Despite all the combinations (a list is at the bottom of the post if you want to paste it in somewhere), there are only a small number of IP addresses involved:
All of those IPs belong to C I Host, some seem to have legitimate sites hosted on them.
One one domain (mybar.us) is not anonymised:
Registrar URL (registration services): www.publicdomainregistry.com Domain Status: clientTransferProhibited Registrant ID: DI_11638984 Registrant Name: Andrew Black Registrant Organization: N/A Registrant Address1: 555 Taylor Rd. Registrant City: Enfield Registrant State/Province: Connecticut Registrant Postal Code: 06082 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +860.7492291 Registrant Email: email@example.com Registrant Application Purpose: P1 Registrant Nexus Category: C11
Although the address and phone number are no doubt fake, the email address of firstname.lastname@example.org is known.
The next hop uses a subdomain of a legitimate domain registered at GoDaddy that appears to have been phished: out.outdoorkitchendistributors.com - this site is hosted on 220.127.116.11.. it's just worth pausing to note that the legitimate domain specchart.com also appears to have been hijacked via a GoDaddy phish and moved to this server.
The endpoint is a Java exploit on a server at 18.104.22.168 belonging to microlines.lv (AS2588 / 22.214.171.124/19) which appears to be a pretty evil network. How the hell they got a /19 is a mystery when I can't see any verifiably legitimate sites.
If you want to block the intermediate domains, they are: