# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt35, apt42, charmingcypress, phosphorus, ajax security team, tunnelvision, nemesiskitten, ta453, greencharlie

# Note: https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-06-12 Charming Kitten waterhole)

jewishjournal.us
deutcshewelle.org
deutcshewelle.com
frostsullivan.org
ns1.deutcshewelle.com
ns2.deutcshewelle.com
mail.jewishjournal.us    
mx0.jewishjournal.us    
ns1.jewishjournal.us    
ns2.jewishjournal.us
win-ptf9aurtg8u.jewishjournal.us

# Reference: https://www.clearskysec.com/charmingkitten/
# Reference: https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf
# Reference: https://www.virustotal.com/gui/file/d4375a22c0f3fb36ab788c0a9d6e0479bd19f48349f6e192b10d83047a74c9d7/detection
# Reference: https://www.virustotal.com/gui/file/971c5b5396ee37827635badea90d26d395b08d17cbe9e8027dc87b120f8bc0a2/detection
# Reference: https://www.virustotal.com/gui/file/2c92da2721466bfbdaff7fedd9f3e8334b688a88ee54d7cab491e1a9df41258f/detection
# Reference: https://www.virustotal.com/gui/file/734d9639fcfffef1a3c360269ccc1cda4f1d0e9dc857fa438f945e807b022c21/detection
# Reference: https://www.virustotal.com/gui/file/6618051ea0c45d667c9d9594d676bc1f4adadd8cb30e0138489fee05ce91a9cb/detection
# Reference: https://www.virustotal.com/gui/file/a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279/detection
# Reference: https://www.virustotal.com/gui/file/2b9c941150206d38a635620f2129660628f9b08dd2f674013cacda39bde7ae56/detection

58.158.177.102:5050
85.17.172.180:5050
012mail-net-uwclogin.ml
8ghefkwdvbfdsg3asdf1.com
account-customerservice.com
account-dropbox.net
account-google.co
account-login.net
account-logins.com
account-log-user-verify-mail.com
account-permission-mail-user.com
account-servicerecovery.com
accountservice.support
accounts-googelmail.com
accounts-googelmails.com
account-signin-myaccount-users.ga
accounts-logins.net
accountsrecovery.ddns.net
accounts-service.support
accountsservice-support.com
account-support-user.com
accounts-yahoo.us
accountts-google.com
account-user.com
account-user-permission-account.com
account-users-mail.com
account-user-verify-mail.com
acounts-qooqie-con.ml
addons-mozilla.download
aipak.org
aiqac.org
aol-mail-account.com
apache-utility.com
app-documents.com
app-facebook.co
araamco.com
archive-center.com
asus-support.net
asus-update.com
berozkhodro.com
book-archivecenter.bid
books-archivecenter.bid
books-archivecenter.club
books-google.books-archivecenter.bid
books-view.com
bootstrap.serveftp.com
britishnews.com.co
britishnews.org
broadcastbritishnews.com
brookings-edu.in
change-mail-accounting-register-single.com
change-mail-account-nodes-permision.com
change-permission-mail-user-managment.com
change-user-account-mail-permission.com
codeconfirm-recovery.bid
codeconfirm-recovery.club
com-account-login.com
com-accountrecovery.bid
com-accountsecure-recovery.name
com-accountsrecovery.name
com-archivecenter.work
com-customeradduser.bid
com-customerservice.bid
com-customerservice.name
com-customerservices.name
com-customersuperuser.bid
com-download.ml
com-manage-accountuser.club
com-messagecenter.bid
com-messengerservice.bid
com-messengerservice.work
com-microsoftonline.club
com-mychannel.bid
com-orginal-links.ga
com-recoversessions.bid
com-recoveryadduser.bid
com-recovery.com
com-recoveryidentifier.bid
com-recoveryidentifier.name
com-recoveryidentifiers.bid
com-recoverymail.bid
com-recoverysecureuser.club
com-recoverysecureusers.club
com-recoveryservice.bid
com-recoveryservice.info
com-recoverysessions.bid
com-recoverysubusers.bid
com-recoverysuperuser.bid
com-recoverysuperuser.club
com-recoverysuperuser.name
com-recoverysuperusers.bid
com-recoverysupport.bid
com-recoverysupport.club
com-servicecustomer.bid
com-servicecustomer.name
com-service.gq
com-servicemail.bid
com-service.net
com-servicerecovery.bid
com-servicerecovery.club
com-servicerecovery.info
com-servicerecovery.name
com-servicescustomer.name
com-serviceslogin.com
com-showvideo.ga
com-showvideo.gq
com-statistics.com
com-stats.com
com-video.net
com-videoservice.work
com-viewchannel.club
crcperss.com
cvcreate.org
digitalqlobe.com
display-error-runtime.com
display-ganavaro-abrashimchi.com
docs-google.co
documents-supportsharing.bid
documents-supportsharing.club
documents.sytes.net
document-supportsharing.bid
doc-viewer.com
download-link.top
drive-login.cf
drive-permission-user-account.com
drive-useraccount-signin-mail.ga
drop-box.vip
dropebox.co
embraer.co
emiartas.com
error-exchange.com
eursaia.org
fanderfart22.xyz
fardenfart2017.xyz
fb-login.cf
gle-mail.com
gmail-recovery.ml
gmal.cf
goo-gle.bid
goog-le.bid
goo-gle.cloud
google-mail.com.co
google-mail-recovery.com
googlemails.co
goo-gle.mobi
google-profile.com
google-profiles.com
google-setting.com
google-verification.com
google-verify.com
google-verify.net
group-google.com
help-recovery.com
hot-mail.ml
id-bayan.com
iforget-memail-user-account.com
iranianuknews.com
ir-owa-accountservice.bid
k2intelliqence.com
line-en.me
login-account-mail.com
login-account.net
login-again.ml
login-required.ga
login.loginto.me
mail-account-register-recovery.com
mails-account-signin-users-permssion.com
mailssender.bid
mail-yahoo.com.co
market-account-login.net
mehrnews.info
messageservice.bid
messageservice.club
microsoft-hotfix.com
microsoft-update.bid
microsoft-upgrade.mobi
microsoft-utility.com
msoffice-update.com
myaccount-login.net
mychannel.ddns.net
my-healthequity.com
my-mailcoil.ml
myscreenname.bid
news-onlines.info
nex1music.ml
notification-accountrecovery.com
nsdrive-phone.online
nvidia-support.com
nvidia-update.com
officialswebsites.info
official-uploads.com
onedrive-signin.com
onlinedocument.bid
onlinedocuments.org
onlinedrie-account-permission-verify.com
onlineserver.myftp.biz
online-supportaccount.com
orginal-links.com
outlook-livecom.bid
owa-insss-org-ill-owa-authen.ml
picofile.xyz
policy-facebook.com
privacy-facebook.com
privacy-gmail.com
privacy-yahoomail.com
profile-facebook.co
profiles-facebook.com
profile-verification.com
qet-adobe.com
radio-m.cf
raykiel.net
recoverycodeconfirm.bid
recovery-customerservice.com
recovery-emailcustomer.com
recoverysuperuser.bid
register-multiplay.ml
sadashboard.com
saudiarabiadigitaldashboards.com
saudi-government.com
saudi-haj.com
screen-royall-in-corporate.com
screen-shotuser-trash-green.com
security-supportteams-mail-change.ga
sers-login.com
service-accountrecovery.com
service-broadcast.com
servicecustomer.bid
service-logins.net
servicemailbroadcast.bid
service-recoveryaccount.com
set-ymail-user-account-permission-challenge.com
shared-access.com
shared-login.com
shared-permission.com
shorturlbot.club
show-video.info
slmkhubi.ddns.net
smstagram.com
sprinqer.com
support-aasaam.bid
support-aasaam.com
support-accountsrecovery.com
support-google.co
support-recoverycustomers.com
supports-recoverycustomers.com
support-verify-account-user.com
tadawul.com.co
tai-tr.com
team-speak.cf
teamspeak-download.ml
team-speak.ga
team-speak.ml
teamspeaks.cf
telagram.cf
token-ep.com
uk-service.org
update-checker.net
update-driversonline.bid
update-driversonline.club
update-finder.com
update-microsoft.bid
updater-driversonline.club
update-system-driversonline.bid
uploader.sytes.net
upload-services.com
uri.cab
usersettings.cf
users-facebook.com
users-login.com
users-yahoomail.com
utopaisystems.net
verify-account.services
verify-accounts.info
verify-facebook.com
verify-gmail.tk
video-youtube.cf
w3sch00ls.hopto.org
w3school.hopto.org
w3schools.hopto.org
w3schools-html.com
watch-youtube.org.uk
webmaiil-tau-ac-il.ml
webmail-tidhar-co-il.ml
windows-update.systems
xn--googe-q2e.ml
yahoo-proflles.com
yahoo-verification.net
yahoo-verification.org
yahoo-verify.net
youetube.ga
yourl.bid
youttube.ga
youttube.gq
youtubbe.cf
youtubbe.ml
youtube-com.watch
youtubee-videos.com
youtuebe.co
youtuobe.com.co
youutube.cf
yurl.bid

# Reference: https://otx.alienvault.com/pulse/5c9bb407e5a06b014da016e3

account-profile-users.info
accounts-apple.com
account-servicemanagement.info
account-servieemanagement.info
accounts-manager.info
accounts-support.services
accounts-web-maii.com
accounts-web-mail.com
account-verifiy.net
activities-recovery-options.info
activities-servicesnotification.info
activity-confirmationservice.info
activity-session-recovery.info
aeroconf2014.org
aerospace2014.org
appleid.com.co
attacker-domain.com
broadcastnews.pro
com-accountidentifier.info
com-identifier-servicelog.info
com-identifier-servicelog.name
comidentifier-servicelog.name
com-identifier-servlcelog.name
com-mailbox.com
com-microsoftonline.club
com-myaccuants.com
com-privacy-help.info
com-sessionidentifier.info
com-useraccount.info
com-users.net
confirmation-recoveryoptions.info
confirmation-service.info
confirmation-users-service.info
confirmation-users-servlee.info
confirm-identity.info
confirm-session-identification.info
confirm-sessionidentification.info
confirm-session-identifier.info
continue-session-identifier.info
continue-sesslon-identifier.info
customer-certificate.com
customer-recovery.info
customers-activities.info
customers-manager.info
customers-services.info
customize-identity.info
documentofficupdate.info
documentsfilesharing.cloud
documentsharing.info
download-teamspeak.info
elitemaildelivery.info
email-deiivery.info
email-delivery.info
eom-microsoftonline.club
eom-useraccount.info
eustomers-activities.info
giitials.tk
googledomalns.com
identifier-activities.info
identifier-services-sessions.info
identify-user-session.info
intel-update.com
intelupdate.com
login-gov.info
message-serviceprovider.info
microsoft-update.bid
microsoft-upgrade.mobi
mobile-messengerplus.network
mobile-sessionid.customize-identity.info
mobiles-sessionid.customize-identity.info
myaccount-services.net
notification-accountservice.com
notification-accountservice.info
notificationapp.info
notification-manager.info
notification-managers.info
notifications-center.info
notification-signal-agnecy.info
notificatlon-signal-agnecy.info
o5vdb.org
outlook-livecom.bid
outlook-verify.net
packctstormsccurity.com
plugin-adobe.com
privacy-google.com
recognized-activity.info
recover-customers-service.info
recovery-session-change.info
recoveryusercustomer.info
serverbroadcast.info
service-accountrecoverv.com
service-recovery-session.info
service-session-confirm.info
service-session-continue.info
services-issue-notification.info
services-sessionconfirmation.info
session-mail-customers.info
session-management.info
session-manager.info
session-managment.info
session-recovery-options.info
sessions-identifiermemberemailid.network
sessions-notification.info
session-users-activities.com
session-verify-user.info
shop-sellwear.info
supportmailservice.info
support.services
support-servics.com
support-servics.net
terms-service-notification.info
terms-service-notlfication.info
update-microsoft.bid
user-activity-issues.info
useridentity-confirm.info
user-profile-credentials.com
users-facebook.com
users-issue-services.info
verification-live.com
verificationlive.com
verification-llve.com
verifiy-account.net
verifv-linkedin.net
verify-linke.com
verify-linkedin.net
verify-user-session.info
vvincicivj-c-ssenrjais.tk
webemail.info
xn--facebook-06k.com
xn--google-yri.com
yahoomail.com.co
yahoo-verification.net
yahoo-verification.org
yahoo-verify.net

# Reference: https://www.clearskysec.com/the-kittens-are-back-in-town/
# Reference: https://otx.alienvault.com/pulse/5d7e61f9aa517862e977cbad

acconut-verify.com
drive-accounts.com
exnovin.org
isis-online.net
islamicemojimaker.com
leslettrespersanes.net
niaconucil.org
seisolarpros.org
skynevvs.com
unrisd.com
w3-schools.org
# gnldp.live        # Note: regular trackers
# gnldr.club
# gnldr.live
# gnldr.website
# gnldrp.live
# sgnl.live
# sgnl.network
# sgnldp.live
# sgnldr.live

# Reference: https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2.pdf
# Reference: https://otx.alienvault.com/pulse/5d9b7a71f31df0e33eefab04

bahaius.info
bailment.org
com-activities.site
com-identifier.site
com-session.site
com-verifications.site
customers-activities.site
customers-recovery.site
customers-reminder.info
document-sharing.online
documentsfilesharing.cloud
gomyfiles.info
home-access.online
identifier-activities.info
identifier-activities.online
identity-verification-service.info
inbox-drive.info
inbox-sharif.info
magic-delivery.info
microsoftinternetsafety.net
mobile-messengerplus.network
mobilecontinue.network
notification-accountservice.com
recovery-services.info
recoverysuperuser.info
see-us.info
sessions-identifier-memberemailid.network
smarttradingfast.com
system-services.site
telagram.net
uploaddata.info
verification-services.info

# Reference: https://blog.certfa.com/posts/fake-interview-the-new-activity-of-charming-kitten/
# Reference: https://otx.alienvault.com/pulse/5e3acf325495b5e504f82abc

acconut-verify.com
accounts-drive.com
bahaius.info
cpanel-services.site
customers-activities.site
customers-service.ddns.net
drive-accounts.com
finance-usbnc.info
instagram-com.site
inztaqram.ga
isis-online.net
leslettrespersanes.net
malcolmrifkind.site
niaconucil.org
phonechallenges-submit.site
recovery-options.site
seisolarpros.org
service-activity-checkup.site
service-issues.site
skynevvs.com
software-updating-managers.site
system-services.site
two-step-checkup.site
unirsd.com
w3-schools.org
yah00.site

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/edit#
# Reference: https://otx.alienvault.com/pulse/5e6ff05783c525e779904d69

myconnect-support.com

# Reference: https://twitter.com/ClearskySec/status/1258432745891680256

com-recovery.site
com-sessions.site
customer-identifier.site
customer-reminder.info
customers-activity.site
identifier-services-session.site
mobile-airbnb.site
mobile-uber.site
newspedia.ddns.net
radiofarda.site
recovery-option.site
safe-solution.site
scribdinc.site
travel-airbnb.site

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/
# Reference: https://www.virustotal.com/gui/domain/kia-customerservice.ddns.net/detection
# Reference: https://www.virustotal.com/gui/domain/recovery-service.site/detection

document-share.info
kia-customerservice.ddns.net
login-users-account.site
manage-accounts.info
recovery-service.site
us2-mail-login-profile.site

# Reference: https://blogs.microsoft.com/on-the-issues/2020/10/28/cyberattacks-phosphorus-t20-munich-security-conference/
# Reference: https://otx.alienvault.com/pulse/5f99808638696999cf7b109c

de-ma.online
g20saudi.000webhostapp.com
ksat20.000webhostapp.com

# Reference: https://twitter.com/kyleehmke/status/1328374352602144770

check-panel-account.icu
cover-home-panel.xyz
it-service.men
student-rank-number.icu

# Reference: https://twitter.com/kyleehmke/status/1334170023968051200

cover-home-page.xyz

# Reference: https://twitter.com/kyleehmke/status/1339602993814102016

home-reload-page.xyz

# Reference: https://twitter.com/kyleehmke/status/1346154845221384194

check-panel-live.icu
check-reload-page.xyz
front-cover-panel.xyz
front-home-panel.xyz
office-live-activity.icu
page-home-reload.xyz

# Reference: https://blog.certfa.com/posts/charming-kitten-christmas-gift/
# Reference: https://otx.alienvault.com/pulse/5fff52390820519347e5f2d3

agentappservice.ddns.net
archiverepositories.xyz
basementofdarkness.ddns.net
benefitsredington.ddns.net
bulk-approach.site
challengechampions.ddns.net
com-254514785965.site
com-3654623478192.site
com-5464825879854.site
com-apk-6712qw123asd8awf7.site
com-archive.site
com-posts6712qw12387.site
confirm-identity.site
customer-session.site
deepthinkingroom.ddns.net
differentintegrated.ddns.net
dynamiceventmanager.ddns.net
enhanceservicchecke.hopto.org
heisonhisway.ddns.net
hello-planet.com
homedirections.ddns.net
homeinspections.ddns.net
identifier-service-verify.site
identifier-session-recovery.site
identity-session-recovery.site
lonelymanshadow.ddns.net
mail-newyorker.com
minimumservicechek.ddns.net
mobile-activity-session.site
mobile-check-activity.site
patchtheschool.ddns.net
planet-labs.site
profilechangeruser.ddns.net
randomworldcity.ddns.net
recover-identity.site
recover-session-service.site
recovery-customer-service.site
recovery-session-service.site
recovery-session.site
reset-account.com
schoolofculture.ddns.net
securelogicalrepository.com
service-recovery.site
service-session-recovery.site
service-support.site
service-verification.site
session-confirmation.site
session-customer-activity.site
uniquethinksession.ddns.net
verify-session-service.site
wearefirefighters.ddns.net

# Reference: https://twitter.com/jfslowik/status/1347905935654539267

dhs-us.org
csm-group.org
procurement-inl-gov.us
procurements-inl-gov.us
ukborderhomeoffice-gov.org

# Reference: https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential
# Reference: https://otx.alienvault.com/pulse/6065f293e16c3e4e72044475

1drv.casa
1drv.cyou
1drv.icu
1drv.live
1drv.online
1drv.surf
1drv.xyz

# Reference: https://twitter.com/ChicagoCyber/status/1391819499872137225

log-in-dropbox.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1423577884615081992
# Reference: https://mp.weixin.qq.com/s/oD1VQZBxgjL3rNeN72MJqg

jamaat-ul-islam.com
jamatapplication.com
jamaatforummah.com
jamaatforallah.com

# Reference: https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/

144.217.139.155:4444
54.38.49.6:21
0standavalue0.xyz
0storageatools0.xyz
0brandaeyes0.xyz

# Reference: https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage
# Reference: https://www.virustotal.com/gui/ip-address/91.214.124.143/relations
# Reference: https://www.virustotal.com/gui/file/ca4217b9d188cbe5fc6f4c7d5d696f93cc611dff1ffd323941f2a8b5e77284de/detection

http://162.55.136.233
http://162.55.137.20
169.51.60.221:1331
45.77.76.158:23643
onedriver-srv.ml
windows-driver.ml
google.onedriver-srv.ml
update.windows-driver.ml
/gadfTs55sghsSSS/phppost.php
/gadfTs55sghsSSS

# Reference: https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/
# Reference: https://otx.alienvault.com/pulse/620f76b08f1d06ea8646c0d3

microsoft-updateserver.cf
service-management.tk

# Reference: https://twitter.com/BaoshengbinCumt/status/1494478437960286208
# Reference: https://www.cisa.gov/uscert/sites/default/files/publications/aa22-320a_joint_csa_iranian_government-sponsored_apt_actors_compromise_federal%20network_deploy_crypto%20miner_credential_harvester.pdf

http://182.54.217.2
51.89.181.64:443
us‐nation‐ny.cf

# Reference: https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/

http://148.251.71.182
/ecp/auth/aspx_wkggiyvttmu.aspx
/aspx_wkggiyvttmu.aspx
/dhvqx.aspx

# Reference: https://twitter.com/ChicagoCyber/status/1562047469126656001
# Reference: https://www.shodan.io/host/173.209.51.54
# Reference: https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ (# HYPERSCRAPE)

http://136.243.108.14
http://173.209.51.54
173.209.51.54:5985

# Reference: https://twitter.com/IronNetTR/status/1562913025350303744
# Reference: https://twitter.com/IronNetTR/status/1562913027951042561
# Reference: https://twitter.com/IronNetTR/status/1562913029620203520
# Reference: https://www.shodan.io/host/136.243.108.10
# Reference: https://www.shodan.io/host/136.243.108.11
# Reference: https://www.shodan.io/host/136.243.108.12
# Reference: https://www.shodan.io/host/136.243.108.13
# Reference: https://www.shodan.io/host/136.243.108.14
# Reference: https://www.shodan.io/host/136.243.108.9
# Reference: https://www.shodan.io/host/78.47.90.60

http://136.243.108.10
http://136.243.108.11
http://136.243.108.12
http://136.243.108.13
http://136.243.108.14
http://136.243.108.9
http://159.69.105.181
http://195.201.46.42
http://78.47.90.60
136.243.108.10:10000
136.243.108.10:22
136.243.108.10:25
136.243.108.10:4040
136.243.108.10:443
136.243.108.10:465
136.243.108.10:587
136.243.108.10:993
136.243.108.10:995
136.243.108.11:10000
136.243.108.11:22
136.243.108.11:25
136.243.108.11:4040
136.243.108.11:443
136.243.108.11:465
136.243.108.11:587
136.243.108.11:993
136.243.108.11:995
136.243.108.12:10000
136.243.108.12:22
136.243.108.12:25
136.243.108.12:4040
136.243.108.12:443
136.243.108.12:465
136.243.108.12:587
136.243.108.12:993
136.243.108.12:995
136.243.108.13:10000
136.243.108.13:22
136.243.108.13:25
136.243.108.13:4040
136.243.108.13:443
136.243.108.13:465
136.243.108.13:587
136.243.108.13:993
136.243.108.13:995
136.243.108.14:10000
136.243.108.14:22
136.243.108.14:25
136.243.108.14:4040
136.243.108.14:443
136.243.108.14:465
136.243.108.14:587
136.243.108.14:993
136.243.108.14:995
136.243.108.9:10000
136.243.108.9:22
136.243.108.9:25
136.243.108.9:4040
136.243.108.9:443
136.243.108.9:465
136.243.108.9:587
136.243.108.9:993
136.243.108.9:995
159.69.105.181:2082
159.69.105.181:2083
159.69.105.181:2086
159.69.105.181:2087
159.69.105.181:21
159.69.105.181:22
159.69.105.181:443
159.69.105.181:53
195.201.46.42:10000
195.201.46.42:22
195.201.46.42:25
195.201.46.42:443
195.201.46.42:465
195.201.46.42:587
195.201.46.42:993
195.201.46.42:995
78.47.90.60:10000
78.47.90.60:110
78.47.90.60:143
78.47.90.60:2082
78.47.90.60:2083
78.47.90.60:2086
78.47.90.60:2087
78.47.90.60:21
78.47.90.60:25
78.47.90.60:443
78.47.90.60:465
78.47.90.60:53
78.47.90.60:587
78.47.90.60:993
78.47.90.60:995

# Reference: https://research.checkpoint.com/2022/check-point-research-exposes-an-iranian-phishing-campaign-targeting-former-israeli-foreign-minister-former-us-ambassador-idf-general-and-defense-industry-executives/

litby.us

# Reference: https://twitter.com/LukasStefanko/status/1569258418283905026
# Reference: https://www.mandiant.com/media/17826 (# apt42, crookedcharms)
# Reference: https://www.virustotal.com/gui/file/5d3ff202f20af915863eee45916412a271bae1ea3a0e20988309c16723ce4da5/detection
# Reference: https://www.virustotal.com/gui/file/c2c1d804aeed1913f858df48bf89a58b1f9819d7276a70b50785cf91c9d34083/detection
# Reference: https://www.virustotal.com/gui/file/a8c062846411d3fb8ceb0b2fe34389c4910a4887cd39552d30e6a03a02f4cc78/detection
# Reference: https://www.virustotal.com/gui/file/90e5fa3f382c5b15a85484c17c15338a6c8dbc2b0ca4fb73c521892bd853f226/detection

137.184.212.205:4373
51.38.87.253:3535
cdsa.xyz
developer-app.xyz
hardship-management.com
office-updates.info

# Reference: https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations

acconut-signin.com
account-signin.com
accounts-mails.com
accredit-validity.online
accurate-sprout-porpoise.glitch.me
admin-stable-right.top
admiscion.online
admit-roar-frame.top
advission.online
affect-fist-ton.online
aspenlnstitute.org
avid-striking-eagerness.online
azadlliq.info 
beaviews.online
besvision.top
bloom-flatter-affably.top
bq-ledmagic.online
briview.online
businesslnsider.org 
check-online-panel.live
check-pabnel-status.live
check-panel-status.live
check-short-panel.live
confirmation-process.top
connection-view.online
continue-recognized.online
coordinate.icu
cvisiion.online
d75.site
daemon-mailer.info
dloffice.buzz
dloffice.top
ecomonist.org
email-daemon.biz
email-daemon.biz.tinurls.com
email-daemon.online
email-daemon.online.tinurls.com
email-daemon.site
endorsement-services.online
eocnomist.com
foreiqnaffairs.com 
foreiqnaffairs.org
forieqnaffairs.com
fortune-retire-home.top
g-online.org
geaviews.site
glory-uplift-vouch.online
go-conversation.lol
go-forward.quest
gview.site
identifier-direction.site
indication-service.online
israelhayum.com
join-paneling.online
jpost.press 
jpostpress.com 
khaleejtimes.org 
khalejtimes.org 
last-check-leave.buzz
live-project-online.live
live-projects-online.top
loriginal.online
m85.online
maariv.net 
mailer-daemon.info
mailer-daemon.us
mccainlnstitute.org
mterview.site
myaccount-signin.com
nterview.site
online-access.live
panel-check-short.live
panel-live-check.online
panel-short-check.live
panel-view-short.online
panel-view.live
panel-view.online
panel-views-cheking.live
panelchecking.live
paneling-viewing.live
panels-views-ckeck.live
quomodocunquize.site
recognize-validation.online
reconsider.site
revive-project-live.online
s20.site
s51.online
s59.site
short-url.live
short-view.online
shortenurl.online
shorting-ce.live
shortingurling.live
shortlinkview.live
shortulonline.live
shoting-urls.live
signin-acconut.com
signin-accounts.com
signin-mail.com
signin-mails.com
signin-myaccounts.com
simple-process-static.top
status-short.live
stellar-roar-right.buzz
support-account.xyz
sweet-pinnacle-readily.online
tcvision.online
themedealine.org 
timesfisrael.com
title-flow-store.online
tnt200.mywire.org
twision.top
vanityfaire.org
verify-person-entry.top
view-cope-flow.online
view-panel.live
view-pool-cope.online
view-total-step.online
viewstand.online
viewtop.online
virtue-regular-ready.online
washinqtonpost.press 
we-transfer.shop
ynetnews.press 
youronlineregister.com
youtransfer.live

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-22-v10179/172

dnx.capital
sharedrive.ink
washingtonlnstitute.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-30-v10185/185
# Reference: https://twitter.com/ThreatBookLabs/status/1613825659582959617

cutly.biz
mailer-daemon.live
mailer-daemon.me
mailer-daemon.net
mailer-daemon.online
mailer-daemon.org
tinyurl.ink

# Reference: https://www.recordedfuture.com/suspected-iran-nexus-tag-56-uses-uae-forum-lure-for-credential-theft-against-us-think-tank
# Reference: https://otx.alienvault.com/pulse/638e5648107623c3429e8c21

continuetogo.me
mailer-daemon-message.co

# Reference: https://twitter.com/ET_Labs/status/1629278117071147008

compact-miracle-abounds.top
funeral-engineering-expression.top
node-dashboard.site
node-panel.site
stellar-stable-faith.top

# Reference: https://www.secureworks.com/blog/cobalt-illusion-masquerades-as-atlantic-council-employee

bonny-marvels-authentic.top
live-redirect-system.top
progress-captivate-amply.top
review-status-plan.online
sincerely-sensation-outdo.top

# Reference: https://twitter.com/k3yp0d/status/1650513653802708996
# Reference: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation

azadijobs.me
beparas.com
bilal1com.com
damavand-hr.me
damkahill.com
darakeh.me
dream-jobs.org
dream-jobs.vip
dreamy-job.com
dreamy-jobs.com
dreamycareer.com
golanjobs.me
hat-cast.com
irnjobs.me
joinoptimahr.com
jomehjob.com
kandovani.org
opthrltd.me
optima-hr.com
optimac-hr.com
optimax-hr.com
parasil.me
radabala.com
rostam-hr.vip
salamjobs.me
shirazicom.com
syrtime.me
titanium-hr.com
topiranjobs.me
topwor4u.com
trnjobs.me
vipjobsglobal.com
wazayif-halima.com
wazayif-halima.org
wehatcast.com
youna101.me
younamesh.com

# Reference: https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/

deersharpfork.info
subinfralab.info
blackturtle.hopto.org

# Reference: https://businessinsights.bitdefender.com/unpacking-bellaciao-a-closer-look-at-irans-latest-malware
# Reference: https://otx.alienvault.com/pulse/64499283c56cf14e277f9063

mail-updateservice.info
maill-support.com
mailupdate.com
mailupdate.info
msn-center.uk
msn-service.co
twittsupport.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware
# Reference: https://www.virustotal.com/gui/ip-address/144.217.129.176/relations

checkup.webredirect.org
filemanager.theworkpc.com
fuschia-rhinestone.cleverapps.io
library-store.camdvr.org

# Reference: https://twitter.com/blackorbird/status/1690994786415874048
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/Charming%20Kitten/2023-08-10-cyber-brief-no-01-2023.pdf

beape.live
beasze.live
beeasaze.top
check-control-panel.live
check-reload-page.live
direct-view-check.live
direct-view-panel.xyz
ksview.top
load-panel.online
panel-review-check.live
view-direct-panel.live
view-direct-panel.xyz
view-home-panel.xyz

# Reference: https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/

http://37.120.222.168

# Reference: https://app.validin.com/axon?find=58.158.177.102&type=ip

canvas-life.me
flash-adobe.org
lgupluscdn.com
manage-tech.club
channel-shop.manage-tech.club
helper.canvas-life.me

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-12-04-v10478/1178

igsecurity.email
metaemailsecurity.com
metaemailsecurity.net
metahelpservice.net
metasecurityemail.org
metasupportmail.co
metasupportmail.com
xn–metaspport-v43e.com

# Reference: https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/
# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-01-17-v10508/1292

cloud-document-edit.onrender.com
coral-polydactyl-dragonfruit.glitch.me
east-healthy-dress.glitch.me
epibvgvoszemkwjnplyc.supabase.co
kwhfibejjyxregxmnpcs.supabase.co
ndrrftqrlblfecpupppp.supabase.co

# Reference: https://twitter.com/MsftSecIntel/status/1747666342897963362
# Reference: https://twitter.com/G60930953/status/1747821766074863690
# Reference: https://www.virustotal.com/gui/file/e0ba0cedd8a8624c75af29965e5fa7ab754fc0fcddbb330bb548dab4f2be333f/detection

prism-west-candy.glitch.me

# Reference: https://twitter.com/billyleonard/status/1757556382176313624
# Reference: https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/
# Reference: https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf
# Reference: https://github.com/google/threat-team/blob/main/2024/2024-02-14-tool-of-first-resort-israel-hamas-war-cyber/indicators.csv

bitly.org.il
businessservicesinc.net
cyberflood.io
daemon-mailer.co
fbmro.com
gamerocker.net
glorynewstoday.com
ifstate.page.link
isra-help.org
jennifercanti.com
kathleenhumphreystore.com
latest-tools.store
mailer-daemon.co
mailerdaemon.online
morecoreservises.com
myprofileface.page.link
ncgrassfed.com
pasmoiapp.com
ppmataro.com
shebacenter.online
shebacenter.org
solofansapp.page.link
stromectolonline.com

# Reference: https://twitter.com/k3yp0d/status/1764938541203612004
# Reference: https://twitter.com/k3yp0d/status/1764940785345089940
# Reference: https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/
# Reference: https://www.virustotal.com/gui/file/3226b3e7d7fdaebfe7d7f06bdaf0cad08ea9792cd32843d01e6023f67cd0c889/detection
# Reference: https://www.virustotal.com/gui/file/0e51029ba28243b0a6a071713c17357a8eb024aa4298d1ccc9e2c4ac8916df4d/detection

drive-file-share.site
worried-eastern-salto.glitch.me

# Reference: https://www.validin.com/blog/expanding-apt42-intelligence-with-validin/

3dauth.live
account-drive.com
account-siqnin.com
accredit-validity.ddns.net
accredit.network
africanblackwidow.ddns.net
atlanticconucil.org
atlanticcuoncil.com
businessinssider.org
centrallibrary.info
clarification.network
conferencecall.live
confirm-direction.ddns.net
confirm-integrity.ddns.net
confirm-validation.ddns.net
confirm-validation.mywire.org
confirm-validity.hopto.org
confirm-verify.servepics.com
confirmation-verify.hopto.org
continue-recognized.ddns.net
continue-recognized.hopto.org
digitalpufferfish.ddns.net
direction-check.online
direction-session-verify.site
direction-veracity.ddns.net
drive-acconut.com
drive-acconuts.com
drive-account.com
eatonthehotground.ddns.net
elated-supportive-exultation.top
flowerskindergarten.ddns.net
gatestonelnstitute.org
identifier-direct.ddns.net
identifier-service.ddns.net
identifier-verify.ddns.net
identity-session.ddns.net
jubilatesee.site
meeting-share.online
modification-check.online
modification-verify.ddns.net
oceanofinformation.ddns.net
ourredbucket.ddns.net
panel-status-join.live
paneling-check-live.live
paneling-cheking-df.live
permission-data.online
pnael-checking.live
products-services.network
recognize-validation.theworkpc.com
responsiblestatcraft.org
review-session.hopto.org
safeshortl.ink
schoolofpinkmice.ddns.net
session-review.hopto.org
short-modification.site
short-urling.live
shorting-urling.live
shortoni.live
shorturling.live
strainitiatives.ddns.net
thefireisburnt.ddns.net
validation-confirm.ddns.net
validity-accredit.ddns.net
verify-corroborate.ddns.net
web-getdata.site

https://community.emergingthreats.net/t/ruleset-update-summary-2024-05-06-v10590/1615

decorous-super-blender.glitch.me
wulpfsrqupnuqorhexiw.supabase.co

# Reference: https://twitter.com/k3yp0d/status/1572561485376950274
# Reference: https://www.mandiant.com/media/17826
# Reference: https://www.virustotal.com/gui/file/2be8c9591d9aab6d81e4dd4a7e04371c7b1577404fa9ead11372251afcd13059/detection

technical-updates.info

# Reference: https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/
# Reference: https://app.validin.com/detail?find=135.181.203.1&type=ip4&ref_id=7bb26af05d1#tab=resolutions
# Reference: https://app.validin.com/detail?find=212.162.152.151&type=ip4&ref_id=ea7526bb584#tab=resolutions
# Reference: https://app.validin.com/detail?find=38.180.121.133&type=ip4&ref_id=f79dde040dd#tab=resolutions
# Reference: https://app.validin.com/detail?find=66.151.40.83&type=ip4&ref_id=45cc7c174db#tab=resolutions
# Reference: https://app.validin.com/detail?find=66.151.40.84&type=ip4&ref_id=d413894d497#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/f83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060/detection
# Reference: https://www.virustotal.com/gui/file/f1819b6aed24b81e6432a6d738206a388c266f72dbde4a8f4a4b9b6e3c55e609/detection
# Reference: https://www.virustotal.com/gui/file/89c1d1b61d7f863f8a651726e29f2ae3de7958f36b49a756069021817947d06c/detection
# Reference: https://www.virustotal.com/gui/file/0180f4f29c550aa1ffaa21af51711b29de99fb1d7c932d008a0e9356ae8a7d60/detection

http://91.107.150.184
accredit-navigation.online
accredit.validity.werifcattion.info
app-engage-station.help
boundary.cfd
brookings.email
cdn-workspacestudio.redirectme.net
check-fa-pane.live
checking-paneling.live
click-choose-figured.cfd
click-manage-room.cfd
complete-telecom-operation.top
confirrnation.info
continueworkflow.onthewifi.com
correction.verify.rsession.site
duuuumpy.click
dynamicroute.serveirc.com
essential-guide.serveirc.com
essentialeditor.serveirc.com
expandprocess.serveblog.net
filecloudmanager.site
flow-exulltation-uplift.top
green-light.bond
happened.fun
host-bulk-stack.cfd
house-server-digital.xyz
interconnected-equipment-buildings.buzz
make-host-solution.buzz
makeit.lat
meetroomonlin1925.w3spaces.com
modification-control.online
nail-forward-valid.lol
overviewstatus.redirectme.net
panel-check-live.live
panel-status-joining.live
paneling-checke.live
program-indipendent-system.buzz
re-brandly.store
real-vision.redirectme.net
recognize.site
rectification.info
recursivedns.site
rendercomponents.site
request-human-received.xyz
review-continue-entered.cfd
review.validation.recognize.site
rsession.site
s3api.shop
s4api.shop
sharedrive.webredirect.org
shooort.site
shooourt.click
shoring-live.live
short-ion-per.live
short-jg934hw.live
short-rigf.live
smaaaal.cfd
submissiveness.online
taskprocess.viewdns.net
teams.webredirect.org
umberella.icu
understandingthewar.org
validation.recognize.site
validity.werifcattion.info
verify.rsession.site
visioneditor.loseyourip.com
webdirecthost.site
werifcattion.info
wysebeyond.gotdns.ch
youtransfer.online
/Gallery/Ref/FSaEM5gG
/Gcollection/Ref/CkliPwaM
/Ref/CkliPwaM
/CkliPwaM
/Lcollection/Ref/F53OQQkE
/Ref/F53OQQkE
/F53OQQkE
/aliasauthG/autoref/vNSX6c2m
/autoref/vNSX6c2m
/vNSX6c2m

# Reference: https://x.com/RecordedFuture/status/1825867926043312398
# Reference: https://go.recordedfuture.com/hubfs/reports/cta-ir-2024-0820.pdf

activeeditor.info
admin.cheap-case.site
api.cheap-case.site
api.overall-continuing.site
app.cheap-case.site
backend.cheap-case.site
callfeedback.duia.ro
carservices.dns-dynamic.net
chatsynctransfer.info
cheap-case.site
cloudarchive.info
cloudregionpages.info
cloudtools.duia.eu
coldwarehexahash.dns-dynamic.net
configtools.linkpc.net
contentpreview.redirectme.net
continue.duia.eu
continueresource.forumz.info
currentpageeditor.dns-dynamic.net
demo.cheap-case.site
destinationzone.duia.eu
dev.cheap-case.site
directfileinternal.info
doceditor.duckdns.org
documentcloudeditor.ddnsgeek.com
dynamicrender.line.pm
dynamictranslator.ddnsgeek.com
editioncloudfiles.dns-dynamic.net
entryconfirmation.duckdns.org
fileeditiontools.linkpc.net
filereader.dns-dynamic.net
finaledition.redirectme.net
highlightsreview.line.pm
hugmefirstddd.ddns.net
icegelato.ddns.net
icenotebook.ddns.net
itemselectionmode.info
joincloud.duckdns.org
joincloud.mypi.co
lineeditor.001www.com
lineeditor.32-b.it
lineeditor.mypi.co
linereview.duia.eu
longlivefreedom.ddns.net
messagepending.info
minascs.ddns.net
mobiletoolssdk.dns-dynamic.net
nextbox.line.pm
nextcloud.duia.us
nextcloudzone.dns-dynamic.net
onetimestorage.info
onlinecalendar.ddnsgeek.com
onlinecloudzone.info
onlinereader.linkpc.net
overall-continuing.site
overflow.duia.eu
pagerender.duckdns.org
pagerendercloud.linkpc.net
pageviewer.linkpc.net
personalcloudparent.info
personalstoragebox.linkpc.net
personalwebview.info
pkglessplans.xyz
preparingdestination.fixip.org
proceeddestination.dns-dynamic.net
projectdrivevirtualcloud.co.uk
readquickarticle.dns-dynamic.net
realcloud.info
realpage.redirectme.net
researchdocument.info
reviewedition.duia.eu
rozetka.dyndns.org
s1vega.dyndns.org
searchstatistics.duckdns.org
selfpackage.info
servicesfiledrop.theworkpc.com
sharestoredocs.theworkpc.com
smartview.dns-dynamic.net
softservicetel.ddns.net
sourceusedirection.mypi.co
splitviewer.linkpc.net
storageprovider.duia.eu
streaml23.duia.eu
synctimezone.dns-dynamic.net
termsstatement.duckdns.org
testecs48.ddns.net
thisismyapp.accesscam.org
thisismydomain.chickenkiller.com
timelinepage.dns-dynamic.net
timezone-update.duckdns.org
towerreseller.dns-dynamic.net
tracedestination.duia.eu
translatorupdater.dns-dynamic.net
uptime-timezone.dns-dynamic.net
uptimezonemetadta.run.place
vector.kozow.com
vegas777.dyndns.org
viewdestination.vpndns.net
webviewerpage.info
worldstate.duia.us

# Reference: https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering
# Reference: https://app.validin.com/detail?find=6d7b0b16f0cbad033ee08e6b414f02fd&type=hash&ref_id=015842d48f4#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/ip-address/54.39.143.120/relations

deepspaceocean.info
pinnaclegen.com
hoticecream.ddns.net
pencilbrush.ddns.net

# Reference: https://www.virustotal.com/gui/file/c67cd544a112cab1bb75b3c44df4caf2045ef0af51de9ece11261d6c504add32/detection

http://190.2.150.50
190.2.150.50:443

# Reference: https://x.com/k3yp0d/status/1828699405056180664
# Reference: https://www.virustotal.com/gui/ip-address/38.180.111.244/relations
# Reference: https://app.validin.com/detail?find=38.180.111.244&type=ip4&ref_id=86db3c91efa#tab=resolutions

cspvpn.duckdns.org
em-payments-bot.duckdns.org
empaymentsbot.duckdns.org
vpncsp.duckdns.org

# Reference: https://app.validin.com/detail?find=38.180.111.246&type=ip4&ref_id=c6b5b76ecdb#tab=resolutions

zedisdead.duckdns.org

# Reference: https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/

autoupdate.uk
mail-update.info
servicepackupdate.info
systemupdate.info
servicesupdate.info
servicechecker.top
ns2.servicechecker.top
freeheadlines.top
ns2.freeheadlines.top

# Reference: https://x.com/blackorbird/status/1840667306583572653
# Reference: https://www.ic3.gov/Media/News/2024/240927.pdf
# Reference: https://www.resecurity.com/blog/article/iranian-cyber-actors-irgc-targeting-the-2024-us-presidential-election

3dconfirrnation.com
accesscheckout.online
accessverification.online
accunt-loqin.ml
accurateprivacy.online
atlantic-council.com
boom-boom.ga
bytli.us
continue-to-your-account.000webhostapp.com
covi19questionaire.000webhostapp.com
covid19questionnaire.freesite.vip
css-ethz.ch
cutly.vip
daemon-mailer.com
direct-access.info
discovery-protocol.ml
docfileview.org
doctransfer.online
dr-sup.live
email-protection.online
file-access.com
filetransfer.club
freahman.online
freshconnect.live
gdrive-files.com
gettogether.quest
gl-sup.online
gm-sup.com
idccovid19questionaire.000webhostapp.com
ipsss.000webhostapp.com
linkauthenticator.online
lovetoflight.com
lst-accurate.com
ltf.world
mailer-daemon.site
mailer-support.online
mailerdaemon.info
mfa-ic.ae
mofa-ic.ae
private-file-sharing.000webhostapp.com
qmaiil.ml
reactivate-disabled-accuonts.000webhostapp.com
redirect-drive.online
shared-files-access.live
sharefilesonline.live
summit-files.com
tinyurl.co.il
tinyurl.live
uani.us
verificationservice.online
workstation2020.000webhostapp.com
www-myaccounts-support.000webhostapp.com

# Reference: https://x.com/k3yp0d/status/1840762048826728893
# Reference: https://app.validin.com/detail?type=ip&find=38.180.91.211#tab=resolutions
# Reference: https://www.gov.il/BlobFolder/reports/alert_1803/he/ALERT-CERT-IL-W-1803.pdf

cloudviewer.site
directpathfellow.zapto.org
formcloud.redirectme.net
launchmeetprofile.servehttp.com

# Reference: https://app.validin.com/detail?find=38.180.91.195&type=ip4&ref_id=96da503d30d#tab=resolutions

cloudcomputing.webredirect.org
matchtomeet.ddns.net
mycloudhosting.redirectme.net
zoomcloud.redirectme.net

# Reference: https://app.validin.com/detail?find=38.180.91.193&type=ip4&ref_id=96da503d30d#tab=resolutions

navigationtools.site
flashpointfarm.gotdns.ch
main-packages.strangled.net

# Reference: https://app.validin.com/detail?find=38.180.91.206&type=ip4&ref_id=96da503d30d#tab=resolutions

entrydirect.ddns.net

# Reference: https://app.validin.com/detail?find=38.180.91.175&type=ip4&ref_id=96da503d30d#tab=resolutions

sublimetxtcontent.serveblog.net
virtual-notes.gotdns.ch
workspaceconsole.servehttp.com

# Reference: https://app.validin.com/detail?find=38.180.91.195&type=ip4&ref_id=96da503d30d#tab=resolutions

cloudcomputing.webredirect.org
matchtomeet.ddns.net
mycloudhosting.redirectme.net
zoomcloud.redirectme.net

# Reference: https://app.validin.com/detail?find=38.180.91.193&type=ip4&ref_id=96da503d30d#tab=resolutions

navigationtools.site
flashpointfarm.gotdns.ch
main-packages.strangled.net

# Reference: https://app.validin.com/detail?find=38.180.91.190&type=ip4&ref_id=96da503d30d#tab=resolutions

pagerenderstatus.info
destinationreferrer.serveirc.com
essential-overview.sytes.net
featurespace.ooguy.com
featurespace.serveblog.net
usabilitystatus.servehttp.com

# Reference: https://app.validin.com/detail?find=38.180.91.184&type=ip4&ref_id=96da503d30d#tab=resolutions

realcdnworker.site
hardbookshelf.ooguy.com
myselfdatahistory.serveirc.com
