s=20
wa.sv

# https://twitter.com/ThreatLabsPL/status/1442190659830509576?s=20
groundiespolska.pl

# https://twitter.com/ThreatLabsPL/status/1442141590667948042?s=20
kennethcolepolska.com

# https://twitter.com/ThreatLabsPL/status/1442140626062127107?s=20
rotanger.space
herosuby.xyz
uvar.uno
kelp.website
vermut.xyz
thewest.space

# https://twitter.com/ThreatLabsPL/status/1442097071155290112?s=20
szukamy-polska.pl

# https://twitter.com/ThreatLabsPL/status/1442097954798678017?s=20
musisz-pomoc.pl

# https://twitter.com/pswapneel/status/1441769407647084545?s=20
sbibank-kyc.in

# https://twitter.com/ThreatLabsPL/status/1441694875351670786?s=20
mastercash.asapbusiness.site

# https://twitter.com/ThreatLabsPL/status/1441685625523089408?s=20
poczta-wp-profil.eu

# phishing discovered myself
# https://www.virustotal.com/gui/url/25ce3cb7bbaed92da80cf7394ab31a4da7beee03deade2477dea1f1cd7bd4e91/detection
otp.k1cy46h7jnx2xfj.insideplaza.com
# https://www.virustotal.com/gui/url/0df78de0b9e39ba041a272bcd3da3328fb52d0ca57325d9cefd44edbaab66718/detection
k1cy46h7jnx2xfj.insideplaza.com
# https://www.virustotal.com/gui/domain/insideplaza.com/detection
insideplaza.com

# https://twitter.com/CSIRT_KNF/status/1367441454277271560?s=20
pl-btc1.site

# https://twitter.com/karol_paciorek/status/1367459309433536513?s=20
topx-bt.net
btclangsapp.com

# https://twitter.com/CSIRT_KNF/status/1367422878992457734?s=20
timepizza.fun

# https://redcanary.com/blog/clipping-silver-sparrows-wings/
specialattributes.s3.amazonaws.com
api.mobiletraits.com
api.specialattributes.com

# https://twitter.com/CSIRT_KNF/status/1361607785826447368
jazzybeats.top
brandnewbean.top

# https://twitter.com/CSIRT_KNF/status/1360185890400788481?s=20
credit-agricolle.pl

# https://twitter.com/CSIRT_KNF/status/1357599750091079683
kwarantannadomowa.com

# https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
# C2 Domains: Attacker-Owned
angeldonationblog.com
codevexillium.org
investbooking.de
krakenfolio.com
opsonew3org.sg
transferwiser.io
transplugin.io
blog.br0vvnn.io

# C2 Domains: Legitimate but Compromised
trophylab.com
colasprint.com
dronerc.it
edujikim.com
fabioluciani.com

# https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/
btc-electrum.com
btcelectrum.org
downloadelectrum.com
downloadelectrum.org
eiectrum.net
electrum.bz
electrumapp.org
electrumapps.com
electrumbase.com
electrumbase.net
electrumbase.org
electrumbitcoin.org
electrumbtc.org
electrumbuild.com
electrumcircle.com
electrumclient.org
electrumcore.com
electrumcore.net
electrumdownload.com
electrumdownload.org
electrume.com
electrume.org
electrumfix.com
electrumget.com
electrumget.com 
electrumhub.com
electrumnet.com
electrumofficial.com
electrumopen.org
electrumpgrade.com
electrumsafe.org
electrumsite.com
electrumsource.org
electrumstart.org
electrumtxn.com
electrumupdate.com
electrumupgrade.com
electrumupgrade.org
electrumware.com
electrumware.org
electrumweb.net
getelectrum.com
getelectrum.live
getelectrum.org
goelectrum.com
myelectrum.org

# https://twitter.com/bl4ckh0l3z/status/1350130360580005888?s=20
umengs.sanxikou.cc
avatasia.com

# https://twitter.com/bl4ckh0l3z/status/1350044213963071489?s=20
server25.intellecthost.xyz

# https://twitter.com/bl4ckh0l3z/status/1350149455052464128?s=20
chujwdupepolicji.xyz
wykurwyzpolicji.xyz
ziobrotykurwo.xyz
przestanmialienaprzesladowac.xyz
dreamdime.top
oldgoodshoe.top
blackdreamz.top

# https://niebezpiecznik.pl/post/uwaga-uzytkownicy-poczty-wp/
poczta24.me

# Dridex: https://pastebin.com/raw/mP3uJugX
1played.com
3.135.65.187
acepurn.com
africaelectronics.co.za
ajolotius.com
amazontutoringcenter.com
anchalhospital.com
apisms.e-mobiletech.com
archiezen.co.uk
archive.museubandasfilarmonicas.pt
areev2020.in
artech.alrahmanbooks.com
ask.maxfaxtalk.in
atis.ug
austin.swiftlocks.net
australiaastrology.com.au
betterleisures.com
blog.cebecitekstil.com
brandscanltd.com
buenaspracticas.org.mx
capericias.com.br
carewatchsecuritybdi.com
ccp-pakistan.org.pk
chatsupportagent.com
clean2clear.com
corporatebusinessmachines.co.in
crusspair.co.za
csharpassociates.com
cubectivel.com
cyberbox-ph.com
dairycraft.dairycare.info
darinhotel.net
deperfectemens.be
dsid.e-mobiletech.com
e.docarts.id
ecoconcretos.com
ethar.ae
eyecambodia.com
finehealthonline.com
fish-gear.com
fishinggearrating.com
flightscozy.com
flintjames.com
floridaprobaterelief.com
flyhightraveller.com
fonixpizza.no
forum.mdb.nu
forums.ebprospectors.com
fresnodepositionreporters.com
funahampers.com
ganamcaters.in
gipfelengg.com
gla-edu.com
gopeeks.com
gozofilmfestival.com
gracetab.co.za
gratetravel.com
grillomarketing.com
habitatmendoza.com
hazelautocars.co.za
hby.yngw518.com
heraclitotattoostudio.com
hnd.dairy-care.com
Iafortmyers.org
iesatnchapter.com
imeraipur.com
inbodyscanmelbourne.com.au
intfoodservices.com
investment.alphatradingleague.com
iqhosted.nl
irocomps.co.za
itsquare.yrcreations.com
keongplastering.com
kevin.netdati.com
kidsreliefbags.com
kidzcaters.com
kmatechnicalinno.innodaba.com
laidbackexcursions.com
laravel.e-mobiletech.com
leads-that-close.com
leaftells.aurainternationalindia.com
logowholesaler.com
lyricalvideostatus.droidiosking.com
m.myartsandmurals.com
masbuilders.in
megatasktechnologies.com
mehsana42golprajapatisamaj.org
metropolis-roleplay.com
mikkelraunsgaard.dk
mitwpunwp.mitevents.org
mnparikh.com
mophp-ye.com
msc-cunds.de
mycrc.org
myleather.it
naya-center.com
nidhi.iexist.in
obsession.hu
omplusuniversal.creedglobal.in
ontel.online
parisgold.ro
pastores.iacymperu.org
pehchaanlivefoundation.org
pixelconnect.in
play.radiohich.com
portalaspra.softdrive.com.br
preciousmemorabilia.com
previousquestionpapers.com
printpix.lk
pto99.com
puredropwater.in
purpledot.io
radiocanibal.com
radiochilena.creatalca.cl
radioiluminacion.djsrecord.com
rajatknows.com
rewa.billabonghighrewa.com
saiappstore.com
salondefilipina.com
schmockyyy.com
senep2014.alphania.es
shell-core.com
sierrainfraworks.com
skinfolabs.com
smu42.de
spg.digitalnoirtest.net.au
stenla.com
ststephenboys.ac.tz
tc-fortuna.com
teammsup.com
tennismendrisio.ch
teste.omercadonovo.com
thepadsantamaria.org
ticketsaletravel.com
transformaciondigitalcolombia.com
tstfrigo.com
tvsmiami.com
tzinmobiliaria.com
umang.nciinfotech.in
vcah.co.uk
versatilcamiseteria.com.br
wadsoncables.co.za
whatsyourmedicine.org
www.fonixpizza.no
www.logowholesaler.com
www.msc-cunds.de
www.tvsmiami.com
www.tzinmobiliaria.com
wxzg.yngw518.com
yakimovaksyphoto.ru
yelc.me
yellowsquarebooks.com
yuxigon.com
zhaoshenggroup.com

# SolarWinds
# https://gist.github.com/olafhartong/213bcf76f31d2fc36ff189aa7b0cc656
# https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
panhardware.com
databasegalore.com
avsvmcloud.com
freescanonline.com
thedoccloud.com
deftsecurity.com

# https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/
stopsms.biz
free247downloads.net
urlpush.net

# https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
f15fwd322.regularhours.net
secureyouradd.com
accountant-audio.com
holdmydoor.com
weddingbandsoft.com
audienceflake.com
takemallelectric.com
smallperfumerain.com

# https://twitter.com/forwardsecrecy/status/1337495822057914368?s=20
xn--lectrum-s8a.org

# electrumltc.org
electrumltc.org

# vera crypt
vera-crypt.com
jodakurier.com

# ledger scam - as reported on twitter
us-ledger.com
837729.app
nl-ledger.com
ledgersupport.com
ledgerlive.io

# phishing prywatny
chandnichowknowonline.in

# The Mask – DNS and IP filtering as per Kaspersky Paper
# http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf
nthost.shacknet.nu
tunga.homedns.org
prosoccer1.dyndns.info
prosoccer2.dyndns.info
nav1002.ath.cx
pininfarina.dynalias.com
wqq.dyndns.org
pl400.dyndns.org
services.serveftp.org
sv.serveftp.org
cherry1962.dyndns.org
carrus.gotdns.com
ricush.ath.cx
takami.podzone.net
dfup.selfip.org
wwnav.selfip.net
fast8.homeftp.org
ctronlinenews.dyndns.tv
mango66.dyndns.org
gx5639.dyndns.tv
redirserver.net
swupdt.com
msupdt.com
appleupdt.com
linkconf.net

# Trend Micro .bit domains
# http://www.trendmicro.com.au/cloud-content/us/pdfs/security-intelligence/white-papers/wp-bitcoin-domains.pdf
megashara.bit
opusattheend.bit
supermegacool.bit
bitshara.bit

# http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects-thousands-more-wordpress-websites-via-revslider.html
wpcache-blogger.com
ads.akeemdom.com

# 25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf
# C&C servers (hostnames and IPs):
# DoubleFantasy
advancing-technology.com
avidnewssource.com
businessdealsblog.com
businessedgeadvance.com
charging-technology.com
computertechanalysis.com
config.getmyip.com
globalnetworkanalys.com
melding-technology.com
myhousetechnews.com
newsterminalvelocity.com
selective-business.com
slayinglance.com
successful-marketing-now.com
taking-technology.com
techasiamusicsvr.com
technicaldigitalreporting.com
timelywebsitehostesses.com
www.dt1blog.com
www.forboringbusinesses.com

# EquationLaser
lsassoc.com
gar-tech.com

# Fanny
webuysupplystore.mooo.com

# EquationDrug
newjunk4u.com
easyadvertonline.com
newip427.changeip.net
ad-servicestats.net
subad-server.com
ad-noise.net
ad-void.com
aynachatsrv.com
damavandkuh.com
fnlpic.com
monster-ads.net
nowruzbakher.com
sherkhundi.com
quik-serv.com
nickleplatedads.com
arabtechmessenger.net
amazinggreentechshop.com
foroushi.net
technicserv.com
goldadpremium.com
honarkhaneh.net
parskabab.com
technicupdate.com
technicads.com
customerscreensavers.com
darakht.com
ghalibaft.com
adservicestats.com
247adbiz.net
webbizwild.com
roshanavar.com
afkarehroshan.com
thesuperdeliciousnews.com
adsbizsimple.com
goodbizez.com
meevehdar.com
xlivehost.com
downloadmpplayer.com
honarkhabar.com
techsupportpwr.com
zhalehziba.com
serv-load.com
wangluoruanjian.com
islamicmarketing.net
noticiasftpsrv.com
coffeehausblog.com
platads.com
havakhosh.com
toofanshadid.com
bazandegan.com
sherkatkonandeh.com
mashinkhabar.com
quickupdateserv.com
rapidlyserv.com

# GrayFish
business-made-fun.com
businessdirectnessource.com
charmedno1.com
cribdare2no.com
dowelsobject.com
following-technology.com
forgotten-deals.com
functional-business.com
housedman.com
industry-deals.com
listennewsnetwork.com
phoneysoap.com
posed2shade.com
rehabretie.com
speedynewsclips.com
teatac4bath.com
unite3tubes.com
unwashedsound.com

# TripleFantasy
arm2pie.com
brittlefilet.com
cigape.net
crisptic01.net
fliteilex.com
itemagic.net
micraamber.net
mimicrice.com
rampagegramar.com
rubi4edit.com
rubiccrum.com
rubriccrumb.com
team4heat.net
tropiccritics.com

# Equation group’s exploitation servers:
standardsandpraiserepurpose.com
suddenplot.com
technicalconsumerreports.com
technology-revealed.com

# Babar: http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/
horizons-tourisme.com
gezelimmi.com

# Evil Bunny http://www.slideshare.net/Cyphort/mmw-evil-bunny
callientefever.info
le-progress.net
ghatreh.com
www.usthb-dz.org

# FIN4 https://github.com/fireeye/iocs/blob/master/FIN4/fb0699e2-23a6-40f9-bf96-4514d629eec3.ioc
ellismikepage.info
lifehealthsanfrancisco2015.com
rpgallerynow.info
dmforever.biz
msoutexchange.us
junomaat81.us
outlookscansafe.net
outlookexchange.net
nickgoodsite.co.uk

adserver.alltraveldaily.com
adserver.mensstylebook.com
adserver.recipechart.com
adserver.highspeedtesting.com
adserver.smackchow.com

# https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.htmlhttps://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
plantsroyal.org
ripola.net
valanoice.org
adorephote.org
jackropely.org


# http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
advseedpromoan.com
seoratingonlyip.net
advertise.com
pratioupstudios.org
#behance.net

# http://blogs.cisco.com/security/talos/rombertik
centozos.org.in

# https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/
ddosprotected.eu
updatesoft.eu
app.cloudprotect.eu
fw.ddosprotected.eu
logs.cloudprotect.eu
ssl.cloudprotect.eu
ssl.updatesoft.eu
adb.strangled.net
digitalinsight-ltd.com
ads.digitalinsight-ltd.com
cache.cloudbox-storage.com
cloudbox-storage.com
clust12-akmai.net
corp-aapl.com
fb.clust12-akmai.net
fbcbn.net
img.digitalinsight-ltd.com
jdk-update.com
liveanalytics.org
min.liveanalytics.org
pop.digitalinsight-ltd.com
ww1.jdk-update.com
find.a-job.today
cryptomag.mediasource.ch

# https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
adguard.name
beefeewhewhush-eelu.biz
blisko.net
comixed.org
coral-trevel.com
datsun-auto.com
di-led.com
financialnewson-line.pw
financialwiki.pw
flowindaho.info
freemsk-dns.com
gjhhghjg6798.com
glonass-map.com
great-codes.com
icafyfootsinso.ru
idedroatyxoaxi.ru
ivaserivaseeer.biz
microloule461soft-c1pol361.com
microsoftc1pol361.com
mind-finder.com
operatemsesscont.net
paradise-plaza.com
public-dns.us
publics-dns.com
systemsvc.net
system-svc.net
traider-pro.com
travel-maps.info
update-java.net
veslike.com
wefwe3223wfdsf.com
worldnews24.pw
worldnewsonline.pw

# http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-guns/
weekend-service.com
seven-sky.org
clients4-google.com
adobe-dns-3-adobe.com
img.in-travelusa.com

# hummingbad
# http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/
# https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
hummerlauncher.com
cdn.sh-jxzx.com
d2b7xycc4g1w1e.cloudfront.net
d1qxrv0ap6yf2e.cloudfront.net
032n.com
032o.com
guangbom.com
ssppsspp.com
ccaa100.com
ccaa200.com
cscs100.com
cscs200.com
hmapi.com
eoapi.com
ma2.heshan88.com
sl2.heshan88.com
ma2.lb0408.com
sl2.lb0408.com
aa0ad.com
aa0ab.com

# http://blog.anubisnetworks.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack
lhzbdvm.com
prugskh.net
prugskh.com
oyag.lhzbdvm.com
oyag.prugskh.net
oyag.prugskh.com


# cryptolocker
# http://cybertracker.malwarehunterteam.com/malicious/846 (847/848/849)
nuservermail.net
aservermail.net
majorservice.net
giantservice.net

# blog.malwarebytes.org/threat-analysis
trackmytraffic.biz
talk915.pw

# http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/
conce.republicoftaste.com
compe.quincephotographyvideo.com
ntion.atheist-tees.com
entat.usedmachinetools.co
connt.modusinrebus.net
ainab.photographyquincemiami.com
rated.republicoftaste.com
rence.backstageteeshirts.com

# https://zaufanatrzeciastrona.pl/post/wlamania-do-kilku-bankow-skutkiem-powaznego-ataku-na-polski-sektor-finansowy/
misapor.ch
sap.misapor.ch
eye-watch.in
www.eye-watch.in

# https://zaufanatrzeciastrona.pl/post/uwaga-na-zlosliwe-reklamy-atakujace-w-najwiekszych-polskich-serwisach/
gift.gifts-for-free.online

# https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
thinkdream.com

# https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
1ds.me
bbcnews.deepseaengine.com

# https://zaufanatrzeciastrona.pl/post/uwaga-na-rzadowa-witryne-infekujaca-odwiedzajacych-ja-uzytkownikow-ransomware/
# http://malware-traffic-analysis.net/2017/01/24/index.html
trashoutservices.com
kidsonthestreet.com
neighborhoodreunion.org
neighborhoodreunion.com
sellfloridahomes.com
hospitality-health.org
floridawholesaleproduce.com
joellipman.com
hospitality-health.us

# https://www.virustotal.com/en/file/f113474ecc59167ceac4c50353543d3197813cb37a2111b71151172a7f5ec258/analysis/1492505312/
# https://www.hybrid-analysis.com/sample/f113474ecc59167ceac4c50353543d3197813cb37a2111b71151172a7f5ec258?environmentId=100
forportos.co
enfesogavn.com
agedsiong.com


# https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/
caforssztxqzf2nm.onion
1dnscontrol.com
#argumentiru.com
www.fontanka.ru
grupovo.bg
www.sinematurk.com
www.aica.co.jp
spbvoditel.ru
#argumenti.ru
www.mediaport.ua
blog.fontanka.ru
an-crimea.ru
www.t.ks.ua
most-dnepr.info
osvitaportal.com.ua
www.otbrana.com
calendar.fontanka.ru
www.grupovo.bg
www.pensionhotel.cz
www.online812.ru
www.imer.ro
novayagazeta.spb.ru
i24.com.ua
bg.pensionhotel.com
ankerch-crimea.ru

# https://zaufanatrzeciastrona.pl/post/uwaga-na-oszustwo-z-olx-paczkomatami-i-przelewy24-w-tle/
przelewy24-7.pl
pajmon.pl

# https://twitter.com/x0rz/status/981616924181389312
myaccountupgrades.com
microsoftonlineoffice.com
emailadministrators.com
rankingonu.com
portonrnail.com
bedistribution.info
zurichboss.com
zurichcompany.com

# https://niebezpiecznik.pl/post/iphone-atak-mdm/
ios-certificate-update.com
wpitcher.com

# https://securelist.com/absolute-computrace-revisited/58278/
search.namequery.com
search.us.namequery.com
search64.namequery.com
bh.namequery.com
namequery.nettrace.co.za
search2.namequery.com
m229.absolute.com

# https://niebezpiecznik.pl/post/bad-rabbit-czyli-atak-ulepszona-notpetya-ktory-zaszyfrowal-dane-na-ukrainie-w-rosji-oraz-w-polsce/
myk104.com
montenegro-today.com
otbrana.com
hercegovni.me
bahmut.com.ua
ucarsoft.com
pensionhotel.de
tweetlerim.gen.tr
sarktur.com

# https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
draqusor.hi2.ro
hackingoriginal.ro
aridan.hol.es
diicot.altervista.org
prg.do.am
werwolf.altervista.org
havijuu.pe.hu
sonic.do.am
patf.site90.net
status-ok.com
hagaipipko.net
linuxrepository.org
javacdnupdate.com
dc0.cc
linux-flavor.net

# https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
secao.org
ikmtrust.com
sysanalyticweb.com
lxwo.org
jflynci.com
remotepx.net
rdsnets.com
rpcnetconnect.com
webstp.com
elaxo.org

# https://twitter.com/abuse_ch/status/1171484509281255425
helpwebroot.com
help-eset.com
help-bitdefender.com
helpavast.com
help-trendmicro.com

# https://blog.malwarebytes.com/botnets/2019/09/emotet-is-back-botnet-springs-back-to-life-with-new-spam-campaign/
danangluxury.com
gcesab.com
autorepuestosdml.com
covergt.com
zhaoyouxiu.com
rockstareats.com
inwil.com
inesmanila.com
dateandoando.com

# https://niebezpiecznik.pl/post/wyciek-danych-mfinanse-pko-leasing/
tvjovem.net
chefeladlevi.com
atchec.com
aplsolutionsonline.com
faraweel.com
grupobiblioteca.es
formenteravacaciones.com
proyecta.net.pe
valerodiaz.com

# https://www.riskiq.com/blog/labs/badrabbit/
aica.co.jp
www.dermavieskin.com
grupovo.bg
www.fitnes-trener.com.ua
www.afaceri-poligrafice.ro
grandua.ua
i24.com.ua
scanstockphoto.com
izgodni.bg
www.biotechusa.ru
www.mediaport.ua
www.armoniacenter.com
sweet-home.dn.ua
www.chnu.edu.ua
fitnes-trener.com.ua
www.t.ks.ua
www.fastfwd.ru
www.uscc.ua
bitte.net.ua
www.fitnes-trener.com.ua
ophthalmolog.kiev.ua
grandua.ua
i24.com.ua
akvadom.kiev.ua
ulianarudich.com.ua
football.zp.ua
www.mediaport.ua
chnu.edu.ua
evroremont.kharkov.ua
thecovershop.pl
www.tofisa.com
cream-dream.com.ua
go2odessa.ru
bahmut.com.ua
abantyoreselurunler.com
aldingareefretreat.com
ftp9.net
magicofis.com
piiz.tk
tedizmir.k12.tr
websgramly.com
www.andronova.net
www.detaymaxinet.com
www.fikracenneti.com
www.gulenturizm.com.tr
www.ilgihastanesi.com
www.komedibahane.com
www.moonlightcinemaclub.com
www.musterihizmetlerinumarasi.com
www.techkafa.net
www.teknolojihaber.net
www.vertizontal.ro
izgodni.bg
montenegro-today.com
scanstockphoto.com
www.grupovo.bg
www.matasedita.sk
www.montenegro-today.com
www.myk104.com
www.nadupanyfanusik.sk
www.otbrana.com
www.sinematurk.com
www.ucarsoft.com