# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: zeus, zbot, vmzeus, citadel, zitmo, soraya
# Note: https://securelist.com/android-security-suite-premium-new-zitmo/33088/ (Zitmo is the Android variation of Zeus/Zbot)

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=GODADDY.COM,%20LLC

aefalcon.com
9virgins.com
lincolnkaraoke.com
vegantravelshow.com
roanmtbb.com
oycservicios.com
milkworks.org
prtscrinsertcn.net
toolsathomes.com
dphcustompins.com
bocaautocenters.com
tronuprising.heliohost.org
links.heliohost.org
bilbobaggins.comxa.com
danislenefc.info
sslsam.com
bots.configbinbots.info
joejdbjrmrkklfnmf.usr.me
z3us1.z-ed.info
kesikelyaf.com
felanco.heliohost.org
circleread-view.com.mocha2003.mochahost.com
resr.configure.8c1.net
server.bovine-mena.com
google.poultrymiddleeast.com
ice.ip64.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=ENOM,%20INC.

ozowarac.com
luenhinpearl.com
wayufilm.com
zetes.vdsinside.com
poolkingsthailand.com
me404.net
escuelanet.com
stats.lead.mysitehosted.com
hotelavalon.org
branchtist.com
spartanr.5gbfree.com
leon10.5gbfree.com
kraonkelaere.com
indongsang.com
lion.web2.0campus.net
lifeisgoodwhenu2.info
warriorinjapan.hostjava.net
wor6.b6dfnahea.ns2.name
mxstat230.com
yamleg.fu8.com

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=Namecheap

shadowraze.pw
speroni.pw
cryptmyexe.pw
dominoziele.pw
u8781a21.pw
japanparts.pw
waserazer.pw
martex-rybnik.pw
foxmanwer.pw
ohimmades.pw
ryuitaqw.pw
blogerjijer.pw
serverjainpangwang.pw
debservers.pw

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=R01-RU

bqtest2.ru
cd31411.tmweb.ru
jacoblanderville.myjino.ru
kadastr89.ru
islenpiding.hotmail.ru
natlalirans.hotmail.ru
dileconme.hotmail.ru
pharirgatic.hotmail.ru
imamnhearte.hotmail.ru
naaninggeschcho.hotmail.ru
rarabarnfi.hotmail.ru
gyodundena.hotmail.ru
ya-aaaa123123.myjino.ru

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=PDR%20Ltd.%20d/b/a%20PublicDomainRegistry.com

iphoneservisci.com
christianwomenpc.org
rajrainwater.org
mersinescortbayanlar.org
bppkbsulsel.com
franka.in.net
markhousecm.com
chhathpuja.com
cooldomainname.ws
gjiayimeiya.com
xclones.in.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=R01-REG-FID

bright.su
bitters.su
turkeyhotelnoslafas.su
angryshippflyforok.su
nonstopeddanceraz.su
pedropedreiromoxik.su
beatyhousesupporte.su
rsslessons.su

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=SHINJIRU%20MSC%20SDN%20BHD

cennoworld.com
classicalbitu.com
eresimgbo.com
emailsclient.com
micheal766.info
hillalala.com
yahoo-action.com

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=ERANET%20INTERNATIONAL%20LIMITED

depolakoeasre.pw
bolerakopsoa.pw
doratopelase.pw
samoniklo.pw
delaponitan.pw
slivoratikam.pw

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=TUCOWS%20DOMAINS%20INC.

demexsoft.com
blog.raw-recruits.com
burrinsurance.com
pfengineering.com
lonsmemorials.com
bbwscimanuk.pdsda.net

# Reference: https://zeustracker.abuse.ch/monitor.php?registrar=WEB%20COMMERCE%20COMMUNICATIONS%20LIMITED%20DBA%20WEBNIC.CC

domifondery3d.com
domifondery.com
securetestingnetwotk.com
littwronthath.net
hope-found-now.net
jangasm.org

# Reference: https://plot.ly/~vkremez/17

actualmove.ru
aflar.ru
alaska2russia.ru
almazdental.ru
atmape.ru
baims.ru
bbumn.ru
bitcoin-send.ru
blesslifelove.ru
bqtest2.ru
brr-21.ru.shn-host.ru
cd31411.tmweb.ru
cogoda.ru
danbeta.ru
dileconme.hotmail.ru
dozybrown.ru
eddw.ru
endnra.ru
fitytrade.ru
fx45.pp.ru
genmjob3.ru
geopryce.ru
goa-inf.ru
gyodundena.hotmail.ru
hjsahdjalsudioaso.ru
imamnhearte.hotmail.ru
islenpiding.hotmail.ru
jacoblanderville.myjino.ru
junniper.mcdir.ru
kadastr89.ru
lebedev30.ru
legitvendors.ru
lifestyles.pp.ru
lifestyles3d.ru
love.saleb.ru
lucoilosa.ru
madunixxx.ru
mcbt.ru
naaninggeschcho.hotmail.ru
natlalirans.hotmail.ru
now-work.ru
olwwe.ru
onlyl.ru
panorama-otel.ru
pharirgatic.hotmail.ru
platinum-casino.ru
pnmmn-cyvbiqzbe.ru
rarabarnfi.hotmail.ru
rich11ds2015sqr.ru
richus.ru
s888for.ru
sp4m.ru
tosyisha.ru
u0003321.cp.regruhosting.ru
ulogroup.ru
uralviolet.ru
viose.ru
vz81757.eurodir.ru
warfacebest.ru.swtest.ru
changeexchange2.ru
eroconlia.ru
luxkupe.ru
ruyacafe.net
tvergeneration.ru
zvenigorodskoe.ru
ya-aaaa123123.myjino.ru
zabava-bel.ru
zhyravlik.ru

# Reference: https://www.malwaredomainlist.com/forums/index.php?topic=2207.1255;wap2

zxjfcvfvhqfqsrpz.onion
zxjfcvfvhqfqsrpz.onion.gq
zxjfcvfvhqfqsrpz.onion.lt
zxjfcvfvhqfqsrpz.onion.cab
zxjfcvfvhqfqsrpz.onion.city
zxjfcvfvhqfqsrpz.onion.direct
zxjfcvfvhqfqsrpz.onion.link
zxjfcvfvhqfqsrpz.onion.nu
zxjfcvfvhqfqsrpz.tor2web.fi
zxjfcvfvhqfqsrpz.tor2web.blutmagie.de
zxjfcvfvhqfqsrpz.tor2web.org
zxjfcvfvhqfqsrpz.tor2web.ru
zxjfcvfvhqfqsrpz.tor-gateways.de

# Reference: https://www.virustotal.com/en/file/0663c151e7107e6d5378ecba52753f78ad50761ac6e32b63b95172dc840a1225/analysis/

aa.jn43d.su
ds38dks.net
tmp87.jn43d.su
tmp90.edns.su
tmp32.dns-free.su
c19h7.no-ip.su
fp-mk.net78.net
tmp21.dnsx23.su
tmp19.dns71.su
tmp12.dns-top.org
d65g.dw7g3.dns-free.su
d65g.dw7g3.dn3gwe.su
d65g.dw7g3.dnesa343.ru
d65g.dw7g3.dndfr44.su
d65g.dw7g3.d33jd.net
d65g.dw7g3.fefg934.info
d65g.dw7g3.46hf44.tv
d65g.dw7g3.dnrrrrrrrr.xxx

# Reference: https://www.threatcrowd.org/malware.php?md5=1ccde9e8e2599f7423ec0334013ef0c7

xdns.su

# Misc.

c19h7.no-ip-free.su
d65g.dw7g3.dns-free.su
ds.fdlo1.su
tmp19.dndddew1.su
tmp19.dns71.su
tmp21.dnsx23.su
tmp32.dns7free.su
tmp33.djuika.su
tmp33.dnsm2.su
tmp47.xdns.su
tmp90.dnsm2.su
ujn.sdf439.su

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html

blessedgroup.biz

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

neosz.org

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

www.crossatlantictrades.info

# Reference: https://reaqta.com/2018/09/global-malware-campaign-using-zeus-panda/

http://85.204.74.107
http://89.18.27.143
http://89.18.27.221
http://95.141.36.106
http://95.181.178.216
aanvraag-ing.nl
abnamto.com
adobeflashupdater.net
american-express.site
american-express24.com
apple-activated.com
apple-inc-server-icloud.com
apple-ins-server-icloud.com
apple-ituens.com
apple-ltunes-ios.com
appleid-find-usa.com
applessl.info
bdv4cc9rub.net
blochhain.com
blockchaiw.info
cibconline.cibc.com.ebm-anp.com
clickara.com
cloudflore.cc
colobinar.com
conectlo.qt
conishiret.com
disbanist.com
elementaleios.win
elementalelib.space
free-etherwallet.com
freeflysky.tk
gegirtan.com
gemendoloma.top
google-cloud.pw
gorevoin.com
gov.0.56v.us
guardnet.review
iban-abnamro.nl
iban-ing.nl
iban-marktplaats.nl
iban-rabobank.nl
icloudip-itunes.com
ielectrum.info
imap.em.gmailssdf.com
imap.maill.clintonemailhearing.com
lelectrum.com
lloyds-online-banking.verificaiton-stamp-online.com
maferdola.top
magentotoolset.com
mail30.power-gt.com
metrobanakonlline.com
mijning-ssl.info
mijning-ssl.nl
minotaris.com
mongovaca.win
nodertoma.top
polessdo.com
polinodara.com
power-gt.com
ppnl.info
procrd.pro
prosalesservice.com
sitergenis.com
sobentera.com
staticball.com
sucursalesvirtuales.at
sucursalvirtualpersonas.at
ukogono.top
verificaiton-stamp-online.com
vigerentis.com
waser.ml
worontau.top

# Reference: https://twitter.com/Bank_Security/status/1039211385752875008
# Reference: https://otx.alienvault.com/pulse/5b968a18fd673805822ff806

bizercise.top
cremedesoins.top
disithedtse.com
gaswanted.top
nauseorofte.ru
theeunload.website

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Zbot-6681657-0)

grandesupport.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1045564495723188225

94.102.60.144/1/gate.php
94.102.60.144/1/screenshot_gate.php

# Reference: https://twitter.com/r00tninja/status/1043978633558347777

wxyxgpescui4qpmc.onion

# Reference: https://twitter.com/blackorbird/status/1140519090961825792

br1vo.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-07-zbot-botnet-steals-thousands-credentials/zbot-botnet-steals-thousands-credentials.csv

merdekapalace.com
vodrasit.su

# Reference: https://twitter.com/James_inthe_box/status/1186291866511147008
# Reference: https://twitter.com/P3pperP0tts/status/1186565131829948417

baloobafoudanitojahdge.space
godisonourside5.store
molanounakomllbsedfrtee.xyz

# Reference: https://twitter.com/ChrisPSecc/status/1059374450100109313

foxbeagle.com

# Reference: https://twitter.com/James_inthe_box/status/1190320241139564544

ac-cofan.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html (# Win.Packed.Zbot-7364099-0)

alnisat.com
jagalot.com
myadvsit1.com

# Reference: https://www.virustotal.com/gui/ip-address/185.70.184.88/relations

http://185.70.184.88

# Reference: https://www.virustotal.com/gui/domain/appareluea.com/relations

appareluea.com

# Reference: https://viriback.com/30-days-later-97-panels/

nsdic.pp.ru
dtron.gdn

# Reference: https://www.virustotal.com/gui/file/0f799184fc1d6912469a26fc1c60e0f3f7fa4f9ef172f77d791911200168ee84/behavior/VirusTotal%20Cuckoofork

bonton.by

# Reference: https://www.virustotal.com/gui/file/eda6b09b87f893c7940219e19c2aa1ae1a4e0c9d07af13c4cedb9bd4ecc7cdda/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/4e8d523f1c48f606a42a25a7ebacedc0747da860bfef6a489dfe6f3b72eb7762/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/34c3e4f184b2b2551988e97941cc5aafaf9ad9bb47e03e35b4a6951a9ec502dc/behavior/Dr.Web%20vxCube

http://31.220.2.120/~bulblgh1/

# Reference: https://www.virustotal.com/gui/ip-address/185.170.43.187/relations

/ibbcgcwbrsghsovq/gate.php
/lgdrxgsorgvanizl/gate.php
/rnbqjgjxyqonejhm/gate.php
/wjsjltaipbnypilx/gate.php

# Reference: https://www.virustotal.com/gui/ip-address/167.114.89.205/relations

bemybooter.eu
edmundgroup.tk
emeonlineinc.com
estebantrejos.com
freetool.tk
partchecker.info
skmineinc.tk
swatt.me

# Reference: https://securityintelligence.com/posts/zeus-sphinx-back-in-business-some-core-modifications-arise/
# Reference: https://www.virustotal.com/gui/ip-address/185.236.203.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.63.159.168/relations
# Reference: https://www.virustotal.com/gui/ip-address/109.94.209.66/relations
# Reference: https://www.virustotal.com/gui/file/e3932ab83bc05de2e91d321c4d479ff1aa3d10fdbd91e1687c80cc0ec88270e8/detection

choksaiiwkokskkall.info
dasifosafjasfhasf.com
dsdjfhdsufudhjas.com
dsdjfhdsufudhjas.info
dsjdjsjdsadhasdas.com
fdsjfjdsfjdsdsjajjs.com
fdsjfjdsfjdsdsjajjs.info
fdsjfjdsfjdsjfdjsfh.com
fdsjfjdsjfdjsfh.com
idisaudhasdhasdj.com
idisaudhasdhasdj.info
infinitydeveloperspes.info
jdafiasfjsafahhfs.com
kasfajfsafhasfhaf.com
kdsidsiadsakfsas.com
oajdasnndkdahm.com
unverifiedintigoosjai.info

# Reference: https://www.virustotal.com/gui/file/cdd21d133862b336d6e9f6023cabc8624f2dfe78b4060e22bcd560d83caa7725/detection

microsofto.sytes.net

# Reference: https://www.virustotal.com/gui/file/f3990a88fbcd2e6c31d6dc423bb90610444227e25bd26848e653939bf593b9ed/detection

http://93.174.89.19

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html (# Win.Packed.Zeus-9762533-1)

cyxaerkijeuaupzhqjzxhkzmrmvxw.net
gmwgkfjfrcdamydbuucrhxzxqclv.org
hmnbdanrschumrtouxhmxwhfe.biz
hseuswtumvofhaugxcbuaskifzp.ru
hvwuwdellgqcaivwkeqzxhkhyea.org
jvzxcyfquohmzyotkswskjnbn.biz
kljvxotcuplskxqwbyizbro.org
knibxwsofqprztzpbyibhpvqcsh.ru
ldugqylugovtcpfuingawkugnws.com
llxcijbliflgqhiijivxkvkrcr.com
mjhhmhrovocqlnkjqkuayhxgvgoj.net
mvdyheugepjxxdgyxxsuceqv.info
mzqocmpfltdlirxcqwxwdmb.info
nbvcqsprcapbymreyvojvteagy.org
pgdgqxhufexpnfqcedvbaythu.com
pvyhfypvemoeqhxsgerotsorpsfe.ru
rshuptpdiypmjovfebcetxkud.com
soamvwpqwdxougljpjwpfbuzpuky.biz
tstcfobmbcizlrramfuhwckrn.net
tvkdezvwqkqclpnxsdapinamd.com
vklfwsfqpbsxvobnzrkxshmrkd.com
xcpijwuyvktcbmuodykbkbp.biz
xgijwozlwbiddyeavkvintxnrv.biz
xwgbavssggegeubilbnzdpbwkjzt.biz
zthqlrtgcexobqkpqkoydheikj.org

# Reference: https://www.virustotal.com/gui/file/64ed16141e4200957c51541d8b542e69828004eadfb12d7be6af1cb315bd477b/detection

dnsslavemgr.info

# Reference: https://www.virustotal.com/gui/file/1dfe64efadacd42c07ddacd8ac0bb8b4fcc8fb714411bb1f2c9a3dc6ff32bc94/detection

e-trustuplevel.info
uplvlmassreserv.com
uplvlmassreserv.info
/strongest/encryption/lvl.php
/turbojets/service/file.php

# Reference: https://www.virustotal.com/gui/file/a2c687cd7ea9a8962327848539d59ba702e5808b8450b878106ea749856e41f6/detection

yholder.com
/server%5Bphp%5D/file.php

# Reference: https://www.virustotal.com/gui/file/b5f692f2b5d1ded9063df83c6c50e46f800308a623d88516f11c705ee43878de/detection

aolmm.com
dreampass.us

# Reference: https://www.virustotal.com/gui/file/60ffd56104693c5232a7c7036595fe415b0538a47e3e84357fda6e9526397fb5/detection

brightgraph.com
blogstruct.com
babbleprint.com
/sopelka1/file.php

# Reference: https://www.virustotal.com/gui/file/9c4d15d6ebceaa72992e69984d42982886e18a7f78579f373152d15dcc45a63e/detection
# Reference: https://www.virustotal.com/gui/file/fa980962e88c61e29145ccded7da9666ecd2d855c2edc4f64a05a8a54cead222/detection

vikingwer6.com
/deadm/file.php

# Reference: https://www.virustotal.com/gui/file/f33cc7e44566a77e288990d8c13747cc54402c6c1cedc6c4da226ceb685f6c8e/detection

newoubouhbolihbi.in
trading-top.com

# Reference: https://www.virustotal.com/gui/file/ee5e4d0b93a5e8eccaebfaedb8701f5599248a28f8ef904bccaf4ea109687d62/detection

wtfrpfm.com

# Reference: https://www.virustotal.com/gui/file/d598ee9b6b6aeb0d7f0969e4964ce64136110fdc0084ae03393f8681e4b6c83e/detection

joomwerk.ru
kansound.ru
in911.ru

# Reference: https://www.virustotal.com/gui/file/67d209a1f080e29bb168e81c19ef7e149cd675b2cecb61b947d772259aee021d/detection

rolabork.ru

# Reference: https://www.virustotal.com/gui/file/869780a8cf3e5c6abef877d0c8de6d25f39b3f2190ae5437e301195bca2f2a36/detection

hronologqq33.org
httpservice-check.in
poseidonmnesovsem.org

# Reference: https://www.virustotal.com/gui/file/af482f12f5d3d14e7b1ef4b172c46647d4f117da224abfba55b682eabba147b8/detection

secondaryfoundationforyou.com

# Reference: https://www.virustotal.com/gui/file/bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb/detection

au1-gate.com
au1-gate.net
au1-gate.org
/citadel/file.php

# Reference: https://www.virustotal.com/gui/file/1ac2d1eeb98eb86e1d362b77dea44e4c2004b150b0a5351ab11af009010287fb/detection

birdisaword.com

# Reference: https://www.virustotal.com/gui/file/d54a79e8e02d981cb3e997a6c7ce62139c3231f7afeb81eee208b993cb8bf243/detection
# Reference: https://www.virustotal.com/gui/file/e8a189c50cecd228054fe4712c5e141b3537b708edc6bc5ae3b92f8f9fa8950a/detection
# Reference: https://www.virustotal.com/gui/file/2c7c90ed27e4362f1bbe6a0804dccb2290d336738f9ffaee953e74e55faf80ed/detection
# Reference: https://www.virustotal.com/gui/file/5545d836b2d098d7a27d5078b420db3876b64a62ea0f37e4c72a6eb7d8790353/detection

969696.ru
/(())/cfg.bin
/((l))/ld.php
/696969/cfg.bin
/696969/ld.php
/69111/69.php

# Reference: https://www.virustotal.com/gui/file/76df057847c5c03cdb03909463fe1cf971227be2916bd44fcad238ca71795059/detection

gussiley.org
wowteammy113.org

# Reference: https://www.virustotal.com/gui/file/b3e03b09e6c232697baf75a2bf9d6294286515b39f0d9c4760bfe31df9a26617/detection

omarioscb.com
megasuperzx.com
megasuperzxa.com
/citdl/qpcpcitdl/amdinkz/filex.php

# Reference: https://www.virustotal.com/gui/file/77aa47af04cd0e6db95601f1fc99341502d46796e71491946cffafd99b9026f9/detection
# Reference: https://www.virustotal.com/gui/file/d36a83d3dd3426c0f25f75eab0975476dfdd46a76482d31ad650faa2f45cab20/detection
# Reference: https://www.virustotal.com/gui/file/1ea97b370180d9d44d664a4f1a864b900e024ca2341e4ca1cfe8ce8f1453bf84/detection

fs21sa643664.be
fs535a64364.be
fsa3fsa1643624.be
fsafs421524.be
fsafs4215254.be
fsafsa521524.in
/0x0003/file.php

# Reference: https://www.virustotal.com/gui/file/8af46632f1182264dfca3865ae9583748a21e8a3d020ef8d3340c8c0b36a04f0/detection

quittsagges3ies.be
/0x0004/file.php

# Reference: https://www.virustotal.com/gui/file/b73f0e9996a603e6a365e94fa187dddb228911e88224513fd06bd55a46fb1cea/detection

kopolenatser.com
urkinotgood.com

# Reference: https://www.virustotal.com/gui/file/2d2c858c42ca6a3f5cf5dee426359c6af428d067ee76b695bf77e95d64338e8c/detection

homelinuxinside2.net

# Reference: https://www.virustotal.com/gui/file/7481d6bbe0dbee670f794927d4616766f67b0b29949035ef1eeb518ff1f64b51/detection

grblinux.com

# Reference: https://www.virustotal.com/gui/file/8b9618bb2c711d6957a77559a6ae067ea80e80a40e19020b2034848c7362df37/detection

alemandat.info
bilbodron.info

# Reference: https://www.virustotal.com/gui/file/2e489f865d361135df441d5abf8345110a71216a76a67c5cf427c48564980d14/detection

demoserviceout.ru

# Reference: https://www.virustotal.com/gui/file/237dcc31bf8f4b64d96bd3a2fbe5c5f0851f384b66d94b64f2667a9448694559/detection

commonformstopnet.com
netcenterc.com
obcmainrevisitor.net

# Reference: https://www.virustotal.com/gui/file/19798a9e42cce6050411aef7bd409f7159963d84f15da8fdfd97201028bf4877/detection

soundwisdomfinancial.com
thelockmanpublic.com/wp-content/themes/instal/file.php
trendlavoro.com

# Reference: https://www.virustotal.com/gui/file/88621dfb1f33552c74a5737b94b82a8a21ebad940ff4cbeac5875f7859a6bdbb/detection

checkincheckoutdoodling.in
emphasissmartlists.org
simplynamedgritty.in

# Reference: https://www.virustotal.com/gui/file/9c49410451724a01979fe1f0977c401053350b2b09870dc446d8fc052af13fb1/detection

h5d5c57.com
h5d5c61.com
mobidickguru.com

# Reference: https://www.virustotal.com/gui/file/3b9ff9953de8cf87fd8a8f81e0ed49f2872733c79c9c4f300ac6d4054cece8f9/detection

computer-data-klinik.de/html/kk2.bin
justtakethis.be
/html/kk2.bin

# Reference: https://www.virustotal.com/gui/file/575bab5077092b7eed58daa88dc419fcb7c63297e2dc5f6709719665cab5b67d/detection

sikonsol.com
/jobcfg/cfg.bin

# Reference: https://www.virustotal.com/gui/file/b9a128c5ba5aba51e29a83c15500d551fd900c84d84c90a2f1ae94d2136be661/detection

sampleadvert.net
someadverdownservice.com
werbadvsrvpoints.net

# Reference: https://www.virustotal.com/gui/file/ec17c8a9397fd0563453c9d81c67e5e4582e4826221e060e4c192cb5c0efdb2e/detection

aartdvery.ru
ischu-sponsora.ru
lana-ross.ru
lazur-gagra.ru

# Reference: https://www.virustotal.com/gui/file/c3a6741265e5ab85fd0961d32c24732c224ace930933a379fc1e86ef14fc709c/detection

dualglobalwave.info
dualglobalexwave.com
quadglobalexwave.com
/encrypted/globalwave/aes.php

# Reference: https://www.virustotal.com/gui/file/229c8f1c6c38736cd17b640c23af25820c0ae03605dce999c1753d0471c1586e/detection

kulanustarikamistalama.in
lopusterijuxtanta.org
robasteolukatunamela.com
/chuqn/siaoqir9v/file.php
/chuqn/siaoqir9v/
/siaoqir9v/
/dgquicnqi/ladlchfiq/ofpcnqkx/file.php
/dgquicnqi/ladlchfiq/ofpcnqkx/
/dgquicnqi/ladlchfiq/
/dgquicnqi/
/ladlchfiq/ofpcnqkx/
/ladlchfiq/
/ofpcnqkx/

# Reference: https://www.virustotal.com/gui/file/4486727f171db1926ef12dd440d21eea31b93da2216970eff293583f635dba85/detection

commonftsformbs.com
fieldmanv.net
obcontainerev.net

# Reference: https://www.virustotal.com/gui/file/3db29a66fe45ca425b777f48b65c92151b76d1ba937a59b9ac1578b705f69c28/detection

webdatab.net

# Reference: https://www.virustotal.com/gui/file/4309d4f49abeb0d39454f20a5c60195ee42bf0b0f59864c86059da078c189830/detection

gremlindefault.net
/mainsession/game_install.bin

# Reference: https://www.virustotal.com/gui/file/c8f04368f328a59e18c07bd0ee1db101395828d0927780cb33188eff3d784a17/detection

cloudsfigs.info
getocifpo.in

# Reference: https://www.virustotal.com/gui/file/6fc09cc6d28ec986cfc0aacda23ec88be4c0bda626872bfde372cb9ab9dc8671/detection

alexaworldserver.com
clickbankstat.com

# Reference: https://www.virustotal.com/gui/file/f636794e88cb81b01ac7fa6c4bdf77a33ddd7e88cd33eb98072008e0e64d3013/detection

inconvenienceonthefly.org
performschronicle.org

# Reference: https://www.virustotal.com/gui/file/b3dd0f0ed4049538d744bb23be46595e5e13776c1fd1bd925b04d9bfb94fe38c/detection

newcidomain.com
trestnetreste.com

# Reference: https://www.virustotal.com/gui/file/d7c0238bf4b822e0c48da87d643182a0cc078dcbca2d6ea1db47e02f2802163f/detection

somanyexp.com

# Reference: https://www.virustotal.com/gui/file/915c2d5328ac5ad50b1cc62ad86e18f6f176d2b8f1971c436d9f21aed9f4fe6e/detection

hatefujews.com
qwe111.com

# Reference: https://www.virustotal.com/gui/file/b7b6c4f9addbc4d9b409a3cbda3b4575abb4b48e0f39659adc38306fd1f0bc16/detection

sunshinework22.com

# Reference: https://www.virustotal.com/gui/file/5a72c2f099c6a6fce7b9c67ba818d1a03b1e419dc502f04e484230c6dfd37247/detection

alldomainsguns.org
fincdoms11.com
returnzlab.net

# Reference: https://www.virustotal.com/gui/file/800193aaf555efb8fc4c4cf40b0a33ff7bab082c3cc07d254156300e1b45b5f7/detection

viplobbyr.in
waxshmax.org

# Reference: https://www.virustotal.com/gui/file/b963b4f7340d6c1a691f62f7051d922c9ba5eb8283e49b3d7308faa52fc938e7/detection

transservx.com
/xz4h3/files/test_config.bin

# Reference: https://www.virustotal.com/gui/file/fc11097eaf4e2cc3b36ff3e3ca399568219693623a3c85142dd6a3999404c7b4/detection

streetviewdaz.com

# Reference: https://www.virustotal.com/gui/file/0cf49127a7a57851623353d77dbb7dd54c337a5b56cdbe11475bb9fa68c44624/detection

aderege.com
domainqwerty.com

# Reference: https://www.virustotal.com/gui/file/ec8d0d93275f35730ca3d122116f6fb2705f357a72f0ac919567ac89ad521100/detection

adiumflux.com
/UOIy7893uas4adss/
/UOIy7893uas4adss/file.php

# Reference: https://www.virustotal.com/gui/file/9247811c3355c6a72eb1b9b2c2f6535a68a34add7486c3c3ee450903fa2edc60/detection

games4win.org

# Reference: https://www.virustotal.com/gui/file/c52b858a241f25202cec44f8606307c3a31333cd35a8692dfa0cdf8c708b780b/detection

leramvena15.info

# Reference: https://www.virustotal.com/gui/file/8e035883bba72d3bc925f8657dc9da754e5ed854290d436ab188ce155a31dea7/detection

produkktc.com

# Reference: https://www.virustotal.com/gui/file/ffc588993173d8b4a19a9ee87888d53f1b13c957e47a89027439deb73ad3ba4d/detection

ineshohaia.no-ip.biz
oslomoslo.myftp.biz
philcrow88.my03.com
smartappsecurity.com
smartappsecurity.net
smtpandrho.sendsmtp.com
/sms/me_v689.php

# Reference: https://otx.alienvault.io/indicator/domain/promisex.ru
# Reference: https://www.slideshare.net/realdeepdark/famous-cc-servers-from-inside-to-outside
# Reference: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3156.pdf

promisex.ru
tredokilo745241.ru
/1/uggi/

# Reference: https://www.virustotal.com/gui/file/12a5fcbea38b2105cf7a6fb697ed61be1b118898096a0f7f868b51a24a04f138/detection

777rhims.dhcp.biz

# Reference: https://www.virustotal.com/gui/file/ed37d472ab06b7f289a8ab784029edb164ad83a9dc1b8937b01a8d4155628176/detection

iansconcept.com
/adminpanel/modules/config.bin
 
# Reference: https://medium.com/@lavineaoluoch/network-traffic-analysis-of-zeus-malware-86fee538c809

mahamaya1ifesciences.com
/metro91/admin/1/ppptp.jpg
/metro91/admin/

# Reference: https://www.virustotal.com/gui/file/c759e26e98eaf7c8ff3c1650ff5d027561bb15db56d41b22984a4db01674ee92/detection
# Reference: https://www.virustotal.com/gui/file/99de318ee773544d99430fbc0e369acd0ae5820f2d46065f640b502ea508ae01/detection

sonifer.biz
/pers/list/config.bin

# Reference: https://www.virustotal.com/gui/file/1b2603f25f03c697080ceb79b740b534958f69c07232819fe29bd3d4adc39f9d/detection
# Reference: https://www.virustotal.com/gui/file/82b3ff47244eb0c0fd77716f2f5a0e4183e2140d31c586cadbe16d3cc39481c9/detection

/gsdwwk/config.bin
/gsdwwk/gate.php
/gsdwwk/mod1.bin
/gsdwwk/mod2.bin
/gsdwwk/mod3.bin
/gsdwwk/mod4.bin
/gsdwwk/mod5.bin
/gsdwwk/mod6.bin
/gsdwwk/mod7.bin
/gsdwwk/mod8.bin
/gsdwwk/mod9.bin

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Citadel)

adcarapicuiba.org.br
aimbissonline.uni.me
alabaka.net
albors.ir
appimpak.com
asptt.aikido-meat.com
aydinyasam.com
bawsyfella.96.lt
bercepazarlama.com
blacked.co.in
bringbackourgals.biz
bukumluiplik.com
campusbusinness.uk.nf
casadoatirador.com.br
chidochi.in
cita.zlayvez.name
clinicadrneto.com.br
clubotumba.asia
coldrollicecream.com
crossydonalds.biz
czonest.com
dadaehirim-ventures.biz
dan.xiga.us
dantanta.in
daveotool.com
dede-ventures.biz
dexteriscool.in
dohanconglomerate.eu
donaldsleek.in
eddy-elderventures.com
enocuae.com
esherristore.com
fasholatools.com
faw.cl
flamaniplik.com
fretrillion.bl.ee
frhometextile.com
gfxexchange.biz
girlchildeducation.biz
girlchildright.biz
goldtradingpty.com
greenindustry.info
grupolz.com.br
hardwoodhosting.biz
harsto5.myhostpoint.ch
heartfactor.us
hsbconlineuk.com
hulkania.bl.ee
ibegroupofcompany.biz
indigienet.net
industry-pencik.biz
int.ishonch-doverie.uz
integratedcredit-exchangebase.com
inteligenciasistemas.com.br
ironisthrone.in
isopoly.net
jahexportandinprot.in
jefferkayelle.name
jj-tradings.ru
jobs.hendra-budiawan.com
jottedmaintains.net
junkss.asia
kalisto.us
kane22.flu.cc
kesikelyaf.com
kitchensinkco.com
ktvarzi.com
lawaco.com.vn
lbmedical.se
likeorders.com
lineage2world.pro
livingword.co.uk
macclean.cn
machimaks.nut.cc
magajmet400.com
makemoneyonlinewithdougzimmer.com
martex-rybnik.pw
merchantspeedaircourier.com
merchantspeedcourier.com
mercodigital.com
migratesolutions.net
militarygradehosting.com
mnsccds.com
morondos.com
mrganglobalinks.com
muzafferdemirtas.com
my40ventures.biz
nondisclosureaddremove.net
ntma-ng.com
osi1.tld.cc
ourdailyshopping.com
parisnigeria.com
peralos.com
phiosi.usa.cc
powblock.com
premieroil.net
profisite.net.ua
pursuits.in
rayanserver.com
ready-for-numbers.com
ringiplik.com
rossyb1.myhostpoint.ch
roymelody.net
s-trust.co
saudevitalsuplementos.com
sayno2gal2galmarriage.biz
sayno2gaymarriage.biz
servicoplus.in
sexyfeetpics.net
siouxlandchamber.com
sp4m.ru
spamheros.info
specificrandomness.com
sportfitzeeland.nl
starteendteam.ru
stfoto.pro
susdu34568.com
susduais1818.com
swellbottom.net
talkaloka.meximas.com
technlip.com
teddydurban.com
teethbow.in
theoweiss.com.br
togment.co.in
toolsinc.info
trillsafe.usa.cc
trustinstrument.com
unlimitedgoods.biz
upliftosi.ibiz.cc
vidgutch.biz
voipinfo.sk
vsnili.com
wandingoo.net
westgotit.net
windows-security.su
worldbiggestsocialnetwork.in
xcessabc.in
young-gizzy.com
zedlabs.co.uk
zpanel.ibiz.cc

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Zeus)

1011233.com
2334455666.com
24411244.com
564356899.com
abdul.org.in
acstyles.com
actyve.com.br
agrochoice.co.ke
aladdinsbikes.com
alchemistrywork.com
alissonguimaraes.com.br
alliedmindstorm.com
alokobi.com
ambient-gradnje.si
ankaninyuvasi.com
approvi.com.br
arquitectoenbarcelona.com
arteemmetais.com.br
auto-fx.nl
bakisekerci.com
balharbourcondo.com
balkanjm.com
barekpaint.com
bashcamron.com
bazalttas.com
bentleyoil.biz
berizka.gorodok.km.ua
beta.malimusavirbul.com
biorecc.com
blessingfm.com
bobotat.usa.cc
bossmmc.in
bouvoyages.net
brandweerravels.com
brazilcup.tk
buachedhsp.com
bullorverdjinx.biz
bunydchina.com
butikbrands.com
c4utrecht.nl
cabinet-biennale.com
cambraine.eu
cathybote.biz
ccghd.ru
centrastt.co.uk
cerovskiprijatnomnebi25.net
chaseonlinepc.com
chicboytrde.in
chimmy.eu
clinicadrneto.com.br
clivertrade.biz
clubdonald.asia
cockkett.com
coldworld.co.in
cometcountry.com
consumatorul.com
coolnewhairstyles.com
cosem.co.in
cscebc.ca
cursodegnosis.net
dailyscursos.com
daisyvennyboy.com
dangotegroupng.org
darretlo.net
datarecoveryoxfordshire.co.uk
decembermoney.co.in
declogz2014.asia
dexteriscool.in
dezigner.com.my
diablesdelleida.cat
dierendal.nl
dimar.cl
diocesedemarilia.org.br
diversifiedgeneralcontracting.com
docedebebe.com.br
dominoziele.pw
dontskid.me
dopeboi.ru
doubtclear.com
drabstryy.co.uk
drekavac.com
dubankoolzi.biz
e-byturk.com
e-rbi.org
economiademercado.com.br
ellawijt.com
engeforpavimentacao.com.br
english-glasmark.pl
epjbcn.es
euslugi.mojregion.info
everbelen.be
excessmoney1.com
exchangeprofitchop.biz
eyeofgod1.com
fantasysasa.com
faranegar.co
favourfromgod.org
fdslosart.co.uk
femfkyozuma.biz
fleursmontreal.net
fluxedetero.biz
foxmanwer.pw
freegeart.net
freya.instanthosting.com.au
funbeatzfm.sonixhost.com
fundacioncopservir.org
gardenasofa.com
genesysproperties.co.ke
getego.suroot.com
ggnesx.biz
glamourettecollections.com
glaxeopink.net
globalplus1.in
glogisticses.com
godlalune.com
goodluckfromgod.org
greethy.com
grupoprosur.com
gunessaatlicaybahcesi.com
gunindo.co.id
hackingbase.com
haiunair.com
helllogz2014.org
hepsibirbilisim.com
hetchies.com
hillalala.com
hiro-ishino.com.au
hockeyihl.com
hungthinhtrade.com
hyperbolic.tk
hytorc.com.vn
iansconcept.com
ibandekorasyon.com
ibmjm.com.br
ichiewale973.biz
ikakajadesola.me
ikebob.usa.cc
illawarradisabilitytrust.com.au
imanprojects.com
indigienet.net
infosousahost.com
injaus.com
integralaser.cl
iphoneservicecenter.co.uk
ironisthrone.in
isgomtemizlik.com.tr
ismailerdem.com
jaiwebhosting.net
jerry.usa.cc
jerryguy.usa.cc
joehellgroup.org
johnconsultrade.in
jonetrade.org.in
juanadearco.com.uy
kenpactrades.biz
khoangiengthutiep.com
kihsmalta.com
kiongroups.com
kioskcantinhodaroca.com.br
kiperonline.com
kireasweert.co.uk
kisar.co.in
kisgolden.me
kkeraobal.com
kontlinent.info
kwazar.ru
lampond.info
lanotes.com
lawsnorders.eu
liderbombasinjetoras.com
livingwaterphotography.com
logzbox2014.org.in
londonswifitdelivery.net
losartsettsf.co.uk
macrshops.eu
magicborn.me
magnifiquenails.be
mahamaya1ifesciences.com
majorenterprise.info
malcolmwood.me.uk
mariorossi2013.homepc.it
markavellijob.co.in
masertrades.biz
matclawanstd.in
mattyboss.in
mcbt.ru
mcfadden.asia
mecanicauach.cl
menumaterno.com.br
mersinkablotv.com
metaphororganic.com
mhhealthcare.es
michael-spa.asia
mizarstvogregor.si
mnsccds.com
modeconnect.org
moratti-sales.biz
muazymaur.tk
munusamykeums.pw
myallpctools.com
mybomb.usa.cc
mycodeboard.com
mydriveonte.sx
nacosti.go.ke
namibianhardwood.com
nanoprotech.com.ua
nawederunam.com
neumaticoschiclayo.com
newbetrrsearve.co.uk
newyorkradioimperio.com
nguyentatdat.com
nhk.nl
nicholastradess.biz
nijahostingresellers.com
nmtchicago.org
nodulling.in
nozs.nl
numarabulma.com
nyprince.us
obi.org.in
obilogas.net
oceansheillnz.com
ochez.co.uk
ogodo.in
oldmomtaz.com
onecontabilidade.com.br
onenewmanthailand.com
onyekaobo.in
orientexpcs.org
ortaksistem.com
ostsee-bunker-de.com
oweridreamsact.com.ng
oxygenconcentratorairsep.com
packycracku.com
panelreturn.tld.cc
paramin.ac.th
partiestiro200.com
pat.org.in
paulstoreyphotography.com
persianworlddesign.com
phnienhuis.nl
phuankhang.vn
pianofun.edu.vn
plannersa.com
planstrazwes.biz
pofuduk.org
pongwebdevelop.com
poolandspabuildingsandenclosures.com
postnotification-security.biz
prepairweekend.nl
primaria-baciu.ro
princeventure.in
protectiatgjiu.ro
proxyhost.pr.ohost.de
qoritravelperu.com
radiantuniform.com
rainbowsongdome.net
range2014.co.in
realsamytrade.org.in
reluxmusic.com
retinolkrem.com
richirichibues.in
ricolain.in
rodsagu.com
roersmabestratingen.nl
romanskorter290.com
rootpanel.inthostingpro.com
roymelody.net
s2db101.com
salesadvert.com
seasonlogz.co.in
seastrader.com
securenetsystem.net
securityguard.co.in
seguroparaviageminternacional.net
seminee.aega.ro
shumakadeenm.biz
siamjaguar.com
signsbycoast.com
sinetix.ca
sksshopping.com
smarthous.com.ua
soja.usa.cc
solgetyhenz.biz
solomongrandy.zapto.org
sonbachtuyet.net
sonifer.biz
sosyalmmo.net
specificrandomness.com
spectracity.com
srnsaexpress.com
strenghtoflord.co.in
sub.beirinckx.be
syndlcatebank.co.in
taiyuean.com
tatlidunyam.biz
techfriendly.us
technoindiaengg.com
tesia-thailand.com
tkvcelik.com.tr
tkwdog.com.br
togdbdglrytrade.org.in
tosyisha.ru
trebolparnpa.com
trettinjoel.com
trinityball.com.au
tryfindurwayback.tk
tsrsolutions.in
tualimpa.pt
tuguarenas.com
tuoitredakrlap.net
tupperwarewithdawna.com
tvergeneration.ru
uatyper.com
ucelrezistans.com
udih-udih.tk
udmowners.com
ufg-corp.com
ungererandcompany.net
unlessg.in
v-prokate.by
v-speedautoimport.com
vagamonhillvalley.com
vaterfall.com
vehicle-electrics-liverpool.co.uk
vickybaba.in
villa.usa.cc
vip-interior.com.ua
vivahammer.com
w1sdom.us
wahproject.com
warpservice.ro
wbassessoriaeconsultoria.com.br
web-upd.com
webgiz.muz.ifsuldeminas.edu.br
webhacktools.co.vu
whitbyshopper.co.uk
wipper.co.in
woo-wei.com.tw
wsostore.net
apat.ir
asmep.biz
bhaveshkumar.pw
candlerparkchiropractic.com
centralcour.com
coolhaas.com
czkey1n.com
dailysanitations.com
emmy.usa.cc
fightforme.ind.in
girasolestudi.it
impm.upel.edu.ve
mahamaya1ifesciences.pw
mediacasal.com
mydatingphoto.com
nomoreparentsleftbehind.com
phillipshenderson.org
porschecayenne.com.ru
powerofpromos.com
r-sbonline.org
salemtravelsagency.com
thaidham.com
theprintingagent.ca
xiistones.com
yothin.ac.th
youngshoipstory.com
youronlinecoach.net
zapata1.co.uk
zinolioncity.co.in
zokah.dk

# Reference: https://www.virustotal.com/gui/file/04b5fe7818bae1336275789510cf1a58b03a6f218a3631b2458a77ea177dcb17/detection

143biz.cc.md-14.webhostbox.net
blog.wordpress-catalog.com
/something/bot.php

# Reference: https://www.virustotal.com/gui/file/d45f6e73b2841c984702a9f0c0c62f87ccf2bcdd609ba007e4d3d8fb83794034/detection
# Reference: https://www.virustotal.com/gui/file/fc584fc8eee7af410e28a2d9e4aec8829ffe6919aca24d2499fd96133ce20f9a/detection
# Reference: https://www.virustotal.com/gui/file/9c02d98b1030de2663476e476dd83a2894de9e8499cc4449356cc94da16de7f4/detection
# Reference: https://www.virustotal.com/gui/file/a65ef3a77982ae70f5509548076a3957a3c881c053aec6b6c9fa819461dfed9b/detection

blander6.net
irtonger-um2.net
mersingers3.org

# Reference: https://www.virustotal.com/gui/file/196d1e066205ba6c35f09376eb632688c4fde2226d6197c6eae327ed67120fc7/detection

androzo.ru

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

jiang-zem.in

# Reference: https://www.virustotal.com/gui/file/88fa2c2b5fc263b480f9c5325c8a9f50990d9021662e04c446b6cd829487b76d/detection

109.236.87.180:7000
217.23.3.184:4500
217.23.3.184:7000
nanoseklo.net

# Reference: https://www.virustotal.com/gui/file/9a18c4304cfa61761e6056c58baf1b04f05821089859b927edf64db2d19ea7a0/detection

ssw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/f625affaf24e22f04f0bd876a2ab8451e55ebf4c0e4f30b3c939a5e113d81025/detection

hlebska.info
verodex.info

# Reference: https://www.virustotal.com/gui/file/f202499ba5cbae333203ad6a52e7de8e245b2b9c24b2cc9d6853a23ecfaf41e1/detection

lajogrodushope.pl
vitamingraphic.pl
/ukh/file.php

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html (# Win.Packed.Zbot-9831585-0)

dailytip4u.net
discountgoods2012.com

# Reference: https://www.virustotal.com/gui/file/fd9979d7034ecebbc40c74debb6d9f45f0fc85013d1f015a5b00e889fc218d54/detection

mediajoint.info

# Reference: ttps://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html (# Win.Packed.Zbot-9836849-0)

eadergdmezhmllycukzwxfy.info
fmhxukscmzbupemqgytfmxpln.com
fqizmzpdpnoreznzzibpztizl.biz
gqdqordebeuxtcfuzllnozlojl.org
gqldsoztpzlzzfavsbakn.com
gyldeijvmztgylvyttugwk.biz
htgqcyfiyltkbdigqptohwt.net
jbbqhpgqxpojmnuozhrozpd.com
jnkfpdbydhytwpfyvodyugsoq.net
lrhyhapnlcypebafmdyxrskh.info
ozguhiqzxvortkuwpvnfduwxpz.biz
ozvwgmjbojmnxdwolrkcu.biz
pltoeyvdxydtjbmia.biz
rkxmitgcymqsxijmjfyotsfa.info
swcepbtokjovjfuoljcqydxiv.com
swusxjddvovcjbeaucfuhixkt.org
tcyhznjsowdcyzirnrtreu.com
tswfgqaybeslzgqampfemnuwhfy.net
uszdrwmvofibnammrhmfmrwsmvifij.com
uwlljzswedzhcebuyprwlrvc.net
woaetjnxwzlwmjqkhukrthxg.com
xqoltscyroxdunzkvtovleajr.org
zlkzxbidydpxyxhlnamlvsd.biz
zppjrbqhbainsgjnhuwxsbyvgt.org

# Reference: https://www.virustotal.com/gui/file/607b3ee81bb8ef64c64304ed98a85fb860efaf3fe61afa8ac67c1ca7f1b970e2/detection

btnt.niex.cc

# Reference: https://www.virustotal.com/gui/file/e05b55fef3646ce0b34e76af3763a58f55ce47e27a85c842738fdc75c1fa0a47/detection

datafilename.download

# Reference: https://www.virustotal.com/gui/file/cb6c1e02bf80a5d6878a73b2cd599f2ce44b3cb952ddbcfe714f6a912ed9fd64/detection

hutrnadhi.com

# Reference: https://www.virustotal.com/gui/file/edd8ee629a3a57850a4cb78eda37ca19c8606bdabf70d62674b5920d647007ae/detection

kiwi123kiwi.work

# Reference: https://www.coursehero.com/file/pposbt/authkey21232f297a57a5a743894a0e4a801fc3-iclearstudentworkbookpwmepadminphp/

thzsmrjqqzpaz2mz.onion

# Reference: https://www.virustotal.com/gui/domain/ropmibwbwfkevluntsfv.com/detection

ropmibwbwfkevluntsfv.com

# Reference: https://www.virustotal.com/gui/domain/utotsllaeowgnlhmnivr.com/detection

utotsllaeowgnlhmnivr.com

# Reference: https://www.virustotal.com/gui/file/f4c22f4af8e228ba0b68465baa6c9a54f1b435477f339b82e83226a6092acb22/detection

g0dday.cc

# Reference: https://www.virustotal.com/gui/file/30d05f1ffda632acba42f47f9488af801d8af85f06edfda782762915126494c3/detection

r-sbonline.biz

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

grabbil.name
matexx-japan.com

# Reference: https://www.virustotal.com/gui/file/fd9b50dce3717b79f0cb5a09bd9f7b3b08c459a02aeabbb2b9c68cc7408fdf8c/detection

avast-mail-security.download

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

5.9.62.149:50800
eddw.ru
olwwe.ru
wadergroup.biz

# Reference: https://www.virustotal.com/gui/file/f7fa29542a62a0ba5100f3b1d78fb0e70235353b71df6e4f9c9b72e7f877e0d3/detection

epkadvies.nl

# Reference: https://www.virustotal.com/gui/file/63a6c6485b70a50b525ae4ab0ce9d221562d70b699f957fbc2ae9ae6bd906898/detection

http://107.150.43.186

# Reference: https://www.virustotal.com/gui/domain/upgradetoserver.com/detection

upgradetoserver.com

# Reference: https://www.virustotal.com/gui/file/84989bfe79becdea44a2290df3f52bfc2363b6c603aa2b7742dcdde5c7cba12a/detection

madunixxx.ru

# Reference: 
# Reference: https://www.virustotal.com/gui/file/e67bc65e75a16005898b2764c2554262380f22b5a0557d12539905739ea953bf/detection

checksece.com
checksece.net
checksendt.com
checksendt.net
grabbit4me.name
sentedcheck.com
sentedcheck.net
wundscheck.net

# Reference: https://www.virustotal.com/gui/domain/face2face-nig.biz/detection

face2face-nig.biz

# Reference: https://www.virustotal.com/gui/file/d6298e05ed76f20562d6646cc18a94c89855c4d3c0b19e5be5d307423e780de1/detection

darjustice.com

# Reference: https://www.virustotal.com/gui/file/fa181f2826b2c2ff26d5c864415279a23c283ba2949f7913d4bad0be0580ac7d/detection

mfstroi.ru

# Reference: https://blog.talosintelligence.com/2021/05/threat-roundup-0521-0528.html (# Win.Packed.Zbot-9864764-0)

fallb.ru
frigw.ru
habew.ru
orthb.ru
qimpa.ru
qlita.ru
aemunkxyjmrznrls.info
aemunkxyjmrznrls.org
fpuculxcpuqjtwn.net
kgiqlnknpzqutjs.com
kgiqlnknpzqutjs.info
mqlmrqihmrpnjtqm.info
mqlmrqihmrpnjtqm.org
nnuozosighewmigq.biz
nnuozosighewmigq.org
oloynepoursmptli.biz
oloynepoursmptli.org
psosfmhfomti.com
psosfmhfomti.info
qjhhgpcrufowipvz.biz
qjhhgpcrufowipvz.org
qolppnsimtsypr.net
twotmeegloxrmv.biz
twotmeegloxrmv.org

# Reference: https://www.virustotal.com/gui/file/001fbd9ec0fb19fa0e7d934d61edf73c1fa03e38557c5612552e6a87f9c15461/detection

football-x.org
psport-live.biz
synthetic-lab.biz

# Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html (# Win.Trojan.Zbot-9866263-0)

baszodjmeg.me
gamefans.eu
hipsdontlie.info
newtvcast.com
pusikuracbre.me
tvinshot.info
wheretowatch.com
yaboyyoshi.info
m3.sytes.net
m31.sytes.net

# Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html (# Win.Packed.Zbot-9874254-0)

bmjzxhsovwhtqcqpvxxcmzk.com
cjveiorqctgmiggmjrlzhuddq.org
demxylxksylneihmbtwbyxopz.net
djvcycygudvusunrizwumnsgqc.ru
dmdyxcrousnfxdeqwpnvgobojeq.ru
dqemzppuwfurksorvdaxovca.info
feqshmroraqzvwtgucucmvwhdqhu.biz
gikbdyafymblylguqsgwcnjmfhy.com
gmdypeugmkvijdxcztvmgipbam.net
hsmrtkxofmbiqcinwskrcuyttiv.com
huqcqwxylpnvkdapfteaswtknjzq.ru
lruoqokhmxvmzqvojjrvgxcmem.biz
nvxrhskiztbaronjdekfxwcl.info
rcijzpkvovrkdyeictuoukvcad.com
skbuxcqfehlfrgwsrgobztnf.org
tsubqrfqxobtljhmhizqaybq.biz
ttcswpvxgdeaihqqsllvmrytunvkf.ru
uciugdmfncuskbmlfrstsnxopx.com
useugkbwtssglfltwkfahfqwk.net
vhfmkryxdlkbcequhmrd.org
xpyxucpfyleqaqciqcqdwotkzl.info
xttszgihuchgmdiytxcbe.biz
zhhitmvpypbmjntqkbwglpt.com
zltddcyjrswkruotoijdkwgm.com

# Reference: https://www.virustotal.com/gui/file/38ea7578201e225257c0b2ebc6d59eccb548364e91a3bece5abd4d2a4f949609/detection

porevo11.com

# Reference: https://www.virustotal.com/gui/file/69f4bd058dd35085e543d4d4976a3deac5187a226b64188a15e34fc1cce480ac/detection

plutosos.tk

# Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0702-0709.html (# Win.Packed.Zbot-9876064-0)

aitxkamkbatjbqbwgaqwylzpuk.net
bmbmlttsifpzdytyofxwdcydmmr.org
cqhmtukbyxuhyeykbpx.biz
cuxrsxwltevwclmrvsdehl.biz
dipeijnsxiffexojzrgxcusgcasc.biz
dugyibhuxcwcshzhxcygqhizpl.com
fexsdzdwkqgkrrkxgfiduvobpxw.ru
havwiztoruremsgtzlwgfiinnf.biz
hihttclhyifizgypgygewck.com
hmnfbynvqcshdyhbiskhwomxc.info
jvrugyailwkbqhmbusvovchipwc.info
kvqkeukzijucojuwrsxtmpnbmda.info
mvdedyldyxcwgxtzdkbkjkrpvfa.org
mzpnubylppjmvqocukbtkpfdq.org
njhqhfmskbqpddepbdyzljifhy.com
ovfqkkfchuynfkrjzlzbmobrkx.ru
ovqplvaeaulxkgaxqropvumzuc.net
qmjwpplvkvdmnmjrclaynjsw.net
rceyvoztydgehenrvwrdqbexxwts.net
schpaedcjvxhuyxhrsytdmz.com
uonjtkskcqlxgdibxhyllpdnb.ru
weqxkhemfifzhvsozxschupgqrs.biz
wjfugcetltykjhemzxz.com
wobmfudeorptcpfkwcibgmuae.ru

# Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-for-july-9-to-july-16.html (# Win.Trojan.Zbot-9876743-0)

bthmj-nty.info
mjhk-wjty.info

# Reference: https://www.virustotal.com/gui/file/ea9315577777b5b7fa0e9f1efc75ba69c90b28e9fd42ab79861e0b29c109b1b9/detection

asdqw.no-ip.biz
/load/update.php?build=
/lode/update.php?build=

# Reference: https://www.virustotal.com/gui/file/1b1cf866829c80d9ee4324d015ede38be08092063377c51874f5f0f18ce6fdc5/detection

jesse321.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/57044836b98f1e9b2b4ab7a0b6bade71c56e00ef6ba6b14434f5d51e2ea83dc8/detection

gdtghtyh.com

# Reference: https://www.virustotal.com/gui/file/a1ce5fb64bdb8afa9735336505d26b09591bee50e141199909838f59681dff87/detection

systemtime.org

# Reference: https://www.virustotal.com/gui/file/abfeacbf3a8b374b6478f20e32242a7228d2fea048f3ee7ac9a3a678fed5ee44/detection

vh158.timeweb.ru
vsox.ru

# Reference: https://www.virustotal.com/gui/domain/uvoceconeht.myftp.org/relations

uvoceconeht.myftp.org

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1008-1015.html (# Win.Trojan.Zbot-9899961-0)
# Reference: https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html (# Win.Trojan.Zbot-9912583-0)

aexhilzfqgqcakjlrpvuxskjsc.com
ausorwaqircmusgumfqctgcawoobaeci.com
cedhfmhmovlxzpwggwbfy.com
ceptqsbpbrgbajbqssccmrey.biz
cqxtoyfusdacewccqtlncexdt.info
diuddalrcqxoxoaytgyjvpxfq.com
djbxojvsnrhypmjdugwkhyfqd.info
dknfaimfvsqobuminyxhmvto.ru
dmfugxksklrcelgemzaskgq.com
dxhitoljpxwsrivxclfwkgmxw.org
dxprmnlvswqohhifdqemfrs.com
dyljhhpnkfhajbqgnbtkwxoofcm.com
eanzuotopfjfxcavkjbnrnxcjbto.biz
fakfxkltovknvddhdxh.net
fpzmnlgmqdaqodaxspfqf.org
futgijlbvwlnzpttdhayxdfqeu.org
fynfvoswvoddegyiambucmgqrx.biz
hqswugvkonxltgyofqwjzuol.info
inrcsclzprjeixkwbqifzmtsfi.biz
kfnvidqvobiojwguwtgdehau.com
kvnrkbwsxwgainbsmjhhymrrkhip.net
kvytmbtjbhxklnhysohiautlzpb.biz
ljvpvcvsropnmvticyrklzpdrs.com
nbuoqpjlfapvuktdeucscdysoln.com
nrkrcugaxpbmthushybqkbpzl.biz
nzxvoautaehugapjpzsodyzhl.org
ovlvaxytsgqgzxeaobhlbheukukkr.info
prnruwpnnbxtcknwuoptojnza.com
pzjndenbdqtkxcadahlbnuktrw.biz
qgcqpeqaerfdmbsjfyxdehmr.ru
qwgmypxwpusneivlnzgefisg.info
rgyhgiaydqxcobfybqeyovyxvkeea.com
rwqcrkmjhlqorsinhkzpkzmzf.info
skcimytdmpvkfmjvsovtkmzqge.ru
tbqakdifzhhqhpxdyylt.info
tcjfkbzdpcueicqnrtwdwshtgnr.org
tivxgjnsgdibybydkbobmfrsfeaud.ru
udeuoyluokbwsozzhzxkvlbpfnbkkz.com
uklzhuqkcijnmfyppjcanvzwakb.org
vcbpjwtshumxnsodkzfutlbh.net
vcltwldqugijsovgxcvtxroay.net
wggmcazzdxgjzozllfaixsocmkj.ru
wkqkzijnxbeulzpqseukvamtw.biz
wsdqgxwwkbujbxylvqgrxs.net
xlvprmjjvojmbtckzpefuwht.ru
xvhmqpcevgbelydhelrqc.net
xzlvxukhzmwktprqspyphxw.ru
ydilzdwgciqtsfuaiixknorc.ru
yxxcwgqgrwibkvlzfehyhmtsjrrg.net

# Reference: https://www.virustotal.com/gui/file/f5aab50a74cb75c8e5064d15c4639e1a86db14d9c13567ba5672ba434289060e/detection

bellsecurewifi.servehttp.com

# Reference: https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html (# Win.Trojan.Zeus-9912932-0)

beresfordfinancialservices.co.uk

# Reference: https://www.virustotal.com/gui/file/eb152e9f6a7eb602e5b258ebb1efc16857a5012248c05314426560a088039254/detection

testpanel.sytes.net
/testpanel/cfg.bin

# Reference: https://www.virustotal.com/gui/file/001a2eaf3ddcd0b0e35643fb3701af0c6d71a3d558bde747f14b09906b4be064/detection

haceboh.info
hacedas.info
haceguz.info
hacohyz.info
hacokiw.info
hacomih.info
hacoqab.info
hacucah.info
hacupes.info
hacurob.info
hacuzuw.info
hafehes.info
hafekuz.info
hafeqoh.info
hafereb.info
hafocow.info
hafodus.info
hafopab.info
hafozyz.info
hafubiw.info
hafugys.info
hafumah.info
hahehyb.info
hahekos.info
hahemiz.info
haheqaw.info
hahokeb.info
hahopyh.info
hahoraw.info
hahozis.info
hahuboz.info
hahucus.info
hahudeh.info
hahugub.info
halebub.info
halegew.info
halehih.info
halemas.info
halokuh.info
haloqos.info
halorez.info
halozob.info
halucib.info
haludyw.info
halupaz.info
haluzyh.info
hanebaw.info
haneciz.info
hanedyb.info
hanepah.info
hanogeb.info
hanohus.info
hanomow.info
hanukys.info
hanuqiw.info
hanurah.info
hanuzoz.info
hapekyw.info
hapepyz.info
haperas.info
hapezih.info
hapobab.info
hapocuh.info
hapodez.info
hapugaz.info
hapuhuw.info
hapumob.info
hapuqes.info
hawecos.info
hawepew.info
haweroz.info
hawezub.info
hawobis.info
hawodaw.info
hawogyh.info
hawomaz.info
hawuheh.info
hawukib.info
hawuqaz.info
hawuryw.info
mabefyc.info
mabenam.info
mabesaf.info
mabevik.info
mabohec.info
mabojit.info
mabomam.info
mabonuk.info
mabulut.info
mabutef.info
mabuwom.info
mabuxok.info
magejuc.info
magemok.info
magewem.info
magolyc.info
magosyf.info
magotam.info
magoxit.info
magufef.info
maguhic.info
magunak.info
maguvut.info
makehym.info
makejif.info
makemat.info
makenic.info
makoluf.info
makotek.info
makowot.info
makufum.info
makusak.info
makuvoc.info
makuxyf.info
mamesem.info
mametok.info
mamevat.info
mamexuc.info
mamofam.info
mamohuf.info
mamomek.info
mamonot.info
mamujyf.info
mamulic.info
mamuwak.info
marelym.info
maretat.info
marexof.info
marofyk.info
maronac.info
marosat.info
marovif.info
maruhek.info
marujum.info
marumoc.info
maruwet.info
masejet.info
maselik.info
masetyc.info
masewaf.info
masofut.info
masosec.info
masovom.info
masoxuk.info
masufac.info
masuhyt.info
masumaf.info
masunim.info
maxefet.info
maxehuk.info
maxenof.info
maxevum.info
maxojyk.info
maxolom.info
maxomif.info
maxowac.info
maxusyt.info
maxutac.info
maxuvaf.info
maxuxim.info
pufabyv.info
pufadul.info
pufagaq.info
pufamip.info
pufijoq.info
pufileg.info
pufimev.info
pufiwup.info
pufycuv.info
pufypil.info
pufytyp.info
pufyxag.info
pujabug.info
pujaceq.info
pujadop.info
pujapuv.info
pujigip.info
pujijal.info
pujimyg.info
pujiwiv.info
pujylol.info
pujytuv.info
pujyxyq.info
pumajil.info
pumalaq.info
pumatip.info
pumawyv.info
pumicyg.info
pumidal.info
pumipup.info
pumixoq.info
pumybeg.info
pumygol.info
pumyjeq.info
pumymuv.info
pupabap.info
pupagig.info
pupajev.info
pupamul.info
pupilav.info
pupitiq.info
pupiwyl.info
pupixyp.info
pupycep.info
pupydog.info
pupypuq.info
purajop.info
puralyl.info
purameq.info
purawug.info
puripov.info
puritug.info
purixel.info
purybyq.info
purycal.info
purydiv.info
purygap.info
puvalog.info
puvapoq.info
puvatul.info
puvaxev.info
puvibup.info
puvicav.info
puvidiq.info
puvigeg.info
puvyguq.info
puvyjag.info
puvymyp.info
puvywil.info
puzacyl.info
puzapig.info
puzaxap.info
puzibel.info
puzidug.info
puzigov.info
puzimuq.info
puzyjiv.info
puzylep.info
puzytog.info
puzywuq.info
xubakij.info
xubapor.info
xubarux.info
xubazen.info
xubifaj.info
xubisir.info
xubivyd.info
xubixan.info
xubyhoj.info
xubyned.info
xubyqux.info
xudafij.info
xudahan.info
xudanyx.info
xudikon.info
xudiqex.info
xudirur.info
xudizyd.info
xudypur.info
xudysoj.info
xudyvux.info
xudyxed.info
xuhafor.info
xuhanud.info
xuhasux.info
xuhaven.info
xuhihir.info
xuhikej.info
xuhiqud.info
xuhypix.info
xuhyryd.info
xuhyxyn.info
xuhyzaj.info
xulapyn.info
xulasid.info
xulavuj.info
xulaxar.info
xulifud.info
xulihax.info
xulinyj.info
xuliqin.info
xulykox.info
xulypod.info
xulyrun.info
xulyzer.info
xuqakar.info
xuqaqyn.info
xuqarid.info
xuqipud.info
xuqisox.info
xuqixej.info
xuqizor.info
xuqyfix.info
xuqyher.info
xuqynun.info
xuqyvaj.info
xutahod.info
xutakex.info
xutaner.info
xutaquj.info
xutipin.info
xutiryj.info
xutixur.info
xutizax.info
xutyfad.info
xutysun.info
xutyvyr.info
xutyxox.info
xuxapuj.info
xuxasan.info
xuxaxyx.info
xuxazod.info
xuxifon.info
xuxinur.info
xuxisuj.info
xuxivex.info
xuxyhin.info
xuxykad.info
xuxyqyr.info
xuxyrij.info

# Reference: https://www.virustotal.com/gui/file/b00cc06574ea0fa24ea6ce4d45bf3feec11570428fcd18495b9054b26fdb8db6/detection

vogenuklex.myftp.org

# Reference: https://www.virustotal.com/gui/file/07ff3dfdbc818e508a00292c4772c43abbcdb852b2f016388c72385ee9562a55/detection

filoups.info

# Reference: https://twitter.com/JustWantToQ1/status/1515420203059924994

http://176.107.130.232
176.107.130.232:443

# Reference: https://twitter.com/JustWantToQ1/status/1536264357440638981

http://31.44.185.5

# Reference: https://twitter.com/JustWantToQ1/status/1536280157857751041

http://31.14.40.209

# Reference: https://twitter.com/fr0s7_/status/1536327925309616128

http://31.44.185.138
http://31.44.185.14
http://31.44.185.140

# Reference: https://www.virustotal.com/gui/file/000000e19cec622a01eee714629a0e641aae0264a41d19fcf240a0e911af700d/detection

ren7oaks.co.uk

# Reference: https://www.virustotal.com/gui/file/16e3b861af718a184e88fef4fc9e7940f8852700a9e6ec4ab8c43aec3da5d478/detection

31.41.244.235:4440

# Reference: https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html (# Win.Trojan.Zbot-9951812-0)

de-openphone.org

# Reference: https://www.virustotal.com/gui/file/658be12ab3e9a4627ae6b2e1beb95879b4df29bc66539eccec27aa17d2c054cd/detection

http://46.232.113.4

# Reference: https://twitter.com/1ZRR4H/status/1574128884987138048
# Reference: https://tria.ge/220925-xal1eafgc5
# Reference: https://www.virustotal.com/gui/file/1d878b980bb5268e75bf97fb2f664520268bcb935f6aac24c777ef68d1948510/detection
# Reference: https://www.virustotal.com/gui/file/c562503c84ad2dab477e925bf8c0620363c7621f9a21d44574b4cd4f61413998/detection
# Reference: https://www.virustotal.com/gui/file/b04e8b5a88d3fc7c380fa15b8db1d0e593807314a57f73517ec2075e046d52cd/detection
# Reference: https://www.virustotal.com/gui/file/f34d178d34f3173b7f7f0686901603565936f6b6d988fa4fbd7183dd4dd84625/detection

http://170.187.188.177
/cms/gate81afcdd49a3b.php
/gate81afcdd49a3b.php

# Reference: https://www.virustotal.com/gui/file/b3895aae297d3687f2aeeb22deaeca6ee14ec1658e06359bdb75b940ce491826/detection

aku.suroot.com

# Reference: https://www.virustotal.com/gui/file/90c38f0aee2f7cce08010d3be7c9084e915270d20ffd920144600f608b594c77/detection

tvtmhltd.org

# Reference: https://www.virustotal.com/gui/file/4a6a6cbb12eddd47051be4989897eec8ace7939c3a8c18342069d456261b9a46/detection

http://51.255.19.178

# Reference: https://www.virustotal.com/gui/file/abb086369810ce5a49ff954e77d558a3ede2ff43d5c46872c90e27b32ba97326/detection

http://51.255.19.179

# Reference: https://www.virustotal.com/gui/file/ea2ef0d03857a39b976c3f10e5cd8e5e7badc6adca30fd5588b45665d3121e9f/detection

00002009.zapto.org

# Reference: https://jaymonsecurity.com/analisis-ingenieria-inversa-troyano-bancario/

macgreccheckserving.net
sercurmstandifservices.net

# Reference: https://www.virustotal.com/gui/file/526c717bb4a84382a765e0bc2c752199099726a4dc694b61333f1a2be1fd6ac8/detection

echobravo.zapto.org
/z/ebconf.bin
/ebconf.bin

# Reference: https://www.virustotal.com/gui/file/22317bbdacee8d6db3df35f1f31d0cd6eb97726221d9dd6b5cf4c12aa0de4d58/detection

google-analitics.in

# Reference: https://www.virustotal.com/gui/file/0aac1ee2f280f73e23ee2f5ce4ec258c9f666446923e396562d6c3a68cc1069c/detection

carlo20.dyndns.org
/attack/cfg.bin

# Reference: https://www.virustotal.com/gui/file/ed2e3a89de5c3165370b17ae59a2afdfde9be82d8ab20f28f6b5b9fe0ebf4e8f/detection

miol.instanthq.com

# Reference: https://www.virustotal.com/gui/file/077c87d4fef3f9c93485d04bebcfc01bd976f76c93b165a8b02a35545aa41436/detection

systemscan.dnset.com

# Reference: https://www.virustotal.com/gui/file/0c34dd496bb2b5c83c812ace38c2325f920b0db55da7b1a210a6b435491d7052/detection

image.dnset.com

# Reference: https://www.fortinet.com/blog/threat-research/zeus-stealer-distributed-via-crafted-minecraft-source-pack

onlinecontroler.000webhostapp.com
panel-controller.000webhostapp.com

# Reference: https://x.com/banthisguy9349/status/1835012429475889237
# Reference: https://www.virustotal.com/gui/file/1762600d80df88a324452290a176bfab40ec965f5bb27be12a4cb71614b94c56/detection

http://107.189.5.6

# Reference: https://www.virustotal.com/gui/file/539250b7981465fa6e117ad74d029e70875934e0c7255913d83bdcc539b035b3/detection

77.81.244.170:65529
bulk.ademostrates.net

# Reference: https://x.com/skocherhan/status/1921887460906226058
# Reference: https://www.virustotal.com/gui/file/2ce821d141cd4212941431633c0eb457621571c89620d482155993478acffedf/detection

194.9.6.26:31337

# Generic

/botnet/server%5Bphp%5D/
/cp.php?letter=login
/cp.php?m=login
/mtanqste.php?m=login
/grabbedinfo7sob7/admin.php
/grabbedinfo7sob7/loading.php
/grabbedinfo0sob0/
/grabbedinfo1sob1/
/grabbedinfo2sob2/
/grabbedinfo3sob3/
/grabbedinfo4sob4/
/grabbedinfo5sob5/
/grabbedinfo6sob6/
/grabbedinfo7sob7/
/grabbedinfo8sob8/
/grabbedinfo9sob9/
/kn11ff/
/wp-zeus/
