# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
# Reference: https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/
# Reference: https://otx.alienvault.com/pulse/5ef67e89cde1d0c1b00dd02c

adsmarketart.com
advancedanalysis.be
advertstv.com
advokat-hodonin.info
amazingdonutco.com
bettyware.xyz
celebratering.xyz
cofeedback.com
consultane.com
devicelease.xyz
fakeframes.xyz
feedbackgive.com
flablenitev.site
gadgetops.xyz
guiapocos.xyz
hotphonecall.xyz
justbesarnia.xyz
kordelservers.xyz
lendojekam.xyz
lgrarcosbann.club
lpequdeliren.fun
ludwoodgroup.xyz
msoftwares.info
mwebsoft.com
net-giftshop.info
paiolets.com
penaz.info
respondcritique.xyz
rostraffic.com
szn.services
traffichi.com
transvil2.xyz
triomigratio.xyz
tritravlife.xyz
typiconsult.com
uplandcaraudio.xyz
utenti.info
utenti.live
veisllc.xyz
websitelistbuilder.com
websitesbuilder.info
wineguroo.xyz
woofwoofacademy.xyz
backup.awarfaregaming.com
click.clickanalytics208.com
connect.clevelandskin.com
connect.clevelandskin.net
connect.clevelandskin.org
cushion.aiimss.com
dns.proactiveads.be
link.easycounter210.com
rocket2.new10k.com
track.positiverefreshment.org

# Reference: https://www.menlosecurity.com/blog/increase-in-attack-socgholish
# Reference: https://twitter.com/BushidoToken/status/1370429928160759812

news.pocketstay.com

# Reference: https://twitter.com/tosscoinwitcher/status/1379505361787359233

5e7936bb.news.pocketstay.com

# Reference: https://twitter.com/Wanna_VanTa/status/1392537130396700681
# Reference: https://www.virustotal.com/gui/ip-address/81.4.122.193/relations

login.wwpcrisis.com

# Reference: https://twitter.com/malware_traffic/status/1420490383881129990
# Reference: https://www.virustotal.com/gui/ip-address/141.255.161.180/relations

certification.mountainaireautoglass.com
public.clickstat360.com
fe1eaf89.office.drpease.com

# Reference: https://blog.group-ib.com/prometheus-tds

4107e577.payment.refinedwebs.com
e186aeb2.news.pocketstay.com

# Reference: https://twitter.com/neonprimetime/status/1475841620428062724

80e16d50.xen.hill-family.us
a962296f.xen.hill-family.us

# Reference: https://twitter.com/MBThreatIntel/status/1466107514030751747
# Reference: https://www.virustotal.com/gui/ip-address/179.43.169.31/relations

jobs.tracybrey.com
popcorn.net-zerodesign.com
second.pmservicespr.com
eba80de9.xen.hill-family.us

# Reference: https://twitter.com/th3_protoCOL/status/1460356964140007424
# Reference: https://www.virustotal.com/gui/ip-address/87.249.50.201/relations
# Reference: https://www.virustotal.com/gui/file/89380aa78a9797c1906c1c8c8a646c08155eb3d16b79d8ad502789a59f0f7f9f/detection

upstream.fishslayerjigco.com
xen.hill-family.us

# Reference: https://www.virustotal.com/gui/file/89380aa78a9797c1906c1c8c8a646c08155eb3d16b79d8ad502789a59f0f7f9f/detection

368757c6.upstream.fishslayerjigco.com

# Reference: https://www.virustotal.com/gui/file/9e663136610eb7a07dafe19a706445c2c0527ef586b7d3fbaa36e54173ac7394/detection

05579f9d.xen.hill-family.us

# Reference: https://www.virustotal.com/gui/file/d1ed30acb9aee0c8ee12c4ce10102ab732b9f304cabf9b3df302654c667e6beb/detection

0e9ff460.xen.hill-family.us

# Reference: https://www.virustotal.com/gui/file/1913554c81ea9fa5004189f067bc8618d628b85ca6dbc8964ec6bf7a4bfc0385/detection

71d665d8.xen.hill-family.us

# Reference: https://twitter.com/MBThreatIntel/status/1478515956968083456

255e7219.xen.hill-family.us
second.pmservicespr.com

# Reference: https://twitter.com/MBThreatIntel/status/1440443682369388549
# Reference: https://www.virustotal.com/gui/ip-address/81.4.122.101/relations

e73fb99b.push.youbyashboutique.com
push.youbyashboutique.com
paggy.parmsplace.com

# Reference: https://twitter.com/MBThreatIntel/status/1480595880629587971

bfa73f60.xen.hill-family.us

# Reference: https://twitter.com/SecurityAura/status/1487564086929936388

7a3a7f86.xen.hill-family.us

# Reference: https://expel.com/blog/incident-report-spotting-socgholish-wordpress-injection/

notify.aproposaussies.com

# Reference: https://twitter.com/cr4shtest/status/1494365444421128203

a5b420bd.host.integrativehealthpartners.com

# Reference: https://twitter.com/MBThreatIntel/status/1494453598087835673

staticvisit.net
20go.staticvisit.net
43cbb37d.host.integrativehealthpartners.com
go.staticvisit.net
rotation.ahrealestatepr.com

# Reference: https://twitter.com/bryceabdo/status/1499048636319162371
# Reference: https://www.virustotal.com/gui/ip-address/91.219.236.192/relations

12cff833.widget.windsorbongvape.com
1dd355b6.widget.windsorbongvape.com
48bb0f7a.widget.windsorbongvape.com
b94c3406.widget.windsorbongvape.com
widget.windsorbongvape.com

# Reference: https://twitter.com/MBThreatIntel/status/1508575992041771013

design.lawrencetravelco.com

# Reference: https://twitter.com/MBThreatIntel/status/1513635853309861895

fasttracklegal.com
lines.fasttracklegal.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1516062361488171018

expugements.com
priority.expugements.com

# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-04-21_SocGholish-FakeUpdates

2ctmedia.com
bonneltravel.com
brannonsmiles.com
chandlermethodist.org
codigodebarra.co
pomdev.com
vipveinsaz.com
windsorbongvape.com
1.widget.windsorbongvape.com
connect.codigodebarra.co
doors.vipveinsaz.com
energy.pomdev.com
matrix.2ctmedia.com
missions.chandlermethodist.org
patients.brannonsmiles.com
stuff.bonneltravel.com

# Reference: https://twitter.com/MBThreatIntel/status/1521201292005154816

factor.vtaxlaw.com

# Reference: https://twitter.com/bigmacjpg/status/1524125086206332932

extra-tegic.com
java.extra-tegic.com

# Reference: https://twitter.com/bigmacjpg/status/1526197418940932097

agrandatubolsillo.com
jump.agrandatubolsillo.com

# Reference: https://twitter.com/bigmacjpg/status/1528860847178936320

academiadecontables.com
parked.academiadecontables.com

# Reference: https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee
# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

irsbusinessaudit.net
irsbusinessaudit.tax
irsgetwell.net

# Reference: https://twitter.com/bigmacjpg/status/1529921079132704788

newhomessection.com
schedule.newhomessection.com

# Reference: https://blog.sucuri.net/2022/06/analysis-massive-ndsw-ndsx-malware-campaign.html

bumpy.daniyalmedicaltech.com
contractor.thecaninescholar.com
craft.cheesedome.com
mamba.cpncredit.com
market.bluestonechiropractic.com
mines.cajonsoul.com
rotation.craigconnors.com
sdk.expresswayautopr.com
staff.beeboykind.com
trace.mukandratourandtravels.com

# Reference: https://twitter.com/th3_protoCOL/status/1536791876577112065

stradlings.com
reviews.stradlings.com
official.stradlings.com

# Reference: https://twitter.com/1ZRR4H/status/1537501582727778304

ibgenesis.org
genesis.ibgenesis.org

# Reference: https://twitter.com/atorrrr/status/1537107577418485761

northphxchiro.com

# Reference: https://twitter.com/bigmacjpg/status/1539000348941201408

jcscateringaz.com
spool.jcscateringaz.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1539681817497853952
# Reference: https://www.virustotal.com/gui/ip-address/176.10.124.180/relations

step.ifsguy.com
2a2da470.step.ifsguy.com
374d1389.step.ifsguy.com
4f8d0e70.step.ifsguy.com
6ea0e2c3.step.ifsguy.com
c95a786e.step.ifsguy.com
e316bac0.step.ifsguy.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1539976468876251140
# Referecne: https://twitter.com/C0ryInTheHous3/status/1539976414920704005
# Reference: https://www.virustotal.com/gui/ip-address/45.10.42.26/relations

cloud.bncfministries.org
craft.cheesedome.com
genesis.ibgenesis.org
hope.point521.com
market.bluestonechiropractic.com
mycontrol.alohaalsomeansgoodbye.com
repair.annetamkin.com
republic.beboldskincare.com

# Reference: https://twitter.com/bigmacjpg/status/1541775825833701377

app.pgica.org
00f4910b.app.pgica.org
0220f52a.app.pgica.org
084d2671.app.pgica.org
0a08fe76.app.pgica.org
108ada69.app.pgica.org
11e53a7d.app.pgica.org
16d356f0.app.pgica.org
1cf74659.app.pgica.org
1d7757ca.app.pgica.org
21acf799.app.pgica.org
21dcdf19.app.pgica.org
271dbdf0.app.pgica.org
284f616a.app.pgica.org
295cef1b.app.pgica.org
38c385af.app.pgica.org
4689d20c.app.pgica.org
539f0a1a.app.pgica.org
5d322fe2.app.pgica.org
71d44b01.app.pgica.org
721ddcba.app.pgica.org
80269b64.app.pgica.org
8b64ae28.app.pgica.org
96af898b.app.pgica.org
9a5c5bc1.app.pgica.org
9f08af01.app.pgica.org
b51d496b.app.pgica.org
b7e15726.app.pgica.org
bcf0d5de.app.pgica.org
cd8403ad.app.pgica.org
d50f86a6.app.pgica.org
dd465211.app.pgica.org
e7ec2c33.app.pgica.org
ed09a0b9.app.pgica.org
f4fbd5fe.app.pgica.org
f5de9db0.app.pgica.org

# Reference: https://twitter.com/ex_raritas/status/1544788160688709633

hunter.libertylawaz.com

# Reference: https://twitter.com/ex_raritas/status/1545057620142092293

center.blueoctopuspress.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1545111100089421824

gohnson.advanceditsolutionsaz.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1545111873779113986

expert.stmhonline.com
hope.point521.com
portfolio.rainbowgraffixx.com
puzzle.tricityintranet.com
stanley.planilla2021.com

# Reference: https://twitter.com/ex_raritas/status/1547335182478233601

cloud.bncfministries.org

# Reference: https://twitter.com/C0ryInTheHous3/status/1547654346162155523
# Reference: https://twitter.com/MBThreatIntel/status/1567880847667372032
# Reference: https://www.virustotal.com/gui/ip-address/45.10.43.78/relations
# Reference: https://www.virustotal.com/gui/domain/deal-institute.com/relations

deal-institute.com
dreamworkscdc.com
courses.deal-institute.com
diamond.speaktomyheart.org
havana.littlehavanacigarstore.com
nivea.dreamworkscdc.com
reserves.deal-institute.com
volume.stoneoakcapital.net
west.bykikarose.com

# Reference: https://twitter.com/MBThreatIntel/status/1549094591881613312

call.pgee.org
performer.stmhonline.com

# Reference: https://twitter.com/bigmacjpg/status/1549111888839163904

smithfirm.agency
deal.smithfirm.agency

# Reference: https://twitter.com/bigmacjpg/status/1549110513879113730

bundles.trovatogroup.com

# Reference: https://twitter.com/jtrombley90/status/1549497835455975425

diamond.speaktomyheart.org

# Reference: https://twitter.com/mossdinger/status/1549822318826102784

record.usautosaleslv.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1550186874488102913

cats.johnbeach.us
cardo.diem-co.com
query.dec.works
record.usautosaleslv.com
training.ren-kathybermejo.com

# Reference: https://twitter.com/ex_raritas/status/1552329776337018880

master.ilsrecruitment.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1552330589583429632

mafia.carverdesigngroup.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-01%20SocGholish%20IOCs
# Reference: https://www.virustotal.com/gui/domain/ssl.topgearoutfitters.com/relations

cruize.updogtechnologies.com
ssl.topgearoutfitters.com
0bcd.ssl.topgearoutfitters.com
1059.ssl.topgearoutfitters.com
3305.ssl.topgearoutfitters.com
4519.ssl.topgearoutfitters.com
68b0.ssl.topgearoutfitters.com
85c4.ssl.topgearoutfitters.com
c575.ssl.topgearoutfitters.com
c946.ssl.topgearoutfitters.com
d307.ssl.topgearoutfitters.com
d754.ssl.topgearoutfitters.com
dc6d.ssl.topgearoutfitters.com
ee32.ssl.topgearoutfitters.com
f31e.ssl.topgearoutfitters.com
f44b.ssl.topgearoutfitters.com

# Reference: https://twitter.com/MBThreatIntel/status/1555294439181934592

casting.faeryfox.com
telegram.godsmightywhispers.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-03%20SocGholish%20IOCs

flunkypixels.com
fallout.flunkypixels.com
d26f.fallout.flunkypixels.com

# Reference: https://twitter.com/unmaskparasites/status/1554186000112295936

d2j09jsarr75l2.cloudfront.net

# Reference: https://twitter.com/C0ryInTheHous3/status/1555596453720072192

docklar.howicanstart.com

# Reference: https://twitter.com/TIP_Rider/status/1555754746492878855

predator.foxscalesjewelry.com

# Reference: https://twitter.com/C0ryInTheHous3/status/1555596453720072192

docklar.howicanstart.com

# Reference: https://twitter.com/mojoesec/status/1557767047618215936

templates.victoryoverdieting.com
00f7.templates.victoryoverdieting.com
0573.templates.victoryoverdieting.com
06a6.templates.victoryoverdieting.com
0c0f.templates.victoryoverdieting.com
0c51.templates.victoryoverdieting.com
0e13.templates.victoryoverdieting.com
0f2b.templates.victoryoverdieting.com
1087.templates.victoryoverdieting.com
1212.templates.victoryoverdieting.com
13af.templates.victoryoverdieting.com
15cf.templates.victoryoverdieting.com
1adc.templates.victoryoverdieting.com
1d23.templates.victoryoverdieting.com
1ea9.templates.victoryoverdieting.com
1f96.templates.victoryoverdieting.com
2168.templates.victoryoverdieting.com
245c.templates.victoryoverdieting.com
279d.templates.victoryoverdieting.com
27fc.templates.victoryoverdieting.com
297d.templates.victoryoverdieting.com
2eb4.templates.victoryoverdieting.com
2ee9.templates.victoryoverdieting.com
3023.templates.victoryoverdieting.com
3413.templates.victoryoverdieting.com
3954.templates.victoryoverdieting.com
3b2d.templates.victoryoverdieting.com
3cec.templates.victoryoverdieting.com
3ecb.templates.victoryoverdieting.com
3ee6.templates.victoryoverdieting.com
442d.templates.victoryoverdieting.com
4517.templates.victoryoverdieting.com
460f.templates.victoryoverdieting.com
483e.templates.victoryoverdieting.com
48a5.templates.victoryoverdieting.com
53b4.templates.victoryoverdieting.com
53d1.templates.victoryoverdieting.com
5907.templates.victoryoverdieting.com
5d87.templates.victoryoverdieting.com
5da1.templates.victoryoverdieting.com
5ed8.templates.victoryoverdieting.com
6715.templates.victoryoverdieting.com
6811.templates.victoryoverdieting.com
69cd.templates.victoryoverdieting.com
6d93.templates.victoryoverdieting.com
7b7b.templates.victoryoverdieting.com
7e5f.templates.victoryoverdieting.com
7edf.templates.victoryoverdieting.com
8356.templates.victoryoverdieting.com
850b.templates.victoryoverdieting.com
8a93.templates.victoryoverdieting.com
8e7e.templates.victoryoverdieting.com
9125.templates.victoryoverdieting.com
9880.templates.victoryoverdieting.com
9d0f.templates.victoryoverdieting.com
9ec0.templates.victoryoverdieting.com
a19a.templates.victoryoverdieting.com
a232.templates.victoryoverdieting.com
a267.templates.victoryoverdieting.com
a4a5.templates.victoryoverdieting.com
a53d.templates.victoryoverdieting.com
a850.templates.victoryoverdieting.com
a9e3.templates.victoryoverdieting.com
abe8.templates.victoryoverdieting.com
add5.templates.victoryoverdieting.com
b2aa.templates.victoryoverdieting.com
b9e8.templates.victoryoverdieting.com
ba2b.templates.victoryoverdieting.com
bba6.templates.victoryoverdieting.com
bc68.templates.victoryoverdieting.com
bec3.templates.victoryoverdieting.com
c4b8.templates.victoryoverdieting.com
c622.templates.victoryoverdieting.com
c97a.templates.victoryoverdieting.com
cb51.templates.victoryoverdieting.com
cb9c.templates.victoryoverdieting.com
cf6d.templates.victoryoverdieting.com
cf8f.templates.victoryoverdieting.com
dc2c.templates.victoryoverdieting.com
dcfxfjuk.templates.victoryoverdieting.com
de86.templates.victoryoverdieting.com
deae.templates.victoryoverdieting.com
e089.templates.victoryoverdieting.com
e15b.templates.victoryoverdieting.com
e1f8.templates.victoryoverdieting.com
e4aa.templates.victoryoverdieting.com
e64d.templates.victoryoverdieting.com
e8ed.templates.victoryoverdieting.com
ead6.templates.victoryoverdieting.com
ec99.templates.victoryoverdieting.com
efca.templates.victoryoverdieting.com
f440.templates.victoryoverdieting.com
f7bb.templates.victoryoverdieting.com
fd0a.templates.victoryoverdieting.com
fd24.templates.victoryoverdieting.com
ffee.templates.victoryoverdieting.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-10%20SocGholish%20IOCs

telegram.godsmightywhispers.com
00ac.telegram.godsmightywhispers.com
0176.telegram.godsmightywhispers.com
02b4.telegram.godsmightywhispers.com
0323.telegram.godsmightywhispers.com
03e7.telegram.godsmightywhispers.com
070a.telegram.godsmightywhispers.com
0de5.telegram.godsmightywhispers.com
0ebf.telegram.godsmightywhispers.com
1304.telegram.godsmightywhispers.com
15c6.telegram.godsmightywhispers.com
1773.telegram.godsmightywhispers.com
197b.telegram.godsmightywhispers.com
1ad6.telegram.godsmightywhispers.com
1dc0.telegram.godsmightywhispers.com
1fbb.telegram.godsmightywhispers.com
2176.telegram.godsmightywhispers.com
246e.telegram.godsmightywhispers.com
26b6.telegram.godsmightywhispers.com
29ff.telegram.godsmightywhispers.com
2b1c.telegram.godsmightywhispers.com
3123.telegram.godsmightywhispers.com
331c.telegram.godsmightywhispers.com
3761.telegram.godsmightywhispers.com
3c2b.telegram.godsmightywhispers.com
411a.telegram.godsmightywhispers.com
4394.telegram.godsmightywhispers.com
439f.telegram.godsmightywhispers.com
43bb.telegram.godsmightywhispers.com
46ab.telegram.godsmightywhispers.com
487d.telegram.godsmightywhispers.com
48c9.telegram.godsmightywhispers.com
4a3d.telegram.godsmightywhispers.com
4a79.telegram.godsmightywhispers.com
4ecf.telegram.godsmightywhispers.com
4efd.telegram.godsmightywhispers.com
5a0c.telegram.godsmightywhispers.com
5a7b.telegram.godsmightywhispers.com
5b43.telegram.godsmightywhispers.com
5eb8.telegram.godsmightywhispers.com
682b.telegram.godsmightywhispers.com
6831.telegram.godsmightywhispers.com
6cbd.telegram.godsmightywhispers.com
6ff8.telegram.godsmightywhispers.com
7973.telegram.godsmightywhispers.com
7fbe.telegram.godsmightywhispers.com
8126.telegram.godsmightywhispers.com
825e.telegram.godsmightywhispers.com
8294.telegram.godsmightywhispers.com
8445.telegram.godsmightywhispers.com
84ca.telegram.godsmightywhispers.com
8865.telegram.godsmightywhispers.com
88de.telegram.godsmightywhispers.com
8ac0.telegram.godsmightywhispers.com
8cf2.telegram.godsmightywhispers.com
8fa9.telegram.godsmightywhispers.com
9482.telegram.godsmightywhispers.com
972d.telegram.godsmightywhispers.com
9f60.telegram.godsmightywhispers.com
9f7d.telegram.godsmightywhispers.com
9fc4.telegram.godsmightywhispers.com
a0a2.telegram.godsmightywhispers.com
a0ed.telegram.godsmightywhispers.com
a1b2.telegram.godsmightywhispers.com
a247.telegram.godsmightywhispers.com
a5e7.telegram.godsmightywhispers.com
ad08.telegram.godsmightywhispers.com
af74.telegram.godsmightywhispers.com
b04d.telegram.godsmightywhispers.com
b2a8.telegram.godsmightywhispers.com
b605.telegram.godsmightywhispers.com
ba8a.telegram.godsmightywhispers.com
bcc4.telegram.godsmightywhispers.com
be4f.telegram.godsmightywhispers.com
be52.telegram.godsmightywhispers.com
c22c.telegram.godsmightywhispers.com
c3c4.telegram.godsmightywhispers.com
c6d8.telegram.godsmightywhispers.com
c703.telegram.godsmightywhispers.com
c80b.telegram.godsmightywhispers.com
c962.telegram.godsmightywhispers.com
cd8d.telegram.godsmightywhispers.com
d03a.telegram.godsmightywhispers.com
d064.telegram.godsmightywhispers.com
d095.telegram.godsmightywhispers.com
d169.telegram.godsmightywhispers.com
d494.telegram.godsmightywhispers.com
d5ae.telegram.godsmightywhispers.com
e149.telegram.godsmightywhispers.com
e207.telegram.godsmightywhispers.com
e49a.telegram.godsmightywhispers.com
e944.telegram.godsmightywhispers.com
ed03.telegram.godsmightywhispers.com
eee8.telegram.godsmightywhispers.com
f9f6.telegram.godsmightywhispers.com
fbd1.telegram.godsmightywhispers.com
fc2d.telegram.godsmightywhispers.com
fea8.telegram.godsmightywhispers.com
fef5.telegram.godsmightywhispers.com
ff79.telegram.godsmightywhispers.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-18%20SocGholish%20IOCs

140f.templates.victoryoverdieting.com
1f95.telegram.godsmightywhispers.com
2178.templates.victoryoverdieting.com
231a.templates.victoryoverdieting.com
24e3.telegram.godsmightywhispers.com
506f.telegram.godsmightywhispers.com
58f0.telegram.godsmightywhispers.com
674b.telegram.godsmightywhispers.com
73a2.templates.victoryoverdieting.com
7fd4.telegram.godsmightywhispers.com
890c.telegram.godsmightywhispers.com
8e31.templates.victoryoverdieting.com
93ce.telegram.godsmightywhispers.com
9f72.telegram.godsmightywhispers.com
bbda.telegram.godsmightywhispers.com
bd6c.telegram.godsmightywhispers.com
bd7d.telegram.godsmightywhispers.com
daea.templates.victoryoverdieting.com
f886.templates.victoryoverdieting.com

# Reference: https://twitter.com/mojoesec/status/1561805273651617793

breatheinnew.life
cloudnoze.com
activation.thepowerofhiswhisper.com
restructuring.breatheinnew.life
029b.activation.thepowerofhiswhisper.com
04c2.activation.thepowerofhiswhisper.com
05b3.activation.thepowerofhiswhisper.com
0d35.activation.thepowerofhiswhisper.com
10cc.activation.thepowerofhiswhisper.com
15e3.activation.thepowerofhiswhisper.com
1a29.activation.thepowerofhiswhisper.com
20cf.activation.thepowerofhiswhisper.com
22da.activation.thepowerofhiswhisper.com
23c2.activation.thepowerofhiswhisper.com
2e29.activation.thepowerofhiswhisper.com
39e6.activation.thepowerofhiswhisper.com
47d7.activation.thepowerofhiswhisper.com
5bea.activation.thepowerofhiswhisper.com
622a.activation.thepowerofhiswhisper.com
66c5.activation.thepowerofhiswhisper.com
6711.activation.thepowerofhiswhisper.com
69ad.activation.thepowerofhiswhisper.com
6b44.activation.thepowerofhiswhisper.com
7365.activation.thepowerofhiswhisper.com
75b4.activation.thepowerofhiswhisper.com
7eba.activation.thepowerofhiswhisper.com
7fe8.activation.thepowerofhiswhisper.com
8386.activation.thepowerofhiswhisper.com
84a3.activation.thepowerofhiswhisper.com
8739.activation.thepowerofhiswhisper.com
8769.activation.thepowerofhiswhisper.com
8814.activation.thepowerofhiswhisper.com
90b2.activation.thepowerofhiswhisper.com
9fc0.activation.thepowerofhiswhisper.com
b436.activation.thepowerofhiswhisper.com
b539.activation.thepowerofhiswhisper.com
b864.activation.thepowerofhiswhisper.com
bd71.activation.thepowerofhiswhisper.com
bda8.activation.thepowerofhiswhisper.com
c1e0.activation.thepowerofhiswhisper.com
c36d.activation.thepowerofhiswhisper.com
d018.activation.thepowerofhiswhisper.com
d5f5.activation.thepowerofhiswhisper.com
d742.activation.thepowerofhiswhisper.com
dbf1.activation.thepowerofhiswhisper.com
e827.activation.thepowerofhiswhisper.com
ee93.activation.thepowerofhiswhisper.com
f2fd.activation.thepowerofhiswhisper.com

# Reference: https://twitter.com/bigmacjpg/status/1562194024361910273
# Reference: https://www.virustotal.com/gui/ip-address/77.91.127.52/relations

activation.thepowerofhiswhisper.com
state.thegshrevolution.com
templates.victoryoverdieting.com
2d58.state.thegshrevolution.com
3359.state.thegshrevolution.com
a946.state.thegshrevolution.com
5128.templates.victoryoverdieting.com
bd96.activation.thepowerofhiswhisper.com

# Reference: https://twitter.com/EKFiddle/status/1567196965108350977

thepowerofgodswhisper.com
roles.thepowerofgodswhisper.com

# Reference: https://twitter.com/MBThreatIntel/status/1567698456235634688

clean.godmessagedme.com
community.wbaperformance.com
havana.littlehavanacigarstore.com
puzzle.tricityintranet.com
secretary.rentamimi.com

# Reference: https://twitter.com/MBThreatIntel/status/1569452267199397888
# Reference: https://www.virustotal.com/gui/ip-address/84.32.188.27/relations

fluctuations.trendylevels.com
09b0.fluctuations.trendylevels.com
4e11.fluctuations.trendylevels.com
c8d5.fluctuations.trendylevels.com

# Reference: https://twitter.com/MBThreatIntel/status/1569877691964485632

business.mygshplus.com
prompt.zonashoppers.academy
tutorials.girandolashutkindconstruction.com

# Reference: https://twitter.com/bigmacjpg/status/1570781615445659650

moments.abledity.com
14df.moments.abledity.com
15df.moments.abledity.com
15e3.moments.abledity.com
15e3.moments.abledity.com
1a7f.moments.abledity.com
21e9.moments.abledity.com
21e9.moments.abledity.com
2938.moments.abledity.com
2938.moments.abledity.com
2a21.moments.abledity.com
2baa.moments.abledity.com
2baa.moments.abledity.com
3a4e.moments.abledity.com
3a4e.moments.abledity.com
4327.moments.abledity.com
4328.moments.abledity.com
4805.moments.abledity.com
4805.moments.abledity.com
48ba.moments.abledity.com
48ba.moments.abledity.com
4f8d.moments.abledity.com
4f8d.moments.abledity.com
5762.moments.abledity.com
5996.moments.abledity.com
5996.moments.abledity.com
5ec3.moments.abledity.com
5ec3.moments.abledity.com
6bab.moments.abledity.com
6bcf.moments.abledity.com
6bcf.moments.abledity.com
7133.moments.abledity.com
713d.moments.abledity.com
713d.moments.abledity.com
774a.moments.abledity.com
774a.moments.abledity.com
79d3.moments.abledity.com
7dfe.moments.abledity.com
7fc8.moments.abledity.com
7fc8.moments.abledity.com
8801.moments.abledity.com
8801.moments.abledity.com
93ff.moments.abledity.com
9473.moments.abledity.com
9569.moments.abledity.com
9569.moments.abledity.com
957c.moments.abledity.com
957c.moments.abledity.com
981b.moments.abledity.com
981b.moments.abledity.com
98a7.moments.abledity.com
99c5.moments.abledity.com
9c7f.moments.abledity.com
9c7f.moments.abledity.com
a0bc.moments.abledity.com
a0bc.moments.abledity.com
a119.moments.abledity.com
a119.moments.abledity.com
aa5c.moments.abledity.com
aa93.moments.abledity.com
ad46.moments.abledity.com
ad46.moments.abledity.com
b1b8.moments.abledity.com
b1b8.moments.abledity.com
b30b.moments.abledity.com
b30b.moments.abledity.com
b6dc.moments.abledity.com
b6dc.moments.abledity.com
bee4.moments.abledity.com
blockf583.moments.abledity.com
c077.moments.abledity.com
c34f.moments.abledity.com
c416.moments.abledity.com
c4d2.moments.abledity.com
c4d2.moments.abledity.com
c7ec.moments.abledity.com
c91c.moments.abledity.com
c91c.moments.abledity.com
c98a.moments.abledity.com
c98a.moments.abledity.com
ccf3.moments.abledity.com
ce5b.moments.abledity.com
ce5b.moments.abledity.com
cf69.moments.abledity.com
cf69.moments.abledity.com
d2f8.moments.abledity.com
dd98.moments.abledity.com
dd98.moments.abledity.com
e1bb.moments.abledity.com
e8b6.moments.abledity.com
ebfc.moments.abledity.com
ee73.moments.abledity.com
ef1b.moments.abledity.com
f634.moments.abledity.com
f634.moments.abledity.com
f86e.moments.abledity.com

# Reference: https://twitter.com/MBThreatIntel/status/1573403271292919808

custom.usmuchmedia.com

# Reference: https://twitter.com/MBThreatIntel/status/1572679483467104257

notes.fumcpittsburg.org

# Reference: https://twitter.com/MBThreatIntel/status/1574509979784314880

2topost.com
hair.2topost.com

# Reference: https://twitter.com/MBThreatIntel/status/1574814847405101059

4tosocialprofessional.com
registermegod.online
jobs.registermegod.online
memorial.4tosocialprofessional.com
171d.jobs.registermegod.online
1f5a.jobs.registermegod.online
31dd.jobs.registermegod.online
5b9.jobs.registermegod.online
a979.jobs.registermegod.online

# Reference: https://twitter.com/MBThreatIntel/status/1575241303302209537
# Reference: https://www.virustotal.com/gui/ip-address/179.43.133.40/relations

mynewtopboyfriend.store
mystylingmylife.xyz
accounts.mynewtopboyfriend.store
basket.stylingtomorrow.com
fundraising.mystylingmylife.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1575959652483100674

actors.jcracing.com

# Reference: https://twitter.com/EKFiddle/status/1575981962330005504

people.zonashoppers.com

# Reference: https://twitter.com/MBThreatIntel/status/1578145447969173504
# Reference: https://www.virustotal.com/gui/ip-address/159.69.101.84/relations

4tosocial.com
balance.tyvekracebibs.com
football.4tosocial.com
internal.blessedfoodshalalmeat.com
01c2.jobs.registermegod.online
039b.internal.blessedfoodshalalmeat.com
0580.jobs.registermegod.online
0846.jobs.registermegod.online
09ce.jobs.registermegod.online
0a52.jobs.registermegod.online
0feb.jobs.registermegod.online
2cee.jobs.registermegod.online
2e9d.jobs.registermegod.online
3ae0.jobs.registermegod.online
45b9.jobs.registermegod.online
51b4.jobs.registermegod.online
5502.jobs.registermegod.online
5650.jobs.registermegod.online
579c.jobs.registermegod.online
5876.jobs.registermegod.online
5a3b.jobs.registermegod.online
5acc.jobs.registermegod.online
5ae0.jobs.registermegod.online
6165.internal.blessedfoodshalalmeat.com
6b09.jobs.registermegod.online
6fca.jobs.registermegod.online
74fc.internal.blessedfoodshalalmeat.com
7802.jobs.registermegod.online
7a88.jobs.registermegod.online
9ca7.jobs.registermegod.online
a67f.internal.blessedfoodshalalmeat.com
alerdnlxfbd.balance.tyvekracebibs.com
b076.jobs.registermegod.online
ba13.jobs.registermegod.online
c090.jobs.registermegod.online
cojdmfx.balance.tyvekracebibs.com
d971.internal.blessedfoodshalalmeat.com
df35.jobs.registermegod.online
e095.jobs.registermegod.online
f37b.jobs.registermegod.online
fdc0.jobs.registermegod.online
gnc.balance.tyvekracebibs.com
ivmwafpgas.balance.tyvekracebibs.com
krmmfpoesa.balance.tyvekracebibs.com
mupbap.balance.tyvekracebibs.com
n.balance.tyvekracebibs.com
pmtmmwuovln.balance.tyvekracebibs.com
rbfafmalbyv.balance.tyvekracebibs.com
ructexyljspfju.balance.tyvekracebibs.com
sjsvifluhvbwgw.balance.tyvekracebibs.com
sqotbcdzvrfml.balance.tyvekracebibs.com
tpousltzamjbio.balance.tyvekracebibs.com
ummhjsoxcpat.balance.tyvekracebibs.com
vvuuqjpbzoe.balance.tyvekracebibs.com
xbdtiykgxuhg.balance.tyvekracebibs.com
xscbxhbtw.balance.tyvekracebibs.com
xtwhfnjmgayrj.balance.tyvekracebibs.com

# Reference: https://twitter.com/bigmacjpg/status/1579491968035721218

houses.in-vermont.com
d477.houses.in-vermont.com
e2c0.houses.in-vermont.com

# Reference: https://twitter.com/bigmacjpg/status/1579915319145295872
# Reference: https://www.virustotal.com/gui/ip-address/185.185.87.19/relations

demand.sageyogatherapies.com
360c.demand.sageyogatherapies.com
dbeb.demand.sageyogatherapies.com
f292.demand.sageyogatherapies.com

# Reference: https://twitter.com/MBThreatIntel/status/1580283780350504960

allsunstates.com
jquery0.com
ecar.allsunstates.com

# Reference: https://twitter.com/bigmacjpg/status/1580921898556276736

offerings.love4lifewellness.com
1303.offerings.love4lifewellness.com
1e06.offerings.love4lifewellness.com
213d.offerings.love4lifewellness.com
3d96.offerings.love4lifewellness.com
4c0f.offerings.love4lifewellness.com
4d87.offerings.love4lifewellness.com
7d2d.offerings.love4lifewellness.com
7d3a.offerings.love4lifewellness.com
8a4b.offerings.love4lifewellness.com
980f.offerings.love4lifewellness.com
a574.offerings.love4lifewellness.com
ca59.offerings.love4lifewellness.com
cebf.offerings.love4lifewellness.com
d1a0.offerings.love4lifewellness.com
d3c5.offerings.love4lifewellness.com
d7d8.offerings.love4lifewellness.com
dd68.offerings.love4lifewellness.com
e962.offerings.love4lifewellness.com

# Reference: https://twitter.com/MBThreatIntel/status/1580971576144822272

engine.discoveryhypnosis.com
resale.adkelly.com
resort.reliablecommunityservices.com

# Reference: https://twitter.com/MBThreatIntel/status/1582131308763185152
# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-October/030777.html

c1ypsilanti.org
festival.robingaster.com
training.c1ypsilanti.org

# Reference: https://twitter.com/C0ryInTheHous3/status/1582370010659311616
# Reference: https://www.virustotal.com/gui/ip-address/91.208.197.151/relations

consultant.meredithklemmblog.com

# Reference: https://twitter.com/MBThreatIntel/status/1582439318320447489

family.1ablecommunity.com
school.cherry-street-portrait-studios.com

# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-October/030779.html

jsfconnections.com
discover.jsfconnections.com

# Reference: https://twitter.com/MBThreatIntel/status/1583210388627542018

furniture.nothingordinarydesign.com

# Reference: https://twitter.com/MBThreatIntel/status/1585404776732594181

chess.north-atlantic.com

# Reference: https://community.emergingthreats.net/t/daily-ruleset-update-summary-2022-10-27/109

shipwrecks.ggentile.com

# Reference: https://twitter.com/MBThreatIntel/status/1588630860236218368

portraits.studio-94-photography.com

# Reference: https://twitter.com/mojoesec/status/1590380057180409856
# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.19/relations

campaign.tworiversboat.com
07cf.campaign.tworiversboat.com
188e.campaign.tworiversboat.com
2344.campaign.tworiversboat.com
41be.campaign.tworiversboat.com
4453.campaign.tworiversboat.com
4f0a.campaign.tworiversboat.com
54d9.campaign.tworiversboat.com
6041.campaign.tworiversboat.com
60eb.campaign.tworiversboat.com
6950.campaign.tworiversboat.com
6980.campaign.tworiversboat.com
6dfd.campaign.tworiversboat.com
737d.campaign.tworiversboat.com
7502.campaign.tworiversboat.com
7ae3.campaign.tworiversboat.com
8322.campaign.tworiversboat.com
848b.campaign.tworiversboat.com
85fe.campaign.tworiversboat.com
8b79.campaign.tworiversboat.com
ab78.campaign.tworiversboat.com
ac96.campaign.tworiversboat.com
bc4a.campaign.tworiversboat.com
ca21.campaign.tworiversboat.com
cd74.campaign.tworiversboat.com
e0c7.campaign.tworiversboat.com
f121.campaign.tworiversboat.com
f253.campaign.tworiversboat.com
f622.campaign.tworiversboat.com

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030798.html

coinangel.online
rate.coinangel.online
0096.rate.coinangel.online
0ed7.rate.coinangel.online
0f71.rate.coinangel.online
247d.rate.coinangel.online
3162.rate.coinangel.online
3f5a.rate.coinangel.online
4862.rate.coinangel.online
5a75.rate.coinangel.online
5c31.rate.coinangel.online
7507.rate.coinangel.online
860a.rate.coinangel.online
881f.rate.coinangel.online
8941.rate.coinangel.online
8cff.rate.coinangel.online
90222.rate.coinangel.online
9e033.rate.coinangel.online
bef30.rate.coinangel.online
c4e85.rate.coinangel.online
c62f8.rate.coinangel.online
c827.rate.coinangel.online
cefd.rate.coinangel.online
f098.rate.coinangel.online
fd24.rate.coinangel.online

# Reference: https://blog.sucuri.net/2022/11/new-socgholish-malware-variant-uses-zip-compression-evasive-techniques.html

community.backpacktrader.com
course.netpickstrading.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-16-v10174/162

factors.djbel.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-22-v10179/172

dashboard.skybacherslocker.com
montage.travelguidediva.com

# Reference: https://blog.sucuri.net/2022/11/new-wave-of-socgholish-cid27x-injections.html

mini.ptipexcel.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-28-v10183/182

mask.covidturf.com
pastor.cntcog.org
perspective.cdsignner.com
progress.cashdigger.com
wiki.clotheslane.com

# Reference: https://twitter.com/nosecurething/status/1597655258666500097
# Reference: https://www.virustotal.com/gui/ip-address/82.180.154.113/relations

diary.lojjh.com
03c.discover.jsfconnections.com
0454.discover.jsfconnections.com
0dd3.discover.jsfconnections.com
1113a.diary.lojjh.com
18249.diary.lojjh.com
186e.discover.jsfconnections.com
1ca79.diary.lojjh.com
1ffb.discover.jsfconnections.com
22fa9.diary.lojjh.com
25a02.diary.lojjh.com
2dbb6.diary.lojjh.com
2ff2.discover.jsfconnections.com
3157.diary.lojjh.com
31d6.discover.jsfconnections.com
35e5.discover.jsfconnections.com
397b.discover.jsfconnections.com
3af2.discover.jsfconnections.com
3b1a.discover.jsfconnections.com
3ba9.discover.jsfconnections.com
3da2.discover.jsfconnections.com
41b9.discover.jsfconnections.com
4200.discover.jsfconnections.com
4519.discover.jsfconnections.com
47bbd.diary.lojjh.com
48e2.discover.jsfconnections.com
4d9c.discover.jsfconnections.com
4f60.discover.jsfconnections.com
5468.discover.jsfconnections.com
55444.diary.lojjh.com
55904.diary.lojjh.com
55f4.discover.jsfconnections.com
59b8.discover.jsfconnections.com
6390.discover.jsfconnections.com
63e7b.diary.lojjh.com
643a4.diary.lojjh.com
685e.discover.jsfconnections.com
69d2.discover.jsfconnections.com
6a535.diary.lojjh.com
6d417.diary.lojjh.com
6e1b.discover.jsfconnections.com
6eae.discover.jsfconnections.com
7041e.diary.lojjh.com
72e34.diary.lojjh.com
7329.discover.jsfconnections.com
7490.discover.jsfconnections.com
7a2e.discover.jsfconnections.com
7ebb0.diary.lojjh.com
7f6e.discover.jsfconnections.com
86f2e.diary.lojjh.com
888c.discover.jsfconnections.com
88d5a.diary.lojjh.com
8b9b.discover.jsfconnections.com
8ee8.discover.jsfconnections.com
8f1e3.diary.lojjh.com
91d1.discover.jsfconnections.com
94265.diary.lojjh.com
95f09.diary.lojjh.com
97418.diary.lojjh.com
99ec.discover.jsfconnections.com
9c3af.diary.lojjh.com
_.discover.jsfconnections.com
a200.discover.jsfconnections.com
a37e.discover.jsfconnections.com
a489.discover.jsfconnections.com
a650.discover.jsfconnections.com
a7eb.discover.jsfconnections.com
a9a8f.diary.lojjh.com
a9dcb.diary.lojjh.com
ad96.discover.jsfconnections.com
b1c10.diary.lojjh.com
b36f.discover.jsfconnections.com
b3ab.discover.jsfconnections.com
b8b46.diary.lojjh.com
ba9e.discover.jsfconnections.com
bcd8d.diary.lojjh.com
c01a.discover.jsfconnections.com
c06bd.diary.lojjh.com
c202.discover.jsfconnections.com
c4205.diary.lojjh.com
c4cce.diary.lojjh.com
c5a5b.diary.lojjh.com
c67da.diary.lojjh.com
c6ab.discover.jsfconnections.com
c6f54.diary.lojjh.com
ca03c.diary.lojjh.com
ca1a.discover.jsfconnections.com
cb2d.discover.jsfconnections.com
cedfd.diary.lojjh.com
d3157.diary.lojjh.com
d561.discover.jsfconnections.com
d9a6.discover.jsfconnections.com
dc7ac.diary.lojjh.com
dd79.discover.jsfconnections.com
df05.discover.jsfconnections.com
e488.discover.jsfconnections.com
e54ed.diary.lojjh.com
f3f96.diary.lojjh.com
f63d5.diary.lojjh.com
fe14.discover.jsfconnections.com
feaf.discover.jsfconnections.com
test.diary.lojjh.com

# Reference: https://twitter.com/bigmacjpg/status/1600166713257082882

fate.truelance.com
09283.fate.truelance.com
1cd4d.fate.truelance.com
206bc.fate.truelance.com
3978b.fate.truelance.com
3cc9d.fate.truelance.com
73d86.fate.truelance.com
86248.fate.truelance.com
a406c.fate.truelance.com
ad373.fate.truelance.com
cf0bc.fate.truelance.com
d824c.fate.truelance.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-09-v10192/201

automatic.tworiversboats.com
logistics.socialtrendsmanagement.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-13-v10195/205

library.covebooks.com
modernism.designpaw.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-15-v10197/208

brooklands.harteverything.com
deposit.coveprice.com
fittingroom.gibbsjewelry.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-19-v10199/212

navyseal.bezmail.com

# Reference: https://twitter.com/bigmacjpg/status/1606124410619953153

shrubs.emptyisland.pics
09f51.shrubs.emptyisland.pics
0b854.shrubs.emptyisland.pics
0c77b.shrubs.emptyisland.pics
30e92.shrubs.emptyisland.pics
311a7.shrubs.emptyisland.pics
3d442.shrubs.emptyisland.pics
44255.shrubs.emptyisland.pics
44cb0.shrubs.emptyisland.pics
4c4f6.shrubs.emptyisland.pics
55c1e.shrubs.emptyisland.pics
5ac88.shrubs.emptyisland.pics
5d36b.shrubs.emptyisland.pics
70ef8.shrubs.emptyisland.pics
72fd8.shrubs.emptyisland.pics
7f868.shrubs.emptyisland.pics
801e9.shrubs.emptyisland.pics
82c8c.shrubs.emptyisland.pics
82e97.shrubs.emptyisland.pics
849e8.shrubs.emptyisland.pics
84cbe.shrubs.emptyisland.pics
88c3a.shrubs.emptyisland.pics
8e5e6.shrubs.emptyisland.pics
8f5b3.shrubs.emptyisland.pics
974d4.shrubs.emptyisland.pics
9ce8c.shrubs.emptyisland.pics
a024b.shrubs.emptyisland.pics
a02eb.shrubs.emptyisland.pics
a060c.shrubs.emptyisland.pics
a58cf.shrubs.emptyisland.pics
ac436.shrubs.emptyisland.pics
b0ca2.shrubs.emptyisland.pics
b1498.shrubs.emptyisland.pics
b63e6.shrubs.emptyisland.pics
d41ba.shrubs.emptyisland.pics
da6ae.shrubs.emptyisland.pics
dce42.shrubs.emptyisland.pics
e0324.shrubs.emptyisland.pics
e28c3.shrubs.emptyisland.pics
e65e4.shrubs.emptyisland.pics
ea0a5.shrubs.emptyisland.pics
eb7f3.shrubs.emptyisland.pics
ec818.shrubs.emptyisland.pics
f9e1a.shrubs.emptyisland.pics
fc364.shrubs.emptyisland.pics

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-23-v10204/229

abcbarbecue.xyz
milonopensky.store
exclusive.milonopensky.store
extcourse.zurvio.com
internship.ojul.com
perspective.abcbarbecue.xyz

# Reference: https://twitter.com/BroadAnalysis/status/1608846475408334849

digijump.online
navyseal.digijump.online

# Generic

/Chrome.Quick.Update.ver.101.65.65282.js
/Chrome.Update.3b1362.js
/Chrome.Update.88fe59.js
/Opera.Update.426482.js
