# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: guildma

# Reference: https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/

ta4dcmj.proxy6x-server.website

# Reference: https://twitter.com/cyber__sloth/status/1200366623615594497

campanhacomercialvendas.info

# Reference: https://blog.talosintelligence.com/2020/05/astaroth-analysis.html
# Reference: https://otx.alienvault.com/pulse/5eb9776da9f82b6e9a5d1036

32lpn3ft7eph05.com.de
4nk7h3s453b019.com.de
909nu3dx3rgk13.com.de
9f3rr2tzu2zm14.com.de
a4haub65wwq002.com.de
bantqr8rrm9c11.com.de
centrofinanceirosa.com.de
cg29lhgyrqen08.com.de
f6zn4bt4525p04.com.de
fd85jg5cetko03.com.de
liderfinancesa.com.de
lkjq5t5bqtol06.com.de
prosistemfinancesa.com.de
rwmaz1ewk6lk18.com.de
seusistemafinanceirosa.com.de
sfinanceirosa.com.de
sfinances.com.de
sistemafinanceirosa.com.de
sistemcredita.com.de
tecnofinancesa.com.de
u9gq2b6u4iah07.com.de
wke9c2ebsdoe15.com.de
021oiyzis.ml
1f5tunhpi.ml
6zs1njbw.ml
7ymboe33m.cf
7zip.golf
81rc4uw1b4roh99dmn.cf
84m4bl423.space
88zpv47nuh09wq7.ml
896pc6x93.gq
a01mt584zk32sw1.ml
accountinformation.buzz
accountt.download
adollfhitler.app
amandafix.space
amandafix.tech
anexo.monster
anitagaribaldi.app
asth.app
baixinho11.cf
batigol.ga
bffr.space
bghyh.cf
bifrostsr8.app
billgates.app
blogchief.tk
bnghjh.ml
brigaderua.ml
bubbaoff.press
bvgtt5.gq
bvijuoi.ml
c3v4b5n6m7j89i.tk
carnegiemonster.app
cbryt.buzz
cmfot.ml
compradigital.tech
coppernote.tech
coragem.cf
costelinha.tk
deliciousprime.cf
dougfunnie.cf
driverss.tk
edmondhalley.app
enrols.ga
ertr.space
evokgtis.gq
fanaticallao.site
fatalerror.cf
fatura.tech
fenomeno.gq
fheyo.ga
fheyo.ml
fhff.space
financeiroltda.golf
fiscal.monster
g4cpq4xcz.ml
gautamabuddhaa.app
gdfcd.cf
gerenteempresarial.voyage
gestaodenegocios.monster
gfhh.space
gkz9877oj.gq
grvyj.ml
gtasanandres.tk
henryford.app
hidrosolar.space
hko1yucr.ga
hmf8qij2.gq
hyhfv.ml
iurigagarin.app
jardimboty.com
jghkju.ml
jgttg.cf
jpz9w9yw7.ga
juisama5.tk
k8cf0j5u.cf
kaligodfrey.casa
karlmarxx.app
kixmgxjxz.ga
ktms13gb.ga
kwamenkrumah.app
ljkmaa.ga
louispasteur.app
megaurbia.space
mnjkol.gq
monalisapicture.app
movcr.ml
ms78.online
ms78.site
namokwow.gq
naovemdegarfonasopa.app
natfgt.gq
newriderbrs.ml
newriderbrs.tk
nfiru.buzz
nfiru.monster
nfiru.site
nfiru.website
nfiru.xyz
nghny.tk
nhgj.ml
nyjur.tk
nz5heahrw4dchm4wgp.ml
objectstream.ga
oktrabalhox021.ml
operacional2019.services
osieofcorizon.fun
p6nkq.ga
p6nkq.ml
p6nkq.tk
pitagoras.app
plussizeafter.gq
proevolution.ml
projetovigoroustein.host
r4uamrr7fueez.cf
r4uamrr7fueez.ga
salko.gq
salvadorddalii.app
seuamor.online
seuamor.xyz
simmonitor.gq
solfrio.tech
stevejobsiphone.app
systemadminister.institute
theitchjasmine.online
therockefeller.app
tipvine.site
topglassfull.tk
uiofcikttzxnz.ml
vandisillusioned.casa
vanexchange.online
vannisteroy.cf
vc0038oti94ikr954.ml
vcsczxsa.ga
vdfrt.ml
velhocego.app
vengefulsama.site
venumxmasz.club
vfevg.tk
vgfcn.ml
vitalicious.tk
wb60ycll.ml
winningeleven3.re
xczsrg.cf
xjpmorganx.app
xsarb.cf
xsbuqy.tk
xsvgcf.cf
xwcrfcv.ga
xxapocalipsexx.space
xyzsystemads.cf
yi7qlaice.cf
zasdfer.ga
zasdfer.gq
zmalkd.tk

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-02-Astaroth-IOCs.txt
# Reference: https://www.virustotal.com/gui/file/f0ba0bd9560279cf07a022b10a3cc323d07dd9195ea4ab6ceab4ce409830dbed/detection

t3oomr.piajq6b3uptu.be
wra60.aojjse1r7bwl.re

# Reference: https://twitter.com/johnk3r/status/1488926962554970113

barazaylu.shop
belegtuike.shop
frindaba.shop
glugiudo.us
usmarob.us
1sjeb8aou9h.glugiudo.us
20fht4you39.barazaylu.shop
2gkc8siuush.barazaylu.shop
47kvma3aer.glugiudo.us
48gzhb3art.belegtuike.shop
4opw7lvia8w.glugiudo.us
50dhkr4eesu.glugiudo.us
61fjbauaazh.glugiudo.us
72sfy8uou4g.barazaylu.shop
7fxgma3ata.frindaba.shop
7se1sjdii89.frindaba.shop
7uir59hai89.barazaylu.shop
8650jrvaeuw.usmarob.us
871sgjyaeay.usmarob.us
975dgecaear.usmarob.us
9hxgca3aer.barazaylu.shop
a3960dhou4m.usmarob.us
a91dkrneesu.glugiudo.us
a965fhtaapo.frindaba.shop
aitq9hxai89.barazaylu.shop
cnmiu16iodk.glugiudo.us
ddcrtwwa39.belegtuike.shop
dgkrnysou5j.belegtuike.shop
dkvfna3aet.frindaba.shop
ert821goun9.barazaylu.shop
ewet360ooya.belegtuike.shop
ey8uiraionj.frindaba.shop
fjynuaraa9k.usmarob.us
gen8araaixm.frindaba.shop
gjen7aiua9h.belegtuike.shop
gznbta3art.glugiudo.us
hwtbypoua7l.usmarob.us
ir5sxdkia8w.frindaba.shop
iue1sjvii89.belegtuike.shop
kvfmta3ata.barazaylu.shop
lcerweearv.belegtuike.shop
mpq6lh3aet.frindaba.shop
n8poq48ouhb.glugiudo.us
nbertwea87.belegtuike.shop
py27kvfia89.barazaylu.shop
rt3821gooyb.usmarob.us
rta861siorb.glugiudo.us
rvyoyw2iivm.frindaba.shop
sfwt4yoiiw7.usmarob.us
t392dgkua7s.frindaba.shop
t4yotw3iibg.usmarob.us
t895fhwuayo.glugiudo.us
v7ai19huab9.belegtuike.shop
wa960hkuu4i.usmarob.us
wea321iorc.belegtuike.shop
wea3650iorv.barazaylu.shop
weera8eefh.frindaba.shop
weret8aasf.glugiudo.us
werwrtaa1d.usmarob.us
werwrtaa1f.frindaba.shop
wet871dooyn.barazaylu.shop
wewea3aedg.belegtuike.shop
wewetaaasf.barazaylu.shop
wweea8ae0f.usmarob.us
wwer37eegk.belegtuike.shop

# Reference: https://twitter.com/johnk3r/status/1518978277909671937

heirresoares.sbs
loreadmjuri.sbs
mielocosta.quest
rigeiasantos.cfd
sandramahl.quest
vivianesiwile.cfd
0huapt.mielocosta.quest
0huupt.heirresoares.sbs
1fuuoi.loreadmjuri.sbs
1guupp.rigeiasantos.cfd
1guuui.loreadmjuri.sbs
1huaer.vivianesiwile.cfd
1suaer.sandramahl.quest
2soo8a.rigeiasantos.cfd
36eirn.sandramahl.quest
39eirb.mielocosta.quest
5douiu.sandramahl.quest
5doums.vivianesiwile.cfd
5douua.vivianesiwile.cfd
5haiew.heirresoares.sbs
6kaiew.heirresoares.sbs
6sou4p.vivianesiwile.cfd
70ouya.loreadmjuri.sbs
71oo8a.heirresoares.sbs
71ooni.heirresoares.sbs
81oo7a.loreadmjuri.sbs
82ioyn.sandramahl.quest
86eicn.loreadmjuri.sbs
86eit4.mielocosta.quest
86ioby.vivianesiwile.cfd
95iocm.mielocosta.quest
95iovy.rigeiasantos.cfd
a8eehw.heirresoares.sbs
a9eeht.rigeiasantos.cfd
ataihr.sandramahl.quest
bwar3.rigeiasantos.cfd
cmiosv.heirresoares.sbs
cwaea.rigeiasantos.cfd
dcawa.loreadmjuri.sbs
e6iocr.heirresoares.sbs
e6oaer.rigeiasantos.cfd
eraa1g.mielocosta.quest
eraasj.sandramahl.quest
etaagj.mielocosta.quest
etaefk.rigeiasantos.cfd
etaege.vivianesiwile.cfd
fkaase.heirresoares.sbs
fviawe.rigeiasantos.cfd
fxiiew.sandramahl.quest
gtaeiw.heirresoares.sbs
jwar8.sandramahl.quest
jyeet4.vivianesiwile.cfd
jyiuzf.rigeiasantos.cfd
kcee1s.vivianesiwile.cfd
kwaea.heirresoares.sbs
mwaea.sandramahl.quest
n7io5j.loreadmjuri.sbs
ncawt.heirresoares.sbs
nlawt.mielocosta.quest
ptaibm.mielocosta.quest
ptaigr.loreadmjuri.sbs
r2iaer.mielocosta.quest
r3eeev.loreadmjuri.sbs
r3eegw.mielocosta.quest
r4eo3f.rigeiasantos.cfd
r7oaer.mielocosta.quest
raaafw.rigeiasantos.cfd
rveiq7.vivianesiwile.cfd
slaer.loreadmjuri.sbs
t6oaer.mielocosta.quest
t8eehr.vivianesiwile.cfd
uiaamj.rigeiasantos.cfd
uiaaxj.loreadmjuri.sbs
vouivm.vivianesiwile.cfd
w7oaer.loreadmjuri.sbs
wa72.mielocosta.quest
wa82.loreadmjuri.sbs
wa86.heirresoares.sbs
wa86.vivianesiwile.cfd
waa9.loreadmjuri.sbs
waa9.mielocosta.quest
waa9.sandramahl.quest
waer.heirresoares.sbs
waet.sandramahl.quest
wara.sandramahl.quest
wat3.vivianesiwile.cfd
wat8.vivianesiwile.cfd
wea91.sandramahl.quest
wea9s.rigeiasantos.cfd
wnei1s.sandramahl.quest

# Reference: https://isc.sans.edu/diary/rss/28962
# Reference: https://otx.alienvault.com/pulse/6303804723bccc7e3caad737

aeabihjpejprueuibdjmhfmdcpsfr.gq
ijnkwnkxeguxaxmldwyogggwfk.sbs
infocloudgruposolucaoecia.link
pfktaacgojiozfehwkkimhkbkm.cfd
rouepcgomfhejergdahjcfcugarfcmoa.tk
ahaaer.pfktaacgojiozfehwkkimhkbkm.cfd
cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs
hcu11m2mkk2.rouepcgomfhejergdahjcfcugarfcmoa.tk
j2vfrc7gddo.aeabihjpejprueuibdjmhfmdcpsfr.gq
w7oaer.infocloudgruposolucaoecia.link

# Reference: https://twitter.com/pollo290987/status/1574470975403560970

signaturedocusign.pics
vcestalivre.top
27oagr.signaturedocusign.pics
6fuaer.signaturedocusign.pics
fhuu4p.signaturedocusign.pics
ireikc.signaturedocusign.pics
jneaee.signaturedocusign.pics
jwawr.signaturedocusign.pics
lcaee.signaturedocusign.pics
vfiaee.signaturedocusign.pics
61ou7i.vcestalivre.top

# Reference: https://twitter.com/johnk3r/status/1605546089142026240
# Reference: https://bazaar.abuse.ch/sample/7db115f80a9ddf76b48ba1706f2bb76bd100dbbef411ebaaca87a1a1f9bd18ed/

registroinformado.bar
servicexs.workers.dev
3kecv.registroinformado.bar
job.servicexs.workers.dev

# Reference: https://isc.sans.edu/diary/29404

azuissu.directory
biagdum.review
ulafeohash.world
uripawuy.town
i5ai2h.azuissu.directory
o6a3e.ulafeohash.world
pka77.biagdum.review
w1oieg.uripawuy.town

# Reference: https://twitter.com/malware_traffic/status/1611103932771717137

pudar.sbs
xkg5l4v78ef.pudar.sbs

# Reference: https://twitter.com/johnk3r/status/1616493814088368128
# Reference: https://bazaar.abuse.ch/sample/35268155ea6ea5d1c822af2222a04ada8f807fb523fe3ff81111435caf125253/

anthonylawrence.cfd
locrahbando.cfd
r6ie8h.anthonylawrence.cfd
wwoyg.locrahbando.cfd
northamerica-northeast1-carbon-mediator-371811.cloudfunctions.net

# Reference: https://twitter.com/Bank_Security/status/1055092859404251137
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/malware-targeting-brazil-uses-legitimate-windows-components-wmi-and-certutil-as-part-of-its-routine/
# Reference: https://pastebin.com/a7ZXwiDf

ewyytrtw4646934.eririxab.com
exxxwrtw6115614.kloudghtlp.com
eririxab.com
kloudghtlp.com

# Reference: https://twitter.com/James_inthe_box/status/1152234123844415489

http://18.217.112.176

# Reference: https://twitter.com/JAMESWT_MHT/status/1136555502064848897

http://192.95.2.166

# Reference: https://twitter.com/casual_malware/status/1235206644981780480

ba6csnbs.gq
zd1dyct2.cf
hpds8smq.gq
sp5it6dt.cf
k3ytlro3.ga
lixokaln.tk
jslyjr3f.tk
rabbanbt.ml
a2ago5l1.ml
d9fearr9.ga

# Reference: https://twitter.com/Bank_Security/status/1235839277386182658
# Reference: https://www.welivesecurity.com/2020/03/05/guildma-devil-drives-electric/
# Reference: https://otx.alienvault.com/pulse/5e60de80eaa561319a314b21

acquafufheirybveru.online
ambirsr.tk
carnataldez.ml
clooinfor.cf
dbuhcbudyu.tk
equilibrios.ga
gucinowertr.tk
guildma.bj
guildma.bm
guildma.br
guildma.bs
iuiuytrytrewrqw.gq
movbmog.ga
nvfjvtntt.cf
vhguyeu.ml
xskcjzamlkxwo.gq
zvatrswtsrw.ml

# Reference: https://twitter.com/malwrhunterteam/status/1252633339967799296
# Reference: https://www.virustotal.com/gui/file/10929c710dfbdc6e78a6bb44a65fa3b84c786be95105f065081ae5927883b3a9/detection

1puknzcr.gq
lqd1fhjr.tk
nztpe4cd.gq

# Reference: https://securelist.com/the-tetrade-brazilian-banking-malware/97779/

01autogestor.ga
04autogestor.ml
0ff2mft71jarf.gq
4nk7h3s453b019.com.de
64pgrpyxpueoj.ga
6pnc3461.ink
6zs1njbw.ml
7wpinibw.ml
909nu3dx3rgk13.com.de
bantqr8rrm9c11.com.de
bnorp.ml
evokgtis.gq
g2ha14u2m2xe12.com.de
ghcco980m1zy9.org
gurulea8.ml
k8cf0j5u.cf
kaligodfrey.casa
kfgkqnf5.cf
nfiru.xyz
osieofcorizon.fun
peolplefortalce.gq
spacetopgear.cf
venumxmasz.club
vuryza.ga
xufa8hy15.online
xvbe.monster

# Reference: https://twitter.com/Arkbird_SOLG/status/1303749794578477057
# Reference: https://app.any.run/tasks/000ac8a8-dc24-4af9-8c7a-cd552bf37ad1/
# Reference: https://app.any.run/tasks/6085d4d7-8fc3-4b25-8305-9584b61d1910/

7bewp4nat2.x14x6x1x7x9x3x1x8x1.co.in
e8jattdiaey.48f7668a8f55e54e5f458f1ax.store
x14x6x1x7x9x3x1x8x1.co.in

# Reference: https://www.virustotal.com/gui/file/a1ec4ff447d2a762fb62e8d67124e2fb785bec401ae5a069bf68a36e208d078f/detection

nwr7ea9aa1.48f7668a8f55e54e5f458f1ax.store

# Reference: https://www.virustotal.com/gui/ip-address/172.67.135.119/relations

48f7668a8f55e54e5f458f1ax.store
cabwsntaa2t.48f7668a8f55e54e5f458f1ax.store
e6esfwaeyv.48f7668a8f55e54e5f458f1ax.store
e7cree5ai3m.48f7668a8f55e54e5f458f1ax.store
zw3gygwai4h.48f7668a8f55e54e5f458f1ax.store

# Reference: https://app.any.run/tasks/6346c55e-1b91-43f2-a2f4-7fe1eeee7560/

adm-perfumaria.be
uu7vtwraehv.adm-perfumaria.be

# Reference: https://twitter.com/JAMESWT_MHT/status/1350343863584616449
# Reference: https://pastebin.com/ACwzkJZn
# Reference: https://app.any.run/tasks/e9335a25-4a24-4a94-a939-aec0ab5e7da9/

16aacr.millenium-notas.xyz
39eihr.mhsprodutos.email
7kaier.planilhamsul.live
enei15.gsfogllftm.bid
eraa1d.contsfinas.xyz
fhwb8ypuu7f.reavisobombeiros2021.monster
narenstore.co.id
otq4flbei89.liberatesgroup.online
wa87.evbpmgeuvw.email
contsfinas.xyz
evbpmgeuvw.email
gsfogllftm.bid
liberatesgroup.online
millenium-notas.xyz
mhsprodutos.email
planilhamsul.live
reavisobombeiros2021.monster

# Reference: https://twitter.com/Unit42_Intel/status/1364285932296355844
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-02-22-IOCs-from-Guildma-infection.txt

atrak.gold
bombeirosgov.xyz
cfjhrfrdprfudjhefdpsforuasdcuicb.tk
ncocotdenc.date
owpxfymsrl.casa
vistoriabombeiros.email
djuaai.vistoriabombeiros.email
ktaee3.ncocotdenc.date
rbeiwd.bombeirosgov.xyz
wat8.owpxfymsrl.casa
a8f907a15dd256a8efdeefa1b4296a10.cfjhrfrdprfudjhefdpsforuasdcuicb.tk
ead7b06da12ff1ad3601bc0e58d8378b.cfjhrfrdprfudjhefdpsforuasdcuicb.tk
d852e90de17f0e95cfa4e6bca58fdc7e.ppcrbpcofpofadfdhragrrcfiidmeufu.fun
d3fcad4e8c158a8347f69755408afe9c.hgebbgepeoaufjucdriibuuheamduohp.buzz
84d5c615a6148b4a64748944ab4fea32.daeoccijpuuujifgeusprsadbjabspas.monster
b9a3966d49f092087e84c2b2d47bddd6.dsofhsbehebshfsefaagordmrcefguiu.top
9af27bde5afc7d2f9d5a54cfb940eb23.afisohduhmbuiebbmcpgedmdahpsmoaa.xyz
3fdde23513cfea8244865de9dfc24576.baapceffjrpmdjjsdergsiefijcpuodo.xyz
d685edc33c9821948bad8f053744e671.hjaejauhfiecmhrsbpdmfafhaghrubmr.site
6b07d8ebf16094112539933605bc959b.jgiscuhreojgjmppmprdcaaabsbrsago.online
5f73dc9aab98162a161124bb9b33e0f3.crjusgsfuoghrcgbiesccrsgfdimejdh.gq
e9ea25b57f0f347a7f49cb9d560b7c9f.iffbhggmcimrgsgdsopaiaeoapjhfhor.cf
a7852fbe6a64197636486f136fcd1b9f.duiispaamoafbshuegpdjdmmrdrormpr.cf
2f62d23644cbc7648fae3c8a7e49ee55.dmoujibiogrmcgabfiaamuhmrodocaom.ga
756cc5b1bad841d9bcca71f5ef35d172.afhoasaoumhmcepdugfhmrcehjdaujui.ml
7fc673d1de394b80e8c31e56741530f3.upiejiuspmmoafamjrcsfurdrggdjidg.tk
b93dbe13513d3725c86e06472667e0dc.upjodfgeamscjrbgsijbapbebhjuphcc.tk
ecbacb2226e502ed95e4ca36775be81e.upmrjdauhjrogmcipcjdcofjumjsjubr.tech
e48e99830d9692e59da0b467d2e7e859.dajahireoippjuoaprburmsjohsirbrm.live
27e15cfae240de235bc0b1063835c282.poicirorodmjmieeffjpifhmoroibajc.store
fd15e0d9a0f3ca129bfda36be54193de.fmcgdifjhaffogrhgmfcjehhausjfpjf.space
c2d4305977b663085c423d764398115b.pfiaodebsgmsdgaaamoofoiabdcmegha.best
b9a3966d49f092087e84c2b2d47bddd6.dsofhsbehebshfsefaagordmrcefguiu.top
84d5c615a6148b4a64748944ab4fea32.daeoccijpuuujifgeusprsadbjabspas.monster
58b48f2a4111bbcfca5a5c29c7a62149.mhfpudaosgoecimrsaoupupajrjscgro.site
eb952bcdead65806877687be3db00367.egbggdgogrjjfgpheoiaeaiampppjaum.cf
6dc7e6324002d963a9f17d1b68234ed6.ebaaefmooecmmibdaipahradcgcfebph.best
afhoasaoumhmcepdugfhmrcehjdaujui.ml
afisohduhmbuiebbmcpgedmdahpsmoaa.xyz
baapceffjrpmdjjsdergsiefijcpuodo.xyz
crjusgsfuoghrcgbiesccrsgfdimejdh.gq
daeoccijpuuujifgeusprsadbjabspas.monster
dajahireoippjuoaprburmsjohsirbrm.live
dmoujibiogrmcgabfiaamuhmrodocaom.ga
dsofhsbehebshfsefaagordmrcefguiu.top
duiispaamoafbshuegpdjdmmrdrormpr.cf
ebaaefmooecmmibdaipahradcgcfebph.best
egbggdgogrjjfgpheoiaeaiampppjaum.cf
fmcgdifjhaffogrhgmfcjehhausjfpjf.space
hgebbgepeoaufjucdriibuuheamduohp.buzz
hjaejauhfiecmhrsbpdmfafhaghrubmr.site
iffbhggmcimrgsgdsopaiaeoapjhfhor.cf
jgiscuhreojgjmppmprdcaaabsbrsago.online
mhfpudaosgoecimrsaoupupajrjscgro.site
pfiaodebsgmsdgaaamoofoiabdcmegha.best
poicirorodmjmieeffjpifhmoroibajc.store
ppcrbpcofpofadfdhragrrcfiidmeufu.fun
upiejiuspmmoafamjrcsfurdrggdjidg.tk
upjodfgeamscjrbgsijbapbebhjuphcc.tk
upmrjdauhjrogmcipcjdcofjumjsjubr.tech

# Reference: https://twitter.com/malware_traffic/status/1411151303670128640
# Reference: https://www.malware-traffic-analysis.net/2021/07/02/index.html

1n0izrin45jf.date
i8b89z39ldede.casa
mobly.email
webktive.bid
a9eegc.webktive.bid
ooainb.1n0izrin45jf.date
71ou7a.mobly.email
jeaeir.mobly.email
vmawt.mobly.email
wa86.i8b89z39ldede.casa


# Reference: https://twitter.com/pr0xylife/status/1463924565034377220

gsasochjrmecsrsbjmubhuspsjusaghs.club
5dooyn.gsasochjrmecsrsbjmubhuspsjusaghs.club

# Reference: https://twitter.com/ffforward/status/1463934334101037060

cvcxsdfrew.one
uytfgdkipoi.one
0ooc4.cvcxsdfrew.one
uaou9x.uytfgdkipoi.one

# Reference: https://twitter.com/1ZRR4H/status/1464118333884805148
# Reference: https://pastebin.com/e8NTUaP2

atelierasmeninas.com
blindamorares.com
ceramicasouzatex.com
condordosaires.com
construsouzaconstrucoes.com
creatinarupples.com
enlogtransportes.com
etiplasti.com
ferramentasbroca.com
fragmentomocas.com
fruteiratra.com
hrgrafica.com
importsgo.com
infordados.com
isendbox.com
lupafertilizantes.com
mestreadministracao.com
modaatevoce.com
nucleodequalificacao.com
omettoequipamentos.com
prometalfunilaria.com
propositonotificas.com
protocolospemail.com
redemmfs.com
rimainstalacoes.com
ruprestecomunicacao.com
saocamiloformosa.com
severoindustrial.com
turismocrostas.com
admti1.rimainstalacoes.com
admti10.rimainstalacoes.com
admti11.severoindustrial.com
admti13.severoindustrial.com
admti15.severoindustrial.com
admti16.rimainstalacoes.com
admti17.rimainstalacoes.com
admti18.rimainstalacoes.com
admti19.rimainstalacoes.com
admti19.severoindustrial.com
admti20.severoindustrial.com
admti21.rimainstalacoes.com
admti22.rimainstalacoes.com
admti24.rimainstalacoes.com
admti25.severoindustrial.com
admti26.rimainstalacoes.com
admti27.rimainstalacoes.com
admti28.severoindustrial.com
admti3.severoindustrial.com
admti4.rimainstalacoes.com
admti5.severoindustrial.com
admti6.rimainstalacoes.com
admti6.severoindustrial.com
admti9.severoindustrial.com
axsr11.protocolospemail.com
axsr13.protocolospemail.com
axsr14.protocolospemail.com
axsr18.protocolospemail.com
axsr5.protocolospemail.com
axsr6.protocolospemail.com
axsr7.protocolospemail.com
axsr8.protocolospemail.com
axsr9.protocolospemail.com
clipe1.blindamorares.com
clipe13.blindamorares.com
clipe14.blindamorares.com
clipe17.blindamorares.com
clipe19.blindamorares.com
clipe21.blindamorares.com
clipe24.blindamorares.com
clipe5.blindamorares.com
clipe7.blindamorares.com
codo2.fruteiratra.com
coordenarh1.etiplasti.com
coordenarh1.infordados.com
coordenarh10.etiplasti.com
coordenarh13.etiplasti.com
coordenarh15.etiplasti.com
coordenarh15.hrgrafica.com
coordenarh16.hrgrafica.com
coordenarh17.etiplasti.com
coordenarh17.infordados.com
coordenarh17.mestreadministracao.com
coordenarh18.etiplasti.com
coordenarh18.infordados.com
coordenarh19.etiplasti.com
coordenarh2.hrgrafica.com
coordenarh20.infordados.com
coordenarh21.hrgrafica.com
coordenarh22.etiplasti.com
coordenarh22.mestreadministracao.com
coordenarh23.etiplasti.com
coordenarh23.hrgrafica.com
coordenarh24.etiplasti.com
coordenarh27.etiplasti.com
coordenarh28.etiplasti.com
coordenarh3.hrgrafica.com
coordenarh4.etiplasti.com
coordenarh4.hrgrafica.com
coordenarh5.etiplasti.com
coordenarh6.etiplasti.com
coordenarh7.etiplasti.com
coordenarh8.etiplasti.com
coordenarh9.hrgrafica.com
lojas16.propositonotificas.com
lojas19.propositonotificas.com
lojas22.propositonotificas.com
lojas3.propositonotificas.com
metros1.creatinarupples.com
metros19.creatinarupples.com
metros24.creatinarupples.com
metros8.creatinarupples.com
oportunidadesrh11.ruprestecomunicacao.com
oportunidadesrh12.lupafertilizantes.com
oportunidadesrh15.ruprestecomunicacao.com
oportunidadesrh17.ruprestecomunicacao.com
oportunidadesrh18.saocamiloformosa.com
oportunidadesrh21.ruprestecomunicacao.com
oportunidadesrh22.ruprestecomunicacao.com
oportunidadesrh24.lupafertilizantes.com
oportunidadesrh24.ruprestecomunicacao.com
oportunidadesrh26.ruprestecomunicacao.com
oportunidadesrh29.ruprestecomunicacao.com
planilha22.fragmentomocas.com
planilha4.fragmentomocas.com
planilha7.fragmentomocas.com
planilha8.fragmentomocas.com
printinghot.oicp.net
proc11.protocolospemail.com
proc3.protocolospemail.com
proc4.protocolospemail.com
proc5.protocolospemail.com
proc6.protocolospemail.com
proc7.protocolospemail.com
proc9.protocolospemail.com
sedxf13.importsgo.com
sedxf6.importsgo.com
sedxf8.importsgo.com
sendf3.isendbox.com
sendf8.isendbox.com
sendf9.isendbox.com
superrh1.modaatevoce.com
superrh1.nucleodequalificacao.com
superrh1.prometalfunilaria.com
superrh10.nucleodequalificacao.com
superrh10.omettoequipamentos.com
superrh10.prometalfunilaria.com
superrh11.modaatevoce.com
superrh11.nucleodequalificacao.com
superrh11.omettoequipamentos.com
superrh12.modaatevoce.com
superrh12.omettoequipamentos.com
superrh12.prometalfunilaria.com
superrh13.nucleodequalificacao.com
superrh13.prometalfunilaria.com
superrh14.modaatevoce.com
superrh14.nucleodequalificacao.com
superrh14.omettoequipamentos.com
superrh15.nucleodequalificacao.com
superrh15.omettoequipamentos.com
superrh16.modaatevoce.com
superrh16.nucleodequalificacao.com
superrh17.modaatevoce.com
superrh17.omettoequipamentos.com
superrh17.prometalfunilaria.com
superrh18.prometalfunilaria.com
superrh19.nucleodequalificacao.com
superrh19.omettoequipamentos.com
superrh19.prometalfunilaria.com
superrh21.nucleodequalificacao.com
superrh21.omettoequipamentos.com
superrh21.prometalfunilaria.com
superrh22.modaatevoce.com
superrh22.nucleodequalificacao.com
superrh23.modaatevoce.com
superrh23.nucleodequalificacao.com
superrh23.prometalfunilaria.com
superrh24.omettoequipamentos.com
superrh24.prometalfunilaria.com
superrh25.modaatevoce.com
superrh25.nucleodequalificacao.com
superrh25.omettoequipamentos.com
superrh26.modaatevoce.com
superrh26.nucleodequalificacao.com
superrh26.omettoequipamentos.com
superrh27.omettoequipamentos.com
superrh27.prometalfunilaria.com
superrh28.modaatevoce.com
superrh29.modaatevoce.com
superrh29.omettoequipamentos.com
superrh3.nucleodequalificacao.com
superrh3.omettoequipamentos.com
superrh3.prometalfunilaria.com
superrh30.nucleodequalificacao.com
superrh30.omettoequipamentos.com
superrh30.prometalfunilaria.com
superrh4.modaatevoce.com
superrh4.omettoequipamentos.com
superrh5.modaatevoce.com
superrh5.omettoequipamentos.com
superrh5.prometalfunilaria.com
superrh6.modaatevoce.com
superrh6.nucleodequalificacao.com
superrh6.omettoequipamentos.com
superrh7.modaatevoce.com
superrh8.modaatevoce.com
superrh8.omettoequipamentos.com
superrh9.modaatevoce.com
superrh9.prometalfunilaria.com
supervisorrh1.ceramicasouzatex.com
supervisorrh10.atelierasmeninas.com
supervisorrh10.construsouzaconstrucoes.com
supervisorrh11.atelierasmeninas.com
supervisorrh11.condordosaires.com
supervisorrh12.ceramicasouzatex.com
supervisorrh12.condordosaires.com
supervisorrh13.atelierasmeninas.com
supervisorrh13.ceramicasouzatex.com
supervisorrh14.construsouzaconstrucoes.com
supervisorrh15.atelierasmeninas.com
supervisorrh15.condordosaires.com
supervisorrh15.construsouzaconstrucoes.com
supervisorrh16.atelierasmeninas.com
supervisorrh16.condordosaires.com
supervisorrh17.condordosaires.com
supervisorrh17.construsouzaconstrucoes.com
supervisorrh18.condordosaires.com
supervisorrh19.atelierasmeninas.com
supervisorrh19.enlogtransportes.com
supervisorrh2.construsouzaconstrucoes.com
supervisorrh20.atelierasmeninas.com
supervisorrh20.ceramicasouzatex.com
supervisorrh20.condordosaires.com
supervisorrh20.enlogtransportes.com
supervisorrh21.condordosaires.com
supervisorrh21.construsouzaconstrucoes.com
supervisorrh22.ceramicasouzatex.com
supervisorrh23.ceramicasouzatex.com
supervisorrh23.construsouzaconstrucoes.com
supervisorrh23.enlogtransportes.com
supervisorrh25.ceramicasouzatex.com
supervisorrh26.ceramicasouzatex.com
supervisorrh26.construsouzaconstrucoes.com
supervisorrh27.condordosaires.com
supervisorrh27.construsouzaconstrucoes.com
supervisorrh28.condordosaires.com
supervisorrh28.construsouzaconstrucoes.com
supervisorrh4.atelierasmeninas.com
supervisorrh4.condordosaires.com
supervisorrh4.construsouzaconstrucoes.com
supervisorrh5.ceramicasouzatex.com
supervisorrh5.condordosaires.com
supervisorrh6.condordosaires.com
supervisorrh7.ceramicasouzatex.com
supervisorrh7.condordosaires.com
supervisorrh8.atelierasmeninas.com
suporte17.turismocrostas.com
suporte22.turismocrostas.com
suporte6.turismocrostas.com
suporte9.turismocrostas.com
tgery11.redemmfs.com
tgery4.redemmfs.com
tgery9.redemmfs.com
veiculo1.ferramentasbroca.com
veiculo2.ferramentasbroca.com
veiculo4.ferramentasbroca.com
veiculo8.ferramentasbroca.com

# Reference: https://twitter.com/malware_traffic/status/1409683375430922254
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt
# Reference: https://otx.alienvault.com/pulse/61e93340f6cf68282de3a0f4

bihcreuomegscmedfuaggprjrjomosga.cf
elthalion.cfd
iribfinanceiroorgbrasil.cloud
jfhobjjddhsrspocbcorushsgcjhmgsg.gq
netirib.one
reizorandir.sbs
1svdca3awt.reizorandir.sbs
49oujr.elthalion.cfd
4f7afe1492603307b978fbffb672156a.jfhobjjddhsrspocbcorushsgcjhmgsg.gq
b1de04354c314704bffdcf6da5989fd7.bihcreuomegscmedfuaggprjrjomosga.cf
brasilirib07.iribfinanceiroorgbrasil.cloud
cn7iie1ei27.netirib.one
era8airaesj.netirib.one
eta327foam9.netirib.one
d36c259d9ddee6a5075920479f3c30df.bihcreuomegscmedfuaggprjrjomosga.cf
e25fa991460f33251405b284f08b84b4.jfhobjjddhsrspocbcorushsgcjhmgsg.gq
y7iar15iowe.netirib.one

# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-08-26_Guildma_domains

aceleraocoracao.top
apitameusocio.top
atendimentoaopublico.autos
atendimentoaopublico.top
autoatendimento.cloud
aventuranoturna.top
bestsyste.cloud
carltonblend.top
centetraining.cloud
chamano0800.top
chamaogugu.top
clandestina.top
climadeverao.top
connetedtheworld.cloud
despedidadesolteiro.top
detallesdelpedido.top
diasdegloria.top
diasdeluta.top
dogdasmalvada.top
domainsaler.cloud
entreefiquebem.co
euseitusabe.co
festadevagabundo.top
festalinda.top
festinhacomasmaluca.top
filhododono.co
gangsterrural.top
gatogolddotinder.top
gatonoturno.top
gordinhobololo.top
gracasadeuspai.top
grandesideias.top
kamikaze.company
largateandonosol.top
latavelha.co
maisdemilhao.top
malconnected.cloud
mandrakedefavela.top
marchanascachorra.top
masquebarbaridade.top
memorialconcluido.autos
memorialconcluido.top
nakelespike.top
naoaargumentos.co
naoteespia.top
nascipravencer.co
olhaosguridenovo.top
omelhordomundo.top
ossemfim.top
plaquedecem.top
podeapitar.top
prefeituramunicipaldebarueri.top
prefrontal.top
prestadordeservicos.top
radioremixaovivo.top
realidadeavancada.co
recebaessegol.top
recomecaroutravez.co
regularizacaoconcluida.autos
regularizacaoconcluida.top
reidalacoste.top
revoadademalandro.top
roncodotrovao.co
rumoaoextrelato.top
rumoaohexa2022.top
seentregue.top
sejamuitobemvindo.co
semdorsemganho.co
semsentimentos.top
sistemasolar.top
sotirandosono.top
suanotafoiemitidacomsucesso.top
todolacostado.top
todoruinzao.co
transaccionaprobada.top
tremmaiscaro.top
tropadoarrancadiu.top
tropadonorte.top
umpraladoispraca.top
velhocego.top
vemevaietatudocerto.top
vemsemmedo.top
voltesempre.co

# Reference: https://threatfox.abuse.ch/browse/malware/win.astaroth/

0jaest.calipol.top
0pypnpukpkp.buzz
0soub8.eanimininter.cloud
0xi5r21wm89hql.fit
1fouvy.ddonuting.cloud
1gaaar.calitina.site
1r2d76nob3mu.yachts
1zn5m7x5hr16.top
20xx65gn0assye.eu
2c5thbszbt.top
2t2ev5giwktc5o9.quest
32iieb.badomininter.cloud
33udiecodphyn.date
3f2ocy9clt90x74.one
3soakc.edonuting.cloud
3too20oe8241.cloud
40tluq1mrunb.top
41mwn790xhnur.top
4500hn3b0m.top
4af8fz610elz.shop
4auahb.calitin.buzz
4fdbm7461aq8.top
4g796aiv4kj1.world
4ilox6sa0g2r.cloud
4kaier.calipol.top
51oon7.bdomunting.cloud
58sozi3fke55.yachts
59uabr.eanimininter.cloud
5pneuovxi22i4fagh9.today
5ynierertnte.cloud
69uabr.canomininter.cloud
6huabr.badomininter.cloud
6r763orka73n.top
6v2mofchw2eix98.quest
72ioey.badomininter.cloud
75iitv.cdonununting.cloud
76iiyb.cdonununting.cloud
7ngopo51j4.cloud
7siubu.calitina.live
8jaiew.calinox.monster
8pwqbarq9lrw.top
92ionu.calitina.live
96iikr.bdomunting.cloud
96iitv.ddonuting.cloud
a3eedk.canomininter.cloud
a575hh752dp9l6c.one
a8aegj.edonuting.cloud
a8eefj.adonuting.cloud
a8eefk.canomininter.cloud
a8eejt.omdtmdqytjuu.surf
abrasivecuckoo.cfd
acartanian.mom
acerthk3v9fvsby5n.today
acordadeumavez.mom
adantorandir.fashion
adomininter.cloud
adonuting.cloud
aeringwebstar.cfd
aesulluzetecnologia.hair
afiliadobiro.link
agentewer.buzz
agentmax.buzz
agrboluy.sbs
aideiaeranegociar.cloud
alcantaralinf.buzz
alienatwebbros.sbs
amasacdddorjbreisgihduhicfeoiapu.shop
amazingx3.buzz
americanothenewyork.us
amrp2yfipn2g.buzz
animemax.buzz
anintenddoom.quest
anonovovidanova.mom
anz1guftr2hdaqq3w.agency
aocbacjcpjmbshjmacisojfbugjjgjed.live
apsojbbichcrjdcbdguihudberfhbcum.shop
asautoridadesbrasileiras.cloud
asdferthjfgk.one
assessirianricoadvocacia.cloud
atecnologianuclear.us
avisosnetdows.fit
avisosnetdows.one
ayqytyrxbrfi.fit
b8eiq4.adomininter.cloud
b9bkut6h8o9l.shop
badomininter.cloud
barahfrid.mom
baraoshad.yachts
baravey.pro
bardthaesan.mom
bartpumsonline.com
bdomunting.cloud
betleverdoom.quest
bfcfbgisarbocfjfpsacfbdsihihobeu.live
birodistrito.bond
biroperola.click
biwtblfbwv.casa
bli2qury6btt.top
blushbiro.click
blutimeddoom.quest
bmiiw6.danomininter.cloud
botzgub.mom
bpwocsltfdp.life
brandsonthasha.us
breakthroughbiro.cfd
brianrivera.cfd
bvcderuik.one
c4uu7l.calitin.buzz
c8ou8f.calinox.top
calinox.monster
calinox.top
calipol.cloud
calipol.monster
calipol.top
calipol.xyz
calitin.buzz
calitin.xyz
calitina.live
calitina.site
campoeroca.bond
campoeroca.link
canomininter.cloud
carelf.mom
carolynhill.cfd
cashprincipal.click
cavalgadasweb.bond
cavalgadasweb.quest
cavalocrioulo.cfd
cavalocrioulo.link
cavalotrote.bond
cavalotrote.click
cbcck7riewn59g.fit
cbsoeddprpcsedhidrcegihbreubpoes.top
ccjmddpbicdcasrdcaegjohmeoedarmh.shop
cdonununting.cloud
cerjrmhudbmjfdfbadrrgbcbujm.cfd
cfredswjkc.one
chrisbrandven.mom
chtopfjbunehp.surf
cjdadpbxjtk.yachts
clathascon.mom
clus.ga
cmcmhhfsoermgrpjbhcjrrjofjibpodg.live
comerciobiro.link
compaisesque.cloud
compostobiro.click
coterdesterbutom.bid
coterdesterbutom.date
cpebgfmpmrropiighmamobhoacsbigaf.top
cxsoinikts.top
cxvdsfwejmy.one
dafridroc.mom
damleverdstar.cfd
danomininter.cloud
dbgbbheeifisicuomudshis.click
ddonuting.cloud
dfuimiubaifhimoofmfpbmdjjedaaphs.top
dgzjwkjgis.cloud
dicmhssepmsidahcbfhojigipobfsefa.top
dingsteddoom.quest
diretosdewashington.us
dkaasi.qpzgycqagykg.surf
dmvb4e5ypx75.world
dnnilppfegloh.life
docpsigpecosugdeurasorsmaafpadsf.top
documentossobre.us
doedingwebros.sbs
dombrosnatweb.sbs
doningstore.buzz
dossubmarinos.us
dowbroneting.fit
dowbrosnatweb.sbs
dowbroswebneting.one
drogariasredeforte.com.br
dsipaaagfadjshrc.cfd
dswecxbgt.one
dulaworish.host
dxxgcx7eyy0pn.win
e0tu0qo5dzfqr5.fit
eanimininter.cloud
ebdijccirfemmpggbushbspopffmrdee.shop
edonuting.cloud
eesuaefeujsaceuiparomcfof.beauty
efqpzs6of9mcwhc.today
egelcwen.mom
ehsmogapfhpodocghfueoffmfjufajug.live
elizabethshannon.cfd
emda2dka59ksfy.eu
emilynunez.cfd
empoderadas.click
eraa21.adomininter.cloud
eraadj.calipol.xyz
eraadk.calipol.monster
erhith.cfd
erickdacunha.live
ertkzmrlagrex.surf
escardhes.mom
escriturario.us
estarwebs.buzz
etaa65.edonuting.cloud
etaasj.calitin.xyz
etaefh.calitina.site
euhuhajmrgooduhsedffgh.sbs
evflha888vf2j22.digital
ewaa9.wswyznfiyigl.eu
f4iidk.felipeemarlimarketingl.link
f5s5duhn4rmisu.fit
facegatoresneta.sbs
facegatoresnetb.sbs
facegatoresnetc.sbs
facegatoresnetd.sbs
facegatoresnete.sbs
facegatoresnetf.sbs
facegatoresnetg.sbs
facegatoresneth.sbs
facegatoresneti.sbs
failandstor.buzz
failwebbros.sbs
fcoidsgsfdpbpasphbsusaismbhsohep.shop
fcpoosadmimpcgbdardapcdibhaisdci.live
felipeemarlimarketingl.link
festertyhuilp.download
ffasdpbirmacdsorbssiapchppirjaho.live
fgzqudjpoicgu.top
financialbom.us
flametradoom.quest
flamsgindstar.cfd
flowersstc.buzz
flowlingbarester.sbs
fmiaee.adomininter.cloud
fmjpmbjsdirapeprrcierohgupcbfpob.top
fowlingwebbros.sbs
fpoedoaagbcduashsjiddfrsibufemrs.top
frestyernhtk.surf
frhoklqhapep.cloud
frithan.mom
frizfftylerdssa.art
ftyhjhgfdfgyuj.xyz
fyd7x756zp.monster
g3dfu87x898s.cloud
gadbce.mom
galotopgeeks.eu
gartolald.cfd
gbaea.calipol.monster
gbfdxcvasd.one
gcomdmgojmermhoaobrcdhcfbbcjghhr.top
gdmosrurjpwtf.eu
geacuegfigpfsdaofjhfesosbarajfgs.live
geaer2.pjkkxkgrfzaw.surf
geils3aw2uj8x9vl3h.agency
gfiaehpfohddcjpuamrcsbsaciubuhjo.top
ghftrezbreskler.art
ghjknbvdrtyj.xyz
ghtestrester.life
gilconsultoria.one
girocenter.online
giuseaze.business
gjyniitkxqyj.surf
gkt6yy0s7c7t.top
globomails.best
graficajardim.live
gravadopor.one
gtersx1.cfd
gtersx2.cfd
gtersx3.cfd
hbawr.canomininter.cloud
heexcnqklq.shop
hipi.com.br
hipyfitness.com.br
hn6dga8vkkm9ah.world
hqaxkbbma05u48.agency
hsdecprrbdrcufacrerergpagosfreoa.top
hvaer.calitina.site
hwaetq.roonblwracbz.fit
hxeier.adomininter.cloud
ifswbaxmkol.cloud
ijhbrphodechmcrdjudccegmicembsir.live
ipaalg.pjkkxkgrfzaw.surf
irs4c1q1j00s.date
itx02gler3uk5.digital
jdiawe.calipol.cloud
jeanettehopkins.cfd
jeffstegifu.cfd
jhaee.calipol.cloud
jmcbguuejijrubjompiesjigpaudpmog.cloud
jobcomesterd11.buzz
jobcomesterd12.buzz
jobcomesterd13.buzz
jobcomesterd14.buzz
jobcomesterd15.buzz
jobcomesterd16.buzz
jobcomesterd17.buzz
jobcomesterd18.buzz
jobcomesterd19.buzz
jobcomesterd20.buzz
johpfoprucccbbjfdbmrseuoppejdoci.shop
jorgesmith.pics
jrmcsdjriesibcuuhbgosbpuaebssiae.top
jrursormegcrbrrbocsgsgmchrgbburf.top
justerx1.cfd
justerx2.cfd
ki6hcax6c1ehe5j.one
kibwufihmk4kp.date
kiwerx1.link
kiwerx2.link
kiwerx3.link
kiwerx4.link
kiwerx5.link
kmawr.calitina.live
kniier.adonuting.cloud
kniier.danomininter.cloud
koyteo.business
ktaaot.adonuting.cloud
ktaiq3.calitin.xyz
l4uxr5s2yq.online
l5isnap6wuhx.win
lacenbeorth.cfd
larrymccarthy.pics
laucrowsyl.cfd
lc83k0l0bdl6u41.one
ld1iwm9mbnhn.top
lembretesdiws.fit
lembretesdiws.one
lenigs.cfd
leteaxe.world
lih2wbii62.shop
lkiujhyttrfdg.one
lprxarkaujzy.eu
ltpyi8i70o.shop
lxxbrmwgbkk.top
m4x11xiyeft7.shop
magentagalotop.eu
manisum.cfd
maoweti.world
markjobet.cfd
masmabelicods.com
masteroso.us
maxcijhgfdfhj.buzz
maxcijhgfdfhj.xyz
mercadodaneting.one
meyzmecu.us
mfpuejcfihfbcirmfhbdbuegjssmgbpm.top
mhytrdcvbh.buzz
mhytrdcvbh.xyz
miertx1.click
migturxe01.com
migturxe01.me
migturxe01.org
migturxe01cia.com
mncbvdisf.one
mng7wu9tx22isva.digital
monarcagalotop.link
moradoresmostra.one
motohonda.biz
mpdiccrfubmaomiidsaesrmfpoujhdgu.shop
muaefc.calitina.site
muou49.eanimininter.cloud
muyhtgrfed.one
mwaet.calipol.xyz
mwqcipk484.cloud
mxaflbsa3chjk0i.quest
myeldrqgjsdb.life
navegandostar.cfd
nbfdertjhgfghj.xyz
ncibt8kso69q.shop
neitelandstar.cfd
nemtusabeoqquer.skin
nhfresterttt.casa
nhtredfghik.buzz
nhtredfghik.xyz
nightowlgalotop.link
nironsan.cfd
nm542iefjijgl2n.one
northpointgalotop.link
np1eg9r9bh.top
nwae3.pogjyceaiaxz.surf
nwaea.calitin.xyz
nwawa.gjyniitkxqyj.surf
nyoo37.edonuting.cloud
ocofbdrioehsjdaaujfmgofoddcciuhs.top
odagmdjochhbgacdmjhbabgbaigjcsep.top
ogdebaucsjjeghfheesajgeumbjhsbdu.top
oiamrdcdjhspucccdrajefabjimssmcm.shop
okawpuskwgkm3s.top
olhaaiquetendel.mom
olinfrea.cfd
omaigod.skin
omdtmdqytjuu.surf
omdyo.business
omigxpremiernuc.com
oriobr.calinox.top
ovkral.world
p2jnahbccw.shop
pa49ed5cxjrdj.digital
pakotae.shop
pcgchgsscgsbjedusijedcgjpcpfgmpm.shop
perketurxb.com
perketurxb.me
perketurxb.org
perketurxbnet.com
perketurxbonline.com
phiafrid.pics
pjkkxkgrfzaw.surf
plustrankingh.buzz
poaklace.surf
pogjyceaiaxz.surf
previoddyx10.site
previoddyx7.site
previoddyx8.site
previoddyx9.site
pubipen.shop
qau6z4582u.shop
qgxabnszrdns.surf
qpzgycqagykg.surf
quexio.us
r2iomj.bdomunting.cloud
r4eiw6.calipol.top
r4nrjfmlc3k7z00.quest
r53z7jfphl.online
r8eejt.calipol.top
raaefw.calinox.monster
raaefw.wswyznfiyigl.eu
raaesj.calinox.top
raaewy.utshqlpwkkan.eu
rafatrekindustri24.com
rafawarsindustri.com
riakimingsam.pics
ricli.pics
riclincomerid.pics
rieealdino.pics
rinielcla.pics
rj46za4h3p99.top
rodeioswebs.bond
rodeioswebs.link
rofbiqr0wx.online
roonblwracbz.fit
roterkindustri24.com
rppmbbdacuojusecmgimormdrhiidpca.top
rt7j4qoiqh.cloud
rtaa21.badomininter.cloud
rtaa21.ddonuting.cloud
rtyhgfdfghjk.buzz
rtyhgfdfghjk.xyz
ruprn859mpe6.cloud
rwaehpjqfyyvfmam7.today
rzdywixixzy.cloud
s3fuhn8sjhbx.top
s40rj0334mda.shop
s9g9m2t8xd82x.top
salgueirao.click
sbsmcfpfjrpruuohfsjggdmbomucaffp.top
segundojornal.us
sejaumapessoaboa.hair
semmaldade.mom
seztrehjplk.in
sfdmoamhcsfdpocfgdifmjcgcedjbsui.shop
sguumi.bdomunting.cloud
shaiew.omdtmdqytjuu.surf
sj04xb2nh59mg5.agency
skylightgalotop.eu
slotstbrnewss.com
sophiaemarlibuffetme.link
soquerouma.biz
spimujgspcmfrigdfjeufcdbeeuhjjui.live
styloeventos.link
suelbekwj04q.date
sungforthseph.pics
t2iacr.calinox.top
t5ctg9k9cpdmhjt.quest
t7io5s.calitin.buzz
t8eekc.zcyzcwglozsy.fit
tanielris.pics
tdtkgyb9hpn9.top
teligameu.hair
thaefastgar.pics
thegaudysait.makeup
thourxo.fashion
thrythvell.pics
tiarrond.mom
tirodelacoweb.quest
tmlzhx7jispr1.win
todaquengarquer.biz
torneadora.click
tudopassa.skin
u1iacr.calipol.xyz
uaaazn.lprxarkaujzy.eu
ubiu8b94zmd4.top
udcwwifmzesy.fit
udguijgeupsubfcimcbjghmcbbpepjbh.top
udobaaujaobgpcmfodafemhaereeejrr.live
uebgpiojgbobmuffmcjbcfipdmgfejbu.top
ueoihwik7ru0.win
uerutxrsqi.top
ui0w9iwrsk.cloud
ulks33g7t0udb4.eu
umexoficialdamarinha.us
unkethir.mom
unnebor.pro
unpszx0ql5.cloud
urgjnixhzf.eu
ushndabag.sbs
utshqlpwkkan.eu
v1xmw5x3phqc.digital
valohad.surf
vamocaralho.skin
vaufuion.yachts
verifiquesuanota.mom
veztywzreswyxlp.directory
vidanocampo.cfd
vistyhgjrezxcx.download
vjur2fho2j3.clus.ga
w4oaer.udcwwifmzesy.fit
w5iomk.eanimininter.cloud
w5ouew.lprxarkaujzy.eu
w7oaer.zcyzcwglozsy.fit
wa86.qpzgycqagykg.surf
wa92.blushbiro.click
waa9.calipol.monster
waet.adonuting.cloud
waet.cdonununting.cloud
waet.danomininter.cloud
wara.calipol.monster
wara.danomininter.cloud
weaa5h.calitina.live
wertdoksx1.buzz
wertdoksx2.buzz
wertdoksx3.buzz
wertdoksx4.buzz
wertdoksx5.buzz
wertdoksx6.buzz
woues77mxrzi.shop
wozwobchitpr.top
wra95.pogjyceaiaxz.surf
wraa5f.assessirianricoadvocacia.cloud
wswyznfiyigl.eu
wtaey2.calipol.cloud
wuu4saetwuzf5.top
x1zu4ksval1hjh5.today
xai1mm2fpcflbq.eu
xd7e407p4gt6u.date
xertsontriscler.agency
xniier.ddonuting.cloud
xp0tztbd3s.cloud
yekobyioxnab.eu
yiaexk.calinox.monster
yiuahd.sophiaemarlibuffetme.link
yke6jpq69x.cloud
yl3l0ycdjqajh.top
yveiw7.roonblwracbz.fit
ywiigm.cdonununting.cloud
yxjukwts3tt.today
zaymuigramph.sbs
zcyzcwglozsy.fit
zfar8.utshqlpwkkan.eu
zhblkjk8nbietd.fit
zj2947i1u6.monster
zliaet.calinox.monster
zmi692fchugg4.world
zsi8idpuhg33.date
zt5rksfhnlwdme.eu

# Generic trails

/Seu7v130a.xsl