# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://techhelplist.com/spam-list/1056-delay-with-your-order-invoice-malware

lpholfnvwbukqwye.onion
lpholfnvwbukqwye.tor2web.org
lpholfnvwbukqwye.onion.to
lpholfnvwbukqwye.onion.cab

# Reference: https://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Ransom:Win32/Locky.A

vjwmpxseu.fr
jywdohhfkypg.de
blydeylrayu.it
obvpxgcohmpsou.it
cqvgwp.uk
tdxgp.eu

# Misc.

jnfumwhpd.fr
weynektquvuh.fr

# Reference: https://malwr.com/analysis/OTdhZjg3ZTAzNGUxNDJjYzhiNGE1ZGM1MGFlNWM0NzE/

lahmar.choukri.perso.neuf.fr

# Reference: https://malwr.com/analysis/Yzc1NTEzOWM2MGY2NDJhZmJkZjZmNjMwOGM3NjQyODE/

kokoko.himegimi.jp

# Reference: https://otx.alienvault.com/pulse/56cf14f567db8c06345355e5/

mafiawantsyouqq.com
lenovowantsyouff.com
whereareyoumyfriendff.com
lenovomaybenotqq.com
ikstrade.co.kr
tosalaeigroup.com

# Reference: https://malwr.com/analysis/NzUyYjhiMDA0ZTQ4NGUzZmFkMjZhZGNmZTk5NGFjMzg/

blablaworldqq.com
ujajajgogoff.com

# Reference: https://www.virustotal.com/en/ip-address/142.25.97.48/information/

blablaworldqq.com
hellomisterbiznesqq.com
hellomydearqq.com
hrfgd74nfksjdcnnklnwefvdsf.materdunst.com
lenovomaybenotqq.com

# Reference: https://www.virustotal.com/en/ip-address/146.148.55.44/information/

3j2gdpsipa74bgm441.biz
83gd65jfh24jbrwke43.brocksard.su
arendroukysdqq.com
bb34dbsjneefnsdefjsn.golemmalik.su
belableqq.com
belahhoast.net
blablaworldqq.com
blizzbauta.com
fausttime.com
fjfhsflj54t8ak439sm.wakonratio.com
fromjamaicaqq.com
goonwithmazerqq.com
gubbosiak.su
gutentagmeinliebeqq.com
h5534bvnrnkj345.maniupulp.com
helloguysqq.su
hellomisterbiznesqq.com
hellomydearqq.com
hellowomenqq.su
helloworldqqq.com
helloyoungmanqq.com
helloyungmenqq.com
hpareyouhereqq.com
invoiceholderqq.com
invoiceholderqq.su
isthereanybodyqq.com
itisverygoodqq.com
itsyourtimeqq.su
l4rdnvb5jskjb45sdfb.mayofish.com
lastooooomene2ie2e.com
lenovomaybenotqq.com
lenovowantsyouqq.com
mafianeedsyouqq.com
mafiawantsyouqq.com
maniupulp.com
mayofish.com
nnrtsdf34dsjhb23rsdf.spannflow.com
pigglywigglyqq.com
piglyeleutqq.com
pot98bza3sgfjr35t.fausttime.com
pren874bswsdbmbwe.returnyourfiless.ru
pren874bwsdbmbwe.returnyourfiless.ru
q4bfgr7bdn4nrfsnmdf.blizzbauta.com
returnyourfiless.ru
sifetsere.com
skuawill.com
soclosebutyetqq.com
spannflow.com
thisisitsqq.com
thisisyourchangeqq.com
yesitisqqq.com

# Reference: https://www.hybrid-analysis.com/sample/4290b85920a4079103047aa2ac58968f44672a05dc81a79225c3c66ad93d2faa?environmentId=4

w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at
u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com
po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at

# Reference: http://blog.dynamoo.com/2016/03/malware-spam-order-confirmation-payment.html

conspec.us
tmfilms.net
iqinternal.com
goktugyeli.com
saludaonline.com

# Reference: https://www.virustotal.com/en/ip-address/104.168.62.235/information/

ohellowruff.com
greetingsjamajcaff.com

# Reference: https://blogs.forcepoint.com/security-labs/lockys-new-dga-seeding-new-domains

bkadufmdyf.pm
kpvoxwgf.pm
fysck.fr
hsasjielgfkneh.ru
qquvjijtvatj.in
edmgbqygn.de
nbavfpb.uk
wyusb.yt
yuljfxdf.pm
bvtavc.nl
ktovxeteqtwtcsh.yt
xyfnvvbuovcd.be
hwsdymcytd.yt
cgwlamg.pw
ehfjt.pm
nfacehihugohhi.nl
cproso.pm
lnjrmdjyidprrse.de
nortkbiqhtdgd.de
ixwllqpbog.in
rvkgvjbp.it
ficpn.fr
ogworigxknalsd.eu
qaekmjxgrtcs.de
prydlvlxw.be
rsimigt.us
bqvcl.in
ovmspedrbkxlj.ru
xthppvomcxu.be
aupgcrvfm.us
uemtsb.uk
echmfrnyuwrlmas.uk
jaliqnp.yt
ejpmaxavyptyqnc.pw
nhkpknfyjnoqp.ru
iqountnrqs.ru
krpphdlu.yt
tpkmyc.ru
hubvdqgfcoierc.pw
qsaifcyuopyv.de
bxlrnw.pw
vhpurxfuohbqso.fr
ffkseaisuicb.eu
hgspblbnex.yt
cppvgch.in
lnkva.pw
ysbfaksqohpmf.in
iqvcaeogjeg.it
spxst.us
nycbuwfisadao.be
wwpyvxnihcm.fr
yxxpmghmx.uk
thcfqk.it
dfwqdyjrtyiuaij.pm
qrokkqdsmtxa.us
apgodprqgy.eu
djcbwpykgnsdikb.pm
fkkdmvsjnnptv.yt
athfaulmew.pw
cupggwpf.pm
lsotcg.in
gcsxwslqsvbhpr.pw
ivtlxgqfkiyj.it
dfxvcvxfa.be
kfifrxqke.in
fogyrq.uk
ombqnwvepxjeufs.tf
qnjoimqcqkokt.yt
lpmxewicfk.us
uubnggrp.in
woiwpu.fr
rxmbadyblcuoat.in
dlhhgett.us
mqvubo.de
haageiedrybojk.tf
jtlqoqfaykdj.uk
edpglqefm.it
nbdwqkj.fr
pcmfx.de
klqqvsewphwko.it
vqmkfujpobvu.us
xkxapdrojh.nl
stckmju.yt
uulhq.fr
esyjyjiklwnbhd.tf
ycdntrbxkuw.de
bdlpmukcp.eu
vmpthc.it
ddutcdmfvmbaaba.be
mbikamdjklmce.de
hkmaebphml.yt
jetxtfwv.pw
enxme.us
nllwyhyrvsdodo.fr
pmttrjeukjnl.yt
kvxcsnink.yt
vopbboe.tf
fmktk.pw
avppvitupmdtm.tf
cwxghlngfxo.nl
wguofdum.it
yhdrnk.ru
ifxjoqrmcmajhjf.ru
docniprmgcxm.be
adrefp.ru
jinpjwfrsjpmjgu.us
ekqmsioexowp.uk
glrbxuhejj.de
buvpbsq.pw
dvehl.pw
mtygfrrwfppuvv.us
hdvmubmbyxs.nl
radqq.tf
bfyilphwkctxdf.us
vhcrhadppxa.it
xidmofnsc.ru
srlkgw.pw
ustmanuqnxxhlmj.pm
eqplamxxqghrd.tf
yamyqrhatl.de
jxeepaassngeetq.in
sdsyswxogrhjf.tf
nfvdvistdi.nl
pgeeucpt.uk
yercwd.nl
mqjlvimienyxwr.fr
voebnwfybwkg.pw
qximfakki.fr
xjneysaum.us
hhbrghm.eu
jijps.in
ernthxdqkbuoi.tf
npixhjhhmpm.uk
burfvaac.pm
ksmbxx.in
mtuamviphwoapcq.uk
jjrlgvdlqurpa.pm
shmcsgbpypg.fr
uivmeislw.eu
prsobv.pm
ypnlcncyegxteub.in
bqvjrrodkfhjg.it
vaaytyxqyl.eu
fxnitwaq.fr
pvmyilqakqqkl.in
kfqoruddyo.nl
myxmilto.it
hicqd.us
qnqlfdthdyidbw.be
shxppmfnhjao.pm
nqcxfhycl.in
wowkllj.it

# Reference: http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-dridex-style-distribution/

iynus.net
jesusdenazaret.com.ve
southlife.church

# Reference: https://www.virustotal.com/gui/file/17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2/behavior/Lastline

dixbheudautb.be
xgyrjtjlhd.ru
inqvmknlystaai.de
vdnigs.pw
pvrsbcnsq.fr
qxxuucjephgjlok.fr
fxbyyc.fr
nlyyjkiaews.pw
avyikbtyliydohu.in
nlkejtxx.tf
snxiljkwq.us
mgcvnxmkklrl.uk

# Reference: https://mysonicwall.com/SonicAlert/searchresults.aspx?ev=article&id=901

wblejsfob.pw
cgavqeodnop.it
kqlxtqptsmys.in
pvwinlrmwvccuo.eu

# Reference: http://blog.dynamoo.com/2016/02/malware-spam-payment-laurence-cottle.html

kqlxtqptsmys.in
cgavqeodnop.it
pvwinlrmwvccuo.eu
dltvwp.it
uxvvm.us
wblejsfob.pw

# Reference: https://techhelplist.com/spam-list/1048-attn-invoice-general-mills-malware

bnfoviesrdtnslo.uk
vldxhdofpmcos.uk
jbdog.it
odcxeeg.tf
cscrrxyiyc.be
tirohbvok.in

# Reference: https://ransomwaretracker.abuse.ch/tracker/locky/  (as seen on 2017-10-31)

aarnknthc.xyz
abvtqhwodwjmi.work
acbstypdrijslr.ru
accemfsqovkd.pw
acjhwpdjhlhbncf.click
ahsqbeospcdrngfv.info
ampjsppmftmfdblpt.info
arddxjkwrp.xyz
avxdypmdbo.pw
axnemuevqnstqyflb.work
barjhxoye.info
bciuemfaapyf.biz
bddadevlpkwrrmud.xyz
bkdjvmmkwgkvgw.su
blxbymhjva.info
bnjhx.eu
bqbbsfdw.be
bqukfjfv.org
bwcfinnt.work
bwpegsfa.info
bxlrywuuobje.pw
cdxbbpngq.pw
clhyelmwnuqhigecp.pw
cpawdrtxfjkwrkkl.pw
cpyrltela.pw
cudcfybkk.pw
cwprfpjtmjb.biz
cxlgwofgrjfoaa.info
dkoipg.pw
dltvwp.it
dolfexalto.com
dqtfhkgskushlum.org
dtojlhpasjk.pw
dvmbtgoobxcc.pw
dwytqrgblrynsgtew.org
eaxpifdtwsv.biz
ecjfdaqmmyusxntwl.work
egerdpkvutvodmtsy.pw
egovrxvuspxck.be
eoalsoub.pw
eqtrtdavtnr.pw
euduudaehipk.pw
eypdxikxsufj.pw
eywlmqugxx.info
fdehgchykmiqwdg.info
fhvjsmtkirihxh.xyz
fitga.ru
fmirgordkhig.xyz
fnarsipfqe.pw
fnjyygovdjyemga.xyz
fpashgkepwtoqdjg.pw
fqoapcjolfwwenqx.pw
fqtdrnqmeofknd.biz
fuuasvhpsvuihlnje.pw
fuuwnsv.pw
fyqtguo.biz
gccxqpuuylioxoip.pw
gfcuxnaek.ru
gfwncoyhbdvggns.pw
gguaxufrt.pw
gitybdjgbxd.nl
glhxgchhfemcjgr.pw
gsebqsi.ru
gsmdqrmqddqtuv.xyz
gvludcvhcrjwmgq.in
hmndhdbscgru.pw
hppfsslyeyseudg.biz
htankds.info
hycninyxuaa.xyz
ibtfqftkgi.pw
ifohvkxmyp.biz
iqfyujpvubwawc.pw
iuieylpvfurcvmpk.pw
jfmiondv.xyz
jghbktqepe.pw
jxqdry.ru
jymhmkdaxfbl.click
kcdfajaxngiff.info
kciylimohteftc.pw
kjkwjqvqrjocpi.xyz
kpybuhnosdrm.in
kqlxtqptsmys.in
ks-davis.com
ktlgpiilbj.biz
kwontdmplpnbl.pw
kypsuw.pw
lcrdceiajmiar.org
ltpwqva.xyz
luvenxj.uk
mmhmtea.pw
muuojcu.xyz
mwqwverayognn.pw
mxyfasm.pw
nhhyxorxbxarxe.org
nlpqflkbvkdde.eu
nwcpgymgh.work
odgtnkmq.pw
ohpbdikmrrhr.pw
ohplsuljopekq.biz
omeaswslhgdw.xyz
pdlbtnfhtoxghb.org
plfbvdrpvsm.pw
pnyviolg.eu
pornohd24.com
preeqlultgfifg.pw
pvwinlrmwvccuo.eu
qbqrfyeqqvcvv.pw
qcwbrevxrotoepsp.pw
qdesslfdcmd.pw
qdvkdyvrtpjc.pw
qsbfwgtedexirbyoq.pw
qvdgqayo.pw
rbwubtpsyokqn.info
rrcspgfghsjnklts.pw
sdwempsovemtr.yt
seelkqtkkqxvq.click
sgowntfjwkybawi.pw
sgrnhwyqxdk.pw
sqrgvbgfyya.org
ssvylrn.pw
svkjhguk.ru
svvgyjweurxn.click
swfqg.in
sxflmtgxerkpgwlnp.pw
tdhyjfxltpj.pw
toxnwbkoulii.pw
tqlcjh.fr
trxswbwxhr.xyz
tswsgajtwhqkosd.su
ttoyqvq.pw
uetwvrlnee.fr
uhgmnigjpf.biz
uhhvhjqowpgopq.xyz
uhjxayhpisr.pw
umjjvccteg.biz
urulvtffwoq.xyz
uvcmlfca.biz
uxvvm.us
vcabbvhrqhot.pw
wbaskcsxiffiax.info
wdvxeval.ru
wjfkoqueatxdmqw.biz
wpvvusso.xyz
wrubyjtvqhxaqkh.pw
wtxvmsikbmtbq.pw
wvltrlrnf.xyz
xfyubqmldwvuyar.yt
xhrnfffaixawpuob.pw
xmniabhrfafptwx.pw
xofguhypjgvxrm.pw
xvchcbeqxkd.pw
xyhhuxa.be
yavmxpiqfwmubk.pw
ycvcjbhgkmsiyhdd.info
yofkhfskdyiqo.biz
ytcijiooxdtlbevrh.info
yuysikankhqvdwdv.xyz
ywjgjvpuyitnbiw.info
aechjic.pw
lvanwwbyabcfevyi.pw
vpuroeit.pw
qfuxosx.eu
uuwflbmjmi.eu
dmwajvm.fr
macooptwafkwchtpo.pw
aqmip.fr
vujqbcditgsqxe.fr
juhacjacjckclqf.pw
qlwnvdjwro.pw
lrmficvqs.pw

# Reference: https://ransomwaretracker.abuse.ch/tracker/locky/  (as seen on 2017-12-07)

lyrnvane.pw
gnsquwmgukkpgpt.pw
ibjgnqsthdyp.pw
rqfsctpgpuani.pw
aechjic.pw
ozfin.ru
sqsigig.pw
yaynawvtuqcarjwc.pw
wqxvsxppjivs.pw
qqtphtlhny.pw

# Reference: https://ransomwaretracker.abuse.ch/tracker/locky/  (as seen on 2018-04-11)

exnqhgk.xyz
yuertao.pw
stevnxwq.pw
dyoravdkiavfkbkx.pw
waduavfijwkanvf.xyz
uxwavkmttywsuynt.pw

# Reference: https://ransomwaretracker.abuse.ch/tracker/locky/  (as seen on 2018-08-30)

pagaldaily.com
eppilxqwyqdhmpdsn.pw

# Reference: https://answers.microsoft.com/en-us/office/forum/office_2010-word/my-pc-words-excel-files-infected-encrypted-by/28a153a2-368a-4e8f-ad96-2f651138720b?auth=1
# Reference: https://app.any.run/tasks/4c2cc7c8-684f-48c0-8a02-2cc50aa5d09b/

i3ezlvkoi7fwyood.tor2web.org
i3ezlvkoi7fwyood.onion.to
i3ezlvkoi7fwyood.onion.cab

# Reference: https://twitter.com/James_inthe_box/status/914111090425917440
# Reference: https://pastebin.com/6jrvxezV

hair-select.jp
/fef44gddd.enc

# Reference: https://twitter.com/pancak3lullz/status/751099312407351296

bicicletascortes.com
greatlakessawingsolutions.com
trevisancontruzionisrl.com
distributorsite.com
clear-sky.tk
crotoncreek.com
darkhollowcoffee.com
files.viva64.com
nooragrogroup.com
tabernadeltemple.com
taitorneria.com
tcnewhimki.ru
thesixthspace.com

# Reference: https://unit42.paloaltonetworks.com/unit42-the-curious-case-of-notepad-and-chthonic-exposing-a-malicious-infrastructure/

/7gyjgg5r6

# Reference: https://twitter.com/tmmalanalyst/status/790590663578439680

/linuxsucks.php

# Reference: https://twitter.com/0xtadavie/status/750602253581619200

http://185.106.122.38
http://185.106.122.46
/upload/_dispatch.php

# Reference: https://twitter.com/clucianomartins/status/825698473571909632

http://88.214.237.45

# Reference: https://twitter.com/pancak3lullz/status/748889645753118722

haselburg.cz

# Reference: https://app.any.run/tasks/16091017-2118-4909-8b38-01259d9858a2/

lytyjhtmogdcuxm.us
yoqlgkb.be
eqsculuql.ru
qbslvc.de
vgidmgof.ru
xjtintjnrbll.ru
http://86.104.134.144/main.php

# Reference: https://app.any.run/tasks/4b0ad213-124f-432e-9736-c0b2bc76b8ba/

http://185.102.136.67/checkupdate

# Reference: https://www.virustotal.com/gui/file/bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3/behavior/Lastline

hqdbxqwm.us
aiywslhvdebcx.eu
nxyqc.ru
uganqmfvoxw.it
pbkacwxfd.in
isjadfkkfogsbk.nl
yoqlgkb.be
eqsculuql.ru
qbslvc.de
xjtintjnrbll.ru
lytyjhtmogdcuxm.us
vgidmgof.ru

# Reference: https://www.virustotal.com/gui/file/89c559388564d3bc0c4afd6f8f7b4258bd58ca37d516d25425f0b14ee5b1fdc8/detection
# Reference: https://www.virustotal.com/gui/file/cfaf1579a0dd72a9115b3f9610e741ab7c46e4245ffafc9aa064a8789c89513d/detection
# Reference: https://www.virustotal.com/gui/file/4b77972f7ce86e6e55edf3b1113feab46b672ea06e7edba3a497778d588f1678/detection
# Reference: https://www.malware-traffic-analysis.net/2016/11/21/index.html
# Reference: https://infosec.cert-pa.it/analyze/ca172d038e31d503d31e2005e54589c3.pdf

http://89.108.73.124/information.cgi
http://91.211.119.98/information.cgi
ayurvedic.by
copeigoan.net
decorvise.com
hotelsheikhpalace.com
icdsarch.com
imexltd.eu
impobg.eu
innovationcircle.com
invisplast.ru
iovel.ro
jaures.be
jellybaby.org.uk
jjbook.net
jltl.net
jmltda.cl
job0916.cn
joshcomeauxhair.com
kahane.fr
kailijiazu.com
kemerhaber.net
khatibul-umamwiranu.com
kirillpryadukhin.ru
kovac-trade.com
kppngarut.org
kuangfenxian.com
kubstroy.by
librosinculpa.com.ar
livingnetwork.co.za
madde.org
majesticimmo.com
marcelrahner.com
markosia.com
mclodesigns.com
mggsoft.com
mybagslove.com
sheerfoldy.com
uuvuhqhnwnpdy.org
/hfvg623

# Reference: https://www.virustotal.com/gui/file/b22b2e6edad92cb5ea47088cb74a1d25261d812ad33a96505f6a738777ade320/detection

rek-style.ru/87nft3?oOiNTjaoB=GYVXwQDzD
tzabanga.com/87nft3?oOiNTjaoB=GYVXwQDzD
right-livelihoods.org/87nft3?oOiNTjaoB=GYVXwQDzD

# Reference: https://twitter.com/MarceloRivero/status/755909969581453312
# Reference: https://www.virustotal.com/gui/file/92fdaa26399568614e1c50aa5cfe01062b7f5e0cfc84c6693c8d8383c3d8dd58/detection

http://185.117.153.176
http://194.1.236.126
http://77.222.54.202
bshyhewgfkvewbk.su
byxkqkbw.xyz
etreoonyj.info
fkkhptb.xyz
kgdoadapuqnfo.click
nmflfpem.su
pejqdluhm.pw
tnxdfploqhvdn.su
txevuiufwynreb.click
wkhfqhioj.su
wwaebycmji.su
/upload/_dispatch.php

# Reference: https://www.virustotal.com/gui/file/8139298b57e0cb6560c9ca3a6f62995b54be6a3aa225bed75c2e2e8d6ef2d6c1/detection

dedivan.ru

# Reference: https://blog.dynamoo.com/2016/11/moar-locky-bill-12345-from-victims-own.html
# Reference: https://www.virustotal.com/gui/file/d58ea6b9390a10b5efae63670173fdfb1869dcb10b32547b6d41ba0eb47f266e/detection

asrcargo.ru
decorvise.com
gyreunbar.com
halsklam.net
myphychoice.com
naruto55.com
netclip.ro
nikanels.pl
nikitassalon.com
njzhigaokt.com
nkfyfs.cn
noamshop.com
notretribu.eu
nuevarazajeans.com
odtahova-sluzba-praha.eu
oehome.com.cn
ogrodexmilicz.pl
ogustine.com
onushilon.org
o-sis.jp
ossiatzki.com
ostra.ro
ouiphone.fr
ovsz.ru
parenclub-devilsenangels.nl
paronleather.com
paulking.it
pedalcars.ru
peppyinsta.com
piaristesafriquecentrale.org
plastictas.nl
popek.si
pppconstruction.co.za
propfisher.com
pusulam.com.tr
qybest.cn
raivel.pt
rdyy.cn
reaga.cz
realearthproperties.in
realtorpics.net
receptoare-satelit.ro
revaitsolutions.com
rimiller.com

# Reference: https://www.virustotal.com/gui/file/130ca5e3e3fa1622e4b4ed478fb2dde76e38a74fe1168aa72611471e4a1c073f/detection

http://188.127.237.175
http://85.143.212.23

# Reference: https://www.virustotal.com/gui/file/17a77977343b365f56bef665bb3174e58c39f95a6c804871295e3186ace7118c/detection

http://107.181.174.34
http://85.143.212.23
http://86.110.117.244
bmbkmufdwvxbhqby.su
cgjfebyyhiv.work
cldfwwmrbbdjkrc.org
cqtotjnuc.work
dmvgfwssmoe.ru
idwinnpgigph.org
ihmjsrqqpf.pw
jcbxghxt.org
kxswylhokm.su
nkgprad.biz
pdaqrwgbpsuycpplc.su
pgtluajeufxn.org
qhdpnqqebww.org
qqediujssoocir.work
rxcimwownpxttd.click
silvwlvm.ru
syadqdmitu.su
tsvppsdimhhw.pw
vqxhrkloopwwlhtn.work
wcqtcaoswhbjhmiog.su
wgquovneux.info
xtxwsamvu.pl
yikyrahkw.ru

# Reference: https://www.virustotal.com/gui/file/0658d290e09344f32424313a5681655acb53ee8d52a2b87d1562f2dbe0664ad9/detection

jurainvestments.com

# Reference: https://www.virustotal.com/gui/file/c5e06c7cc95694f9c04b167743d3e85d524d8894d413d1b174fc7d6b976ed146/detection

wristwatchdial.freeoda.com

# Reference: https://www.virustotal.com/gui/ip-address/64.225.91.73/relations

aasthatours.in
voreralosangha.in

# Reference: https://blog.talosintelligence.com/threat-roundup-0310-0317/ (# Win.Dropper.Locky-9992697-0)

axjjaljeoopjyxi.ru
brxgpire.click
ceawfapxacmpax.work
dewsqfil.pl
dyxbxbyyftsfvtv.xyz
ebljuseyhutbj.xyz
hubtpfr.info
iiuchklnnmgatboed.work
josebrmhfiouodlpc.biz
kspliksk.org
lfilqricrecvah.work
madxxabsulkwvud.su
nxxjpjtgyrbmeomi.org
rbdtujaxgleucvcq.pw
samorensc.top
sportzpro.bit
tdwhssrbqednweqts.su
vfffcjrodbewspv.su
vxwndredj.pw
wronig.xyz
yabodjkyclgldh.info
yvkuslknsjcjam.su

# Reference: https://twitter.com/ThreatBookLabs/status/1691989610736574926
# Reference: https://www.virustotal.com/gui/file/4edc65ec30af8ccf6c75854e75199560e98ca8502a90c976e2b7a41632d48c24/detection

http://149.202.52.215
http://81.177.26.201
bvdrmhiqfookyjod.xyz
bylkrpnhmleb.info
fiqwwldh.org
fjjkflkcsh.click
hoqhpkq.pw
huwkxovymdiwot.click
hvlujkyamv.click
ikhorqfhcjcbbkvgs.su
imgcpgljhwsnfctk.ru
nuaunvkdjasv.ru
pwfrcwo.ru
sucnejgxrul.pw
tskmrklgmjv.info
umdyltsflbe.xyz
vibsxqfoffl.pl
vtjtobnufck.pl
whfvokcix.su

# Generic

/0bgsvtr3
/08yhrf3
/08yhrf3?ctLoKnTaG=
/87nft3?oOiNTjaoB=
/87nft3?
