# Aggregated and created by https://github.com/SystemJargon and Last Updated Tue 03 Jan 2023 07:33:22 PM NZDT
# This list below has urls or domains associated with phishing links or spam email
0701baibao-1305586011.cos.ap-nanjing.myqcloud.com
0x6b.0254.0113.0244
104-168-132-128.nip.io
111234cdt.ddns.net
455686.c1.biz
61toolll.oss-us-east-1.aliyuncs.com
7a31e5b2.ns2.vaultsecure.net
91.211.91.56
a0525271.xsph.ru
aconex.com
adminet.site
adminet.space
aimsecurity.net
airjaldi.online
aiyama.oss-eu-west-1.aliyuncs.com
ajglsbrsme.suzukilaos.com
aliveafterguard.tech
aliyuncs.com
amasterweb.site
amazing-nightingale-3617e1.netlify.app
amusient.com
analistcloud.space
analistnet.site
analistnet.space
analistsite.site
analisttab.site
analisttab.space
analistweb.site
analistweb.space
analitic-tab.site
analitic-tab.space
analiticnet.site
analitics-tab.site
analiticsnet.site
analiticstab.site
analiticstab.space
analitictab.site
analitictab.space
analiticweb.site
analizeport.site
analizerete.site
analylicweb.site
analystclick.site
analysttraffic.site
analystview.site
analystweb.site
analyticlick.site
analyticmanager.site
analyticview.site
aneweb.site
antipublicwestbank.com
api.ip.sb
app.wipster.io
asdfghdsajkl.com
associationable.com
atecasec.info
avsvmcloud.com
award.commercedecisions.com.au
awsglobalaccelerator.com
b.adventh.org
bank4america.com
bankcreditsign.com
bankingshoestohome.com
bankwithmyhomies.com
banusle.top
baradical.com
basiliskbank.com
battlefieldant.com
beautyindustrygroup.com
benchmarkestimating.exavault.com
ber1303genco.appspot.com
bestpricepets.com
bigtopweb.com
bjij7tqwaipwbeig5ubq4xjb6fy7s3lknhkjojo4vdngmqm6namdczad.onion
brian.ravensberg.favorite.com.tr
broker.gotoassist.com
browm-forman.com
brown-formam.com
bublegum.xyz
bypassociation.com
c2-3-143-67-171.us-east-2.compute.amazonaws.com
canar.com.sa
canarytokens.com
cannstattraction.com
capermission.com
carnegieinsider.com
catsdegree.com
cdnetworker.site
cdtpitbull.hopto.org
chcracked.com
che4vr0n-tex1c9-11c.netlify.app
choicetoweb.com
chyprediction.com
cleanerjs.site
click.smartsheet.com
clickanalyst.site
clickanalytic.site
cliff.basten.yazarkasaankara.gen.tr
cloud.com
cloudtester.site
cocolatest.sbs
codecollage.co.uk
commenter.site
complexofferstobakn.com
conglomeratoid.com
connectweb.space
cooperativology.com
corpleaks.net
countrysidable.com
currentteach.com
daksjuggdhwa.com
databasegalore.com
datasomatic.ru
datazr.com
daveslocum.com
deftsecurity.com
denso.com
deprivationant.com
derek.lamprecht.irodaoutlet.tk
dfcompros.com
digitalcollege.org
digitalcombo.com.br
discriminatoid.com
djshggadasj.com
dkisuaggdjhna.com
dmequest.com
documentssign-api.com
domainclean.site
domainet.site
domainet.space
domestickum.com
dquggwjhdmq.com
dtermalherbhos.com
dullism.com
edc.com.ly
edosefa.top
education-loan.12d.com
eiqwuggejqw.com
emg-compl.com
erdfacturaa.top
ervsystem.com
esterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion
evalueserve.com
executivance.com
express.adobe.com
eyebrowaholic.com
eyetechltd.com
fastester.site
fastjspage.site
fastupload.site
fbi.fund
feristoaul.com
ffload01.top
ffload02.top
fidespair.com
fidufagios.com
fifth-efficient-wasp.glitch.me
filltobill5.casa
financialmarket.org
foosq.one
foundanalyst.site
foundanalytic.site
freescanonline.com
fullka.online
gaikai.work
gallerycenter.org
garrisontx.us
gcwr4vcf72vpcrgevcziwb7axooa3n47l57dsiwxvzvcdlt7exsvk5yd.onion
gencalc.software.informer.com
geo.netsupportsoftware.com
geography.netsupportsoftware.com
ghd.sendthisfile.com
gistration.dll.dll
globalnetworkissues.com
googleservice64.ddns.net
goos1.store
goptgrou.global.ssl.fastly.net
gudini.cam
gulf.moneroocean.stream
h378576.atwebpages.com
hardtester.site
hd-background.oss-ap-southeast-1.aliyuncs.com
hemispherious.com
hetaskosupportcenter.com
heuristic-hermann-392016.netlify.app
highdatabase.com
hostcontrol.space
httpanel.site
hurtsecurityfinance.com
hxt254aygrsziejn.onion
i758769.atwebpages.com
iasudjghnasd.com
icloudserv.ru
ihvpgv9psvq02ffo77et.appsync-api.us-east-2.avsvmcloud.com
incomeupdate.com
indokitel.xyz
indulgology.com
infinitysoftwares.com
info.docs-sharepoint.com
injuryless.com
installerr.pw
intelliclicksoftware.net
interage.site
invocation-removability-untenuously.s3.eu-central-003.backblazeb2.com
invoice.docs-sharepoint.com
inxsoftware.com
ipcounter.space
itmanagersupporter.click
itofficemasword.com
itoltuico.cyou
itsector.date
java-stat.com
jeatech-my.sharepoint.com
jerryskaxtebilling.com
jscleaner.site
jurisdictionient.com
kackdelar.top
kadmg.oss-me-east-1.aliyuncs.com
kdjwhqejqwij.com
keywordsance.com
kjdhsasghjds.com
klclick.com
knajhdy0ph.7853.ucaaug.org
koolimkham.club
koralak.hk
kubecloud.com
lanetester.site
lanlocker.site
lcomputers.com
lianzafacture.eu
linkerange.site
linkerange.space
listmanager.space
livefilestore.com
lkjhgfgsdshja.com
loockerweb.site
loood1.top
loood2.top
lucidapps.info
magengine.site
manage.fastfieldforms.com
managerage.site
managerage.space
managertraffic.site
mandioip.com
mandrillapp.com
manusaotomatikkapitamiri.com
mariaschool.xyz
mastercard-email.com
masterlinker.site
masternet.space
masterport.site
mcilwain.wildapricot.org
mediaconservative.xyz
megatoolkit.com
memorialsection.com
menorukis.su
mesh.com
mesoplano.com
migrationable.com
minanalize.site
mine.moneropool.com
minimazerjs.site
mobilnweb.com
mojobiden.com
morangapowder.com
morenodorf.com
my.newforma.com
myofibrilliance.com
myqcloud.com
nervous-hodgkin-5c3bb4.netlify.app
netanalist.site
netanalist.space
netanalisttest.space
netanalitic.site
netanalitic.space
netanalitics.site
netcontrol.site
netpanel.site
netstart.space
nettingpanel.site
nettingtest.site
nettraffic.site
new.certainty3d.com
newschools.nfo
nikeoutletinc.org
nonremittalable.com
nur68cnnc5.com
officewestunionbank.com
offspringance.com
olapdatabase.com
ollaholla.cyou
on-offtrack.biz
onehitech.casa
onetechcompany.com
onflicitoesar.eu
onion
ontabilidadms.eu
opposedent.com
org.misecure.com
ownerpage.site
pagecleaner.site
pagegine.site
pageloader.site
pagenator.site
pagestater.site
pagesupport.site
panelake.site
panelake.space
panelan.site
panelblock.site
panelnetting.site
panelocker.site
panhardware.com
pastebin.pl
pathlive.in
pathlive.nl
paymenthacks.com
pdfdocdownloadspanel.net
phuhaihoang.vn
pigeonious.com
pingolag.top
pinokio.online
planetspeed.site
privatlab.com
producteditor.site
profreefiles.com
programmersforum.ru
pronto-login.com
pyddteres.hopto.org
questbankcustoms.com
r20.rs6.net
rabbitumed.com
rbvideo.com.au
relativedata.ru
restwosternetbank.com
retenetweb.site
reurl.cc
revokecert.ru
reyweb.com
richesk.com
roan-tricky-modem.glitch.me
rokki.club
romanovawillkillyou.c1.biz
s2wlab.com
s3crt.biz
safariperks.ru
saverplanel.site
screenconnect.com
sectimer.site
securebestapp20.com
securefield.site
securepubads.g.doubleclick.net
seeweb.space
selectorbasebanks.com
sense4baby.fr
sentech.cyou
seobundlekit.com
serevalutinoffice.com
server-linode.in
server-linode.nl
server-linode.org
servicedesk42.org
sharefile.com
shareholderery.com
shareholderma.com
sharkedtest1.xyz
sharkedtestuk.xyz
showproduct.site
siteanalist.site
siteanalist.space
siteanalitic.site
siteanalitics.site
siteanalyst.site
siteanalytic.site
sitengine.site
sitesecure.space
sitetraffic.site
slickclean.site
slotmanager.site
slotshower.site
smallka.cam
smalltrch.cc
snapfile.org
solartrackingsystem.net
soorkis.one
spaceclean.site
spacecom.site
spaces.hightail.com
spectrummel.com
speedstress.site
speedtester.site
speedtester.space
spotifyly.world
srchassist.com
srfnetwork.org
sslmanager.site
stacyslocum.com
starnetting.site
statetraffic.site
statsclick.site
stopransomware.gov
storepanel.site
successfullyreview-pakondemandos.com
suporter.site
sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
swipeservice.com
t.wf.wfrlh.com
tab-analitic.site
tab-analitic.space
tab-analitics.site
tab-analitics.space
tabanalist.site
tabanalist.space
tabanalitic.site
tabanalitic.space
tabanalitics.site
tabanalitics.space
taingenieria.eu
takemetoyouheart.c1.biz
taketodjnfnei898.c1.biz
taketodjnfnei898.ueuo.com
targetag.space
tartopglaucoma.com
tatamm.oss-us-west-1.aliyuncs.com
teamviewer.com
techiefly.com
telanet.site
telanet.space
temisleyes.com
textilesld.cluster020.hosting.ovh.net
thecorporatetailors.com.au
thedoccloud.com
tianmarket.shop
tibet.bet
togoku-service.com
topdeal2u.com
trafficanalyst.site
trafficanalytics.site
trafficcloud.site
trafficsanalist.site
trafficsee.site
trafficweb.site
transfer.sh
truetech.cam
ts-t1.fulcrum-spatial.com
tutorialjinni.com
ubbencion.australiaeast.cloudapp.azure.com
ubbencion.eu
unionsoki.z13.web.core.windows.net
unitious.com
units.clearskincarseclinics.com
unpkgtraffic.site
update.centosupdates.com
veeneetech.world
versionhtml.site
viewanalyst.site
viewanalytic.site
viewpoint.com
vincentolife.com
virtualdataserver.com
virtualwebdata.com
voicesp.oss-us-east-1.aliyuncs.com
vpoint.account.box.com
vpoint.app.box.com
warriorss.oss-us-west-1.aliyuncs.com
we.tl
web-vms.com
webanalist.site
webanalist.space
webanalitic.site
webanalitics.site
webanalylic.site
webanalyst.site
webcodez.com
webgraitupeople.com
webmode.site
webmoder.space
websitetheme.com
welltech.bar
welltech.monster
welltech.rest
wh890850.ispot.cc
windowsupdatesupport.org
winsaipowertech.com
ww165pup.firebaseapp.com
www.box.com
www.fastfieldforms.com
www.junoviewerweb.com
www.rajuherbalandspicegarden.com
www.revizto.com
www.simapp.com
www.swaplenders.com
www.thechiropractor.vegas
www1981.sakura.ne.jp
xjnwqdospderqtk.ru
xpressmexico.com
xxxs.info
zubesta1.com
zupertech.com
# Leveraged phishing and click-hijack
email.teamsnap.com
www.blank.com
thovest.com
# P2P domain with dubious subdomain links and suspcious downloads
ipfs.nftstorage.link
bafybeibjb2wwyaajzqjzbdsc4twowl3l4mti6pvbq6cqir46k7k3bgoniy.ipfs.nftstorage.link
# SVCReady Malware
muelgadr.top
wikidreamers.com
galmerts.art
kikipi.art
kokoroklo.su
# Malicious-Phishing Link
ep.cpq7o.bottegatoscana.com.hk
# Fake Crack and Black-SEO
goes12by.cfd
baed92all.cfd
aeddkiu6745q.cfd
14redirect.cfd
lixn62ft.cfd
kohuy31ng.cfd
wae23iku.cfd
yhf78aq.cfd
xzctn14il.cfd
mihatrt34er.cfd
oliy67sd.cfd
er67ilky.cfd
bny734uy.cfd
uzas871iu.cfd
dert1mku.cfd
fr56cvfi.cfd
asud28cv.cfd
freefiles34.xyz
freefiles33.xyz
wrtgh56mh.cfd
timur-online.com
eventitaormina.it
artradersltd.co.uk
pelanduk.empatdns.com
# Sometimes known to host .ico or .png or image files which are part of other payloads (usually JS) to infect a victim or browser. Either that or the site has a bad rep.
code-examples.net
kotaeta.com
answer-id.com
code.i-harness.com
living-sun.com
qastack.jp
qastack.ru
qastack.it
qastack.mx
qastack.com.br
qastack.info.tr
qastack.in.th
qastack.com.de
qastack.fr
qastack.cn
qastack.com.ua
qastack.co.in
qastack.kr
qastack.vn
qastack.net.bd
qa-stack.pl
qastack.id
www.coder.work
www.it-swarm-ja.tech
www.it-swarm.jp.net
www.it-mure.jp.net
www.it-swarm-ja.com
www.it-swarm.com.ru
codeflow.site
codeguides.site
overcoder.net
coderoad.ru
www.generacodice.blog
www.generacodice.it
www.generacodice.com
www.javaer101.com
voidcc.com
siwib.org
fluffyfables.com
www.fixes.pub
knews.vip
isolution.pro
uwenku.com
lycaeum.dev
brocante.dev
classmethod.dev
stormcrow.dev
athabasca-foto.com
zsharp.org
projectbackpack.org
waymanamechurch.org
sunflowercreations.org
cfadnc.org
fitforlearning.org
panaindustrial.com
sierrasummit2005.org
theshuggahpies.com
pcbconline.org
www.nuomiphp.com
ubuntu.buildwebhost.com
ubuntuaa.com
www.debugcn.com
sch22.org
gupgallery.com
amuddycup.com
ecnf2016.org
softwareuser.asklobster.com
domainelespailles.net
ec-europe.org
pakostnici.com
try2explore.com
laravelquestions.com
itectec.com
stackovergo.com
faithcov.org
noblenaz.org
www.py4u.net
culinarydegree.info
safehavenpetrescue.org
qapicks.com
issues-world.com
narkive.jp
ourladylakes.org
intellipaat.com
article.docway.net
xiu2.net
codehero.jp
quabr.com
www.webdevqa.jp.net
exceptionshub.com
newbedev.com
www.codenong.com
cainiaojiaocheng.com
routinepanic.com
pythonwd.com
tutorialmore.com
alwaysemmyhope.com
pretagteam.com
www.titanwolf.org
coderedirect.com
ostack.cn
easysavecode.com
webdevdesigner.com
www.ghcc.net
developreference.com
www.semicolonworld.com
tipsfordev.com
www.qi-u.com
stackqna.com
www.xsprogram.com
stackoom.com
it-swarm-fr.com 
12png.com
citypng.com
cleanpng.com
clipart-library.com
clipartix.com
clipartmax.com
computercareers.org
crazypng.com
critterbuddies.com
crypttv.com
dlpng.com
emojipng.com
emojisky.com
favpng.com
flyclipart.com
freeiconspng.com
freelogoservices.com
freepik.com
hackerx.org
imgbin.com
itsmapics.xyz
kindpng.com
kissclipart.com
lovepik.com
mygrow.me
nicepng.com
opensea.io
outtechus.com
pikpng.com
pinclipart.com
pinpng.com
png.is
pngaaa.com
pngable.com
pngall.com
pngarts.com
pngegg.com
pngfind.com
pnghut.com
pngimg.com
pngitem.com
pngjam.com
pngjoy.com
pngix.com
pngkey.com
pngmart.com
pngset.com
pngtree.com
pngtreefree.club
pngwing.com
prntr.com
proofmart.com
pxpng.com
rawpixel.com
revistaneon.net
searchpng.com
seekpng.com
similarpng.com
steemit.com
steemkr.com
subpng.com
toppng.com
transparentpng.com
vector69.com
vhv.rs
vippng.com
wallpapersafari.com
wanecque.com
svg-clipart.com
www.jing.fm
graphicmama.com
www.pngkit.com
wanecque.com# Follina CVE-2022-30190 related
tibet-gov.web.app
tibetyouthcongress.com
t1bet.net
www.xmlformats.com
xmlformats.com
www.sputnikradio.net
sputnikradio.net
# Bumblebee C2 (malicious) related
#cdn.jsdelivr.net # not always malicious, more sometimes misused.
28.11.143.222
49.12.241.35
185.33.87.53
71.1.188.122
89.222.221.14
108.62.118.56
ec2-18-118-156-145.us-east-2.compute.amazonaws.com
gomuzigak.com
# Cobalt Strike re-emerge
zupeyico.com
lentgenn.com
policyupdating.com
baronrtal.com
45.153.243.93
# EMOTET C2 traffic observations to block
chobemaster.com
bencevendeghaz.hu
vibesapparels.com
# IceID / BokBot / DarkVNC
hectorcalle.com
pilatylu.com
guguchrome.com
ganjicow.com
callbackhubs.com
84.32.190.49
yolneanz.com
# QAKBOT C2
meumundocatolico.com
smartleasesonora.com
rizucem.com
svfin.icu
# HelloXD Ransomware - reference unit42.paloaltonetworks.com/helloxd-ransomware/
www.zxlab.iol4cky.men
btc-trazer.xyz
sandbox.x4k.me
malware.x4k.me
f.x4k.me
0.x4k.me
pwn.x4k.me
docker.x4k.me
apk.x4k.me
x4k.me
powershell.services
vmi378732.contaboserver.net
x4k.in
L4cky.men
m.x4k.me
mx2.l4cky.com
mailhost.l4cky.com
www1.l4cky.com
authsmtp.l4cky.com
ns.l4cky.com
mailer.l4cky.com
imap2.l4cky.com
ns2.l4cky.com
server.l4cky.com
auth.l4cky.com
remote.l4cky.com
mx10.l4cky.com
ms1.l4cky.com
mx5.l4cky.com
relay2.l4cky.com
ns1.l4cky.com
email.l4cky.com
imap.l4cky.com
mail.x4k.me
repo.x4k.me
bw.x4k.me
collabora.x4k.me
cloud.x4k.me
yacht.x4k.me
book.x4k.me
teleport.x4k.me
subspace.x4k.me
windows.x4k.me
sf.x4k.me
dc-b00e12923fb6.l4cky.men
box.l4cky.men
mail.l4cky.men
www.l4cky.men
mta-sts.l4cky.men
ldap.l4cky.men
cloud.l4cky.men
office.l4cky.men
rexdooley.ml
relay2.kuimvd.ru
ns2.webmiting.ru
# Gallium - PingPull
micfkbeljacob.com
df.micfkbeljacob.com
jack.micfkbeljacob.com
hinitial.com
t1.hinitial.com
v2.hinitial.com
v3.hinitial.com
v4.hinitial.com
v5.hinitial.com
goodjob36.publicvm.com
goodluck23.jp.us
helpinfo.publicvm.com
mailedc.publicvm.com
# IceXLoader 3.0 Malware # Includes C2 URLs and Download URLs - Source Fortinet
kulcha.didns.ru
r4yza92.com
62.197.136.240
north.ac
hhj.jbk0871.fun
funmustsolutions.site
golden-cheats.com
# PureCrypter Malware 
# reference https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter
amcomri.upro.site/.tmb/ID44/313606953372.jpg
# cdn.discordapp.com/attachments/933024359981932666/934953013670449253/Koieiminr.jpg
amcomri.upro.site/.tmb/ID44/Ffobs.png
#cdn.discordapp.com/attachments/911013699026825266/935017324182913104/EpicGames.jpg
gbtak.ir/wp-content/846569297734.jpg
# cdn.discordapp.com/attachments/765212138226450455/934977016292327455/Installer2.log
# cdn.discordapp.com/attachments/934261104564113441/934945441370497054/FlareTopia_V5.1.log
# cdn.discordapp.com/attachments/934261104564113441/935058809200730142/new.log
transfer.sh/get/3tWVO9/Evbccj.png
gbtak.ir/wp-content/759279720662.jpg
sub.areal-parfumi.si/kk/Lnnuda.log
sub.areal-parfumi.si/new/Ofwcwpm.jpg
gbtak.ir/wp-content/078571269562.jpg
# cdn.discordapp.com/attachments/846778795524751371/935185760783585360/Pmvzeaoj.log
# cdn.discordapp.com/attachments/933024359981932666/935065418803056680/Lkrbylqxx.png
taskmgrdev.com/e/Jymuty.png
# Lyceum-net-dns-backdoor
news-spot.live
# Shadowpad Backdoor - reference https[:]//ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/
api.onedriev.tk
storage.ondriev.tk 
order.cargobussiness.site
documents.kankuedu.org
live.musicweb.xyz
obo.videocenter.org
tech.obj.services
houwags.defineyourid.site
noub.crabdance.com
grandfoodtony.com
# Threats - bad url and domains below to block
www.echelon9.com
api.echelon9.com
dinterperson.xyz
specgoal.com
enlib2w9g8mze.x.pipedream.net
# lockbit 2.0 related
fibarcarolo.it
gymund.dk
gdctax.com.au
ismea.it
fed-gmbh.de
suntecktts.com
# emerging ransomware 
decoding.at
bigblog.at
lockbit-decryptor.com
lockbit-decryptor.top
# DIG manipulated DNS hijack
cyberclub.one
# Phishing domain # Categorized by fortinet
thesocialhire.in
# gamaredon-primitive-bear reference unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
jolotras.ru
moolin.ru
naniga.ru
nonimak.ru
bokuwai.ru
krashand.ru
gorigan.ru
637753576301692900.jolotras.ru
637753623005957947.jolotras.ru
637755024217842817.jolotras.ru
a.nonimak.ru
aaaa.nonimak.ru
aaaaa.nonimak.ru
aaaaaa.nonimak.ru
0enhzs.moolin.ru
0ivrlzyk.moolin.ru
0nxfri.moolin.ru
bilargo.ru
firtabo.ru
firasto.ru
myces.ru
teroba.ru
bacilluse.ru
circulas.ru
megatos.ru
phymateus.ru
cerambycidae.ru
coleopteras.ru
danainae.ru
# misc phishing and malware 
trk.klclick3.com
460f.templates.victoryoverdieting.com
fujitsu.sbs
danske-a-kasser.com
# SocGholish badsites
track.amishbrand.com
connect.clevelandskin.com
track.positiverefreshment.org
backup.awarfaregaming.com
click.clickanalytics208.com
link.easycounter210.com
sodality.mandmsolicitors.com
safeguard.couleurmutation.com
nurse.dmvsvapekings.us
rocket2.new10k.com
cigars.pawscolours.com
stuff.bonneltravel.com
cardo.diem-co.com
expense.brick-house.net
paggy.parmsplace.com
genesis.ibgenesis.org
havana.littlehavanacigarstore.com
cruise.updogtechnologies.com
predator.foxscalesjewelry.com
query.dec.works
wallpapers.uniquechoice-co.com
natural.cpawalmyrivera.com
master.ilsrecruitment.com
west.bykikarose.com
# Grandoreiro badsites
35.181.59.254
35.180.117.32
52.67.27.173
54.232.38.61
barusgorlerat.me
assesorattlas.me
atlasassessorcontabilidade.com
vamosparaonde.com
mantersaols.com
premiercombate.eastus.cloudapp.azure.com
# BlueSky Ransomware IOC URL
kmsauto.us 
ccpyeuptrlatb2piua4ukhnhi7lrxgerrcrj4p2b5uhbzqm2xgdjaqid.onion 
# IOC for Digium phones re web shell attack
37.49.230.74
