2/5 14:30くらいまでにany.runにsubmitされた #Emotet のペイロードに含まれるドメインリストまとめた
見た分だけ
Hostname
- roiboypoka[.]ru
- medical[.]hsh-bh[.]com
- elifehotel[.]com
- ceylongems[.]konektholdings[.]com
- bankingdb[.]com
- modahub[.]site
- buildbybuild[.]com
- heyat[.]yaranenab[.]com
- 18791[.]com
- activation2[.]mathetmots[.]com
- food[.]hsh-bh[.]com
- ornadh[.]com
- tryotium[.]com
- ucakkargo[.]app
- how-to-tech[.]com
- calabughi-demo[.]holodemo[.]it
- crimecitynews[.]com
- clicksbyayush[.]com
- www[.]hgklighting[.]com
- cheapwebvn[.]net
- sundevilstudentwork[.]com
- faro-master[.]ru
- blog[.]adpubmatic[.]com
- www[.]40ad[.]com
- anaracademy[.]ir
- procast[.]nl
- thehomelyfood[.]com
- cfped-duca[.]com
- bookdigger[.]azurewebsites[.]net
- wasap[.]lse[.]org[.]ro
- furiousfox[.]in
- sirwalsulthan[.]com
- wifinames[.]xyz
- sucmanhquangcao[.]com
- www[.]liberid[.]com
- musicbloggery[.]co[.]uk
- blockchainjoblist[.]com
- womenempowermentpakistan[.]com
- atnimanvilla[.]com
- yeuquynhnhai[.]com
- www[.]trinomulkantho[.]com
- 40ad[.]com
- bestdiyprojects[.]info
- zetalogs[.]com
- beleze[.]com[.]br
- rmw-pulsa[.]com
- koddata[.]com
- icapture[.]app
- arthro-1[.]site
- serverhp[.]top
IP
- 70[.]187[.]114[.]147
- 209[.]146[.]22[.]34
- 104[.]236[.]28[.]47
- 198[.]58[.]114[.]91
- 45[.]79[.]223[.]161
- 91[.]205[.]215[.]10
- 139[.]162[.]183[.]41
- 69[.]55[.]238[.]203
- 47[.]155[.]214[.]239
興が乗って感染後の通信先まで少し調べた。any.run便利まじで。
