http://onlinefastsolutions.com:8088/scripts/file2.bin
http://insiderushings.com:8088/images/file2.bin
http://buyer-remindment.com:8088/fonts/details.bin
http://paymentadvisry.com:8088/templates/details.bin
http://buyer-remindment.com:8088/css/file13.bin
http://insiderushings.com:8088/vendors/file8.bin
http://fasteasyupdates.com:8088/wp-theme/file12.bin
http://jeromfastsolutions.com:8088/bundle/file12.bin
http://webservicesamazin.com:8088/wp-theme/file9.bin
http://buyer-remindment.com:8088/templates/file3.bin

webservicesamazin.com(208.83.69.35)
fasteasyupdates.com(163.172.213.69)
onlinefastsolutions.com(163.172.213.69)
jeromfastsolutions.com(128.199.243.169)
paymentadvisry.com(208.83.69.35)
insiderushings.com(163.172.213.69)
buyer-remindment.com(208.83.69.35)
128.199.243.169
208.83.69.35
163.172.213.69

https://raw.githubusercontent.com/Sanctam/SanctamRepository/master/includes/xmrig.zip
https://github.com/Sanctam/SanctamRepository/raw/master/includes/xmrig.zip

xmr.pool.minergate.com(49.12.80.38) - mailcious
github.com(52.78.231.108) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
pastebin.com(104.23.98.190) - mailcious
sanctam.net(185.65.135.248)
185.65.135.248
104.23.99.190 - mailcious
15.164.81.167 - malware
49.12.80.40
185.199.110.133 - malware

http://www.jizengzaoshu.com/csls/?1bw=kRgQXJF51eUXG+4uzYnOJgdDaH+wzWDEOelMnCHqzCLkvj8eyez0QKOGB+52/9OXPNCbrzK2&EjP=dfrdAJqHa8d
http://www.areyouokryk.com/csls/?1bw=OVh1mORBwZN5hMTpx8cAZShw4Rh4UjaVngSiCF/nEG3gxCOb6RS2YA3+ULqt9QFGpxuTJlqD&EjP=dfrdAJqHa8d

www.areyouokryk.com(162.0.232.134)
www.jizengzaoshu.com(192.101.233.81)
192.101.233.81
162.0.232.134

http://jeromfastsolutions.com:8088/scripts/file10.bin

jeromfastsolutions.com(208.83.69.35)
208.83.69.35