# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ostap, sload

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

maleass.eu

# Reference: https://twitter.com/VK_Intel/status/1021453551975817217

wjcqsstycdujc.eu

# Reference: https://twitter.com/reecdeep/status/1136581953770205185

casasmocambique.com

# Reference: https://twitter.com/reecdeep/status/1138006570934185987

consciousrevolutionist.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1167351884367237120

/angola/mabutu.php

# Reference: https://twitter.com/reecdeep/status/1172122826251415552

cvrwe.eu
ijve.eu
rdtber.eu
uilomiku.eu

# Reference: https://twitter.com/reecdeep/status/1185090113929388032

bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1186179780468719617

howeconsultingsf.com
nvroe.eu
rtexo.eu

# Reference: https://app.any.run/tasks/b6f6bfe1-c483-46c5-8abc-899c1e08f5d5/
# Reference: https://www.virustotal.com/gui/file/148d74e453e49bc21169b7cca683e5764d0f02941b705aaa147977ffd1501376/detection

dempoloka.com

# Reference: https://twitter.com/reecdeep/status/1192094807470030848

avs.bohuffsite.com
bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1216640918067056640

clubdeajedrezmatamoros.com

# Reference: https://twitter.com/reecdeep/status/1216659090941915137

hnerert2.eu
nweryh2.eu

# Reference: https://twitter.com/reecdeep/status/1221703060256325633
# Reference: https://twitter.com/reecdeep/status/1221708126824562689
# Reference: https://twitter.com/CertPa/status/1221774114446368774
# Reference: https://www.virustotal.com/gui/ip-address/185.197.74.169/relations

cramelcorp.com
delight-plus.com
hnerert.eu
hnerert1.eu
hnerert3.eu
nweryh.eu
oilkjhg.eu
turthgr.eu
tuyukj.eu
uybwer.eu
uyikjtn2.eu

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

cflfuppn.cn
ellapod.eu
xityeksmwi.eu

# Reference: https://twitter.com/reecdeep/status/1252531768462319617

nephemp.com/neplod/02581650393.jpg
joplock.eu
zarwrite.eu

# Reference: https://twitter.com/guelfoweb/status/1252552464651468801
# Reference: https://twitter.com/malwrhunterteam/status/1253347810537353217

zoomovers.com/momo/
woodlandislamiccenter.com/disop/

# Reference: https://twitter.com/VirITeXplorer/status/1259752786599829504

ptankers.com
bilkas.eu
tarfros.eu
illionback.eu
zapforyou.eu

# Reference: https://twitter.com/reecdeep/status/1277921837146652673

hnmrtew.eu
nerfvbg.eu

# Reference: https://twitter.com/reecdeep/status/1282637448699416577
# Reference: https://twitter.com/rootella_/status/1282570904539738112

lwyhef.eu
mzgotech.com
ponmer.eu

# Reference: https://www.virustotal.com/gui/file/3e9720f20d45daddeffbdff3a6543d0e12a75f323b5172c30bb2b7b16c277319/detection
# Note: ```/.well-known/pki-validation/w.php``` belongs to ```lokibot.txt``` trail

/.well-known/pki-validation/2c.jpg

# Reference: https://twitter.com/reecdeep/status/1305399383911997441

cvbyti.eu
uykjhfgn.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1305480728684232704
# Reference: https://www.virustotal.com/gui/file/147e1d26153de7bd5033968d64104bb9df597d1913f237f4f5b172f06414b775/detection

alkwti.com
designologyng.com
devopotamus.com
idrivehrcenter.com
innerearthartistry.com
sapphireloading.com
unequipoganador.com
weavehairstyle.com

# Reference: https://www.virustotal.com/gui/domain/geundik.com/relations
# Reference: https://www.virustotal.com/gui/file/6cc54a52311cd07394327c4e1b4f6aee3797665200f215abfaf4607b71829757/detection

geundik.com

# Reference: https://twitter.com/VirITeXplorer/status/1348551960941776896
# Reference: https://twitter.com/JAMESWT_MHT/status/1348569630449790978
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.108/relations
# Reference: https://www.virustotal.com/gui/file/cac189a5012b3ca0c2b420d5dcbadd0b20d377514baf4450219e37e19363e2ae/detection
# Reference: https://www.virustotal.com/gui/file/d61754005944686cef24924802bd7c192ee11f3e222f3f2b4a321a2cebc61dc6/detection
# Reference: https://www.virustotal.com/gui/file/f4e443285e418182fe8f11f755957ca096db495c94a1946bca1d69f0e29e8de1/detection
# Reference: https://www.virustotal.com/gui/file/d1e8b81e6f2874db743397c4fe0346a886b8539c4e0bb9a67a1ec4e2866fd678/detection
# Reference: https://www.virustotal.com/gui/file/d5ff868de414488362507dfc8a20f3df47114da6c5518ac0be9bd216bee01e59/detection

antivirucidal.com
belfetproduction.com
cxminute.com
ladiesincode.com
letonguesc.com
univirtek.com
ryunrth1.eu

# Reference: https://twitter.com/VirITeXplorer/status/1412000658698477568

opoietj.eu
sertyty.eu

# Reference: https://www.virustotal.com/gui/file/7f0195a75477d51b4f28d8509cbda22c2611d75e877276859498b074b773c322/detection

chinghsiang.com

# Reference: https://www.virustotal.com/gui/file/9655ea42cd676422eca02ae2c81c9caa7f1d7667d7c6e37d47733be16bda0045/detection

floridaprotiles.com

# Reference: https://www.virustotal.com/gui/ip-address/146.70.35.206/relations

compucema.com
jrsawesomebuilds.com
laserunlimitedindia.com

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.202/relations

bthfdr.eu
bthfdr1.eu
dgrtj.eu
erthgyrteh.eu
fgjusatik.eu
gjyke.eu
gyoin.eu
hjrdsyj.eu
hjui.eu
kuyikryf.eu
kuyikryf1.eu
rebnow1.eu
reybve.eu
rtyht.eu
ryunrth.eu
tytrgv.eu
tytrgv1.eu

# Reference: https://www.virustotal.com/gui/file/b23d4059edb249e79913e27a7e166017d4a50bb6f1220ef175830826d9b484a4/detection

http://195.123.241.180
/kiytrscuvbuytnkudjvt/

# Reference: https://www.virustotal.com/gui/file/81404cb0efe62dd91dbf7259d34fa1577cd2d74c353a4cc1a9b7eede24720592/detection

tuktuk24.pw

# Reference: https://twitter.com/vinopaljiri/status/1481707473534951428
# Reference: https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
# Reference: https://www.virustotal.com/gui/file/7e1f267168a9c065009aedae592610e35c37eb59a04167bb5d982ca54fab2536/detection
# Reference: https://www.virustotal.com/gui/file/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/detection

http://193.56.146.34
193.56.146.34:6666
193.56.146.34:7777

# Reference: https://twitter.com/reecdeep/status/1490667104705650688
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.147/relations

hgjui.eu
hkjt.eu

# Reference: https://www.virustotal.com/gui/file/affe48775d86f29b81657a2d916ea72d9ea313286487df3f455523db1abc4992/detection
# Reference: https://www.virustotal.com/gui/file/d863704583bd135ddb01295ec8df0d7e23b7d036dd29205433f976c447b31ea4/detection

energyreviews.info

# Reference: https://www.virustotal.com/gui/file/84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89/detection

hostlan.ddns.net

# Reference: https://www.virustotal.com/gui/file/701a3bea607466d8695b0529154db8ad8f612079cc387e170a379df22fd26423/detection

documentfiles.org

# Reference: https://www.virustotal.com/gui/file/862f90934b1e70fcba4d100ec6a2525e72fc9f5564ca578f8b638144995d98f4/detection

culiacanmexapp.com

# Refereence: https://twitter.com/malwrhunterteam/status/1505117542284673029
# Reference: https://www.virustotal.com/gui/file/8b78abdcbf1f920e48cd6b2f0f98f054722aeed85dad2156510c7345dc79adb1/detection
# Reference: https://www.virustotal.com/gui/file/eaf65589091d918eed715bfdcdc58693003bde48ebbb251a7bc4e55a52ba83a5/detection

webtenders.top
39eedg.webtenders.top
86eiwv.webtenders.top

# Reference: https://www.virustotal.com/gui/file/fc95c2c59d3abdff84fbf0bae9f65a24e2f3b27096134a425f58ff9bf9eca9ea/detection

md2022.3utilities.com

# Reference: https://twitter.com/reecdeep/status/1506170018437992453
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.152/relations

nmhholiut2.eu
pluner.eu
trehge1.eu
yjtyhm2.eu

# Reference: https://twitter.com/reecdeep/status/1513468470041661442

tyhretj.pw
tutyjk.eu

# Reference: https://www.virustotal.com/gui/file/45fbcd97f558df487706a5efee45fcd56a53d6d0225c4da2b3f5e07f44d6573c/detection

199.102.48.251:1433
sql8001.site4now.net

# Reference: https://twitter.com/f3d__/status/1526134628993716225
# Reference: https://www.virustotal.com/gui/file/04c5bd98c76723f2dc52ed506de1aadcd9c523655ee290954ded5064557a79b3/detection

jopkerto.tech

# Reference: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/detection

powerdust.digital
restoreuseroffers-api.com

# Reference: https://www.virustotal.com/gui/file/49b6d7bcd5df2820a565cb74d420aa9bebca88a5ef77e5cb512996a064be33ec/detection

http://54.254.255.10

# Reference: https://www.virustotal.com/gui/file/a2bc4705df30cf44e95978b9ae8f48b5a79b2d43e42a87ad3e7bfdad23aad5fe/detection

199.102.48.248:1433
sql8003.site4now.net

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

truecolor8.xyz

# Reference: https://www.virustotal.com/gui/file/b20f82311894af0f53a50b90959503676f95ccea983a331acc4ef23a300c5383/detection
# Reference: https://www.virustotal.com/gui/file/4e0c08afd422a68d4908cd18f47694e089f916e81d53e05adfb2ddf689be5927/detection

http://170.187.237.76

# Reference: https://www.virustotal.com/gui/file/0926c663a25cbea1ce98b2ec061c31b7493ab6494f5c6c6c765576da139d5896/detection

5.206.224.233:445

# Reference: https://www.virustotal.com/gui/file/d9d32cc03cd04e5b2bd3f1158424451b253880d139c0309e13170f353d1ab51a/detection

sanggap.vn

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_09-06-2022.json_.txt

bertfhop.eu
bertfhop1.eu
bertfhop10.eu
bertfhop11.eu
bertfhop12.eu
bertfhop13.eu
bertfhop14.eu
bertfhop15.eu
bertfhop16.eu
bertfhop17.eu
bertfhop18.eu
bertfhop19.eu
bertfhop2.eu
bertfhop20.eu
bertfhop3.eu
bertfhop4.eu
bertfhop5.eu
bertfhop6.eu
bertfhop7.eu
bertfhop8.eu
bertfhop9.eu

# Reference: https://www.virustotal.com/gui/file/3a4356af5c91c4e46877dacb2b88502763dfc1af0064339fa7f2b9bdad11cf78/detection

supportcheck-dns14.ga
wilkino.ml

# Reference: https://twitter.com/malwrhunterteam/status/1536428969188261890
# Reference: https://www.virustotal.com/gui/file/20d194fe98e33e152bd6a652188bb0da42e243780e718f88999fa1d4029b0f81/detection

coalminners.shop

# Reference: https://www.virustotal.com/gui/file/2e9fe6cb074abe9e4d34ca1ce2ab1e4da5f55d70ceaa349a96df00a6e2502379/detection

liveonedgessprinkle.xyz

# Reference: https://www.virustotal.com/gui/file/ab790bf86be272ed47cd9c13f060a8bf28e4d424d7716780f9e8fb27301212bd/detection

riquepuge.xyz

# Reference: https://www.virustotal.com/gui/file/12eb1cec67cb261d33c202f79ba0fad5468aaa3fcfc76f663b1618f3a7ece58c/detection

heltayokke.temp.swtest.ru

# Reference: https://twitter.com/malwrhunterteam/status/1539331504081453057
# Reference: https://www.virustotal.com/gui/file/d5fc8f42b8ec97ce6ae6007b994c855dd2b07e98697d0c2d2990d9b080d044c1/detection

http://185.66.88.250

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_30-06-2022.json_.txt

caretui.eu
hgrtjutyik.eu

# Reference: https://tria.ge/201130-hvly2vhsjs/behavioral1

estebankott.com

# Reference: https://tria.ge/201123-tcqt2tttye/behavioral1

fhivelifestyle.online

# Reference: https://tria.ge/201123-m56x24578n/behavioral1

owensii.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/08/sLoad_01-08-2022.json_.txt

fdhtyi.eu
fredcoi.eu

# Reference: https://twitter.com/StopMalvertisin/status/1567358749672902659
# Reference: https://twitter.com/ffforward/status/1567405904240181248
# Reference: https://www.virustotal.com/gui/file/c08ba7c0297cd515c5a24918f6e1ec705b72cdeea40078494d8b51de447b6b8c/detection
# Reference: https://www.virustotal.com/gui/file/c43dfda63e6e534776eb24d284d0bdf21115181b49d6e31091de795d957cb5fc/detection

azure-company.net
cloud.azure-company.net
d.azure-company.net
secure.azure-company.net
word.azure-company.net
world.azure-company.net

# Reference: https://www.virustotal.com/gui/file/dc6c402f9d2caa06d694279015602cb4731015b11ac44abeec9c093bed198b7d/detection

88.151.101.56:8889
s2mail.hu
blowjob.silentsignal.hu

# Reference: https://www.virustotal.com/gui/file/d36e6effd2db4d5a34016d492a08142994fafdc24dd65631c240efa3cc7fa56a/detection
# Reference: https://www.virustotal.com/gui/file/77af67e929da5ffb9cbec2effb7aa30d2af75d6bef2a5aff82501d86792605fa/detection
# Reference: https://www.virustotal.com/gui/file/60c152156f1f993f8aa4ab6b7266afe086f843a369f3253b87452f1b4ffbc795/detection
# Reference: https://www.virustotal.com/gui/file/187e9e08f1237fbfe27e7c60efb24aeb110e1d2747a612dff900d5729cfc1c42/detection

raysend.ddns.net
/1100914_cgmh
/1110804_promate
/1110915_tcbbank
/1100914_cgmh/
/1110804_promate/
/1110915_tcbbank/
/1100914_cgmh/att.php
/1110804_promate/att.php
/1110915_tcbbank/att.php

# Reference: https://www.virustotal.com/gui/file/29b3cf17d3b9bbfc858e027f988bd7077c67b1dc2d9fc240892e868b5097f4f2/detection

101.99.90.117:8080

# Reference: https://www.virustotal.com/gui/file/66b9071271d849ed6168a0987d3f1a626926fee7b6031b3868d8da0b344c1f95/detection

http://45.77.248.204

# Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection

http://195.133.18.63

# Reference: https://www.virustotal.com/gui/file/9c8d007d755dc44d07bf97acf187252a5a3691fc91e3810b7d1d4710dbbdf886/detection
# Reference: https://www.virustotal.com/gui/file/bccdf089864bc3a209ee2e659952905904a963945e5b52a515f88f9556145228/detection

tahtsaasdasdasdawedw234135asdsadsadsadsadasyeetwebhoost000.com
/yeet/thatsthek3253255435inglu345345435211343243232432432234er.html
/thatsthek3253255435inglu345345435211343243232432432234er.html

# Reference: https://www.virustotal.com/gui/file/eeaa829e42e608e845c8d0a048d8e57ddbf56ed9c86733dc8af47a244a7fd3ec/detection
# Reference: https://www.virustotal.com/gui/file/c9f0a470c33a36cc76ebe89ef9055dca4cebb217735ca1564f9aaa435bb6fb5c/detection
# Reference: https://www.virustotal.com/gui/file/2b6f03e06241154c2ef9f527da05250f7ae280ce8bcc54b4bfad70977cdc48ab/detection

tahtsayeetwebhoost000.com
/thatsthekinglucifer.html

# Reference: https://www.virustotal.com/gui/file/1acc2cd58dc3088174722758ae80c643badaec512af4b847b89d8fd9354af224/detection

konyahaberler.xyz
dicomm-001-site35.ctempurl.com
/anesrq/
/hxjxxwav/
/nlbzyhfs/
/pmslsda/
/tfbgl/

# Reference: https://www.virustotal.com/gui/file/17f597ac79d80d40d89530d14ef9e1128e11ea0f9521c18b2808d74c91c5ee85/detection

w67270es.beget.tech

# Reference: https://www.virustotal.com/gui/file/056b316197c959d0f8af89dcd0940b6aa3dd9679bf6776adf27d2d130303493a/detection

i92951pr.beget.tech

# Reference: https://twitter.com/h2jazi/status/1583462430780182529
# Reference: https://gist.github.com/usualsuspect/2daa864841a06f50e199930e5898611b
# Reference: https://www.virustotal.com/gui/file/e58103f462174deb92790c59d4e412f032818651b703c84c3ee38e70cc49511d/detection
# Reference: https://www.virustotal.com/gui/file/eac98b403ca300e25f9bbcca474f39ca7495c61a4c86b259e4e0df2bfabd565e/detection

http://64.44.135.5
/online_998212.php
/register_219921.php
/upload_887741.php

# Reference: https://www.virustotal.com/gui/file/673883ceb7adf30ad980e5e51b7515414becba3b5f6b96068dc4d35b092799fe/detection

apitucariamod.tk

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html

download.agency

# Reference: https://twitter.com/1ZRR4H/status/1590745721783087104
# Reference: https://www.joesandbox.com/analysis/1110451#iocs
# Reference: https://www.virustotal.com/gui/ip-address/162.0.232.115/relations

ad-sweden.com
easynsecureinvest.com
sunat-mail.xyz
sunat-pe.store
sunat-pe.xyz
gringox1.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/457f1b161cd8b64b34f83155815f4e521c35395d9c1192ae21df5ce8784e6982/detection
# Reference: https://www.virustotal.com/gui/file/d053fc782cf5ebd34469ac390c557eb24394cb9efdf06b542e9da9ce23b99635/detection
# Reference: https://www.virustotal.com/gui/file/132e9fd665e88ab0884befa3c3ca6bd75ec788dbe9499b99c1246ea22a4140b0/detection
# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/ae6189de6a562bdfcb338fdbcce6da8529e997e8f76be6daf865f7fdf895d9c1/detection

trock2.xyz
trock3.xyz
trock4.xyz
zairtaz.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations
# Reference: https://www.virustotal.com/gui/file/ceb0b6871855e86846c8a8f41d1aac362461bf6f7a35bb62edd5e362e45a85f3/detection
# Reference: https://www.virustotal.com/gui/file/39e9ca4f263b9b58cf62a8dc422184b9737448e7a281d41d6315a596b4ae3e96/detection

45.61.136.68:8443

# Reference: https://www.virustotal.com/gui/file/3730f842e22fb8208fc2b2e7ae2a50e51bd1eada82257172076cb16ddf99fc62/detection

necrobod.top

# Reference: https://twitter.com/malwrhunterteam/status/1597924083899170822
# Reference: https://twitter.com/malwrhunterteam/status/1597935776381423616
# Reference: https://www.virustotal.com/gui/file/8e195903baa4f7d5f30c20f95706a1cd669e49a73a300f270304abe996e511a6/detection

enoclima-001-site1.htempurl.com
systemspro-001-site1.etempurl.com

# Reference: https://twitter.com/malwrhunterteam/status/1620853142077456384
# Reference: https://www.virustotal.com/gui/file/bd743e9e8171a8a0feea98e293ea372cfd5b328e6bec9e534f210bd7f94fbe1c/detection

comfort-001-site1.dtempurl.com
roniltd-001-site1.ftempurl.com

# Reference: https://www.virustotal.com/gui/file/6f21b0d86f14bfc37b67da2377ba5836eff98ed12ccfc65c0a772ed9782e9122/detection

http://54.39.233.130

# Reference: https://twitter.com/k3yp0d/status/1601883693131468800
# Reference: https://www.virustotal.com/gui/file/ae532935a45eb3637d5346d5e6b3a4645863d2d27e557f90457c5fa3c7429ade/detection

http://185.97.118.249

# Reference: https://twitter.com/malwrhunterteam/status/1602395550975918113
# Reference: https://twitter.com/malwrhunterteam/status/1602420210711105536
# Reference: https://www.virustotal.com/gui/file/34f2970bbb70a0f2efa74c4614cfd002a58433b5178b98b194969871ddee050f/detection
# Reference: https://www.virustotal.com/gui/file/94c41f453c2755b682fbcdd807061f753c5cf2ba5a14aafe251e565f938a797e/detection

188.120.235.227:443
62.109.25.230:443

# Reference: https://www.virustotal.com/gui/file/413d45477384c1461ca6f84a771479ee91a12474ccfe35d051f184785c2d9362/detection

nacimbio.com.ru

# Reference: https://twitter.com/malwrhunterteam/status/1603734566660882432
# Reference: https://www.virustotal.com/gui/file/5db4afa2773dc7fe62fbad37f966a292065d39990678a2a481264c91e8674f15/detection

fernandagomes.mom
meaa2v.fernandagomes.mom
p6agz.fernandagomes.mom
w8uenr.fernandagomes.mom

# Reference: https://www.virustotal.com/gui/file/a132d8b608ed740dbc38d8f79a785935fd9d209153b187b85842c0ebbbd779b2/detection
# Reference: https://www.virustotal.com/gui/file/95920d7b8adb29f59731ceb6aa8d69799875a398fa7814983a86be66c85cc087/detection

form-results.net

# Reference: https://www.virustotal.com/gui/file/079bf93dcaacbf1bb3ce5b5318157414f3cb65fc9a72312c700311caf752880c/detection

stronghoodserver.xyz

# Reference: https://www.virustotal.com/gui/file/8a5c880b1bdc4499d827536d67c5905553a138de27e780a4ef1d5c0dafeaf311/detection

http://185.20.186.53

# Reference: https://twitter.com/VirITeXplorer/status/1605208471586086912
# Reference: https://www.virustotal.com/gui/file/0e87250ee492e4380e288ef7f8f7a66d5b764578bbbe74eaff738a81045d5e38/detection

nibpur.com

# Reference: https://twitter.com/SBousseaden/status/1605893068045144066
# Reference: https://twitter.com/SBousseaden/status/1605898074454429702
# Reference: https://isc.sans.edu/diary/29376
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.55/relations
# Reference: https://otx.alienvault.com/pulse/63a5b253fafdcb6eb69c5c7d
# Reference: https://www.virustotal.com/gui/file/029210065e177399d8e84248e30e6edea12a6f8a80ac9f42a97c308d48599294/detection

http://185.163.45.221
http://195.133.196.230
http://195.2.81.70
http://46.151.24.226
acehphonnajaya.com
dogotungtam.com
israelifrenchbulldogs.com
aerjlakerl.online
aerrkaler.online
ajerlakerl.online
aseroqpwrrtl.online
baherlakerl.online
boleriaae.online
cklicverto.space
cklicverto.website
coldcreekranch.com
daerkalero.online
daeroqioalerk.online
daeroqpwrola.online
erqowwela.online
erquipoe.online
gaherlaler.online
getherkae.online
hetriaelr.online
oferialerkal.online
qweiaoer.online
reajksrltr.online
therkaler.online
tyaerahger.online
zaeroalerk.online
bandaiosk.site
bolumbernar.site
casanistent.site
clovenant.site
coronentask.site

# Reference: https://twitter.com/fr0s7_/status/1605908087562436611
# Reference: https://asec.ahnlab.com/en/46865/
# Reference: https://otx.alienvault.com/pulse/63dd0dfabe956f4746fa7816
# Reference: https://app.any.run/tasks/43bd77b6-f553-41f3-b134-ef39e420c39a/

fastfilestore.com
filecompact.com
filetodownload.com
filedowns.net
the-fast-file.com
naver.filetodownload.com
naver.filedowns.net

# Reference: https://www.virustotal.com/gui/file/1af9b6d0955fce9f86d7874dea1f63ddd3dd7abe774430a555703457b5c04ca8/detection

8llc.net

# Reference: https://www.virustotal.com/gui/file/13834a3234d31cb5d15bafaa76fe496756abd2c742c27b317a834b8ba2fd1c31/detection

1otal.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://79.137.202.132

# Reference: https://twitter.com/sakaijjang/status/1609072061691068416
# Reference: https://wezard4u.tistory.com/6314 (Korean)

http://162.202.12.69

# Reference: https://twitter.com/StopMalvertisin/status/1612686998380367872
# Reference: https://www.virustotal.com/gui/file/d93914b0a18ba85eb17b8b9ac2fff89af58671b9291d86d85b799fd9f1c5f37f/detection

donew-order.com
wintop-rus.com

# Reference: https://twitter.com/malwrhunterteam/status/1613974272929562648

2hook2hook.tk

# Reference: https://www.virustotal.com/gui/file/8574472a406c42402e4ccc2d1130a243267421787052e2bf308184860735e4b0/detection

justatmeis.life

# Reference: https://www.virustotal.com/gui/file/ff94d073b6b56b97b73e0e4b41fd391a8a341ef55c699b1cceee2363de817bdc/detection

141.95.84.40:3000

# Reference: https://www.virustotal.com/gui/file/f80699c3fd7eaeeb520e30674bd728d2050e61735c8202bfdafab115529318c2/detection

141.95.84.40:6666

# Reference: https://www.virustotal.com/gui/file/b70e128727f97cf565488c4ec88fbf441e756708c45a9a00d4e0a03a00270a79/detection

141.95.84.40:3080

# Reference: https://www.virustotal.com/gui/file/a4b62b658e2f2bf3c2325549d400e09f17afd8b30482aef6355e93adc71ae534/detection

141.95.84.40:1111

# Reference: https://www.virustotal.com/gui/file/57a4f08b3418d83dea03950e0278dba7e3d43de03d6f34d76ad5dd66ca5dc5c5/detection

141.95.84.40:8880

# Reference: https://www.virustotal.com/gui/file/51827193b9913cf02906d5a816b7a623795d2b2e3c7573398d625365e9264bca/detection

141.95.84.40:4783

# Reference: https://www.virustotal.com/gui/file/28023f9c0eefe5e47193e2980e06f93c3e50d2e64273a54cabe47f3011702036/detection

teams.root.sx

# Reference: https://www.virustotal.com/gui/file/75177399e434689c236cb7341b30de17b7f98e301023eadcad1ebb4df93ec968/detection

5.3.139.29:12000
5.3.139.29:8020
9bit.root.sx

# Reference: https://www.virustotal.com/gui/file/0857a8d13d35ce4155c3bf20d43ca5417642dba1fa9cd62a6826156db83509f4/detection

http://172.174.176.153

# Reference: https://www.virustotal.com/gui/file/01ebbab4f468bbdec6d537ee0cfd16a99f635e71697e5d93772a6da0fa49c351/detection

lesav-m.keenetic.pro

# Reference: https://twitter.com/malwrhunterteam/status/1620544434822877184
# Reference: https://www.virustotal.com/gui/file/fa96d202d7d709fa13f5ee0810d03c85ec66b1a842938582de0286da9302194c/detection

http://3.127.208.155

# Reference: https://www.virustotal.com/gui/file/0ca5123f5eda465db9f90003f8ff8bc77afaa88034a0b64564bcd4d96718e573/detection
# Reference: https://www.virustotal.com/gui/file/dd70cde84fe271d20c2ddd38445f58004f3f07ab49960f7d7d9da6f43c9cf107/detection

20.100.173.74:6102

# Reference: https://twitter.com/JAMESWT_MHT/status/1626246267142651906
# Reference: https://app.any.run/tasks/52c2a12d-980f-42d4-b6b9-01ef797afa88/
# Reference: https://www.virustotal.com/gui/file/02c0287ef7e582ab40149de264782b6e6d8aaa853aaf773b25749fa41e056a2b/detection

lijosa.com
uqeu7tir7m4k1lz0phdr.com

# Reference: https://www.virustotal.com/gui/file/9efd9ba4ed7a9f2f5861bff81547c53d1b70e0c0ecfa1ccc9610a75a761681ce/detection
# Reference: https://www.joesandbox.com/analysis/993278#iocs

kzeaqky6axif3jukzx7jj7ylhfgtytpb3xeojsfigogriyv6bv3cimyd.onion

# Reference: https://www.virustotal.com/gui/file/e390d6e193c5d42632c920a7e57002b6f54b80ccfafd0a75c86738fa47e4a737/detection

sll.li
app.sll.li

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

http://62.197.136.3

# Reference: https://www.virustotal.com/gui/file/523918f3bcbecc4b5e87175a83055849780b0e52c7e846a028722b8b35461fe7/detection
# Reference: https://www.virustotal.com/gui/file/8532a585baee116f9dda34ee3cf73c3dd50ba510bcd242a48dd113f23c512280/detection

20.187.104.130:3849
20.187.104.130:3857

# Reference: https://www.virustotal.com/gui/file/91039f60586fb846a6139fd5f1d6ce353c677b3776029494783d52d13c72d4fc/detection

20.164.207.94:1020

# Reference: https://www.virustotal.com/gui/ip-address/79.124.8.24/relations
# Reference: https://www.virustotal.com/gui/file/84868d405a26268627b642c3affc62595f9b45ab31e60df6e50a98bce70e1dc6/detection
# Reference: https://www.virustotal.com/gui/file/697bc999409c87f4ef4c5310764f8a129bbf35757540fc2a696020a34e0fecd8/detection
# Reference: https://www.virustotal.com/gui/file/b87af77c70fa7eeb039a0469ec2ed2a782f193c39459d851428d68377f328d30/detection

newinsurancejob.ru
newinsurancejob1.ru
newmakingmoney2.ru
newmakingmoney3.ru
serverdard.ru
serverdard1.ru
serverdard3.ru
stubuploadbykukuru.ru
stubuploadbykukuru1.ru

# Reference: https://twitter.com/wwp96/status/1628126394487300096
# Reference: https://app.any.run/tasks/bcf7055c-4d1a-4cc6-a7c1-a3656b61627a/
# Reference: https://www.virustotal.com/gui/file/2c814c61891a1b3b9067b82b5357d13505b4ced6fd827fdde4c3116efb3f9cef/detection

http://104.156.149.6
mandalorecnote.com

# Reference: https://twitter.com/malwrhunterteam/status/1628415758156931074
# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.121/detection
# Reference: https://www.virustotal.com/gui/file/19994528fd5ed4e5dde591bbd4c10ea69449596a75d7102c1335fa21a94f3998/detection

http://193.42.33.121

# Reference: https://www.virustotal.com/gui/file/2040a00e8ecb93a33ee59b9b9b2837225f9121280fc74f565de524c61b2c220c/detection

http://103.147.185.18

# Reference: https://www.virustotal.com/gui/file/08f49df7f9f25682078b77213fc10969ee007fe236dcf70263114d0986aa33e3/detection

178.175.142.195:54878
entropy.group
update.entropy.group

# Reference: https://www.virustotal.com/gui/file/0e4f63bdaadc18c2a261aa7524209978986266094539abbbe2f7f0e55c0aa064/detection

171.244.57.196:222

# Reference: https://www.virustotal.com/gui/file/fd25c643565fdd42bb9a9af7d965b2dcfd80a889b50526abc5e9a4fd1bab6542/detection

shoru.net

# Reference: https://twitter.com/malwrhunterteam/status/1630559634963480577
# Reference: https://www.virustotal.com/gui/file/644d41773f6bf13819d1e2c6f26f759538bf1e9ec07ae995cd166beb5cfcb907/detection

osjovanmikic.edu.rs

# Reference: https://twitter.com/h2jazi/status/1630983583727747085
# Reference: https://www.virustotal.com/gui/file/8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006/detection

nationalweatherserviceapp.com
sc.nationalweatherserviceapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1630881334582210560
# Reference: https://www.virustotal.com/gui/file/d3bea31897d661a7f0d134e82292de2082e660f34d22f9247480738dce70976c/detection

karena.info

# Reference: https://twitter.com/doc_guard/status/1630909953639579648
# Reference: https://www.virustotal.com/gui/file/c6cf98ecfc06b5f5fe496b81d0cae90b93ce1dbf6e4c10efd03bedb8e67f005a/detection

wealthcapital.digital

# Reference: https://twitter.com/0xToxin/status/1631281875195949056
# Reference: https://tria.ge/230302-qbdbbscf6y/behavioral2
# Reference: https://www.virustotal.com/gui/file/27ecfa00b539c43909201151775ddfdfb7dc6f86556e13a41ea10efb2e8d76f3/detection

http://176.124.217.20
http://212.113.116.147

# Reference: https://www.virustotal.com/gui/file/f706e65275fa8d0bfc5254d0814dad695c0aba0acfee5d54f2f946bef074055d/detection

realizeimeusonho.co
uiuahm.realizeimeusonho.co
xgiaww.realizeimeusonho.co

# Reference: https://twitter.com/malwrhunterteam/status/1632806055133495298
# Reference: https://www.virustotal.com/gui/file/e72dc71684d57785129e128b05212467e528912106c8fe63c25baacbf0340ea5/detection

http://5.8.8.100

# Reference: https://twitter.com/wwp96/status/1635316522355945472
# Reference: https://www.virustotal.com/gui/file/f8726f2d5b6138a617a48118eafa412cc488b0142ed3031c5eda33244765182b/detection

45.80.158.65:222
macmax13.dynalias.org

# Reference: https://twitter.com/embee_research/status/1635613492232486918
# Reference: https://www.virustotal.com/gui/ip-address/47.252.45.173/relations
# Reference: https://www.virustotal.com/gui/file/80aad667f60f6283a3195a937fca2591299bbcecfd3c76ad4215a40961718b01/detection
# Reference: https://www.virustotal.com/gui/file/19efed6c9d1af91c5c11b6fb44a4fd06e9d418c8b294d78734524df7b6c7e71d/detection

gurnard.sbs
mbantilanda.top
mbenza.top
boston.gurnard.sbs
colorado.gurnard.sbs
denver.gurnard.sbs
montana.gurnard.sbs
dick2.mbenza.top
dick4.mbenza.top
dick6.mbenza.top
dick8.mbenza.top
file.goosenecks.sbs
fun.goosenecks.sbs
job.goosenecks.sbs
nensi1.mbantilanda.top
nensi3.mbantilanda.top
nensi5.mbantilanda.top
nensi7.mbantilanda.top
work.goosenecks.sbs

# Reference: https://twitter.com/malwrhunterteam/status/1636480630350331910
# Reference: https://www.virustotal.com/gui/file/c6cbe381d581107b6531067e9108febd3016c9335c1d773e1b1e0ee435525111/detection

csl-invest.com
sony.csl-invest.com

# Reference: https://twitter.com/malwrhunterteam/status/1637072764174585856
# Reference: https://www.virustotal.com/gui/file/388e1f36d35dcbe4675821f4104514f66bcefdee33752acad874e45bdf44499a/detection

meubooking.com.br/2023/reservations.php?file=

# Reference: https://www.virustotal.com/gui/file/20ca052bc52642c405973b7085edbb40b22aa28d7e781dddc43760097ea58722/detection

a0745450.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/skynetx.com.br/detection
# Reference: https://www.virustotal.com/gui/file/32100b2bece73242da58c2bfd1e8e335e3616c6346c54464e9c0d3453bfd1f6a/detection

skynetx.com.br

# Reference: https://twitter.com/jaydinbas/status/1637806949931577354
# Reference: https://www.virustotal.com/gui/file/b54853a58dbd27ba8dfa978cdcd28327b66ba7359d4b14a3a3f105b63595809d/detection

http://149.28.140.122
techvibeo.com

# Reference: https://twitter.com/doc_guard/status/1637932033765769220
# Reference: https://www.virustotal.com/gui/file/58e6856571868d55dbfd636710ac2590c574589c7609402d5f7cdba17ba78653/detection

gripaco.gr

# Reference: https://twitter.com/StopMalvertisin/status/1638202950928703490
# Reference: https://www.virustotal.com/gui/file/1a0dbaef78cc34c9d60972aec1f89e20ea9cbddad07ce897a2552a719919d8db/detection

http://35.177.182.187

# Reference: https://twitter.com/jaydinbas/status/1638532960595898368
# Reference: https://www.virustotal.com/gui/file/56425e7b644e91d929186a11704b92a657f970b1e3ea32c249b0d2ab95f83fd4/detection

ntc-netpk.serveftp.com

# Reference: https://twitter.com/malwrhunterteam/status/1639320109130063872
# Reference: https://www.virustotal.com/gui/file/783d6753583a5d4a01fdd93d242e29f76324625d3b1c701a3fac161aa325bfce/detection

grconstdesign.com

# Reference: https://app.any.run/tasks/39a97065-c83c-472c-9976-78601a55ffde/

185.12.45.26:41043

# Reference: https://twitter.com/r3dbU7z/status/1639938724711616512
# Reference: https://www.virustotal.com/gui/file/4f74acef6d7c54e20e37dc1023dbf0e16af6e942ac6b401be6dc24ae4f1079ee/detection

http://103.123.242.104

# Reference: https://twitter.com/sicehice/status/1640160970994753537

185.225.74.72:8000

# Reference: https://twitter.com/sicehice/status/1640172761594335232
# Reference: https://www.virustotal.com/gui/file/7b67e609cebf71e73de96164e0aab3f119167d5857b51393c22c5f68e0eb147b/detection

http://18.218.30.74
flb.itplushost.com

# Reference: https://twitter.com/sicehice/status/1639251947332194305

http://45.33.88.161

# Reference: https://twitter.com/sicehice/status/1639090824540749824

http://45.137.207.151

# Reference: https://twitter.com/sicehice/status/1639052756093743104

35.162.248.7:8000

# Reference: https://twitter.com/sicehice/status/1640816987113762817

141.147.4.146:10000
141.147.4.146:8081

# Reference: https://www.virustotal.com/gui/file/4cd96a6edbd8b5d526a34d6c4bf4396d2d94fd30e2e4d22a7364bf6f6214dbbc/detection

sleda.eu
sleda.sleda.eu

# Reference: https://www.virustotal.com/gui/file/ec56d42e349c438158f5a7f619da9fbf301a22cca63c9332b7323d7f18ebb868/detection

helpachildinukraine.one

# Reference: https://twitter.com/jstrosch/status/1643626772632678402

naostech.org

# Reference: https://twitter.com/shaybt12/status/1644593596690038784

134.209.113.185:8000
206.189.151.223:8000

# Reference: https://twitter.com/0xToxin/status/1645076370685411333

http://45.88.67.75

# Reference: https://twitter.com/jstrosch/status/1645461105039253505

54.224.107.126:8080

# Reference: https://twitter.com/sicehice/status/1645494638285922322

http://3.129.51.198
3.129.51.198:443

# Reference: https://twitter.com/sicehice/status/1645500578758369307

23.95.222.225:8989

# Reference: https://twitter.com/suyog41/status/1646145074244321282
# Reference: https://twitter.com/suyog41/status/1646145077016666118
# Reference: https://www.virustotal.com/gui/file/e61ad1ca19a69d4c85b91d8b7b69cf08413fd78fd7df1c878a10a4c5b4497b9e/detection
# Reference: https://www.virustotal.com/gui/file/063edf9cb113941eb73b3db4a34ac0c9f82a756ded9b0dc974dc9a85b466c169/detection

http://146.190.207.64
http://167.71.11.62
146.190.207.64:8080
167.71.11.62:8080

# Reference: https://blogs.jpcert.or.jp/ja/2023/04/parallax-rat.html (Japanese)
# Reference: https://www.virustotal.com/gui/file/1973d7b2bf9877208fc751868aadd2810fbd72693f7fe090c926505714284cec/detection

http://171.22.30.220
http://179.43.154.184

# Reference: https://www.fortinet.com/blog/threat-research/malware-disguised-as-document-ukraine-energoatom-delivers-havoc-demon-backdoor
# Reference: https://otx.alienvault.com/pulse/6438008e68e96dc4eb0c9506

ukrtatnafta.org

# Reference: https://twitter.com/malwrhunterteam/status/1646609191568658458
# Reference: https://www.virustotal.com/gui/file/6fdfb56033dd92edfde1461cab42042d38ce43b8f2cb75872e7435e62ed744ca/detection

http://37.220.87.53

# Reference: https://www.virustotal.com/gui/file/26db654aae8f2a5e149ad19d76f6e6762613b211261dd47267c90f3476f3d5c4/detection

fvia.app

# Reference: https://twitter.com/malwrhunterteam/status/1648632414053310469
# Reference: https://www.virustotal.com/gui/file/3bc92870934e54ac014d8e8b4b33db27b4cbc4bd3d6a0f4ce659c36b110a138b/detection

207.246.123.37:8000
207.246.123.37:8880

# Reference: https://www.virustotal.com/gui/file/af9977c76770b364ea633569bee7e8da713028fadfee1b6dd7a96884e110bfe8/detection

hardcore-mountain-97323.pktriot.net

# Reference: https://twitter.com/malwrhunterteam/status/1649049054540886020
# Reference: https://www.virustotal.com/gui/file/b88eb7ca0239f6d67531d33459415b8d1d0fa6db72293b5b6cf722a366ae660c/detection
# Reference: https://www.virustotal.com/gui/file/e67048add2dcbb9758bd5443b546786a9153ad39e5e467743b43fb5035747f60/detection

uk-leninsky.ru

# Reference: https://twitter.com/k3yp0d/status/1649047745813164032
# Reference: https://www.virustotal.com/gui/file/67fec790c36ca34844e6a0ba9c49e1ab1f150905ff412cd9ece72608997a15d3/detection

platform-intranet.com

# Reference: https://twitter.com/sicehice/status/1649226590507638784

173.208.220.134:8080

# Reference: https://twitter.com/sicehice/status/1649228136448507911

31.220.76.24:9000

# Reference: https://twitter.com/0xperator/status/1650252120736579587

179.43.141.100:444

# Reference: https://twitter.com/sicehice/status/1650306036434100227

136.244.84.50:8022

# Reference: https://twitter.com/sicehice/status/1650287853606248448

42.2.155.80:8080

# Reference: https://twitter.com/ULTRAFRAUD/status/1650604698141859853

jiayi-luxury.com

# Reference: https://twitter.com/sicehice/status/1650692593175470080

42.194.164.247:1234
42.194.164.247:8000

# Reference: https://twitter.com/sicehice/status/1650684759314518017

http://152.228.175.85

# Reference: https://twitter.com/sicehice/status/1650682009923072001

http://185.193.125.34

# Reference: https://twitter.com/sicehice/status/1650678836399316994

198.58.102.19:9030

# Reference: https://www.virustotal.com/gui/file/9e9cdb82750b93e9e14fbb09e25cd9ee84d74b8383362cba8f66c3cfed99b9ec

bibutik.com.tr

# Reference: https://www.virustotal.com/gui/file/7f482c7d24e7191746061169e8bb9d329026638be072bf4526a2509b34ccf32c/detection

http://45.82.69.203

# Reference: https://twitter.com/MichalKoczwara/status/1650887693402882050

167.172.44.218:8090

# Reference: https://www.virustotal.com/gui/file/0a8616d62d28ed7d8ef580784dee2fc816f8d5200e339e69f925078b288a6d7b/detection

http://45.82.71.119
45.82.71.119:443

# Reference: https://www.virustotal.com/gui/file/2d9f0179595ba0a74803c5d3446a1d63c0769f2356632ee55ba2095b6fbfcd1b/detection

http://45.67.228.48

# Reference: https://twitter.com/doc_guard/status/1651554422974021632

http://149.102.255.183

# Reference: https://twitter.com/malwrhunterteam/status/1653055096295399425

http://46.175.149.13

# Reference: https://twitter.com/malwrhunterteam/status/1654021997762949120
# Reference: https://www.virustotal.com/gui/file/e6f07bf2d3a44eefe22b64ecb5513a6cad5039df5fe055afff6a5c5098750265/detection

corporacionhardsoft.com/x/file.html

# Reference: https://www.virustotal.com/gui/file/b6ba28cd7e6152eca49b060e78ae19121f9b3d4cb9c87743843a076d73f191a1/detection

http://109.206.240.64

# Reference: https://twitter.com/malwrhunterteam/status/1656221999411101696

http://185.225.69.226
/Zhongguos8/bnghjrtytyyu6666.png
/bnghjrtytyyu6666.png
/Zhongguos8/

# Reference: https://twitter.com/sicehice/status/1656865587874725893

43.226.26.60:8000

# Reference: https://twitter.com/WhichbufferArda/status/1657110430806953999

http://51.79.241.228
51.79.241.228:8008

# Reference: https://twitter.com/ULTRAFRAUD/status/1657404232809496577

http://198.13.56.131

# Reference: https://twitter.com/r3dbU7z/status/1657789649329299460
# Reference: https://www.virustotal.com/gui/ip-address/5.135.199.12/detection

npmrepos.com

# Reference: https://threatfox.abuse.ch/ioc/1087357/

http://138.197.96.208
/BVvzsHfP/Uni.bat
/BVvzsHfP/

# Reference: https://www.virustotal.com/gui/file/63ddb34c0196ad0597464fcc39667e2410bbfcd51ffb5d52e69081bb342531ca/detection

http://107.189.11.87
http://149.102.225.1
pel63.bio
/bShxYysy/

# Reference: https://twitter.com/suyog41/status/1660893657623347200
# Reference: https://www.virustotal.com/gui/file/459d3d75db323b230afc26b1f5bf2ea40591eeb7bb3d4927f87f302b71108e24/detection
# Reference: https://www.virustotal.com/gui/file/42f3651063202a8fd42021a1ffc27bd1b9709779ec10654368ea34d8f047d08b/detection

3.67.12.158:4444

# Reference: https://twitter.com/1ZRR4H/status/1662273718251401217

http://139.99.155.76

# Reference: https://www.virustotal.com/gui/file/05ed683ee4ff09df5c1d3b9a504465630c26a33621feaa546eb12c79bd6d719c/detection

http://159.65.42.223

# Reference: https://twitter.com/malwrhunterteam/status/1662035432748507136
# Reference: https://www.virustotal.com/gui/ip-address/172.93.179.29/relations
# Reference: https://www.virustotal.com/gui/file/1e12506f7967910d6edad3eb0488edbcdc2566067ad6c2697c5d36b2becb62f3/detection

jaic-vc.co.in
crypto.jaic-vc.co.in

# Reference: https://twitter.com/d1savow3d/status/1658184832118059008

http://143.198.179.233
http://157.230.81.104

# Reference: https://twitter.com/d1savow3d/status/1656389039543517186

http://143.198.167.100
http://147.182.215.193
http://198.211.103.229

# Reference: https://twitter.com/d1savow3d/status/1656022810496573455

http://137.184.136.226
http://204.48.20.36

# Reference: https://twitter.com/d1savow3d/status/1598741744304017409

http://45.32.88.76

# Reference: https://twitter.com/d1savow3d/status/1583537021334659072

http://146.190.213.228

# Reference: https://twitter.com/d1savow3d/status/1582840515061436416

http://142.93.113.157

# Reference: https://twitter.com/d1savow3d/status/1582425215602110464

http://165.22.5.227

# Reference: https://twitter.com/d1savow3d/status/1582500814832050176

http://137.184.152.116

# Reference: https://twitter.com/d1savow3d/status/1582102016087953408

http://165.22.180.224

# Reference: https://twitter.com/d1savow3d/status/1579929145689395201

http://137.184.77.141

# Reference: https://twitter.com/d1savow3d/status/1578479921030389766

http://67.205.172.95

# Reference: https://twitter.com/0xToxin/status/1661766093566771201
# Reference: https://gist.github.com/kirk-sayre-work/2fff45b0e07b37a59dcf4cff423440be

http://159.203.143.66
vincentnicotra.com

# Reference: https://twitter.com/malwrhunterteam/status/1669663265171947525
# Reference: https://www.virustotal.com/gui/file/2627c86fd8f42d1d6fee45550e3fc9c6e0d4cd02a2d16d599d333b4cc25b3e3b/detection

rsvydaaqhgw.workers.dev
twilight-silence-6b2f.rsvydaaqhgw.workers.dev

# Reference: https://www.virustotal.com/gui/file/c149b95c4ff79668ca124cb218bf2f2b5fc8bf90372848370450ca94644d876d/detection

http://103.131.56.71

# Reference: https://www.virustotal.com/gui/file/c148a834aae7a530a727075b67a54ecb477224b2caffa6416ae622c2485be063/detection

103.149.46.177:22
htaturnerforlifeboyyy.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1679891135068614671
# Reference: https://www.virustotal.com/gui/file/dfdb1fb94f77d5c84b1f5095dcb23999f5b105ac9c83bff13a02159b8ba77151/detection

185.209.31.133:8889

# Reference: https://www.virustotal.com/gui/file/05d926f3a1c691ee095a7b8fab6487ae1c7d6266a81d8c2ff9b441883055fa20/detection

http://194.147.84.197

# Reference: https://www.virustotal.com/gui/file/24da2c24a97e13c3fd164b441d6a7116bffb56b691b9165ae53583db5bd70c6e/detection

http://217.195.203.216
cpufan.club
d.cpufan.club

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

http://172.245.244.118
balkancelikdovme.com
bridgefieldapartmentsapp.ie
cargopattern.shop
chemaxes.com
designwebexpress.com
dhqid3b4b9u6ecv6jcxva0f.webdav.drivehq.com
dhqid45r064utd5gygt2jy6.webdav.drivehq.com
dhqid5neul4wc9w74pynlrs.webdav.drivehq.com
dhqid9pjapv63d8xvji8g4s.webdav.drivehq.com
dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com
dhqidee98lja03f52atdmii.webdav.drivehq.com
dhqidfvyxawy0du9akl2ium.webdav.drivehq.com
dhqidgnmst61lc8gboy0qu4.webdav.drivehq.com
dhqidhhva53s2qvmxwxtkrm.webdav.drivehq.com
dhqidhx2c2f2oc8lccg38tx.webdav.drivehq.com
dhqidk9oi3yuhf43sb05xgn.webdav.drivehq.com
dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com
dhqidlu10mna2tuk2qfoaew.webdav.drivehq.com
dhqido7gy8hiehwprjhli16.webdav.drivehq.com
dhqidoakoljbb9jnbssiau2.webdav.drivehq.com
dhqidqot3k8sh7ve2ns9nry.webdav.drivehq.com
dhqidvdosqx8tu0vq1h1d1g.webdav.drivehq.com
dhqidvjn6bfvi00cb0834a3.webdav.drivehq.com
dhqidvooruijtwg0lyucl5s.webdav.drivehq.com
dhqidwhws4rkw80f312lkpm.webdav.drivehq.com
efghij.za.com
fashionstylist.za.com
internetshortcuts.link
landtours.rs
lfomessi.za.com
pdf-readonline.website
reasypay.sa.com
seductivewomen.co.uk

# Reference: https://www.virustotal.com/gui/file/685d08cf7ea497dfc2d06d7ef5e1adecb2e8716c318426941fe7af6af34e9030/detection

ntihk.net

# Reference: https://www.virustotal.com/gui/file/2750db58bd94b97aa33fb563461c528c54eb3f08f3315b0648291842576e6857/detection

http://192.3.243.146

# Reference: https://www.virustotal.com/gui/file/17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f/detection

http://107.175.202.15

# Reference: https://twitter.com/sicehice/status/1675999361585786880

20.94.82.221:8000

# Reference: https://twitter.com/sicehice/status/1675282674108317696

45.77.124.153:8081

# Reference: https://twitter.com/sicehice/status/1668834356444446722

http://174.49.101.134

# Reference: https://twitter.com/sicehice/status/1658975084973903873

http://3.112.222.230

# Reference: https://twitter.com/sicehice/status/1658227388117839874

http://95.179.206.132

# Reference: https://twitter.com/sicehice/status/1658223115564982273

http://144.126.159.195
